Tuesday, February 23, 2016

New Standard ISO 9001:2015 has the same Requirements as ISO 9001:2008

Yes, the New Standard has the same (V. ISO 9001:2008) Requirement,  
Plus Net Additions to ISO 9001:2008

The release of the Final Draft International Standard of ISO 9001:2015 has created a great deal of hand wringing and argument that many requirements of the ISO 9001:2008 standard have been deleted, abandoned and/or lessened.  Some people believe that an organization no longer needs to have a Quality Manual, Quality Objectives, or the six required procedures for their respective Quality Management Systems.  Reality: Nothing could be further from the truth. The fact is that the ISO 9001:2015 standard does not reduce any requirements. It does require them in a different language, and does require/ empower the organization to decide the details.

Quality Institute of America (QIA) has been providing a series of articles to help people who wish to understand the new standard. These are divided into five groups: Group 1 provided an Introduction to the ISO 9001-2015 standard. Group 2, provided a thorough understanding of the new standard by referencing the old version, and pointing out how the new standard essentially has the same requirement with a different twist and location in the new standard.

The ISO 9001:2015 version actually has net additions to the old (ISO 9001:2008) version. This article is the first in the Group 3, and introduces you to a summary of the additions. It will be followed by full length articles on the various additions.

Group 4 will have some articles on how to implement the new ISO 9001:2015, and Group 5 will have some articles to help you audit to the new standard, or face audits to it.
We are presenting these articles through various channels, but principally through our web-sites: http://www.qi-a.com/Articles.aspx as well as our blog page: https://plus.google.com/u/0/b/114348208229269811700/+QualityInstituteofAmericaHouston/posts/p/pub

Net Addition #1:

4.1 Understanding the Organization and its context
The Organization shall determine external and internal issues that are relevant to its purpose and strategic direction ant that affect its ability to achieve the intended result(s) of its Quality Management System (QMS).

The Organization shall monitor and review information about these external and internal issues.
Context of an Organization refers to the scope of a thing, either an Organization as a whole, or its sub-parts such as divisions, locations, departments or an individual employee’s job title.

The new ISO 9001:2015 standard sets forth what an Organization shall monitor and review, but is not specific on the details of how to monitor/review, what is to be done with this data and where an Organization should keep or store the data.  Data analysis (Section 9.1.3) and Organizational knowledge management (Section 7.1.6) are the sections for addressing the requirements of Section 4.1. Section 9.1.3 mandates that an Organization shall analyze and evaluate appropriate data/information arising from monitoring and measurement in order to evaluate the data/information for various effects upon the Organization’s QMS.

Section 7.1.6 requires an Organization to determine (by monitoring and/or measuring) the knowledge necessary for the operation of its processes and to achieve conformity of its products and services.
Unlike the old standard, the new one expects you to understand your organization's context before you establish its QMS. When ISO 9001:2015 asks you to understand your organization's context it wants you to consider the external and internal issues that are relevant to its purpose and strategic direction and to think about the influence these issues could have on its QMS and the results it intends to achieve.

Net Addition #2:

Organizational Knowledge – 7.1.6
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. This knowledge shall be maintained and be made available to the extent necessary.When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates.

Organizational knowledge has been defined as an asset of a company to which no value can be named (Businessdirectory.com). In other words, it is (or can be) priceless to an organization.  Organizational Knowledge is knowledge specific to the organization and generally gained from experience. This knowledge is (or can be) based upon Internal Sources (Intellectual property, experience knowledge, etc.) and External Sources (academia, standards, conferences, etc.)

A logical way to think of Organizational Knowledge is for an organization to define what it produces or the service(s) it provides.  From this premise, determine from where knowledge is gained (engineering, advanced degrees held by employees, specific skill sets such as welding, sales, management expertise, instrumentation and production machinery, etc.). Think along the lines of: “This is who we are, what we do and how we do it…” Never underestimate or overlook sources of knowledge.  Results of Nonconformance NCs, Corrective Actions, etc. can lead to lessons learned from failure, lessons learned from Risk Analysis and from Training can be a gold mine of information/data that an organization should utilize as a competitive advantage in that it arose from within and may be looked upon as unique to competitors in the marketplace.

After a thorough examination of an organization’s structure, the results can then be categorized as either Internal or External, pursuant to the standard.

Net Addition #3:

Management of Change – 6.3

                Section 6.3 of the ISO 9001:2015 version sets forth the requirements for change planning of an organization’s QMS.  The requirements of the old ISO 9001:2008 version 5.4.2 are contained in the new version with a more detailed explanation of the required components.
Planning of Changes (Section 6.3)

o   All changes must be carried out in a planned manner
o   Considerations of planning:
§  Purpose of the change(s)
§  QMS health/viability
§  Resources
§  Allocation of resources

Change management is a systematic process for dealing with change, accounting for the considerations of both an organization and an individual. Management of change compels an organization to consider change in three contexts; adapting to change, controlling change, and change affects an organization’s QMS. A proactive approach to dealing with change is at the core of all three aspects. An organization must be able to define a specific change or change need, and implement procedures /processes to handle changes it is presented with on a daily basis.

Net Addition #4:

Actions addressing risk and opportunities – 6.1
Why do we assess for Risk? To provide confidence in an organization’s ability to consistently provide customers with conforming goods and services and to enhance customer satisfaction.
·         Required for establishment, implementation, maintenance and continual improvement of the Quality Management System (QMS).
    What is Risk-Based thinking?
o   Always been present (but not at the forefront) in ISO 9001
o   Always part of the “process approach” to QMS
o   Does more than “replace” preventative actions-it makes prevention a part of the routine associated with processes
o   DON’T FORGET opportunities – risk can and should help an organization identify these
      What is the Risk-Based Approach requirement?
o   Organizations need to be aware and understand the context of their organization
o   Clause 6.1 – Risks and opportunities are defined and determined
o   Prevention/preventative action is controlled and a direct result of risk-based thinking and management of risks and opportunities (6.1)

·         Planning (Section 6.1.1 & 6.1.2)
o   Organization must plan actions to address/recognize risks and opportunities
o   Plan must allow for integration/implementation actions addressing risk
§  These actions MUST be evaluated for effectiveness
o   CAVEAT:  As with most of the ISO 9001:2015 standard, no FORMAL risk management program is required – but an organization must be able to provide evidence that risk has been planned for and actions taken to mitigate same – a formalized (documented) program/process would only make sense for best business practices.

Net Addition #5:

Section 8.5.1 Control of production and service provision
·         The organization shall implement production and service provision under controlled conditions.
·         Controlled conditions shall include, as applicable:
o   (g) the implementation of action to prevent human error;
              How could such an all encompassing statement (yet vague, nonetheless) be accomplished –the prevention of human error in a production setting?  Think Poka-Yoke, or the mistake proofing of a production line, team or individual. Think of the adage “safety first”.  Remember the new mandate of Section 6.1 – an organization must address risk and opportunities in everything they do.

               Think about: Reducing the number of steps of a process, “idiot proofing” instruments or tools for safer and more efficient use.  Think about a hotel key card – only ONE way to correctly use it – all other avenues of use will fail.  Rethink your organization’s training platform or matrix to include new management skill sets and training for efficiency of results – not simply results themselves.