Announcing the ISO 9001:2015 Revised Standard

George Hummel, Co-Founder of IQC and a voting member of the US TAG to ISO/TC 176, has been intimately involved in drafting and revising the new version of ISO 9001.  In the following article he explains the specifics behind why, what, when and how you can prepare. 

 WHY THE CHANGE?

The Standard must retain relevance for the market.  The Standard was amended in 2008 and revisions are required on a loosely maintained 5-year cycle.  Revisions began two years ago with a Design Standard provided by the ISO General Secretariat.  This design document was the result of market/user surveys. Furthermore, ISO now requires that all Management System Standards have the same format.

The requirement is for all standards to be integrated with common language for areas touched by all (for example, document control).  In the future, organizations can begin with the common core and implement specific management requirements depending on the system they are implementing.

ISO is seeking a consistent foundation for the next 15 to 20 years.  In the 2000 ISO version, process management for the QMS was introduced.  Organizations should be familiar with that approach.  Now it will be a requirement.  This may be difficult for some auditors since a checklist will no longer be allowed!  ISO 9001 must also take into account the advances in quality management made over the last two decades.  ISO 9001, with its emphasis on effectiveness and standardization, should be a solid base for efficiency models such as Lean and Lean Six Sigma.

Over the past two decades, there has been increased adoption of ISO 9001 by a variety of different organizations and sectors. The Standard must be relevant and useful to all industries.  Since its first publication in 1987, the language has evolved from predominantly manufacturing to generic wording.

There are an increased number of service organizations implementing ISO 9001.  The service sector now accounts for 43% of certifications.  This includes public bodies as well as office environments.

There is also an increased complexity of business environments; including virtual offices.

Many of the sector-specific management systems, such as AS9100, are going to use the 2015 revision as the launching pad for their revisions.  (However, the automotive industry with ISO/TS 16949, is saying that the new version is driving them away.  At this point, it is unknown what standards they will be using.) UPDATE: ISO/TS 16949 will change to the new revision of ISO 9001

PLEASE NOTE:  The DIS is available for public use.  ASQ is making it available for purchase.  Please realize, the DIS may change between now and the FDIS. 

IQC will inform you of revisions and the eventual implementation program.  Subsequent training will be provided.

The “organization” of international standards & management standards:

As of 2012, all new management standards and all revisions are required to conform to a common framework commonly called “Annex SL.”  Specifically, Appendix 3 of ISO/IEC Directives, Part 1, Annex SL.  Three standards have been published using the common framework: ISO 22000, 20001, 50001.  Current revisions beside 9001 are 14001 (The US TAGs for both have been coordinating) and 27001.

WHAT’S CHANGING?

ISO 9001:2008

  1. Introduction

  2. Scope

  3. Normative references

  4. Terms & definitions

  5. Quality management system

  6. Management responsibility

  7. Resource management

  8. Product realization

  9. Measurement, analysis and improvement

ISO 9001:2015

  1. Introduction

  2. Scope

  3. Normative references

  4. Terms & definitions

  5. Context of the organization

  6. Leadership

  7. Planning

  8. Support

  9. Operation

  10. Performance evaluation

  11.  Improvement

Key changes:

  1. Emphasis on risk mitigation in designing a management system.  Thus, no specific clause for Preventive Action.  The whole management system should mitigate risk through prevention.

  2. Increased emphasis on increasing value for the organization and its customers.

  3. “Documented information” while expanding the concept of documentation, decreases its emphasis and replaces Control of documents and records.

  4. “Organizational context” addresses responsiveness to the environment of the organization.

  5. “Outsourcing” is now “External provision.”

  6. There are enhanced leadership requirements.

  7. There is no longer a requirement for a Management Representative.

  8. There is no longer a requirement for a Quality Manual

High Level Structure and New Clause Numbers:

1.  Scope
2.  Normative references
3.  Terms & definitions
4.  Context of the organization
      1) Understanding the organization & its context
      2) Needs & expectations
      3)  Scope
      4)  Management system    

5.  Leadership
      1)  Management commitment
      2)  Policy
      3)  Roles, responsibility, authority    

6.  Planning
      1)  Actions to address risks & opportunities
      2)  Objectives & plans to achieve them

7.  Support
      1) Resources
      2) Competence
      3)  Awareness
      4)  Communications
      5)  Documented information   

8. Operation
     1)  Operational planning & control    

9.  Performance evaluation
      1)  Monitoring, measurement, analysis & evaluation
      2)  Internal audit
      3)  Management review    

10.  Improvement
       1)  Nonconformity & corrective action
       2)  Continual Improvement

Clause 4:

4.1       Understanding the organization & its context

You must determine the external and internal issues relevant to your organization’s purpose and those that affect its ability to achieve intended outcomes.

4.2       Understanding the needs & expectations of interested parties

You must identify interested parties, their relevance to your management system and their requirements.

Some you should consider:

  • Direct customers

  • Internal customers

  • Industry groups

  • Trading partners

  • End users

  • Suppliers, distributors, retailers and the complete supply chain

  • Regulators, standards, codes of practice, industry standards; corporate governance

  • Any other relevant interested parties

4.4       Quality Management System (QMS)

You must establish, implement, maintain and improve your QMS.  This includes the processes needed and their interactions while meeting the requirements of the International Standard.  Subsequently, the “process approach” is now a requirement and is embedded in all management standards.

5.1       Leadership

Top management must demonstrate leadership and commitment within the QMS by:

  • Ensuring the integration of all QMS requirements into all business processes;

  • Promote awareness of the “process approach;”

  • Supporting other relevant management in their demonstration of leadership as it applies to their areas of responsibility.

Thus, Top Management must demonstrate leadership and commitment with regard to customer focus.

6.1       Actions to address risks and opportunities

When planning your QMS, you have to consider 4.1 and its requirements and 4.2.  Determine the risks and opportunities that need to be addressed in order to:

  • Assure that the QMS can achieve its intended outcomes

  • Prevent or reduce undesired effects

  • Achieve improvement

Then you have to plan:

  • Actions to address these risks and opportunities

  • How to:
    a)  Integrate and implement the actions into your QMS processes
    b)  Evaluate the effectiveness of these actions

7.1       Resources

You need to determine and provide resources needed for the QMS.  These MAY include:

8.1.2        – Infrastructure
8.1.3        – Process environment
8.1.4        – Monitoring
8.1.5        – Knowledge

8.1       Operational planning and control

You must plan, implement and control processes needed to meet requirements and to implement the actions listed for 6.1.  This is accomplished by:

  • Establishing criteria for these processes

  • Implementing control of the processes per the criteria

  • Recording sufficient documented information to provide evidence that the processes have been operated as planned.  If there are adverse effects, you must take action to mitigate them.

This includes “outsourced processes” as now defined as external providers, as addressed in 8.4

9          Performance Evaluation

These clauses are generally the same as the 2008 version:

9.1       Monitoring, measurement, analysis and evaluation
9.2       Internal audit
9.3       Management review


10        Improvement
            10.1 
Nonconformity and corrective action


            10.2  Improvement
            Terminology – changes & concepts

  1. “Product” is now “goods and services”

  2. Clause 4.4.2 specifically states the Process Approach as a requirement

  3. “Risk” is defined as the “effect of uncertainty” (see ISO 31000)

  4. “Design & development” is “Development”

  5. Monitoring & measurement are now defined separately:
       a)  Monitoring: status of a system, a process or an activity
       b)  Measurement: process to determine a value

  6. Terms include "media information"

 WHEN ARE THESE CHANGES TAKING PLACE?

August, 2014              –Ballot on DIS passed
July, 2015                   –Publication of the FDIS
September, 2015        –Ballot on the International Standard
December, 2015         –Publication of the International Standard
January, 2016             –Organizations can begin implementation
2018                            –Completion of implementation period.

(As of now, the IAF and ANAB have not published requirements for Certification Bodies other than ISO 17021.)

HOW CAN YOU PREPARE NOW?

Learn about the revisions as the process progresses

  1. Learn about the revisions as the process progresses

  2. Start to evaluate the impact on your organization

  3. State planning your revision

  4. Conduct a Gap Analysis between current system to ISO 9001:2015

  5. Attend one of the ISO 9001:2015 ½ day Overviews, facilitated by George Hummel.

George Hummel is the Certification Manager for Global Certification-USA.  As a member of the US TAG to TC 176, he is on the US’ ISO 9001 Validation Team and the Interpretations Team.  He can be reached at ghummel@globalcert-usa.com.