ISO 9001:2015 – Tools and Suggestions to Begin the Move (Part 2)
By Michael Haycock, Sr. BRC Consultant
Read Part 1 of this article HERE
I was not a very good student in high school. (That was back when the earth was still cooling.) Anyway, I did enjoy history and literature. One of my favorite authors – Jack London – told a “cold” and tragic short story “To Build a Fire.”
The essence was about a tracker/traveller in the Klondike and one particularly cold day (-50ºF) he was out by himself and, as circumstances turned out, in a desperate situation. His only means to survive while waiting for help was to find shelter and build a fire. He found what appeared to be a good location, well protected by trees for a windbreak. The challenge was being alone, with the bitter cold and being short on matches. With the last match, he was able get a fire going. (I’m making a short story shorter.) Anyway, he actually was able to get a really good fire going and there is hope. Unfortunately, in his haste for shelter and fire – he never looked up. A large clump of snow on the overhanging branches began to melt and move and soon fell on the fire, extinguishing it.
Mr. London’s stories rarely had anything close to a happy ending. So – what’s my point?
As experienced and professional as we may be, it is important – no…essential – to know the world around us and never take it for granted. For certain… “we always need to look up”. This standard “pokes us” to do that. The Introductory material was mostly covered in the last article. I will try and provide some direction and tools in the review of the actual requirements to follow.
Over the years, Clause 4.1 (mostly) said you had to have a Quality System, and the rest of the requirements detail the specifics that are required to be included. ISO 9001:2015 is somewhat different in causing you to look at the organization and “who” it is. Instead of just saying “I am”, the organization needs to look at itself in order to know who “I am”. Detail to follow…
4.1 Understanding the organization and its context
What are the internal and external issues that are relevant to the purpose and direction of the organization? Kind of – who are we and what are we trying to do? (Over the years we go through phases like being the innovator, low cost provider, mature/solid, premium product, etc.) The organization needs to be as clear as possible in its culture and nature. It is also necessary that everyone in the organization has the same understanding. This implies an understanding of the world around us and the need to understand, adapt and survive.
4.2 Understanding the needs and expectations of interested parties
Who is it that actually influences who “we” are and what we do? We are asked not just to “know” but to monitor, document and review how we know this. (I have “known” many organizations who were absolutely world class – and no longer exist.) I have worked for and done work for some of these organizations.
While watching an episode of a favorite series – “Mayday” (I learn something every time) – the airline went out of its way to make sure aircraft left on time. The objective was to ensure every passenger arrived on time. While this may be an admirable objective – wouldn’t the primary objective be just to ensure they “ARRIVED”? Because some necessary maintenance would have caused a delay, it wasn’t done. This aircraft took off on time – it just never arrived.
4.3 Determining the scope of the Quality management system
In the past, you mostly said this is what we do and typically the registrar tried to put it in 25 words or less – to have on your certificate. Are you missing some business you could capture because your scope is too narrow – or are you getting calls for product and material in a similar family – but which you’ll never provide? This standard does not provide “exemptions” as has happened historically. If there is a requirement that is not included, to exclude a requirement, there is justification that is required by the organization. The expectation is what is required in the standard to carry out the organization’s ability to meet the system requirements and provide its products and or services.
4.4 Quality management system and its’ processes
This is actually very close to ISO 9001:2008 – BUT – in the identification of the processes (however this may be done) – there is a need to specifically address the “risks and opportunities” embedded in these processes. The importance of identifying processes is not in the methodology (process mapping, flow charts, etc.) but in the content. While you have been required to identify processes in the past, there is an increased “clarity” not in how the process is identified but about “content” (my word). Is what you think you do in fact what you actually do?
Section 5 – Leadership…
…has significant changes from ISO 9001:2008 – Management – at least as much in structure as in content.
5.1 Leadership and commitment
There is significance in the word leadership as opposed to management. The demonstration of this leadership falls in section 5.1 with a great deal of specific detail expected from management to support the leadership expectation. The fact there are a lot of prompts in this requirement (especially in this section), leads us to the substance necessary to support the activities identified for leadership. The leadership in the organization is expected to “promote’ the process approach and “risk” based thinking. While this is quite a general expectation here, the concept of “risk” is specifically included in various requirements throughout this QMS. Customer focus (5.1.2) is included here with little change except to ensure the “risk” is determined and addressed.
The Quality Policy Statement currently available for most organizations would meet this requirement. As a tool, this could be the clear means by which the organization makes the statement “…this is who we are, will be and will remain our reason for success”. There usually has been a policy statement created, posted and mostly forgotten. I understand the reality that it’s difficult to spend much time on something not having an obvious clear impact on our “Quality” activities. It’s also difficult to harness enthusiasm for employment when it is uncertain that there will be a job. You may keep doing what you are doing and it will undoubtedly continue to be acceptable – because it has in the past. There is probably a big “gold star” for someone – somewhere – who can actually figure out a way for this requirement to add to productivity.
A minor change for our “Quality Policy” is it “is expected to be available to interested parties, as appropriate”. Not difficult but something to be considered.
5.3 Organizational roles and responsibilities and authorities
This was section 5.5 in ISO 9001:2008. There is a lot more useful detail here because it prompts for the specific information that details what is expected. I believe the biggest difference is there is no longer a specific requirement for a “Management representative” that had been in place from the beginning (1987). There is a definite focus on Leadership which would imply shared responsibilities in all those previously identified areas. I believe that is a good thing but the fact you’re not required to have “one” doesn’t mean you can’t. Any organization having a Quality System for any period of time has had a “management representative” and mostly found it useful as the “go to” person. I would continue with this role – not as the Captain of the ship – but the Navigator (just opinion).
The remaining requirements from Section 5 (9001:2008) in the past, are now covered throughout other sections of this ISO 9001:2015. “Ours is not to reason why…”
I started off with a little story. My intent was to share a bit of wisdom (such as it is) that can and should be applied everywhere. When done thoroughly and with as much clarity as possible – this should not be a bad thing. This also does not need to be terribly complicated. Carrying out these practices should cause us to consider the detail we need for our organization, not with fear, but with confidence in “the knowing”.
… and if we have not done this before – remember – to consider all the risk – we also need to “look up”.