The release of the revised version of ISO 9001:2015—“Quality management systems—Requirements,” has many organizations asking what the revision will mean for them. Specifically, what are the key changes required for existing ISO 9001-compliant quality management systems (QMS) to achieve compliance with the revised standard? Also, what areas are likely to present the greatest challenges for avoiding nonconformities during the certification audit?
In this article, we’ll attempt to answer these and other questions to help you transition to ISO 9001:2015 smoothly and successfully.
Background
The current review and revision process for ISO 9001 is a routine part of the ISO’s efforts to ensure that the requirements of its internationally accepted standards keep pace with changes in technology and remain relevant to the market. At the same time, ISO Technical Committee 176 (TC 176), the committee responsible for the ISO 9001 revision also wanted to reorganize the standard to better align with the overall structure of other management systems standards, such as ISO 14001 (environmental management systems) and ISO 27001 (information security management systems). By adopting a common framework, ISO TC 176 hopes to make ISO 9001 more compatible with other management systems standards, and make it easier and more efficient for organizations to concurrently maintain and manage multiple management systems.
A draft version of the revised standard, ISO/DIS 9001:2015, was originally distributed in May 2014 for review and comment to ISO member country representatives. This initial draft elicited about 3,000 separate comments, but the draft was ultimately approved by 80 percent of voting members during a preliminary vote. On July 9, 2015, ISO TC 176 released the final draft international standard (FDIS) for a final vote and approval. The final version of ISO 9001:2015 was released late 2015.
A summary of the key changes
ISO 9001:2015 includes a number of significant changes that must be considered by organizations certified to the current version of the standard. Those changes include:
• The importance of stakeholders. The revised standard adopts a stakeholder approach to quality management, and focuses on stakeholder relationship management (SRM). As such, organizations are required to identify the issues and requirements of relevant stakeholders when developing their QMS. The concept of SRM can extend beyond customers to include employees, suppliers, partners, and even regulatory authorities.
• Expanded role for leadership. By expanding the scope of what it terms “management responsibilities,” the revised standard clearly places overall responsibility and accountability for an organization’s QMS with senior leadership. While leadership may appoint a representative to manage quality system-related activities, they retain ultimate responsibility for implementation consistent with the standard’s requirements.
• A risk-based approach to quality. ISO 9001:2015 adopts a risk-based approach to various requirements throughout the standard. However, it doesn’t require the application of a standardized risk management approach, and contains no clauses that detail specific requirements for preventive measures.
• An increased emphasis on process. ISO 9001:2015 strengthens the importance of applying a process approach in developing, implementing, and improving the effectiveness of an organization’s QMS. As such, organizations will now be required to define inputs and expected outputs of each process, and to identify key performance indicators.
• Greater documentation flexibility. The terms “documents” and “records” are being replaced with the term “documented information.” This change is intended to provide organizations with greater flexibility in describing their QMS. In addition, the current requirement for documented procedures will no longer be mandatory.
Potential nonconformities and other challenges
Organizations currently certified to the 2008 version of ISO 9001 will have up to three years to modify their current QMS to comply with the requirements of the revised standard and to achieve recertification. However, adopting to the changes in the revised standard is likely to pose a number of specific challenges, including the following:
• Getting leadership involved. The requirement for increased leadership oversight and accountability for an organization’s quality management system may well represent the biggest challenge. Meeting the threshold of this requirement involves the full engagement of leadership team members, as well as an understanding of the role that a commitment to quality plays in achieving organizational goals, and training on the particulars of an effective QMS.
• Addressing root cause issues. The increased emphasis on process requires a significant effort to identify and investigate root cause issues that affect performance and require corrective actions. However, most organizations aren’t sufficiently trained in root cause analysis, and may struggle to develop and implement processes that uncover the underlying basis for nonconformities that are identified.
• Implementing risk management practices.The revised standard requires organizations to adopt a risk-based approach to quality, but provides few details on how to achieve this. Some organizations may need to look more closely at how they address risk in order to be in compliance.
• Documentation and recordkeeping. The revised documentation requirements are actually likely to impose a different kind of recordkeeping burden on organizations. Although there will be greater flexibility in the types of documentation that are permitted, that flexibility will be offset by the need to provide evidence of a robust recordkeeping system that provides a thorough history of all quality management activities.
Recommendations
According to the International Accreditation Forum (IAF), there are a number of recommended actions that organizations can take to successfully transition to the new requirements of ISO 9001:2015. These include:
• Conduct a gap analysis. Identifying the gaps between current practices and the new requirements is the most effective way to evaluate the changes that are required in your current QMS.
• Develop an implementation plan and timetable. A formal implementation plan and schedule will help your organization address the required changes within the anticipated three-year transition period.
• Provide appropriate training for all parties. Ongoing education and training for all relevant personnel are critical to achieving the goals of your transition plan. More important, educated stakeholders are vital in ensuring ongoing compliance once the transition is complete.
• Update existing QMS documentation. As noted above, clear and thorough documentation is essential to demonstrate compliance with the requirements of the revised standard and to help reduce the risk of nonconformities.
• Involve your certification partner early in the process. An experienced certification body can provide invaluable assistance in the process of transitioning to the requirements of ISO 9001:2015. Its early involvement can help your organization save time and money.
About the Author:
Randall D’Amico is a management system auditor for TÜV SÜD America, and is a certified lead auditor for ISO 9001, ISO 14001 and ISO 13485. He has more than 20 years of experience with ISO management system certifications. He can be reached at rdamico@tuvam.com
This article appeared in "Quality Digest Daily," an electronic publication from Quality Digest magazine (www.qualitydigest.com) nd is reproduced with permission.
