ISO 9001:2015 has now been released and is a major revision to the previous edition issued in 2008. This revision introduces new concepts, terminology and current thinking, in order to satisfy your very important customers.
All management system Standards of the future will have the same high level structure, identical core text, as well as common terms and definitions.
ISO 9001:2015 Section 1: Scope
The scope sets out the intended outcomes of the management system. The outcomes are industry specific and should be aligned with the context of the organisation (clause 4).
ISO 9001:2015 Section 2: Normative references
Provides details of the reference Standard ISO 9000:2015.
ISO 9001:2015 Section 3: Terms and definitions
Because the definitions were so poorly written in the 2008, 2000 and 1994 versions, another attempt has been made to describe the terms and definitions that are now found in ISO 9000:2015.
Sections 4 – 10 are the auditable parts.
ISO 9001:2015 Section 4: Context of the organisation
Section 4 comprises four clauses:
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the managements system
4.4 Quality management system and its processes.
The organisation needs to identify internal and external issues that can impact on its intended outcomes, as well as all interested parties and their requirements. In other words you need to know what you do and who your customers are. You also need to document its scope and set the boundaries of the management system – all in line with the business objectives.
ISO 9001:2015 Section 5: Leadership
Section 5 comprises three clauses:
5.1 Leadership and commitment
5.3 Organisational roles, responsibilities and authorities.
The new high level structure places particular emphasis on leadership. This means top management now has greater accountability and involvement in the organisation’s management system. In other words they must take ISO 9001 seriously:
- Open the purse strings and provide adequate resources to achieve its planned outcomes.
- Describe the business philosophy in their own words.
- Encourage employee awareness and involvement. Assign employees with responsibilities and give them the authorities needed to do their jobs effectively.
Section 6: Planning
Section 6 includes three clauses:
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes.
Section 6 brings risk-based thinking to the fore. Once the organisation has highlighted risks and opportunities in Section 4, it needs to plan how it will address risks and take advantage of opportunities. The planning phase looks at what, who, how and when these risks must be addressed. This proactive approach replaces preventive action and reduces the need for corrective actions later.
- When planning how to achieve its objectives, the organisation will need to consider:
- What is to be done,
- What resources will be required,
- Who will be responsible,
- When it will be completed, and
- How the results will be evaluated.
Section 7: Support
Organisations will need to consider the support needed to meet their goals and objectives. This includes resources, targeted internal and external communications, as well as documented information.
Section 7 consists of five clauses:
Persons doing work under the organisation’s control need to be aware of:
- The quality policy,
- Their contribution to the organisation (i.e. why their job is important), including the benefits of improved quality performance, and
- The implications of not conforming to requirements (i.e. loss of job, reputation or customer, and incurring unnecessary expenses).
The organisation shall determine the need for internal and external communications relevant to the quality management system including:
- On what it will communicate,
- When to communicate, and
- With whom to communicate.
Management have to ensure there are formal processes for communication. A suggestion box won’t make the grade.
7.5 Documented information.
Documented information replaces previously used terms such as documents, documentation and records. Documented information may include drawings, procedures, specifications, presentations, etc.
Section 8: Operation
Section 8 has many clauses:
8.1 Operational planning and control
8.2 Requirements for products and services
8.3 Design and development of products and services
8.4 Control of externally provided processes, products and services
8.5 Production and service provisioning
8.6 Release of products and services
8.7 Control of nonconforming outputs.
Clause 8 addresses both internal and outsourced processes and requires adequate criteria to control these processes, as well as ways to manage planned and unintended change. An organisation must plan, implement and control it processes and work practices needed to meet requirements by:
- Establishing criteria for the processes,
- Implementing control of the processes in accordance with the criteria,
- Keeping documented information to demonstrate that processes have been carried out as planned,
- Ensuring your suppliers are competent before you purchase their goods or services,
- Managing change to mitigate the consequences of any adverse effects.
Section 9: Performance evaluation
Organisations need to determine what, how and when things are to be monitored, measured, analysed and evaluated. An internal audit is part of this process to ensure the organisations processes conform to its own requirements as well as the Standard, and is successfully implemented and maintained
Section 9 comprises three clauses:
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review.
Section 10: Improvement
You have to demonstrate improvement by setting unrealistic targets (objectives), self-preservation of the quality team (internal audits), mental gymnastics (analysis and evaluation), effective use of the internal complaint system (corrective action) and occasional meeting not on the golf course (management review). Section 10 looks at ways to address nonconformities and corrective action, as well as strategies for improvement. It includes the following clauses:
10.2 Nonconformity and corrective action
When nonconformity occurs:
- React to the nonconformity, and take action to control and correct it, and
- Deal with the consequences.
- Evaluate the need for to do anything further by:
- Reviewing the nonconformity
- Determining the causes of the nonconformity,
- Determining if similar nonconformities exist, or could potentially occur,
- Implement any action needed,
- Review the effectiveness of any action taken,
- Make changes to the organisation if necessary.
10.3 Continual improvement.
Identify and improve any areas of underperformance.
ISO 9001:2015 and the Auditor
The Standard is written for the benefit of organisations, not auditors. There are likely to be many challenges for auditors to understand and recognise the evidence that would be acceptable to confirm compliance to the 2015 requirements.
Quality Standard ISO 9001:2015 is published
Since it was first published in 1987, ISO 9001 has proved to be the most popular ISO standard with nearly 1.2 million organisations certified to this standard worldwide. It is clear why so many organisations have decided to become certified to this standard; it demonstrates to their customers that they can consistently deliver high quality products and services which meet their expectations. Along with helping to demonstrate quality, this framework allows certified organisations to streamline their processes in order to become more efficient.
ISO revise their published standards every five to seven years to ensure that they are up-to-date, reflect current business practice, and stay relevant for the near-future. The revision process usually takes around three years to complete. The 2015 revision has brought new and exciting changes.
Main changes to with ISO 9001:2015 include:
- ISO 9001:2015 will follow Annex SL like other recently-published ISO standards. This will give a consistent look and feel in terms of structure and sequencing to all of the ISO standards.
- Risk-based thinking will be integrated into the standard, in the hope of preventing undesirable outcomes.
- Steps you can take to prepare for the new version:
- Review your current approach.
- Engage with management to inform them of how the proposed changes will affect them.
- Review your approach to identification, management and control of your processes.
- If you are certified to more than one standard, start to consider the benefits to be gained from management system integration.
1. Certification to ISO 9001:2008 will continue to be recognised by certification bodies and can be audited to before being withdrawn at the end of the three year transition period (September 2018). After this period, organisations will only be able to achieve certification to ISO 9001:2015.
2. Organisations can upgrade to ISO 9001:2015 from September 2015 during a re-certification provided their system meets all the requirements outlined in ISO 9001:2015.