Coming Changes to ISO-9001

posted in: Processes 0

The 2015 revision to ISO-9001 will be published in the fall and will bring more changes than the 2008 revision. Some of the changes are mostly a matter of emphasis; some, like risk management, will require adjustments to quality management systems (QMS). If you are currently ISO certified, ask your registrar when you will need to comply with ISO-9001:2015.

The new version has more emphasis on the context of the business and the QMS. The standards include a focus on stakeholders and their expectations, and on how ISO fits with other management systems such as environmental, safety, and financial systems. There is also more recognition that companies are different and need different kinds of quality management systems.

Responsibility for quality belongs firmly with top management (which should be defined) and there is no longer a Management Representative.

One of the more noticeable changes is that documents and records are collected into one category: documented information. So there will be no more trying to explain the difference between types of paper to people. Documented information can be a paper document or record, just as now, but it can also be a spreadsheet, a pattern, or a wikipage. It should be defined and of substance, and controlled. There is no need to change if your current system works, but the standard now allows flexibility to develop better systems if it doesn’t.

There is no requirement for a formal quality manual, as long as the required information is somewhere. This allows for new forms, such as an online QMS.

The section addressing risk management is new and will need to be addressed. Risk management should include identification of risks and their severity, appropriate action to address risks, and evaluation of the effectiveness of the actions taken. Review risks periodically (at least annually).

There are some adjustments to corrective and preventive action. Risk management replaces preventive actions, doing away with another set of definition arguments. The standard now recognizes that not all corrective actions require root cause analysis; some can be addressed with a change of SOPs to prevent reoccurrence (as long as it is documented).

Once the standard is published, accommodating most of these changes will be a matter of working through them in the annual internal audit cycle. Some, like removing references to a Management Rep and defining¬† top management, will be simple; others, like starting a risk management system if you don’t have one, will be more challenging. If you need help making the transition or to become certified (in Montana), contact the Montana Manufacturing Extension Center.


Thanks to Todd Daniels at MMEC for a great class!