ISO9001 Changes (2015)
What is the reason for the 2015 update?
Since its first publications in 1987, ISO9001 has been revised on average every 7 years. The last revision in 2008 only made minor revisions. ISO recognises that for the standard to continue to achieve its primary objective of providing organisations customers confidence in the quality of their products and services, it must be updated.
The way that business is conducted has changed substantially since the last major revision and the 2015 revision will recognise the technological developments over this period catering for organisations that now utilise latest technology including cloud-based systems. Importantly, ISO also recognise that the standard must continue to be relevant to organisations that are not able to embrace some of these technological developments.
Where is the standard at in the ISO revision process?
ISO have a six stage revision process. The proposal for ISO9001:2015 commenced in May 2012 and the current revision has now completed stage 5 of the process, the approval stage. It progressed through this stage with close to a 90% vote of approval. This takes the standard revision into the final stage as the ‘Final Draft International Standard (FDIS)’. Once this stage is complete the new standard will be published and the expected date of publication is September 2015.
What are the core concepts in the latest revision?
Nigel Croft, the Chair of the ISO subcommittee revising the standards, identifies that the new standard is based on three core concepts:
1. The process management approach which has been very successful in the 2008 version of the standard;
2. Superimposed on this process approach is the plan-do-check-act (PDCA) methodology, and
3. Risk based thinking, which aims to prevent undesirable outcomes. This concept is new for the 2015 revision.
The process management approach expects organisations to manage and control the processes that make up their organisations. The overall objective is to ensure that the organisation produces products or services that are of consistent quality. This starts with leadership from top management and the latest revision ensures that the quality management system is integrated within the organisations business strategies.
The plan-do-check-act (PDCA) cycle is a methodical approach to problem solving and implementing solutions. The plan stage identifies what the problem is, the Do phase involves the generation, prioritisation and piloting of possible solutions. The Check phase measures the effectiveness of the pilot solution and in the ‘Act’ phase you implement your solution fully.
Risk based thinking introduces risk and opportunity management into the quality standard. The aim of this is for the Quality Management System (QMS) to be used to improve the governance of the organisation and proactively manage any events that can have an effect on the objectives of the QMS and the organisation. This effect can be, negative (risks) and positive (opportunities). Managing both effectively will improve the outcomes for the organisation.
What are some of the key changes of the latest revision?
As has been identified in the core concepts above, the focus on risk management is more explicit in the latest revision. Part of this approach is an increased focus on the context of the organisation. The context is commonly broken down into the external environment and internal environment.
Examining the context of the organisation refers to the factors in the internal or external environment that can have an effect on the organisation achieving its objectives. External context examples include, political, economic, environmental, legal and social environments. Internal examples include the organisations strategies, culture, procedures and operating environment.
It is important the organisation continually scans its environment to understand if anything has changed that may affect it achieving its objectives. This process allows an organisation to proactively manage risk and opportunities resulting from a change in the organisations context.
The latest revision also has an increased emphasis on leadership. This has always been recognised as an important consideration, as without buy in from the top of the organisation a sustained and effective QMS will not be achieved.
Linked to this, is the requirement for ISO 9001:2015 to be integrated and aligned with an organisations strategy. This has the benefit of ensuring the QMS is embedded within the organisation as well as minimising duplication.
A further change relates to the structure of the standard. The framework of ISO9001:2015 is aligned to other management standards making it easier to align with other management system standards.
So how do I prepare and how much time do I have?
Once the new standard is released, scheduled for September 2015, there is a three-year transition period for organisations seeking certification.
If an organisation has been proactive in the management of their QMS an then they will already be achieving many of the new requirements. However if certification has been more of a ‘tick box’ exercise, the chances are you will need to make more changes.
A copy of the Final Draft International Standard (FDIS) is available and it is advisable to start commencing a gap analysis, establish plans on how to close the gaps and start on the journey of implementation sooner rather than later. As you examine the gaps to the standard try to ensure you consider the following questions:
• How can your organisation benefit from the changes?
• How can your organisation use the requirements to provide greater confidence to customers in terms of consistent product / services?