By Jim Johnson
It has already been a year since the new ISO 9001:2015 standard was released in September 2015. That means that a third of the time is already gone for companies certi ed to the old ISO 9001:2008 standard to upgrade by the Sept. 23, 2018 deadline. There are no gures available on the number of ISO-certi ed companies that have upgraded to the 2015 standard this year, but anecdotal informa- tion suggests that many have not yet done so. We suggest that companies set aside time and budget in their planning for 2017 in order to upgrade and accommodate these changes, some of which are relatively signi cant:
- “CONTEXT OF THE ORGANIZATION” requires a company to routinely monitor and clearly de ne what the company is and does in order to identify internal and external issues relevant to the company’s purpose and strategic direction. This addition furthers ISO 9001’s positioning as a true management system integral to the operation of the company.
- “IDENTIFICATION OF INTERESTED PARTIES AND THEIR NEEDS” is included in the same clause as “Context of the Organization.” Satisfying the needs of these interested parties would presumably be of strategic importance to a company and therefore this requirement further aligns ISO with a company’s strategy. These interested parties would presumably include customers, suppliers and even competitors, but could also include community members living near a facility, regulatory bodies or other partner organizations.
- “RISK BASED THINKING,” perhaps the most signi cant addition, focuses on process risk and incorporating the concept of preventive action to manage that process risk. Each company will need to identify its own process steps, the risks associated with each of those steps and the relative importance or ranking of each risk. Then a system must be put in place to evaluate and act on those risks.
There are a number of other modi cations to the 2008 standard that will require attention, starting with the very structure of ISO. The eight clauses of the 2008 standard have been replaced by ten clauses built around the Plan-Do-Check-Act cycle. Documented information now includes records as well as the former documents. Leadership now has its own clause with ten specific requirements that, again, are designed to position the 2015 standard as a management system, not an “isolated” quality system.
There are a number of requirements from the 2008 standard that are no longer necessary under the 2015 standard, including the Quality Manual, the Management Representative, and Preventive Action. Management Representative has been replaced by the more effective and accountable Leadership clause, and Preventive Action has been replaced by Risk Based Thinking.
Clearly, there is a great deal for ISO-certi ed compa- nies to consider when moving to the new standard. Now is the ideal time—during your planning and budgeting cycle for 2017—to commit to your conversion and allot the resources for next year.