The long-awaited new version of ISO 9001 is finally released, and many people are wondering about the next steps, and how to become compliant with the new version.
ISO 9001:2015 is bringing some significant changes in concept and approach, but nothing we can’t handle. For an overview of changes, see this infographic: New ISO 9001 2015 revision – What has changed?
The ISO organization stated that the transition period will take three years, so organizations may get their ISO 9001:2008 certificates or have surveillance audits according to the old version until September 23, 2018. Although this is a very decent timeframe, many organizations will try to catch up with the changes much sooner to demonstrate that they are keeping up with the world and gain a competitive advantage. For more information, see: ISO 9001:2015 – The benefits of early implementation.
If you got certified before September 23, 2015, you will have your surveillance audits according to the 2008 revision, but your recertification audit will be conducted according to the 2015 revision.
If you get your certificate according to the 2008 revision after September 23, 2015, you will have three years to transition to the new version.
These are the steps that I would suggest, and their order, for the successful transition to the 2015 version of the standard:
1) Define context of the organization. This is a new requirement and requires special attention, because it provides the basis for your new QMS (Quality Management System). For more information, see: How to identify the context of the organization in ISO 9001:2015.
2) List all interested parties. Although it belongs to the same clause as Context of the organization, it is something new and should be considered carefully. Having all interested parties and their expectations identified will help the organization to adjust its strategic direction.
3) Review the scope of the QMS. The transition is a good time to consider the existing scope of your QMS, since the credibility of your Quality Management System depends on it.
4) Demonstrate leadership. The requirements are almost the same as those for management commitment in the previous version, and the new version puts even greater emphasis on the leadership. Demonstrate leadership through taking accountability for the QMS, providing resources, and establishing a Quality Policy and quality objectives. For more information, see: How to comply with new leadership requirements in ISO 9001:2015.
5) Align QMS objectives with the company’s strategy. Your QMS must be compatible with strategic direction of the company, quality objectives must aim in the same direction as other activities in the company. The plans for achieving the objectives must be created, and that is the requirement of the new version.
6) Assess risks and opportunities. According to the new version, the risks and opportunities must be addressed. They focus on the ability of organization to achieve intended results, but also on other parts of the system such as context of the organization and compliance obligations. After the assessment of risks and opportunities, there should also be some plans for addressing them. For more information, see: Methodology for ISO 9001 Risk Analysis.
7) Control documented information. This new term refers to both procedures and records. Besides aligning your old procedures to the new clause numbers, the transition process should be used for improving your existing documentation. The requirements for preventive actions do not exist anymore (preventive actions basically became a part of the risk assessment process), so you can decide whether to delete that procedure or not. For more information, see: New approach to document and record control in ISO 9001:2015.
8) Operational control. The new version requires better control of the processes, including operating criteria and implementing controls of processes according to the criteria.
9) Review the design and development process. Design and development need to be defined in more detail. You need to define responsibilities, controls, inputs, and outputs, and also how you will handle the changes in the design and development process, meaning who will review the results of the changes, who is authorized to make the changes, and what actions will be taken to prevent adverse impacts.
10) Control of external providers. Purchasing in the current version is now called Control of externally provided processes, products and services. You need to ensure that externally provided processes, services, and products are compliant with your requirements. This means that you will need to determine controls, their type and extent, and information to be provided to the supplier. Basically, you need to undertake all activities necessary to ensure that your provider will deliver what you expect from him.
11) Performance evaluation. This means that you need to determine what needs to be monitored, how, and how often. The purpose is to evaluate the performance and effectiveness of your Quality Management System. If you are familiar with key performance indicators, this change will be easy on you.
12) Measurement and reporting. The new version of the standard strongly emphasizes the importance of measurement and reporting, especially regarding the above-mentioned performance evaluation, but also the internal audit and the management review need to be aligned with the new version of the standard. Although the techniques for conducting them remain the same, there are changes in the input elements of the management review and requirements to be audited during the internal audit. For more information, see: Analysis of measuring and monitoring requirements in ISO 9001:2015.