QMS Requirements Warren provides an introduction to the new ISO 9001:2015 Quality Management System Requirements standard including new terminology found in ISO 9000:2015 Quality Management System Fundamentals and Vocabulary.
Introduction to ISO 9001:2015
ISO 9001:2015 Quality Management System (QMS)
requirements were revised and companies certified to the ISO 9001
standard will have three years to pass a certification audit with their ISO Registrar
under the 2015 standard. This will explain some of
the changes and introduce new terminology used in the standard.
The ISO 9001:2008 standard used the term
"product" to explain the output of a company or process. The 2015 standard
uses products and services. Services is the fastest growing segment for ISO 9001
certification. The term "stakeholder" has been replaced with interested party.
Exclusions taken under the 9001:2008 standard have been removed and can no longer be taken.
Another change is the elimination of the "management representative". The rationale
behind this is leadership will take more of an active role in the management of
the QMS. Another change is from "documents and
records" to documented information. "Preventive action" in the 2008 standard
has been replaced with risk-based thinking and improvement. There is no
longer a preventive action clause in the new ISO 9001:2015 standard.
Monitoring and measuring equipment has
been renamed monitoring and measuring resources. This change broadens the scope of
monitoring and measuring beyond calibration to other areas of the
business where measures and metrics should be monitored, reported, and
appropriate actions taken. Purchased product is now called externally
provided products and services along with this change, the terms "supplier,
producer, distributor, vendor, and contractor" are replaced with Provider. This can be an internal or an external
provider of products or services.
The ISO 9001:2015 standard is based upon
the seven quality management principles as defined in the ISO 9000:2015 vocabulary and definitions standard. These seven quality management
principles are customer focus, leadership, engagement of people, the process approach, improvement,
evidence-based decisions, and relationship management. First, customer focus is
defined as meeting customer requirements while striving to exceed customer
expectations. The idea is to attract and retain the
confidence of customers and other relevant interested parties interact
with a customer which will provide more opportunities to create value and
understand the current and the future needs of the customer or other relevant
interested parties who contribute to the sustainment of the organization.
There are some changes in the leadership
section of the new ISO standard. Leadership is expected at all levels of
an organization. Leadership establishes the unity of purpose and direction, creates the conditions in which people are engaged in achieving
quality objectives enabling the alignment of strategies,
policies, processes, and resources. This also improves communication and
increases effectiveness and efficiency in the organization.
The standard differentiates between
leadership and top management several of the clauses identify roles,
responsibilities, authorities, and accountabilities for top
management. Top management is defined as the person or group who directs and
controls the organization at the highest possible level. They have the ability to delegate their
authority and also provide resources and are ultimately accountable for the
successful implementation of the Quality Management System and its continuing
The next quality management principle is
engagement of people. Competent, empowered, and engaged people at
all levels of the organization are essential to enhance the organization's
capabilities while creating and consistently delivering value to the
customer and other interested parties. Leadership is required to determine and
ensure necessary competence for those who are performing the work. Leadership
should recognize and acknowledge people's contributions, learning and
improvement, and should promote personal development to facilitate
engagement of people.
The process approach was used in the
2008 standard and remains a viable way to define, measure, and improve the
overall QMS effectiveness. The process approach not only allows a
singular view of each individual process, but it also allows a system level view
of the linkages, interfaces, and process interactions. Processes that are defined, measured, and
improved should produce consistent and predictable results. This improves effectiveness and
efficiency of the entire Quality Management System and enables
optimization and focused improvement efforts.
Improvement is another quality
management principal improvement is essential for an organization just to
maintain the current level of performance. Organizations that do not
strive to improve will certainly regress in their endeavors. Improvement helps
address internal and external risks and
opportunities, enhances customer satisfaction, and allows the correction
and prevention of undesired effects. Improvement helps the performance and
overall efficiency of the QMS. Evidence-based decisions allow
leadership and top management to make decisions that are more likely to
produce desired results and reduce the undesired outcomes. There is much greater objectivity and
confidence in evidence-based decision-making and it increases the understanding of
important cause-and-effect relationships within the Quality Management System and
increases the ability to demonstrate the effectiveness of past decisions.
Relationship management is a new
principal in the ISO 9001:2015 standard. Relationships with interested parties
influence the performance of an organization and relationships with
providers and partners will certainly produce risk as well as opportunities. These risks and opportunities feed
into the organizational risk-based thinking. A well-managed supply chain provides
consistency and stability of the organization. A new term in the ISO 2015
standard is interested parties An interested party can include
providers, partners, customers, owners, employees, retailers, producers, consumers, end users,
investors, regulators, competitors, beneficiaries, opposition groups,
professional organizations, accreditation organizations, community members, and
society as a whole.
One of the terms and definitions new to
the ISO 9001 standard is documented information which is defined as
"information including the medium on which it is contained". It is required to
be controlled by the organization there are two types of documented
information in the new iso standard. The first is the term documents, referred to in the new ISO
standard as being maintained. These include policies, procedures,
processes, and methods commonly under revision control. Records are identified
when the standard refers to documented information being retained. Records are
evidence of activities and are usually not under revision control.
Documented information that is maintained is referred to as documents. Documented information that is retained refers to records in the new ISO standard.
Interested party is defined as a person or organization they can affect
be affected by or perceive itself to be affected by a decision or activity. Relationship management includes
suppliers, distributors, customers, employees, and other interested parties. Risk-based thinking is the planned and
demonstrated actions of risk management principles to prevent undesired outcomes
and outputs. There are negative
risks, which are threats to the organization and there are positive risks, thought of as opportunities for the organization. Both negative and positive risks should be mitigated.
I hope this information has been helpful
in understanding some of the changes and new terminology of the ISO
Warren Alford Tampa, FloridaCybersecurity and Quality Management