Content Changes in ISO 9001:2015

PlanningWhile the technical committees may yet change the content of ISO 9001:2015, it is unlikely that they will change much of the content dictated by Annex SL. This provides for a common language for all management system standards, usually in the area of supporting processes. While this update is filled with politics and positioning, complicated by different languages and motives, a consistent Annex SL language is still likely. Consequently, we have a pretty good idea of what these common areas will say in ISO 9001:2015.

Overview

Content changes in Annex SL range from simple terminology adjustments to completely new requirements. However, even some of the seemingly significant changes still don’t change the intent or spirit of the standard.

For instance, document control is now “documented information.” Annex SL does a better job than ISO 9001 of including both records and documents in that definition, but the language is different and seemingly more confusing and complicated than it was. Despite this, careful comparison of ISO 9001:2008 and Annex SL show that the requirements are almost exactly the same.

Other changes are more significant: ISO has removed “preventive action” and added “risks and opportunities.” While it is not possible to say with certainty that ISO always intended “preventive action” to be seen as “risks,” it surely is the most sensible interpretation. This may require organizations to generate new processes, new procedures, and new training and records to meet those processes, but the outcome should be beneficial to all organizations.

While it’s too early to look at most of the ISO 9001:2015 changes, because it is in Annex SL, the change from “preventive action” to “risks and opportunities” is certain.

Below is a brief review of some of the more predictable changes to the ISO 9001 content for 2015. This article will focus only on the seven sections we expect to change and does not cover sections one, two or ten of the ISO 9001 for 2015 content.

Section 3: Definitions

Definitions are not included in the current version of ISO 9001, but they will appear in the 2015 version. Here are a few choice definitions, defined in Annex SL, that the ISO 9001 committee will probably follow. They should give insight into some of the future ISO 9001 requirements.

  • 3.02 Interested Party
    • Person or organization that can affect, be affected by or perceive themselves to be affected by a decision or activity
  • 3.09 Risk
    • Effect of uncertainty
      Note 1: An effect is a deviation from the expected—positive or negative.
      Note 2: Uncertainty is the state, even partial, of deficiency of information related to understanding or knowledge of an event, its consequence, or its likelihood.
  • 3.11 Documented information
    • Information required to be controlled and maintained by an organization and the medium on which it is contained
      Note 1: Documented information can be in any format and media and from any source.
      Note 2: Documented information can refer to the:
      • management system (3.04), including related processes (3.12)
      • information created in order for the organization to operate (documentation)
      • evidence of results achieved (records)
  • 3.13 Performance
    • Measurable results
      Note 1: Performance can relate either to quantitative or qualitative findings.
      Note 2: Performance can relate to the:
      • management of activities
      • processes (3.12)
      • products (including services)
      • systems or organizations (3.01)
  • 3.14 Outsource
    • To make an arrangement where an external organization performs part of an organization’s function or process
      Note 1: An external organization is outside the scope of the management system although the outsourced function or process is within the scope.

Section 4: Context of the organization

Similar content exists within the current 9001, but this whole new section expands upon those requirements, ensuring the quality management system is truly integrated into the organization. Experience has shown that too many organizations address the standard but don’t integrate their ISO into their organization, so it ends up being a separate system. These explicit requirements encourage people to have a single, effective management system.

• 4.2 Understanding the needs and expectations of interested parties

This implies that the quality management system will have to account for much more than just the customer’s needs. It might need to address the requirements of shareholders/owners, management, employees and possibly even the public in some organizations.

While it could remain that the organization defines the customer as the only interested party for the purposes of quality, this section opens the system up for much broader application. It will be important for organizations to define this clearly, or they may expose themselves to challenges from auditors. This doesn’t necessarily mean more work in the QMS, however, and from a positive perspective, it may help bring in issues that were previously considered excluded.

Section 5: Management

On first view, the new section 5 stays true to current management requirements.

• 5.1 Top management shall demonstrate leadership and commitment

However, the addition of one word, “leadership,” is particularly interesting. Leadership and what that means has been debated in management books for years. Furthermore, there is no definition of leadership in the standard, so this might cause a lot of different applications . The solution is to define, perhaps in a quality manual, what this means to “our” organization and to implement it. Without a strong internal definition, organizations leave themselves open to the interpretation of the auditor and what he thinks this should mean.

Section 6: Planning

Risks and opportunities are part of a formal process, introduced here under the planning section. They require most organizations to establish new processes. The focus on “opportunities” is a good way to include improvement during the review—that is, to identify problems and risks—and puts a more positive spin on the requirement.

In truth, this is a good requirement and should lead to meaningful, proactive outcomes in most organizations. Organizations that complain that they are too simple to need something like this should find that, if they really are that simple, or that good, this process won’t take them very long.

• 6.1 Actions to address risks and opportunities

When planning for the management system, the organization should consider the issues referred to in 4.1 (context of the organization) and the requirements referred to in 4.2 (needs of stakeholders) to determine the risks and opportunities to be addressed. According to the new content, this means:

    • assuring the management system can achieve its intended outcome(s)
    • preventing, or reducing, undesired effects
    • achieving continual improvement

The organization shall plan:

a) actions to address these risks and opportunities, and
b) how to integrate and implement the actions into its management system processes and how to evaluate the effectiveness of these actions

Section 7: Support

The new structure introduced by Annex SL confirms that management systems are made up of processes that tend to reflect the purpose of the system, and supporting processes that back all systems in the organization. Because supporting processes are common for different management systems, technically, this section, which covers familiar content, such as document and records control, is the top reason Annex SL was created.

7.4 Communication

The organization shall determine the need for internal and external communications relevant to the management system, including:

    • what it will communicate
    • when to communicate
    • with whom to communicate

Communication is currently in ISO 9001 although few organizations address it in a practical or process-oriented way: most simply declare that communication happens and mention that it includes meetings and emails. This is probably not what ISO 9001:2008 intended. Rather, it was looking for management to define communication needs and then fulfill them. This requirement is now more explicit and appears to push for a process that generates and implements communication plans.

While this approach is a little new for ISO 9001, it has been a strong requirement in 14001 and 18001 for a long time. In simple organizations, it is a simple process.

Section 8: Operations

This section in Annex SL addresses the purpose for the management system standard. In 9001 that purpose is quality. There is little to talk about quality here, however, because Annex SL recognizes that this section inherently relates to quality, or whatever the purpose of the management system standard is. The details are left for the individual committees to fill in.

Section 9: Performance Evaluation

Aside from minor changes, section 9, which covers measurement and monitoring, contains requirements similar to what we saw in ISO 9001:2008.

What does this mean?

If an organization has not adopted a process approach and does not have a truly integrated ISO system, then the impact of these changes may, in fact, be substantial. For those organizations that understood this approach and already follow these principles, it is not anticipated that the changes related to Annex SL will require too much hard work.

That said, organizations will want to update their documentation to include the new structure and language that a new version of ISO 9001 calls for. Adopting a new language is important, as it helps maintain consistency and shows customers that your system is current. These changes also offer an opportunity to review the complete system and make improvements.

Though, generally, the requirements introduced by Annex SL are straightforward, many parts of ISO 9001—mainly the requirements that focus on quality management—are not substantially controlled by Annex SL. We will have to wait for the standard to develop before we truly know what these changes are and whether they are significant.

Our final article will look at the quality-related system requirements that are not governed by Annex SL and predict what might happen, offering a better picture of what ISO 9001:2015 might look like.

Cavendish Scott, Inc. has been working with ISO for over 25 years. We have used a common-sense, practical, process-based approach long before it was mentioned in the standard in 2000. We have been there through many standard changes and are careful about the interpretation and implementation of new systems. When the standard is finally published, we will provide tools, training and standard packages for updating your systems.