The Quality Management System Standard ISO 9001 is changing this Year, how can you prepare?
ISO 9001 (Quality Management Systems – Requirements) is currently under review. The Final Draft of the Standard is now available for purchase and the upgraded version of the new Standard is scheduled for release in September 2015.
All ISO Standards are reviewed periodically to ensure that they are current and relevant in the marketplace. ISO 9001 was previously reviewed in 2000 and 2008. The new 2015 version however will introduce a framework that will be common to other management system standards as they are reviewed and released.
WHAT ARE THE MAJOR CHANGES EXPECTED?
The Final Draft of the Standard contains a number of significant variances from the 2008 version of the Standard and whilst Committee Draft received a 90% approval from voting members, there is no ironclad guarantee that the Final Draft will be approved. We should therefore be careful that we do not make any serious alterations to our existing ISO 9001 systems until the new Standard is finally published. It is important that we fully understand how our Certifying Bodies intend to audit the new Standard before we rush headlong into large scale changes to our mature systems.
Proposed major variations are:
1. A new structural framework – 10 sections instead of 8
Section 1 – Scope
Section 2 – Normative references
Section 3 – Terms and definitions
Section 4 – Context of the Organisation
Section 5 – Leadership
Section 6 – Planning
Section 7 – Support
Section 8 – Operation
Section 9 – Performance Evaluation
Section 10 – Improvement
2. Emphasis on achieving value for the organisation and its customers
3. The introduction of Risk based thinking and Risk Management
4. Decreased emphasis on Documentation
5. No stated requirement for documented Procedures or a Quality Manual
6. No requirement for a Management Representative
7. No longer a formal requirement for Preventative Action
8. Outsourcing becomes External Provision
9. Enhanced Leadership requirements
10. Organisational Context and responsiveness to changing Business Environment
WHAT SHOULD WE DO IF WE ARE ALREADY CERTIFIED TO THE 2008 VERSION?
Organisations have been granted a 3 year transition period after publication to migrate their Quality System to the new edition of the Standard but there are a few things that we can do to prepare for the Standard’s release.
We can focus on Context, Risk and Objectives.
Section 4: Context of the Organisation
This section is intended to provide insight into the purpose and objectives of the organisation, why it exists and to ensure that the quality management system is truly integrated into the organisation. We must analyse and determine how external and internal issues such as turnover of personnel, ageing infrastructure, challenges of new technology, new product introductions, availability of raw materials, changes in financial or environmental regulations, increased workload etc., effect our systems
There are 4 subclauses in this section
4.1 Understanding the Organisation and its Context
That is, the purpose and strategic direction of the organisation, why it is here
4.2 Understanding the needs and expectations of interested parties
Opens up the system for a much broader application than just the customer needs but to understand the effects of interested parties (say suppliers, environmental agencies, financial institutions, the community and maybe even competitors) on our ability to meet our organisational goals
4.3 Determining the Scope of the quality management system
The Scope must be determined considering the external and internal issues and interested parties. It must be available in “documented information” and stated in terms of “goods and services” with the processes and organisation required to deliver them
4.4 Quality Management System and its processes
Notes the requirements that need to be included in the quality management system including the processes to be covered. The Standard does not require the meticulous documentation of all of the processes but only to the extent necessary to support the operation of the processes.
Section 6: Planning for the quality Management System
6.1 Actions to address risks and opportunities
The requirements of this clause deal with risk based thinking. It does not require a formal risk management program as this would be too onerous for smaller companies but is an improvement over the existing requirements for Preventive Action. The draft describes the need to determine risk and opportunities that assure the quality management system can achieve its intended outcomes, prevent or reduce undesired effects, and achieve improvement. The generation of a plan to address these risks and opportunities should be followed by the evaluation and effectiveness of the actions to ensure the actions are appropriate to the degree that the goods and services are impacted. Whilst the risks have to be routinely identified and acted upon, there is no requirement in the draft for a formal risk management system.
Organisations should consider managing risk by identifying it, analysing and then evaluating whether the risk should be modified by preventive actions in order to satisfy their risk criteria.
The existence of a Strategic Plan for the business as a whole will go a long way to ensure that the risk based thinking extends to the senior levels of the organisation. It also provides the means to monitor and improve the performance of the operation including its Quality Objectives.
6.2 Quality Objectives and planning to achieve them
The last improvement we should consider to our existing quality management system is to understand the guidance given in 6.2.2. The existing version of ISO 9001 requires us to determine, measure, monitor and review our quality objectives but it does not cover what we should do with them. In the draft version of the 2015 standard there is a requirement to plan how you will achieve these quality objectives. You will have to say what will be done, what resources you will need, who will be responsible, when the action taken will be complete and how you will evaluate the results.
Although there is no requirement to ensure that an objective be improved, there are requirements that actions be taken based on the results of monitoring the objectives. Auditors will no doubt be looking to verify that the numbers have changed and that you have planned to address the issues with the intent of improvement.
SO WHAT HAPPENS NEXT?
The publication of the upgraded ISO 9001 Standard is expected to occur in September 2015, followed closely by ISO 14001 Environmental Management Systems in October and then ISO 45001 Occupational Health and Safety Management Systems towards the end of 2016. All three standards will use the common framework.
If your business is certified to any of these standards, you will be given a three year period to bring your system in line with the requirements of the appropriate standard. You can expect your external auditors to start monitoring your preparedness from the two year mark to ensure that you will be ready for the change.
If you have any concerns with the impact of these Standard upgrades or require assistance with how to go about making the changes, you can contact the Inform Group for assistance.
If you are considering developing a quality, environmental or safety management system for certification, the Inform Group can provide guidance to each new standard as they are released.