Management Review - What’s changed in ISO 9001:2015
In addition to reviewing ISO 9001:2015 changes in general, this article particularly highlights the changes in the requirements for management review between ISO 9001:2008 and ISO 9001:2015 including how management review now links to the strategic objectives of an organization.
ISO 9001 UpdateUnder the management of the International Organization for Standardization, ISO 9001 has grown in popularity since its initial publication in 1987. Today, it’s the world’s leading standard used to assess and certify organizations’ quality management systems. To stay current and improve on its original standard, the ISO released updated versions of ISO 9001 in 1994, 2000, 2008 and — its most recent ISO 9001 update — 2015.
Organizations first adopting or updating to the most recent version of ISO 9001 can expect benefits to their business in the form of a more robust quality management system and improved customer experience, as well as easier streamlining and improving of processes associated with products and services. In addition, ISO 9001 is such a recognized standard that for many businesses, it’s either an industry expectation or a legal requirement to have it.
ISO 9001:2015 General ChangesBefore looking more in-depth at its management review developments, let’s first preview some of the most pronounced changes ISO 9001:2015 brings to its 2008 predecessor.
Clause Arrangement And PDCAWhereas ISO 9001:2008 was comprised of eight clauses, ISO 9001:2015 has 10 clauses and an introduction. The first three clauses — scope, normative reference and terms — remain relatively unchanged in the new version. But from clause four onward, ISO 9001:2015 takes on a structure that allows for PDCA — or plan, do, check, act — practices that more readily support continuous improvement within an organization.
High-Level StructureWith its 10-clause arrangement, ISO 9001:2015 adopts a high-level structure — or HLS — which is the same clear-cut structure as other management systems. In addition, the framework Annex SL can be applied to this standard as well as to many other ISO standards, making both integration and implementation simpler and more straightforward.
The Rising Role Of Risk Analysis
In the ISO 9001:2015 standard, the word ‘risk’ occurs 16 times more frequently than in the 2008 version. Organizations are strongly encouraged to pay more attention to risk-based thinking and/or formal risk analysis to help them identify and improve the processes they find to entail the most risk.
Context And Interested PartiesUnder ISO 9001:2015, organizations are specifically required to take into account the expectations and needs of all interested parties — including those of their customers — when constructing, assessing and making improvements to their quality management systems.
Leadership And ISO 9001:2015Perhaps the most important change to ISO 9001 is its increased effort to involve top management in the success of organizations’ quality management systems. Instead of delegating authority and responsibility for a quality management system — as was done under ISO 9001:2008 — this new version makes the subject of quality management a topic that should be addressed by all members of the C-suite and top management.
Management Review: All In The ReviewWhen it comes to management review in ISO 9001:2015, this sits under sub-clause 9.3.1 which requires reviews of the quality management system to be undertaken by top management. These reviews are required to occur at planned intervals in order to ensure the quality management system’s continuing suitability, adequacy and effectiveness.
This, it should be noted, is essentially unchanged from the ISO 9001:2008 sub-clause 5.6.1.
- ISO 9001:2015 requires management reviews to also consider the degree of alignment between the quality management system and the strategic direction of the organization.
All ChangeSub-clause 9.3.2 details the items that top management must, as a minimum, consider during a management review.
This has seen significant change. Previously, the requirement was simply for information on a list of items. This list has been modified and expanded.
There are 3 core requirements for the management review:1. To revisit the status of any actions identified at previous reviews.
2. To consider any changes in the organization’s context.
3. To establish the performance and effectiveness of the Quality Management System.
In addition, sub-clause 9.3.2 c) requires information on trends in a list of items.
Here, specific reference is made to the need for trends relating to nonconformities and corrective action, monitoring and measurement results, audit results, customer satisfaction as well as relevant interested parties’ feedback, process performance, conformity of products and services, external providers’ performance and how well the quality objectives are being achieved.
Finally, management reviews must consider information on opportunities for improvement, the adequacy of resources and if the actions to address risks and opportunities have been effective.
This sub-clause supersedes ISO 9008:2008 sub-clause 5.6.2 “Review input”.
Strategic ReviewWhile the overall purpose of management reviews remains unchanged, there are now new “strategic” items relating to context, risk and opportunities to be included on the agenda.
In addition, there is a requirement that “trends” be used to monitor specific elements of QMS performance and effectiveness.
This contrasts with ISO 9001:2008, where the requirement is simply to “include information” on these items. The implication for an organization is a more comprehensive review process.
It should be noted that a lot of the information listed will already be available in some organizations, but may not have been addressed under ‘quality management’ in the past.
Sub-clause 9.3.3 sets out specific requirements in respect of the outputs from management reviews.
The organization must retain documented information to provide evidence of the results of management reviews.
Quality professionals should note that this sub-clause supersedes ISO 9001:2008 sub-clause 5.6.3 “Review output”.
The requirements of both sub-clauses are, essentially the same. However, there is no longer an explicit need to address improvement of product related to customer requirements.
The organization is now, however, required to retain documented information as evidence of the results of the management reviews, rather than records of management review as stated in 9001:2008.
Sign Up For InTouch For More On ISO 9001:2015
Sign up to receive our monthly newsletter InTouch, which provides further updates and guidance on ISO 9001:2015. To learn more about NQA and how our services can help your organization, contact us today.