Timing of the transition
The ISO 9001:2015 standard was published on Tuesday, September 22, 2015. Organizations are granted a three-year transition period from that date to comply with the current version of the standard, at which time the 2008 version & any certification pertaining to it will become obsolete. This means that you may have surveillance audits against the 2008 revision until September 22, 2018, although some ertification bodies have announced that they will stop issuing new certificates against the 2008 revision by September 2016, so it is advised that you consult your own certification body regarding your organization’s circumstances if you are pursuing your initial 9001 accreditation.
The easiest way to make the upgrade to the 2015 revision is by following these steps:
1- Define the context of the organization
Clause 4 of the 2015 revision is a new requirement that requires defining the context of theorganization. This is a critical change, as this consideration will form the basis for your whole Quality Management System (QMS). Organizations must now consider all items that may influence the QMS performance, including external, internal, cultural, social, economic, technological, and legal factors. These are considered to be factors that will influence the organization’s objectives, purpose, and sustainability. It is advised that the consideration and outcome of this process be demonstrated within your Quality Policy, or equivalent document.
2- List all interested parties
This also belongs to clause 4, but is also new to the 2015 revision. The 2015 revision considers customers, owners, providers, bankers, unions, regulators, partners in society groups, competitors, and even pressure groups all as potential “interested parties” who may be affected by decisions made by your company, or the scope of your QMS. For example, if you made a business decision to ramp up your organization’s activities by having a 24-hour shift pattern, then local residents who may be affected by increased traffic or activity to and from your site would then become an “interested party.” You must be able to demonstrate that you have taken all these factors into consideration to satisfy this clause.
3- Determining the scope of the QMS
Having an effective QMS depends directly on how you define the scope and parameters in the embryonic stages. Likewise, the transition period from revisions 2008 to 2015 provides an opportunity to ensure this is done correctly and accurately. For example, it is easy to consider all the internal issues within your QMS definition, but do you know all you need to know in order to clearly define the external issues that are related to your outsourcing partners and supply chain? Demonstration of all of these aspects must be demonstrated when you define the scope of your QMS.
4- Demonstrate leadership
There is a marked change in the “leadership” requirements in the 2015 revision, which appear in clause 5. The 2015 revision calls for leaders to be “active” and responsible, rather than the more passive role that could be interpreted from the 2008 revision. The 2015 revision assigns responsibility to the organizational leader for strategic quality objectives, QMS scope and results, policies and processes, communication, culture, fostering a commitment to quality, providing resource and training opportunity, and even “inspiring, encouraging and recognizing the contribution of people.” Therefore, it is clear that “top management” involvement and inclusion in all aspects of your QMS will become a requirement. For
instance, making decisions on issues like risk assessment topics will now be almost impossible without strategic leadership advice, except in the instance of responding to an “incident.”
5- Align QMS objectives with the company’s strategy
The 2015 revision requires the organization to ensure that the quality objectives are compatible with the strategic direction of the company. The revision also requires that the plans for achieving the objectives must be created. Therefore, it is critical that you document this plan for audit purposes against the 2015 standard. For example, does your business plan mention QMS objectives? The success of both will be more dependent on each other than before in terms of the 2015 version of the standard
6- Assess risks and opportunities
This is a new and key requirement of the 2015 revision, and appears in clause 6 of the 2015 standard. Risks and opportunities now need to be considered for all aspects of the QMS, including all compliance requirements and even the context of the organization. After this, there should be a documented plan on how the business should address that risk. Therefore, the assessment of risk and opportunity is intended to become an integral part of all major QMS components and decision-making processes. Add this to the increased reliance on leadership mentioned above, and it is easy to see how real business benefits will be attained for most organizations. One way to comply is a “Risk Log” for your top team, which they can populate when assessing, taking actions, and mitigating risk.
7- Control documented information
Procedures and records are now defined under the new term “documented information.” During the process of aligning your existing documentation to the new clause numbers, the transition from 2008 to 2015 is a perfect opportunity to improve your existing documentation. For example, as “documented information” and a “process approach” are now critical, why not consider replacing some of your more wordy or cumbersome process instructions with one single process diagram? While improving your documentation is an excellent opportunity to demonstrate continual improvement, you are advised to ensure that your existing documentation still meets the needs of the 2015 revision.
8- Operational Control
Improved operational control versus the stated criteria is one of the goals of the 2015 revision. The stated criteria are that your organization must define the criteria and processes for services and products to be effectively delivered, and ensure that the documentation and resources to deliver them are in place. Therefore, it is important that your process documentation reflects this improved accuracy
and operational control to comply with the new standard. For example, are your stated criteria and defined processes aligned to produce the targeted results and outcomes? Can you show that resources have been planned and delivered and that the product conforms to the stated requirements?
9- Review the design and development process
There is a marked change in the level of control the 2015 standard requires in terms of design and development relative to the 2008 version. Responsibilities, inputs and outputs, controls, change control, change authorization, and action required to prevent adverse impacts are among the factors that now need specific consideration. Documentation of these aspects is also critical. For example, if you have a product that has changed in terms of specification, can you evidence who authorized and approved that change, and provide documented proof that shows that person is deemed “qualified” to do so? This is the level of detail that this clause demands to protect the integrity of the process and product, and the needs of your customer.
10- Control of external providers
Clause 8.4 of the 2015 standard is “Control of externally provided processes, products and services” and replaces what was “Purchasing” in the 2008 standard. The main thread is that you must ensure that your organization’s externally provided products and services fulfill your stated requirements. Therefore, your organization must determine what type and extent of controls and related information need to be provided to any external parties to ensure their delivery matches your requirements exactly. For example, can you illustrate an exact specification, timescale, quality expectation, and cost for an outsourced product? ISO 9001:2015 requires this to be done, documented, and implemented.
11- Performance evaluation
Clause 9 of the 2015 revision deals with “Performance Evaluation.” There is now a requirement to evaluate the effectiveness and performance of your QMS, in a similar way that key performance indicators have been used elsewhere in the past. Again, your organization is required to keep documented evidence of the results, so for instance, continual improvement can be developed from this process.
12- Measuring and reporting
Requirements for both measuring and reporting across several clauses of the 2015 standard have become more specific. Measurement within processes such as Management Review and Internal Audit now need to be aligned with the 2015 standard. Techniques of both of these processes are not affected, rather the input elements for the Management Review and the elements to be audited during the Internal Audit. So, for example, the standard aspires to make these functions “measureable” in a way they may not have been previously, which opens the pathway for implementing improvement.