The Year of ISO 9001
The release of ISO 9001:2015 was highly anticipated. Its launch in late September raised many challenges for quality professionals, with questions about what the changes would mean.
To put this discussion into context, the key summary of changes within ISO 9001:2015 are:
The new standard adopts the format and terminology of Annex SL. Annex SL was developed to ensure all future ISO management system standards would share a common format, irrespective of the specific discipline to which they relate.
Annex SL prescribes a high-level structure, identical core text, and common terms and core definitions. This means that even when requirements are essentially unchanged between ISO 9001:2008 and ISO 9001:2015, these are frequently found under a new clause/sub-clause heading.
Clause 5, previously “Management Responsibility”, now becomes “Leadership”. Top management is required to demonstrate that they engage in key quality management system activities as opposed to simply ensuring that these activities occur. This means that there is a need for top management to be actively involved in the operation of their quality management system.
The removal of all references to the role of “management representative” reinforces the requirement to see quality management systems embedded into routine business operations, rather than operating as an independent system in its own right with its own specialist management structure and processes.
Two new clauses (4.1 and 4.2) are introduced relating to the context of the organization. The organization is required to identify explicitly any external and internal issues that may impact their quality management system’s ability to deliver its intended results.
They must also understand the needs and expectations of “interested parties” (or stakeholders) – those individuals and organizations that can affect, be affected by, or perceive themselves to be affected by, the organization’s decisions or activities.
ISO 9001:2015 places a greater emphasis on the definition and content of the scope of the quality management system than ISO 9001:2008 did. The scope sets the boundaries for, and identifies the applicability of, an organization’s quality management system. Clause 4.3 requires scope to be determined in consideration of the organization’s context.
While ISO 9001:2008 promoted the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, clause 4.4 of ISO 9001:2015 sets out specific requirements considered essential to the adoption of a process approach.
References to preventive action have disappeared. However, the core concept of identifying and addressing potential mistakes before they happen very much remains. ISO 9001:2015 now talks in terms of risk and opportunities. The organization must evidence that they have determined, considered and, where necessary, taken action to address any risks and opportunities that may impact their quality management system’s ability to deliver its intended results or that could impact customer satisfaction.
The term “product” has been replaced by “products and services”. Previously, the inclusion of services as products was implicit. By including explicit reference to services, the standard writers are attempting to reinforce that ISO 9001:2015 is applicable to all organizations, not just those that provide tangible products.
ISO 9001:2015 clause 10 recognizes that incremental (continuous) improvement is not the only improvement profile. Improvement can also arise as a result of periodic breakthroughs, reactive change or as a result of reorganization. Thus, the title of this clause is now “Improvement” (ISO 9001:2008 8.5.1 was “Continual improvement”).
The phrase “externally provided processes, products and services” replaces “Purchasing” and “Outsourcing”. Clause 8.4 addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organization, or by any other means.
An organization is required to take a risk-based approach to determine the type and extent of controls appropriate to each external provider and all external provision of products and services.
Andrew Holt is Technical Content Executive at the Chartered Quality Institute.
Book your place online today on our ISO 9001:2015 e-learning course.