We all are aware by now that ISO 9001:2008, an international standard for Quality Management System (QMS) published by ISO, which has so far been the most implemented management system standard across the world, has undergone revision. The earlier released edition of ISO 9001 which was a year 2008 release is now replaced by 2015 edition. The deadline of transitioning your 2008 edition based QMS to ISO 9001:2015 based QMS is September 2018. Starting September 2017, no Certification Body can issue fresh Certificates or conduct Surveillance Audits or Continual Assessments for QMS based on 2008 edition requirements.
Considering this change, a lot of organizations are worried about how to plan the transition. The new standard of ISO 9001:2015 edition is quite different than the earlier 2008 edition in terms of structure and requirements. The organizations who also had Information Security Management System (ISMS) based on ISO 27001 implemented, faced this transition exercise when the ISMS standard was upgraded from 2005 edition to 2013 edition. Organizations who have already undergone the ISMS transition can relate to the new requirements of ISO 9001:2015 comparatively faster than the organizations who have no exposure to the ISMS.
So, let us first understand why the ISO 9001:2015 Standard is different and how it is different than its predecessor ISO 9001:2008.
The new standard is based on Annex SL format which is now standardized by ISO across all existing as well as new management system standards (MSSs) viz. ISO 27001:2013 (ISMS), ISO 14001:2015 (EMS), ISO 22301:2012 (BCMS) etc. The Annex SL format has standardized High-Level Structure which shall remain common across all standards. The Clauses range from 1 to 10 wherein Clause 1, 2 and 3 are informative whereas Clause 4 to 10 are requirements.
The structure and content for all these clauses also remains same across various standards. For Eg. Clause 4 – Context of the Organization shall remain same across ISO 9001, ISO 27001, ISO 14001 etc. This is helpful to Organisations who have multiple ISO Standards implemented at their end and for those too who wish to integrate multiple ISO based systems as one Integrated Management System (IMS).
The 2015 standard is no longer a document based standard but has transformed itself into risk based standard. The 2015 edition of QMS no longer requires mandatory documents such as Quality Manual, Document Control Procedure, Record Control Procedure etc. which were predominantly required in 2008 edition. The new standard requires an organization to define the scope of their QMS and subsequently plan, implement, check and improve (an approach which is popularly known as PDCA – Plan-Do-Check-Act) their QMS based on the context of the organization. The new standard requires the organization to identify the internal and external issues, requirements of interested parties as well as identify risks and opportunities for all of them and plan the actions to address these risks and opportunities.
SCOPE AND EXCLUSIONS
The ISO 9001:2015 standard does not provide any specific clause for exclusion but allows an organization to decide the exclusion based on valid justifications. An organization may choose to exclude any requirement starting from clause 4 to 10. The scope of the QMS (not the scope of certification) should be based on the context of the organization.
The standard ISO 9001:2015 no longer separates the Documents and Records likewise in 2008 edition. A new term of Documented Information which combines both Documents as well as Records has been introduced in 2015 edition.
Though, the new standard does not state any mandatory requirement for a manual or procedures, it requires the organization to maintain (document) and retain(record) documented information as evidence for establishing the conformity to some specific requirements stated in ISO 9001:2015 standard.
The ISO 9001:2015 standard under Clause 5.1 specifies responsibilities and accountability for Leadership Team and Top Management. The requirements are clearly defined and makes the Leadership accountable to implement these actions.
PRODUCT AND SERVICES
The ISO 9001:2015 edition no longer only uses the term Product for planning, pre-production, during production or post production. The term used in 2015 edition is Product and Services which covers all aspects of industry domains and covers both product organizations as well as service oriented organization. This has helped all service oriented organizations to relate the standard easily with their area of operations and line of business.
Further, the ISO 9001:2015 standard clearly defines the areas, expectations and requirements during pre-production, during production and post production processes. The changes during all these stages is also required to be controlled through a defined process and supporting evidences. The concept of defining process acceptance criteria and monitoring and measuring the process outcomes against the defined criteria is explicitly stated in standard which calls for detailed process performance monitoring at core as well as support functions.
MANAGEMENT OF NONCONFORMITIES
Within ISO 9001:2015 standard the corrections, causal analysis and corrective actions are applied to all forms of non-conformities. This covers non-conformities arising from process performance, quality checks, customer feedbacks, customer complaints, internal audits or external reviews. The standard specifies the process to be adopted for addressing all such non-conformities and also check the effectiveness of the actions. The term Preventive Action has been removed and re-introduced as ‘the action to address risks and opportunities.
Now with all the changes and revisions, how do you plan the transition to be smooth and effective. For helping such organizations, we are presenting a 9 step approach to smooth transition from ISO 9001:2008 edition to ISO 9001:2015 edition. Here we go –
Step 1 – Identify the context of organization by identifying internal and external issues, interested parties and their expectations which may be stated, generally implied or obligatory. Identify the risks and opportunities arising from this context and also plan the actions for addressing these risks and opportunities. Track the completion and effectiveness of these actions.
Step 2 – Review and update the Scope of the QMS, if necessary, based on the defined context of the organization, locations, products, services, processes and activities. Review the Quality Policy in the context of the new requirements and revise if required. Follow the approval method defined in your QMS.
Step 3 – Define the process performance criteria, metrics and implement the monitoring and measuring mechanism to produce records that can provide conformity for the pre-production, during production as well as post production processes.
Step 4 – Review the quality objectives defined on organizational level, departmental level and functional level, as maybe established in your existing system. Ensure that the Objectives are specific, measurable, attainable, relevant and time-bound. Determine the risks and opportunities and plan actions to address these risks and opportunities related to the objectives. Ensure that the monitoring and measuring of quality objectives is planned and conducted. Results of monitoring and measuring shall be analyzed for planning corrections and/or corrective actions.
Step 5 – Identify and define what all will be monitored and measured as part of the QMS. Define the monitoring and measuring activities in terms of what, who, how, when and plan who, how and when shall be evaluate the results. Define the management of planned changes within all processes, functions and departments. The changes shall ideally undergo the process of impact assessment (may again relate to risks and opportunities), review, approval and effectiveness check post implementation.
Step 6 – Plan the addressing of all types of non-conformities arising from processes, quality checks, audits, customer feedbacks, customer complaints, supplier evaluation, re-evaluation or periodical evaluations of suppliers and service providers, monitoring of processes, monitoring of quality objectives etc. All non-conformities shall undergo process of corrections, causal analysis or root cause analysis and planning corrective actions to eradicate or eliminate the root cause for avoiding the re-occurrence of non-conformities.
Step 7 – Create awareness within the organization about the revised ISO 9001:2015 standard, requirements of the standard, about revised quality management system designed on the basis of the new standard, about how to audit the new system against changed requirements. The employees of the organization shall have awareness about the objectives, processes, the conformity requirements to standard and process criteria. The effectiveness of the awareness and training shall be measured.
Step 8 – Once the system is designed and implemented, get the same audited by trained, competent and experienced Internal Auditors. The Auditing activity can also be outsourced in the absence of trained and competent Auditors within organisation. Organisation shall plan the closure of gaps or findings arising out of Internal Audit and the closure shall be verified and effectiveness of actions shall be evaluated. Once the internal audit gaps are closed and verified, the designed and implemented system shall be presented to Top Management including the monitoring and measuring results, analysis, customer feedback analysis, actions taken on customer complaints etc. The actions arising out of Management Review shall be tracked for closure and reported to Management.
Step 9 – Once the entire transition is completed, reviewed through internal audit and management review process, you can plan to get the system audited by your external third-party Certification Body.
Maintain the Certification achieved and enjoy the benefits derived from the implementation of the new ISO 9001:2015 based Quality Management System!