ISO 9001 Updates - QCS International

part of the phsc group

August 2017 - ISO 9001: Top Management

ISO 9001 has a whole new clause of leadership for the management system. This replaces the old concept of top management commitment that appeared in the previous versions of both standards.

If you already have top management who are fully engaged in the management systems you have, and who actively participate in decisions and take note of issues and concerns the system raises, then this will be much easier. If, however, senior staff rarely comment on the QMS or EMS and who limit their involvement to management review then this will require some work.

Key to understanding leadership here is accountability. The function of a management representative has been removed from the standards so it is no longer the case that this can be easily delegated.

To be accountable, top management must really have their finger on the pulse and be aware of issues and concerns within the system as soon as they occur. This allows them to allocate resources, drive improvement, and ensure that the system really does contribute towards the organisation.

The most obvious areas for top management to demonstrate their involvement include:

  • Considering the quality and environmental implications of decisions they have taken, and ensuring the QMS and EMS develops alongside wider business/organisation improvement. The QMS should never be an afterthought
  • Actively and continually reviewing progress against objectives and targets – and not simply waiting for an end of year review to find out these are not going to be met
  • Making sure different departments and activities throughout the organisation work together to deliver the product/service and deliver good environmental management – the process approach
  • Supporting all staff who may be trying to deliver the quality management system
  • Being aware of risks and opportunities and using these when developing organisational strategy

Much of this does not necessarily have to be documented in any way, but the top manager within your organisation shall have to be able to demonstrate this during certification body audits, usually through interview or by explaining the decisions they have made. There is no harm including top management in your own internal audit programme to ensure they are well prepared!

June 2017 - ISO 9001: Clause 4 Marketplace

Regarding the new standards, one of the first new concepts you will identify is the establishment of context at Clause 4. We are frequently asked by our clients ‘what are we supposed to do here?’ and ‘Do we need to create new documented information or records?’.

Many organisations already have a good understanding of the market place within which they operate. The marketplace should be considered in its broadest sense as it may not always be a commercial one and includes public sector and third sector activities. To operate you need to understand the market, your clients, what your competitors are doing and what you might have to do to survive! This is part of any organisation’s ‘thought process’ and is not something new to be done as part of ISO 9001 and ISO 14001.

The standard requires you to consider what is the context within which you operate. This means, for example, demonstrating an understanding of key legal issues, technological change, market trends, environmental concerns, society’s view of your activities, political change etc. The exact list of issues will depend on your organisation, what you do and how integrated you are with external bodies.

To meet the requirements of clause 4 you must show that you have considered such issues and how they may, or may not, have an impact on your quality and/or environmental management system. This can be done on a document presented at management review; a distinct piece of work by your quality/environmental departments etc. It could, however, simply be top management providing robust and detailed understanding of these issues verbally, during audit. We would recommend having documented evidence that shows you have identified your key issues. A simple list of items under broad headings on economics, market, technology etc. will suffice.

The second part of clause four then asks you to consider interested parties. This means identifying all individuals and organisations who can have an impact on the QMS/EMS or who may be affected by it. There are obvious interested parties such as customers, suppliers, neighbours etc.

The clause also requires you to think what requirements are linked to each, for example, customers’ requirements might include the receipt of goods of the correct type, quantity and price, on time and without faults. A Neighbour may expect to not be adversely affected by your poor environmental performance, suffering from your pollution for example. For each requirement of an interested party you need to consider and demonstrate this requirement is fulfilled.

Note that the context you establish and understand makes it easier for you to consider risk and other unforeseen circumstances. Actions against these risks must be considered and relevant actions taken under the risk management clause of the standards (clause 6).

March 2017 - Countdown to the ISO 9001 Deadline

In 2015 the new ISO 9001 and ISO 14001 standards for quality and environmental management were published. These new standards were updated to reflect new thinking associated with management systems, the adoption of a more integrated approach and a greater emphasis on risk appraisal.

We are now halfway through the three-year period during which transition to the new standards must be completed. The deadline to transition to ISO 9001:2015 is September 2018. Given the amount of work required by some organisations, the time limit will become increasingly difficult.

If your current certificates (to ISO 9001:2008 or ISO 14001:2004) are set to expire in the next 18 months, then there is little or no value in having these maintained. Any new certificates will not be valid beyond September 2018 meaning that the costs of recertification will not give you the normal 3-year registration. In such circumstances transition and certification to the new standards now is desirable and cost effective.

August 2016 - ISO 9001 Transition: The First Year

A year since the publication of the updated ISO 9001:2015 standard, we have learnt more about the implications of the new standard. Our experience has given us some insights into the change and what it means, on a practical level, to our clients.

Key to a successful transition is to have an effective system in place already operating to the 2008 version of the standard. The new standard does not require you to change drastically but does require you to do new things, to adjust and to build upon a strong foundation. If your QMS is weak in any way this will make the transition process much more demanding.

Companies with weaknesses in their systems do so in many instances because of a failure of top management. The new standard has strengthened the need for effective leadership and we have found that Certification Bodies will be seeking evidence to demonstrate that this is really the case. Whilst there was always a courtesy visit to senior staff during audits, this is now an integral part of a Certification Body visit.

The new risk-based approach to ISO 9001 means that this will become more formal. If you are not identifying risks just now, then this requirement will not only be good for your QMS it will be good for your business. Taking worthwhile, effective and demonstrable actions against actual risks is not only a key to improvement, it can also be a means of survival in a competitive market.

Much has been made of the removal of mandatory written procedures within the updated ISO 9001. Our advice is to NOT remove procedures if they are a useful part of your existing set-up. Unnecessary written procedures are an administrative burden, but not having a key document that contributes towards effective management of a QMS element is a business risk. Simply ask when reviewing documents; ‘Is this document necessary and is there a risk if we do not have it’?

Whilst there was always a requirement to deliver products in accordance with relevant regulatory requirements the new standard makes greater emphasis of point. QCS has found the new clause on post-delivery activities and release of product is relevant here as many companies have failed to understand on-going regulatory requirements on recall, instructions and customer support. This is particularly true if your product has a CE mark or makes other claims.

The new clause on planning of changes is particularly relevant to the transition process as the transition itself is a change that has to be appropriately managed and implemented. If you need to demonstrate any activity that shows you plan for and deliver changes effectively, then the transition itself is evidence enough.

April 2016 - Does your organisation still need ISO 9001?

If your company’s QMS is dual certified to ISO 13485:20012 and ISO 9001:2008, you have an important decision to make. With the release of the new standards, ISO 9001:2015 and ISO 13485:2016, the standards which were commonly referred to as sister standards, are now more like distant cousins.

ISO 9001:2015 does not require a Management Representative to be assigned, nor does it require a Quality Manual whereas ISO 13485:2016 retains these requirements. ISO 9001:2015 also introduces terms such as Interested Parties and Leadership. Clause numbering is different and there are different definitions for products and customer complaints.

As a result of the differences that have developed between 9001 and 13485, Certification Bodies will be very unlikely to certify systems to both ISO 13485 and ISO 9001 in the same visit, or indeed using the same auditors. This will mean additional work and expense in order to retain your ISO 9001.

The important decision you have to make…..do you really need to keep your ISO 9001 certification? Is it a requirement of one of your customers or is it important to another part of your business not related to the medical devices you manufacture? Having a discussion with your customers or other business units is key to understanding if you can streamline the work and expense necessary in the upkeep of your QMS by dropping ISO 9001 certification.

September 2015 - Are your auditors ready for the new ISO 9001 Standard?

With the new ISO 9001 standard being introduced, it is important that you ensure your auditors are ready. Auditors should be competent to audit against the new requirements the standard contains; moreover, they can also play a role thorough the transition process. As new or changed elements to your quality system are introduced it will be your own internal auditors who will examine the effectiveness of what has been done and suggest what further changes are required.

The new standard requires a change in emphasis and a greater requirement to engage senior management. These, along with some other updates need to be understood by your auditors. Auditors will now have to:

  • Adopt the high level structure, or Annex SL so that integration between different standards is more effective and easier.
  • Know how you interact with internal and external stakeholders as well as the regulatory, marketplace and cultural framework within which you operate.
  • Satisfy themselves that your risk management approach is effective, and that the measures you take address risk but also take advantage of any opportunities arising.
  • Establish the effectiveness of key management decisions and leadership.
  • Learn a new set of terminology that auditors will need to be familiar with and understand the implications of.

July 2015 - New ISO 9001 is here

The final draft version of ISO 9001:2015 (Quality Management Systems) has been published this week. This means organisations can begin to make plans to implement the necessary changes they need to ensure certification to the new standards.

 

The new standards look significantly different to the previous versions. Both have adopted the Annex SL framework that aligns key elements, making integration easier. It has not just been a rearrangement of clauses; there are new requirements such as:

  • considering risks,
  • setting the context,
  • the demonstration of top management commitment.
  • QCS has ensured that both our training courses and consultancy services are now ready to offer the necessary support to both existing and new clients.

February 2015 - New Revisions of ISO 9001

Updates to ISO 9001 have been planned for several years. Of particular note is that this standard shall be the next (after ISO 27001) to adopt the new common framework for all management systems – Annex SL.

Common to all revised standards will be the Annex SL emphasis on leadership. Top management is now  more clearly defined and there is greater obligation to demonstrate that quality and environmental  management is considered in wider decision making and activity; quality and environmental management should not be seen in isolation. There is no longer a need to have an appointed quality or environmental management representative; this is to avoid senior managers simply devolving all responsibility to another member of staff. It does not mean, however, that there is no longer a need to have a quality /environmental manager!

Annex SL has also removed the need for preventive actions common in management systems previously.  Instead, organisations are asked to consider their ‘context’ and the risks they face, taking actions to ensure there are no threats to their quality and environmental management systems.

Also removed are the requirements for any mandatory documented procedures. This does not mean you can have a bonfire of procedures; you should continue to have documents within your management systems if their absence would expose you to unnecessary risk.

ISO9001 quality objectives come in line with other standards – with greater evidence that resources are being applied to achieving them and that there is a timeline in place for their completion. Other updates to 9001 include new planning requirements and operational controls to replace the ‘product realisation’ sections of the old standard.

QCS are here to answer any questions about the updates. If you need any help or training within your organisations just get in touch and we shall be happy to discuss your requirements and what we can do to assist.

February 2012 - ISO 9001:The Next Generation

The ISO technical committee that developed the ISO 9000 series of standards launched a major survey of existing and potential users of ISO 9001. The survey’s objective was to better understand user needs, identify opportunities for improvement, and guide the long-term strategic direction for quality management.

Responses were made across a representative selection of organisational sizes and from manufacturing, service and other sectors.

One of the key outcomes of the survey was an indication as to how users wanted the standard to develop over the coming years.  We have included the outcome of the response to the main questions on preferred changes as follows:

Question: Which of the following options would you prefer for the future of ISO 9001?

Option A – Leave ISO 9001 unchanged, i.e., re-confirm “as is” for a further five years.

  • Positive : 43%
  • Negative : 48%
  • Neutral : 9%

Option B – Revise ISO 9001 based on the suggestions for change arising from this survey, and produce one revised ISO 9001 standard where all requirements remain equally mandatory.

  • Positive : 53%
  • Negative : 35%
  • Neutral : 12%

Option C – Leave ISO 9001:2008 unchanged, but also develop another standard with an enhanced (higher level) set of QMS requirements for sustained success that could be used for certification.

  • Positive : 25%
  • Negative : 65%
  • Neutral : 10%

Option D – Leave ISO 9001:2008 unchanged, but also develop another standard with a reduced (lighter version) set of requirements that could be used for certification of organizations providing low-risk products.

  • Positive : 24%
  • Negative : 67%
  • Neutral : 9%

Option E – Replace ISO 9001:2008 with a series of three documents (QMS 1, QMS 2, QMS 3) with higher, middle, and lower sets of requirements that could be used for certification depending on the risk and criticality associated with the organization’s products.

  • Positive : 26%
  • Negative : 66%
  • Neutral : 8%

Option F – Replace ISO 9001:2008 with a single standard to include a much broader range of higher and lower sets of requirements, allowing organizations a greater choice depending on risk and criticality associated with the organization’s products.

  • Positive : 41%
  • Negative : 49%
  • Neutral : 10%

Option G – Replace ISO 9001:2008 with a single standard to include a full range of higher, middle, and lower sets of requirements, with points-based maturity assessment.

  • Positive : 44%
  • Negative : 47%
  • Neutral : 9%

Question: How important is it to incorporate the following concepts into ISO 9001? 

  • Resource management: 75%
  • Voice of customers: 74%
  • Measures (e.g., performance, satisfaction, return on investment): 72%
  • Knowledge management: 72%
  • Integration of risk management: 73%
  • Systematic problem solving and learning: 73%
  • Self-assessment tool: 71%
  • Strategic planning: 68%
  • Innovation: 65%
  • Use of technology to develop and implement requirements: 63%
  • Life cycle management: 62%
  • Use of technology to run your business: 61%
  • Financial resources of the organization: 55%
  • Supporting quality tools (e.g., Six Sigma): 55%

In summary, users believe ISO 9001 is an effective quality management standard and with enhancements will remain relevant in the future.   Many respondents suggested that, while major changes are not required, improvements could be made to address the ever changing global and business requirements to ensure ISO 9001 remains relevant.

A number of respondents also criticised the way in which ISO 9001 was implemented and recommended better application guidance.

The survey results will provide significant input to the ISO committee’s review process and help determine proposed changes for any revisions of ISO 9001 in the future.

September 2009 - Is your ISO Certificate valid?

Your customers rely on certification to ISO 9001, ISO 14001 and OHSAS 18001 as confidence in your performance, just as you rely on your suppliers to hold credible management systems.   But is your certificate valid?QCS International regularly gets calls from people who cannot understand why they have lost out on yet another tender or why a particular supplier is such a poor performer dispite holding ISO 9001.

The key here is to check that any management system has been certified by a UKAS (United Kingdom Accreditation Service) accredited body.

Case Study

An engineering company based in Aberdeen, called us because their main customer claimed that their certificate was not worth the paper it was written on.

The problem?   A non-UKAS accredited company had awarded the certificate to ISO 9001.

Not only this but their certification only covered the administration part of the business and not anything to do with the engineering/fabrication part of the business – their manual had even excluded calibration from certification!

We worked with the company to help them to understand the issue, redesign their system and then gain certification with an accredited Certification Body.

Benefits of a UKAS accredited certification body

Simply put anyone can set up as a certification body but without UKAS to regulate this you have no assurance that a management system has been checked with the right frequency, to the right standards and with competent auditors.

What can you do?

For your certificate or your supplier’s certificate, look at the logo on the certificate and in addition to the certification body logo it must contain the UKAS ‘tick and crown logo’.   If you are unsure either check the UKAS web or simply call QCS on 01236 734447 and we will be happy to help you.

August 2009 - ISO 9001:2008

In November 2008, ISO 9001:2008 was created. There were no new requirements to ISO 9001:2008, but the standard introduced a few specific areas that Certification Bodies were asking questions about during their routine visits.

From our contacts within Certification Bodies and our vast network of customers who were assessed since the standard was issued, we compiled this insider report of the 8 most common questions…

  • Do you outsource any part of your processes that affect your product or service? How do you control the outsourced supplier?
  • Is the management representative a member of your management team?
  • Has necessary competence been defined for people performing work that affects your product or service?
  • Have you identified product (or service) status with respect to monitoring and measurement requirements throughout product/service delivery (not just at the end)?
  • Does your corrective action procedure ensure that you review each corrective action to ensure it is implemented and is effective (i.e. has fixed the root cause of the issue)?
  • Are you reviewing the effectiveness of each corrective action?
  • Does your preventive action procedure ensure that you review each preventive action to ensure it is implemented and is effective (i.e. will fix the root cause of any potential issue)?
  • Are you reviewing the effectiveness of each preventive action?
TOP