ISO 9001 2015 Changes

While previous changes to ISO 9001 varied in significance, the latest ISO 9001:2015 changes to the ISO 9001:2008 standard introduced some new important changes.

QMS Documentation

The updated International Standard does not include the requirement to “document” the Quality Management System. The term ‘documented information’ replaces the old terms ‘documents and records’. While the ISO 9001:2008 had six mandatory procedures, the new revised ISO 9001 2015 Procedures does not prescribe any mandatory procedure. As noted in clause 7.5 Documented Information, it is to be determined by the organization what documents are necessary for the effectiveness of the quality management system.

Mandatory Documents

4.3 Scope. (same as old 4.2.2)

4.4 QMS processes, as needed, to support the operation of processes. (same as old 4.1)

5.2.2 Quality policy (same as old 5.3)

6.2.1 Quality objectives (similar to old 5.4.1)

Mandatory Documented Information

7.1.5.1 Evidence of fitness for purpose of monitoring measurement resources. (similar to old 7.6)

7.1.5.2 Basis used for calibration or verification, where measurement
traceability is a requirement and standards don’t exist. (similar to old 7.6)

7.2 Evidence of competence (similar to old 6.2.2)

8.1 confidence that the processes have been carried out as planned and
to demonstrate conformity of products and services to requirements. (similar to 7.1d)

8.2.3.2 Results of the review of requirements related to products and services. (similar to old 7.2.2)

8.3.2 Confirm that design and development requirements have been met. (similar to old 7.3.1)

8.3.4 Design and development controls (similar to old 7.3.5-6)

8.3.5 Design and development process outputs. (similar to old 7.3.3)

8.3.6 Design and development changes. (same as old 7.3.7)

8.4.1 Results of external provider evaluations, performance, and re-evaluations. (same as old 7.4.1)

8.5.1 Characteristics of the products and services, Activities to be performed
and the results to be achieved (similar as old 7.5.1)

8.5.2 Unique identification of process outputs,
where traceability is a requirement. (same as old 7.5.3)

8.5.3 Customer property damage notice. (same as old 7.5.4)

8.5.6 Results of the review of production changes, the personnel
authorizing the change, and any necessary actions. (new)

8.6 person(s) authorizing release of products and services for delivery. (same as old 8.2.4)

8.7.2 Actions taken on nonconforming process outputs, products and
services, including concessions obtained and the person or authority
that made the decision dealing with the nonconformity. (same as old 8.3)

9.1.1 Evidence of results that ensure monitoring and measurement activities
are implemented in accordance with the determined requirements. (new)

9.2.1 Evidence of the audit program and audit results. (similar old 8.2.2)

9.3.3 Evidence of the results of management reviews. (same as old 5.6.1)

10.2.2 Nonconformities, subsequent actions taken, and
results of corrective action. (same as old 8.5.2)

Old Records Changed:

7.3.2 Design and development inputs changed to requirements.
7.3.4 Results of design and development reviews and any necessary actions.
7.3.5 Results of design and development verification and any necessary actions.
7.3.6 Results of design and development validation and any necessary actions.
7.5.2 (d) As required by the company to demonstrate the validation of processes.
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
7.6 Validity of results investigation.
8.5.3 Results of preventive actions.

Quality Manual Contents

The Quality Manual is no longer required nor is the Exclusions Clause. The old “exclusions” clause 1.2 in ISO 9001:2008 was originally introduced following the decision to withdraw the ISO 9002 and ISO 9003 standards in 2000. Both are replaced by a Mandatory Scope Document: Scope of the QMS (4.3) and justifications of the requirements that cannot be applied. This scope document could be in a quality manual, but the term “quality manual” is no longer needed.

Quality Policy vs. Objectives

Objectives need to be actionable and accountable. ISO 9001:2015 Quality objectives must now include reference to who is going to do what, by when. A greater emphasis is now placed on processes achieving requirements for goods/services and customer satisfaction.

Quality Management System vs. Management System

A greater focus now exists on the management system. The management review must now take into consideration the strategic direction of the organization. Specifically, reporting on the alignment with the strategic direction.

In ISO 9001:2015 there is no requirement for a management representative anymore. The eight Management principles have been reduced to seven. The principle of “A systems approach to management’ has been dropped.”

Customer Focus
Leadership
Engagement of People
Process Approach
Improvement
Evidence Based Decision Making
Relationship Management (instead of Mutually beneficial supplier relationships)

Risk-Based Thinking vs. Preventive Action

Risk-based thinking has been introduced throughout the standard and supersedes a single clause on preventive action. The updated standard requires risk based thinking and a risk driven approach to preventive action throughout the development and implementation of the quality management system. This is because one of the key purposes of a formal management system is to act as a preventive tool and to design in quality.

A quality system is about preventing nonconformances by design and not just focus on finding, sorting or inspecting in quality before the customer receives their shipment. Evidence of risk-based thinking should be clear and demonstrate an effecting PDCA process approach in use.

Tools used for risk assessment

Many tools exist to help an organization identify and work with reducing risk. Below is a list of some of the most common tools.

Brainstorming
Strengths, Weaknesses, Opportunities, and Threats (SWOT)
Structured or semi-structured interviews
Delphi
Check-lists
Primary hazard analysis
Hazard and operability studies (HAZOP)
Hazard Analysis and Critical Control Points (HACCP)
Environmental risk assessment
Structure « What if? » (SWIFT)
Scenario analysis
Business impact analysis
Root cause analysis (RCA)
Failure mode effect analysis (FMEA)
Fault tree analysis
Event tree analysis
Cause and consequence analysis
Cause-and-effect analysis
Layer protection analysis (LOPA)
Decision tree
Human reliability analysis
Bow tie analysis
Reliability centered maintenance
Sneak circuit analysis
Markov analysis
Monte Carlo simulation
Bayesian statistics and Bayes Nets
FN curves
Risk indices
Consequence/probability matrix
Cost/benefit analysis
Multi-criteria decision analysis (MCDA)

The Current ISO 9000 Family of Standards

While ISO 9001:2015 is the only standard with requirements to which organizations can become certified, there is a family of related ISO documents and guidelines.

ISO 9000 Family

ISO 9000:2015 – QMS[1] Fundamentals and Vocabulary
ISO 9001:2015 – QMS Requirements[2]
ISO 9004:2000 – Guidelines for Performance Improvement

ISO 9000 Related Standards and Guidelines

ISO 10001:2007 – QMS – Customer Satisfaction-Guidelines for Code of Conduct for Organizations
ISO 10002:2004 – QMS – Customer Satisfaction-Guidelines for Complaint Handling in Organizations
ISO 10003:2007 – QMS – Customer Satisfaction-Guidelines for Dispute Resolution External to Organizations
ISO 10004:2007 – QMS – Customer Satisfaction-Guidelines for Monitoring and Measuring (under development)
ISO 10005:2008 – QMS – Guidelines for Quality Plans
ISO 10006:2003 – QMS – Quality Management in Projects
ISO 10007:2003 – QMS – Guidelines for Configuration Management

ISO 10012:2003 – Measurement management systems – Requirements for measurement processes and measuring equipment
ISO 10013:2001 – Guidelines for quality management system documentation
ISO 10014:2006 – QM – Guidelines for realizing financial and economic benefits
ISO 10015:1999 – QM – Guidelines for training
ISO/TR 10017:2003 – Guidance on statistical techniques for ISO 9001:2000
ISO 10019:2005 – Guidelines for the selection of quality management system consultants and use of their services
ISO 13485:2016 – Medical devices — QMS — Requirements for regulatory purposes
ISO 19011:2002 – Guidelines for Quality and Environmental Auditing
ISO/TS 16949:2009 – QMS – Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations
ISO 14001:2015 – Family of Standards for Environmental Management System

[1] QMS = Quality Management Systems

[2] In the ISO 9000 family, organizations can only be audited and certified to ISO 9001.

ISO 9001:2015 Changes

The anticipated update to ISO 9001:2008 was introduced in September 2015. ISO 9001:2015 introduces fundamental changes to management, the mechanics of managing a Quality Management System, and what’s included in the system itself. You now have until September 2018 to get ready for the new standard. We have updated our ISO 9001 2015 Procedures to incorporate the latest changes. New procedures have been added to reflect what is now required. If you are ready, download it now.