#ISO #19011:2018 – Guidelines for auditing management systems has been updated

ISO 19011:2018 – Guidelines for auditing management systems has been updated. The standard applies to organizations that need to conduct internal or external audits of management systems and manage audit programs. The standard covers:

The principles of auditing;
Managing an audit program;
Conducting management system audits;
Guidance on evaluating the competence of personnel involved in the audit process.
All new management system standards including ISO 9001, ISO 14001, ISO 27001 and ISO 45001 are based on Annex SL format and terminology. Annex SL was developed to ensure that all future ISO management system standards share a common format irrespective of the specific discipline to which they relate.

Annex SL prescribes a high-level structure, identical core text, and common terms and core definitions and greatly facilitates the integration of management systems. As a result of the introduction of these new standards, there is a need to consider a broader approach to management system auditing, as well as providing guidance that is more generic in nature. Audit results can provide input to the analysis aspect of business planning and can contribute to the identification of improvement needs and opportunities.

Planning is an integral part of all management systems. Effective planning is concerned with prevention by identifying, eliminating and controlling hazards and risks.

Annex SL requires that when planning for any management system (clause 6.1), the organisation should take into account the following:

The organization and its context (clause 4.1);
The needs and expectations of interested parties (clause 4.2);
The scope of the management system (clause 4.3).
Planning should be proportionate to the level of risk identified and this principle resonates with ISO 19011.

The main changes introduced by ISO 19011:2018 are as follows:

Addition of the risk-based approach to the principles of auditing;
Expansion of guidance on managing an audit programme, including audit program risk;
Expansion of the guidance on conducting an audit, particularly the section on audit planning;
Expansion of the generic competence requirements for auditors;
Adjusted terminology to reflect the process approach to auditing;
Removal of the annex containing competence requirements for auditing specific management system disciplines (due to the large number of individual management system standards, it would be impractical to include competence requirements for all disciplines);
Expansion of Annex A to provide guidance on auditing (new) concepts such as organizational context, leadership and commitment, virtual audits, compliance and supply chain.
The standard provides guidance for all sizes and types of organizations and audits of varying scopes and complexities, including those conducted by large audit teams, typically of larger organizations, and those by single auditors, whether in large or small organizations. The guidance should be adapted as appropriate to the scope, complexity and scale of the audit program.

The standard concentrates on internal audits (first party audits) and audits conducted by organizations on their external suppliers and other external interested parties (second party audits). The standard is also useful for external audits conducted for purposes other than third party management system certification. ISO/IEC 17021-1 provides requirements for auditing management systems for third party certification and ISO 19011 can provide useful additional guidance.

ISO 19011:2018 does not follow the annex SL model but does have a risk-based approach. It contains the following main clauses:

Clause 4 describes the principles on which auditing is based. These principles help the user to understand the essential nature of auditing and are important in understanding the guidance set out in clauses 5 to 7;
Clause 5 provides guidance on establishing audit program objectives, determining and evaluating audit program risks and opportunities, and implementing, monitoring, reviewing and improving the audit program;
Clause 6 provides guidance on initiating the audit, preparing and conducting audit activities, preparing and distributing the audit report, completing the audit and conducting audit follow-up;
Clause 7 provides guidance on determining auditor competence, establishing auditor evaluation criteria, selecting appropriate auditor evaluation methods, conducting auditor evaluation and maintaining and improving auditor competence.;
Annex A provides additional guidance for auditors planning and conducting audits.
An audit can be conducted against a range of audit criteria, separately or in combination, including but not limited to:

requirements defined in one or more management system standards;
policies and requirements specified by relevant interested parties;
statutory and regulatory requirements and other requirements;
one or more management system processes defined by the organization or other parties;
management system plans relating to the provision of specific outputs of a management system (e.g. quality plan, project plan, etc.).
A new seventh principle of auditing has been added to Clause 4 to complement existing principles of integrity, fair presentation, due professional care, confidentiality, independence and evidence-based approach, which are inherited from the 2011 version of the standard. Auditors will now be expected to employ a ‘risk- based approach’ in order to substantively influence the planning, conducting and reporting of audits such that audits are focused on matters that are significant for the auditee and for achieving the audit program objectives.

Clause 5: Managing the audit program now requires that consideration be given to the organizations identified risks and opportunities and the actions taken to address them when preparing the audit programme.

Clause 5.3 Determining and evaluating audit program risks and opportunities states that there are risks and opportunities, and internal and external issues associated with an audit program that can affect the achievement of its objectives. The person managing the audit program should present to management the risks and opportunities considered when developing the audit program and its resource requirements.

Annex A, ‘Additional guidance for auditors for planning and conducting audits’ has been expanded to include the following auditing topics:

1 Applying audit methods
2 Process approach to auditing
3 Professional judgement
4 Performance results
5 Verifying information
6 Sampling
7 Auditing compliance within a management system
8 Auditing context
9 Auditing leadership and commitment
10 Auditing risks and opportunities
11 Life cycle
12 Audit of supply chain
13 Preparing audit work documents
14 Selecting sources of information
15 Visiting the auditee’s location
16 Auditing virtual activities and locations
17 Conducting interviews
18 Audit findings
In summary, ISO 19011:2018 is a welcome addition to the auditing canon and should contribute to a substantial improvement in the conduct of management system and other audits. Please contact with any questions or if we can support your internal audit process

Selecting the best ISO 9001:2015 “risk-based thinking” approach

The world’s most popular quality management system ISO 9001 now requires organizations to place “risk-based thinking” at the center of their quality management system.

Organizations must now apply risk-based thinking when identifying and addressing their quality risks, designing their quality management system and allocating resources, managing their operational processes, monitoring, analyzing and evaluating their risk control performance and preventing or reducing the impact of nonconformance.

The revised standard states that organizations can either adopt a qualitative or quantitative risk-based thinking approach to these activities, depending on their context. Here I outline the key differences between the two options, and why your organization should choose the quantitative approach.

Qualitative approach

Qualitative risk-based thinking relies on people’s opinions rather than hard empirical evidence to assess process and supplier nonconformance risks. Its simplicity makes it an appealing ISO 9001:2015 option, but it has one serious weakness – you can’t effectively control your non-conformance risks using qualitative methods. And if you can’t effectively control your nonconformance risks – you can’t improve them; as highlighted out by H. James Harrington.

Organizations that choose to go down the qualitative route are very likely to end up with inconsistent risk assessments, suboptimal process and supplier monitoring, ineffective risk control, and little if any long-term improvement.

This can result in inappropriate risk controls, unnecessarily high monitoring costs, product and service rejections, rework costs, project delays, performance penalties, reputational damage and reduced earnings.

This is why, if used at all, qualitative “risk-based thinking” should be restricted to initial risk assessment activities only.

Quantitative approach

Quantitative “risk-based thinking” avoids many of the pitfalls associated with the qualitative approach by accurately measuring an organization’s process and supplier risks.

The typical risk matrices associated with each approach, illustrated below, highlight the key differences between the two approaches.

In the above example, the quantitative risk assessment matrices’ vertical axis represents the dollar ($) impact a product or service nonconformance is likely to have on an organization’s goals and objectives.   The horizontal axis, its frequency or rate-of-nonconformance; which acts as a precursor of future nonconformance likelihood or probability. In contrast the qualitative approach uses subjective descriptions.

The key to turning a quantitative risk assessment matrix into a highly effective and efficient ISO 9001 risk monitoring, control and improvement tool, is being able to accurately measure the consequence and rate of nonconformance at process and supplier levels.

In conclusion

The new risk-based thinking requirements outlined in ISO 9001:2015 can be seen as an extra burden by some organizations. For this reason, the qualitative route may appear appealing; despite its serious pitfalls.

Progressive organizations, however, will see the quantitative risk-based thinking approach as an opportunity to significantly improve the efficiency and effectiveness of their quality management system; thereby helping secure their future business success.

Source: Peter Miller

How to measure #training effectiveness according to #ISO9001

In a Quality Management System (QMS) based on ISO 9001, competence and training are an integral part of planning and managing the processes of the QMS. As explained in Using Competence, Training and Awareness to Replace Documentation in your QMS, knowing the competencies required to perform your processes, and closing any gaps between the competency required and the competency of your employees with training, is the backbone of having a well-run process rather than relying on documenting everything. However, in order for this to work properly you need a way to ensure that your training has effectively closed the gaps so that you have the competencies required in your workforce.

In the article Improving quality through effective training, the process of managing your training needs was discussed. This involved identifying the training needs, planning the training, and evaluating the training. Proper management of the training needs is critical if you are to know that the training you have presented is effective.

The very first step needs to be proper identification of the training needs. Without proper identification of the training needs, knowing exactly which competency is needed, how can you verify if the training has been effective? By properly identifying the competencies needed to satisfy the function of your process, your continual improvement needs and the requirements for your quality objectives, you can then compare the competencies you need against the competencies you have in your workforce.

By knowing what competency gap you are trying to resolve, you can more easily compare after your training to see if the competency has been filled. This will tell you if your training was effective.
Measuring training effectiveness: Some practical examples

One simple example of training that is commonly used in ISO 9001 implementation is ISO 9001 awareness training. When you have started to implement ISO 9001, very few people in your organization will understand what a QMS is about, so you will deliver the necessary awareness training to employees. After this training, you will follow up during your process implementation and internal auditing to see that employees now understand better how a QMS works within your organization. It is this follow up that shows you whether the training was effective.

For more information on ISO 9001 awareness training, see ISO 9001 awareness training material: How to create it, what it should contain.

As an example of using training to improve processes in your QMS after implementation, let us say that you have identified that one of your quality objectives is to decrease the cost to perform your processes by making them more efficient and effective. After some investigation, you decide that the best way to do this is to increase the number of small improvements within your processes through the use of the lean manufacturing concept of kaizen: a strategy that incorporates all employees to find incremental changes that will improve the manufacturing process. Since none of your employees understand this lean manufacturing concept, you identify that you have a training need in order to meet this quality objective.

The next logical step is to locate the training you need through an outside training supplier. This training is then delivered to all your employees so that they understand lean manufacturing, and in particular, how kaizen works. This can be done exclusively with the outside training organization, or you could train some internal people who can then train the other staff at your organization. At the end of the training, you can assess if people have learned the skill before they leave the training, which is the first level of verification of effectiveness.

However, after returning from the training you will be having your employees use their new skills. For example, one of the tools is a Kaizen Blitz, where a small group of individuals will work on a process to find ways to improve it in a short amount of time, and you can have several of these sessions throughout your company. These will generate improvements, and subsequent cost savings in your processes.

During this time you will collect data as to the cost savings that have been generated by these process improvements. After a length of time, say several months, this data will show how well your employees have been able to implement their new training towards your objective of decreasing the cost to perform your processes by making them more efficient and effective.

It is only at this point, once you have done this follow up on the effectiveness of your training, that you can know the true effectiveness of your training – when you monitor the process that you wanted to improve by supplying the training to close the competence gap in your organization.
Verify training effectiveness to gain the full benefit from your training

Verifying training effectiveness is something that many companies have troubles with; however, if you are not verifying the effectiveness of training, you are not getting the full benefit from the training. Since training is an investment, you want to know what the return on this investment was so that you can know that your money and time were well spent.

Without following up on your training investment to see if it was effective, you can never be certain that your investment was worth the cost. You owe it to yourself to check your return on investment in training, just like any other investment.

Source: Mark Hammar

How to use ISO 9001 to facilitate the manufacturing of a complex product

The reason for implementing a Quality Management System (QMS) is to improve the consistency of your product, but ISO 9001:2015 itself does not specify the process you need to use for manufacturing a complex product. This is due to the fact that the ISO 9001 standard is intended to be non-prescriptive, which means that it does not detail how to meet the requirements, so that it can be applied to many different products and services. Here is an explanation of how you would apply clause 8.5, production and service provision, and clause 8.6, release of products and services, to a complex product.
Manufacturing a complex product

Complex products will very often require the use all of the requirements within these two sections, while simpler products or services will not. Here is a generic flow for manufacturing a complex product, how the ISO 9001 requirements relate to the process, and some examples of what a company might use in the process of manufacturing a complex product:

1) Define and create the required documentation. A complex product will need some documentation that gives the details on how to manufacture and verify it (clause 8.5.1 a). This may include detailed drawings, parts lists, assembly instructions, inspection instructions, and testing procedures. These documents will provide all of the information that is needed to assemble, adjust if needed, and verify that the product meets all of the requirements that have been identified as necessary for its function.

2) Package your documentation for your employees. Often called a product package, build documentation package, travel kit, or production order, you need a way to identify in one place all of the documentation needed for the assembly, adjustment, and verification. This can take many forms, from entirely hard copy paper packages to entirely electronically stored and accessed, but it will be the one place that you can go to know the requirements, and status of all the requirements, on the product– especially when changes are made (clause 8.5.6).

3) Identify and include additional information in the product package. If you have requirements for identification and traceability (clause 8.5.2), such as batches or serial numbers assigned to the product, then this is the stage when these are often assigned as part of issuing the build documentation package. The package should also define any special requirements to maintain the preservation of the product through the assembly, adjustment, and test phases, so that it is delivered in working condition (clause 8.5.4).

4) Assemble the product. Complex products will require different skills to assemble the product, such as soldering, welding, bonding, and complex assembly. These operations may need specific environments to be done properly (clause 8.5.1 d), and may also require special competencies such as certified soldering personnel (clause 8.5.1 e). Some of these processes may even be of a nature that they cannot be verified after the fact (such as soldering), and are reliant on controlling the process and potentially destroying a sample product for inspection to prove the process is still working properly (clause 8.5.1 f), rather than inspecting the product directly. On some occasions customers will supply components to be assembled into the product, and this needs to be controlled (clause 8.5.3).

5) Adjust the product. Sometimes a complex product will not work immediately, and will need a tuning or tweaking step before it can be ready to test. This may also need specially competent persons (clause 8.5.1 e), specific environmental conditions (clause 8.5.1 e), and appropriate measurement devices (clause 8.5.1 b) to get the job done.

6) Verify the product. After the product is fully functional, then an appropriate test regimen will take place to make sure that all of the requirements that the product needs to meet are indeed within the specification limits. This will be done per a test procedure that outlines the activities to take place and the criteria to be met (clause 8.5.1 c), as well as the equipment to use (clause 8.5.1 b). This will sometimes include testing property that is supplied by the customer for some tests (clause 8.5.3).

7) Release the product to the customer. After you have made sure that all of the planned requirements for the product have been met, or any deviations are accepted by the customer, then you can present the product to the customer with the evidence that this has happened (clause 8.6). On a complex product this may entail test reports, inspection reports, audit reports, or customer inspection audits and reports delivered as evidence that requirements are met.

8) Perform post-delivery activities. Often, complex products require activities after you deliver such as installation of the product or ongoing service and maintenance of the product (clause 8.5.5). This may be due to the needs of the product, legal requirements, or customer requirements, but it is an integral part of the product. This is not intended to deal with non-conforming products returned because they don’t work
Not all products and services are the same

While this gives an outline of the process for a complex product, it is important to remember that not all products and services are the same, which is why the requirements of ISO 9001 are written as they are, so that they can be used by any organization in any industry throughout the world. As the internationally recognized standard requirements for implementing a QMS, the ISO 9001 requirements will help you to make sure your QMS includes all the elements necessary for a well-functioning management system to control the quality of your products and improve both your processes and your customer satisfaction, which is what you want out of a good QMS.


Source: Mark Hammar

#ISO14001:2015 integration with #ISO9001:2015 – What has changed?

By following the format set out in Annex SL, both the ISO 9001:2015 and ISO 14001:2015 standards have a top-level format that is the same, thereby making it easier to compare what is common and what is different between the two standards. The requirements of each standard start at Clause 4, and here is a summary of the similarities and differences between these clauses:

Context of the organization: Both standards include understanding the context of the organization, understanding the needs and expectations of interested parties, and determining the scope of the management system. By doing this, one process can be utilized for these activities, with a minor change in focus from the EMS to the QMS. For more information, see Determining the context of the organization in ISO 14001.
Leadership: Again, both standards include the need for leadership and commitment, creating and communicating a policy for the management system, and the definition of roles, responsibilities, and authorities as they relate to the quality and environmental functions within the management systems. One additional requirement in the QMS is the importance of customer focus. For more information, see How to demonstrate leadership according to ISO 14001:2015.
Planning: For both the EMS & QMS there is a need to address risks and opportunities, and to create and plan to achieve management system objectives. The EMS has additional requirements of understanding the environmental aspects and compliance obligations for the company processes, and these need to be addressed separately.
Support: Although minor differences exist, the common themes of resources, competence, awareness, communication, and documented information need to be addressed. Additionally, the processes and procedures put in place to address these requirements in both management systems can be the same, addressing both sets of documented requirements at once.
Operation: This is one major area of difference between the standards, and requires separate processes for both the EMS and QMS. While both include the need for operational planning and control, the EMS then only has emergency preparedness and response as additional requirements. The QMS has many more required processes such as design control, release of products and services, and control of non-conforming outputs.
It is beneficial to note that the operational control requirements for both the EMS and QMS can be integrated into the same processes and procedures; for instance, a purchasing procedure can include any EMS controls, such as the need for Material Safety Data Sheets (MSDS) when purchasing materials, rather than having a separate procedure for controlling purchase of these materials.
Performance Evaluation: Both ISO 14001:2015 and ISO 9001:2015 have a focus on the need for monitoring, measurement, analysis, and evaluation of the EMS & QMS, but what is being assessed by these processes is different. While the EMS is concerned with evaluation of compliance, the QMS looks at product evaluation and customer satisfaction. In both standards there are requirements for internal audit and management review, and these requirements have not changed much from the previous standards. Both can easily be done together by performing internal audit and management review of the processes of both management systems together. For more information, see Environmental performance evaluation.
Improvement: The final section of each standard concerns the need for continual improvement and corrective action. The processes put in place for these requirements can be made applicable to both the EMS and QMS, and in fact the requirements are almost identical between ISO 14001:2015 and ISO 9001:2015, which makes this integration easier.

Many of the processes remain the same

To make the integration of ISO 14001:2015 and ISO 9001:2015 easier, many of the process requirements have remained largely unchanged. Such processes as internal audit, corrective action, and management review are only slightly different than the requirements of ISO 14001:2004 and ISO 9001:2008, so where these processes were easily integrated before, they remain easy to perform in one process between the EMS and the QMS.

With many of the processes for monitoring and continual improvement of the EMS and QMS being the same, integrating these two management systems into an integrated management system is easier than you might think; and, being easy to integrate means you can gain even more benefits from the processes you put in place.

Source: Mark Hammar

Giving ISO 9001 a fresh sparkle

The new 2015 revision of ISO 9001, brought right up to date in response to vast changes in technology, business diversity and global commerce, promises to be the most effective, user-friendly and relevant quality management system yet.

ISO 9001 has just been updated! In the world of global quality management, this is an exciting event and important news for well over one million ISO 9001-certified organizations worldwide, and for the millions more individuals who use ISO’s famous quality management system standard (QMS) daily to facilitate trade. The latest 2015 revision, just published, gives the “jewel” of quality management a fresh sparkle, keeping it relevant and bringing it right up to date with today’s connected world.

Click to see the full infographic

Introduced in 1987, ISO 9001 has been revised four times to date, and the new version – ISO 9001:2015 – is the first major revision since 2000. It has been three years in the making and is the work of hundreds of experts from industry and commerce, standards stakeholders (i.e. consultants, users, test laboratories, certification bodies, etc.), academia and research bodies, government, NGOs, representing 81 ISO member bodies around the world, as well as many thousands of participants in the national mirror committees who reviewed and commented on the draft standard during its development. The result of this evolutionary process brings ISO’s best-selling standard firmly into the 21st century.

Certified organizations have three years following publication of ISO 9001:2015 in September to align their quality management systems to the new edition of the standard, although it is hoped they will not wait until the last minute to benefit from the significant changes in the latest version.

“It’s a game changer!”

Early feedback from reviewers and users of the standard has been very positive. “It’s a game changer,” says Simon Feary, Chief Executive at the Chartered Quality Institute in the UK. Alan Daniels of Boeing, who represented the International Aerospace Quality Group on the ISO 9001 revision subcommittee, sees it as “a real improvement that will lead to a more robust QMS”. “This is a wonderful opportunity for organizations to refocus their QMS on their business operations,” concludes Sheronda Jeffries of Cisco Systems, representing QuEST Forum, a global quality organization for the telecom (ICT) community. As for Mark Braham of the Automobile Association (United Kingdom), he believes ISO 9001:2015 will have huge impacts across the world, while Luiz Nascimento of the Brazilian Association of Technical Standards (ABNT) thinks it will provide more confidence that quality management systems really do work.

Why change?

Many users, happy with ISO 9001 in its current form, may well ask “if it isn’t broken, why fix it?” But this latest revision is a response to vast changes in technology, business diversity and global commerce in the 15 years since ISO 9001:2000.

ISO 9001:2015 recognizes the increased prominence of the service sector and its need for quality management. It also reflects calls for greater QMS alignment and integration with an organization’s business and strategic direction, and makes it easier to adopt multiple ISO business management standards such as ISO 14001 and sector-specific QMSs such as the aerospace industry’s AS9100.

Representing the aerospace industry view, Alan Daniels also highlights changes in business models, more complex supply chains, and increased customer expectations as further compelling reasons for adapting the standard to a changing world. He believes ISO 9001 must enhance an organization’s ability to satisfy its customers while reflecting the increasingly complex environments in which they operate. It should also recognize the needs of all interested parties and align with other management systems – hence the call for extensive and detailed revision.

Have the changes been successful? In the opinion of Anni Koubek, Head of Innovation, Quality Austria, the 2015 version of the standard “clearly fits the global, dynamic, complex, networked and IT-driven business environment most organizations have to operate in much better than the 2008 version”.

What has changed?

The first piece of good news is that ISO 9001:2015 will be easier to use, particularly in conjunction with other management system standards, and will be less prescriptive – for example, documentation will be less mandated and more user-friendly, and the language has been simplified. It also follows the underlying philosophy that “output matters”, so it will ask if an organization’s processes are achieving their planned results, and if the system is actually delivering on its promise – central to implementing ISO 9001 – of “providing confidence in the ability to consistently provide conforming products and services”, explains Nigel Croft, Chair of the ISO subcommittee that revised the standard.

“ISO 9001:2015 is very much performance-based, with a focus on has to be achieved rather than to achieve it,” he adds. The new version combines the successful “process approach” with a new core concept of “risk-based thinking” to prioritize the processes, employing the Plan-Do-Check-Act (PDCA) cycle at all levels in the organization to manage the processes and the system as a whole, and to drive improvement. This new risk-based focus is intended to prevent undesirable outcomes such as non-conforming products and services.

The 2015 version adopts a new high-level structure for ISO management systems standards – based on Annex SL of the consolidated ISO Supplement to the ISO/IEC Directives. It is expected to have a significant impact on organizations, trainers, consultants, certification and accreditation bodies, auditors and standards writers. Annex SL provides identical structure, text and common terms and definitions for all future ISO management system standards (MSSs), giving each a similar “look, touch and feel” and making implementing multiple standards within one organization easier. Now, all new ISO MSSs will follow this framework to ensure consistency and compatibility, ending some earlier confusion during implementation.

Mark Braham, CQI Category A liaison in ISO/TC 176, Quality management and quality assurance, sees “huge benefit” in following the Annex SL framework to integrate other management system standards, and help reduce management time and effort to meet requirements, while Sheronda Jeffries says that the inclusion of the new annex will better allow organizations to see the differences and similarities of ISO 9001:2015 with other MSSs.

How will the changes benefit you?

Discover our video:

“ISO 9001:2015 recognizes the importance of the organization’s business in terms of the type of products and services it provides, their criticality, and the external and internal factors that affect the way it works,” says Nigel Croft. The latest version obliges each organization to think about its own particular circumstances, rather than prescribing a “recipe” for how to design the quality management system. Organizations will therefore have greater flexibility in the way they choose to implement the standard, and the amount and nature of the documentation that is required.

One very important factor has been the greater alignment of structure, content and terminology for all ISO management system standards, particularly evident when looking at the new versions of ISO 9001 and ISO 14001, he says, alluding to Annex SL. This is intended to make life easier for organizations needing to address the requirements of several standards in a single management system.

Assets of risk-based thinking

According to Alan Daniels, the new version will lead to a more robust QMS because it links the process approach with PDCA and risk-based thinking, and connects the QMS to strategic planning and the business processes. “Identifying risks adds value and opportunities for improvement, and the engagement of top management enhances the chance of success on all levels.” For Sheronda Jeffries, introduction of the term “risk-based thinking” along with the term “risks and opportunities” will encourage an organization to be more proactive.

“Risk-based thinking will help organizations make business decisions based on risk by providing the structure to manage it,” says Lorri Hunt of US-based quality management system training, auditing and consulting firm Lorri Hunt & Associates Inc. Anni Koubek also views it as the most important change in the new 2015 version, although she adds that it is not one single element that makes this standard different from the 2008 version; “it is the consequent orientation on results and a certain flexibility on how to build the management system that can be seen throughout the standard”.

Involving the leadership

For Simon Feary, the most significant change is the switch from management commitment to leadership and commitment, embedding responsibility for the operation and performance of the QMS at levels of the organization. The requirements for greater senior management involvement will put the quality profession in front of senior management like never before, he claims. Whether delivering quality management programmes or auditing against management system standards, he urges quality professionals to seize the opportunity to develop new skills and add greater value to their organizations.

The new emphasis on top management involvement is one of the most important changes for Mark Braham, particularly as “they must do tasks to meet the requirements and cannot delegate”. Lorri Hunt interprets the focus on leadership as a transition from the implication of one management representative being responsible for the QMS to the philosophy of a system owned by all of the leadership.

This top-down approach will significantly raise the status of ISO 9001 in the eyes of senior management, believes Leopoldo Colombo, Executive Director of the Quara Group, a Latin American management consulting and training organization. He thinks the days when quality managers would be thanked for their QMS status presentations and then asked to leave the meeting because “we have business to discuss” are over! “Version 2015 has set the requirements and anchorages needed to ensure that the QMS will be strongly integrated with the organization’s business and aligned with its strategic direction, so reviewing the effectiveness of the QMS will equate to reviewing the effectiveness of the business.”

A fresh start

“ISO 9001:2015 is an opportunity for a fresh start in the way users have been implementing ISO 9001,” says José Domínguez, Board Member of the Latin American Quality Institute (INLAC) and Director General of Plexus International in Mexico, a QMS training, assessment and coaching services organization. In his view, if users are serious about ISO 9001 as the main tool for implementing, maintaining and improving the QMS and use it as the foundation for their business operations, they will find it a more flexible and robust standard that can easily adapt to the nature and context of the organization.

Luiz Nascimento believes that, in general, all the changes constitute a real improvement in providing more confidence that quality management systems really work. “Chances are that the perception of the quality management system as a bunch of useless paperwork and unnecessary bureaucracy will change,” he said, adding that, if well applied, the new version can enhance the credibility of certification.

Third-party certification

What are the implications of ISO 9001:2015 for accreditation and certification bodies? Although Mark Braham thinks ISO 9001:2015 will initially create work to complete a gap review, implement changes and prepare for the first certification audit, he also expects that certification bodies will be able to reduce the number of audit days, therefore saving costs.

Sheronda Jeffries believes the introduction of “context”, “interested parties” and “scope of the quality management system” will have a positive impact on the third-party certification process because organizations will be encouraged to consider the boundaries of their QMS, and acknowledge the needs and expectation of their customers.

Simon Feary adds a caveat to balance his enthusiasm for the new version by saying that successful implementation will depend on certification bodies accepting the challenge by reflecting the standard writers’ intentions in the services they offer. Mark Braham concurs, adding that, “the success of the new standard will be down to the capability of the certification body and a healthy challenge”. He believes that will make the difference between a certificate on the wall or an effective management system enhancing customer satisfaction and reducing operational costs.

No problem adapting

Early signs suggest that the drafters of ISO 9001:2015 have succeeded well in developing a more robust QMS that will allow organizations to build confidence in the products and services they deliver throughout the supply chain to customers worldwide. If they prove right, Nigel Croft concludes that organizations currently operating a well-implemented ISO 9001-based QMS should have no problem whatsoever in adapting it to the requirements of the new version.

Source: ISO.ORG

What new in ISO 9001:2015

The most important changes in the upcoming ISO 9001:2015 standard are:

More emphasis on leadership

ISO 9001’s coverage will further extend to top management’ understanding of its business environment (including social, cultural and regulatory) and its internal strengths and weaknesses. This results in the quality management system getting more integrated into operational processes and that the policy and objectives are compatible with the strategy of the company, and top management more involved in ISO 9001.

New focus on risk management

The 2015 version of the standard introduces a new clause on risk management (clause 6.1 “Actions to address risks and opportunities”) which built upon the previous section on preventive action.

Clarifications on objectives, measurement and change

The requirements regarding quality objectives will be more detailed. However, this is mainly clarification of existing requirements in the 2008 version rather than new requirements.

More emphasis on communication and awareness

The two new clauses 7.3 “Awareness” and 7.4 “Communication” will place further emphasis on these two areas.

Fewer prescriptive requirements

The 2015 version will have less prescriptive requirements, including less requirements on documentation. For example, there won’t be explicit requirements for “quality procedures” and a “quality manual”. If this will have any practical effect on ISO 9001 documentation will have to be seen as we get closer to the publication of ISO 9001:2015. Also, the role of “Management Representative” is no longer required; instead, the same responsibilities will simply last with top management. Again, if this will have any practical effect will have to be seen.

The structure of the standard will undergo some changes to reflect the above described changes. The new standard will likely be structured as follows:

Clause 0: Introduction

Clause 1: Scope

Clause 2: Normative references

Clause 3: Terms and definitions

Clause 4: Context of the organization

Clause 5: Leadership

Clause 6: Planning

Clause 7: Support

Clause 8: Operation

Clause 9: Performance evaluation

Clause 10: Improvement


Source: www.9001council.org

Strong growth in energy and food management system standards, according to ISO survey

As the world evolves, it continues to trust ISO management systems standards to keep its organizations performing well. At least, that’s what transpires from the latest ISO Survey of Certifications.

The economy changes and we must change with it. But this doesn’t seem to dent the appeal and relevance of ISO’s management systems standards, as confirmed by the ISO Survey of Certifications 2014*, which gives a worldwide panorama of certifications issued to these fundamental standards. Interest is such, in fact, that a newcomer – ISO 22301 for business continuity – has been included in the annual survey, bringing the sum total to eight standards instead of the usual seven. In a world increasingly plagued by natural and human-induced disaster, the standard is already receiving keen interest from businesses worldwide wishing to obtain certification, which attests to its vast potential user base.

The latest edition of the survey indicates that most ISO management systems standards have now reached a steady cruising speed, a sign of their current – and future – longevity on the market. But while maturity sets in, three strong performers stand out of the crowd in the fields of energy management (ISO 50001, still flourishing with 40 %), food management (ISO 22000, with a respectable 14 %) and, to a lesser degree, the automotive sector (ISO/TS 16949), whose 8 % growth reflects the market’s recent, but ongoing, recovery.

Bearing out a trend that began a few years ago, the global share of certificates to ISO 9001 (quality management) and ISO 14001 (environmental management) has stabilized, with ISO 9001 showing a small 1 % growth while ISO 14001 picked up slightly from last year with an honourable 7 %.

So two decades on, have ISO’s flagship management standards become long in the tooth? Not necessarily. Simply, many of the world’s largest firms have now been certified and are branching out to more specific standards such as ISO 50001 for energy management. Yet despite adoption of ISO 9001 and ISO 14001 maturing in many markets, that’s not to say they aren’t still loved, and the new editions released in September 2015 are expected to give the standards a fresh lease of life.

ISO Survey – Executive summary

Source: http://www.iso.ch

Vote starts on final draft of ISO 9001

Management system standard ISO 9001 has reached the final stage of the revision process. ISO member countries have 2 months to form a national position and vote on the latest draft of the standard before the 9 September deadline.

A vote on an earlier draft (Draft International Standard – or DIS) of the revised ISO 9001 was approved in November 2014 by around 90% of members, but the committee also received over 3 000 comments with suggestions on possible improvements.

Since then, the committee has met twice, in Ireland and Lithuania, and carried out extensive online discussions to analyze and decide on every comment received during the vote. Now that a final draft (FDIS) has been completed and translated, ISO members will proceed with a national consultation before submitting their final vote.

We asked Nigel Croft, Chair of the ISO subcommittee revising the standard (ISO/TC 176/SC 2), whether there were any major changes in the latest draft.

“Compared to the DIS, changes are relatively minor. The most extensive ones have been to the Introduction and figures, which have been greatly simplified, with some of the explanatory text being moved to an informative Annex. The terms and definitions have now been removed from the standard and added to ISO 9000.

“Other than a general ‘tidying-up’ of the overall text, and greater consistency in the use of specific terms, there have been a number of small technical changes. For example, top management must now promote the use of risk-based thinking in addition to a process approach. We have also added explanations about the process environment applied to service organizations, and greater requirements for production and service activities to prevent human error.”

Although changes at this stage of the process have not been significant, we asked Nigel whether he thought the new ISO 9001 will differ greatly from previous versions.

“Definitely! This is the result of an evolutionary process, bringing ISO 9001 firmly into the 21st century. The first versions of ISO 9001 (in 1987 and 1994) were quite prescriptive with many specific requirements for documented procedures and records; in 2000 we introduced the process approach, which focused on managing processes, and required less documentation. This was maintained in the 2008 revision.

“We have now gone a step further, and ISO 9001:2015 is even less prescriptive than its predecessor, but with an underlying philosophy that ‘output matters’. For example, are processes achieving their planned results? Is the system delivering on its promise to provide confidence in an organization’s ability to offer conforming products and services? In other words, ISO 9001:2015 is very much performance-based, with a focus on what has to be achieved rather than how to achieve it. We have achieved this by combining the process approach with risk-based thinking, and employing the Plan-Do-Check-Act cycle at all levels in the organization, while taking into consideration the context in which the organization operates.”

Finally, we asked Nigel if he had any advice for users of ISO 9001.

“Quite simply, read and digest the final draft of the standard as soon as it is published; consult the various guidance documents that are available on ISO’s and the subcommittee’s websites. Think of this new version as an opportunity to improve your Quality Management System, rather than as a new set of requirements that have to be met.”

To obtain a copy of the ISO 9001 FDIS contact your national member body.

ISO 9001 is one of ISO’s most well-known standards, with more than 1.1 million certificates worldwide. It provides requirements to help companies demonstrate that they can offer their customers consistent, good quality products and services. It also provides a framework to help them streamline their processes and become more efficient at what they do. ISO 9001 can be used by organizations of all types and sizes. The standard has inspired a series of documents for sector-specific applications including for the automotive sector, the medical sector, local governments and more.

ISO 9001 is undergoing the periodic revision standards generally go through every 3 to 5 years to ensure they are relevant and up-to-date. The new edition is expected in September 2015.


The future of the Quality Manual in ISO 9001:2015

A Quality Manual will no longer be a mandatory document, according to the available version of the DIS ISO 9001:2015 standard. How did that happen? The Quality Manual was one of the first documents that a certification body asked for before the certification audit. How has it suddenly lost its purpose and importance?

Most Quality Manuals manage to formally meet the requirements of the ISO 9001 standard, and yet miss the point of the document. The result is one of the most fundamental documents of a QMS that no one reads – except for a few masochistic certification auditors.

I have often run into Quality Manuals with 20+ (sometimes even 50+) pages, and I started wondering whether it should be called a “quality management system,” or a “quantity management system.” There was too much duplicated or unnecessary information, and so many details that I ended up feeling sorry for the tree that was cut down to make paper for this pile of unnecessary information.

Having a Quality Manual, in my opinion, wasn’t a bad idea. It is a document where the organization presents itself, its quality management system, and even its way of thinking and approach to quality management. Common practice was to (besides the requirements from clause 4.2.2) include some requirements from clause 4.1 and some other requirements that were easier to document through a Quality Manual.

A lucid, short, and clear Quality Manual gives the impression of an organization that knows what it is doing – an organization that really manages its quality management system. A good Quality Manual facilitates the job of the auditor, and gives him the opportunity to better audit the system – and, with his observations, really contribute to improvement of the system.  And what is more important, such Quality Manual is useful to the management representative and process owners because it provides an overall insight into the quality management system.

Big companies often require their suppliers to have a quality management system, and they may demand to see a Quality Manual during selection of suppliers. What impression does your Quality Manual give about your company? A bulky Quality Manual says that you would rather spend resources instead of applying a creative approach.

Writing a good Quality Manual is not that hard: define the scope of your QMS, list the exclusions (to find out more about exclusions in ISO 9001:2008, read this article What is an acceptable exclusion in clause 7 of ISO 9001) if there are any exclusions, and justifications for them, describe interactions between your processes (preferably through a process flowchart), and list all the QMS procedures you use – and that is all. See also Writing a short Quality Manual.
To be or not to be

With or without a Quality Manual, organizations will still need some overall QMS document. There will still be a need to send the certification body a document that will describe your system, as well as sending it to big clients. Although it’s no longer mandatory, all requirements from the Quality Manual, except 4.2.2 b), remain in the new version of the standard. The scope of the QMS and interactions between the processes still need to be defined. These requirements are even more detailed in the new version, and they still must be in some form of documented information.

The new version of the standard has some new requirements that need to be met as documented information, which can be easily included in a Quality Manual – for example, the context of the organization.
Same idea, different form

This new non-mandatory document (whatever we call it) that will replace the Quality Manual will contain all remaining requirements from clause 4.2.2, and I would add some new ones.

This new document should provide the following information about the organization:

We are XYZ company;
we are producing this and providing these services;
we apply a quality management system to these processes;
we don’t apply these clauses of the standard for these reasons;
these are our processes and their interactions;
and, this is the internal and external context in which we operate.

This can be considered an oversimplification, and of course all this information can’t be placed in just one paragraph, but this document would make sense and it would meet most of the requirements from clause 4 of the new version of the standard. Additionally, the organization’s mission and vision can be added, and this document can effectively become the brochure that will introduce your company to future clients.

This new version of the standard is not a slave to formality (Is this a good thing? Only time will tell…) and will require a more creative approach for getting the maximum out of each requirement, adapting to the organization’s needs instead of piling up useless documents.