ISO 9001:2015 – The Best Thing for Top Management Since Ambien

By Matt Leiphart

reassuring handThe best top management sleep aid ever invented may be ISO 9001:2015. I’m not talking about the text, which induces Droopy Eyelid Syndrome. The biggest changes in the new version of ISO 9001 are designed to address top management’s concerns BEFORE problems arise. When systems are in place to prevent problems, top managers feel safe, secure, cared for, nurtured, and they sleep like babies.

I have been around my share of top managers over the years. Those who reach the upper echelons of organizations typically have one or more of the following things on their minds at any given time:

  • Achieving Results
  • Keeping Important Constituencies Happy
  • Monitoring Progress
  • Effectively Controlling Operations

Achieving results is about understanding the end in mind, defining where the organization is going, having a keen eye for what will get the organization there, and addressing issues that could get in the way. Section 4.1 of ISO 9001:2015 goes right to the heart of the matter. Read section 4.1, it’s all there. Take an organization’s purpose, strategic direction, and intended results, then determine the external and internal issues that are relevant to achieving those ends. ISO 9001:2015 calls this, “Organizational Context.” Whatever you call it, if there are unknowns in these areas, or if the issues are not clear and on the table, top management gets nervous.

Wouldn’t it be nice if an organization could just chug along without anyone getting in the way? Well, this is reality, and top management knows while, “Customers pay the bills,” other parties affect an organization’s performance. While it seems everyone wants something, some of those parties are critical, and we have to address their requirements, even if their hats say something other than, “Customer.” Section 4.2 of ISO 9001:2015 addresses these, “Interested Parties.” Define the parties that have an impact (or potential impact) on providing products and services, and determine the requirements of those interested parties. Top management understands these parties are critical to success. Now ISO 9001:2015 supports top management in meeting the needs of these interested parties. I can hear that top dog now, “I won’t be alone addressing what these people want anymore!” followed by a big relaxing sigh.

The biggest benefit for top management is in risk-based thinking. While it’s nice to understand organizational context and requirements of interested parties, the power in the new standard is designing the management system around the unique issues, requirements, risks, and opportunities of a given organization. What gets done will be based on what’s important, identified through a robust process of evaluation, monitored on a regular basis, and revised when events require a different approach. Stagnation is not an option. The evaluation in section 4 of the standard comes together in sections 6.1 and 6.2, where risks and opportunities are identified, and objectives are set. If the old version of ISO 9001 was a rudder to help steer, ISO 9001:2015 adds a weather vane, a compass, a map, and a bullhorn.

This brings us to monitoring progress. Sure, ISO 9001 has always had elements of measurement and data analysis, but this new version takes the concept to an entirely new level. Requirements for monitoring, measurement, analysis and evaluation are all over the place. Similar to the 2008 version, there is one section (9.1) that directly addresses the requirements. Unlike the 2008 version, the 2015 version incorporates references in many other places identifying what must be monitored, measured, analyzed, or evaluated. I counted over 25 references in other sections to the requirements in section 9.1. Previously the approach was, “Monitor and measure what you think is important.” Now the requirements are much more prescriptive, comprehensive, and thorough. When it comes to monitoring progress, top management has a friend in ISO9001:2015

Operational controls have not changed dramatically in the new version of ISO 9001. There are some changes around the edges of the operational controls that will give top management more support than before. There are new requirements around managing changes, both planned and unplanned. “Knowledge” is now something that must be determined and made available. “Competence” is the focus of what used to be considered training. More prescriptive requirements have been imposed on communication processes. Controls on service provision from external sources (think to outsource, consulting, or contracting) are now explicitly called out. Control of nonconformance now includes, “nonconforming process outputs,” not just nonconforming products. While none of these enhancements are game-changers for top management, these revisions shed light on blind spots that existed with the 2008 version.

Let’s recap, based on what makes top management coo:

  • Drop back and see the big picture, then identify the external and internal issues that could help or hinder the organization in achieving its intended results, purpose, and strategic intent. – Check.
  • Identify the entities that your organization affects (or could affect). Define the requirements of those interested parties, and consciously decide if those parties and their requirements are relevant to the management system. – Check.
  • Identify the risks and opportunities related to the big picture, external and internal issues, and requirements of interested parties. Make plans to mitigate the risks, optimize the opportunities, and then define controls and methods of monitoring performance related to the risks and opportunities. – Check.
  • Implement specified methods of operation and controls surrounding operations so what is supposed to get done gets done – correctly. Include processes to handle expected and unexpected changes so in case deviations occur the outcomes still satisfy requirements. –Check.

It’s all there. A results-focused management system focused on the critical parties for each organization, with operational controls and monitoring methods to stay on track (and get back on track quickly if need be). Now all you have to do is bend top management’s ear, tell them how ISO 9001:2015 is just what their pillow ordered.

Cavendish Scott, Inc. has been consulting, training, and auditing in ISO 9001 and related standards for over 30 years. We’ve seen the standards evolve over time, and are excited about the direction we see with the pending revisions. We stand ready to assist you with training opportunities, consulting solutions, and auditing/gap analysis/project planning packages. We welcome the opportunity to speak with your top management to help them see the advantages of risk-based thinking.

We are always accurate and professional and generate meaningful management system solutions. We guarantee successful certification in a non-bureaucratic, value-added way. For more information contact us at

Avoid Famous Mistakes with ISO 9001 - Avoid the most common mistakes with our free eBook