ISO 9001: 2015 Draft
ISO 9001 is being revised
This Review is based upon the 2014 Draft International Standard release and it is likely that there will be Further revisions. Planned standard release date is September 2015 with full implementation required by September 2018.
Organisations may wish to consider these changes and plan accordingly.
Why is the standard being revised?
To improve organisations’ ability to satisfy their clients
To allow for standards to easily integrate with other standards – new format throughout
To ensure relevance of standards is maintained, as Business and industry has changed
To Reflect the needs of all user groups and current operating environments/technology developments
To Set a consistent foundation for next 10 years
What is new in ISO 9001: 2015?
There are 3 main changes identified:
1. Risk management
Reference to risk has been included
There is a focus on risk-based thinking
A requirement for the Identification of risk
A requirement for risk control
2. Standardisation
Main ISO standard clauses are being numerically aligned
There is core text
A definite structure (referred to as “annex sl”)
Allows organisations with multiple management systems to achieve improved integration and implementation
3. No Exclusions
The 2008 version allowed exclusions within clause 7
There is no reference to permissible exclusions within the 2015 version
An organisation may decide if a requirement is not applicable, providing that it does not result in nonconformity of products or services or failure to meet the aim of enhancing customer satisfaction
There needs to be evidence in clause 4 if an organisation cannot apply a requirement
What is happening to clauses?
Context of Organization – includes needs and expectations of interested parties, scope
Leadership – includes management commitment, policy, roles, responsibility and authority
Planning – includes risks, opportunities, objectives and plans to achieve them, the planning of changes
Support – includes resources, competence, awareness, communication, documented information
Operation – includes planning & control, determining market needs, interaction with customers, planning process, control of external provisions of goods/services, production of goods, provision of services, release of goods/services, non-conforming goods/services
Performance Evaluation – includes monitoring, measurement, analysis and evaluation, internal audits, management review
Improvement – includes non-conformity & corrective action, improvement
What can we do now?
Do not panic
Too early in the 2015 revision process to make any significant changes to an existing system
May still be further changes or omissions in upcoming drafts or with the final version
Documented management systems of existing ISO 9001:2008 registered organisations should already conform to 2015 version – with some small adjustments
Consider risk
Risk is documented in most sections of the revised standard
Consider starting your risk management plan, if you don’t already have one
Begin thinking how to address risk in your business
Consider typical risk processes, such as risk determination, risk control, risk mitigation, acceptable level of risk
The four phases of risk
Where does it refer to risk?
The new standard appears to reference risk in a number clauses:
Clause 3.09 – terms and Definitions
Here The standard Defines Risk as the “effect of uncertainty on an expected result”
Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” of occurrence
Clause 4.4 – Quality management system and its processes
the organization shall determine risks and opportunities and plan and implement appropriate actions to address them
Clause 5.1.2 – Customer focus
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed
Clause 6.1 – Actions to address risks and opportunities
the organization shall determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s)
b) prevent, or reduce, undesired effects
c) achieve continual improvement
The organization shall plan actions to address these risks and opportunities
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services
Options to address risks and opportunities can include:
avoiding risk
taking risk in order to pursue an opportunity
eliminating the risk source
changing the likelihood or consequences
sharing the risk
or retaining risk by informed decision
Clause 8.5.5 – Post delivery activities
In determining the extent of post-delivery activities that are required, the organisation shall consider the risks associated with the products and services;
Clause 9.3 – Management review
The management review shall take into consideration the effectiveness of actions taken to address risks and opportunities