KEEPCALM AND PREPARE FOR ISO 9001:2015 Eight experts outline key changes and how to handle them not every change can be fully detailed in this article. It should provide noncontroversial. have toiled to achieve the highest caliber revision. what they mean. with multiple languages and cultures. improved tools for quality management. Risk-based thinking. Certainly. what you must do to meet the new requirements and the resources available to you during the transition process. for example.ISO 9001:2015 REVISIONS OF ISO management systems are often accompanied by a bit of anxiety. which arguably may be the most impactful change in ISO 9001:2015. You can imagine how challenging it is to achieve a consensus among hundreds of individuals in dozens of countries. September 2015 • QP 19 . In a perfect world. Most organizations are on pins and needles: What are the key changes we must be aware of? When and how should we introduce the required changes? What resources will we need? The international technical advisory groups (TAG) to ISO Technical Committee 176. Although our world is not yet perfect. Information presented here was based on the draft international standard (DIS) and final draft international standard (FDIS) versions of ISO 9001:2015. is engrained in several aspects of the standard. The following pages are meant to calm your anxieties by helping you to understand five of the key changes in ISO 9001:2015. internationally accepted standard such as ISO 9001 should be easier to read. a revision for an established. and you’ll find most of the changes relate to one another. the group responsible for writing ISO 9001. —Allen Gluck Editor’s note: This following article was written by several standards experts before the release of the final version of ISO 9000:2015. learn and implement. More than 1 million organizations have been certified to ISO 9001:2008. and they now must embark on implementing a revised version to be published later this month. ISO 9001:2015’s new features do provide promise for improved quality. This is why a better—although not perfect—ISO 9001:2015 is on track for finalization. the international quality management system (QMS) standard. including ISO 9001:2008 for Small and Medium-Sized Businesses (ASQ Quality Press. TX. An ASQ fellow. A senior member of ASQ. She is an active member of TAG 176. He is an ASQ fellow and has co-authored several ASQ Quality Press books. She is the chair of TAG 207 on environmental management and the convener of the international working group revising ISO 14001:2015. and worked 40 years in the oil. An ASQ member. and Prescott. CIANFRANI is a principal consultant for Green Lane Quality Management Services in Green Lane. an Exemplar Global-certified quality management system (QMS) auditor and a Professional Evaluation and Certification Board-certified trainer and lead auditor. auditor and engineer. 20 QP • www.S. including TAG 176 and the task force in the Joint Technical Coordination Group that wrote Annex SL and the associated guidance. NY. Aston is an ASQ-certified quality auditor. He is also a voting member of the U. MA. Briggs is an ASQ-certified quality/organizational excellence manager. ND. Technical Advisory Group to ISO Technical Committee 176 (TAG 176) and the American Petroleum Institute Quality subcommittee 18.THE PANEL OF EXPERTS BILL ASTON is managing director of Aston Technical Consulting Services LLC in Kingwood. He is a member of TAG 176 and chair of international ISO/TC 176. DEANN DESAI is a project manager for Georgia Tech’s Enterprise Innovation Institute in Atlanta. subcommittee 1.S. Palmes is an ASQ-certified quality manager. SUSAN L. and member of the Auditing Practices Group and the Accreditation Council of the ANSI/ASQ National Accreditation Board. He has an MBA from Drexel University in Philadelphia and a master’s degree in applied statistics from Villanova University in Pennsylvania. Desai is an Exemplar Global-certified QMS lead auditor. PA. He is past chair of TAG 176 and lead delegate of the committee responsible for the ISO 9000 family of quality management system standards. She has a bachelor’s degree in natural science from Harvard University in Cambridge. and an internationally recognized speaker and trainer. an Exemplar Global-certified lead assessor and an ASQ-certified quality auditor. Cianfrani is a U.qualityprogress. WI. and TAG 262. co-chair of the IAF’s ISO 9000 advisory group. “JACK” WEST is a member of Silver Fox Advisors in Houston. WA. PAUL PALMES is president and principal consultant with Business Systems Architects Inc. which develops ISO 31000. responsible for the revision of ISO 9000. ALLEN GLUCK is president of ERM31000 Training and Consulting in Spring Valley. energy management lead auditor and environmental management systems lead auditor.K. CHARLES A. He has a master’s degree in leadership from Bellevue University in Nebraska. Gluck is an ASQ member and a member of TAG 176. DENISE ROBITAILLE is the author of 12 books. Desai is a member of multiple ISO standards committees.com . NY. She has a master’s degree in statistics and polymers from the Georgia Institute of Technology in Atlanta. in Fargo. British Standards Institution-certified ISO 9001 auditor and has a master’s degree in administration from Gonzaga University in Spokane. gas and chemical industries. He has been international ISO/TC 176 liaison to the International Accreditation Forum (IAF). Cianfrani has implemented ISO 9001-compliant processes on six continents. and an adjunct professor at Manhattanville School of Business in Purchase. BRIGGS is a member of the task force in the Joint Technical Coordination Group that wrote Annex SL and the associated guidance. where she has participated in the revision of multiple standards. which develops ISO 9001. 2010). Robitaille is an ASQ fellow. expert representative to ISO Technical Committee 176 (ISO/TC 176). JOHN E. To fully understand this change. 1. Normative references. What do I need to do? In 2005. Building on this. • Clause titles. From the 3. ment (ISO/TC 176) and its technical committee for en- 6. Improvement. 2 in 2011.ISO 9001:2015 Prepare for a New Structure by Deann Desai and Susan L. and ISO will seek to enhance the compatibility of ing introduction of context of the organization and risk. and a organizations renumber their documents and other rel- joint vision and high-level structure for all MSSs was de- evant items based on the new structure of the standard?” veloped. Part of an organization’s context also includes alignment of existing and future ISO MSSs by providing relevant needs and expectations of interested parties that September 2015 • QP 21 . the internation- 9. these standards through the promotion of identical: came from the use of the high-level structure.K. the International Organization for Standard- 4. to enhance compatibility and avoid conflicting require- 8. 10. mechanism—a way to keep things straight and ensure Annex SL defines the high-level structure including they are able to do a full review and cover the require- common text. Clauses and core text. terms and definitions along with guidance on ments. The impact of Annex SL is that bering will remain the same in future revisions. including the restructuring of the the structure—including clause sequence and require- standard from eight clauses in the 2008 version to 10 ments in the standards—was desirable and achievable. Operation. Context of the organization. Performance evaluation. al environmental MSS. Planning. subclauses are retitled and reordered according to a There are 10 elements in the Annex SL high-level high-level structure that allows for all management sys- structure: tem standards (MSS) to be aligned. ization (ISO) technical committee for quality manage- 5. the ISO Technical Management Board estab- A frequently asked question about this change is: “Must lished a technical advisory group to fulfill this task. the ISO General Assembly received advice These elements have driven the changes that users from advisory and user groups that greater alignment of will find in ISO 9001. vironmental management (ISO/TC 207) worked together 7. ed prior to writing the revision was that the connection • Text.3 and that this would benefit organizations implementing more than one MSS. which were published as Annex SL in the but many organizations will choose to do so as a tracking ISO/IEC Directives1. identical The structure of ISO 9001 has been revised. ments between ISO 9001 and ISO 14001. The intent of this clause is for organizations to have a high-level (strategic) understanding of the important is- What does it mean? sues that can affect a management system—positively or The aim of Annex SL is to enhance the consistency and negatively. clauses in the 2015 version. you do not need to renumber. requirements. explaining why it was done should be helpful. and common terms and core definitions. early 1990s. the group developed the MSS The short answer is: No. Support. all ISO management system requirements standards will be Some of the main changes in ISO 9001:2015. includ- aligned. with the larger. The introduction of a clause related to a con- These items are permitted to diverge among standards only where necessitated by specific differences in managing the individual fields of application. Scope. Keep in mind that there is no guarantee the num- how they should be applied. some background 2. cept called the “context of the organization” addressed this concern. Briggs What is the change? a unifying and agreed-on high-level structure. In 2003. strategic view of the organization was • Terms and definitions. Leadership. missing. Terms and definitions. One of the key responses in the user survey conduct- • Sequence of clause titles. see reference 1.1. ISO/IEC Directives. REFERENCES AND NOTE 1.com . Part 1. Procedures specific to ISO. Sandford Liebesman. also say the organization shall monitor and review the • External and internal issues. November 2013. 52-53. 4. see reference 1. What does it mean? Subclause 4.apply to its QMS. and include planning for those worthy of pursuit. For additional guidance on the intent of Annex SL. International Organization for Standardization and International Electrotechnical Commission. with the overall anticipate potential scenarios and consequences.14 but The issues identified by an organization and the relevant requirements of interested parties are linked to does not require risk management. Understand Your Context by John E. “Jack” West and Charles A. At a minimum. Knowledge of the issues and inter- prevents or reduces undesired effects. appear new to some users. 2015. fashion in its QMS. A few and external issues that affect the ability of the organi- of the more notable changes include: zation to achieve its intended results. as such. Annex SL calls for actions to plan. Similarly.”2 an organization to deployment of processes that address the explicit must know its strategic direction. An organization has the authority and autonomy to decide which risks and opportunities it must address to ensure its QMS achieves its intended outcome. Appendixes 2 and 3. The organization plans how The addition of these two strategic business pro- it will address any negative or positive consequence cesses were included to encourage an organization’s posed by these issues and requirements in a prioritized top management to become more actively engaged. the section on planning. organizations should look for favorable conditions or circumstances that can offer a potential advantage or beneficial outcome. Cianfrani What is the change? direction. 1 Clause 4 introduces some new language and ex- The standard mandates consideration of internal pands concepts related to defining requirements. therefore may require a widely different when it develops and deploys its QMS. to “de- their existing QMSs. subclause 6.1 contains requirements for an organi- The requirements for understanding an organization zation to determine external and internal issues that and its context mean an organization must know itself can affect and are relevant to its purpose and strategic and the external organizations and factors that do or 22 QP • www. dealing with context of the organization to think at strategic and tactical levels organization. and achieves ested party requirements is used to guide the efforts to continual improvement. Consolidated ISO Supplement. • Understanding the needs and expectations of relevant interested parties. This clause introduces the concept of requiring an ISO 9001:2015’s clause 4.” Quality Progress. The requirements • Understanding the organization and its context. requirements and the intent of the latest requirements. cal thinking is sufficient by itself. review Appendix 3 of Annex SL in the ISO/IEC Directives. ISO/IEC Directives. is preventive in addressing undesired effects before they occur. implement and operate a QMS. sixth edition. 2. International Organization for Standardization and International Electrotechnical Commission.qualityprogress. address risks and opportunities in subclause 6. and to monitor and review information re- The latest edition of ISO 9001 contains content that will lated to these external and internal issues. 3. Annex SL. An organization’s prior compli- termine external and internal issues that are relevant to ance could have ranged from the absolute minimum its purpose and its strategic direction. ensuring the QMS takes a more strategic view and is The purpose of planning is for an organization to integrated into its business processes. The newness of the content These requirements inject a QMS into an organiza- will vary widely among organizations depending on tion’s strategic planning process. “Work in Progress. issues it considers to be relevant to its purpose. risk assessment or risk treatment. and intent to promote improved performance of the QMS. pp. Neither big-pic- range of attention by organizations transitioning to the ture strategic thinking nor detailed analysis and tacti- new version. Achieving such an understanding can result considered for serious attention.1 provide guid- and its context should provide the organization an op- ance. complaints and feedback. It formalizes the process to ensure it is invoked. One suggested approach is to have a formal process for deciding what to consider and why. tion for Quality Management or the ASQ guidelines for Such activities and assessments are elements of over- performing a QMS self-assessment. This approach makes sense for several reasons: • Benchmarking best-in-class performers in and outside the current marketplace. each organization to determine how detailed the analy- This subject is a normal topic for top managers and is interrelated with subclause 5. • Actual versus intended internal values and culture. might affect meeting requirements. For example. audits. 2. Examples of internal issues that could be considered include: • Internal audit results and self-assessment results. It should be REFERENCES 1. subclause 4. portunity to expand the breadth and depth of its QMS. ISO/FDIS 9000:2015—Quality management. It precludes going overboard on determining pertinent have direct or indirect interactions with your processes external and internal issues. • Competitive products and services. 3. for example. SMALL BUSINESS CHALLENGE Are you a small business trying to navigate the transition to ISO 9001:2015? Read about the unique obstacles small business face in implementing ISO 9001 and the resources available to help in Denise Robitaille’s online sidebar “Resources: The Small Business Challenge. subclause 5.4 It is up to ing.ISO 9001:2015 can affect it.com.1 on leadership and commitment. Baldrige National Quality Award. it pre- dealing with interested parties. It also forms a context for develop- quality management principles as a guide. ISO/FDIS 9001:2015—Quality management systems—Requirements. subclause 4. This is • Economic environment and trends. all strategic and tactical planning for an organization and Assessment also can be simplified by using the seven its associated QMS. 4. • Analysis of quality cost data. The notes to subclause 4. External issues can be found through several tech- quality policy and quality objectives are compatible with niques such as analysis of: an organization’s strategic direction and context. clause 4. or with clauses 8. ISO/FDIS 9001:2015—Quality management systems—Requirements. risks and opportunities. go? • Potential changes in statutes and regulations. September 2015 • QP 23 . Self-assessments can from activities such as performance of competitive anal- be complex. the European Founda- and evaluation of its impact on the environment. empts disputes with external auditors regarding These new requirements related to the organization compliance. using criteria such as those of the Malcolm ysis. What is meant by “determine external and internal is- • Technology trends.1. assessment of existing and emerging technology. ISO/FDIS 9001:2015—Quality management systems—Requirements. Also consider the potential interactions with other 1. • Employee satisfaction data analysis. could develop a list of integrate the QMS with the strategic and tactical manage- areas in which issues could exist and perform periodic ment of the organization. • Competitive analysis. If certification is an organizational objective. 3.3 which requires top management to ensure a sis should be and what follow-up action. monitoring and review is needed.1 may 2. 9 and 10. processes of your QMS. a key top management role in the development of a QMS.1. • Results of customer reviews.” on this article’s webpage at www. An organization.qualityprogress. International Organization for Standardization. sues”? What should be considered? How far should you • Raw material availability and prices. International Organization for Standardization. • International trade conditions. One process that is underused but powerful in identifying internal issues is a self-assessment. • Organizational performance. • Analysis of technology trend information. International Organization for Standardization. implementing. • Best practices of the organization and comparisons with industry benchmarks. What do I need to do? • Opportunities and conditions related to outsourcing.1. International Organization for Standardization.1. and align objectives throughout evaluations of any existing or emerging problems that the organization. maintaining and improving a QMS. the existing risk management standard already has become 24 QP • www.1 the international risk management standard. . risk-based thinking implementation must be to satisfy the re- The writers of ISO 9001:2015 state that “risk-based thinking has always been implicit in ISO 9001”2 and chose not to require quirements of ISO 9001:2015. opportunities and risks. These sections explain the how and why of establishing the context. referring to that standard can help professional training. The requirement the term “risk-based thinking” to encompass the varying. While using ISO 31000 is not required in ISO 9001:2015. ISO 31000 is more clearly understood after 31000 uses different terms. 3. International Organization for Standardization. These concepts and their implementation are detailed in ISO 31000. You also incur ISO 31000 GUIDES RISK-BASED THINKING ISO 9001 includes two new and related requirements: under- popular internationally. and it will be helpful in implementing ISO standing the organization and its context. Explicit in the new standard. but more fully detailed in Fortunately.”3 In layman’s tions the flexibility to choose either a basic approach or a more terms. It is help- risk nomenclature. ficult. such as part of your quality system? The answer is stated in ISO 31000: ISO 31000. The management of uncertainty is some minimal risk management be integrated into an organiza- something you do each day in your personal and professional tion’s quality system.qualityprogress. however. which audit to this requirement? is sparsely defined in ISO 9001:2015. the need to engage in risk-based thinking is What does it mean? similarly expanded to encompass multiple functions The idea of risk-based thinking isn’t particularly dif- throughout the organization. 2. As a guidance document.com —Allen Gluck REFERENCES 1. The latter is a term that is nonexistent in current quality and various systems including the management of quality. risk. The risk-based thinking requirement allows organiza- “All organizations manage risk to some degree. you don’t have to reinvent the wheel. marketplace and beat the competition. help or hinder your organization’s objectives. there popular product? You improve your position in the are choices. implement and ful for understanding the organization and its context. ISO 31000:2009—Risk management— Principles and guidelines. The most prevalent throughout the standard. Why should your organization embrace risk management as a full. Ibid. and risk-based think- 9001:2015. formal and systemic risk management method. Indeed. Like ISO 9001. cause the QMS touches most processes and departments. consequences. Although ISO sections 4 and 5 of ISO 31000. the writers deliberately created lives to ensure you achieve your objectives. Employing the term “risk management” may have implied full adherence to the ISO 31000 standard is required. a suggestion defeated in early international revision negotiations. The logical segue is that be- of these relates to the concept of risk-based thinking. Quality professionals who master ISO organizations implement risk-based thinking in the context of 31000 will be able to identify how detailed an organization’s ISO 9001. it allows for tailoring to ing. International Organization for Standardization. is the requirement that This idea is not new. How should you understand. Whenever an organization decides to change What happens if you change the design of your most something or to respond to an impending change.Consider Risk by Denise Robitaille What is the change? Many of the changes in ISO 9001:2015 will involve a ISO 9001:2015 disperses language relating to risk paradigm shift across all functions. ac- that consideration of uncertainty be part of formal and auditable ceptable degrees in which organizations may choose to manage processes will serve to further quality and corporate objectives. ISO/FDIS 9001:2015—Quality management systems—Requirements. managing risk is simple: Make decisions while consider- extensive formal risk management process based on what is ing how the potential consequences of unknown factors can appropriate for an organization. According to subclause 5. One of the side benefits of the inclusion of risk- The transition process itself carries its own benefit based thinking in ISO 9001:2015 is that it eliminates the because implicit in the transition is the opportunity to ineffectual and cumbersome preventive action process objectively assess a system and sweep away what isn’t included in ISO 9001:2008. cally. Leaders. A small amount of effort along these lines ability to fulfill customer expectations. the in- must apply risk-based thinking in their internal envi- terested parties that can have an effect on it and its ronments. tant improvements regarding top management. printed on high-gloss paper. a change in cash flow. epoxy or as overwhelming as moving the business to a new facility. but especially small companies. What do I need to do? To understand your risks. There are other changes that must be understood and implemented. working. put on a second shift and maintain the produc- hurdle. Palmes What is the change? ed issues—with primary top management interaction The 2015 revision of ISO 9001 contains several impor- through management review. 3. pretty charts and graphs to continue to support older versions of the product.1.1.ISO 9001:2015 the need to carry inventory of replacement parts be- ses and implementing sophisticated risk management cause you’ve made a commitment to your customers programs—all slick with data. The change can be as small as substituting an events carry risks that must be managed properly. All of these change. 2. organization—its internal and external issues. understood and applied in an organization.1 on leadership and commitment top management is required to “demonstrate leadership for the QMS1 includes 11 requirements designed to en- and commitment” with respect to the QMS by: sure top management is involved and committed more 1. the loss of a things out into manageable chunks. As a result. All the changes carry some benefit. Taking accountability of the effectiveness of a QMS. hire 15 more To help an organization of any size get over this techs. The benefit is that supplier. you must understand your All organizations. a major road repair out- you’ll have fewer unpleasant surprises resulting from a side their entrance or change in the local schools’ cal- failure to adequately assess the risk associated with a endar affecting parents who need daycare.1 tion schedule to keep your other customers happy. This is hardly a capabil- How about signing a contract that will double your business? You’ll make a ton of money if you can: Get ity for a small delivery service organization or a fiveperson machine shop. clause 4. ISO/FDIS 9001:2015—Quality management systems—Requirements. can lead to big results. Ensuring the quality policy is communicated. For smaller organizations. issues can be When implementing risk-based thinking. risk is presumed to be within the purview of large companies with loads of quality technicians and MBAs performing failure mode and effects analy- REFERENCE 1. International Organization for Standardization. subclause 5. organizations are left to install “bolt-on” quality systems limited to production relat- an organization. parse as simple as the retirement of one person. suppliers to ship extra raw material. Ensuring the quality policy and quality objectives Observers of ISO 9001 throughout the years have are established for a QMS and that they are compat- consistently and correctly commented that QMS imple- ible with the strategic direction and the context of mentation results suffer without real top management support. ISO 9001:2015 allows organiza- These concepts also can be parsed into smaller tions the flexibility to apply as little effort as is needed. Often. Step Up by Paul C. All of the language about the context of the organization is directly relevant to the conversation about risk. Specifi- That’s about to change. components. look no further than clause 4 of ISO 9001:2015.1. September 2015 • QP 25 . than ever before to the QMS. present. top management also is tasked tion’s business processes” requires analysis and collab- in the new version of ISO 9001 with “engaging.”2 26 QP • www. effective implemen- able. The real work will be from having top management simply provide direction somewhere in between when it becomes obvious to and support to its becoming a key participant. The Seven Habits of Highly Effective People. and if you use PowerPoint to systems.1 are also fair while others face a major realignment of their existing game for such events. 1989. requiring quality objectives to support the achievement of the organization’s business goals. Communicating the importance of effective quality management and of conforming to QMS requirements. Free Press. and the same. subclause 5.1.” develops deeper purpose. Promoting continual improvement.” They are now one ment throughout the organization. Covey.4. strength and success. un- still acceptable to use terms to which you’ve become derstood and applied within the organization. As the two become one.1. Fundamentally. . What do I need to do? wish to achieve when you begin with the end in mind. “In- Who better to ensure business success than top tegration of the QMS requirements into the organiza- management? After all. International Organization for Standardization. Supporting other relevant management roles to Take your time. a new requirement to promote 8. This From the perspective of an organization that is already may be the perfect place to “communicate the impor- implementing ISO 9001 and looking to transition to the tance of effective quality management and of conform- new version of the standard. requiring prepared materials to explain this fundamental concept to top management during these meetings. management responsibility-related holdovers from Naturally. It may be constructive to use the second of Stephen R. you now have a record of compliance. clause 5. Covey’s seven habits by “beginning with the end in mind. 6. 3. some of the above requirements. see reference 1. directing and supporting persons to con- become a teachable moment for many organizations. There is. some will proudly affirm ing to QMS requirements.”3 the existing link between quality and business goals. Several additional requirements in and similarly no one expects top managers to move the 2015 revision. tribute to the effectiveness of a QMS. Engaging. awareness of the process approach. for many organizations. Promoting awareness of the process approach. 10.” are accustomed). Others requirements in subclause 5. such as “en- correct term is now “documented information. 7. the 2008 revision. however. ISO/FDIS 9001:2015—Quality management systems—Requirements. Ensuring the resources needed for a QMS are avail- After all. to just proclaim support is not enough. Be prepared and professional in demonstrate leadership as it applies to leaders’ re- your approach. 2.1 in ISO 9001:2015 is a call for top management involvement in the QMS. tation of subclause 5. No doubt. direct- oration on both sides.1. ISO/FDIS 9001:2015—Quality management systems—Requirements. Perhaps your organization routinely schedules an all-organization business What does it mean? status meeting conducted by top management.1. affirm a fundamental shift into the quality department.qualityprogress. Ensuring the integration of the QMS requirements into an organization’s business processes. explaining all these changes to top management will best be accomplished through several meetings. That’s the vision you must encourage—the goal you Given the importance of the material.” but it’s suring that the quality policy is communicated.com REFERENCES 1. this may 9. Ensuring a QMS achieves its intended results. Stephen R. venues for each requirement. If you can clearly imagine the best outcome of each meeting.1. you can work backward to imagine everything 5. you may need to achieve a successful set of results. everyone that top management actually is using the The QMS now must consider how to manage “ensur- quality system to guide and validate its decisions and ing the integration of the QMS requirements into the to encourage the discovery of new areas of improve- organization’s business processes. Develop appropriate action items and spective areas of responsibility. 11. the organization tiveness of the QMS. International Organization for Standardization. working ing and supporting persons to contribute to the effec- together to support common goals. (The Yes.1 will require a fundamental paradigm shift in which top management participates rather than observes. for example. checklists.4.ISO 9001:2015 Determine Your Documentation Needs by Bill Aston What is the change? lowing 18 records to be retained: One of the more notable changes in ISO 9001:2015 will 1. QMS.6). Documented information may include procedures. Review of requirements related to products and services (subclause 8. processes. products 2 How are an organization’s requirements for QMS documents determined? Every organization will be responsible for determining the level of documented and services (subclause 8. of its processes and to retain documented information 9. Property belonging to customers or external parties (subclause 8. ISO 9001:2015 will specifically require risk-based thinking to be a part of every organization’s process 18. a).5.1). • Scope of the QMS (subclause 4.6.2. the more control (procedures) re- processes (subclause 4. for a quality manual. 14. • Control of product and services (subclause 8. drawings.6). 15. Furthermore. product and services. ISO 9001:2015 will be established to address identified risks. Nonconformity and corrective action (subclause 10. measurement. provides guidance regarding the references made to requirements throughout the 11. cords to be maintained. necessary? No.1). Design and development change (subclause 8. subclause 4.5.3). which includes ensur- Concerning requirements for documented information ing controls.3. e). Traceability (subclause 8. This increased flexibility will sup- ISO/FDIS 9001:2015 requires the following docu- port requirements for documented information to be mented information to be maintained by every organi- scaled to be appropriate to the complexity and criti- zation: cality of the products produced or services provided.3). such as procedures.2).2. less prescriptive. The greater the risk or potential consequences of the • Information needed to support the operation of its nonconformance.5.2. documented procedures and re- 2. media or records as deemed appropriate for September 2015 • QP 27 . such as procedures or instructions.1.4. Design and development inputs (subclause 8. are to be maintained (procedures).3.2. Control of nonconforming process output. Design and development controls (subclause 8. approach to quality. Management review (subclause 9.3).2.1). data sheets. a). that is not the case.3. work instructions.2. analysis and evaluation (subclause 9.1.4.2. ISO/FDIS 9001:2015 identifies the fol- quired to address the probability of the risk and its potential impact.2.5. Design and development output (subclause 8.2.3.2. as procedures. section A. Annex A. a). Risk-based thinking is not a new activity—it’s a regular part of an organization’s QMS What does it mean? and product planning processes.1.1 This sub- 6.3. standard to “maintain” documented information (such 12.5. • Quality policy (subclause 5.2). Control of change (subclause 8. • Quality objectives (subclause 6. well as to “retain” documented information (records).2). 17. 10.3. ed information (procedures) to support the operation 8. d). needed to support its 16. clause requires an organization to maintain document- 7. records and other QMS documents are not 4.4.1.5). Release of product and services (subclause 8. Monitoring.1). Consider the requirements 5. of ISO/FDIS 9001:2015. Does this mean documented 3. Monitoring and measurement of resources (sub- be the nonexistance of any reference to requirements clauses 7. Internal audit (subclause 9. information. f). procedures. Personnel competency (subclause 7.1 and 7.6).3).7. formed as planned.2). Operational planning and control (subclause 8. Externally provided product and services (sub- (records) to have confidence that processes were per- clause 8.2).5. quality plans and a quality manual) as 13. consultants and other quality profession- What do I need to do? als must change to meet the new challenges of ISO Consider the following actions to prepare for transi- 9001:2015.4. International Accreditation Forum (IAF). ISO 31000:2009—Risk management—Principles and guidelines. Annex A. agement—Principles and guidelines to ensure familiarization with basic risk-management practices and terms.com/TCSC2. ISO 9001:2008 certifications will not mine whether a formal risk assessment is required and be valid after three years from the publication date of if so. 4. its needs. such as procedures. Subcommittee 2 (ISO TC/176/SC2) homepage. articles and more. 5. The organization will deter- and opportunities. Conduct a gap analysis of your existing QMS. 2. Download free copies of risk-based thinking documents and PowerPoint slides via the ISO website. The International Accreditation Forum Informa- Future QMS audits will require auditors. International Organization for Standardization. Jan. product and services design. Auditors must be bodies for preparing to transition from ISO 9001:2008 knowledgeable about the risks associated with the to ISO 9001:2015. subclause 4. IAF Informative Document 9: 2015 Transition Planning Guidance for ISO 9001:2015. 12.org/standards. Ask your registrar to provide a checklist suitable for this purpose.6.qualityprogress. Attend ISO 9001:2015 training via your registrar.2. Consider training on ISO 31000:2009—Risk man- REFERENCES 1. consul- tive Document 9: 2015 Transition Planning Guid- tants and other interested parties to use a different ap- ance for ISO 9001:20155 provides general guidance to proach to determining an organization’s conformance organizations. 6. • Subscribing to the Standards Connection enewsletter at asq.org/asq-standards-channel) to watch experts discuss changes and transition advice. ISO/FDIS 9001:2015—Quality management systems—Requirements. products. • Visiting Standards Central at asq. particular processes and product. asq. 2015. ISO/FDIS 9001:2015—Quality management systems—Requirements. such as personnel competencies. the Professional Evaluation and Certification Board. facilities. Techniques and skills for auditors. contact your registrar to determine their timing to begin issuing ISO 9001:2015 as opposed to ISO 9001:2008 certifications. ISO 9001:2015 will not require other QMS documents. International Organization for Standardization.com REVISION RESOURCES ISO 9001:2015 is scheduled to be released later this month and will be available for purchase at asq. 28 QP • www.3 4. process procedures and instructions required ed information. certification bodies and accreditation with ISO 9001:2015 requirements. QP tioning to ISO 9001:2015: 1. http://tinyurl. Technical Committee 176.org. Issue 1. select a risk assessment method that best suits ISO 9001:2015. 5. . ISO 9001:2015 requirements. International Organization for Standardization. ASQ or other accredited training providers. ma- will drive the organization’s need to ensure document- terials. Exemplar Global College. 3. are available to address risks formal risk assessments. instructions and to address those risks. where you can find updates.ISO 9001:2015 an organization’s operation.4 This information may be helpful for promoting and understanding risk-based thinking. Obtain a copy of ISO FDIS 9001:2015 and become familiar with its requirements. International Organization for Standardization. 3. Contact your registrar to determine its timeline and requirements to transition clients with existing QMS certifications from ISO 9001:2008 to ISO 9001:2015. If your organization is currently planning or in the process of obtaining an ISO 9001 certification. ISO 9001:2015 will provide an organization in- Risk-based thinking is essential for identifying risk creased flexibility to maintain a QMS specific to its and the resources. Find out more about the new standard by: • Tuning in to the ASQ Standards Channel (videos. 7. 2. section A.org/standardsconnection to have information delivered to your inbox every month. Risk-based thinking equipment. and be Future QMS auditing will need a different approach able to assess the effectiveness of the controls used to to determining an organization’s conformance with manage those risks. services and processes being audited.