With the deadline almost upon us and thousands of organisations still to transfer over to the new ISO 9001:2015 standard, we look at the most common issues companies have been facing when it comes to getting their QMS up to scratch.
Why has the standard been changed?
Every five years, ISO standards are formally reviewed to ensure they remain relevant to businesses through the constantly shifting environment in which they operate. The review process therefore considers aspects such as globalisation, the increasing expectations of customers and consumers and the growing need to monitor and manage risk.
What are the main changes from ISO 9001:2008?
The most obvious change is the transition to a new structure. The intention of this has been to provide some commonality across numerous ISO standards to make it easier for companies to integrate multiple systems (ISO 14001 and soon to be ISO 45001).
There is also a shift to risk-based thinking: whilst there has always been an element of this within the standard there is now a significant focus on this aspect.
What are the main challenges with transition?
Smaller companies within the SME bracket who have been operating under the ISO 9001:2008 standard for several years without issue are now finding themselves in a position where they no longer comply, and with the deadline fast approaching transition can seem like an impossible bridge to cross.
Organisational context – internal and external issues
Most companies have an intuitive grasp of the risks and mitigation strategies that affect their business, but have never had the need to document them. Now, faced with requirements and clauses requiring organisational context and internal and external issues documenting them can seem daunting.
Clause 4.1 of ISO 9001:2015 requires the organisation to:
… determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.
and that the organisation shall
monitor and review information about these external and internal issues.
The standard simply requires an organisation to look at the bigger picture, and utilise a structured way of assessing the risks to business success and identifying opportunities. The size of the organisation will determine how detailed and extensive the process needs to be. However, undertaking a SWOT analysis or PEST(LE) analysis and capturing subsequent actions can be sufficient to comply with these new requirements.
The latest standard provides a far less prescriptive approach to its documented requirements. We have heard several companies saying, ‘You no longer have to have a quality manual,’ which is in essence entirely true: it is not, however, an instruction to ditch it at the first opportunity.
The standard simply provides companies with more flexibility as to how they demonstrate they meet the requirements. Using the manual to cover various aspects of the standard may well remain the most appropriate way for your business. If so, don’t simply remove it because you can – you may find the work required to replace it and still comply is considerable!
The new standard places a greater responsibility on the leadership team within a business to take a more active role within the QMS. While organisations are expected to appoint a representative to manage the QMS activities, the ultimate responsibility must now remain with the management team.
Implementing regular management reviews, involving management in quality inspections and tours and establishing appropriate, quality-related KPIs for the management team are simple ways to ensure leadership engagement with the QMS.
One thing we hear time and time again is how fed up firms are with their consultants! We can provide a free consultation and gap analysis to guide you through the process: as an established business consultancy we provide assurance, honesty and the support you require. Visit our dedicated consultancy site to find out more.