Standard Updates

ISO 9001:2015 represents a major change to the 9001:2008 version. One of these changes regards the Quality Management Systems (QMS) documentation.

The 2008 version of the standard, uses two separate terms “documents” and “records” to identify its documentation, whereas, in the recently published Draft International Standard of the new revision, both these terms are combined as “documented information”.



For those familiar with the 2008 version, it can be said that where it refers to “documented procedures” in the new revision it is expressed as a requirement to maintain documented information. Also, where the 2008 version refers to as “records” it is now expressed as a requirement to retain documented information. Below, there’s a list of the documented information that the new standard requires to be maintained and retained.

Documented information that is required to be maintained with ISO 9001:2015

  • The scope of the QMS, including the products and services it covers and the justification of those requirements that the QMS will not be able to apply.
  • Information that supports the operations of processes.
  • The quality policy.
  • Information that defines characteristics of products and services, activities to be performed, and the results to be achieved.

Documented information that is required to be retained with ISO 9001:2015

  • Information necessary to have confidence that processes are being performed as planned and conform to requirements.
  • Information on the quality objectives.
  • Information as evidence of fitness for purpose of monitoring and measurement resources.
  • Information as evidence of competence.
  • Information describing the results of the review of requirements related to products and services.
  • Information resulting from the design and development process.
  • Information on review of design and development changes.
  • Information of the results of the evaluation, monitoring of performance and re-evaluation of the external providers.
  • Information necessary to maintain traceability when required.
  • Information describing the results of the review of changes, personnel authorizing the change, and any necessary actions
  • Information providing traceability to the person(s) authorizing release of products and services for delivery to the customer.
  • Information on actions taken on nonconforming process outputs, products and services.
  • Results of monitoring and measurement activities.
  • Information as evidence of the implementation of the audit programme and the audit results
  • Information as evidence of the results of management reviews.
  • Information as evidence of the nature of the nonconformities, actions taken, and the results of any corrective action.

As it can be seen from the above list, in the new version of the standard, it will not be required to create and maintain a Quality Manual, which has been around since the creation of ISO 9001 in 1987.



If your company is in the process of becoming certified to ISO 9001:2015, you’re probably wondering, “What do we need to do to ensure we are prepared?”   There’s no worse feeling than being caught in the middle of an audit unprepared, especially if it is for an ISO certification. Consistent planning and preparation can make sure that you’ll never be caught unaware, but of course, the fact remains that ISO 9001:2015 includes a number of new requirements. Below, we have covered some of the most asked questions organizations have when preparing for an ISO 9001:2015 audit.

What is context of your organization all about?

This question is the benchmark point of ISO 9001:2015 and it appears in section 4.1. The standard question uses the term “context”, but this could be easily translated to Business Environment.  Quite simply it is asking you to understand the environment in which your organization is operating.  It asks you to identify your organization’s internal and external influences. These questions about “context” are usually directed to the top management and the team responsible for the QMS. The auditor will be looking for a clear examination of forces at work within and around the organization. Some organizations use a SWOT analysis (strengths, weaknesses, opportunities, and threats) to help them get a grip of this, but it is not a requirement. What the auditors learn here will be a key input for risk analysis.




Who are your interested parties and what are their requirements? 

This question relates to 4.2 and is trying to ensure organizations understand who can be affected by their organization and who has requirements for them as an organization. The term “interested parties” could also be termed “stakeholders”. The auditor will always make sure that a reasonable range of interested parties has been identified, along with their corresponding requirements.

These first two requirements now lead us to the main requirements surrounding risk in section 6.0 – Planning.

What risks and opportunities have been identified in relation to the above, and what are you doing about them? 

Risks as well as opportunities could accurately be called the foundation of ISO 9001:2015. No fewer than 13 other clauses refer to risks and opportunities, making them the most “connected” section of the standard. If an organization does a poor job of identifying risks and opportunities, then the QMS cannot be effective.

How are you working to achieve your quality objectives?

Measurable quality objectives are not new to ISO 9001. What is new is the requirement to plan actions to make them happen. The plans are intended to be specific and actionable, addressing actions, resources, responsibilities, timeframes, and evaluation of results.

How has the QMS been integrated into the organization’s business processes? 

This question is asked directly to top management (see section 5.1.1c) as they have the overall responsibility to ensure this is happening. ISO 9001 is becoming a more strategic management system. It’s not only about making sure products or services meet requirements. The standard is about managing every aspect of your business using risk based thinking and continuous improvement.

How do you capture and use organizational knowledge?

ISO 9001:2015 wants organizations to learn from their experiences, both good and bad. This could be handled by a variety of means: project debriefs, exit interviews, staff meetings, customer reviews and feedback, examination of data, lessons learned logs. How the organization captures knowledge is up to them, but the process should be clear and functional. The knowledge should also be maintained and accessible. These should be documented in a way that your institution could create its own “Knowledge Base”.

These are some of the most asked questions when preparing for an ISO 9001:2015 audit.  We hope that this gave you a more clear understanding on how to use the standard to ensure a successful outcome for your organization.



Measuring Supplier Performance

The new ISO 9001:2015 is currently at the Final Draft International Stage (FDIS), the fifth stage of a six stage process, and the final revision is expected to be published by September 2015. There are a lot of expectations regarding the release of the new standard and many are wondering what the differences will be between ISO 9001:2008 and ISO 9001:2015.

The recently published draft of the standard (DIS) has shown what the main differences are about; even though both standards cover essentially the same topics, there are some important changes. Some of these are:

  1. The most notorious difference between the standards is its structure. ISO 9001:2008 had five main sections and ISO 9001:2015 has seven. The new ISO 9001:2015 aligns with high-level organizational structure established on the ISO Guide 83 (“Annex SL”), requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. Such structure is as follow:
    • Scope
    • Normative References
    • Terms and Definitions
    • Context of the Organization
    • Leadership
    • Planning
    • Support
    • Operation
    • Performance Evaluation
    • Improvement
  2. The new standard puts a greater emphasis on the “context of the organization”. Unlike ISO 9001:2008, the new standard will require organizations to consider the external and internal issues that may influence their quality management system (QMS) and they will need to determine how these will be addressed.
  3. With the new ISO 9001:2015, organizations will be required to take a risk-based approach to identify and address the risks that can jeopardize their ability to meet customer and regulatory requirements. In ISO 9001:2008, even though a risk-based approach is not explicit, the standard implicitly guides organizations in managing their risk.
  4. The new standard has eliminated the distinction between documents and records by referring only to “Documented information”. There also will be general requirements for documentation, with no reference to documented quality manual, documented procedures or to quality records.
  5. The specific requirements for preventive action present in ISO 9001:2008 have been removed in the new standard. This decision was motivated by the perspective that prevention is the task of the QMS in its entirety.
  6. Some concepts have been replaced in the new standard, such as the term “product” is replaced by “goods & services” and “continual” by “continual improvement.”“Purchasing” and “outsourcing” will be replaced by “external provision of goods and services”.
  7. The new standard also eliminates any reference to a “Management Representative”. Instead, management duties and responsibilities can now be assigned directly to top management (to one person in particular or to many).

These are the main differences between the two standards which are based on the DIS version of ISO 9001:2015. There are still comments from over 90 countries that will be taken into account and it is yet to see which of these changes will be maintained in the final official version.

Since the 1960s, HACCP has been recognized internationally as a logical tool for adapting traditional inspection methods to a modern, science-based, food safety system.
Since the 1960s, HACCP has been recognized internationally as a logical tool for adapting traditional inspection methods to a modern, science-based, food safety system.

ISO 14001 is under review. After its original publication in 1996, this is the first time it’s going through major changes. The review process is currently at the Draft International Standard (DIS) stage, the fourth stage of a six stage process, and  the final revised ISO 14001:2015 is due to be published by the end of 2015. Some of the main changes ISO 14001:2004 is undergoing are:

  1. The first change to ISO 14001:2004 concerns its structure. This revision is based on the ISO Guide 83 (“Annex SL”) which defines a common high level structure, text and common terms and definitions for the next generation of management systems. This structure aims to facilitate the implementation process and the integration of several management systems in a harmonized, structured and efficient manner. Such structure is as follow:
    1. Scope
    2. Normative References
    3. Terms and Definitions
    4. Context of the Organization
    5. Leadership
    6. Planning
    7. Support
    8. Operation
    9. Performance Evaluation
    10. Improvement
  2. New concepts have been added, such as “supply chain”, “value chain” and “product life cycle” and existing definitions have been modified to give a different emphasis and to improve clarity.
  3. Two new clauses have been introduced which focuses on an organization’s context. These require organizations to determine the issues and requirements that can influence the scope of its EMS and take them into account.
  4. There’s a greater emphasis on top management, requiring them to take the lead in integrating the environmental management practices into their organization’s core strategies, processes, and priorities.
  5. Regarding environmental policy, organization should be committed to protecting the environment rather than just preventing its pollution, as stated in ISO 14001:2004.
  6. A greater emphasis is placed on an organization determining its own risk profile.
  7. Organizations are required to control or influence processes and services associated with significant environmental aspects, organizational risks, lifecycle and emergency preparedness.
  8. There is a greater focus on environmental performance improvement across the value chain.
  9. The DIS does not include specific requirements for preventive action. The new standard no longer thinks of preventive measures as a separate topic, but rather as a central component of all environmental-related activities.
  10. Environmental objectives have been given a separate sub-clause with the “planning actions to achieve environmental objectives.”
  11. The terms “document” and “record” have both been replaced throughout the DIS with the term “documented information”. The DIS states that documented information must be maintained to the extent necessary to have confidence that the processes have been carried out as planned.

It is important to mention that this standard is still under review, and there is still to see which changes will make it to the final revision. However, it’s clear that the overall goal of ISO 14001:2015 is to respond to the latest environmental trends, help organizations improve their environmental performance and prepare them for future environmental challenges.

 

The quality management system (QMS) standard ISO 9001:2008 is currently under review. Like all ISO standards, which go through a revision every 5 years, ISO 9001 is being updated to reflect new technological advancements in the workplace and a to give a higher focus on the quality of outputs to customers.

The review process is currently at the Final Draft International Stage (FDIS), the fifth stage of a six stage process and  the final revised ISO 9001:2015 is due to be published by September 2015. Some of the upcoming changes to ISO 9001:2008 are:

  1. The new ISO 9001 standard aligns with high-level organizational structure established on the ISO Guide 83 (“Annex SL”), requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. This structure aims to facilitate the implementation process and the integration of several management systems in a harmonized, structured and efficient manner. Such structure is as follow:
    1. Scope
    2. Normative References
    3. Terms and Definitions
    4. Context of the Organization
    5. Leadership
    6. Planning
    7. Support
    8. Operation
    9. Performance Evaluation
    10. Improvement
  2. Some concepts are replaced, such as the term “product” is replaced by “goods & services” and “continual” by “continual improvement.” “Purchasing” and “outsourcing” will be replaced by “external provision of goods and services”
  3. The new standard puts a greater emphasis on the “context of the organization” which implies a broader measurement, planning and implementation view.
  4. The new standard will take a risk-based approach to determine the type and extent of controls appropriate to each external provider and all external provision of goods and services. The proposed standard addresses risks which can affect conformity of goods and services as well as customer satisfaction.
  5. Senior management will be required to take a more active involvement in the quality management system.
  6. There will be general requirements for documentation, with no reference to documented quality manual, documented procedures or to quality records. The DIS refers to “Documented Information.”
  7. The need for exclusions may not be considered to be necessary in the new version of the standard but feedback on this is being sought as part of the revision process.

Regardless of the upcoming changes, ISO 9001 will continue to be a generic standard, relevant to all sizes and types of organizations in any sector and it will continue to deliver “confidence in the organization’s ability to consistently provide product or services that meets customer and applicable statutory and regulatory requirements”.