What is ISO 9001 Quality Management Systems?
ISO 9001, is the most widely used management standard in the world. More than a million organizations in 170 countries around the world have adopted this standard to manage their business in The ISO Way and continually improve their performance using the Principle and requirements.
Why the changes are made in ISO 9001 standard?
Every five years ISO amends, and makes changes of the standard to keep pace with the changing world and meet business needs of the organizations. The latest version ISO 9001:2015 has reached the Final Draft International Stage (FDIS), the fifth stage of a six stage development process and is expected by September 2015.
What are the major changes in ISO 9001 standard in 2015?
Several changes have been brought in the FDIS version of the ISO 9001:2015 standard.
Few of the major changes are as follows:
1. Content of FDIS ISO 9001:2015 standard
FDIS ISO 9001:2015 International Standard has adopted the “high-level structure” (i.e. clause sequence, common text and common terminology) developed by ISO to improve alignment among its International Standards for management systems.
- Normative Reference
- Terms and Definitions
- Context of the organization
- Leadership, policy and responsibilities (Clause 5)
- Planning and consideration of risks and opportunities (Clause 6)
- Support, including resources, people and information (Clause 7)
- Operational processes related to customers and products and services (Clause 8)
- Performance evaluation (Clause 9)
- Improvement (Clause 10).
Please note that the organizations are not required to follow an identical clause by-clause sequence when defining their quality management system documentation.
2. What should be the structure of documentation in ISO 9001:2015?
Requirement for a documented quality manual, documented procedures and records have been withdrawn. Instead Documented Information has been introduced in the FDIS 9001:2015. Documented information includes documented procedures and documented records which the organization needs to control and maintain. There is no requirement for mandatory procedures for 6 elements as was required by ISO 9001:2008 standard
3. Does an Organization need a Quality Manual for conformity to ISO 9001:2015?
FDIS 9001:2015 does not neither require a quality manual nor any documented procedures. It does however require specific ‘documented information’ to be either retained or maintained.
If an organization wishes to be certified then it must of course meet all of the requirements within the standard, including those pertaining to documented information, and it must be able provide evidence.
4. Should organization discontinue their existing documented processes I already established?
Organizations need not discontinue their quality manuals and documented
procedures if already developed and implemented. Requirements for documented procedure were drastically reduced from 20 mandatory procedures to only 6 clauses requiring documented procedures.
Greater emphasis has been placed on process approach in ISO 9001:2000, compared to ISO 9001:1994 version. A vast majority of organizations continued to maintain their documented procedures and records. The same approach may continue in 2015.
Reasons for emphasis on Process approach
The fundamental reason for this approach is due to the fact that the standard directs organization towards a process approach in true spirit and control of these processes to produce desired results.
Documentation may be necessary to the extent the organization feels necessary and will depend on many factors such as use of Information technology e.g. Enterprise resource Planning (ERP), Automated process defined controls, competence of people performing task turnover of people, size , complexity, geographical spread and the like.
How Auditors should handle this change:
- Auditors therefore need more maturity, understanding of processes, sector specific knowledge to ensure optimum level of documentation with a focus of process inputs. Activities, controlled condition to produce desired results
- Auditors should focus as to- how the process requirements are defined, responsibility, authority and activities, tasks etc. and results with supporting objective evidence
- Therefore do not insist or demand a procedure from your experience with other organization. Look at process/es, activities, controls, results and whether results meet with objectives. Procedural compliance does not necessarily ensure organization will achieve its objectives. Focus is on consistent result
5.In the absence of specified documented procedure can an Organization or the Auditor understand the requirements to ensure conformity to standard? Wouldn’t it make the auditing more subjective?
The FDIS 9001:2015 does not require mandatory procedures however the organization needs to identify documented information which may include procedures, flow chart, work instruction at their own discretion depending on their maturity to ensure consistent operation of processes and also maintain documented information (records) as objective evidence to provide confidence that the processes are controlled to produce desired results.
Therefore the standard would require more maturity on the part of the organization and greater degree of competence, understanding and flexibility from auditors to audit a management system effectively.
6. How organizations can migrate to the new standard seamlessly from existing management system developed as per ISO 9001:2008?
There will be a three-year transition period for certified organizations to migrate to ISO 9001:2015 when the standard is published.
However, the organizations can start immediately as the standard is published or even in its current form (FDIS ISO 9001:2015) to take advantage of the new requirement. Most significant is Risk based thinking and Risk assessment, affecting product quality and delivery which has a direct influence on the satisfaction of customer and the business performance of the organizations
- The first step towards transition should be:
- Developing understanding of the new and enhanced requirements.
- Perform a gap analysis.
- Next step is bridge gaps and then perform audit for adequacy and effectiveness.
- Go for certification to new standard if organization desires so.
TCB has developed a transition training program for ISO 9001:2015 standards as per IRCA criteria.
7.Can an organization implement ISO 9001:2008 till 2018 and integrate new requirements gradually within the allowed transition period and migrate to ISO 9001:2015 standard ?
Yes, this could be a good approach . Implement all ISO 9001:2008 requirements, also develop a framework to include new requirements which will not contradict with the existing standard requirements. Certification can be granted in conformity to ISO 9001:2008.
When the new version of the standard ISO 9001:2015 gets published as an international standard, a review should be performed to assess adequacy and conformity. Then go for certification as per new standard.
8. What happened to Management Representative Position ?
This position has been removed. The FDIS ISO 9001:2015 replaces Management Responsibility with Leadership, and regroups a number of ISO 9001:2008 requirements as Leadership activities.
The standard requires greater involvement of top management personnel in the operation of their quality management system. Organization can distribute QMS responsibilities to a group of assigned top management personnel while the corporate level still remains engaged. Top management will, need to undertake some functions directly by themselves those were traditionally assigned to the management representative .The new standard requires involvement of senior and operations manager at every relevant level. Thereby responsibility of the management system would now have to shared and managed by relevant process owners
The reason could be, the Management representatives were only too burdened and top management relied too heavily on this position and intent of the standard and expectation from the top management was diluted to an extent.
This change in ISO 9001:2015 does not necessarily mean that organizations need to remove their management representative or representatives if they are already there, there is no problem with this approach however greater involvement and leadership of top management has to be demonstrated.
9. What are the changes to the Quality Management Principles?
There are seven Principles in the FDIS now as against 8 QMS principle of ISO 9001:2008
The Revised 7 Quality Management principles are:
QMP 1 – Customer focus
QMP 2 – Leadership
QMP 3 – Engagement of people
QMP 4 – Process approach
QMP 5 – Improvement
QMP 6 – Evidence-based decision making
QMP 7 – Relationship management
10.Why the System Approach principle has been removed?The Process approach principle is revised in a way that “Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system”. This has removed the need for a separate ‘systems approach’ principle.
11.What are the major Conceptual Changes in ISO 9001:2015?
Risk-based thinking: The concept of risk was implicit in the ISO 9001:2008 standard or its earlier versions. The approach was once you comply with the standard, risk is automatically addressed. However the upcoming revision makes it more explicit and builds it into the entire quality management system. Depending on the organizational context Risk, can be quantitative as well as qualitative,
Risk-based thinking ensures risk is determined and considered throughout the processes. This brings a proactive action for managing quality processes • Consideration of Risk is not always negative, Risk based thinking encourages identification of opportunities as well. One of the major changes in the ISO 9001:2015 standard is to establish a systematic approach to risk
Clause 4 requires the organization to determine the risks which can affect its ability to meet the system objectives.
Clause 5 requires the top management to demonstrate leadership and top management’s commitment to ensure that the risks and opportunities that can affect the conformity of a product or service are determined and addressed.
Clause 6 , the organization is required to identify risks and opportunities, and plan how to address the identified risks and opportunities.
Clause 8 deals with operational planning and control. The organization is required to plan, implement and control its processes.
Clause 9 requires the organization to monitor, measure, analyze and evaluate the risks and opportunities.
Clause 10 requires that the organization improves its performance by responding to changes in risk.
11.What are the benefits of Risk Based Thinking?
The benefit of Risk based thinking is multifold. This approach enables organizations to respond to change effectively to protect their business. Organizations will need to start using a risk-driven approach in their organizational processes. A systematic analysis of prioritized risks and opportunities help effective decision making and ensures that the management is prepared to manage and mitigate risks. Plan actions to address the risks, Implement the action plan to avoid, eliminate or mitigate risk by taking necessary actions, on time
This would also help organizations to identify the risks and opportunities depending on the context of an organization and its Risk appetite (the amount of risk the organization is willing to accept and live with)
There is a proactive approach that helps improve operational efficiency and enables organizations to apply management system to analyze risk and minimize losses. Risk should be assessed for factors those have influence on Quality of Goods and Services and Timeliness on deliver which assures consistency of quality of goods or services and thereby improves customer confidence and satisfaction
Risk-based thinking establishes a proactive culture of improvement
Leadership, a new clause has been introduced in place of Management Responsibility.
Preventive Action has been removed .Preventive action was a requirement of the ISO 9001:2008 Standard. This has now been removed since a risk based approach and implementation of management standard itself is aimed at preventing errors and nonconformity from happening in the first place.
Please note that the topics covered above does not include all changes and additions in the new ISO 9001:2015 standard and were highlights of some of the significant changes for public information.
12. How can we help you on transition to ISO 9001: 2015 ?
Join TCB’s ISO 9001:2015 Transition course developed in accordance with IRCA criteria. This will be a two days program based on Standard interpretation and workshops. You will develop full understanding of the entire standard and develop competence for implementation and audit.
For joining TCB’s Transition course please contact Training Service Administrator at firstname.lastname@example.org.
This course will fulfil IRCA requirement for Transition for QMS Auditor registration as per ISO 9001:2015 standard.
For any further question on ISO 9001:2015 changes and our ISO courses please contact M S Ray, email@example.com
You can read this pdf on How to move from ISO 9001:2008 to ISO 9001:2015