ISO 9001:2015 Changes and What They Mean for You



ISO 9001:2015 Changes


Are you behind or in the middle of certifying to ISO 9001:2015?

If so, this four-part blog series is for you. We’ve gone through the requirements with a fine-toothed comb and pulled out key changes to help you meet the Sept. 15, 2018 deadline – now less than one year away.

If you don’t shift from the 2008 to 2015 requirements in time, your certification will no longer be valid, potentially putting your business at risk.

Even if your company has already re-certified or is well on its way, we may have some advice you’ll want to hear. In this blog series, we’ll point out what has everyone so excited and worried – including major revisions, new approaches and tools that can ease the way.

ISO 9001:2015 Blog Series Topics:

  1. ISO 9001:2015 Changes and What They Mean to You
  2. Tools for Risk-based Thinking in ISO 9001:2015
  3. Process Approach and PDCA in ISO 9001:2015
  4. Leadership and Performance Evaluation in ISO 9001:2015

Our goal is to make this series instructional and useful as you assess your own quality management system.

Make no mistake, ISO 9001:2015 is a big deal.

Increasing global business complexity has given rise to a need for greater regulatory clarity, flexibility, and accountability. The new ISO uses the Annex SL new high level structure 10-clause format as opposed to eight. This is for better alignment of definitions and common clauses with multiple management system standards. The language is simpler. And both products and services are given equal and more explicit attention.

Let’s look at four of the biggest changes and what they mean for you.

Accountability at the Top - No More “Management Representative”

Clause 5 more squarely puts accountability on leadership. The open-ended term “management representative” has been removed. QMS is now the responsibility of leadership, who must ensure that the quality policy and objectives align with the organization’s strategic direction.

ISO 9001:2015 introduces new term requirements to help leadership determine the scope of the quality management system. For example, leadership must determine the “context of the organization,” which is defined as internal and external issues relevant to the organization’s strategy and quality policy. Additionally, leadership is asked to identify “interested parties” and their requirements.

Define and Manage Your Processes

Process Approach, Plan Do Check Act (PDCA), and Risk-based thinking, while not new, have been strengthened and made more explicit. ISO 9001:2015 asks organizations to define their processes, determine their interactions, and manage them through the PDCA cycle. Using risk-based thinking is vital and helps to identify and seize opportunities while avoiding adverse effects in your processes and the QMS as a whole.

What we knew as preventive action has been replaced by risk-based thinking. Interestingly enough, there is no requirement for a formal risk management methodology. Clause 6.1 requires determination of the risks and opportunities and actions to address them. The biggest challenge here is how. We will outline several tools you can use in our next post.

Emphasis on Planning and Controlling Change

The ISO 9001:2015 standard emphasizes planning change and process control in Clauses 6, 7, and 8. Changes to the QMS are to be carried out in a planned manner with proper documentation of changes and approval.

In our complex world, change is inevitable. We must ensure processes are under control; and when changes occur, the appropriate risk-based approach is exercised before implementation.

Continuity Through Organizational Knowledge

There is no equivalent to this concept in previous versions of ISO. Clause 7.1.6 requires organizations to determine the knowledge necessary for operating and achieving conforming products and services.

Organizational knowledge is obtained through years of experience, generally not documented, but gained as part of the day to day experience. ISO’s purpose for adding this is to ensure knowledge is maintained even during staff turnover or failures to document information. It also encourages organizations to spread knowledge through experience or mentoring. Ideally these should be captured and documented.

Don't Worry, Work Together

These terminology changes may give you some anxiety - documented information vs. document and record; external provider vs. suppliers, etc. You are not required to adopt the new terms in your QMS as long as your terms reflect your operations. Many of the changes in 9001:2015 provide organizations greater flexibility, but flexibility can sometimes be confusing. Auditors and auditees will work through these together. Do not hesitate to reach out to your certifying body if you need additional guidance and clarity.

This transition may be a bit of headache, but remember there are many benefits to your certification including improved customer satisfaction and product quality, compliance to regulatory or customer requirements, and the opportunity for continuous improvement that can ultimately enhance your reputation and bottom line. For additional information on the transition, visit ISO’s website here.

In the next post, we will delve into risk-based thinking and offer tools.

Until next time, have a great quality-filled day!