Scope of the changes involved in ISO 9001:2015
ISO 9001:2015 was released for use in September this year and has been written around a standard format that makes it easier to integrate with other standards such as ISO 14001 for environmental management. The revised ISO 9001:2015 places a greater emphasis on the organisation using its QMS to help manage business risk. It does this by expecting the organisation to assess its position within the business and social landscape, which the standard calls “context”. The new standard also expects the organisation to assess the needs of, and its response to, relevant persons and organisations that are affected by its activities, which the standard calls “interested parties”. The scope of the QMS, the quality policy and quality objectives need to be aligned with the organisation’s response to context and interested parties.
Construction Certification, and our parent company The HSQE Department, have always designed management systems that take stake-holders into account and that address business risk, so the changes for our existing customers will be relatively minor. The only documents that ISO 9001:2015 makes compulsory are Scope, Quality Policy & Quality Objectives but, as we find that customers prefer to work with more than this, we have no plans to change our approach radically.
Clauses of ISO 9001:2015 to focus on
4.1 “Understanding the organization & its context”
This clause can be addressed by carrying out & maintaining a strategic review of the business. Suitable tools for this are the SWOT (strengths, weaknesses, opportunities & threats) analysis &/or PESTEL (political, economic, societal, technological, environmental & legal) analysis.
4.2 “Understanding the needs & expectations of interested parties”
Interested parties can be taken to include any individual, group or organisation that is affected by an organisation’s activities, such as suppliers, customers, neighbours, the public and regulators. This clause can also be addressed through the SWOT &/or PESTEL analysis, provided that third party risks and needs are taken into account.
4.3 “Determining the scope of the quality management system”
This is a mandatory written document. The paragraph on scope in current QMS Manuals doesn’t satisfy this clause entirely and will need to be reviewed. However, this shouldn’t be done until the evaluation of context and interested parties has been carried out.
4.4 “Quality management system & its processes” (1)
This clause of ISO 9001:2015 implies the need to formally map the main processes of the business. A suitable tool or this would the S.I.P.O.C diagram (suppliers, inputs, processes, outputs & customers) and the QMS Manual would benefit from a flow diagram that maps the company’s activities in more detail.
5.2.1 “Establishing the quality policy”
This is a mandatory written document. As for 4.3. it would be advisable to make a commitment to meeting relevant environmental and safety legislation, because this is part of managing business risk.
5.2.2 “Communicating the quality policy”
There is a greater emphasis on the workforce understanding the policy statement, but a tool-box talk would be a good way to communicate the policy and record that this has been done.
6.1 “Actions to address risks and opportunities”
The SWOT/PESTEL analysis identifies the risks and opportunities. Action plans need to be proportionate to the risks and opportunities and one way of demonstrating that proportionality has been taken into account would be to quantify them using FMEA (failure mode effects analysis) or a process similar to assessment of environmental aspects and H&S risk.
6.2 “Quality objectives and planning to achieve them”
This is a mandatory written document. Objectives will need to be reviewed to ensure that they are aligned with policy. There is a greater emphasis on objectives following the S.M.A.R.T model (specific, measureable, achievable, relevant & time-defined”, so now must define a target date to completion.
7.1.6 “Organisational knowledge”
This is an important development of the QMS, which implies that information sources will need to be managed more formally than some companies do at the moment. For example, engineering companies that work with a range of electrical and mechanical standards, to satisfy CE marking requirements, would benefit from a formal register and review for updates. There is likely also to be a need for succession planning or information sharing where important information is held by a single person or small group of people.
Can be covered by tool-box talks or similar briefing methods.
8.1 “Operational planning & control” clause (e)
This clause requires documented evidence that work has been completed as planned, but could be handled in a number of ways, for example hand-over certificates, end of project reviews, closure meetings and site audit reports.
8.3 “Design & development of products & services”
The new standard does not permit “exclusions”, but companies can justify why a particular clause isn’t applicable. Design & development is now a mandatory section and the organisation will need to show how it fits into the wider design & development process. This doesn’t have to be documented.
8.4 “Control of externally provided processes, products & services”
Clause 8.4.3.e requires that the means of control and monitoring by the company, of its providers, is communicated to them.
8.6 “Release of products & services”
The standard now requires documented evidence that a product or service has been checked against the agreed requirements and that it has been approved for hand-over.
8.7 “Control of non-conforming outputs” clause (2)
This clause requires documented evidence of non-conformances identified before hand-over, actions taken, any concessions and the person deciding on the actions.
9.3 “Management Review”
c.2 Progress towards achieving quality objectives will need to be documented in more detail
c.3 & c.5 Analysis of site visit reports will need to be discussed
e The SWOT/PESTEL analysis will need to be added to the agenda and reviewed