The publication of the Draft International Standard (DIS) of ISO 9001, the quality management system (QMS) of choice for over one million organisations around the world, signifies the first time all current and future users can access and review the proposed changes. The DIS phase of the standard revision will be a sign for organisations that they can begin to plan their transition from the existing ISO 9001 (ISO 9001:2008) to the revised ISO 9001:2015 (scheduled for release in late 2015). Here, LRQA Technical Director David Lawson explores what the publication of the DIS means and importantly, what organisations should do next.
1. What does the revision of ISO 9001 mean for organisations? It’s actually been a long time since the standard was last revised with any significance, some 14 year in fact and a lot has changed in that time. The potential organisational impact of the revised ISO 9001 is dependent upon how organisations and their individual QMS have evolved in this time. Factors such as the maturity and complexity of the existing ISO 9001:2008 management system, the existence of other management systems (such as ISO 14001, the global environmental management system standard (EMS) or OHSAS 18001, the global health and safety management system standard) as well as the organisation’s current evaluation and management of risk will all heavily influence the degree of change that an organisation will need to undertake in order to meet these requirements of the revised ISO 9001:2015.
2. Annex SL; The introduction of Annex SL, which establishes a consistent structure featuring 10 clauses as well as common terminology and definitions applicable to all ISO Management System Standards (MSS), is probably the biggest change to the ISO/DIS 9001:2014 document. As organisations begin to understand and appreciate the value of different management systems all speaking a common language, thereby making MSS integration easier, it will be organisations and - and in turn the consumer - who stand to be the true beneficiaries.
3. Process-Based Approach; The DIS contains many references across several clauses to organisations placing a greater emphasis on applying a process-based approach to their management system.
4. Risk-Based Approach; The incorporation of Annex SL into ISO/DIS 9001:2014 now drives a risk-based approach to thinking and acting. The requirements under a risk-based approach affect quality planning and now incorporate much of what was previously referred to as “Preventive Action”. Now an organisation will need to determine the risks and opportunities that need to be addressed to give assurance that the QMS can achieve its intended results. Many organisations already have risk-based thinking and planning in many parts of their organisation which may or may not have been connected to the QMS in the past. This greater focus on risk will mean that an organisation will need to demonstrate how this requirement is met. The extent and formality of the approach needed in a particular organisation will - of course - be influenced by its context.
5. Leadership; The requirements relating to the relationship between the role Top Management play in creating and supporting an effective QMS have been enhanced. There are now more areas where Top Management needs to demonstrate their involvement and engagement with the quality management system including accountability for the effectiveness of the QMS and ensuring integrated with the overall business processes .
6. Context of the Organization; this is new and has two distinct elements. Firstly, context requires an organisation to determine the internal and external issues and requirements that can impact on the planning of the quality system. Context becomes an important consideration and helps to ensure that the management system is designed and suitably adapted for a specific organisation. This helps provide the right focus, approach and balance to the different elements of the management system rather than the same generic approach across all organisations. The second element is the consideration of relevant interested parties. There is now a requirement to determine their requirements and ensure these are monitored and reviewed as these now form primary inputs into the design of QMS
7. Knowledge; An organisation will now need to consider what knowledge it needs to achieve conformity of products and services along with how it will develop, maintain and retain such knowledge.
8. Control of externally provided products and services; formerly known as Purchasing, this clause has been retitled to make it clear that the requirements apply to both physical product and services related to the end product of the organisation. Whilst not specifically a new requirement, there has always been some confusion around certain categories of externally provided products and services whether this has been through an associate company, joint venture or outsourced activity. Now it is clear that however provided, an organisation will need to apply a risk-based approach and determine the type and extent of controls necessary.
9. Transitioning; Current information from ISO shows that organisations will have three years from publication to transition to the new standard, so they can choose to transition at any point within this period. Some may choose their next certification cycle, although many will want to be ‘among the first’ given the increased functionality that ISO 9001:2015 will deliver, along with the bonus of a clear commitment to best practice being demonstrated to their interested parties. Starting the transition planning early, including setting and communicating a transition date will enable you and your organisation to pro-actively manage the transition at your pace.
10. Next Steps; Organisations should start by obtaining a copy of the DIS and focus on the areas that are completely new or have been revised. Those are the areas that are likely to be included in any transition plan. Also, make sure that quality managers and internal auditors understand the differences that Annex SL will bring to the QMS and any other management system standards in the organisation. Ensure that when selecting a certification body, they not only understand the DIS, but more importantly, understand what the DIS means to the QMS and the wider organisation. Engage a certification body to find out how a gap analysis and training on specific areas of ISO/DIS 9001:2014 can be of benefit to the organisation. Finally, begin formalising a transition plan and process and ensure that top management is involved from the start.
Remember that the DIS is just that; a Draft International Standard. This is an important stage for any standard and gives great visibility on what the final standard will contain. We are now in a three month balloting period, so there will be comments and the standards developers will have to consider those comments and take action where deemed relevant and necessary.
However, given that a significant amount of change in this revision is through the incorporation of Annex SL’s core text and high level structure, the standard writers may have little freedom to change this text even if it receives comments in those areas. Essentially, ISO/DIS 9001:2014 is an extremely good indicator on what the final version of the world’s most widely implemented quality system standard will look like and more guidance from ISO is on the way. So to secure a distinct advantage, it’s sensible to start planning for that change now.
Further information about the ISO Standard Revisions - to include blogs and round table discussions - will appear on www.lrqa.com/isostandardsupdate. Alternatively, please email firstname.lastname@example.org.