ISO 9001 | ISO 14001 | OHSAS 18001

Consulting | Training | Audit Services

We help organizations of all kinds meet your quality, environmental, and health/safety management system challenges with expert guidance, effective education, and field-tested products. Whether you're certified or not -- interested in ISO 9001, ISO 14001, or OHSAS 18001 -- help is here.

"Why ISO?" the employees asked.

Recently, as I started an ISO 9001:2015 implementation in Michigan, the employees asked management to explain just why they wanted to do this. The firm had operated successfully for decades without much in the way of quality management practices, so there was, to say the least, skepticism. This happens in many projects, of course. But this time, top management asked me to draft a response. I did so, and the team liked it so well, they published the text below on large posters and placed them around the facility. –Rob Kantner

The main reason to implement an ISO 9001 system is to expand and grow the business.

The way to expand and grow the business is to increase sales to existing customers (by maintaining and improving customer satisfaction), take business away from current and potential competitors, and (much more important) acquire new customers.

One way to acquire new customers is to expand into markets where the company is not active now.

A big part of selling a new market segment - a group of customers who do not already know you - is making a convincing case for quality and reliability of product and service.

To make that convincing case, you must prove that you have, in place, tested, proven, disciplined, and widely used quality management practices. The generic term is "quality management system."

A potential new customer with any level of seriousness and sophistication will visit the facility and will expect to see these widely used quality management practices in place. To name just a few:

  • Identification of critical product characteristics and specifications and verification on an ongoing basis, with evidence, that those specifications are met.
  • Process discipline, consistency, and accountability at all levels.
  • Calibration / verification of measurement equipment.
  • Control of process instructions and documentation, including drawings.
  • Rigorous control over outsource providers, including consistent enforcement of strict performance standards.
  • Key performance indicators tracking costs of poor quality along with remedial actions for correction and improvement.
  • Internal audit process to monitor compliance with quality management system requirements.

These, plus other practices, are encompassed in a worldwide-recognized quality management system standard called ISO 9001. None of it is new, novel, or rocket science. None of it is even "world class." It's basic and fundamental. And all of it is practiced to varying degrees by the more successful manufacturers.

Certification to ISO 9001 is objective evidence that the tested, proven, disciplined, and widely used quality management practices are in place and well implemented.

A well implemented quality management system will increase efficiencies and cut costs, thereby keeping the company profitable and price-competitive.

A well implemented quality management system will help the company fend off and prevail over current and potential competitors, thereby preserving jobs and ensuring growth.

2015-curtain.original (195K) ISO 9001 Transition:
Tips and Tricks
from the Expert

Editor's note: This is the first in a series of articles by ISO 9001 expert Rob Kantner describing the changes brought by the new ISO 9001:2015 standard - with tips and tricks on how to transition your system effectively. Come back each week for another edition. Or, to receive each installment automatically, subscribe to our email newsletter.

Part 1: Introduction

The fifth edition of the ISO 9001 quality management standard was published in September, 2015. Firms registered to ISO 9001:2008 have three years from that date to transition their system to comply with the new requirements.

As updates go, 9K15 (as we'll call it) is easier than ISO 9001:2000, much easier than ISO 900X:1994, but much tougher than 9K08.

Over the next few weeks I will:

  • Analyze the changes, section by section
  • Highlight changes that are meaningful (i.e. will require you to add to, or substantially change, your existing processes)
  • Offer compliance options

I will present this information in as practical a manner as I can. By that I mean: I will resist the temptation to theorize and pontificate. (For that, go to the nearest LinkedIn ISO 9001 board.) If you're like the hundreds of clients I've worked with over the past 20 years, you have neither time nor energy to debate theory. You want to know what's involved and how to get the job done. That will be our emphasis.

But for the record, let me say that, having worked with the new Standard for quite some time now (we have several new ISO 9001 clients implementing 9K15), I believe it to be for the most part a big improvement over its predecessors. Is it perfect? Heck no. There are the usual obvious compromises and maddening vaguenesses and head-scratching what-the-hells that we've dealt with ever since 9001/9002 first came along in 1987.

Now for the ritual disclaimers:

  • None of this has been externally audited yet.
  • The guidance I'm providing is subject to change at any time based on experience. Certainly no two ISO systems are the same or even very similar, and your mileage may vary.

It is my earnest hope that the brief articles we publish here will help you change over your system and maybe (just maybe) cause it to add more value to your firm.

High level structure

The most obvious change appears when you open 9K15 and find that its structure is almost completely different from 9K08.

That's because ISO has adopted a "high level structure" for its quality, environmental, and (soon to be introduced) health/safety standards. All of these standards have common requirements, and many firms (including many of our clients) operate not just 9001 but also ISO 14001 and OHSAS 18001 (soon to be ISO 45001) systems. The high level structure makes it much easier to plan and operate these integrated systems–once you get used to it.

Here is a topic layout of the high level structure.

  • 0. Introduction
  • 1. Scope
  • 2. Normative references
  • 3. Terms and definitions
  • 4. Context of the organization
  • 4.1 Understanding the organization and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.3 Determining the scope of the [Quality or Environmental or Health/Safety] management system
  • 4.4 [Quality or Environmental or Health/Safety] management system
  • 5. Leadership
  • 5.1 Leadership and commitment
  • 5.2 Policy
  • 5.3 Organizational roles, responsibilities and authorities
  • 6. Planning
  • 6.1 Actions to address risks and opportunities
  • 6.2 [Quality or Environmental or Health/Safety] objectives and planning to achieve them
  • 7. Support
  • 7.1 Resources
  • 7.2 Competence
  • 7.3 Awareness
  • 7.4 Communication
  • 7.5 Documented information
  • 8. Operation
  • 8.1 Operational planning and control
  • 9. Performance evaluation
  • 9.1 Monitoring, measurement, analysis and evaluation
  • 9.2 Internal audit
  • 9.3 Management review
  • 10. Improvement
  • 10.1 Nonconformity and corrective action
  • 10.2 Continual improvement
General changes

Compared to 9K08, 9K15 is about 1200 words longer. It has 9 more clauses. And, as stated above, it follows the High Level Structure.

What were called "products" in 9K08 are now "products and services." The term "leadership" now occurs in a number of places, but "top management" does, too. 9K08 mentioned "change" 13 times; 9K15 calls it out 27 times, which is an important difference.

9K08 had six requirements for documented procedures. 9K15 has none. Since the initial edition, ISO 9001 has steadily reduced the requirements for documented procedures / instructions. This affords much more flexibility in setting up and operating your system. But it does not mean that one should avoid instructional documentation. (See guidelines on this below.)

What's more, 9K15 now uses "documented information" for what used to be "procedures" or "records." Depending on the context, this in fact means either instructions of some kind (up to you), or records.

9K15 calls for us to "determine" something in 41 places, whereas 9K08 called for that in less than half of those cases.

And, finally, "management representative," "quality manual," and "preventive action" have vanished.

What about documentation?

As mentioned above, 9K15 makes no specific requirements for documented procedures, work instructions, etc. Instead, it says:

  • 4.4.2 To the extent necessary, the organization shall: a) maintain documented information to support the operation of its processes.
  • 7.5.1b [The organization's QMS shall include] documented information determined by the organization as being necessary for the effectiveness of the quality management system.

"Documented information" is, as stated, 9K15's generic term for a) instructional documents and b) records.

So written procedures, instructions, process maps, whatever–these have not gone away. You now have the authority to decide "the extent necessary."

Another challenge in the area of documentation is 9K15's promiscuous use of the term "determine." It requires us to "determine" things in something like 41 places. But what does "determine" mean? ISO 9001, the "Fundamentals and Vocabulary" document and, to all intents and purposes, official, uses the word rampantly but never defines it. Turning to Merriam-Webster, we find this definition: "to officially decide (something) especially because of evidence or facts : to establish (something) exactly or with authority."

Nothing about writing it down.

So how do you decide "the extent necessary" for instructional documents? And how does "determining" something factor into this?

The principles we have followed for many years continue to pertain. These are:

  • 1) If employees have a common understanding of a fact, and this can be verified via audit, to me that is evidence that the fact has been "determined" and therefore meets the requirement. Otherwise, generally speaking, the determination should be written down.
  • 2) Processes that have been implemented for a long time and are consistently followed by all concerned (verified by audit), do not as a rule need instructional documents to support them.

Exceptions include:

  • Where absence of instruction could adversely affect quality (the old "special process" rule);
  • Where training and competence cannot be effectively done without a written instruction;
  • Where a longstanding process has undergone significant change;
  • Processes that are new to you – and there are several in 9K15 – require instructional documents for orientation, training, and auditing purposes.

And an "instruction" can take any one of many forms. Forms and checklists, for example. Pictorials. Process maps and flow charts. Old style narrative procedures/instructions have their place, but can also present problems in workplaces where fluency and literacy make communication difficult. Be creative. Do what works for you. Use your own language, your own terminology. No external auditor has the authority to overrule these types of documentation decisions.

Bottom line: Based on the principles above, we recommend erring on the side of documenting things like processes and "determinations" when setting up, implementing, and/or changing the system. The ISO 9001 QMS continues to be a living system, however, and there is nothing wrong (and very much right) with periodically examining the system and yanking documentation that no longer adds value.

What's ahead

Over the next few weeks, we'll present information on transitioning to 9K15. We'll start with the clauses that are either new and/or require significant work:

  • 4.1 Understanding the organization and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.4 Quality management system and its processes
  • 6.1 Actions to address risks and opportunities
  • 4.3 Determining the scope of the quality management system
  • 5.2 Establishing (and communicating) the quality policy
  • 6.2 Quality objectives and planning to achieve them
  • 6.3 Planning of changes (and 8.5.6 Control of changes)
  • 7.3 Awareness
  • 7.4 Communication
  • 8.4 Control of externally provided processes, products, and services

Then we'll go through the rest of the requirements in 9K08 order to sift out and resolve the smaller changes you'll need to address.

May 18, 2016

To receive each installment automatically, subscribe to our email newsletter.