ISO 9001 2015 Changes

While previous changes to ISO 9001 varied in significance, the latest ISO 9001:2015 changes to the ISO 9001:2008 standard introduced some new important changes.

QMS Documentation

The updated International Standard does not include the requirement to “document” the Quality Management System. The term ‘documented information’ replaces the old terms ‘documents and records’. While the ISO 9001:2008 had six mandatory procedures, the new revised ISO 9001:2015 standard does not prescribe any mandatory procedure. As noted in clause 7.5 Documented Information, it is to be determined by the organization what documents are necessary for the effectiveness of the quality management system.

Mandatory Documents

4.3 Scope.                                                                                                                           (same as old 4.2.2)

4.4 QMS processes, as needed, to support the operation of processes.                   (same as old 4.1)

5.2.2 Quality policy                                                                                                           (same as old 5.3)

6.2.1 Quality objectives                                                                                                   (similar to old 5.4.1)

Mandatory Documented Information

7.1.5.1 Evidence of fitness for purpose of monitoring measurement resources.   (similar to old 7.6)

7.1.5.2 Basis used for calibration or verification, where measurement
            traceability is a requirement and standards don’t exist.                                (similar to old 7.6)

7.2 Evidence of competence                                                                                           (similar to old 6.2.2)

8.1 confidence that the processes have been carried out as planned and
to demonstrate conformity of products and services to requirements.             (similar to 7.1d)

8.2.3.2 Results of the review of requirements related to products and services.   (similar to old 7.2.2)

8.3.2 Confirm that design and development requirements have been met.          (similar to old 7.3.1)

8.3.4 Design and development controls                                                                        (similar to old 7.3.5-6)

8.3.5 Design and development process outputs.                                                         (similar to old 7.3.3)

8.3.6 Design and development changes.                                                                       (same as old 7.3.7)

8.4.1 Results of external provider evaluations, performance, and re-evaluations.    (same as old 7.4.1)

8.5.1 Characteristics of the products and services, Activities to be performed
and the results to be achieved                                                                                (similar as old 7.5.1)

8.5.2 Unique identification of process outputs,
where traceability is a requirement.                                                                     (same as old 7.5.3)

8.5.3 Customer property damage notice.                                                                     (same as old 7.5.4)

8.5.6 Results of the review of production changes, the personnel
authorizing the change, and any necessary actions.                                         (new)

8.6 person(s) authorizing release of products and services for delivery.                 (same as old 8.2.4)

8.7.2 Actions taken on nonconforming process outputs, products and
services, including concessions obtained and the person or authority
that made the decision dealing with the nonconformity.                                (same as old 8.3)

9.1.1 Evidence of results that ensure monitoring and measurement activities
are implemented in accordance with the determined requirements.              (new)

9.2.1 Evidence of the audit program and audit results.                                             (similar old 8.2.2)

9.3.3 Evidence of the results of management reviews.                                              (same as old 5.6.1)

10.2.2 Nonconformities, subsequent actions taken, and
results of corrective action.                                                                                   (same as old 8.5.2)

Old Records Changed:

7.3.2 Design and development inputs changed to requirements.
7.3.4 Results of design and development reviews and any necessary actions.
7.3.5 Results of design and development verification and any necessary actions.
7.3.6 Results of design and development validation and any necessary actions.
7.5.2 (d) As required by the company to demonstrate the validation of processes.
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use.
7.6 Validity of results investigation.
8.5.3 Results of preventive actions.

Quality Manual Contents

The Quality Manual is no longer required nor is the Exclusions Clause.  The old “exclusions” clause 1.2 in ISO 9001:2008 was originally introduced following the decision to withdraw the ISO 9002 and ISO 9003 standards in 2000. Both are replaced by a Mandatory Scope Document: Scope of the QMS (4.3) and justifications of the requirements that cannot be applied. This scope document could be in a quality manual, but the term “quality manual” is no longer needed.

Quality Policy vs. Objectives

Objectives need to be actionable and accountable. ISO 9001:2015 Quality objectives must now include reference to who is going to do what, by when. A greater emphasis is now placed on processes achieving requirements for goods/services and customer satisfaction.

Quality Management System vs. Management System

A greater focus now exists on the management system. The management review must now take into consideration the strategic direction of the organization. Specifically, reporting on the alignment with the strategic direction.

In ISO 9001:2015 there is no requirement for a management representative anymore. The eight Management principles have been reduced to seven. The principle of “A systems approach to management’ has been dropped.”

1. Customer Focus
2. Leadership
3. Engagement of People
4. Process Approach
5. Improvement
6. Evidence Based Decision Making
7. Relationship Management (instead of Mutually beneficial supplier relationships)

Risk-Based Thinking vs. Preventive Action

Risk-based thinking has been introduced throughout the standard and supersedes a single clause on preventive action. The updated standard requires risk based thinking and a risk driven approach to preventive action throughout the development and implementation of the quality management system. This is because one of the key purposes of a formal management system is to act as a preventive tool and to design in quality.

A quality system is about preventing nonconformances by design and not just focus on finding, sorting or inspecting in quality before the customer receives their shipment. Evidence of risk-based thinking should be clear and demonstrate an effecting PDCA process approach in use.

Tools used for risk assessment

Many tools exist to help an organization identify and work with reducing risk. Below is a list of some of the most common tools.

1. Brainstorming
2. Strengths, Weaknesses, Opportunities, and Threats (SWOT)
3. Structured or semi-structured interviews
4. Delphi
5. Check-lists
6. Primary hazard analysis
7. Hazard and operability studies (HAZOP)
8. Hazard Analysis and Critical Control Points (HACCP)
9. Environmental risk assessment
10. Structure « What if? » (SWIFT)
11. Scenario analysis
12. Business impact analysis
13. Root cause analysis (RCA)
14. Failure mode effect analysis (FMEA)
15. Fault tree analysis
16. Event tree analysis
17. Cause and consequence analysis
18. Cause-and-effect analysis
19. Layer protection analysis (LOPA)
20. Decision tree
21. Human reliability analysis
22. Bow tie analysis
23. Reliability centered maintenance
24. Sneak circuit analysis
25. Markov analysis
26. Monte Carlo simulation
27. Bayesian statistics and Bayes Nets
28. FN curves
29. Risk indices
30. Consequence/probability matrix
31. Cost/benefit analysis
32. Multi-criteria decision analysis (MCDA)

The Current ISO 9000 Family of Standards

While ISO 9001:2015 is the only standard with requirements to which organizations can become certified, there is a family of related ISO documents and guidelines.

ISO 9000 Family

• ISO 9000:2015 – QMS[1] Fundamentals and Vocabulary
• ISO 9001:2015 – QMS Requirements[2]
• ISO 9004:2000 – Guidelines for Performance Improvement

 ISO 9000 Related Standards and Guidelines

• ISO 10001:2007 – QMS – Customer Satisfaction-Guidelines for Code of Conduct for Organizations
• ISO 10002:2004 – QMS – Customer Satisfaction-Guidelines for Complaint Handling in Organizations
• ISO 10003:2007 – QMS – Customer Satisfaction-Guidelines for Dispute Resolution External to Organizations
• ISO 10004:2007 – QMS – Customer Satisfaction-Guidelines for Monitoring and Measuring (under development)
• ISO 10005:2008 – QMS – Guidelines for Quality Plans
• ISO 10006:2003 – QMS – Quality Management in Projects
• ISO 10007:2003 – QMS – Guidelines for Configuration Management

• ISO 10012:2003 – Measurement management systems – Requirements for measurement processes and measuring equipment
• ISO 10013:2001 – Guidelines for quality management system documentation
• ISO 10014:2006 – QM – Guidelines for realizing financial and economic benefits
• ISO 10015:1999 – QM – Guidelines for training
• ISO/TR 10017:2003 – Guidance on statistical techniques for ISO 9001:2000
• ISO 10019:2005 – Guidelines for the selection of quality management system consultants and use of their services
• ISO 13485:2016 – Medical devices — QMS — Requirements for regulatory purposes
• ISO 19011:2002 – Guidelines for Quality and Environmental Auditing
• ISO/TS 16949:2009 – QMS – Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations
• ISO 14001:2015 – Family of Standards for Environmental Management System

[1] QMS = Quality Management Systems

[2] In the ISO 9000 family, organizations can only be audited and certified to ISO 9001.

ISO 9001:2015 Changes

The anticipated update to ISO 9001:2008 was introduced in September 2015.  ISO 9001:2015 introduces fundamental changes to management, the mechanics of managing a Quality Management System, and what’s included in the system itself. You now have until September 2018 to get ready for the new standard. We have updated our ISO 9001:2015 Quality Procedures Manual to incorporate the latest changes. New procedures have been added to reflect what is now required. If you are ready, download it now.