As you have probably already heard, the transition to ISO 9001:2015 must be completed by September 2018.
Unfortunately, this doesn't mean that you have up until August 2018 to begin transitioning – the process can take some time, you might have some non-conformances to address or you could even fail outright, and it's unlikely that there will be enough auditors available in the last few months for everybody to do the transition.
We would like to share some important things to know about the changes to the Standard so that you can get a head start and avoid last-minute panic.
What are the main differences, and why are they important?
The main principles of the Standard have not changed substantially, and its intent has not changed, but it looks and reads differently from the 2008 version.
The 2015 version specifically spells out some elements that were only implicit in the previous version, and makes the requirements more specific.
The two biggest differences in terms of requirements are "Risk Management" and "Processes". There are also some changes to "Context", the role of leadership, terminology, and handling "exclusions" is now quite different.
Another big difference is the way that the Standard has been structured. The new Standard identifies three levels: Management/Leadership, Operations, and Support. These three clear levels are a very helpful way to conceptualise your business.
1. RISK MANAGEMENT
The 2008 Standard didn't explicitly mention 'Risk Management', although it was somewhat inherent and many people took it to be a good measure of what is significant in their business.
Risk management is important because it applies in every business - as we all know, there's no point dedicating disproportionate time, resources, and attention to activities which have very low risk.
'Risk' is now expressly mentioned in the new Standard, so this will require all businesses to identify their risks, and recognise where to focus controls and training.
While "Processes" was mentioned in the 2008 Standard, the requirements were not as specific, so many businesses got away with using the structure, the terminology, and even the clause numbering of the Standard without sufficiently describing the processes and activities specific to their own business.
The new Standard is very clear - you will not be considered to be compliant if you don't have your processes clarified in the right amount of detail. It will no longer be enough to take the 'clause-based approach', so it will be important to work through what all of your processes are, and then set them out in a way that makes sense to your business.
This may seem like a fairly big task. However, processes are fundamentally important for achieving quality – so for all the effort you put in, you will get that much benefit back (and more!).
The new Standard requires you to define and understand the context in which your business operates.
It is fundamentally important for every business to understand what they produce, what market they're selling it to, who might have an interest in that product, and what's important to all of those interested parties. So, most businesses will already have this information; it will just be a matter of aligning this with the quality system.
For anything in business, we know that unless top management is committed, it won't be implemented effectively.
The Standard has always required that top management takes responsibility for implementing Quality Systems.
The new Standard is much more specific about how responsibility should be taken by the leaders in the organisation, and what other responsibilities can be delegated down through the business. Top management now has ultimate responsibility for Quality to a larger extent than under the previous Standard.
5. CHANGE IN TERMINOLOGY
The new Standard specifies that the terminology used should be that used by the business itself. Most businesses I know don't use the term "product realisation", for example, when describing their operational processes. So don't use these terms in your documented processes - the processes that you develop are to be used by your business, so express them in a way your people will understand.
In other changes, "documented information" now refers to both documents and records; and reference to "suppliers" is now "externally provided processes, products and services".
Under the previous Standard, organisations could exclude themselves from adhering to certain components that they felt were not relevant to their business.
However, under the new Standard, there is no room for standard or default exclusions anymore. In order to exclude a component, you must demonstrate that it is not applicable.
What do businesses need to do in order to transition to 9001:2015?
1. Obtain a copy of the standard and READ IT.
It may not be a lot of fun to read, but if you keep in mind the overall framework and what the Standard is trying to achieve, then it will fall into place and make more sense to you.
2. Do a 'Gap analysis'.
We (or any other Certification Body) have a checklist that you can use to assess how well you are doing.
It is important to compare your own practices against a checklist and identify any 'gaps' you need to address. This will also help you to develop a better understanding of the requirements so that you know how to answer questions from your auditor about whether you have fulfilled certain criteria.
3. Put the changes into place.
This may involve creating a plan of implementation and assigning responsibility for each task, and updating documents to reflect the changes.
Because there are changes that will affect management (i.e. changes to the role of leadership) and there are also some changes that will affect risk management and context, it would probably also be very useful for most organisations to provide some training for managers and anyone else who contributes to the quality system… This will ensure that managers and others understand their roles so that they can be consistent with the requirements of the Standard, and that they're aware of the various changes, including new terminology.
It may also be practical to aim for a 'progressive transition' by putting in place changes over time. Use your own internal audits to check how well the changes are being implemented. Your certification body can also help by either extending the scheduled audits or conducting a separate gap analysis for you. This may mean more time and more cost, but it could make life a whole lot stressful for you.
Where to next?
It is important to get a copy of the Standard early, and to start reading. It may not take a lot of time to take the steps you need to transition, but it does require a bit of thinking and reflection.
Now, in March 2017, you should consider that you've got a relaxed 12 months to transition. Use this time wisely so you are not stressed by the drop dead date in September 2018.
The process of transitioning may seem overwhelming. If you're unsure of whether your company is meeting the requirements of the 2015 Standard, or to find out more about becoming transitioning to the ISO 9001:2015, please do not hesitate to contact Dianne Gibert, Managing Director of Service Excellence Consulting Pty Ltd.