ISO 9001:2015

Are youready?

www.softexpert.com

The International Organization for Standardization

(ISO) has published a major revision of its ISO

9001 standard. This standard is internationally

recognized and defines the principles for quality

management systems.

The review was presented in September 2015. It

includes a number of important changes for

organizations that already hold ISO 9001

certification, as well as for those seeking to

develop and implement a quality management

system.

www.softexpert.com

The foundation of the standard has undergone considerable evolution over the 25 years

since its original publication. Therefore, the ISO 176 Technical Committee responsible

for ISO 9001, determined that its revision was necessary.

Thus, the standard remains relevant to the most current quality management practices.

Why has

ISO 9001been revised?

www.softexpert.com

ISO 9001:2008 will be recognized and

can be audited to until the end of the

three-year transition period for ISO

9001:2015 (expected September 2018).

All organizations must transition to the

new standard by the transition deadline

at which point certificates for ISO

9001:2008 will no longer be valid.

How long will

ISO 9001:2008

continue to be

recognized and

audited to?

www.softexpert.com

July - October 2014: Comments on DIS submitted

July 2015: Final Draft International Standard FDIS issued

September 2015: ISO 9001:2015 released

September 2015 - September 2018: Transition period. All current registrations to ISO 9001:2008 must be transitioned to the 2015

revision by this time, or they will lapse.

What is the timeline for publication and implementation of ISO 9001:2015?

June/13 CD(Committee Draft)

April/14 DIS(Draft Internacional

Standard)

July/15 FDIS(Final Draft

InternacionalStandard)

Sept/15Published

InternationalStandard

www.softexpert.com

Companies currently certified by ISO 9001: 2008

should carefully review the changes and draw up a plan

to implement the changes to their QMS in response to

new requirements.

How organizations ISO 9001:2008 certified are being affected by changes?

www.softexpert.com

The three standards are under review status or review completed. The proposed changes to

each standard considered those using more than one standard. In the future, organizations will

see a much more aligned and facilitated process of integrating standards. However, the

publication date of each standard is different.

My integrated system also includes the useof ISO 14001 and OHSAS 18001. Will thechanges made to ISO 9001 affect my systemand how I will need to transition to the newrequirements?

www.softexpert.com

ISO 9001:2015 and ISO 14001:2015 are more closely aligned than ever. Both standards use the same high-level

structure defined in Annex SL.

Approximately 30% of the language of the two management system standards is the same. ISO 14001: 2015

was published in September / 2015.

ISO 14001 was also revised along with ISO 9001. How the changes affect organizations using both standards?

ISO14001

www.softexpert.com

Changes to the Standard

www.softexpert.com

ISO 9001:2015 does not require a quality manual. The

question each organization should consider is whether or not

having one is beneficial to the organization. If it is used as

intended in 9001:2008 - an introduction to the management

system that acts as a guide or roadmap to the overall system -

then by all means have one.

Is the quality manual still mandatory for ISO 9001:2015?

www.softexpert.com

Annex SL is a high-level structure created by ISO in order to provide a

universal high-level structure, identical core text, and common terms

and definitions for all management system standards. It was

designed to make it easier for organizations that have to comply with

more than one management system standard.

Annex SL has a total of 45 “shall” statements resulting in 84

requirements. By the way, the “SL” in Annex SL doesn’t mean

anything. It’s just part of ISO’s numbering scheme.

What is Annex SL?

www.softexpert.com

The revision of the standard has withdrawn the requirement of a

representative appointed by management. But the responsibilities

assigned to the role remain. The management system still needs

a representative and a spokesperson. This does not mean that

this person should automatically be the quality manager. Ideally,

these responsibilities would be shared with a member of the

leadership team. Once the management system is implemented,

that person's role is to be a facilitator of continuous improvement.

What does ISO 9001: 2015 say about the management representative?

www.softexpert.com

Risk-based thinking is one of the most significant changes in the

new standard. In previous versions of ISO, quality team people were

often responsible for dealing with problems through preventive

actions in an attempt to prevent their recurrence. The problem is that

the quality team was not always able to map problems that affect

the organization at the macro level, compromising continuous

improvement.

With the new version, ISO is concerned with involving the leaders,

bringing the thinking of risk already in the planning stage and

strategy definition. With everything previously analyzed, the goal is

that the risks of the process are already under control.

By identifying and dealing with potential dissatisfactions or process

failures in advance, problems are prevented from reaching

customers.

What is “Risk-Based Thinking”?

www.softexpert.com

Three main reasons to adopt “risk based thinking”:

•To improve customer confidence and satisfaction

• To assure consistency of quality of goods and services

• To establish a proactive culture of prevention and improvement

Why should an organization adopt “Risk based Thinking”?

www.softexpert.com

An organization could certainly apply the full requirements of a risk

management system as defined in ISO 31000 and more than meet

the requirements for risk based thinking in ISO 9001:2015. The

standard does not require a full risk management approach but

rather the organization must identify, understand and consider their

business environment in a broad sense and the potential risks they

face. Equipped with this information, the organization should then

design and implement a management system to eliminate,

minimize and control these risks.

Would meeting the risk management requirements in ISO 31000 satisfy the risk management requirements in ISO 9001:2015?

www.softexpert.com

The new standard is still built around the PDCA cycle, which is

featured on page 8 of the Draft International Standard, published in

May 2014. Additionally the new version is more explicit about the

meaning of the process approach.

Is Plan-Do-Check-Act (PDCA) still a part of the ISO 9001 structure in the new version?

www.softexpert.com

One of the key purposes of a quality management system is to act

as a preventive tool. The concept of preventive action is expressed

through a risk-based approach to formulating quality management

system requirements. Although risks and opportunities have to be

determined and addressed, there is no requirement for formal risk

management or a documented risk management process. The

implication is the entire management system, properly

implemented, should function as a preventive tool.

Can you summarize the new approach to Preventative Action in ISO 9001:2015 DIS?

www.softexpert.com

Although very valuable tools, FMEA’s and Control Plans are not

required by ISO 9001:2015. The organizations could apply these tools

as their approach to meet the requirements. Properly developed

Control Plans would satisfy many of the requirements for section 8.

FMEA’s are a useful tool to identify areas of risk required in section 6.

However, the organizations will need to broaden the approach to

cover all aspects of the business, not just the manufacturing

processes.

Are FMEA's and Control Plans required by ISO 9001: 2015?

www.softexpert.com

“Procedures”, “Records”, and “Documents” have all beeneliminated in favor of “Documented Information”. Thestandard is trying to be more inclusive in acceptingalternative approaches to these areas.

All references to “Product” will now read “Products andServices”. This has long been the case already, as clause3 of ISO 9001:2008 stated “Wherever the term “Product”appears it can also mean Service.”.

“Management Responsibility” has become “Leadership”.Pushes further the concept that Management must leadby example and involvement, rather than simply directingthat activities are performed.

“Continual Improvement” has evolved into a largersection called “Improvement”. Promotes the concept thatContinual Improvement is not the only aspect ofimprovement strived for in a quality system(improvement can also be characterized bybreakthroughs, reactive changes, and reorganizations.)

“Suppliers” are now referred to as “External Providers”.This is intended to better accommodate serviceorganizations.

Key changes in terminology

www.softexpert.com

Technology considerations: The QMS provides a centralized, common, and collaborativeenvironment to maintain all policies and procedures. This is where flexibility becomes animportant component:

• Flexibility to adapt to the various processes, and match the outlined commitments toquality and to customers

• Builds in the functionality that will support business needs and the needs/requirements ofthe standard

Clause 4 - “Context of the Organization”: a process-based quality management system

Where technology fits

www.softexpert.com

Technology considerations: The solution should give the entire company visibility into andcontrol over the quality effort by ensuring that all data related to processes and proceduresis kept in a centralized location accessible by all necessary parties:

• A centralized system, one holistic place for quality policy that provides transparency ofinformation

• Document and communicate the policy—control and disseminate information in aconsistent manner

Clause 5 - “Building Leadership”: no longer a single management representative

www.softexpert.com

Technology considerations: Having a way to not only define the measurement of risks, butalso to align them with the quality objective and then assess them from an operationalperspective, is critical. This is done through a risk matrix, which enables to calculate risk byquantifying hazards by plotting them on a graph. The resulting calculation of severity andfrequency becomes the risk factor:

• Risk matrixes, built into the operational processes, not only calculate risk but enableimmediate remediation of high-risk events.

• A solution should have the ability to set up a risk assessment calculation, benchmarkedagainst the requirements/objectives, and provide a way to take action on high-risk events.

Clause 6 - “Planning”: the risk management

www.softexpert.com

Technology considerations: A technology solution will build in functionality around theprocess of review and approval, integrated with training, change and revision controlprocesses, and periodic reviews. Collaboration on documentation improvement is key tothis element:

• An integrated document control and training system.

• The process includes the training of people and communication, by which new informationis disseminated and consumed. Being able to automate much of this is key, especiallywhen the target is to create a more seamless, collaborative, and companywide perspectiveon quality.

Clause 7 - “Supporting your QMS”: the people and the infrastructure to support the quality initiatives

www.softexpert.com

Technology considerations: The processes are the biggest component, and creating adesign plan, a supplier evaluation, or establishing nonconforming material criteria, it’simportant to ensure that information is transferred from one process to the next:

• A technology solution that will take design information, such as a bill of materials, andcommunicate to production and suppliers, and include potential nonconforming criteriato be assessed, rests in the ability of the system to provide traceability, visibility, andcontrol.

Clause 8 - “Operational Processes”: the framework for how you design, source, produce, and monitor your operations

www.softexpert.com

Technology considerations: A solution that can collect customer data via feedback suchas complaints and adverse events, and allows to take action on that data, is vitallyimportant to understanding if the quality commitment to customers is reached. Having acentralized and aggregated way to organize the feedback data is essential, and anautomated QMS will provide:

• Auditing solutions: a solution that not only manages and standardizes the auditingprocess, but also the scheduling process.

• Measuring effectiveness with collaborative reporting: a solution that provides data fromdesign, production, documentation, training, feedback, audits, and beyond

Clause 9 - “Evaluation”: the importance of feedback and regular assessment

www.softexpert.com

Technology considerations: Being able to record information in a single location is critical.If the organization is going to issue a corrective action, it should be traceable back to thenonconformance. Linking a nonconformity to a corrective and preventive action, and beingable to create a seamless closed loop on the process, will ensure that data is not lost orentered incorrectly.

• Lastly, the organization want to build reporting and data collection to look forimprovement areas. Having a robust reporting system on the entire QMS is criticallyimportant to make informed decisions.

Clause 10 - “Improvement”: Fostering overall improvements

www.softexpert.com

SoftExpert is a market leader in software andservices for enterprise-wide business processimprovement and compliance management,providing the most comprehensive applicationsuite to empower organizations to increasebusiness performance at all levels and tomaximize industry-mandated compliance andcorporate governance programs.

Founded in 1995 and currently with more than2,000 customers and 300,000 users worldwide,SoftExpert solutions are used by leadingcorporations in all kinds of industries, includingmanufacturing, automotive, life sciences, foodand beverage, mining and metals, oil and gas,high-tech and IT, energy and utilities, governmentand public sector, financial services,transportation and logistics, healthcare, and manyothers.

SoftExpert, along with its extensive network ofinternational partners, provides hosting,implementation, post-sales support andvalidation services for all solutions to ensure thatcustomers get the maximum value from theirinvestments.

About SoftExpertSoftExpert Excellence Suite

SoftExpert Excellence Suite is the most comprehensive framework of independent yetunited solutions to achieve business performance excellence, streamline corporategovernance, risk and compliance programs, and ensure continuous business processimprovement.

Companies may not need all applications at once, or may want to deploy one applicationmodule at a time, growing gradually as the need arises. Whatever the strategy chosen,only a fully shared environment allows its applications to fit together like puzzle piecesand work seamlessly.

Take your business to the next level

www.softexpert.com | sales@softexpert.com

Disclaimer: The content of this publication may not, in whole or in part, be copied or reproduced without prior authorization from SoftExpert Software. This publication is provided by SoftExpert and/or its network of affiliates strictly for informational purposes, without any guaranteeof any kind. The only guarantees related to SoftExpert products and services are those contained within a contract. Some product functionalities and characteristics presented herein may be optional or may depend on the makeup of the offer(s) acquired. The content of this materialis subject to change without prior notice.