By Roderick A. Munro
Most new and recently revised management system standards are based on Annex SL, which was published by the International Organization for Standardization (ISO) to provide a common structure for auditable ISO management system standards.
As a result, standards such as ISO 9001, ISO 14001, and the upcoming ISO 45001, now use the following structure:
2. Normative References
3. Terms and Definitions
4. Context of the Organization
9. Performance Evaluation
In addition, because sector-specific standards such as ISO/TS 16949 are based on ISO 9001:2015, they too will adopt the Annex SL format when they are revised. ISO 13485 (the medical device standard) entered its last review cycle prior to the publication of Annex SL. Future revisions of this standard will incorporate Annex SL.
The intent of the Annex SL is for clauses 4, 5, 6, 7, 9, and 10 to be similar in context to all future auditable management system standards, thus allowing for integrated management systems. This allows Technical Advisory Groups to focus more of their attention on the specifics of the standards in question by looking at clause 8 of each appropriate standard.
Related Article: ISO 9001:2015 Transition: Easy As 1-2-3!
The updated ISO 9001:2015 standard has been available for over nine months. The mandatory time to transition to the standard is fast approaching (September 15, 2018), and it’s beginning to feel like déjà vu back to 2003.
Click Here to Read
The term “integrated” will give users of standards the opportunity to create similar management systems to suit other standards that they are certified to without the need to re-create a different process for each standard. Thus, one outcome could be changing the name of the quality manual to management systems manual or integrated management manual.
As with past ISO auditable requirements, the word “shall” indicates the mandatory requirements that an organization must meet and external auditors are required to verify conformance and effectiveness against. Other key words include “should” to indicate a recommendation, “may” to indicate permission, and “can” to indicate a possibility or capacity. The two latter terms are both new to ISO 9001:2015.
The table below shows the current “shall” distributions. Although these are not aligned in the case of elements 4, 5, 6, 7, 9 and 10, they are similar.
|Clause Name||ISO 9001:2015||ISO 14001:2015||ISO 45001 DIS1|
|4 Context of the Organization||13||8||7|
|9 Performance Evaluation||16||20||18|
|Difference from Clause 8||76||71||81|
This structure is intended to allow future external audits to be integrated if an organization wishes to seek multiple registrations. External lead auditors, who are also integrated management system auditors, will have the ability to audit clauses 4, 5, 6, 7, 9, and 10 once and use the information/data or all standards being sought by the client. This will leave the detail in clause 8 (Operations) to be reviewed for each separate standard.
With this in mind, have you looked at ISO 9001:2015? The 2008 version of the standard is mostly written in paragraph format. However, as you start working through the 2015 revision, there appears to be a large number of alpha/numeric lines. For example, in subclause 5.1.1, Leadership, there are 10 line items that are labeled “a” through “j.” As it turns out, there are 52 of these line item groups with 238 alpha/numerical statements. Each of these groups has a “shall” statement in front of them.
Combining the stated 131 “shalls” in ISO 9001, minus one that is imbedded in the alpha/numeric line groups, plus the 238 line items, there are a total of 368 “shall” statements. Each one of these will need to be reviewed by management during management review using internal audit programs to verify compliance, effectiveness, and risk-based thinking of the management system.
ISO 9001:2015 subclause 9.2.1 (d) states that the process should: “Provide information on whether the QMS is effectively implemented and maintained.” This can be linked back to subclause 5.1.1 (d), General, which states: “Promoting the use of the process approach and risk-based thinking.”
Other key words to watch in ISO 9001:2015 include:
- “Documented information,” which replaces the old “Documented Procedure and Record”
- “Risk,” which should include the wording “suitable” and “appropriate”
- “Opportunities,” which has some ties to improvements, but not in all cases
- “Improve,” which is actually stated as “improve,” “improvement,” or “continual improvement.”
It’s also important to note that the term “process approach” is now stated in ISO 9001:2015 subclause 5.1.1 (d) rather than in just the foreword as was the case in the past. Thus, the use of the process approach is required with a “shall.”
My above comment in relation to “risk,” including the phases “suitable” and “appropriate,” may give some auditees cause for concern. In prior editions of ISO 9001, these terms were left hanging with few auditors knowing what to do with them. In an ASQ TV Webinar last October, member of the U.S. TAG to ISO/TC 176 Mark Ames stated that the standard had always intended to view the terms “suitable” and “as appropriate” as linked to risk.
There are a number of lead auditors and blogs stating that there are relatively few changes in ISO 9001:2015. I disagree and believe that many organizations have failed to use ISO 9001 to its full potential.
With the new focus on context of the organization and especially the leadership clauses, top managers need to rethink at least some of their processes and, in many cases, create a formal document detailing risks to the business, instead of just thinking about them.
If there are no real differences, why are so many organizations repeating the history of the 2000 version and waiting till the last minute to transition? This will only cause issues for registrars as they currently do not currently have enough auditors to conduct all of the required transitions in one year (September 2017 to September 2018).
A word to the wise: If you have not already done so, start talking with your register to lock in your audit dates for at least the next two years to ensure your place in their planning process. Crunch time starts now as your current certificate may only be valid until September 15, 2018. In essence, you have less than two years to complete your transition.
About the author
Roderick A. Munro has spent his career in the pursuit of continual learning and helping others understand and utilize process improvement (systems thinking, continuous improvement, systems improvement, and total quality management) methodologies and tools to help make their work and lives better.
Munro has more than 40 years of experience working from the shop/store floor up into the senior leadership ranks. He is a Fellow of the Chartered Quality Institute (UK) and an ASQ Fellow, CQE, CQA, and Certified Manager of Quality/Organizational Excellence. He is an IRCA certified QMS lead auditor and Lean Six Sigma Master Black Belt coach. Munro has extensive experience with ISO 9001, QS-9000, ISO/TS 16949, ISO 14001, and BSI OHSAS 18001.
Munro’s most recent publication is the ASQ Certified Six Sigma Green Belt Handbook, Second Edition. He is also the author of the Automotive Internal Auditor Pocket Guide: Process Auditing to ISO/TS 16949, and co-author of The ISO/TS 16949 Answer Book. The last two books are in review now with the ASQ Automotive Division for review and updating to the ISO 9001:2015 standard.
Happy to see someone else with the same concerns I have on timing and task management with ISO 9001:2015 conversions. Many certificate holders are feeling over documented already and do not want to hear about more to do. Everyone wants to hear ISO 9001:2015 is no big deal, just a walk through. Well, it ain’t, and they are going to figure that out when they get a legitimate audit.
There is a lot of work to do and not much time left.
Keep up good work,
BR…Neill ISO 9001&ISO 13485 LA
I have a question.
When the standard says “for example”, is a recommendation or must be considered as shall?