Answers to the 9 Most Commonly Asked Questions about ISO 9001:2015
We have been abuzz in the Concentric office for months (probably more like a year) on the upcoming ISO 9001:2015 standard changes and have made every effort to get as much information out to you as quickly as we can. So we introduced a monthly webinar series that follows the changes to keep you “in the know”. And we had a few clients that wanted to be on top of the changes so they can swiftly implement new strategies and stay compliant, so we held our first ISO 9001:2015 Lead Internal Auditor Training in August. Between those two platforms we’ve been asked lots of questions on the new standard and have put together a quick guide to answer all those burning questions you might have.
What is the timeframe for adopting the new version? When should an organization get started with the transition? What is going to be the approach adopted by the registrars once the standard is released?
We know, that’s actually three questions, but we have one answer. The Standard approval process is complete and its release will take place in September 2015 (September 23rd to be exact). There will be a three-year transition period for organizations to have its certification converted to revision 5 (version 2015), giving you until the end of 2018. A well-executed conversion may take between 6 and 12 months, but do not plan to get started by Jan 2018 because if you have issues then you will miss the deadline. Call your registrar now to understand their approach. Registrars will grant first-time certifications post Q2 2018 exclusively under the new revision. But a concentration of converted certifications will happen in Q3/Q4 2018. Furthermore, you may want to call your customers now because some of them may require a shorter timeframe to adopt the new standard. And you don’t want to lose a customer because you started late.
Will registrars’ auditors and organizations’ internal auditors need to be re-trained and certified to the new version? Will auditors need to have a different assessment approach?
Yes, auditors will need to adopt a different approach. Registrars’ auditors may not need to be recertified. But we are strongly recommending that internal auditors, including experienced ones, be re-trained in the 2015 version of the Standard. An example of why is because instead of auditors focusing on documented procedures and records, they will need to watch the processes to look for evidence that may not need to be written anymore.
How many new documents and/or procedures are going to be required? Is it not be six mandatory procedures anymore? Does the new version of the standard give the companies more freedom? Is this an advantage or disadvantage?
The 2015 version is not going to explicitly require any new document or procedure. Giving organizations “more freedom”. A few of the documents will not be required anymore, like the Quality manual for instance. Our recommendation is to use common sense to ensure this “freedom” is to your advantage. Instead of eliminating the Quality manual and some procedures that are not mandatory anymore, we are advising our customers to revise them to confirm its compliance with the new concepts in the new standard. This will ensure they remain valuable tools to support the organization’s management system and ultimately the organization’s business. If they are not adequate to serve at least one of the mentioned purposes, then they can be shamelessly eliminated.
How to sell the QMS leadership to the leadership team? Who is going to be in charge of QMS if there will not be MR (management representative) requirement anymore?
The intent in the new version is crystal clear on this topic. The leadership team has to adopt QMS leadership one way or another and demonstrate that business management has incorporated QMS because it cannot be sustained as a satellite set of processes and procedures anymore. Organizations may decide to keep their MR professional, but her/his roles and responsibilities will be different once the QMS leaders will be the business process owners, therefore, part of the plant leadership team.
If a QMS MR is not required anymore, does that means the whole leadership team (process owners) needs to be trained in QMS and ISO 9001:2015?
We strongly recommend training the entire leadership team. Companies may not want to invest in a full lead auditor training for the entire leadership team, but every process owner should attend at last a QMS and ISO 9001:2015 awareness training to fully understand, engage and implement her/his role adequately.
Who are the interested parties and how do we identify them and their requirements or needs?
The new version brings the expanded concept of customers. Interested parties are the actual customers and many others like internal customers, community, government representatives, suppliers, employees and contractors, in summary, anyone that can somehow express an interest in the organization’s business performance. There will not be a written requirement, meaning a template is not provided to gather the list of interested parties and respective requirements or needs. However, we recommend an internal procedure to facilitate this task. For those companies who already gather customer specific requirements, the same repository may be adapted to collect other interested parties requirements or needs.
How do we demonstrate and provide evidence for risk-based thinking? How is risk-based thinking different from risk management? How do we document the opportunities rather than risks?
Risk-based thinking is simpler than risk management. Auditors will not require documented records, but simply verbal justification that it was performed. The standard will not require the usage of a specific tool or methodology to prove evidence of risk-based thinking, neither for identification of risks and opportunities and nor for the subsequent action plan. Companies, intuitively apply risk-based thinking, which will replace preventive action in the new version of the standard. However, businesses do require risk management and mitigation plans, regardless. There are several common risk analysis tools, most of them listed in the Standard ISO 30010, which we strongly advise adopting for the sake of results effectiveness. Firms may want to use simple tools like SWOT (Strengths, Weaknesses, Opportunities and Threats) Analysis and nine box, or expand the usage of their FTA (Fault Tree Analysis) or PFMEA (Process Failure Mode and Effects Analysis) if you are already using these tools due to your industry or a customer requirement. By the way, the BCP (Business Continuity Plan) is another adequate tool for this information and actions.
How should we document the context of the organization? Is the Quality Policy a good place to describe the new context of the organization?
No, the Quality Policy is not a good place for the context of the organization. The context of the organization can be documented, in the Quality manual, if the organization decides to keep it. While some documents and procedures will not be mandatory anymore they can be kept and serve as a good repository for evidence of compliance to new concepts brought by the new standard version.
Continual or Continuous improvement?
Continuous never stops until perfection is achieved. While continual presumes a set target is to be achieved at a certain point or timeframe, and when achieved, a new target is set and the cycle continues with no concept of perfection. Therefore, Continuous is Theoretical (the continuous improvement program of the company) while Continual is Practical (a specific project of the company). The standard refers to continual improvement in several clauses.
This is an exciting time for Quality professionals. We have a lot of work ahead of us. Our next ISO 9001:2015 Forum Webinar is next Wednesday at noon and we will be addressing many of these questions and updating everyone about the publication. You can register here and find loads of resources on our ISO 9001:2015 Resources page. And, if you would like to learn more about the new version of the ISO 9001:2015 you can find the official announcement here along with other helpful information. As always Concentric is here to help with any questions you may have so please feel free to reach out.