September 23rd, 2015 ISO 9001 was released. Here we go…
Let’s start with the Introduction
0.1 General
There are some upgrades from 2008, but, in a nutshell, you’re on pretty even ground here.
There are no quantum leaps from ISO 9001:2008, but there are some new concepts in this section. First of all, you’ll notice the use of ‘products and services’ throughout this document, and this General section includes ‘enhancing customer satisfaction’. So despite all the hoopla about risk-based thinking and the process approach, the Customer is still Royalty!
The 2015 version has enhanced examples here, too, such as the Plan-Do-Check-Act approach. PDCA is also mentioned in 0.2, the Process Approach. The word ‘context appears here for the first time to set the stage for Clause 4.
Some added explanations:
“shall” indicates a requirement;
“should” indicates a recommendation;
“may” indicates a permission;
“can” indicates a possibility or a capability.
‘Notes’ are for guidance, and Registrars do not use them as audit criteria unless you add them as requirements to your own system.
This may help simplify some of your documentation.
0.2 Quality Management Principles
Management experts for years have reminded us that managing by adherence to procedures is folly. Instilling Principles into our organizations creates much better results more consistently.
Have a look at the Standard, and you’ll see that the Process Approach and Systems approach have been combined into one Principle – the Process Approach. Not to devalue ‘Systems Thinking’, this may make it a bit simpler for some smaller organizations.
0.3 Process Approach
As I stated in the blog post on this clause, here’s a QMS formula for your consideration: PDCA + Risk based thinking = the Process Approach (see ISO 9001:2015, 0.1 General, para 4). And another one: Customer requirements = Needs + Expectations.
A ‘process’ in ISO 9000 is defined as ‘a series of activities that turn inputs into outputs’ (or results). So the process approach gives an organization the tools to manage activities, especially during changes.
You’ll see later (5.1.1) that Top Management is required to demonstrate Leadership by promoting the use of risk-based thinking and the process approach, so it’s embedded in these requirements.
Better diagrams…sort of
The figures have been simplified a bit, but most of us will tailor these types of things to represent our organizations and how they function. There is still a Plan-Do-Check-Act structure alive and well and living in ISO Land. A tried and true approach, it can be very helpful when used properly. When used improperly (setting targets for performance before knowing what the process is capable of) it is a recipe for disaster! Remember the ‘other’ version of PDCA – Plan, Do, Study, Act (Shewhart). We can learn plenty about improvement when we take the time to learn about the processes in our organizations.
And the PDCA diagram (Clause 0.3.2, Figure 2) puts Management right in the centre, as the hub of the wheel. Great move. I’m not sure the new process diagram (Clause 0.3.2, Figure 1)will help much, but you may want to try it on your group to see if it resonates with them.
0.3.3 Risk-based thinking
The buzziest words associated with this Standard. Great concept, but I think it will be a while before the QMS world will embrace it. It’s much more likely that organizations will actually take advantage of the idea, and the application of risk-based thinking will benefit every organization that uses it. Lots of payback here for those that take the plunge. No formal risk management process is needed, though.
0.4 Relationship with other Management System Standards.
ISO 27001 (Data Security) came out in 2014 in the same Annex SL (Structured Layer) format. ISO 14001 came out in early September with the same format. This will greatly enhance the creation of an Implemented Management System.
Thanks for dropping by – look for our next Tip in a few days covering 1 Scope, 2 Normative references and Terms and 3 Definitions.