ISO 9001:2015 – Changes on the Horizon

With a new revision of ISO 9001 being published in 2015, ISO has given organizations a three-year transition period to adopt the new version. At the end of September 2018, ISO 9001:2008 certificates will no longer be valid. Here at Qualtrax, we have begun the process of transitioning our Quality Management System (QMS) and have some takeaways that we would like to share. We hope that these takeaways will help explain the changes and lessen the natural anxiety related to transitioning to any new standard.

sunset-984546_1920

What does this mean for my organization?

Do you currently have a well-functioning QMS? If so, there is some great news for you! While clause numbers may have changed, many of the requirements from the standard have not seen significant change. There is also no requirement to use the clause structure or terminology of the standard in your QMS, meaning that some of your existing documentation and procedures may not need to be updated at all!

There have been major changes to previous requirements from sections of ISO 9001:2008 however, which we’ll expand on below. You’ll want to begin exploring the standard with particular focus on finding gaps in your QMS as it relates to the newly added requirements in order to prepare for your transition.

Preventive Actions vs Risk-Based Thinking

There is no longer a requirement for Preventive Actions in the Standard. Preventive Actions were intended to be recorded only when a potential problem was identified and corrected before an incident occurred. Many organizations, however, would record preventive actions for problems that had already happened. The change in focus from Preventive Action to risk-based thinking will help organizations create a framework for identifying potential issues and opportunities in their processes and QMS and work to mitigate those issues.

Here at Qualtrax, we are encouraging our employees to integrate risk-based thinking into their daily work as well as formally identifying risks and opportunities as part of our leadership strategy meetings, internal audits, and corrective action processes.

Documentation

ISO 9001:2015 has a new term, “Documented Information” that covers any retained documentation relevant to the QMS. The standard has become less prescriptive on the kind of documentation required and currently only requires three pieces of documented information: the scope of the organization, the quality policy and the quality objectives of the organization. A stated goal of the ISO 9001 revision is “for the amount and detail of documentation required to be more relevant to the desired results of the organization’s process activities.” This does not mean that previously created documentation is now useless – you still must present evidence of compliance when it is requested by an Auditor. However, the changes may mean less documentation for many organizations and a greater reliance on employees’ knowledge of processes and the QMS as evidence. Process enforcement through software controls can also be an effective way to show adherence to your procedures.

New Management Focus

Another large change in ISO 9001:2015 is related to the role of management. There is no longer a requirement for a designated “Management Representative” and there are new requirements around leadership commitment. ISO has communicated that the new revision of the standard is intended to place a greater emphasis on leadership and their participation in the QMS. It may be helpful to think of your QMS as a business management system. In thinking of your QMS in this way, it becomes clear that leadership in any organization should have accountability for the effectiveness of the QMS and communicate the importance of the QMS to the organization.

Interested Parties

The new standard requires that interested parties be taken into account as part of many different requirements. Interested parties can be neighbors, employees, employee families, customers, suppliers, your state, your country, etc. It is important to remember that you only need to address interested parties under the scope of your QMS particularly when related to the provisions of products and services. Remembering this will prevent you from scope creep and addressing the needs of interested parties that may not be truly relevant to your organization.