New Year – New ISO 9001
Changing over from the old version to the new one - how does this work?
The transition period for the new Standard has been fixed to amount to 3 years. This means that Certificates that have been issued acc. to ISO 9001:2008 will become invalid in September 2018 - provided the Standard appears in September 2015. Thus it will, by that time, be necessary to have all requirements reviewed by the Certification Body and to undergo a Certification or Recertification Audit.
Some important topics, such as process management, risk based thinking, alignment to the strategic direction of the organization or organizational knowledge, are addressed. This is why it is recommendable to deal with these topics in a timely manner and to implement them as to ensure that value is created for the organization.
Therefore, this is a good moment to be informed and to start change projects. If the last moment is waited for, requirements risk only being drawn on paper but not being brought to life. Or it may even happen that processes only are established in order to meet the requirements of the Standard and do not really create value for your organization.
Are you prepared?
Remarks to clauses of the current draft (DIS)
The introduction explains some essential approaches of the Standard (process approach, context of the organization, risk based thinking), includes new model charts and explains the connection with other ISO Standards in the field of quality or other management systems.
The scope has remained unchanged.
Now a separate clause (4.3) is dedicated to the “scope of the quality management system”.
2 Normative references
3 Terms and definitions
The present draft includes the definitions in the harmonized concept for the management system standards as well as those from the current draft of ISO 9000.
4 Context of the organization
Understanding the internal and external context of the organization is a major element for the design of adaptable and tailored management systems. Determining this context is a new requirement of ISO 9001. The identification of the requirements placed by the relevant interested parties also is a requirement newly anchored.
The explicit possibility of exclusion of requirements in the clause dealing with product realization no longer is intended.
The process approach which entered ISO 9001 for the first time in 2000, has been consolidated while newly incorporating additional requirements (cf. Process Owner, input/output).
“Commitment” demonstrated by top management is of utmost importance for the success of a quality management system. This is reflected in the draft. The requirements placed on top management relating to leadership, communication and ensuring that the quality management system is effective have been enlarged accordingly.
The responsibilities to be established, which are stated under the title “Management representative” in today’s version, have been extended (keywords customer focus, process outputs and change management).
The most important new element in the field of planning is that considering of risks and opportunities is integrated.
In this respect, Clause 6.1 includes the key issue of a risk based quality management system. Risks and opportunities need to be identified, and the way to handle them also needs to be established in detail.
The requirements relating to quality objectives have been put in more concrete terms (cf. 5.4.1. ISO 9001:2008). In this context, it is required to draw up an action plan for implementation and plan and systematically carry out changes.
The former field of topics relating to resources has been enlarged and remodelled to address “support”. The topics of competence, awareness and communication have been integrated with own headers and made more significant.
Resources do not only include infrastructure and resources needed to operate the processes but also measuring devices and knowledge. “People” also are mentioned explicitly. Now monitoring and measuring devices are seen in a larger context. For it also is measuring devices in the service sector, (including surveys and empirical methods), that need to be judged to be suitable. Organizational knowledge has been added as a requirement. In this respect, identification, retention, distribution and acquisition of knowledge are addressed to a particular extent.
Resources also cover documentation requirements (cf. 4.2 ISO 9001:2008). The term “Documented information” supersedes the known terms of “Document”, “Record”, “Documented procedure”, etc. The focus is on expedience.
The clause “Operation” now includes all the requirements referring to the specific processes for the realization of goods and services: operational planning and control, determination of requirements related to the goods and services, development of goods and services, control of external provision of goods and services, production of goods and provision of services, release of goods and services and nonconforming goods and services.
The requirements relating to planning have been put in more concrete terms, above all in terms of the criteria to be established for these processes as well as the controls adjusted to them.
The field of design and development has changed in its structure and text. Detailed requirements relating to design and development review, design and development verification and design and development validation and the control of design and development changes are simplified. A development process will have to be established if the specifications have not already been defined or are required by the customer or another interested party.
Purchasing and outsourced processes are combined to the term “External provision”.
Depending on what an organization delivers or what services or processes this organization provides, the kind and scope of the control of external provision can be designed in different ways.
9 Performance evaluation
The requirements relating to monitoring and measurement are more detailed: It will be required to determine what is produced at what time and by using what methods and when outputs are analyzed and assessed. As for the outputs, documented information needs to be retained as evidence. The current draft no longer includes clauses specifically dealing with monitoring and measurement of products or processes.
Preventive action is not included in the draft either - the system itself, which is based on the risk based approach, is preventive.
Improvement no longer only is restricted to continual improvement, which is achieved by means of continual processes. Instead the organization needs to respond to changes. This can also include non-recurring changes, if necessary.