ISO 9001:2015 — It’s Here!

Oct. 30, 2015 – It’s the talk of the quality management world — ISO 9001:2015 with its new format and its new wording has been published.

There’s a lot of information about the new requirements, and there’s a lot of fear about the new requirements. Take a deep breath — we’ve survived revisions before.

Let’s talk about the format first. The flow of the standard has been changed. The purpose of this change is to move towards a consistent format in management system standards. So, the first recommendation for any organization considering ISO 9001:2015 is to buy the standard and read it — including Annex A and B. Then you’ll realize there is no requirement to change the flow and numbering of documents in your quality management system structure to match the 2015 format. The choice is yours — revamp your documentation flow and numbering system, add a cross reference table or leave your documentation flow and numbering system as it is now.

A medium-sized distribution company in Ontario has decided to leave its documentation numbering system as it is now. The company hasn’t been tied to the ISO 9001 formatting to this point, so don’t feel the need to start now. The decision will be a good place to start planning your transition project. Document the project using common project management tools and techniques.

Now let’s talk about the changes in wording. 2015 talks about understanding the organization and its context. New is the idea of “interested parties.” This expands the list of who is relevant in relation to your organization’s quality management system. Read Annex A to get a better understanding of your organization’s interested parties. Use common tools like SWOT and SIPOC. Just don’t go nuts with this list.

Answer these questions: Does the group I’m considering have an impact on my organization’s ability to provide consistent products and services to my customer? Does this group have an impact on my organization’s quality management system?

As you read through the new revision, you’ll notice there are no longer any specific requirements for documented manuals and procedures. Instead, the requirement is for documented information. This gives organizations the opportunity to really customize their quality management system.

You decide what makes sense for your organization. If it makes good business sense to write a procedure or work instruction, do it. And keep records to show that it was implemented consistently.

Most Canadian companies base the decision to document or not on the risk involved and the internal or external nonconformances caused in the past by unclear (and not documented) processes.

Another area that has changed is that the standard has strengthened leadership’s level of responsibility. The aim is to ensure that leaders demonstrate how they have taken accountability for the performance of the organization and how they are developing, coaching and monitoring staff. Roles and responsibilities need to be better defined for supporting organization functions, with top leaders taking much more active roles in the overall QMS management and effectiveness. The goal here is to further link your business and your team to your quality management system. Keep in mind your overall business goal — to provide consistent products and services to your customers and to make money while you’re doing that. Let your quality management system help your organization reach that goal.

Finally, let’s talk about the new requirement which has the ISO 9001 world buzzing — risk-based thinking. This seems to be of concern to most organizations. Take another deep breath. Consider your current business situation. If you’re a successful organization, you’re already doing risk-based thinking. At some point, in a formal way or not, your organization has answered the “what’s the risk” question. What’s the risk in taking on that new customer or that new product or that new service.

And make sure your organization has answered in a way that makes sense for your business. Sometimes it will be the right answer and sometimes the wrong one.
ISO 9001:2015 is asking your organization to formalize your risk-based thinking process, but formalizing to the extent that makes sense for your business.

Risk is defined as the effect of uncertainty on an unexpected result. So, where there’s a risk, your organization’s quality management system needs to help achieve the intended result and prevent or reduce the undesired effect.

Your organization can decide to avoid the risk, eliminate the source, share the risk or take the risk. Leadership needs to evaluate the effectiveness of the actions that were taken to address risks and opportunities.

There’s a lot of information about risk-based thinking out there. Look at the ISO.com User’s Guide from Working Group 24. Technical Committee 176’s standing committee No. 3 has also written the ISO 1000 series of standards. There’s even ISO 31000 — Risk management — Principles and guidelines. Contact your registrar for training and white papers.

For more information, you can also visit ASQ quality management standards.

Remember to make sure everything you read applies to your business. With a few deep breaths and a good project plan, implementation of ISO 9001:2015 is not going to be too traumatic.

As owner of E. Burns Consulting, Elizabeth Burns (eburns@sentex.net) has been successfully assisting organizations in manufacturing, service and not-for-profit industries in implementing ISO 9001 and related business management systems since 1990. She has been an ASQ Fellow since 2009 and an ASQ Certified Quality Engineer since 1988.