ISO 9001:2015 (Quality Management System) was republished in September 2015. The following pages will let you know about the main aspects of this revision.
Deadline for transition is 14 September 2018.
Since its first publication, ISO 9001 went through several revisions to keep it up-to-date and to consider the changing environment and stakeholder expectations. It was first published in 1987, containing a set of requirements grouped in 20 elements for quality assurance systems. The first revision followed in 1994, introducing some minor changes like the distinction between corrective and preventive action. The revision in the year 2000 introduced a completely new concept, abandoning the element-based requirements and introducing a Quality Management Model based
on a process approach. Again, a revision followed in 2008 with very few changes without adding or changing requirements.
ISO 9001 is the most successful standard for management systems in the world. While in 1995 only 127,000 organizations have been certified according to ISO 9001, this number increased in 2013 to more than 1,100,000 certificates in 180 countries.
Despite the in numerous benefits obtained through an implemented quality management system based on ISO 9001 (e.g. error prevention, reduced costs through improved and more efficient processes, minimization of business risks, increased customer satisfaction, trust and reputation), a new revision of the standard was necessary again to assure that the standard is still relevant and adequate in an always faster changing world. The increasing diversity of ISO 9001 users had to be considered, not having any longer only manufacturing industries but more and more service industries and other kinds of organizations.
It was also necessary to verify the impact of new developments in knowledge and technologies which changed during the last years, as well as broader user interests and changes in the industry. In 2010 and 2011, ISO conducted an extensive web-based user survey, asking about the need for a revision and the future needs and interests of the standard users. The answers have been evaluated and the majority asked for changes and a review of ISO 9001.
Time of Transition
The new standard ISO 9001:2015 applies from September 15th, 2015. The transition period for Quality Management Certificates ends after three years on September 14th, 2018; this means that new certificates issued according to ISO 9001:2008 must include this end date.
Regarding re-certification audit planning for ISO 9001:2015, audits must be performed at least 90 days prior to expiration on September 14th, 2018. The last audit day of a recertification audit shall not be after September 14th, 2018. Once this period has elapsed, an initial certification audit must be carried out.
The Revision Process
In 2011 the responsible ISO committee, the Technical Committee 176, started the systematic review and decided in March 2012 to revise the standard. The revision process went through several internal draft stages and was concluded in September 2015 with the publication of ISO 9001:2015, based on a new common structure for all ISO Management System Standards and introducing several new concepts, the most important being the so-called “risk-based thinking”.
- Normative reference
- Terms and definitions
- The context of the organizations
- Performance evaluation
New Content and Structure
ISO 9001:2015 introduced a couple of changes, making the standard easier to implement together with other management systems and less prescriptive than its predecessor, focusing instead on performance:
- ISO 9001:2015 has a complete new structure and core text from the so called “High Level Structure” as defined in the Annex SL of the “Consolidated ISO Supplement” of the ISO/IEC Directives.
- As one of the main content changes, the new standard increases the requirements for top management commitment and involvement.
- Another significant change is the introduction of the concept of “risk based thinking”. While the concept of risk has always been implicit in ISO 9001, the revised standard makes it more explicit and builds it into the whole management system. Annex SL includes a specific requirement that organizations determine the risks that need to be addressed to ensure that their management system can achieve its intended outcomes, prevent or reduce undesired effects and achieve continual improvement. Each management system standard can define risk in terms that are relevant to their specific discipline; so, the revised version of ISO 9001 does so in relation to product or service conformity and customer satisfaction. Risk based thinking makes preventive action part of the routine and it was not any longer
necessary to keep a specific requirement for preventive action.
- The revised standard also gives increased emphasis on achieving value for the organization and its customers. Important are the results, in other words “output matters”.
- ISO 9001:2015 requires the need to understand the context of the organization and the
needs and expectations of interested parties like for example direct clients or customers, end users, suppliers or regulators. The advance of modern media was recognized by an increased flexibility on the use of documentation and the terms “document” and “record” were substituted by the term “documented information”.
- The process approach introduced in the year 2000 as the desired model for quality management systems will became an explicit requirement in ISO 9001:2015.
- Preventive action disappeared as explicit requirement and the whole wording of the revised standard makes it more readily applicable and usable by “service” type organizations.
- Recognizing the importance of competent people within any kind of organization there is also more emphasis on requirements for competence of personnel. In that context, competence means being able to apply knowledge and skill to achieve intended results.
- In the introduction of the standard we also find the revised quality management principles described in ISO 9000, now reduced from eight to seven principles, combining the former process and system approach. Impact for certified organizations:
We recommend making yourself aware of the new structure and the new requirements as soon as possible. Certified organizations will need the transition to the revised standard. That means that you will have to review your understanding of the organization´s context and the needs and expectations of relevant interested parties. You will have to determine the risks and opportunities that need to be
addressed, and -depending on the results of your analysis – processes and system documentation may have to be revised and be aligned with the new requirements.
ISO and the International Accreditation Forum IAF agreed about a period of three years for the transition from the ISO 9001:2008 to the new ISO 9001:2015.
ISO 13485:2016 the long-anticipated revision of the standard used by medical device manufacturers worldwide has finally been published. The standard is now based on ISO 9001:2008.
DQS Inc. now accredited to the new version of ISO 13485 and able to perform upgrade audits. DQS is also able to offer gap assessment services for organizations.
Gap Assessments to ISO 13485:2016 benefits include:
- Early identification of missing requirements
- Early evaluation of the organizations risk based approach
- Minimize and manage risks for upgrade activities
- Evaluation of process based approach in your QMS
- Evaluation of incorporation with ISO 9001:2015
ISO 13485:2016 was released February 25, 2016, and DQS Inc. is proud to say that as of January 18, 2017, we have attained accreditation to offer certificates to this updated standard.
Clients currently certified to ISO 13485:2003 are required to have their current certificate transitioned to ISO 13485:2016 by March 1, 2019. All remaining ISO 13485:2003 certificates will be withdrawn on that date. To complete this, all upgrade audits must be completed by December 1, 2018.
Customers may upgrade during their regularly scheduled recertification or surveillance audits or during a special audit. Stage 1 audits are not required for the upgrade, but we can conduct an optional Stage 1 or gap assessment if requested. The certificate renewal date will not be reset upon renewal unless it is done during a recertification audit.
The number of audit days required for the upgrade audit is as follows:
- Recertification audit: Recertification time with no reductions
- Surveillance audit or special audit: Annual surveillance time with no reductions plus one day
- If conducted at the same time as an ISO 9001:2015 S1/S2 upgrade/ recertification audit with same scope and same or lower employee count, no additional time for ISO 13485:2016 upgrade is required. Scopes that differ only by clarifying it is “for the medical device industry” or similar wording with same or lower employee count will also not require additional time for ISO 13485:2016 upgrade. Other scenarios will be reviewed on a case by case basis to determine if additional time is needed
Occupational Health and Safety
The aspect of health safety is very relevant in today’s fast-paced competitive era. Today there are numerous cases of organizations that violate workplace safety norms and safe working conditions. The concerns are on the rise due to prevailing trade malpractices such as adulteration, to which even the prevailing benchmarks are proving to be unsatisfactory. To address all these issues, ISO has introduced the new occupational health & safety (OH&S)-the ISO 45001. The ISO 45001:2018 has replaced the existing OHSAS 18001 certification.
With the advent of globalization, organizations have now begun to conduct their operations across the globe. During this practice, they have begun to face new challenges as regards the health and safety of their workers. The conventional types of ISO certification for assuring product quality, health and safety like OHSAS 18001 have now proved to be very generic and inadequate. The fact is none of them is satisfactorily promoting global conformity of product quality and safety.
Seeing this problem, the International Organization for Standardization (ISO) has introduced another standard for occupational health & safety (OH&S)- the ISO 45001. This has replaced the previous benchmark OHSAS 18001 in 2018.
Objective of ISO 45001
The objective of ISO 45001 is to help organizations in designing systems to prevent injury and ill health, regardless of size or industry. All its requirements are designed to be integrated into an organization’s overall management processes, following the so-called ISO High Level Structure, already adopted by ISO 9001:2015 and ISO 14001:2015.
Expected Content Changes
Because the standard is currently still in development, we need to be careful with the conclusions we draw at this point.
The standard will have the same structure as ISO 9001:2015 and ISO 14001:2015, and will also share the same terminology. This will make it easier to integrate OH&S management into the overall management system.
There a couple of changes worth noting:
- Focus on the context of organizations
- Risk-based approach
- Context of organizations
- Stronger role for top management
Benefits of ISO 45001
- International standards set benchmarks that apply across political, economic and social barriers
- High-level structure for easy integration with ISO 9001:2015, ISO 14001:2015 and others
- Suitable for organizations of any size or structure
- Reduce risk and improve your brand’s image in the eyes of customers and business partners
- Less accidents means less interruption of operational processes
- Protect your brand by ensuring your suppliers fulfil OHSAS requirements
- Simplifies compliance with legal and regulatory requirements
Certified organizations will need to transition to the revised standard. That means that you will have to review your understanding of the organization´s context and the needs and expectations of relevant interested parties. You will have to determine the risks and opportunities that need to be addressed, and – depending on the results of your analysis – processes and system documentation may have to be revised and be aligned with the new requirements.