Ravi Kumar
These bullet points list the most significant changes:
Adopts a common high-level structure and terminology being introduced across all management system standards.
Since the original ISO 9001 quality management standard was released back in 1987, there has been a plethora of management system standards that address topics from the environment to business continuity. With the increasing trend towards integrated management systems that address multiple standards, it makes a lot of sense for them to adopt a common structure (in terms of major clause numbering and titles), and terminology. Examples of the high-level clause numbering and titles are:
- Scope
- Normative references
- Terms and definitions
- Context of the organisation
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
While this change would not have much effect on an organisation seeking single certification, it would have some benefit for an organisation seeking several, and a standardised approach would presumably also be welcomed by consultants and auditors.
This is a long-overdue recognition that most organisations with an ISO 9001-based QMS no longer simply make widgets, but provide some form of service. It should lead to improvements in awareness of relevance and general understanding.
Introduces new clauses relating to understanding the context of the organisation.
These requirements put focus on the organisation’s reason for being, consideration of just who are ‘interested parties’ (which seems to now be the preferred term to stakeholders), and what are their needs and expectations.
Makes more explicit requirements for the process approach to quality management.
Although the process approach has been part of ISO 9001 since the 2000 version, requirements have not previously been so clearly spelt out. The new standard clearly specifies what is expected in the process approach e.g. identifying required processes, their sequence, the inputs required to them, the outputs expected from them, how they are controlled, the resources needed for them, responsibilities for them, and so on.
#1. No Specific Preventive Action Clause: The Preventive action clause has always been widely misunderstood. Of course, one of the fundamental problems has been that a large part of any quality management system is aimed at preventing things from going wrong, and could therefore come within the scope of a Preventive action procedure. There has also been widespread confusion over the meaning of corrective and preventive, and the two are often lumped together. The welcome removal of this clause is directly related to the next item.
#2. Consideration of Risk: The 2008 version of the standard did not explicitly mention risk, although its Preventive action clause could be addressed by assessing risk and taking appropriate action to eliminate or minimise it (otherwise known as risk management). The 2015 version is a bit more forthcoming on the topic. There is a requirement to ‘determine external and internal issues that may affect the ability to achieve intended outcomes’.
#3. Documented Information: The terms ‘document’, ‘documentation’ and ‘record’ are replaced throughout by the term ‘Documented information’. While the full implications of this change in terminology are worked through, one thing is very clear: For the first time in ISO 9001, there are no requirements for a ‘Quality Manual’ or ‘Documented procedures’. There are plenty of requirements to ‘maintain documented information’ as evidence. These are what are currently known as records. Why use two long words in place of one short one?
#4. Control of External Provision of Goods And Services: The new draft standard lists this as a significant change from the previous version, although at first glance it may appear not to be so. The 2008 standard has its purchasing clause which covers the purchasing process, purchasing information, and verification of purchased product.
One interesting difference is the new reference to external provision including ‘an arrangement with an associate company’. That may be quite significant for organisations that are part of a larger group and rely to some degree on head office or another site for certain functions. Although the draft standard specifically mentions ‘associate company’, the same principle should presumably be applied to organisations in the public and NGO sectors, and we may well see the term modified to ‘associate organisation’ in later drafts and the final release of the standard.
#5. Care of Property Belonging To Others: The clause in the 2008 standard referring to customer property is expanded to include property belonging to external providers. This seems very sensible. As property can include intellectual property and data, this requirement may lead to more widespread information security measures being implemented to protect external providers’ IP and ensure confidentiality.
At this stage, that is our perception of the most significant changes, along with our initial thoughts on them. There are, of course, many other changes of varying degrees of significance, and others may well have a different view on them.
