iso 9001:2015...requirements of iso 9001. all companies currently certified to iso 9001:2008 will be...
TRANSCRIPT
ISO Solutions for Small Business
ISO 9001:2015Transition Guide for Small Business
The ISO 9001:2015 quality management system standard, released September 2015, is the fifth edition of one of ISO’s best known and most widely accepted standards. More than 1 million companies and organizations are formally certified, or registered, to demonstrate their compliance with the requirements of ISO 9001. All companies currently certified to ISO 9001:2008 will be required to update, or “transition,” to the new requirements within 3 years of the release of the new standard. The deadline for transitioning to ISO 9001:2015 is September, 2018.
For small businesses, the changes in the standard present both challenges and opportunities. The challenges are found in learning and implementing the new requirements with the same limited people-resources who are currently busy running their businesses and maintaining certification. But there are also many opportunities the new standard introduces to streamline and improve business processes and the overall quality management system.
In fact, a primary objective of the new standard is to make the requirements better suited and more in line with smaller companies while global supply chains, government procurement officers and other market drivers expand the use of ISO 9001 as a supplier management tool. With these growing demands, small businesses currently certified must transition to the new standard to maintain their certification. The hope is, of course, it will be worth it in the end.
ISO 9001
02
Why did the standard change?
The simple answer is it was time. All ISO standards are reviewed every five years to determine if they meet the current needs of industries and users based on the latest trends globally. The ISO/TC 176 (the technical committee responsible for the ISO 9001 standard) began this review in 2012 with representation from nearly 100 countries. Through a highly structured international process to gather input and develop global consensus the new standard was released on schedule with overwhelming approval from participating countries.
But more importantly, in order to respond to changing needs of the million+ users of the standard along with requirements of customers and other interested parties who need to manage risk in diverse and expanding global supply chains, substantial modifications were needed to a standard that had its last major revision in 2000 (the ISO 9001:2008 was a minor amendment) some fifteen years ago.
Some of the top objectives for the revision were:
1. Make the requirements equally useful to product-oriented (e.g. manufacturers, distributors, etc.), service-oriented and other non-manufacturing businesses.2. Put greater emphasis on the process approach and measurable results to demonstrate continual improvement.3. Provide greater flexibility in how documentation, leadership and other management system activities are addressed to adapt to specific needs of individual companies.4. Expand preventive action into risk-based thinking to include planning, identification and addressing risks faced by the company that may impact its products, services and customers.5. Align the ISO 9001 requirements with related standards such as ISO 14001, OHSAS 18001, ISO 27001 and others to make it easier to maintain more than one certification.
The resulting changes should make the ISO 9001 certification more effective in helping companies of any size in any industry manage risk, improve quality and better serve their customers. At the same time, many aspects of the quality management system will be able to be greatly simplified and specifically tailored to the unique needs and resources available.
03
WHY DID THE STANDARD CHANGE?
What are the major changes in the standard?
In some respects, the ISO 9001:2015 was rewritten from scratch. Its structure and terminology have been reworked to better match similar standards and make it more “user friendly” to companies using the standard. And while virtually all ISO 9001:2008 requirements have been preserved, there are some significant new additions. Let’s list some of these:
1. New Look, Organization and Terminology
ISO has recently published a “standard for standards” called the “High-Level Structure (Annex SL of the ISO Directives)” that all management system standards must use going forward. This includes ISO 9001, ISO 14001, ISO 27001 and others. This common structure (called the “HLS” by ISO) will ensure all standards are organized and numbered the same way.
It should be noted that the new standard specifically states that the new structure DOES NOT mean that your documents must be renumbered or reorganized to follow the new numbering (see Annex A.1 in the ISO 9001:2015 standard).
40 83%HAVE NEWREQUIREMENTS
10 21%HAVE CHANGESIN REQUIREMENTSFROM ISO 9001:2008
5 REQUIREMENTS IN ISO 9001:2008 HAVE BEEN REMOVED IN ISO 9001:2015
* 32%5727OF THE WORDS IN THE
ISO 9001:2015REQUIREMENTS
1809 WORDS REFER TONEW OR CHANGED REQUIREMENTS *not including introductory or Appendix sections
OF THE 48 CLAUSES IN THE ISO 9001:2015 STANDARD:CHANGE NUMBERSBY THE
04
In addition, there are some changes in terminology to help “non-manufacturing” companies more easily understand how the requirements apply to them. For example:
ISO 9001:2008 STRUCTURE ISO 9001:2015 STRUCTURE
QUALITY MANAGEMENT SYSTEM4 CONTEXT OF THE ORGANIZATION4
MANAGEMENT RESPONSIBILITY5 LEADERSHIP5
RESOURCE MANAGEMENT6 PLANNING6
PRODUCT REALIZATION7 SUPPORT7
MEASUREMENT, ANALYSIS, AND IMPROVEMENT8 OPERATION8
PERFORMANCE EVALUATION9
IMPROVEMENT10
ISO 9001:2008 TERMINOLOGY ISO 9001:2015 TERMINOLOGY
PRODUCTS PRODUCTS AND SERVICES
EXCLUSIONS APPLICATION
MANAGEMENT REPRESENTATIVE TERM NOT USED, BUT SAME RESPONSIBILITIES MUST BE ASSIGNED
DOCUMENTATION, QUALITY MANUAL,PROCEDURES, WORK INSTRUCTIONS,RECORDS
DOCUMENTED INFORMATION
MONITORING AND MEASURING EQUIPMENT
MONITORING AND MEASURING RESOURCES
WORK ENVIRONMENT ENVIRONMENT FOR THE OPERATION OF PROCESSES
EXTERNALLY PROVIDED PRODUCTSAND SERVICES
PURCHASED PRODUCT
SUPPLIER EXTERNAL PROVIDER
NONCONFORMING PRODUCT NONCONFORMING OUTPUT
CUSTOMER NEEDS AND EXPECTATIONSCUSTOMER REQUIREMENTS
05
2. Expanded Leadership Responsibilities for Top Management
The responsibilities of top management have been expanded in the ISO 9001:2015 standard to incorporate several new “Leadership” activities essential to the success of the QMS. Top management must now:
• Ensure that QMS requirements are integrated effectively into the basic business processes of the company. (5.1.1).• Ensure risks and opportunities that affect products, services and customers are addressed (5.1.2). • Report on performance of the QMS and opportunities for improvement (5.3). No longer a designated “management representative”.• Establish quality objectives and detailed plans to achieve them (6.2.2).
3. Management Planning to Address the Context of the Organization
Top management must also identify and plan for broader issues affecting the organization that stem from the overall business environment it operates in, not just those relating to customers. This is referred to as the “Context of the Organization” (4.1). Such issues could arise from:
• Competitors• Changes in the market or broader economy (e.g. economic slowdown or outsourcing trends)• Changes in labor force that may affect employee resources• Changes and trends in technology• Changes in company ownership or corporate structure
Additionally, top management must determine and monitor requirements of various interested parties relevant to its QMS such as:
• Customers• Partners• Owners and investors• Employees, subcontractors, or others in the organization• External providers (suppliers, vendors, etc.)• Unions
4. Introduction of Risk-Based Thinking
Another significant change in the new standard is the introduction of Risk-Based Thinking as a replacement for Preventive Action from ISO 9001:2008. Organizations are required to consider and plan for risks and opportunities that may impact QMS results and improvements when establishing and maintaining their QMS (6.1).
06
5. Flexibility in Documentation Requirements
The ISO 9001:2015 standard is changing its requirements for documents and records (7.5). Instead of naming specific documents required (e.g. quality manual, procedures, work instructions, etc.), the standard calls for certain “documented information” to be established in any type of format preferred by the company.
6. Strengthened Process Approach
The foundational concept of the process approach from the ISO 9001:2008 has been expanded (4.4) to include:
- Determining the inputs and outputs of the processes- Establishing specific process performance indicators through the use of monitoring and measurements- Assigning authorities for the processes in addition to responsibilities- Addressing risks and opportunities in the processes- Managing changes to the processes
7. Planning for Changes
Companies must now identify and manage changes to the QMS (6.3) and changes for production or service provision (8.5.6).
8. Managing Organizational Knowledge
A plan for protecting key knowledge of the company and making it available to others as needed is now required (7.1.6).
This could include:
In addition, when changes in the organization come up, planning should involve what new knowledge may be needed and how to acquire or access it.
07
INTELLECTUAL PROPERTY
KNOWLEDGE FROM EXPERIENCE
LESSONS LEARNED
PROCESS IMPROVEMENTS
STANDARDS
CONFERENCES OR OTHER SOURCES OF TRAINING
COMPETITIVE OR MARKET RESEARCH
BENCHMARKING
EXTERNAL PROVIDERS
CUSTOMERS
ORGANIZATIONAL KNOWLEDGE CAN BE BASED ON
INTERNAL SOURCES EXTERNAL SOURCES
9. People Resources
While implied in the ISO 9001:2008 requirements for resources, the new standard specifically states that the organization must determine the people-resources needed and provide them (7.1.2).
10. Design and Development of Services
It has been traditional for product-companies to apply the Design and Development requirements. It is now more explicit that Design and Development applies to service-companies as well, especially when the company is responsible to design the service offering (8.3).
SOME NOTABLE MINOR CHANGES SOME REQUIREMENTS THAT HAVE NOT CHANGED
Exclusions are not limited to Product Realization (4.3) Establishing the scope of the QMS (4.3)
Quality policy and quality objectives must support the context and strategyof the organization (5.1.1; 5.2)
Determining sequence and interactions of QMS processes (4.4)
No longer required to assign a single “management representative” to oversee the QMS (5.1.1)
Determining monitoring, measurements, and resources needed (4.4)
Continual improvement of QMS and its processes (4.4)
Personnel must be aware of implications of not conforming to the QMS requirements (7.3)
Top management leadershipand involvement (5.1.1)Quality policy and objectives (5.1.2; 5.2 ; 6.2)Customer focus, customer satisfaction,and meeting statutory and regulatoryrequirements (5.1.2)
Contingency planning must bedetermined with the customer (8.2.1)
Control of outsourced processes nowpart of purchasing (8.4)
Determining and providing QMSresources including infrastructure andwork environment (7.1)
Actions to prevent human error mustbe implemented (8.5.1)
Providing resources for monitoringand measuring (7.1.5)Ensuring measurement traceability, if required (7.1.5)
Post-delivery activities are now specified (8.5.5)
A documented communication planmust be maintained (7.4)
Release of products and servicesis detailed (8.6)
And others...
Ensuring personnel have requiredcompetencies required, providingtraining as needed and keepingtraining records (7.2)
Calibrating or verifying measuringequipment (7.1.5)
Ensuring personnel are aware of thequality policy, quaity objectives, and how they should contribute tothe QMS (7.3)
And others...
There are 5 requirements that have been removed from the ISO 9001:2008 requirements:
Limited Exclusions - “Exclusions” (now called Application) are not limited to Product Realization (now called Operations).
Management Representative - No requirement to specify a member of management as a “management representative”, but the same responsibilities must be assigned to one or more individuals in the organization.
Quality Manual and Documented Procedures - No requirement to include a “quality manual” or “documented procedures” in your documented information, but similar requirements must still be documented.
Internal Audit Details - In the internal audit requirements, the statements “Auditors shall not audit their own work” and “Follow-up activities shall include the verification of the actions taken and the reporting of verification results” (8.2.2, ISO 9001:2008) have been removed. However, you still have to have impartiality in your internal audits and closure of corrective actions still provides verification of closure for internal audit findings.
Preventive Action - The requirement for “preventive action” has been removed, but is dealt with through risk-based thinking and a new phrase in the corrective action requirements includes the need to determine if similar nonconformities could “potentially occur”.
09
To transition to the new standard will take time. Not only do certified companies need to make the necessary updates to their quality management systems, the Certification Bodies (Registrars or CBs) need to conduct transition audits of over one-million companies worldwide. Not a small task.
The rules for certification to ISO 9001 are established by the International Accreditation Forum (IAF) and implemented by national or multi-national Accreditation Bodies (ABs) who, in turn, “accredit” CBs so they can issue “accredited certificates” to companies for certification. This structure is what allows individual certificates to be recognized internationally in order to facilitate international trade.
The IAF has established a three year transition period to the new standard starting September 2015 when ISO 9001:2015 was initially released. That means that after September 2018, the ISO 9001:2008 standard will become obsolete and 2008 certifications will no longer be valid. Before that date, certified companies will need to receive a new certification for ISO 9001:2015. Around the midpoint of the transition period, CBs will cease issuing new ISO 9001:2008 certificates.
10
WHAT IS THE TIMELINEFOR THE TRANSITION?
When should you be audited to the new standard?
Not too soon – let them get some experience
Since Registrars must go through a formal accreditation process to the new 2015 standard, it will take most of them a few months following the release date to be ready. To become accredited, they will need to train their auditors to learn the new requirements. Once they are accredited, they will begin their first transition audits. Their first few audits to the new 2015 requirements may be a bit rough as they learn how to interpret and apply the new requirement. This will be especially challenging in a small business.
Not too late – don’t wait till the last minute
It is expected that a large percentage of certified companies will wait as long as possible to make the transition. Many are not aware of the new standard or the significant changes required. Others will not want to change until required to do so. In 2018, Registrar schedules will fill up to capacity and some companies with 2008 certificates may miss the deadline for transition.
Just right – take your time to prepare
It’s best to wait until mid-2016, or even 2017, to schedule your transition audit. Be sure it is done by early 2018 to avoid the last-minute rush.
Figure 1: Based on this timeline, companies currently certified to the ISO 9001:2008 standard should start planning for their own transition to the ISO 9001:2015 standard. The best time to target your transition audit would be late 2016 or anytime in 2017.
No new ISO 9001:2008
certificatesissued
ISO 9001:2008standard
expires and 2008certificatesno longer
valid
Most registrars
accredited toconduct 2015
audits
ISO 9001:2015standard is
released
Sept, 2015 March, 2017(approx) Sept, 2018Jan, 2016 (approx)
11
To begin planning for your company’s transition to ISO 9001:2015, you should start by developing a 6 – 9 month checklist to prepare for the transition audit. Once your project plan is prepared, you’ll be able to decide when to launch your transition project based on your end target date for receiving your ISO 9001:2015 certificate.
Generally, here are the major steps you’ll need to include in your project:
Purchase and read the new standard. Use a cross reference table to understand how the new ISO 9001:2015 requirements fit with your current ISO 9001:2008 QMS. Seek training or consulting assistance, if needed. Contact your Registrar for details about their transition plan and additional costs, if any. Establish a team to coordinate transition internally, or manage through management review. Conduct a gap analysis. Develop a detailed transition plan. Make necessary updates to your QMS. Provide training for your managers, internal auditors and employees. Conduct a full internal audit based on ISO 9001:2015 requirements. Address nonconformances through corrective action. Complete the transition audit by your Registrar.
One thing to keep in mind when setting up your schedule is to decide the best time for your company to transition. Typically, transition audits are done as part of a normally scheduled surveillance audit or recertification audit. By scheduling transition during a regular audit, there will likely be little, if any, additional audit costs. Be sure to ask your Registrar.
12
WHAT NEEDS TO BEDONE TO TRANSITIONTO THE NEW STANDARD?
Our final topic is likely the most important to small businesses. While the main reasons for the changes in the ISO 9001:2015 standard were to meet current industry requirements and appeal to companies in new industries, the ISO/TC 176 committee focused specifically on the needs of smaller companies. The transition to the new standard gives you an opportunity to re-think and revise your QMS to make it better suited to your needs and more effective for your company. You don’t have to keep doing what you have always done.
Here are some suggestions for small business:
• Simplify your QMS. Overall, your QMS should not be more time consuming or more complicated after the transition.• Involve top management. Be sure your entire top management team is aware of the changes and supportive of your transition plan.• Don’t change things that are working. Follow 3 basic rules: • Keep it Simple • Add Business Value • Never Do Anything Just to Show an Auditor• Seek outside help through training or consulting programs (Visit www.thecoresolution.com for special training and consulting assistance for 2015)• Don’t rush your transition. You have 3 years to make the changes and complete your transition audit. Take your time and do it right for the benefit of your business and your customers.• Consider replacing your quality manual to match the ISO 9001:2015 requirements, though this is not a requirement. If your company is used to having a quality manual, you may find value in keeping one.• Consider revising or eliminating some procedures. There are no specific requirements for the 6 procedures that were required in ISO 9001:2008. If they are not helpful, consider removing them. As an alternative, you may want to simply add some details into your quality manual to cover requirements for Documented Information. Many small companies may choose to address most ISO 9001:2015 requirements for Documented Information in a single quality manual.
13
WHAT DO SMALL BUSINESSES NEED TO CONSIDER WHEN PLANNING THEIR TRANSITION?
• Don’t read too much into the changes. Just because new words are used, doesn’t mean the actual requirement has changed.• Don’t try to “out guess” the 3rd-party auditor. Choose the methods and processes that best suit your company’s needs and be prepared to explain how they meet the requirements. Your auditor should not tell you how to meet the requirements, they should simply verify that you comply with the requirements. Remember it is YOUR quality management system. Don’t be afraid to challenge a difference of opinion during the audit. Appeal a finding if needed.• Make it your own. Don’t just copy what you see other companies doing to meet the new requirements. Tweak things to fit your business.
For Additional Information:
Visit our website at www.thecoresolution.com or contact us by email: [email protected], or by phone 866-354-0300.
Additional Resources:
- ISO/TC 176/SC2 public website: http://isotc.iso.org/livelink/livelink/open/tc176SC2public- ISO 9000:2015 - principles and terminology- Transition Planning Guidance for ISO 9001:2015 from the IAF: http://www.iaf.nu/upFiles/- ISO 9001:2015 Introductory Transition Training Series from Core Business Solutions- ISO 9001:2015 Transition Online Consulting Program from Core Business - ASQ – What is ISO 9001:2015? http://asq.org/learn-about-quality/iso-9000/iso-9001-2015
14
Scott DawsonScott Dawson, President of Core Business Solutions, is an active voting member of the US Technical Advisory Group (TAG) to ISO Technical Committee 176 (ISO/TC 176), which is responsible for drafting ISO 9001 and ISO 9004 international standards on quality management systems. The US TAG Group just finished writing the revised 2015 Standard so Scott Dawson has the inside details about the new revision.