Yes, the New
Standard has the same (V. ISO 9001:2008) Requirement,
Plus Net Additions to
ISO 9001:2008
The release of the Final Draft International Standard of ISO 9001:2015 has created a great deal of hand wringing and argument that many
requirements of the ISO 9001:2008 standard have been deleted, abandoned and/or
lessened. Some people believe that an
organization no longer needs to have a Quality Manual, Quality Objectives, or
the six required procedures for their respective Quality Management
Systems. Reality: Nothing could be
further from the truth. The fact is that the ISO 9001:2015 standard does not reduce any requirements. It does require them in a
different language, and does require/ empower the organization to decide the
details.
Quality Institute of
America (QIA) has
been providing a series of articles to help people who wish to understand the
new standard. These are divided into five groups: Group 1
provided an Introduction to the ISO 9001-2015 standard. Group 2, provided a
thorough understanding of the new standard by referencing the old version, and
pointing out how the new standard essentially has the same requirement with a
different twist and location in the new standard.
The ISO 9001:2015 version actually has net additions to the old (ISO 9001:2008) version.
This article is the first in the Group 3, and introduces you to a summary of
the additions. It will be followed by full length articles on the various
additions.
Group 4 will have some articles on how to implement the new ISO 9001:2015, and Group 5 will have some articles to help you audit to the new
standard, or face audits to it.
We are presenting these articles through various channels,
but principally through our web-sites: http://www.qi-a.com/Articles.aspx as well as our blog page: https://plus.google.com/u/0/b/114348208229269811700/+QualityInstituteofAmericaHouston/posts/p/pub
Net Addition #1:
4.1 Understanding the Organization
and its context
The Organization shall determine external and internal issues
that are relevant to its purpose and strategic direction ant that affect its
ability to achieve the intended result(s) of its Quality Management System (QMS).
The Organization shall monitor and review information about
these external and internal issues.
Context of an Organization refers to the scope of a thing,
either an Organization as a whole, or its sub-parts such as divisions,
locations, departments or an individual employee’s job title.
The new ISO 9001:2015 standard sets forth what an Organization shall monitor and review, but
is not specific on the details of how to monitor/review, what is to be done
with this data and where an Organization should keep or store the data. Data analysis (Section 9.1.3) and Organizational
knowledge management (Section 7.1.6) are the sections for addressing the
requirements of Section 4.1. Section 9.1.3 mandates that an Organization shall analyze and
evaluate appropriate data/information arising from monitoring and measurement
in order to evaluate the data/information for various effects upon the
Organization’s QMS.
Section 7.1.6 requires an Organization to determine (by
monitoring and/or measuring) the knowledge necessary for the operation of its
processes and to achieve conformity of its products and services.
Unlike the old standard, the new one expects you to
understand your organization's context before you establish its QMS. When ISO 9001:2015 asks you to
understand your organization's context it wants you to consider the external
and internal issues that are relevant to its purpose and strategic direction
and to think about the influence these issues could have on its QMS and the
results it intends to achieve.
Net Addition #2:
Organizational Knowledge – 7.1.6
The organization shall determine the knowledge necessary for the operation of
its processes and to achieve conformity of products and services. This knowledge shall be maintained and
be made available to the extent necessary.When addressing changing needs and
trends, the organization shall consider its current knowledge
and determine how to acquire or access any necessary additional knowledge and
required updates.
Organizational knowledge has been defined as an asset of a company to which no value
can be named (Businessdirectory.com). In other words, it is (or can be)
priceless to an organization. Organizational Knowledge is knowledge specific to the organization and generally gained from
experience. This knowledge is (or can be) based upon Internal Sources
(Intellectual property, experience knowledge, etc.) and External Sources
(academia, standards, conferences, etc.)
A logical way to think of Organizational Knowledge is for an
organization to define what it produces or the service(s) it provides. From this premise, determine from where
knowledge is gained (engineering, advanced degrees held by employees, specific
skill sets such as welding, sales, management expertise, instrumentation and
production machinery, etc.). Think along the lines of: “This is who we are,
what we do and how we do it…” Never underestimate or overlook sources of knowledge. Results of Nonconformance NCs, Corrective Actions, etc. can lead to lessons learned from failure, lessons
learned from Risk Analysis and from Training
can be a gold mine of information/data that an organization should utilize as a
competitive advantage in that it arose from within and may be looked upon as
unique to competitors in the marketplace.
After a thorough examination of an organization’s structure,
the results can then be categorized as either Internal or External, pursuant to
the standard.
Net Addition #3:
Management of Change
– 6.3
Section 6.3 of the ISO 9001:2015 version sets forth the
requirements for change planning of an organization’s QMS. The requirements of the old ISO 9001:2008 version 5.4.2 are contained in
the new version with a more detailed explanation of the required components.
Planning
of Changes (Section 6.3)
o
All
changes must be carried out in a planned manner
o
Considerations
of planning:
§
Purpose
of the change(s)
§
QMS
health/viability
§
Resources
§
Allocation
of resources
Change
management is a systematic process for dealing with change, accounting for the
considerations of both an organization and an individual. Management of change compels
an organization to consider change in three contexts; adapting to change,
controlling change, and change affects an organization’s QMS. A proactive
approach to dealing with change is at the core of all three aspects. An organization
must be able to define a specific change or change need, and implement
procedures /processes to handle changes it is presented with on a daily basis.
Net Addition #4:
Actions addressing
risk and opportunities – 6.1
Why do we assess for Risk? To provide confidence in an
organization’s ability to consistently provide customers with conforming goods
and services and to enhance customer satisfaction.
·
Required for establishment,
implementation, maintenance and continual improvement of the Quality Management System
(QMS).
·
o
Always been present (but not at the
forefront) in ISO 9001
o
Always part of the “process approach”
to QMS
o
Does more than “replace” preventative
actions-it makes prevention a part of the routine associated with processes
o
DON’T FORGET opportunities – risk can
and should help an organization identify these
·
What is the Risk-Based Approach
requirement?
o
Organizations need to be aware and
understand the context of their organization
o
Clause 6.1 – Risks and opportunities are defined and determined
o
Prevention/preventative action is
controlled and a direct result of risk-based thinking and management of risks
and opportunities (6.1)
·
Planning
(Section 6.1.1 & 6.1.2)
o
Organization must plan actions to
address/recognize risks and opportunities
o
Plan must allow for
integration/implementation actions addressing risk
§ These
actions MUST be evaluated for effectiveness
o
CAVEAT:
As with most of the ISO 9001:2015
standard, no FORMAL risk management program is required – but an organization
must be able to provide evidence that
risk has been planned for and actions taken to mitigate same – a formalized
(documented) program/process would only make sense for best business practices.
Net Addition #5:
Section 8.5.1 Control
of production and service provision
·
The
organization shall implement
production and service provision under controlled conditions.
·
Controlled
conditions shall include, as applicable:
o
(g) the implementation of action to
prevent human error;
How
could such an all encompassing statement (yet vague, nonetheless) be
accomplished –the prevention of human error in a production setting? Think Poka-Yoke, or the mistake proofing of a
production line, team or individual. Think of the adage “safety first”. Remember the new mandate of Section 6.1 – an organization
must address risk and opportunities in everything they do.
Think
about: Reducing the number of steps of a process, “idiot proofing” instruments
or tools for safer and more efficient use.
Think about a hotel key card – only ONE way to correctly use it – all
other avenues of use will fail. Rethink
your organization’s training platform or matrix to include new management skill sets and training for
efficiency of results – not simply results themselves.