ISO 9001:2015: Avoiding Nonconformities During the Transition

A summary of key changes and challenges

Wed, 08/05/2015 - 12:29

Story update 8/6/2015: Paragraph 14 of this article stated "many organizations are ill-equipped to develop an effective risk management assessment process," implying, to some, that a risk management system is required, which as stated in paragraph 8 of this article, it is not (nor was that the author's intent). Paragraph 14 has been updated to avoid confusion. --Editor

The anticipated release later this year of the revised version of ISO 9001:2015—“Quality management systems—Requirements,” has many organizations asking what the revision will mean for them. Specifically, what are the key changes required for existing ISO 9001-compliant quality management systems (QMS) to achieve compliance with the revised standard? Also, what areas are likely to present the greatest challenges for avoiding nonconformities during the certification audit?

ADVERTISEMENT

In this article, we’ll attempt to answer these and other questions to help you transition to ISO 9001:2015 smoothly and successfully.

 …

Want to continue?
Log in or create a FREE account.
By logging in you agree to receive communication from Quality Digest. Privacy Policy.

Comments

Submitted by ChrisParis on Tue, 08/04/2015 - 18:31

The author gets it wrong again, saying:

The revised standard requires organizations to adopt a risk-based approach to quality but provides few details on how to achieve this. Again, many organizations are ill-equipped to develop an effective risk management assessment process that will fulfill the requirements of the standard.

If the standard "provides few details" on how to achieve risk-based approach, then how did TUV come up with the idea that "risk management assessment practices will fulfill requirements of the standard"? 

What requirements? The first part of the paragraph was right ... there aren't any. The second part was the typical CB auditor "I dreamt it so it must be true" approach to auditing.  And of course, given the headline, the CB auditor uses the threat of "nonconformity" if you disagree with his fantasy, and instead rely on what is actually printed in the standard.

What is printed there? The standard is very clear that NO formal "risk management" is required by 9001:2015:

Although 6.1 specifies that the organization shall plan actions to  address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards.

So TUV clients should have this paragraph ready for when their auditors show up, demanding a "risk management assessment process."

I agree with Chris, and have other views on the TUV 'advice' drawing from IAF. IAF, is not the ISO entity or what ISO FDIS 9001:2015 says around  TUV's "Update existing QMS documentation demonstrate compliance with the requirements of the revised standard and to help reduce the risk of nonconformities".

ISO FDIS 9001:2015 requires orgaizations to plan their transition to the requirements by the 'process-approach' (Originally raised in ISO 9000.1:1994) which means for those supplier org's that have so documented their QMS, EMS and other ISO standards by the clauses, you have three years to 'transition' to meet this specific requirement.

This is contrary to what TUV and IAF would be in my opinion, advising. To extract this specific requirement ". “It is not the intent of ISO FDIS 9001:2015 to imply the need for:

• Uniformity in the structure of different quality management systems; • Alignment of documentation to the clause structure provided by Annex SL; • The use of the specific terminology within the organization”

So for many companies, they cannot adopt the PDCA or 'Please Don't Change Anything' strategy in their current QMS claused-based design but need to adopt Dr Deming's changed method from PDCA to PDSA as the Ford Motor Coy requested the Good Doctor ('Quality or Else', Dobyns and Crawford-Mason,1990) - perhaps PDSA could be in this Context, 'Please Deliver Standardized Activities' across your processes with procedures and activities for them and not as is common, for ISO 9001 Clauses. 

Bob Newhart TV show skit comes to mind as the Therapist where he said to his to his anxious client  'I have two words for you, do you have a pen' (She gets her pen and notepad) Bob then says 'STOP IT'. Likewise for Clause-based ISO management systems and some Certification/Registration Bodies morphing into Consulting and Advisory function, STOP It now. Conduct 'CPR' on your QMS clause framework (the APQC - PCF is a reasonable start), to use CPR the analogy, to resucitate their QMS to the revised   ISO FDIS 9001:2015 "Context-Process-Risk'.

If ever the 'B Process R' approach was aptly named and useful in ISO QMS, EMS and other ISO Standard based design, it is now. The standardization with Annex SL/High Level Structures helps understand their commonalities of 'clauses' and requirements (PAS 99 went some way) but it does not mean the Documentation should be as simply updating the 2008 to the 2015 clauses.

Submitted by somashekar on Wed, 08/05/2015 - 23:02

Its good to have webinar and CB's pitching in to help in the gap analysis. But making this new standard look like a mountain and adding own words to risk is not called for.

This standard is sure a tough call to the auditors. The CB must take it upon them to train and upgrade their auditors to the new standard requirements, and not make such rules based on which the standard is preached and then auditors go on that trail.

Who ever is making it look larger that what it is are taking the gullible on the ride ~~~~~

Submitted by txdoctor on Fri, 08/07/2015 - 09:08

Your article states, " The revised standard adopts a stakeholder approach to quality management, and focuses on what it calls “stakeholder relationship management” (SRM).".  Really?  Where are the words "stakeholder" and "SRM"?  If there is a newer, revised version from the FDIS ISO-9001:2015 (E) that includes "Stakeholder Relationship Management", when was it issued?  A text search of the document returns no occurrences of "stakeholder", "stakeholder relastionship management", or "SRM".  Let's not imply terminology and methods that are not actually inlcuded.  I get the concept of "SRM", but that is your interpretation of the requirement for, "The organization shall monitor and review information about these interested parties and their relevant requirements", and other related text. 

I think he's knitting together the concept of "interested parties" with the management principle of "relationship management." That's presumably defined in greater detail in ISO 9000 (not 9001).

That's fine, but all this knitting under the banner of "nonconformities" if you don't agree is particularly problematic. 

Add new comment