Structural changes to ISO 9001:2015

iso-certification-processPerhaps the most significant change we will see in ISO 9001:2015 is the new structure. Such a significant change might be a little concerning because of the extensive history of the ISO 9001 structure, but the reason for the change makes sense: to adopt the common approach outlined in Annex SL, the new document that all ISO management system standards, including ISO 9001, ISO 14001 and the recently released ISO 27001, must follow.

Currently, ISO 9001 contains 8 sections, of which four attempt to approximate “plan, do, check, act.” While this structure has pros and cons, it is one we are used to. The new structure, based on Annex SL, has 10 sections four of which also approximate to “plan, do, check, act.” All new management system standards will have this common structure. Here is the new structure:

  1. Scope
    This section describes the scope of the management system standard and will be unique to the individual standard.
  2. Normative References
    This section references other relevant standards, which are indispensable for the application of the document and will also be unique.
  3. Terms and Definitions
    Section three contains definitions, and while some of these are common terms related to Annex SL, other definitions will be unique to the management system standard.
  4. Context of the Organization
    This part is about understanding the organization’s purpose, the management system and who the stakeholders are. It describes how to set up the management system and is similar in some respects to the old section 4 except that it explicitly requires a broader understanding of the situation and needs of the business.
  5. Leadership
    This section provides requirements for commitment, policy and responsibilities. This section is similar to the old section 5 on Management but the emphasis is perhaps more on leadership than just management. This is a “soft” requirement and it will be interesting to see how it develops.
  6. Planning
    Planning is now a section on its own. Planning was always covered by the current standard in sections 4.1, 6.1, 7.1 and 8.1 but the new structure includes risk (which is now a clear requirement) and opportunities, the setting of goals and objectives to achieve plans, and resources. Interestingly, risk was introduced in AS9100 (the aerospace version of ISO 9001) in a similarly limited manner. In the latest version of AS9100, however, risk was expanded and defines a number of specific requirements/activities for a risk process. It will be interesting to see whether ISO will leave the requirement for risk as a general requirement as defined in Annex SL or whether it will take AS’s lead and expand it. This planning section also requires a greater application of goals and objectives to integrate with the management system’s planning and operation to generally facilitate success of the organization.
  7. Support
    The support section includes most of the expected support processes that exist in an organization and which are covered in the current ISO standard. Human resources is renamed as “competence”, and communication, which will require a new approach in most organizations, is given its own section rather than a mention as a management responsibility. Finally, document control has been renamed “documented information.” It now covers both procedure/document control and records control.
  8. Operation
    This is a relatively short section, which essentially says “Do a good job” at whatever your management system is trying for. In the case of ISO 9001, that is quality and in the early drafts we have seen of ISO 9001, significant familiar content is added here including design, customers, purchasing and production/service (although many of the sections have new titles).
  9. Performance Evaluation
    The section on evaluation includes monitoring, measurement and analysis, internal audits and management review. All familiar topics with some subtle changes.
  10. Improvement
    Improvement covers nonconformity and corrective action, as well as continual improvement, all of which are outlined in section 8 of the current standard. There is no preventive action section any more as effectively it is replaced by “risk” under planning – improvement is now defined as a proactive planning activity.

So what does this change in structure mean? Firstly, it is worth mentioning that this is Annex SL, which recommends a structure to the people re-writing 9001. It is not mandatory to stick with this structure and the ISO 9001 writers may decide to change it. However the further they drift from it, the more isolated their standard will be from similar standards. It is reasonable to expect (and we have seen this in the current committee draft) that this structure (and content) will be substantially adopted. The structure of the standard we see in the committee draft, which has been described above, probably won’t change much.

The new structure will have limited impact on existing systems. Technically, the content of the requirements is what will cause most of the changes to our management systems. The structure changes mean that a new document review, or a cross reference document linking each of the requirements in the standard to the documentation, will have to be completed. While many organizations have one of these, it is less likely that they maintain it, so the completely new structure will offer organizations the opportunity to double check the conformance of their existing documentation.

There are many systems out there that have taken the structure and numbering of the current system. if that is not changed to this new structure then these organizations may be seen by their customers as operating out of date systems.

While a lot of the content is the same in spirit as that found in the existing ISO standard, terminology has changed and will need to be double checked, and ultimately, some of the new content will require a few new processes.

There is some debate about how auditors will look at this. In its transition training document for Annex SL, IRCA requires retraining of the audit approach. This is surprising. While the standard does appear to provide a greater emphasis on management commitment, leadership, strategy and inclusion of the organization as a whole, many of these concepts were already in ISO 9001. Good auditors were always auditing while focusing on these requirements, and good organizations already recognize ISO 9001 as a tool for organizational success.