Академический Документы
Профессиональный Документы
Культура Документы
JEMO Limited
11 Willowbank, Chippenham
Wiltshire SN14 6QG, United Kingdom
Phone: +44 (0) 1249 447 544
Fax: +44 (0) 1249 400 200
E-mail: contact@jemoltd.com
www.jemo.co.uk
Guide to ISO 9001: 2015 the requirements that should not change
Introduction
ISO 9001: 2015 is nearing publication, the certification industry is gearing up with road shows, and
new terminology is entering the quality language. The jury is out on whether the changes are ground
breaking or just a tidy up job; whether you should get started now or wait for the amnesty period to
expire before you get started. Two highly respected commentators - the Chartered Quality Institute
(CQI) and the IRCA (the International Register of Certificated Auditors) in a joint statement have said
This is the most important event since ISO 9001.
We consider the changes to be sufficiently significant, affecting the way your organization is run for
you to make a start now. In this guide we cut to the chase and provide you in plain language an
introduction to the new core requirements and a brief overview of the quality related changes.
But there could still be some changes, couldnt there? Well Yes and No. Some of the changes
that have been made are to the core material that affects all ISO management system standards and
these should not change. It is these that we concentrate on in this guide.
As we are auditors working for international accredited certification bodies we also provide some
opinions on how their auditors may approach the changes.
Why does the standard have to change?
The International Standards Organization (ISO) reviews its standards every five to seven years. It
also carries out surveys and takes into account feedback from many quarters. Based on this it has
decided this time to standardise as much content as possible in all of its management system
standards. This has resulted in at least 60% of ISO 9001 having core content that is the same as ISO
14001 (environmental management) and other standards. This should not change. The remaining
40% is quality specific and could be subject to minor further change.
A significant comment received was that the standard was biased too much to manufacturing and did
not adequately take into account the needs of service industries. This has been addressed in the new
standard and service has the same status as product.
What is standardised and what is not?
The core requirements common to all ISO management system standards are known as the High
Level Structure (HLS) and are derived from an IEC/ISO Directive which the standards writing teams
must follow. Without going into the technical details, this is in an annex to a Directive and you may
also hear these referred to as Annex SL.
As we said earlier, on top of these core requirements the rest for each standard are disciplinespecific. The quality related standards such as ISO 9001, ISO 13485 and others will have different
discipline specific requirements to ISO 14001, ISO 22000 (food management) and others.
Will the HLS/Annex SL requirements change?
This is unlikely, but you never can tell with standards not yet published. The consensus of opinion
from the quality professionals such as the (CQI) is that they will not change. Which is why have
recommended that you make a start now.
Many of the quality discipline requirements have been developed from the existing ISO 9001: 2008
standard and our experience from previous major revisions is that the changes to these from now on
will be relatively minor.
Page 1 of 15
Guide to ISO 9001: 2015 the requirements that should not change
What is the position with ISO 9001: 2015 at the moment?
The standard is currently at Draft International Standard (DIS) status. This has been reviewed and will
be issued as Final Draft International Standard (FDIS) in June this year. There should be no changes
between the FDIS and the publication of ISO 9001: 2015 in September this year
Caveat
Whilst we have done our best to ensure the information we have provided is accurate we cannot be
held responsible for any errors or omissions or actions resulting from your interpretation and
implementation of this guidance.
Page 2 of 15
Guide to ISO 9001: 2015 the requirements that should not change
The major changes to the core (HLS/Annex SL) requirements
There are ten clauses instead of eight
Whilst ISO 9001: 2008 has eight clauses, the 2015 version has ten. This would not be an issue if
clauses had simply been sub-divided, but most of the clauses have new requirements. The common
clause titles and sequence are shown in Table 1 with comments on the changes:
Clause
Title
Comment
Scope
Normative references
Leadership
Planning
Support
Operation
Performance evaluation
10
Improvement
documented procedures are not now referred to but you do need to maintain documented
information wherever you see the verb maintain this means document
records are not referred to and are embraced by documented information wherever you see
the verb retain this means record
product is replaced by products and services emphasising that the standard is equally
applicable to services
Page 3 of 15
Guide to ISO 9001: 2015 the requirements that should not change
quality manual has been dropped it is now up to you how you describe what you do and
what you call it. The standard requires integration of the quality processes with the overall
business processes so Business Manual might be an appropriate title for your quality manual
quality context is a completely new term which when combined with internal and external
issues and will need to be thoroughly understood
risk based approach is what it says it is identified risks, their impacts, the chances of
occurrence and the management of them.
management representative (MR) as we have said in Table 1, this has been dropped and
the roles and the MR responsibilities need to be spread around the top management team
monitoring and measuring resources this spreads the net wider than instruments to include
the people who make decisions as a result of checks they do
externally provided products and services replaces purchasing products, services and even
processes can be provided from a wide range of sources
quality objectives
design and development this was dropped in the committee draft but reinstated in DIS
9001: 2014 and will be retained in the published standard
Page 4 of 15
Guide to ISO 9001: 2015 the requirements that should not change
The other influences on what you achieve can be from stakeholders in your business. The standard
now calls these interested parties and they can be more than customers. You will need a good idea of
who they are, their interests and any risks to your business that they present.
If you have an ISO 9001: 2008 compliant system you should already have a well-defined scope of
your quality management system stating what is included and what is not. We suggest you examine
this to see if it is still appropriate to the issues identified and the needs and expectations of all
interested parties.
Finally for this clause your quality management system should be centred on your key processes and
be continually developed and improved to cope with changing circumstances. You are probably
already doing this. We will look at this further when we get to Clause 6 which covers planning and
Clause 10 which covers improvement.
The quality related requirements.
Most of this clause is HLS/Annex SL and there are no significant quality related requirements
How auditors may approach this
This can make an auditors job easier. When they approach an organization for the first time they may
have only a limited idea of what you do and the issues you face. They may only glean a proportion of
this from studying websites and questionnaire returns. You should now be able to provide a profile
and an insight into your business goals, objectives and influencing factors. Of course expect them to
challenge this if it is not transparent, over-biased in your favour or conflicts with what their experience
of similar organizations suggests.
Clause 5 Leadership
This has the following sub-clauses:
5.1 Leadership and commitment to the quality management system
5.2 Quality Policy
5.3 Organisational roles, responsibilities and authorities
The qualifier Quality differs with other management system standards. For example ISO 14001 will
have Environmental Policy. There are sub-sub clauses that are quality specific and listed later.
At first glance this appears to be much like Clause 5 (management responsibility) of ISO 9001: 2008.
Look closer and you will see it has some significant changes. In many organizations top management
do not lead the QMS and leave this to Mr or Ms Quality the management representative (MR). In
these organizations this must change because the quality management representative role has
disappeared.
Much of what ISO 9001: 2008 required the MR to do have been transferred to the top management
team, although they can delegate some of this. If you are the management representative we suggest
you closely examine what you do now. Re-position your role as an internal consultant to your top
management team to provide them with the assistance they need to make the transition and to be on
hand when needed afterwards.
Top management now have to accept genuine accountability and hands on commitment to the
quality management system and be able to demonstrate this.
Page 5 of 15
Guide to ISO 9001: 2015 the requirements that should not change
They have to ensure the quality management system is integrated into the business and is not a bolton extra. The general purpose of this is to spread the involvement in the QMS to the wider
management team and involve people in a quality culture. This is one good reason for starting now
culture changes can take substantial time to introduce.
The quality policy has been strengthened and developed and now includes a commitment to meet all
applicable requirements and to be improved. It must be understood by everyone who works under
your organizations control and who can affect the quality of what you deliver. This includes other
interested parties and providers and you should make the policy available to them.
The quality related requirements.
There are quality related requirements in sub-clauses to 5.1 and also in Organizational roles,
responsibilities and authorities (5.3) but as we are concentrating on the HLS/Annex SL requirements
in this briefing we confined ourselves to listing these in Table 2. If you require comprehensive tools for
implementing and auditing all of the changes please visit www.jemo.co.uk or contact us at
contact@jemoltd.com
Clause
Title
Comment
5.1.1
5.1.2
Customer focus
Page 6 of 15
Guide to ISO 9001: 2015 the requirements that should not change
The new standard has removed the requirement for preventive action in the 2008 version and
replaced it with risk based thinking. This means the whole standard is intended to look ahead, to
identify risks and put in place controls to manage them. In addition to risks you may identify
opportunities for improvement and you should exploit these. How this is done is via the planning work
you do to meet this clause.
This is the logical development of the process you started in Clause 4 where your interested parties,
their needs and issues were defined and in clause 5 where you identified risks to your customers from
your products and services. These are now at the heart of the risk management processes.
You probably already have quality objectives and departments, teams or individuals working on them.
The new standard reinforces the principle that these should be clearly defined, measurable (when
practicable), achievable and with responsibilities defined for their achievement in specified timescales.
The quality related requirements.
There are quality specific requirements in 6.1 Actions to address risks and opportunities, 6.2 Quality
objectives and planning to achieve them and 6.3 - Planning of changes, which we list in Tables 3 - 5
Clause
Title
Comment
6.1.1
No title
6.1.2
No title
Title
Comment
6.2.1
No title
6.2.2
No title
Title
Comment
Planning of changes
Page 7 of 15
Guide to ISO 9001: 2015 the requirements that should not change
How auditors may approach this
Auditors who are not familiar with risk management techniques should not be auditing you. Expect
experienced auditors to look for tangible evidence that you are evaluating the risks and effectively
eliminating them or reducing them to an acceptable level. They will examine your resources and
competencies to do this. A useful tool for this is a risk register. ISO 31000 provides useful guidance
on risk management.
They should be familiar with how to audit your objectives and planning of changes and may spend
more time with your top management on this.
Clause 7 Support
This has the following HLS/Annex SL clauses:
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
There are also sub-sub clauses but with the exception of 7.5 below these are quality specific and so
are listed but not discussed here.
7.5 Documented information this has the following sub-sub clauses that are HLS/Annex SL:
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
In general, this is a development of existing ISO 9001: 2008 requirements for support to your main
operational processes. The human resources (i.e. your colleagues) need to be demonstrably
competent and aware of the requirements that apply to them and the consequences of not following
the rules of the QMS.
Your communication systems need to be robust and include external and internal communications. A
gap in the ISO 9001: 2008 standard has been filled communication with your suppliers and external
providers has to be as robust as communication with your customers
The documented quality system may not have to include your quality manual, documented
procedures or work instructions but there should be something that does a similar job for instruction
and control. This is called documented information. Much of what you already have can still suffice,
although you may want to take this opportunity to examine your documentation to see what can be
retained, what is superfluous and if it is all in the right format and media for your current and future
needs.
Your top management could, as part of their leadership role, engage the workforce in deciding what
they really need in the documentation and the media that is most suitable for them.
Page 8 of 15
Guide to ISO 9001: 2015 the requirements that should not change
The quality related requirements.
There are many additional quality related requirements here under sub-clauses - in particular in
clause 7.1 which has six sub-clauses with significant additional requirements. We have listed these in
Tables 6 but do not discuss them in detail here as we are focusing on the HLS/Annex SL
requirements.
Clause
Title
Comment
7.1.1
General
7.1.2
People
7.1.3
Infrastructure
7.1.4
7.1.5
7.1.6
Organizational knowledge
Clause 8 Operation
The bulk of this clause contains quality specific requirements that are derived from the 2008 standard.
You are recommended to use our gap analysis checklist and PowerPoint presentation to familiarise
yourself with these, or obtain a copy of the standard.
Page 9 of 15
Guide to ISO 9001: 2015 the requirements that should not change
The only HLS/Annex SL requirements are in:
8.1 Operational planning and control
All the rest are quality specific. We list these but do not look at them in detail
This takes the strategic planning you did for clause 6 and focuses down onto the planning of the
specific processes for creating products and providing services. This extends beyond your internal
process chain to include processes that you outsource. A new requirement is for you to have controls
for unplanned changes as well as the changes you plan to make.
The quality related requirements.
There are many quality specific requirements here, much of which you will probably be doing already.
We have listed these in Table 7, but it is beyond the scope of this brief to cover them in detail.
Clause
Title
8.2
8.2.1
Comment
Customer communication
Determination of requirements
related to the products and
services
8.3
8.4
8.5
8.7
8.2.2
8.2.3
If you require comprehensive tools for implementing and auditing all of the changes please visit
www.jemo.co.uk or contact us at contact@jemoltd.com
Page 10 of 15
Guide to ISO 9001: 2015 the requirements that should not change
How auditors may approach this
The auditors will be discipline-oriented and should have a good understanding of how to audit process
based quality management systems. Expect them to look in detail at your planning and link this to the
planning of the overall QMS and risk management that you did for clause 6. They will then probably
devote the bulk of their examination to the quality specific requirements. We have indicated where
these are new and expect them to devote more time to these.
Clause 9 Performance evaluation
This has the following HLS/Annex SL sub-clauses:
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
You will recognise these from the 2008 version and in most cases the requirements are very similar.
The scope of your management review should be expanded and more aligned to reviewing the QMS
performance in the context of the overall business. The finer details include making use of the results
of data analysis and your management review.
If you are operating a successful ISO 9001: 2008 system you should have little problem with this.
The quality related requirements.
There are no quality specific requirements. These are all HLS/Annex SL.
How auditors may approach this
The standard includes considerable detail that was not in the 2008 version and auditors may be
expected to be more explicit in what they look for. Expect them to focus more on requiring your top
management to explain the management review process and results and to have a more hands on
approach to directing and monitoring actions from these. Expect them to also examine closely the
analysis you do of data and especially what you do as a result of this.
Clause 10 Improvement
The HLS/Annex SL requirements are covered under the following sub-clauses:
10.2 Nonconformity and corrective action
10.3 Continual improvement
The key change here from ISO 9001: 2008 is the removal of a separate sub-clause for preventive
action. The work you did in 4.1 where you identified internal and external issues that affect your QMS
achieving its intended outcomes and the risk assessment and management of clause 6 together with
the remainder of the standard are all preventive. If anything they exceed the requirements of the 2008
standard.
Continual improvement is required for the QMS as in ISO 9001: 2008 and the controls for nonconformance are similar.
Page 11 of 15
Guide to ISO 9001: 2015 the requirements that should not change
The quality specific requirements.
The major quality specific requirements are covered under 10.1 General. This focuses on the
processes you have for improving your products, services, processes and the overall performance of
your QMS.
For comprehensive tools for implementing and auditing all of the changes please visit
www.jemo.co.uk or contact us at contact@jemoltd.com
What you should do now
The HLS/Annex SL requirements that we have outlined have less than a 5% chance of being further
changed. The main reason is that these are already in recently issued standards and those being
amended. It therefore follows that you can make a start on the changes at very little risk.
Figure 1 is a suggestion of how you may want to approach this:
What you get in the JEMO Implementation Tools
The JEMO implementation tools have been developed from over 30 years of working with ISO
management system standards. We currently have the following available through our website
www.jemo.co.uk :
An auditors guide to ISO 9001: 2015. Based on the DIS, this is a comprehensive distance
learning course that explains in plain language the requirements and the changes and
guidance on how to audit these. There are over 320 slides with the changes graded in
severity and the Annex SL requirements highlighted. Cost 49.50 + VAT
ISO 9001: 2015 Gap Analysis. Based on the current DIS this comprises over 100 pages and is
published in landscape so that it can be bound as a working checklist. This allows you to
capture conformity and non-conformity and the audit evidence that you found. At the end
of each clause there is comprehensive, plain language explanation of the requirements,
comprehensive guidance on how to audit this and the evidence you would look for. This is
designed to be used by both internal and external auditors and you can indicate the severity
of the gaps (graded as high, medium or low). The Annex SL requirements (that should not
change) are highlighted. This also serves as an executive report in which you can record
action summaries conclusions and who will do what. Cost 49.50 + VAT
Discount for early purchasers. If you purchase both of these before 1 March 2015 we are offering
these at 20% discount for 80 + VAT
Free updates if there are changes. For purchases before 1 March 2015 we are offering a free update
if there are changes in the published standard.
Coming shortly
We will shortly have available:
Page 12 of 15
Guide to ISO 9001: 2015 the requirements that should not change
Page 13 of 15
Guide to ISO 9001: 2015 the requirements that should not change
Page 14 of 15