ISO 9001:2015 has arrived and manufacturers now need to analyze the standard to ensure that requirements are integrated into quality management systems. While some have speculated about potential transition difficulties, many manufacturers will find that generally they will meet the intent of new requirements in this standard. Some necessary steps will confirm if your company is on track.
Conduct a Gap Analysis
The biggest mistake manufacturers can make is to begin the transition assuming they understand the new requirements and how they can be applied within their own organization. To avoid this, conduct a comprehensive gap analysis and have those responsible for managing the transition read the revised
ISO 9001:2015 standard cover to cover. The introduction provides a vital foundation to understanding requirements while Annex A specifically addresses the rationale for some of the changes in the standard. Annex A is also an excellent tool to help ensure that your organization does not misinterpret new or revised requirements. The rationale can be used to not only help your business with the transition but as background for discussion with auditors where there could be a difference in opinion in interpreting requirements.
It is equally as important to read ISO 9000 which is the terminology document for ISO 9001. ISO 9000 includes unique definitions that help an organization understand the use of a specific term in the context of the standard.
When conducting the gap analysis, manufacturers should audit to requirements and not specific terms. Let’s take the term “management representative.” This term is no longer used in the standard, so an organization might at first glance believe this is a significant change. However, when reviewing the requirements in 5.3 organizational roles, responsibilities and authorities, manufacturers can quickly see that requirements that were in ISO 9001:2008 remain in the standard. The only exception is that the responsibilities and authorities are now the obligation of all top managers instead of specifically related to one person or a single role.
Develop an Implementation Plan
After the gap analysis is completed, establish an implementation plan that includes actions needed to complete the transition by a planned date. Discuss the transition date with your certification body to ensure that there is understanding about the transition process prior to the audit.
Build your plan based on what you have. Many manufacturers will find that while there are new requirements, these are activities that are typically already part of an organization’s decision-making process even if there is no formal structure around the application. For example, ISO 9001:2015 includes new requirements (4.1) for organizations to determine internal and external issues.
While manufacturers likely have not referred to internal and external issues, they probably have considered them through some type of strategic activity. Even small and medium sized enterprises consider issues that could affect their operations.
Manufacturers should look at these activities prior to developing any “new” process to make these determinations. It is important to note, that while strategic planning is not a requirement of the standard, issues should be determined in alignment with the organization’s strategic direction.
This common sense approach can also be applied to clause 6.1 (actions to address risk and opportunities.) Organizations make risk-based decisions all of the time. A manufacturer might have a single source external provider and be concerned that the provider cannot meet their demands. Based on this concern the company might take action to find a secondary source. This type of action aligns with clause 6.1.
While the intent of the standard is met in most situations, some manufacturers may find that although a formal risk management approach is not required, that they need to be a little more deliberate in the determination of risks and opportunities. However, if an organization does have a formal risk management program, it can be used to meet the intent of this requirement.
Understand Documented Information and Auditability
One of the key changes in the ISO 9001:2015 revision is the move to less prescriptive requirements as risk-based thinking can be leveraged to determine when documented information is needed. This change means that there are no specific requirements for documented procedures or a quality manual. That’s a huge shift. In the 1994 version of the standard, there were seventeen requirements for documented procedures. This was reduced to six required documented procedures for the 2000 and 2008 versions of ISO 9001.
Now organizations will need to determine what documented information is needed beyond the minimal requirements included in ISO 9001:2015. Clause 4.4.2 (quality management system and its processes) include requirements that an organization determine what documented information it needs to demonstrate control of processes and provide objective evidence of conformance.
The lack of specific documented information requirements has raised concerns by organizations for how they will be audited. In reality, organizations involved in previous ISO 9001 transitions will tell you that in most cases the changes in documented procedures did not directly relate to a reduction in the number of documented procedures.
This is no different from current practices. There are only six documented procedure requirements in the current standard and yet third party auditors are able to audit requirements where there is no required documented procedure such as competence or purchasing. In this case, it will be business as usual.
Organizations are concerned when there are not specific requirements to maintain or retain documented information. This concern is not new. In fact, since the 2000 version, the Auditing Practices Group, a group of ad-hoc experts representing ISO TC176 and the International Accreditation Forum (IAF), have drafted papers that illustrate different auditing methods including a quality management system with minimal documented information. It requires the auditor to interview the organization and confirm requirement implementation through additional employee interviews.
While manufacturers will still be responsible for demonstrating conformance, don’t let the auditability factor drive your organization to unnecessary documentation.
The key to a successful ISO 9001:2015 transition will be to understand the requirements, conduct a gap analysis, and not let concerns with auditability and documented information drive bureaucracy into your quality management system.
Ultimately, manufacturers should look at implementing changes that add maximum value to their organization. For more information on ISO 9001:2015, ASQ Quality Management Standards
Lorri Hunt is a U.S. technical expert and task group monitor for ISO 9001 revision and is the president of Lorri Hunt and Associates Inc.