
by Lorri Hunt
With the publication of the Draft International Standard (DIS) of ISO 9001:2015, more than one million worldwide users are getting their first look at what the revision will include. Many users will skip the introduction and head straight to the requirements in clause 4. This may be because when we began reading as young children, we skipped through the introduction pages of books and go immediately to the first chapter. We were also taught to read a book from cover to cover and told that we shouldn’t sneak a peek at the ending since the story might be ruined.
In this case, however, I recommend that users of ISO 9001:2015 start with the introduction sections of the standard, skip all of the clauses, and read the annex. Reading these two sections of the standard first will provide the foundation for users to understand some of the significance of the changes in the standard.
Annex A is to be treated as a normative reference, which means that the information in the annex is similar to a note that provides clarifying information. It can be used to help organizations implement the standard as well as a resource for auditors during the certification process.
Here are some of the key changes clarified by Annex A in the DIS.
Change: Structure
Because the new structure of the standard is the most obvious change in the revision, it’s important to understand the rationale for the change in structure so that users can then move on to the more substantive changes.
The structure of ISO 9001 is changing due to a decision by the ISO Technical Management Board to adopt a standardized format and common core text for use in all new and revised ISO management system standards. This is to promote greater ease of use for organizations that want to integrate the requirements of multiple management system standards such as ISO 9001, ISO 14001, or ISO 50001. This standardized format is referred to as Annex SL. Table 1 compares the high-level clause titles of Annex SL in the proposed ISO 9001:2015 to the clause titles in ISO 9001:2008.
Table 1—Proposed Changes to Clause Titles
Annex SL | ISO 9001:2008 |
4 Context of organization | 4 Quality management system |
5 Leadership planning | 5 Management responsibility |
6 Planning | 6 Resource management |
7 Support | 7 Product realization |
8 Operation | 8 Measurement, analysis, and improvement |
9 Performance and evaluation | |
10 Improvement |
Key to understanding the change
Before getting too caught up in the structure of the revised ISO 9001:20915 standard, it’s important to read clause 0.6, Compatibility with other standards, and Annex A. Clause 0.6 introduces the high-level structure, explains the rationale of the structure, and highlights some of the changes in ISO 9001:2015. It states, “It is important to emphasize, however, that organizations are not required to follow an identical clause-by-clause sequence when defining their quality management system, and they are encouraged to use the Process Approach as described in clauses 0.3 to 0.5 of this International Standard.”
Clause 4.4.2, Process approach, should also be considered when reviewing requirements related to the structure. It’s important to note that organizations that have taken a minimal approach to this requirement will find that they may need to make some changes in how they identify and control their processes. Organizations that embrace the process approach will not only find that the transition to this standard is simpler but also that the integration of any requirements into their quality management system (QMS) becomes easier to accomplish. Further understanding of the structure is provided by clause 0.6 referring to Annex A.
Clause A.1, Structure and terminology, provides details that should help organizations understand the requirements related to what is required or, in this case, not required related to structure. The annex states: “The consequent changes in the structure and terminology do not need to be reflected in the documentation of an organization’s QMS. The structure of clauses is intended to provide a coherent presentation of requirements rather than a model for documenting an organization’s policies, objectives, and processes. There is no requirement for the structure of an organization’s QMS documentation to mirror that of this International Standard.”
The text included in the annex should alleviate any concerns related to structure and required changes. With that said, since the beginning of ISO 9001, organizations have adopted the process approach when they structure their QMS around the requirements of ISO 9001. Therefore, before making any QMS structural changes, it’s important to carefully consider the opportunities and issues associated with making such changes. Any change should add value. Making a change for the sake of aligning a QMS to a structure of any kind potentially adds unneeded cost and overhead.
If an organization wants to ensure that it has addressed any new requirements, it should develop a cross-reference of procedures and methods of compliance from whatever structure it is using to the requirements in the revised standard. A cross-reference of existing requirements in ISO 9001:2008 to ISO 9001:2015 is being developed that will help organizations understand the relation of current requirements to requirements in ISO 9001:2015. This cross-reference will be published as part of the ISO 9001:2015 revision.
Products and services
Since ISO 9001 was originally published, there has been ongoing feedback from some users that the standard is difficult to apply to many types of industries—especially to the service industry. For that reason, the language in the standard is being modified to make ISO 9001 easier to use for these industries. This flexibility has been scaled back from the Committee Draft (CD) that was published in June 2013.
Feedback on the CD from experts and users indicated that the standard at this stage was too generic. For that reason, the DIS includes revisions that provide a balance that meets the needs of users who are looking for more generic requirements while maintaining the needs of users who are happy with the current level of requirements.
One specific way ISO 9001:2015 is being made more generic is by replacing the word “product” with “products and services.” Using the latter helps to emphasize that the standard can be applied to all types of organizations. In addition, some requirements have been specifically changed to emphasize this point. This includes clause 7.1.5, Control of monitoring and measuring resources, which now includes language easier to apply to service industries by changing the words “monitoring and measuring equipment” to “monitoring and measuring resources” and incorporating requirements related to monitoring and measuring as applicable to the service industry.
Context of the organization
Some of the standard’s new requirements are practices that most organizations already do, but will cause some discussion regarding implementation. This is partially due to the new terminology in ISO 9001:2015 related to interested parties.
ISO 9001 has always been a customer-focused standard. The high-level structure and common text that is required to be used by Annex SL uses the term “interested parties” and not “customers.” Specifically, clause 4.1, Understanding the organization and its context, and clause 4.2, Understanding the needs and expectations of interested parties, require you to focus on these aspects. These requirements, while new in the text of the standard, were implied in clause 0.1, General, in ISO 9001:2008, which indicated that the QMS is influenced by the environment that the organization is in, including changes and risks.
Key to understanding the change
To eliminate the potential for the term “interested parties” to be interpreted beyond the intent of ISO 9001, Annex A.3 has been developed to explain these two specific clauses. Specifically, the revision to ISO 9001 will not require an organization to consider interested parties that are not relevant to its QMS. Each organizations will need to determine what is relevant based on whether the interested party has an impact on the organization’s ability to meet customer, statutory, and regulatory requirements. Some organizations may choose to expand the interpretation of the requirement, but this is at their discretion and determination as to whether such an application can add value to the organization.
Applicability
When ISO 9001:2000 was published and ISO 9002 was eliminated, the concept of exclusions was introduced into the standard. Exclusions allowed an organization to exclude a requirement of clause 7.0 of the standard so long as it didn’t affect the organization’s ability to meet customer, statutory, and regulatory requirements as well as provide a product or service that conformed to such requirements.
With the introduction of core Annex SL text, which includes a different structure, the standard has been made more generic—it is therefore easier to apply the requirements. This change focuses the standard on the application of the requirements and not on the exclusion of requirements. The standard will require an organization to apply the requirements where it can.
The DIS version of clause 4.3, Determining the scope of the quality management system, still requires an organization to justify any instance where a requirement of the standard cannot be applied. However, it isn’t limited to certain clauses of the standard, like it was in the previous two versions of the standard. The justification for exclusions that is required in the current draft will assist with establishing the framework of an organization’s QMS. This will be helpful not only to the organization, but also to any third-party auditors who will be reviewing the organization’s QMS.
Key to understanding the change
Annex A.5, Applicability, outlines the new concept of application and not exclusion. It specifically addresses the idea that not all requirements have to be applied by an organization due to the nature of the product or service that it provides. Other influences might be the size of the organization, the management model it adopts, and/or the risks and opportunities for the organization.
Risk-based thinking
Another concept that has been integrated into ISO 9001 is risk-based thinking. Although risk was implied in previous versions of ISO 9001, the word “risk” is actually used in some instances in the DIS. Using the risk-based approach allows an organization to determine the level of controls needed for certain requirements, thereby reducing some requirements that were seen as more prescriptive than others.
In alignment with risk-based thinking, the DIS for ISO 9001:2015 does not use the term “preventive action.” The language in the standard looks at how an organization determines the risks and opportunities that need to be addressed for an effective QMS. Clause 6.1, Actions to address risks and opportunities, includes requirements to make sure that the QMS can achieve its intended outputs. It also addresses taking action appropriate to the effects of nonconforming goods and services and preventing potential issues.
Key to understanding the change
Clause 6.1 includes a note that provides clarification. It focuses on some of the options that can be used to address risks and opportunities and explains that risks and opportunities are not always negative. The organization can take actions to avoid risks or actions to purse an opportunity.
Annex A.4, Risk-based approach, emphasizes the point that that there is no requirement to implement a specific, formal risk management system. Instead, the proposed revision focuses on the potential risks and opportunities associated with the implementation of a specific requirement and the level of implementation required.
Clause 0.5, Risk-based thinking, includes the consideration of risks and the potential consequences for different types of organizations, which allows the application of requirements based on those consequences. The introduction section also clarifies that this is not an extensive risk management program and that although ISO 31000 (the standard for risk management) can be used, it is not required.
Documented information
Throughout the many versions to ISO 9001, the terms “documents” and “records” have been used. In the proposed 2015 revision to ISO 9001, these terms have been replaced with the single term “documented information.” In addition, in previous versions of ISO 9001 the requirements for documents and records have always been kept in separate clauses. They are now included together in clause 7.5, Documented information. This change has resulted in some initial comments related to understanding what the actual requirements are for “documented information” in the DIS.
It’s important to understand that this new terminology has been introduced because the way we manage information now is vastly different than it was when ISO 9001 was first released. Little change had been made to the requirements during past revisions, adding to the need for the new terminology in the current revision.
Key to understanding the change
Annex A.1, Structure and terminology, identifies some of the biggest terminology changes in the DIS. It also states that while those terms have been changed, organizations are not required to use the same terminology in their QMS. Furthermore, Annex A.6, Documented information, includes clarifying information related to when the term “documented information” is used in the DIS. It states, “Where ISO 9001:2008 would have referred to documented procedures (e.g., to define controls or support a process) that is now expressed as a requirement to maintain documented information. Where ISO 9001:2008 would have referred to records, this is now expressed as a requirement to retain documented information.”
Organizational knowledge
Clause 7.1.6, Organizational knowledge, requires organizations to determine what knowledge is necessary for the operation of their processes in order that the product or service requirements are achieved. This is one of the new requirements of the standard but it’s something that most organizations already have in place even if informally.
Key to understanding the change
Annex A.7, Organizational knowledge, addresses this requirement. Although not specifically mentioning different sizes of organizations, the clarification in the annex is directly related to this scenario. The annex draws attention to the fact that the knowledge needed by the organization can be balanced by the presence of competent employees and knowledge made available by other means by the organization.
Control of externally provided products and services
This is another aspect of the standard where terminology has changed. In the ISO 9001:2000 version, the term “vendor” was changed to “supplier.” In the ISO 9001:2015 DIS, the term “supplier” has been replaced with “external provider.” This is due to the fact that not all products or services are obtained through a traditional purchasing process. For example, some organizations receive parts or services from an associate company.
Key to understanding the change
Using the term “supplier” limited the organization’s ability to see that there might be the need for controls for providers other than suppliers. With the understanding that the controls for a traditional “supplier” might be different than an associate company, Annex A.8, Control of externally provided products and services, provides clarification that the organization can take a risk-based approach to determine the type and extent of control needed for each external provider based on the products and services to be provided.
In addition to this terminology change, additional terminology changes have been outlined in Annex A.1, Structure and terminology. As with the previous examples outlined, there is no requirement that the organization transition to these terms. Terms should be selected that best fit the needs of the specific organization regardless of their use in the standard.
Next steps
The changes that have been outlined are expected to be retained in further drafts of ISO 9001:2015. However, there are two additional stages where requirements may be changed prior to the final version of ISO 9001:2015—currently planned for publication in September 2015. For this reason, organizations should proceed with caution in the actual implementation of any requirements in the DIS.
The DIS ballot began in July 2014 and will close in September 2014. If the DIS passes, the working group will consider the comments provided and prepare the Final Draft International Standard (FDIS). This stage is generally considered to be a simple check for editing errors and only minor changes and edits can be made.
The ballot for the FDIS is expected to begin July 2015 and end in September 2015. If the FDIS is approved, the document is published and provided to member bodies for national adoption purposes. In the United States, ASQ normally adopts these standards as American National Standards as a part of the American National Standards Institute (ANSI) national adoption process.
It’s important to note that the final publication of the standard relies on its successful advancement at each specific stage. Estimated dates may shift based on progress and balloting results. During this timeframe, the International Accreditation Forum (IAF) will develop any specific guidelines for how organizations that are certified to ISO 9001 will transition to the revised standard. A three-year transition period will be announced once the standard has been published, but specific transition plans have not been published by the IAF. These will be followed by plans by individual certification bodies.
You may also apply for membership to the U.S. Technical Advisory Group to ISO/TC 176 to actively participate on the revision to ISO 9001 and its supporting documents. To apply for membership, interested parties can contact the Standards Group at the ASQ at www.standardsgroup.asq.org.
About the author
Lorri Hunt is a U.S. technical expert and task group monitor for the next revision to ISO 9001. She frequently contributes to quality publications and journals and is a co-author of The Insiders’ Guide to ISO 9001:2008. She is the president of Lorri Hunt and Associates Inc. She is currently working on a new book on ISO 9001:2015.