In every quality focused organization, one of the hot topics is the transition to ISO 9001:2015 from ISO 9001:2008. UEA is certainly no exception. There are many questions about this new standard. UEA is constantly striving to stay up to date with the latest standard. Hopefully this brief blog can help answer some of the questions about this new standard.
ISO has developed a new structure to be utilized by the various ISO management system standards moving forward. This structure will allow more consistency and better alignment across management system areas such as quality and environmental. The new structure is set up with 10 clauses vs. the 8 clauses in ISO 9001:2008. There is no requirement to have organizations re-number any documents.
Risk Based Thinking is a new concept in ISO 9001:2015. The inclusion of risk and related topics (e.g. opportunities, consequences, and controls) is likely the most-discussed change. For example, “Actions to address risks and opportunities” can be found in section 6, and evidence of risk can also be see in requirements for the QMS and its processes (4.4), Customer focus (5.1.2), and Management review (9.3). Related references to impacts, consequences, controls, etc. can be found in virtually every section of ISO 9001:2015 requirements. The term “Risk-Based Thinking” has been coined to help the concept of risk pervade throughout the QMS, and risk has also been incorporated into the process approach model.
Here are some other notable changes that can be found in the newest version:
- 4: Context of the organization clauses -include determination of external and internal issues relevant to the organization’s purpose and strategic direction; more towards the “business management system” than a “quality management system”.
- 5: Leadership clauses – In effect replace “top management” clauses with some enhancements on commitments including accountability, compatibility, actions and effectiveness.
- 1.6: Organizational knowledge – New concept of determining necessary knowledge for operation of processes and conformity of products and services.
- 5: Documented information – Essentially combines requirements for documented procedures and records into one section with similar treatment.
- 4: Externally provided products and services – Incorporates requirements of purchasing and outsourcing into one; recognizing that today’s organizations get services and materials from more than traditional purchasing arrangements, but in essence the concerns and controls are similar, regardless of the path these external products and service come from.
Some specific requirements have been dropped from ISO 9001: 2008. ISO 9001:2015 may not be as prescriptive in requiring certain documents or specific roles.
Quality Manual – not specifically required, nor mandated as to its content.
Documented Procedures – none specifically required, but left to the organization’s determination and needs (4.4, 7.5.1).
Management Representative – not specifically called out as an individual having the sole responsibility and authority for the QMS; now considered part and parcel of the organization’s leadership and top management (5.1.1, 5.3).
Preventive Action – not a specific clause/record moving forward, but effectively usurped by the “Risk-Based Thinking” to be applied throughout the QMS.
For more quality related information from UEA, check out our recent blog on incoming inspections.