Home Resources Blog February 2016

New Management Requirements in ISO 9001:2015

19 February 2016
Quality Managers should be happy about the new leadership and top management requirements in ISO 9001:2015. There are some ISO certified companies where the quality system is not aligned with the company’s strategic direction.  
This is now a requirement; the certification body auditors should be scrutinizing the company’s leadership for their involvement and support, beyond the management review meetings, and establishing goals that support the quality policy. Those companies where the entire quality management system is placed solely on the quality manager are the ones that will feel the changes when the certification body auditors want to schedule time to talk with the executive team.
 
“Leadership” is one of the 7 quality management principles on which ISO 9001 is based and has been since the beginning of ISO. It’s now more enhanced with the phrases “top management” or “leadership” referenced 16 times, including a Clause #5 titled “Leadership”. Leadership at a variety of levels in the company should provide unity of purpose and direction helping the company align its strategies, policies, processes and resources to achieve its goals. That’s a good quality system…and good business.
 
The company’s strategic direction (written or not) needs to encompass the quality management system.  This is done through the new layout and requirements of the ISO 9001 standard for understanding context, the needs and expectations of interested parties, establishing the processes, setting the quality policy and establishing the objectives. Are these really new requirements? Maybe not, but there’s definitely more substance in the standard’s requirements to have top management involved and committed along with the quality system supported in the company’s strategic direction.
 
How will the third party auditors evaluate this when there are no requirements for a documented strategic plan, or a written context of the business, or documentation of who the interested parties are, or for managing risks? The auditors are going to have to talk to a lot of the management team to get a clear and reliable representation. I wouldn’t be surprised if some auditors set an agenda item to meet with the leadership team.

They’ll want to see that the leadership is committed and connected to what’s happening in the business and whether the key processes of the quality management system are effective in meeting objectives. If not, then they’ll want to know that management is aware and taking actions to try to turn things around. They’ll want to learn where the risks exist and what’s being done about them and how the leadership promotes risk-based thinking. 
 
The hard part for the certification body auditors will be that some of them will have difficulty auditing when no documentation is required. That’s why your company needs a consistent and clear story when documentation doesn’t exist. Certification body auditors will also have to get comfortable spending a little more time with top management during audits to see if they get a consistent message about the risks and context affecting the business.
 
The majority of companies are already compliant with these requirements, but the leadership will be the ones that will have to answer third-party auditor questions to defend and justify what they’re doing.  As long as the leadership in your company is aware of the ISO expectations and can relate what your business does in answering the auditor’s questions, you will do fine. 

I believe this will be the challenge for most of the executives who won’t know how to take credit for what they already do to satisfy ISO requirements or don’t understand the auditor’s questions from ISO as it relates to their business. 

Educating the leadership and helping them understand the new requirements and how you already comply will help them be able to speak the right message when asked about context, interested parties, risk-based thinking, or strategic direction.

Authored by: Jim Lee, President of simpleQuE Inc.
 
Jim Lee is President of simpleQuE Inc., an ISO 9001:2015 certified company. simpleQuE is a medium-sized consulting, training and auditing company of quality management systems with a focus on “Quality Excellence made simple”. 

Jim is an IRCA certified QMS lead auditor, a former IATF certified ISO/TS 16949 auditor, and a former RABQSA certified Aerospace Auditor and has
performed 3rd party audits in the past.

Disclaimer: Content provided in our blog is for informational purposes only. Guest editorial and the opinions expressed do not necessarily represent those of NQA or its policies. NQA will not be liable for any errors or omissions in this information nor for the availability of this information. NQA will not be liable for any losses, injuries, or damages from the display or use of this information.