What’s New in ISO 9001:2015? Quite a lot, actually. In part two of this excerpt from Denise Robitaille’s new book, The (Almost) Painless ISO 9001:2015 Transition, we look at ISO 9001:2015’s new requirements. This three-part series will examine:
- Deleted and diminished requirements
- New requirements
- Changed and enhanced requirements
Part II — What’s New in ISO 9001:2015: New Requirements
Context of the organization
This requires organizations to identify the internal and external issues that affect them. It also requires them to understand the needs and expectations of relevant interested parties. It’s a bit misleading to think of this as a new concept.
The language and the need to fulfill requirements in relation to these factors may be new, but the underlying principles have already been implemented to varying degrees in most organizations. Many organizations have at least a working, albeit informal, familiarity with the issues that affect them: capacity, material shortages, personnel turnover, machine breakdowns, changes in the financial markets, etc. But they may not have a systematic method for regularly monitoring these factors. ISO 9001:2015 now requires organizations to bring some consistency to their deliberations around these issues. It directs organizations to determine what issues are relevant to their purpose and, through guidance notes, gives examples of some of the tools and practices that may facilitate this process. So, the standard drives organizations to do a better job of thinking of all the issues that can affect their ability to serve their customers and to consider the risks and opportunities that are associated with these factors. Bringing consistency to what, in the past, have probably been haphazardly applied and poorly documented practices is the big benefit from this requirement.
Internal issues might include:
- Expected retirement of key personnel with specific knowledge and skills
- Addition of a second shift to accommodate increased sales
- Aging machinery or obsolete equipment
- Formation of a labor union
- Relocation of the company
- Improvement to processes
- Expiration of a government-funded training grant
External issues might relate to:
- Loss of a key supplier
- Changes in environmental regulations
- Ventures into new markets with stricter statutory constraints
- Tightening of lending guidelines from financial institutions
- Scarcity of raw materials
- Natural disasters
- Major road construction in areas that the organization services
This isn’t to suggest that either of these lists are exhaustive. They merely provide a broad range of examples to demonstrate how varied and extensive the issues may be.
The other requirement relating to the context of the organization deals with understanding the needs and expectations of relevant interested parties. ISO 9000:2015 defines an interested party as a “…[P]erson or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity.” They are sometimes referred to as stakeholders. They may be internal (e.g., employees or owners) or external (e.g., customers, suppliers, bankers, regulators, partners, or society).
It’s important to pay attention to the language of this subclause. The key word is “understand.” There is no requirement to fulfill their needs and expectations. This would be impractical or impossible. Such a requirement would also exceed the scope of ISO 9001:2015, which is focused specifically on fulfilling customer requirements and enhancing their satisfaction. The point remains that, in order to serve their customers, organizations must have an understanding of how these stakeholders affect their ability to meet their organizational objectives—specifically as they relate to customers.
The last piece to this requirement is the need to monitor and review information about the internal and external issues and the relevant interested parties. Things change. What may have seemed stable and reliable could over time erode into a potential threat. Alternately, new opportunities emerge almost every day. Requirements for monitoring in this clause are aligned with another new requirement relating to change.
Planning of changes
Planning of changes is, again, not an entirely new concept. The 2008 version of ISO 9001 mentions the need to maintain the integrity of the system when changes are planned. ISO 9001:2015 adds the prescriptive text relative to planning and controlling the changes.
Change in and of itself isn’t positive or negative. What makes it either a risk or an opportunity is the effect it has on planned results or intended outputs. The degree to which the output of the change can be planned, with appropriate consideration of internal and external issues, will determine whether the change results in an unforeseen problem or in an actualized opportunity. The standard clearly directs the organization to consider the purpose of the change, the potential consequences, availability of resources, and the authority and responsibility for the change. Although there is one clause relating specifically to planning changes to the QMS, the concept of change isn’t relegated to that single clause of the standard—it permeates multiple sections.
Quality objectives are certainly not new. What ISO 9001:2015 brings is long-overdue guidance on the need to take action to achieve the objectives. Specifically, it requires the organization to determine what needs to be done, resources, responsibility, completion time, and method of evaluating results.
This has the very positive effect of moving quality objectives from stagnant pronouncements to actionable goals: “This is our current status. That’s where we want to be. This is what we will do to get there.” It moves the objectives from vague potentiality to achievable possibility.
The term “preventive action” no longer appears in the standard. It’s been incorporated into the much more holistic concept of risk-based thinking. Preventive action deals with the potentiality of something going wrong—which is actually the essence of risk. Unfortunately, in many organizations, preventive action had been perceived as an irrelevant and disjointed nuisance with minimal significance. The manner in which the concept of risk is treated in ISO 9001:2015 makes it easier for organizations to address potential problems and take necessary action at appropriate junctures.
This creates the opportunity to foster a culture in which thinking about the consequences of change permeates all aspects of the QMS. Everyone is affected by some kind of change and, conversely, has the opportunity to have an effect on what is changing. Changes can result from the addition of a product line, the departure of key personnel, the loss of a major supplier, breakdown of a piece of equipment, a revised regulatory requirement, an increase in sales, or a whole myriad of other events. They can be small—like the revision to a document or replacement of a tool. Or they can be massive, like the relocation of the company to a new facility a thousand miles away.
Regardless of the nature or the scope, a predictable set of actions should ensue: an inquiry into the nature of the change, assessment of the risk, and a decision on what action, if any, to take.
The other enhancement to the concept of risk is the variety of choices. Formerly, with preventive action, the requirement was to take action to address causes to prevent an undesirable event or output. Language in ISO 9001:2015 accommodates the flexibility to consider the issues and make decisions that may limit the number of occurrences, mitigate the severity of the negative outcome, or result in the sharing of the risk. It also allows for the decision to take no action.
These three concepts taken uniquely have potential benefits. When you adopt the concepts of risk-based thinking, understanding the context of the organization, and change control, their interrelation and application create a synergy that cannot help but propel an organization to higher levels of effectiveness and efficiency.
We hope you enjoyed this excerpt. Part 3 will look at changed and enhanced requirements in ISO 9001:2015.