ISO 9001:2015 – The Big Picture

ISO 9001:2015 – The Big Picture

By Jim Moran, BRC Consultant

As the first major change to the standard since 2008, ISO 9001:2015 includes a number of revisions…the most noticeable of which is a new organizational and numbering structure.  In an 8-part series I will be reviewing these changes in detail, beginning with this introduction and overview.

We’ll go through the specifics of structural changes systematically in articles to come.  For now, let’s start with the big picture…

First, there’s a less explicit requirement for documented procedures. There’s no requirement for a quality manual or any specific documented procedures. As in ISO 14001 and OHSAS 18001 (clause 4.4.6 d) you only need to document procedures ‘where their absence could lead to a deviation from policies and/or objectives. We still need documented “information” – data that is required to be controlled and maintained to demonstrate fulfillment of requirements.

This means documents and records (now called ‘documented information’) still must be ‘controlled’. We have to take care of the results determined by our measurements and monitoring of our quality processes. We have to retain appropriate documented information as evidence of the results. This information has to be stored, be retrievable, be preserved, retained, access controlled and maintained.  We imagine most organizations will still document most of their processes, but at least we now might be inclined to replace some documentation with training like we do with activities such as CPR. A binder never saved a life!

This does not mean documented processes are no longer necessary – they are still necessary for the success of a good QMS, but your ISO certification will not be evaluated on them as much as they have been in the past. I think this will also encourage us to explore newer, more ‘visual’ ways to show how we do things.

Other major shifts in philosophy include a higher level of involvement from senior management, the measuring and assessment of risk, and a focus on ‘change management’. These will all help us create stronger, more useful quality management systems that are an asset, not a liability.

A formal ‘risk management program’ is not required (as of CD1 of the new standard) but some simple and powerful risk management tools will give you the ability to identify risks and opportunities, and develop a systematic approach to address them. With ‘Preventive Action’ gone, proactive processes become even more vital to system improvement and a good return on your Management System investment.

The shift is to make ISO more relevant to business. For example “preventive action” is terminology specific to – or at least common to – QMS folks, while “risk management” is a more commonly used business/organizational term, especially among senior executives who may not be directly involved in quality control, but whose decisions directly impact it.

Simply reading through the titles of the new clauses gives you further insight into the “bigger picture” view of 2015. “Management Responsibility” is now “Leadership”, implying an evolution from ISO requirements restricted to tactical operations and into a strategic perspective.

“Quality Management System” is now based on the “Context of the Organization”. This implies an evolved perspective that quality is a strategic organizational issue, not a specific ‘activity’.  There’s even a requirement to consider our ‘purpose’ and ‘strategic direction’ when designing our systems. More on this coming up in the series.

The new standard is not a ‘make work’ project, but is a significant step in evolving your QMS to become an organizational asset. The new standard will present a core set of requirements for the next decade. It will remain generic and relevant to organizations of all sizes and types within any sector. It will maintain the current focus on effective process management to produce a desired set of outcomes.

Business is evolving rapidly – fuelled by access to greater data and analysis capability. The greater visibility we have into processes, the greater control we can exert. Also the business environment we find ourselves in has grown more complex, demanding and requiring continual response to stay competitive.

What can you start to do NOW to help your company prepare?