In the first part of our article about ISO 9001:2015 requirements, we explained everything you should know about the revisions and QMS standard.
We looked at the major changes such as:
- Improved compatibility with the non-manufacturing users and the service sector;
- Application of risk-based thinking;
- Emphasis on leadership requirements;
- Monitoring trends in customer satisfaction;
- Changes in terminology;
- Flexibility in documented information.
QSE Academy compiled these changes so your organisation will create conforming products and services.
In this next article, QSE Academy continues to answer frequently asked questions about the changes in ISO 9001.
Here you’ll see why it’s essential for your organisation to apply the necessary changes. You’ll also see the different toolkits that can help achieve this.
Changing ‘Purchasing’ to ‘Control of Externally Provided Processes, Products and Services’
Not all processes, products, or services that an organisation obtains are inescapably acquired in the traditional sense because some may be attained from other parts of a corporate entity.
For instance, benefactors may donate resources. Hence, this standard’s control requirement is basically the same as in the 2008 version.
Special Processes vs Validation of Processes
This requirement still stands despite having no standalone sub-clause. This has been merged into the sub-clause on control of production and service provision.
Post-Delivery Activities and the Extent of an Organisation’s Responsibility
Based on customer agreements or other requirements, an organisation may be responsible for offering support for their product or service after delivery.
These are normal parts of contractual requirements agreed to with customers. In some cases, regulatory bodies may require these: training, on-site testing and start-up commissioning, field service, routine maintenance, technical support, and recall.
The Difference Between Improvement and Continual Improvement
ISO 9001:2008 used the term continual improvement to stress the fact that this is a continuing activity.
The following are ways in which an organisation may improve:
- small step continual improvement;
- breakthrough improvements;
- re-engineering initiatives
Thus, ISO 9001:2015 uses the common term ‘improvement’, of which constant improvement is one, but not the sole element.
Is Process Approach Still Applicable to ISO 9001:2015?
The process approach is a system for gaining a preferred outcome. This is done by handling activities and associated resources as a process.
The clause structure of ISO 9001:2015 uses the Plan-Do-Check-Act sequence, but the process approach remains the fundamental notion for the QMS.
Alignment of the revised standard to the Plan-Do-Check-Act (PDCA) format
|PLAN||Clause 4 – Context of the organization Clause 5 – Leadership Clause 6 – Planning for the QMS Clause 7 – Support|
|DO||Clause 8 – Operations|
|CHECK||Clause 9 – Performance evaluation|
|ACT||Clause 10 – Improvement|
What Does the Context of the Organisation Mean?
This is the amalgamation of significant internal and external aspects that impact an organisation’s capacity and method of delivering products and services to customers.
Internal factors normally include an organisation’s formal and informal decision-making processes, technologies, governance, corporate culture, information systems, and organisational structure.
External factors may cover social, economic, cultural, political, regulatory, legal, technological, competitive, environmental, and financial at the local, regional, national, and international levels.
The standard obliges an organisation to define which of these factors could affect its direction, purpose, and QMS. Not only will this help monitor and review factors, but it will also use this data in describing the QMS scope.
What Are the Needs and Expectations Related with Interested Parties?
An organisation must establish appropriate interested parties to the QMS, as well as the requirements of those interested parties.
However, this standard doesn’t aim to expand the scope of the QMS to include fulfilling the requirements and needs of interested parties, other than the customer and regulatory requirements.
Such a change would entail an alteration to the standard’s scope, which is not allowable for this revision’s mandate.
The change requires an organisation to classify these interested parties. An organisation must track and review details about the relevant needs and requirements of interested parties. The data should then be considered in outlining the QMS scope.
Relevant interested parties include customers, employees, top management, unions, investors, suppliers, external providers, regulatory bodies, and the community.
The organisation must interact with these parties constantly to comprehend their needs and expectations.
This standard applies to an organisation when it wants to establish its capacity to steadily deliver products and services to boost customer satisfaction.
|Interested Party||Needs and expectations|
|Customers||Quality, price, delivery, services|
|Regulatory bodies||compliance with legal requirements|
|Employees||Good job environment; job security; recognition and reward|
|External Providers||Mutually lasting beneficial relationship|
|Community/Society||Environmental protection; ethical behavior|
What Is Organisational Knowledge?
Organisational knowledge is the collection of useful data that is important to the organisation.
This knowledge is explicit to an organisation; and is acquired through experience, lessons learned, the improvement achieved, and the application of research and technology.
Furthermore, it is used and disseminated to attain the objectives of an organisation.
Oganisational knowledge requirements were presented to safeguard an organisation from loss of knowledge. The requirements also urge an organisation to obtain new knowledge due to changing business context.
What Does Documented Information Mean?
Documentation, documents, and records are now collectively referred to as documented information. Nevertheless, organisations are required to conserve and update information.
There is no requirement for the terms used in ISO 9001:2015 to substitute the terms used by an organisation to identify QMS requirements.
Organisations can decide to use terms that suit their operations. For example, an organisation can use ‘protocols’, ‘documentation’, or ‘records’ instead of ‘documented information’.
What is the transition timeframe to comply with this revision?
Note that there’s a 3-year transition period from the publication date of ISO 9001:2015.
New accredited certifications issued shall be to ISO 9001:2015, but only 18 months after publication of ISO 9001:2015.
Any prevailing accredited certifications issued to ISO 9001:2008 will be invalid 3 years after the publication of ISO 9001:2015.
Guidance for Transition
The effect of the new standard should be marginal and controllable for a regular ISO 9001:2008 certified company.
ISO aims to seek better addition for the ISO 9001 standard. It wants the standard to magnify into new industries and be more user-friendly.
The degree of change will depend on the effectiveness and maturity of the current management system of an organisation. The organisational practices and structure should be considered, too.
Hence, an organisation is urged to conduct an impact assessment to recognise time implications and realistic resource.
How Can a Certified Organisation Prepare for the Transition to the Revised Standard?
Organisations presently holding ISO 9001 certification should monitor the revision process’ progress and details about crucial changes to the standard.
This is only until September 23, 2015, which is the new standard’s anticipated publication date.
Next, certified organisations must review changes and outline a process for executing amendments to their current QMS to meet the new requirements.
ISO 9001:2008 certified organisations are advised to take the necessary actions:
- The top management should execute a complete QMS review to define organisational gaps that must be addressed to fulfill new requirements.
- Cultivate an implementation plan with corresponding responsibilities.
- Give training and awareness for all parties that have an effect on the organisation’s effectiveness.
- Update current QMS to meet the modified requirements and deliver verification of effectiveness.
- Execute a complete internal audit and a management review.
- Process corrective actions for all internal audit outcomes.
- Contact your organisation’s certification body for shift preparations.
Impacts of the Revision to ISO 9001:2008 Certification
ISO 9001:2008 certified organisations must contact their registration or certification bodies to agree on a program for analysing ISO 9001:2015 clarifications.
This should be associated with an organisation’s individual QMS for upgrading certificates.
ISO 9001:2008 certificates have an identical status as the new ISO 9001:2015 certificates during the co-existence period.
Organisations in the process of ISO 9001:2008 certification should apply for ISO 9001:2015 certification.
Moreover, new users should begin by utilising ISO 9001:2015.
On the other hand, all major industry-specific standards, including TL9000, TS 16949, and AS9100, have shown their plans to switch and align with ISO 9001.
Currently, ISO 13485 is the lone major standard that has no intention to continue its configuration to ISO 9001.
It is recommendable for users of particular sector schemes to refer to the organisation that is responsible for that sector scheme. For instance:
- For AS9100/EN9100, refer to IAQG (org).
- For TL 9000, refer to the QUEST Forum (www.questforum.org)
- For ISO/TS 16 949, refer to the IATF (www.iatfglobaloversight.org)
Impacts of the Revisions in the ISO 9001:2015 Requirements to an Organisation’s Employees
This depends on the magnitude of changes your organisation may need to make to your QMS.
Yet, it is expected to deliver some form of transition training to employees.
At a minimum, your organisation must provide awareness training so employees can familiarize themselves with the new standard. Also, an assessment of the new standard’s effects on personnel and different processes should be done.
Impact of the Revised ISO 9001:2015 Requirements to the Skills of Auditors
Shifting from a prescriptive approach to a process-based approach needs new thinking on auditing.
Several certification body auditors use checklists associated with the standard’s clauses. This is despite the process-based approach to QMS auditing was promoted as early as the ISO 9001:2000 edition.
ISO 9001:2015 writers are hoping audits will be executed through a series of in-depth analyses and discussions. As a result, there’s an emphasis on the evaluation of risk identification of QMS and its processes.
Consequently, it will determine whether customers constantly get their expected services or outputs.
This is all because of the inclusion of risk-based thinking, reinforcement of the process-based requirements, and aligning the clauses to the PDCA (Plan-Do-Check-Act) methodology.
All external and internal QMS auditors should improve their skills by gaining new training in the methods, concepts, and tools for risk management. They can then make use of this knowledge to evaluate and probe effectiveness and conformity of processes.
Likewise, it will see whether QMS results are reliably fulfilling the requirements of customers.
In addition, the training should focus on the noteworthy changes to the standard. It must also concentrate on key areas, including assimilation of clauses when auditing a process, customer focus, process approach, outcomes, and interested parties.
Updating Accreditation of Certification Bodies to Audit Their Clients to the ISO 9001:2015
Back on July 22, 2015, the modified IAF Accreditation Rules 20 and 21 were published.
It covers a timeline specifying when CBs must accomplish the required actions after the publication of ISO 9001:2015.
|Critical Date||CB Required Action||Consequences of Failure|
|3 months after publication||Apply for transition||Suspension|
|6 months after publication||Achieve transition||Recommend suspension|
|9 months after publication||Achieve transition||Recommend withdrawal|
|Before or at the end of 3-year transition||All ISO 9001:2008 certificates expire.|
CBs are permitted to use the standard’s FDIS ISO 9001:2015 version to start transitioning.
No CB can authorise or date an accredited certification to the new standard prior the date on which the CB transitions its accreditation.
Are Organizations Allowed to Disregard Some ISO 9001 Requirements?
ISO 9001:2015 no longer has an exact mention to ‘exclusions’ in relation to the suitability of its requirements to the QMS of your organisation.
Yet, your organisation is permitted to define the applicability of requirements.
To determine conformity to this standard, the requirement identified by the organisation, as not being applicable, should not impact the ability nor responsibility of an organisation to guarantee the conformity of products and services. It should also not affect the improvement of customer satisfaction.
Now that your organisation is updated with all the revisions found in ISO 9001:2015 requirements, it will be more systematised for you to implement a QMS, apply the changes, and get certified.