Quality management is evolving

ISO 9001:2015 Update

Time and tide wait for no man and so it seems neither do the good folk at ISO's Technical Committee (TC 176/SC 2). They are responsible for the content of the current revision of ISO 9001 and have spent 3 years planning its next iteration.

Risk based thinking and the effects of uncertainty

ISO 9001:2015 will define risk as the 'effect of uncertainty'. Therefore, all risks relating to quality, safety, commercial or the environment, etc. will be dealt with under a single 'multidisciplinary' aspect of the management system.

The risk management aspect of ISO 9001:2015 should be part of this analysis and any new process definitions would require the assignment of process owners to manage this aspect, typically senior managers or by engaging more of your organisation's leaders as new process owners.

To support the inevitable transition that your organisation will have to make, you should learn about the key changes, understand the key concepts, plan how to implement the new requirements and stay informed with developments. Further changes to the standard are likely during the period of revision, you should not make changes to your management system at this stage.

Risk-based thinking

How does ISO 9001:2015 intend to address the subject of risk and risk-based thinking? Risk-based thinking is something we do automatically in our lives; often sub-consciously, but the concept of risk was always implied by ISO 9001:2008. The new risk-based requirements will help to prioritise this topic as the new requirements will become part the standard quality management system framework.

Most organisations intuitively take a risk-based approach to identifying, analysing and prioritising perceived risks and opportunities as this process forms a key part of the preventive action routine. Presently, there are six clauses in ISO 9001:2015 which require an organisation to consider risk:

Clause 4 - determine the risks which can affect its ability to meet these objectives
Clause 5 - top management are required to commit to ensuring Clause 4 is followed
Clause 6 - take action to address risks and opportunities
Clause 8 - implement processes which identify and address risk in its operations
Clause 9 - monitor, measure, analyse and evaluate the risks and opportunities
Clause 10 - improve by responding to changes in risk

Compliance with ISO 9001:2015 will require objective evidence that these clauses have been fulfilled. The adoption of risk-based thinking will, over time, improve customer confidence and satisfaction by assuring the consistency of the quality of goods and services brought on by establishing a proactive culture of prevention and improvement.

Ongoing review is essential to ensure that risk management processes remain relevant and effective. The factors that affect the likelihood and consequences of an event may change, as may the factors that affect the suitability of treatment options. Process monitoring should provide information about the effectiveness of the risk management process.

More on ISO 9001:2015

ISO 9001:2015
Making the transition