ISO 9001 has provided a common basis for communicating and specifying requirements through supply chains for nearly three decades. The standard has evolved from the heavily manufacturing bias in the 1980s and 1990s, to one that delineates requirements to define and control processes for any type of organization. While advanced continuous improvement methodologies, including Lean and Six Sigma, have become more popular, ISO 9001 along with its industry specific variants is still considered a foundation for quality in many organizations and industries.
The much anticipated revision of ISO 9001 was finally issued this past September. Every revision tends to create speculation and energy. Quality practitioners want to know what they have to prepare for, while business leaders wonder what it will cost in consulting fees and administrative effort to maintain certification. It’s common to wonder if the changes will add value and improve delivered quality. There hasn’t been a revision yet that prevents errors, downtime, supply chain price increases, or complaints, so why change at all?
The revision issued in 2000 introduced the process approach, while the revision issued in 2008 included minor changes. The speculation leading up to the current version was so great that ASQ published an article last year using a play on the WWII era British “Keep Calm” crisis message (Quality Progress, September 2015). While there are a few significant changes, you’re not in crisis.
There are five key things to keep in mind as the 2015 edition is rolled out. First, relax. There is a three-year transition period during which your ISO 9001:2008 registration is valid. There are changes, such as “determine the context of the organization,” where documented evidence is not specified. As the registrars come to terms with interpretation and audit strategy, they’ll be able to communicate expectations to their clients.
If you’re just beginning the process of meeting the ISO 9001 standard, you can choose. The benefit of starting with the 2015 version is that you won’t need to consider additional requirements within the next three years. Beginning with the 2008 version, however, gives you the opportunity to become registered while industry experts sort out the criteria and interpretations. If registration is a requirement in your supply chain—as a customer or supplier—engaging with partners will ensure expectations are met. Supplier Day conferences can also provide forums to share information quickly, among the business as well as getting feedback to and from third-party registrars.
Second, the international management system standards are required to be reviewed and updated at routine intervals. This is to ensure standards remain relevant and widely applicable. With a new version issued every 6-7 years, change is inevitable. In this recent revision, a key driver was the standardization of format among management system standards (ISO 9001, ISO 22000 and ISO 50001, as examples). This facilitates the process of complying with multiple standards without setting up redundant processes and systems.
The 10-section format will be consistent among this type of international standard. The Introduction and Sections 1-3 give the document itself a context. There is a defined scope for the document and references are given for other applicable companion standards—ISO 9000:2015 provides definitions relevant to ISO 9001:2015. These sections are not implemented or part of the registration audit. The actionable sections with auditable requirements are:
Section 4: Context of the Organization
Section 5: Leadership
Section 6: Planning
Section 7: Support
Section 8: Operation
Section 9: Performance Evaluation
Section 10: Improvement.
Because it is a system standard, there are many interconnections and cross-references throughout the standard. Give it a thorough read for content, then review again noting those linkages. It will help in understanding the benefit of some requirements and give insight into implementing them.
Third, because systems are interconnected, this edition eliminates the opportunity for “permissible exclusions.” It has been possible in the past to draw a box around the scope of an ISO 9001 certificate and leave certain functions outside. Development, corporate functions, and complex supply relationships are a few examples. The new standard requires that any function necessary to deliver product or service to the customer must be part of the formal quality system.
Fourth, the process focus remains in this latest version, as present as in the last two versions. For an organization only upgrading from ISO 9001:2008 to ISO 9001:2015, the process approach is already evident in its quality system, and this will be an advantage when addressing the risk management element of the new standard. A risk assessment evaluating potential and known points of failure is a worthwhile exercise for ensuring ongoing quality of current processes and systems as well as evaluating the impact of planned changes and new products or services.
An FMEA (failure mode effects and analysis) is a common tool already in the toolbox of most quality professionals. The FMEA process involves identifying failures of process or product and assigning a value related to likelihood, severity and detectability. The product of those values gives a risk priority number, or RPN. From there, the list can be sorted in decreasing order, and the highest values (representing highest risk) are prioritized for countermeasures and proactive work to control, detect, decrease, or eliminate the error. (See sample chart below for an example; the template is a free download from ASQ.)
Consider an organization weighing the risks and benefits of changing transportation modes from truck to rail, or sourcing raw material overseas. The spreadsheet showing cost may indicate the move to be an obvious cost reduction. But what issues may arise, and how might they affect the business? The time spent with a cross-functional team thinking ahead, quantifying risk, and developing mitigation plans leads to a well-informed decision and a team ready to handle a problem before it becomes a crisis.
To make this manageable, consider breaking your operation into major product or service lines to keep the exercises in 2-8 hour (typical, not a rule) time blocks. A SWOT (strengths, weaknesses, opportunities, threats) approach could also help gain a balanced understanding of the business. For existing product lines, make use of customer, process and inspection data if available. This will provide a realistic perspective, rather than hypothetical.
And fifth, another significant shift in the standard is the change from “documented procedure” and “record” to “documented information.” This will remove the pedantic conversation about when a form needs to go from controlled document to record and move an organization toward ensuring anything that needs to be documented—in any medium—is captured. From audit reports to troubleshooting guidelines, from supply route maps to preferred carriers, if it’s important to an organization’s ability to continue smooth operations that meet internal and external requirements, the documented information needs to be prepared, maintained and accessible to those who need it.
Because some information may not have been included in previous definitions, it’s possible an organization will need to spend some time brainstorming this point. For example, master data in an ERP system may not have been considered part of the quality system under previous revisions of the standard.
Summing up, then, the following five points should put organizations at ease as transition plans are developed and implemented:
1. A three-year transition period is built in, and registrars will be determining how to evaluate criteria;
2. All management system standards are reviewed and revised on a 5-8 year cycle;
3. Exclusions do not apply;
4. Risk management plays a significant role in managing for quality; and
5. Documented information could expand the previous definition, leading to a greater level of effort initially, to ensure all sources have been accounted for.
Until a significant number of audits have been conducted, uncertainty around interpretations is likely to continue. Stay current on industry information and engage the registrar in your intentions and questions. For more information about ISO 9001:2015, visit ASQ Quality Management Standards.
Christine Hannon is director of team excellence for Team World, a provider of customized promotional products, and has over 20 years of experience working on quality improvement and supply chain management in service and manufacturing sectors, including regulated and non-regulated (product) environments. She is a Lean Six Sigma Black belt and a senior member of the American Society for Quality.