Upgrading a quality management system to ISO 9001:2015.
Scope of the changes
ISO 9001:2015 places much greater emphasis on the organisation using its quality management system (QMS) to help manage business risk than did the old ISO 9001:2008. It does this by expecting the organisation to assess its position within the business and social landscape, which the standard calls “context”. The new standard also expects the organisation to assess the needs of, and its response to, relevant persons and organisations that are affected by its activities, which the standard calls “interested parties” but are more commonly referred to as stakeholders. The scope of the QMS, the quality policy and quality objectives need to be more closely aligned with the organisation’s context and interested parties, so has a much more strategic focus.
The HSQE Department has always always had a policy that management systems should take stakeholders into account and that they should address business risk, so the changes for our existing customers will be relatively minor. The only documents that ISO 9001:2015 makes compulsory are Scope, Quality Policy & Quality Objectives but, as we find that customers prefer to work with more than this, we have no plans to change our approach beyond addressing some of the new requirements. Our internal audit schedule for 2016 & 2017 has been written to pick up the changes and to prepare customers for certification ISO 9001:2015 during 2017.
Clauses of the new standard to focus on
There has been some extensive re-wording of some well established requirements, but the following clauses of ISO 9001:2015 are the ones that have the ability to affect our existing clients the most:-
4.1 “Understanding the organization & its context”
This clause can be addressed by carrying out a strategic review of the business and then keeping it up to date. Suitable tools for this are the SWOT (strengths, weaknesses, opportunities & threats) analysis &/or PESTEL (political, economic, societal, technological, environmental & legal) analysis.
4.2 “Understanding the needs & expectations of interested parties”
Interested parties can include any individual, group or organisation such as suppliers, customers, neighbours, the public and regulators that is affected by the activities wrapped up within the scope of the ISO 9001:2015 QMS . This clause can also be addressed through the SWOT &/or PESTEL analysis, provided that third party risks and needs are taken into account.
4.3 “Determining the scope of the quality management system”
This is a mandatory written document. The paragraph on scope in our clients’ current QMS Manuals may not satisfy this clause entirely and will need to be reviewed. However, this shouldn’t be done until the evaluation of context and interested parties has been carried out.
4.4 “Quality management system & its processes”
This clause of ISO 9001:2015 implies the need to formally map the main processes of the business. A suitable tool or this would the S.I.P.O.C diagram (suppliers, inputs, processes, outputs & customers) and the QMS Manual would benefit from a flow diagram that maps the company’s activities in more detail.
5.2.1 “Establishing the quality policy”
This is another mandatory written document. As for 4.3. it would be advisable to make a commitment to meeting relevant environmental and safety legislation, because this is part of managing business risk.
5.2.2 “Communicating the quality policy”
There is a greater emphasis on the workforce understanding the policy statement, but a tool-box talk would be a good way to communicate the policy and record that this has been done.
6.1 “Actions to address risks and opportunities”
The SWOT/PESTEL analysis identifies the risks and opportunities that the organisation faces. Action plans need to be proportionate to the risks and opportunities that have been identified and one way of demonstrating that proportionality has been taken into account would be to quantify risks using HACCP (Hazard Analysis & Critical Control Point analysis), FMEA (failure mode effects analysis) or another process similar to assessment of environmental aspects and H&S risk.
6.2 “Quality objectives and planning to achieve them”
This is the third mandatory written document. Objectives will need to be reviewed to ensure that they are aligned with the policy. There is a greater emphasis on objectives following the S.M.A.R.T model (specific, measureable, achievable, relevant & time-defined”, so now must define a target date to completion.
7.1.6 “Organisational knowledge”
This is an important development of the QMS under ISO 9001:2015, which implies that information sources will need to be managed more formally than some companies do at the moment. For example, engineering companies that work with a range of electrical and mechanical standards, to satisfy CE marking requirements, would benefit from a formal register and review for updates. There is likely also to be a need for succession planning or information sharing where important information is held by a single person or small group of people.
Can be simply covered by tool-box talks or similar briefing methods.
8.1 “Operational planning & control” clause (e)
This clause of ISO 9001:2015 requires documented evidence that work has been completed as planned, but could be satisfied in a number of ways, for example by using hand-over certificates, end of project reviews, closure meetings or site audit reports.
8.3 “Design & development of products & services”
The new standard does not permit “exclusions”, but organisations can justify why a particular clause isn’t applicable. Design & development is now a mandatory section and the organisation will need to show how it fits into the wider design & development process. This doesn’t have to be documented though.
8.4 “Control of externally provided processes, products & services”
Clause 8.4.3.e requires that the means of control and monitoring by the company, of its providers, is communicated to them.
8.6 “Release of products & services”
The standard now requires documented evidence that a product or service has been checked against the agreed requirements and that it has been approved for hand-over.
8.7 “Control of non-conforming outputs” clause (2)
This clause requires documented evidence of non-conformances identified before hand-over, actions taken, any concessions and the person deciding on the actions.
9.3 “Management Review”
c.2 Progress towards achieving quality objectives will need to be documented in more detail
c.3 & c.5 Within the construction industry, site visit reports will need to be analysed and discussed
e The SWOT/PESTEL analysis will need to be added to the agenda and reviewed