In September 2018, Veeva received ISO 9001:2015 Quality Management System (QMS) certification from Schellman after an extensive audit of the company’s internal operations.
Achieving ISO 9001:2015 certification demonstrates Veeva’s dedication to ensuring a robust quality management system that provides a structured and systematic approach to software development.
What is ISO 9001?
ISO 9001 serves as the foundation for a range of quality management systems standards adapted to meet specific sectors and industries ensuring compliance with regulatory and corporate requirements.
According to ISO, the standard is built on several quality management principles “including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement...Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.”
Certification to ISO 9001 standards requires an accredited third party auditing organization to thoroughly review the company’s internal quality management system processes, to ensure that they are capable of consistently delivering a product or service that meets customers’ needs and expectations.
What changed from ISO 9001:2008 to 9001:2015?
Increasing global business complexity has given rise to a need for greater regulatory clarity, flexibility, and accountability. The new ISO uses the Annex SL new high level structure 10-clause format as opposed to the previous eight. This is for better alignment of definitions and common clauses with multiple management system standards. The language is simpler. And both products and services are given equal and more explicit attention.
Let’s look at the biggest changes and their impact.
Accountability at the Top - No More “Management Representative”
ISO 9001:2015 Clause 5 more squarely puts accountability on leadership. The open-ended term “management representative” has been removed. QMS is now the responsibility of leadership, who must ensure that the quality policy and objectives align with the organization’s strategic direction.
ISO 9001:2015 introduces new term requirements to help leadership determine the scope of the quality management system. For example, leadership must determine the “context of the organization,” which is defined as internal and external issues relevant to the organization’s strategy and quality policy. Additionally, leadership is asked to identify “interested parties” and their requirements.
Define and Manage Your ProcessesProcess Approach, Plan Do Check Act (PDCA), and Risk-based thinking, while not new, have been strengthened and made more explicit. ISO 9001:2015 asks organizations to define their processes, determine their interactions, and manage them through the PDCA cycle. Using risk-based thinking is vital and helps to identify and seize opportunities while avoiding adverse effects in your processes and the QMS as a whole.
What we knew as preventive action has been replaced by risk-based thinking. Interestingly enough, there is no requirement for a formal risk management methodology. Clause 6.1 requires determination of the risks and opportunities and actions to address them. The biggest challenge here is how. We have outlined several tools you can use in a previous blog post.
Emphasis on Planning and Controlling Change
The ISO 9001:2015 standard emphasizes planning change and process control in Clauses 6, 7, and 8. Changes to the QMS are to be carried out in a planned manner with proper documentation of changes and approval.
In our complex world, change is inevitable. We must ensure processes are under control; and when changes occur, the appropriate risk-based approach is exercised before implementation.
Continuity Through Organizational Knowledge
There is no equivalent to this concept in previous versions of ISO. Clause 7.1.6 requires organizations to determine the knowledge necessary for operating and achieving conforming products and services.
Organizational knowledge is obtained through years of experience, generally not documented, but gained as part of the day to day experience. ISO’s purpose for adding this is to ensure knowledge is maintained even during staff turnover or failures to document information. It also encourages organizations to spread knowledge through experience or mentoring. Ideally these should be captured and documented.
As ISO has seen the need for greater leadership involvement, risk management, and increased process control, so has Veeva by taking the challenge to ensure our Quality Management System meets industry best standards.
Veeva’s commitment to a strong culture of quality enables us to be a strategic partner to our customers providing confidence in the products and services we deliver to them.
Additionally, as a confirmation of Veeva’s commitment to delivering the best product and service, Veeva is also certified in ISO/IEC 27001:2013 Information Security Management System by the Certification Body of Schellman & Company, LLC.
The official certificates can be viewed here by searching “Veeva”.