All the standards in the ISO family of standards are updated regularly, roughly every seven years. This includes popular standards such as ISO 9001, ISO 14001 and OHSAS 18001. When a new version of a standard is published, organizations are given three years to adapt their management system to match the new version. As ISO 9001:2015 was published on 23 September 2015, organizations have until 23 September 2018 to change their quality management systems if they want to continue being ISO 9001 certified.
Although many organizations have already done so, time is running out for those that have not started or completed the process, with less than a year to go before the cutoff date. Organizations in this position may want to look at starting to use MyEasyISO to become compliant to the ISO 9001:2015 version of the standard. MyEasyISO has been changed to incorporate all the changed and new requirements even before the new version was officially published.
Updating your QMS by using MyEasyISO rather than doing it manually will save you an enormous amount of time and money. Organizations going this route generally save up to 84% of the time normally used to implement an ISO 9001 Quality Management system.
The latest version of ISO 9001 has been built around seven general quality management principles:
- Leadership
- Customer focus
- Process approach
- Engagement of people
- Decision making based on evidence
- Improvement
- Relationship management
Differences between ISO 9001:2008 and ISO 9001:2015
Where ISO 9001:2008 only had eight clauses, the new ISO 9001:2015 has ten. The clauses for the two versions of the standard are listed in the table below:
| ISO 9001:2015 | ISO 9001:2008 | |
| 0 – Introduction | 0 – Introduction | |
| 1 – Scope | 1 – Scope | |
| 2 – Normative reference | 2 – Normative reference | |
| 3 – Terms and definitions | 3 – Terms and definitions | |
| 4 – Context of the organization | 4 – Quality management system | |
| 5 – Leadership | 5 – Management responsibility | |
| 6 – Planning | ||
| 7 – Support | 6 – Resource management | |
| 8 – Operation | 7 – Product realization | |
| 9 – Performance evaluation | 8 – Measurement, analysis and improvement | |
| 10 – Improvement |
As can be seen in the table, the first three clauses have stayed the same. In ISO 9001:2015 the next seven clauses have been arranged according to the Plan, Do, Check, Act (PDCA) cycle.
The PLAN element of the cycle is covered in clauses 4, 5, 6 and 7 of ISO 9001:2015, DO is specified in clause 8, CHECK in clause 9 and ACT in clause 10.
The new ISO 9001:2015 uses this new structure to focus on continuous improvement of all processes within an organization.
High level structure (HLS)
Another benefit of arranging the clauses in the way they are now, is that the ten clauses in ISO 9001:2015 now follow the same definite structure that is used by all the other standard management systems. This is known as the ‘High Level Structure’ (HLS) of the standards.
A huge advantage of having the central elements of standards such as ISO 9001, ISO 14001, OHSAS 18001, ISO 27000, etc. the same, is that it now becomes much easier to integrate the various management systems. If an organization wants to for example add ISO 14001 and already have ISO 9001 in place, the same topics can be identified easily in the standards. When using a software system such as MyEasyISO, this is even a bigger advantage as those elements that are the same need not be duplicated, but fit into the overall structure seamlessly.
Risk-based thinking
ISO 9001:2015 encourages an organization to apply risk-based thinking and to use risk analysis to decide which challenges are present when managing business processes.
Although many organizations already use HACCP or FMEA techniques for formal risk analysis, and ISO standards such as ISO 28001 has focused strongly on risk analysis for a while, risk-based thinking now needs to be applied by everyone that uses the ISO family of standards. MyEasyISO’s risk analysis tools are built into the relevant modules of the system and are easy and simple to use.
The ‘preventive measures’ that are described in ISO 9001:2008 are no longer in ISO 9001:2015, but the principles of prevention has been incorporated in Corrective Actions.
Inputs and outputs
In ISO 9001:2015, there is a new emphasis on measuring the inputs and outputs of processes, and then assessing these properly. The standard specifies that all information, articles and specifications involved in production processes must be closely monitored. Anything coming out of production processes must also be monitored to ensure that they meet the original requirements.
Interested parties
In ISO 9001:2008, the only interested party mentioned was customers. In ISO 9001:2015, the concept of interested parties has been broadened to also include personnel, suppliers, legislative bodies, shareholders, internal customers and society.
Any organization should that these interested parties’ standards and requirements are changing all the time, and these changes should be catered for in the features of services and products.
Although the new version of the standard spells out who interested parties are in detail, the basis of any quality management system has however always been that good products and services can only be delivered when the expectations and requirements of customers and interested parties are known. It is therefore unlikely that organizations will have to make major changes for this new aspect of the standard.
Context of the organization
The ISO 9001:2015 version of the standard requires that organizations design their quality management systems with the specific context in which they are active in mind. This means not only that organizations have to take the needs and expectations of interested parties into account, but also that they need to evaluate and deal with external and internal strategic questions. An organization has to demonstrate that they understand and respond to these expectations.
Leadership
Leadership and management commitment features strongly in ISO 9001:2015. Business leaders and top managers have to be directly involved in controlling the QMS and making sure that it delivers the benefits for which is was designed and implemented.
This emphasis has been included to encourage top management to make sure that the quality management system is fully integrated and harmonized with business processes and strategies, rather than it being an ‘add-on’ that is run separately.
The needs of the top management are better served by the quality management system than ever with the changes in ISO 9001:2015 relating to interested parties, risk management and the context of the organization.
The QMS can now be used effectively by an organization to become strategically successful by managing opportunities and threats, and by addressing the requirements of interested parties.
The ‘management representative’ that was featured in ISO 9001:2008 has been removed in ISO 9001:2015. The change was done to foster the concepts that quality is not the responsibility of a single person, but should be important to everyone and for all levels within the organization.
Documented information
It is important to note that ISO 9001:2015 no longer refers to mandatory documented procedures, or even a quality manual. The new version instead refers to ‘documented information’.
‘Documented information’ is defined as all information has to be controlled and maintained by the organization. The information can come from various media and sources and may be in any format. This makes diverse forms of documentation and evidence possible.
The word ‘records’ is also no longer used, but has been replaced by ‘retaining documented information’.
ISO 9001 quality management systems (QMS) are implemented using MyEasyISO software in Oaxaca de Juárez (Oaxaca), while ISO 14001 & OHSAS 18001 Health Safety Management Systems (HSE) are implemented with MyEasyISO in Galway (Ireland).
