A revised version of ISO 9001 is set to be released in September 2015. With the changes coming into force only a little over a year from now, Certex has detailed, decoded and described all relevant information currently available. This article aims to pool together all that information into one handy overview for our clients.
Every five years, the ISO Committee revisits its standards and reviews performance against relevance, popularity, issues and complaints, and so on. Further, every seven years, these Standards are revised and updated. The last update for Quality Management occurred in 2008 and changes were, on the whole, relatively minor. In fact, if your company has robust systems in place, the impact of the 2015 changes should also be quite small. At its last review, the ISO Committee recognised that, though ISO 9001 is currently performing well, it needed to respond more strongly to technological advances that have occurred since the last major change to the system in the late 1990's. For example, many offices now are paperless and ISO 9001 needs to reflect the use of new technologies for document storage. The current ISO 9001 standard has limited relevance to companies which use Cloud-based and Enterprise-related systems. There's more. Increasingly, companies are taking on all three standards: quality, safety and environmental management. That is, they run multiple management systems. Though these standards have very similar requirements, they are phrased and structured differently, and this makes it more onerous for companies who are planning to become certified. It's now recognised that ISO 9001 needs to be updated to keep it relevant to the environments: technological and otherwise, those companies operate within. Further, it needs updating to enable harmonisation with other management systems.
Overall, what do the changes do?
1. Align management systems Nigel Croft, Chair of the ISO subcommittee responsible for ISO 9001, dislikes using the phrase "integrated management systems" . He believes that essentially, an organisation has a single management system which explains how that company runs its business and that this management system may then need to meet criteria and expectations across different sectors like Quality, Environmental management, and Occupational Health & Safety. Aligning 9001 with other Standards like ISO 14001 achieves this and reduces workload for both clients and companies when auditing against multiple management systems. 2. Increase emphasis on the "process approach" We explored this concept in our last newsletter. Very briefly, companies began to use the 9001 standard to describe their Quality Management Systems, and develop their Quality Manual based on the clauses of the 9001 standard. This was problematic because it meant that the Quality Manual was only utilised to describe a business rather than direct its actions. ISO 9001:2015 will reinforce the process-based approach to quality management by structuring the Standard to emphasise the activities of a business instead of the criteria for a quality audit. 3. Incorporate "risk-based thinking" Risk- Based Thinking has always implicitly governed how we run our businesses. We invariably stop to consider: how will this process affect the outcomes that I want to achieve? In this sense, Risk-Based Thinking is also clearly part of 'process approach' because we generally compare a business activity against its consequences before proceeding with the activity in question. So what does 9001:2015 aim to do? Quite simply, it explicitly, brings Risk-Based Thinking to the forefront of our thinking. It makes preventative action part of the 'routine' which in turn, reminds us to identify both risks as well as new opportunities in a process. Businesses thereby gain a significant understanding of both their system processes as well the management of their system processes. The changes recognise that the amount of rigour we apply to risk management will differ depending on the nature of the organisation that we are running. Thus, it specifically caters for the context of an organisation including: who is running the company, where are they running it and how big it is. More importantly, it considers the impact of an organisation on the communities that they operate on or have a significant influence in. This involves considerations such as sustainability, business continuity, environmental and social impact..
What will you need to do?
You will not need to take any action immediately. When you have your next audit with Certex we will point out any areas that may not be consistent with the updated standard. You will then have until 2017 to implement the necessary changes. Further, many businesses will not need to make many changes; some will see no change. At Certex we have always strongly believed that your quality management system should be about your business first and foremost. It should describe what you do and how you do it. It should focus on the most important areas in your business. It should help your business be transparent, controlled and consistent. If your quality management system does this for you then you are already in a good situation. Certex will be running a series of one day workshops to help explain these changes, starting at the end of July. Please let us know if you would like more information by emailing firstname.lastname@example.org or phoning + 61 3 9585 8241.