ISO 9001 2015 Requirements (Part 2)

In the first part of our article about ISO 9001 requirements, we explained everything you should know about the revisions and QMS standards.

We looked at the major changes such as:

• Improved compatibility with the non-manufacturing users and the service sector;
• Application of risk-based thinking;
• Emphasis on leadership requirements;
• Monitoring trends in customer satisfaction;
• Changes in terminology;
• Flexibility in documented information.

In this next article, QSE Academy continues to answer frequently asked questions about the changes in ISO 9001.

Here you’ll see why it’s essential for your organization to apply the necessary changes. You’ll also see the different toolkits that can help achieve this.

Changing ‘Purchasing’ to ‘Control of Externally Provided Processes, Products and Services’

Not all processes, products, or services that an organization obtains are inescapably acquired in the traditional sense because some may be attained from other parts of a corporate entity.

For instance, benefactors may donate resources. Hence, this standard’s control requirement is the same as in the 2008 version.

Special Processes vs Validation of Processes

This requirement still stands despite having no standalone sub-clause. This has been merged into the sub-clause on control of production and service provision.

Post-Delivery Activities and the Extent of an Organisation’s Responsibility

Based on customer agreements or other requirements, an organization may be responsible for offering support for their product or service after delivery.

These are normal parts of contractual requirements agreed to with customers. In some cases, regulatory bodies may require these: training, on-site testing and start-up commissioning, field service, routine maintenance, technical support, and recall.

The Difference Between Improvement and Continual Improvement

ISO 9001:2008 used the term continual improvement to stress the fact that this is a continuing activity.

The following are ways in which an organization may improve:

• small step continual improvement;
• breakthrough improvements;
• reorganization;
• innovation;
• re-engineering initiatives

Thus, ISO 9001:2015 uses the common term ‘improvement’, of which constant improvement is one, but not the sole element.

Is Process Approach Still Applicable to ISO 9001:2015? 

The process approach is a system for gaining a preferred outcome. This is done by handling activities and associated resources as a process.

The clause structure of ISO 9001:2015 uses the Plan-Do-Check-Act sequence, but the process approach remains the fundamental notion for the QMS.

Alignment of the revised standard to the Plan-Do-Check-Act (PDCA) format

PLAN	Clause 4 – Context of the organization Clause 5 – Leadership Clause 6 – Planning for the QMS Clause 7 – Support
DO	Clause 8 – Operations
CHECK	Clause 9 – Performance evaluation
ACT	Clause 10 – Improvement

 

What Does the Context of the Organisation Mean?

This is the amalgamation of significant internal and external issues that impact an organization’s capacity and method of delivering products and services to customers.

Internal issues normally include an organization’s formal and informal decision-making processes, technologies, governance, corporate culture, information systems, and organizational structure.

External issues may cover social, economic, cultural, political, regulatory, legal, technological, competitive, environmental, and financial at the local, regional, national, and international levels.

The standard obliges an organization to define which of these factors could affect its direction, purpose, and QMS. Not only will this help monitor and review factors, but it will also use this data in describing the QMS scope.

What Are the Needs and Expectations Related with Interested Parties?

An organization must establish appropriate interested parties to the QMS, as well as the requirements of those interested parties.

However, this standard doesn’t aim to expand the scope of the QMS to include fulfilling the requirements and needs of interested parties, other than the customer and regulatory requirements.

Such a change would entail an alteration to the standard’s scope, which is not allowable for this revision’s mandate.

The change requires an organization to classify these interested parties. An organization must track and review details about the relevant needs and requirements of interested parties. The data should then be considered in outlining the QMS scope.

Relevant interested parties include customers, employees, top management, unions, investors, suppliers, external providers, regulatory bodies, and the community.

The organization must interact with these parties constantly to comprehend their needs and expectations.

This standard applies to an organization when it wants to establish its capacity to steadily deliver products and services to boost customer satisfaction.

Interested Party	Needs and expectations
Customers	Quality, price, delivery, services
Regulatory bodies	compliance with legal requirements
Owners/Share-holders	Sustained profitability/transparency
Employees	Good job environment; job security; recognition and reward
External Providers	Mutually lasting beneficial relationship
Community/Society	Environmental protection; ethical behavior

 

What Is Organisational Knowledge?

Organizational knowledge is the collection of useful data that is important to the organization.

This knowledge is explicit to an organization and is acquired through experience, lessons learned, the improvement achieved, and the application of research and technology.

Furthermore, it is used and disseminated to attain the objectives of an organization.

Organizational knowledge requirements were presented to safeguard an organization from loss of knowledge. The requirements also urge an organization to obtain new knowledge due to changing business context.

What Does Documented Information Mean?

Documentation, documents, and records are now collectively referred to as documented information. Nevertheless, organizations are required to conserve and update information.

There is no requirement for the terms used in ISO 9001:2015 to substitute the terms used by an organization to identify QMS requirements.

Organizations can decide to use terms that suit their operations. For example, an organization can use ‘protocols’, ‘documentation’, or ‘records’ instead of ‘documented information’.

What is the transition timeframe to comply with this revision?

Note that there’s a 3-year transition period from the publication date of ISO 9001:2015.

New accredited certifications issued shall be to ISO 9001:2015, but only 18 months after publication of ISO 9001:2015.

Any prevailing accredited certifications issued to ISO 9001:2008 will be invalid 3 years after the publication of ISO 9001:2015.

Guidance for Transition

The effect of the new standard should be marginal and controllable for a regular ISO 9001:2008 certified company.

ISO aims to seek a better addition to the ISO 9001 standard. It wants the standard to magnify into new industries and be more user-friendly.

The degree of change will depend on the effectiveness and maturity of the current management system of an organization. The organizational practices and structure should be considered, too.

Hence, an organization is urged to conduct an impact assessment to recognize time implications and realistic resources.

How Can a Certified Organisation Prepare for the Transition to the Revised Standard?

Organizations presently holding ISO 9001 certification should monitor the revision process’ progress and details about crucial changes to the standard.

This is only until September 23, 2015, which is the new standard’s anticipated publication date.

Next, certified organizations must review changes and outline a process for executing amendments to their current QMS to meet the new requirements.

ISO 9001:2008 certified organizations are advised to take the necessary actions:

• The top management should execute a complete QMS review to define organizational gaps that must be addressed to fulfill new requirements.
• Cultivate an implementation plan with corresponding responsibilities.
• Give training and awareness for all parties that affect the organization’s effectiveness.
• Update current QMS to meet the modified requirements and deliver verification of effectiveness.
• Execute a complete internal audit and a management review.
• Process corrective actions for all internal audit outcomes.
• Contact your organization’s certification body for shift preparations.

Impacts of the Revision to ISO 9001:2008 Certification

ISO 9001:2008 certified organizations must contact their registration or certification bodies to agree on a program for analyzing ISO 9001:2015 clarifications.

This should be associated with an organization’s individual QMS for upgrading certificates.

ISO 9001:2008 certificates have an identical status as the new ISO 9001:2015 certificates during the co-existence period.

Organizations in the process of ISO 9001:2008 certification should apply for ISO 9001:2015 certification.

Moreover, new users should begin by utilizing ISO 9001:2015.

• On the other hand, all major industry-specific standards, including TL9000, TS 16949, and AS9100, have shown their plans to switch and align with ISO 9001.

Currently, ISO 13485 is the lone major standard that has no intention to continue its configuration to ISO 9001.

It is recommendable for users of particular sector schemes to refer to the organization that is responsible for that sector scheme. For instance:

• For AS9100/EN9100, refer to IAQG (org).
• For TL 9000, refer to the QUEST Forum (www.questforum.org)
• For ISO/TS 16 949, refer to the IATF (www.iatfglobaloversight.org)

Impacts of the Revisions in the ISO 9001:2015 Requirements to an Organisation’s Employees

This depends on the magnitude of changes your organization may need to make to your QMS.

Yet, it is expected to deliver some form of transition training to employees.

At a minimum, your organization must provide awareness training so employees can familiarize themselves with the new standard. Also, an assessment of the new standard’s effects on personnel and different processes should be done.

Impact of the Revised ISO 9001:2015 Requirements to the Skills of Auditors

Shifting from a prescriptive approach to a process-based approach needs new thinking on auditing.

Several certification body auditors use checklists associated with the standard’s clauses. This is despite the process-based approach to QMS auditing was promoted as early as the ISO 9001:2000 edition.

ISO 9001:2015 writers are hoping audits will be executed through a series of in-depth analyses and discussions. As a result, there’s an emphasis on the evaluation of risk identification of QMS and its processes.

Consequently, it will determine whether customers constantly get their expected services or outputs.

This is all because of the inclusion of risk-based thinking, reinforcement of the process-based requirements, and aligning the clauses to the PDCA (Plan-Do-Check-Act) methodology.

All external and internal QMS auditors should improve their skills by gaining new training in the methods, concepts, and tools for risk management. They can then make use of this knowledge to evaluate and probe the effectiveness and conformity of processes.

Likewise, it will see whether QMS results are reliably fulfilling the requirements of customers.

Besides, the training should focus on the noteworthy changes to the standard. It must also concentrate on key areas, including the assimilation of clauses when auditing a process, customer focus, process approach, outcomes, and interested parties.

Updating Accreditation of Certification Bodies to Audit Their Clients to the ISO 9001:2015

Back on July 22, 2015, the modified IAF Accreditation Rules 20 and 21 were published.

It covers a timeline specifying when CBs must accomplish the required actions after the publication of ISO 9001:2015.

Critical Date	CB Required Action	Consequences of Failure
3 months after publication	Apply for transition	Suspension
6 months after publication	Achieve transition	Recommend suspension
9 months after publication	Achieve transition	Recommend withdrawal
Before or at the end of the 3-year transition	All ISO 9001:2008 certificates expire.

CBs are permitted to use the standard FDIS ISO 9001:2015 version to start transitioning.

No CB can authorize or date an accredited certification to the new standard before the date on which the CB transitions its accreditation.

Are Organizations Allowed to Disregard Some ISO 9001 Requirements?

ISO 9001:2015 no longer has an exact mention of ‘exclusions’ concerning the suitability of its requirements to the QMS of your organization.

Yet, your organization is permitted to define the applicability of requirements.

To determine conformity to this standard, the requirement identified by the organization, as not being applicable, should not impact the ability nor responsibility of an organization to guarantee the conformity of products and services. It should also not affect the improvement of customer satisfaction.

Now that your organization is updated with all the revisions found in ISO 9001:2015 requirements, it will be more systematized for you to implement a QMS, apply the changes, and get certified.

We’ve developed toolkits that are based on the revisions we’ve explained. If you want to get ahead in the playing field, now is the time to obtain our toolkits.