As well over 1 million organisations across the world await the latest version of the world’s most popular management system standard let’s ask ourselves what do we already know about the expected changes to the ISO 9001 standard and what won’t we know until the standard is published and implemented by organisations?
The Process Approach, PDCA
The existing concepts of Plan Do Check Act (PDCA) and the Process Approach will remain at the core of the standard.
The existing 8 Principles of Quality Management underpinning ISO 9001 will remain. These will however be reduced to 7 principles by merging The Process Approach and the System Approach to Management. This recognises that essentially a System is a set of interacting Processes and there is a strong overlap between these two Principles.
Common High Level Structure
We already know that the new 9001 standard is going to be aligned (along with all the other management system standards) with Annex SL which is the High Level Structure for all management systems. The aim of this is to “standardise the standards” and make it easier for organisations to integrate and manage a variety disciplines in one system. There will be a common text at the core of all management system standards meaning approximately 30% of the text will be common.
So what will the impact of this be on our existing Quality systems? Essentially, it will mean that organisations will need to re-align our existing management systems, by considering the processes we already have and deciding which of the “new look” requirements they already meet, as many of the changes are conceptual, this will address most of the new standard but there will be some gaps and these will need to be filled by adjusting the relevant processes (e.g. control of documents and records) and in some cases creating new ones (e.g. managing risk and opportunity).
More emphasis on addressing “risks & opportunities”
This is one change that is going to take some time to show its impact on and benefit to organisation’s QMSs. A known unknown if you like.
The new version of the standard will require our QMS to identify risks and opportunities and put controls and actions in place to address the most significant of these.
This is the one change that will occupy most Quality Managers, auditors and management system consultants over the period of transition to the new standard. It might seem like a new concept for Quality (and a little scary for some organisations), but ISO 9001 has always required us to consider risk.
Just think for a moment about what Preventive action meant in practice i.e. identifying potential problems and preventing their occurrence – isn’t this almost a text book definition of risk management? Confirming this change, the term Preventive action has been removed from the new standard, but far from being removed; the concept has been reinforced by the change. Lots of Quality professionals already successfully manage risk with their Quality systems through HACCP (Hazard Analysis and Critical Control Points), Business Continuity Planning, internal audits, trend analysis and preventive action processes and, as already discussed, where these processes do already exist they will simply need to be aligned with the requirements of the new version of the standard.
“Products and services” instead of “product”
ISO 9001:2008 already determines that wherever the term “product” was used within the standards it also meant “service” (see Clause 3). The new standard will replace the term “Product” with “Product and Service”.
To some, this is a very minor change and won’t impact at all on their understanding of the existing standard. For others, mainly Service Providers it brings much needed clarity and removes an opportunity for misunderstanding of what requirements apply to them.
Others changes we can expect, include the following;
- More requirements for top (and other) management.
- “External provision of products and services” instead of “purchasing” – includes outsourced processes.
- Elimination of specific requirements for a Quality Manual and a Management representative (you can still keep these of course but they will no longer be required).
Managing the Transition through Audit and Corrective Action
One approach that organisations could take to managing the transition, could be to use their internal and external audit processes to flag any gaps between their current QMS and the new requirements. Organisations can then use their Corrective Action process to drive through the changes required over time.
To achieve this, Internal auditors will need to be trained in the changes to ISO 9001 as soon as possible after the standard is published, this will allow them to use the requirements as additional criteria in their audits, and then raise observations against these new requirements in their reports to allow the changes to be addressed gradually within the system over the 3 year expected transition phase.
This is the expected approach of the Certification Bodies who will start raising observations (or category 3 findings) once the standard is published later this year.
None of the changes coming in ISO 9001:2015 should present a major problem for organisations to address over the 3 year transition to the new version – by planning now and introducing change gradually the disruption to the organisation should be minimal.
If you would like to find out more about Quality Management Systems, do have a look at our ISO 9001 internal quality auditor course.
This article was written by Shane Curran, SureLeaf Systems. Shane is an expert member of the NSAI Quality Management Standards Committee, whose role it is to review and approve the changes to national and international Quality Standards including the ISO 9000 series; he works as a freelance management systems consultant and auditor and works with the BioLogiQ team from time to time as an Associate.