If your organization is looking to obtain Certification to an ISO Standard there are few areas within your business which will require specific focus, regardless of which Standard you are seeking Certification against.

1 – Policies

Begin by reviewing your organizations policies to ensure they include a commitment to the requirements of the Standard. Make sure the policies have been communicated effectively within the organization and externally to relevant Interested Parties. Auditors will most likely ask several people about the policies of the organization to confirm Interested Parties know and understand how the organization has committed to achieving the standard and how their activities influence those commitments.

2 – Objectives

What are your organizations objectives, in relation to the Standard? They need to be documented. The achievement of these objectives is what drives the entire management system. An Auditor will ask for these objectives and check how they have been established, an outline of the plan to achieve them, and evidence of how they are being measured and monitored. Auditors will now be looking for quantitative data relating to how your organization has measured and monitored these objectives.

3 – Organizational Context

This is a term which has emerged within many of the recent revised ISO standards such as ISO 9001:2015 and ISO 14001:2015. Based upon the notion that your organization does not exists in a vacuum, it requires your organization to consider factor both internal and external issues that could impact the management system into your strategy. An Auditor will require you to show evidence about how your organization has identified, evaluated and incorporated these internal and external issues.

4 – Risks and Opportunities

You need to to identify and evaluate factors which could negatively affect your management system, and the likely hood of achieving your objectives, these are the risks. Your also need to identify the factors which can enhance and improve your organization’s performance, the opportunities. Auditors will need to see an outline of your risks and opportunities along with evidences of how they have been identified and the actions which are in place to address them.

5 – Planning Changes                                                       

Change is both constant and inevitable. Within a well-functioning management system change needs to be identified and addressed. In preparing for an audit, identify and document changes which have and will be occurring within your organization. These could be new and stricter regulations, new products or new equipment. An Auditor will look for evidence that changes were identified and addressed proactively. You may also be asked to identify how you future proof your organization and identify upcoming changes.

ISO Management Systems  consider Interested Parties an essential element in the success of any business. Interested parties, also referred to as Stakeholders must be managed in order to obtain and retain their support. Additionally, many ISO Management Standards including; ISO 9001, ISO 14001, and ISO 45001, require organizations to understand and manage the interests and expectations of their Interested Parties as part of the certification process.

Most organizations have a many Interested Parties. Determining which are the most relevant is critical step towards developing a plan to  prioritize and manage them.

How can an organization begin this process? 

First, it needs to understand the organizational context it works in and its goals regarding the management system being considered. Whoever can affect these goals or who can be affected by them, is considered an Interested Party. The most relevant Interested Parties are the ones who provide risk to the organization’s sustainability if their needs and expectations are not met.

Identify who the Interested Parties are: 

The list may include:

• Owners / Shareholders
• Customers
• Clients
• Suppliers
• Partners
• Employees and their families
• Regulators / Government organizations
• Contractors
• Communities
• NGO’s
• Unions
• Emergency services
• Media

This list can grow or be reduced depending on the organization’s complexity, its context and goals.

Classify the Role of the Interested Parties 

After listing all the interested parties, it’s useful to categorize them based on how these relate to the organization. For example, do they hold responsibility for the organization, do they influence it, do they depend on it, are they close to the organization’s operations, etc.  Guidance on how to categorize them can be found in ISO 14004.

Prioritize their Relevance 

Not all interested parties will have the same interest and power to influence an organizations decisions and activities. Thus, it is necessary to differentiate the ones that have high interest and high power to influence decisions and activates from those that have low interest and power to influence the organization.

Determine the Needs and Expectations of the Interested Parties 

Depending on the size and complexity of the organization, this can be done by either reviewing formal or informal documents of requests, complaints, or talking directly with them. However, complex and big organizations may require research methods to determine their interested parties’ needs and expectations.

Regardless of the size of the organization, establishing a process to manage Interested Parties is essential. Without a proper plan an organization can easily incorrectly allocate its resources on the less relevant Interested Parties, while failing to meet the needs of a critical Interested Party.

IATF 16949:2016 was released in October 2016. This new standard supersedes and replaces ISO/TS 16949:2009 and its certificates. The deadline for transitioning to this standard is September 14 2018. As this deadline gets closer, organization may start to panic. To avoid the panic, here are some of the most important requirements to assist organizations in developing their strategy.

Timing requirements

• By now, no organization should be conducting any type of audits regarding ISO ISO/TS 16949:2009. October 1st was the deadline for performing initial, surveillance or recertification audits to this standard.
• Only organizations that currently hold an ISO ISO/TS 16949:2009 can take a transition audit to seek IATF 16949:2016 certification. This transition audit should follow the organization’s audit schedule, for example, it should take place at the time when a surveillance or recertification audit was planned.
• The transition audit and a positive VETO approval must be obtained by September 14 2018.
• Organizations undertaking their audits between July and September 2018 will have no more than 120 days for VETO approval after completing their transition audit.

Transition audit requirements

• The transition audit will have to be a full system audit, such as a recertification audit.
• First, a documentary review (off site) has to be conducted for every manufacturing site seeking the transition. A review of the organization’s quality management system must be included in this revision, such as quality manuals, procedures and evidence of conformance to the new IATF 16949 requirements.
• If the organization has any supporting function(s) that are on-site or remote, documentation of these must also be included, and if these function(s) have not already completed a transition audit, a gap analysis and an action plan for meeting IATF 16949 requirements must be included.
• From this review it will be determined if the organization is ready to undertake the transition audit and critical areas will be prioritized.
• If for any reason an organization is unable to conduct the transition audit according to the time requirements, they would have to start again with an initial audit.
• Also, if there’s a negative certification decision from the transition audit, the organization’s ISO/TS 16949:2009 certificate will be withdrawn and they would have to start over with an initial certification audit.
• A very important point for organizations to consider is that in the transition audit the requirements for ISO 9001:2015 will also be verified

Certification body requirements

The certification body performing the audit must have met all the requirements for establishing their audit team. Organizations need to ensure that the auditors have passed all the necessary training and quizzes.

If organizations meet these requirements and obtain a positive decision after their transition audit, their IATF 16949:2016 certificate will be issued, which will include the issue and expiration date and a new IATF number.

The new ISO 9001:2015 has introduced updated management system standards that override the requirements presented in its predecessor, ISO 9001:2008. In particular, the original standards identified in ISO 9001:2008 under 4.2.3 Control of Documents and4.2.4 Control of records have been overridden by the new standards in the 2015 version under 7.5.3 Control of documented information.

As part of the alignment with other management system standards a common clause on ‘Documented Information’ has been adopted. The terms “documented procedure” and “record” have both been replaced throughout the requirements text by “documented information”. Where ISO 9001:2008 would have referred to documented procedures (e.g. to define, control or support a process) this is now expressed as a requirement to maintain documented information. Where ISO 9001:2008 would have referred to records, this is now expressed as a requirement to retain documented information.

To better understand the changes presented in section 7.5.3 over the previous standards outlined in 2008, it is important to identify the difference between Documents and Records:

• A document is information used to support an effective and efficient organizational operation. A document consists of any information you use to run your company.
• A record is evidence about a past event. Records consist of any data you collect during the operation of your business QMS. Records are facts and should not change. If new facts arise that contradict the old facts (an error), then you should strike through the old fact and record the new fact.

ISO 9001:2015 outlines the Control of Documented information in section 7.5.3 and is broken down into two separate requirements:

7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
• it is available and suitable for use, where and when it is needed;
• it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:
• distribution, access, retrieval and use;
• storage and preservation, including preservation of legibility;
• control of changes (e.g. version control);
• retention and disposition.

With the new standard structure in place, don’t get confused by this “new requirement” as it really isn’t new. We used to have “documents” and “records” and now we “maintain” (i.e document) and “retain” (i.e. record) documented information.

Christopher Spranger is the owner and CEO of Spranger Business Solutions; a management consulting firm that helps people run more efficient businesses across the United States. They have a team of Quality Management experts that assist companies with internal audits and in achieving Quality Management System Certification.

Interested in having Spranger Business Solution do your internal audits click here.

This article was originally posted on Spranger Business Solutions website and is published here with permission.

Want to take your business to a level of Worldwide Recognised Quality by becoming ISO9001:2015 certified? Depending on the size and complexity of your business, getting accreditation can take anything from 6-12 months and depends on the time and commitment available to implement the Quality Management System into your business. Top Management are ultimately responsible for the system but everyone will be involved across each department. It’s a team effort and the rewards are fruitful if everyone is on board. Here are the basic steps necessary to achieve accreditation of the standard ISO9001:2015:

1. Training & knowledge Preparation

All management and employees must be made aware of the benefits of the standard ISO9001:2015 in order for its implementation to be a success. A senior member of staff must be appointed to take on the role of managing implementation of the Quality Management System into the company in compliance with ISO9001:2015. A copy of the standard should be available on-site and training made available to educate and guide all management and staff involved, in order to meet the standard criteria.

2. Documentation

Company Documentation will need to be created to document items such as procedures, work instructions, quality objectives, process flow diagrams etc. Although not necessary by requirement to the standard ISO9001:2015 – a quality manual is an excellent tool for combining all of the Quality Management System information and an easy way to present this information to an external auditor. Standard forms must also be created and a document register to control all of the company’s documents.

3. Implementation

The next step is to implement the Quality Management System into the company. Employees may now have to incorporate new work processes or quality checks into their routine and must be made aware of the benefits of these new processes. Be open to accepting ideas from employees to improve implementation of the procedures/processes as it is important the new Quality Management System be as practical and suitable to your business in order to improve efficiently.

4. Internal & Gap Audit

In-line with the ISO9001:2015 standard the company should have an internal member of staff trained to perform internal audits. By performing audits across the company, on all sections this will highlight any areas for concern or non-compliances. Alternatively, if the company has opted for hiring a 3rd party internal auditor this is a good time to perform a gap audit to highlight any areas that are not compliant with the new standards requirements.

5. Certification

Select your ISO9001:2015 Registrar (you can find on here) and apply for your certification. You will be notified about the audit date and format of audit to be undertaken, depending on your type and size of company. Certification should be obtained if the auditor can verify that your company has created a Quality Management System, compliant with ISO9001:2015 that it follows using its own documented procedures and processes. In the event of non-compliance, the auditor will with-hold certification until these items have been closed out. Certification is valid for 3 years.

The International Automotive Task Force (IATF) has recently published the new global industry standard IATF 16949:2016. This standard supersedes and replaces ISO/TS 16949:2009 as the new standard for quality management in the automotive industry.

IATF 16949:2016 has evolved from its predecessor (ISO/TS 16949:2009) and it has been developed with the participation and feedback of numerous organizations in the industry (OEMs, auditors, certification bodies, etc) including those in the Automotive Industry Action Group (AIAG).  

Because the automotive industry has changed in the last few years and there has been many technological advances and an increase for safety concerns, the changes of this new standard include solutions to recent problems and concerns in the industry. Some of the main changes include:

Risk management and safety

The new IATF 16949:2016 includes specific requirements to address risk management. They aim at identifying and mitigation risk to reduce failures in the development of new programs and to enhance the execution of planned activities.

Also, the new standard requires organizations to have processes that will ensure product safety through the entire lifecycle of products.

These best practices are aimed to support a safer and more stable industry.

Customer specific requirements

This standard clearly differentiates customer requirements from Customer-specific requirements (CSR) to avoid misunderstanding and specifies the procedures for addressing them.

Product traceability

IATF 16949:2016 includes improvement of the traceability requirements of products to support regulatory changes that apply to the industry.

Specific requirements for products with embedded software

With technology advances, electronics and software are now incorporated into vehicles, which is something that did not happen before; thus the standard now explicitly addresses these electronics and software systems that are being embedded into vehicles.

Warranty management

The standard introduces requirements related to the warranty management process that includes procedures to address No Trouble Found (NTF).

Clear requirements for managing second level suppliers

The standard requires that organizations ensure conformance of products, processes and services throughout their supply chain. Hence, organizations must manage conformity issues across their supply chain.

Incorporation of corporate responsibility requirements

Organizations are required to implement corporate responsibility policies and initiatives that address bribery and other ethical issues.

Alignment with ISO 9001:2015

This standard is fully aligned with ISO 9001:2015 and it needs to be implemented to complement it.  IATF 16949:2016 is not an independent quality management standard, thus those organizations seeking to be certified with this standard, also need to comply with all ISO 9001:2015 requirements. However, unlike ISO/TS 16949, IATF 16949:2016 does not contain the ISO 9001:2015 text, it only contains the additional requirements specific to the automotive industry.

These are the main changes included in IATF 16949:2016. Those organizations required to transition to it, such as suppliers that manufacture parts for the industry, must examine it carefully and fully understand all its requirements.  The transition process must be completed by September 14 2018.

To find a Registrar who can assist with your transition to IATF 16949:2016 visit the ISO Update Registrar Directory

Implementing a Quality Management System board could transform your business into a lean, competitive & trend setting company, saving you thousands of dollars as a result. If you are sceptical about the potential of implementing a Quality Management System, or if you in fact see it as extra unnecessary expense, here are just a few reasons why Quality Management is important within your organisation:

1. Communication
When focusing on Quality within your business, you begin to communicate with your customers to ensure that you meet their requirements, through either the products or services you provide. Meaning, you listen to what they need. You may realise that you have been making items that were not fit for purpose or, items which were not adaptable to changing customer requirements. Taking on this new information, you can now create what your customer specifically requires, improving their satisfaction with your products & services.

2. Organization
While implementing a Quality System into your business will take plenty of work, once procedures and processes are in place, things will begin to feel ‘organized’ within your business. Levels of communication automatically rise as procedures are followed and teams work together across various departments to establish and maintain quality. Organisation greatly improves employee morale and eliminates divisions across management tiers, as everyone must work together and take responsibility for their own actions.

3. Measurability
Implementing a Quality Management System means taking quantitative measurements of activities within your business, for example percentages of on-time deliveries and non-conforming parts. These measurements provide tangible benchmarks by which improvement can be determined. Measurements can be taken daily, weekly or monthly etc. Having this vital information leaves power with management to recognise when action is necessary to address unsatisfactory results and to implement changes.

4. Structure
Implementing a Quality Management System within your business creates a self-assessing system which creates improvements within your business. You are more in control of your systems and processes because you have defined them, documented them and monitored/measured and reviewed them. With this structure in place you can become compliant with many quality standards which are relevant to your type of business such as CE marking, ISO9001:2015 and ISO 14001. Because your system is now able to comply with such standards your business will have opportunities for growth and expansion into new markets.

Valid certificates covered by eleven international standards increased by 8% from the preceding year according to the annual survey of ISO Certifications conducted by the International Organization for Standardization. They were a total of 1,644,357 valid certificates were reported for the eleven standards used in the survey.

The eleven standards include: ISO 9001, ISO 14001, ISO 50001, ISO 27001, ISO 22000, IS/TS 16949, ISO 13485, ISO 22301, ISO 20000-1, ISO 28000 and ISO 39001.

ISO 9001, the most widely used standard of the eleven had 1,106,356 valid certificates in place. This was an increase of 7% compared to the year before. According to the survey, 7.3% of the certificates were issued top the new 2015 version.

A total of 346,189 valid certificates were reported in the survey for ISO 14001 of which 6.7% were issued to the new 2015 standard.

The greatest increase was with ISO 50001, Energy Management, which saw an increase of 69% over the past year. A total of 20,216 valid certificates were issued throughout the world. The top five countries were: Germany, France, UK, Italy and China. Germany had 6874 valid certificates while the United States 180, Mexico 11 and Canada 12.

Another large increase was ISO 20000-1 for Service Management in information technology that increase by 63% over the past year (2016 over 2015). A total of 4,537 valid certificates were issued throughout the world. The top five countries were: China, India, Japan, UK and Spain. China had 1666 valid certificates while the United States 175, Mexico 98 and Canada 4.

ISO/IEC 27001 experienced annual growth of twenty percent compared to the same period the prior year. A total of 33,310 valid certificates were reported worldwide. Top countries were: Japan (8945), UK, India, China and Germany. United states had 1115 valid certificates while Canada had 133 and Mexico 260.

The 2015 revision of ISO 9001 has removed the requirement of a Quality Manual, something that has been needed historically if your organization has wanted to achieve and maintain certification. This requirement appears no more! Woohoo! Shred those Quality Manuals and never look back!

Right? If the standard doesn’t say we need it, then we don’t need it. One less document to maintain. Finally, life as an ISO 9001 certified company is getting easier!

Let’s hold on a second…

A common practice to create and maintain a Quality Manual for the ISO 9001:2008 standard (and earlier versions) was to create an exact copy of the verbiage in the standard, change all of the “shall” words with “will” or similar term that fits, change all references to “the organization” to the name of your company, slap a few logos on it, give it a control number and publish it.

And then…nothing. Let it sit for years until the new standard is published and then repeat this copy-paste process all over again. That practice, although common, doesn’t help anyone.

It’s Time to Re-Think the Manual

Now is the perfect time to rethink the Quality Manual. Take a step back and really consider what a manual should do for your company – provide the framework for your entire management system. Here are a few ideas to get you started.

1. Start thinking about the manual as something you can hand to a new employee that will help give them an introduction and overview as to how you do business – in plain English with the terms and acronyms that are used in your company – not in “standard speak”. Build this manual within the framework of the standard but in a way where the general employee won’t know it.
2. Rename the Quality Manual. I don’t know how many times I have heard a Quality Manager complain about their organization’s culture viewing the management system as something separate from how business is done, as in, “the quality stuff is for the auditor”. Start dissolving that problem today – change the name to Business Manual. Because that is what it is – a document that describes how you do business. And we all know, well executed business processes result in top notch quality.
3. Keep that thing updated! Considering many Quality Manuals were nearly a carbon copy of the actual standard language it was understandable that Quality Manual revisions were uncommon as well. In order to make this Business Manual an ally, it needs to be current.

Keeping your Business Manual Current

Even if your ISO Certified Company has a thorough and accurate Manual for the previous year, it is still very important to keep this document up to date. Here are some things to watch out for that may trigger the need for an update.

1. Significant changes to business structure or business processes. Keep in tune to changing reporting structures, new processes (manufacturing or service), acquisitions, partnerships, etc.
2. Rules and Regulations. International rules and regulations are fluid, and it is vital to integrate such changes into business operations. Any change in an Industrial Standard, big or small, could necessitate a change for your employees, external providers, managers, or customers.
3. Technology. Technology changes very fast and new systems are installed yearly, monthly, weekly, and sometimes even daily. Technology changes can come in various forms: hardware, software, machines, equipment, etc.
4. Safety. Changes to the physical building structure, layout and environment happen as time goes on and ensuring the manual stays up to date with these changes will assist with the awareness of the safety rules and conditions to ensure a safe work environment.

So, there are some things to think about. Even though the Quality Manual is not mandatory, it is still very much necessary. Use this opportunity to increase the role of the Manual within your business management system.

Christopher Spranger is the owner and CEO of Spranger Business Solutions; a management consulting firm that helps people run more efficient businesses across the United States. They have a team of Quality Management experts that assist companies with internal audits and in achieving Quality Management System Certification.

Interested in having Spranger Business Solution do your internal audits click here.

This article was originally posted on Spranger Business Solutions website and is published here with permission.