What is Organizational Knowledge in ISO 9001:2015?
The FDIS of the ISO 9001:2015 clause 7.1.6 states ‘The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. The knowledge shall be maintained and made available to the extent necessary.’
Additionally, risk has become a more explicit integral part of the management system. How does this apply to section 7.1.6 which identifies the requirements for organizational knowledge and what does it mean for your management system and organization?
What is Organizational Knowledge?
First, it’s important to understand what is the meaning of knowledge. Knowledge is defined by Merriam-Webster as ‘the fact or condition of knowing something with familiarity gained through experience or association’. So organizational knowledge is the knowledge that is specific to your organization which is gained by experience or association. This knowledge is typically found in many different formats including formal internal or external documentation, embedded know-how in processes, informal personal notes, or the good ole tribal knowledge. It can be shared with all of the organization, externally from the organization, within specific groups, areas or processes, or only be possessed by an individual who has the ‘know-how’.
As an organization it will be required to determine what knowledge is necessary for the operation of its processes. This may include the knowledge of repairing or operating machinery, operating an Enterprise Resource Planning (ERP) system, performing complicated design analysis, diagnosing processing challenges, inspecting products, or understanding an organization’s product line to name just a few. There is not a department, operation or process within your organization that does not require knowledge.
What is the Risk of Losing the Knowledge?
The risk to the processes if the knowledge was no longer available could be insignificant or it could be catastrophic. What is the likelihood that the information will not be readily available or corrupted in the future? Would the conformity of your products or services be compromised? Could you easily recover or would it take some effort and time? These, along with many others, are all risks that will need to be considered.
You will also need to consider the format of this knowledge. If it is in the form of documented information that is controlled, possibly on a server that is backed up regularly, your risk of losing the knowledge or it being changed is minimal. However, if this knowledge is resident with only one person and not documented in any fashion the risk is great that the process will suffer if that person is not available. Likewise, if the knowledge is kept as ‘tribal knowledge’ it may not be easily or consistently transferable to personnel that are new to the process. There is also a risk that this knowledge is corrupted as it’s transferred. This is similar to the old telephone game where a message is whispered from one person to the next so by the time the last person says it, it has changed from peas to bees to knees to cheese to fleas and the initial message is lost. This obviously will introduce variation into the process and as such conformity may be effected.
Now it’s important to note that not every little bit of knowledge and information will need to be documented or directly transferable. In many cases it’s not practical or the benefit doesn’t outweigh the cost. Instead these are factors that should be considered during the risk assessment process.
It will be imperative that an organization performs its due diligence through risk management when determining what knowledge is necessary and how it is maintained and made available.
Cavendish Scott is currently working with organizations developing solutions and implementing ISO 9001:2015. If you have any questions about ISO 9001:2015 feel free to contact us here.