Featured Product
This Week in Quality Digest Live
Standards Features
Mark Hembree
Rumors about ball performance meet quality assurance
Grant Ramaley
FDA seeks to align Part 820 with ISO 13485:2016; why that may not be enough.
MSMEs are encouraged to uphold the highest standards
Steven Brown
21st-century standard candles at NIST

More Features

Standards News
US Dept. of Commerce issues seven grand challenges
Requesting quotes for ‘Baldrige Reimagined’
Standards-based audit checklist and best practices provide support for growing technology in aerospace
Accelerating the adoption of digital twins in building industries
Tactics aim to improve job quality and retain a high-performing workforce
Demonstrating a commitment to keeping people safe and organizations running
Making the new material freely available to testing laboratories and manufacturers worldwide
Run compliance checks against products in seconds
Aug. 25, 2022, at 3:00 p.m. Eastern

More News

Rick Calabrese


Countdown to ISO 9001:2015

Changes are coming. Are you prepared?

Published: Wednesday, December 3, 2014 - 10:53

The ISO 9001 standard is currently under revision. The decision to do so wasn’t driven by one dramatic event happening in the marketplace, but rather by due diligence of the International Organization for Standardization (ISO) committees and working groups that perform systematic reviews of standards. From a review completed in 2012 plus activities including open workshops with users of the standard, a web-based survey of users and potential users, and studying trends in quality management, it was determined that the standard needed to be updated.

Historical significance

The organization today known as ISO began in 1926 as the International Federation of the National Standardizing Associations (ISA). It was suspended in 1942 during World War II. After the war, as the United States figured out how to best rebuild infrastructure, other countries were doing the same. ISA was approached by the recently formed United Nations Standards Coordinating Committee (UNSCC) with a proposal to form a new global standards body. So the key stakeholders from ISA and UNSCC representing 25 countries gathered together in October 1946 in London and agreed to join forces to create the new International Organization for Standardization; the new organization officially began operations in February 1947. Since then ISO has overseen the development of more than 19,500 international standards. Based on ISO’s neutrality, it was and still is headquartered in Switzerland.

ISO 9001, the first quality management standard, was originally published in 1987. It was based on the BS 5750 series of standards from British Standards Institution that were proposed to ISO in 1979. However, its history can be traced back some 20 years before that, to the publication of the United States Department of Defense MIL-Q-9858 standard in 1959. MIL-Q-9858 was revised into the NATO AQAP series of standards in 1969, which in turn were revised into the BS 5179 series of guidance standards published in 1974, and finally revised into the BS 5750 series of requirements standards in 1979 before being submitted to ISO.

When to expect it?

Revising the ISO 9001 standard is not an easy task. In fact, six steps are required before it gets a final vote by the committee. Right now, it’s in the fifth stage, which is considered the Final Draft International Stage. A subcommittee gathers all comments received and folds them into the existing document. Once this stage is complete, the final draft will be put to vote to the ISO members during the second quarter of 2015. The final version of ISO 9001:2015 should be available around the end of 2015.

Companies that are certified to ISO 9001:2008 will be given three years to transfer their quality management systems (QMS) to the new version in order to comply with the new standard; otherwise, they risk their registration being denied.

The impact to companies: risk and opportunities

Although the latest draft is under development, it is strongly focused on three main categories comprised of the process approach, the plan-do-check-act methodology, and the newly introduced concept of risk-based thinking, developed to prevent undesirable outcomes.

The risk-based approach to a QMS suggests that the management system should support the company’s business strategy. This is a new concept to the ISO standard. Fortunately for pharmaceutical and medical device companies, many have already adapted this process to their business plans.

Double-edge sword

In past years, ISO listed fourteen requirements for companies to follow, and then that number went down to six. The new standard no longer prescribes how to configure a quality management system, but rather gives companies the freedom to determine what works best for them. However, this is a double-edged sword. Even though the choice of how to manage the quality management system is now up to the company, there will be tighter controls on individual processes, such as corrective and preventive actions and complaints, because companies will need to prove what they have done to an auditor.

Another interesting addition is the reference to “Services.” Services have always been lumped into the product category, but this version will separate the two and reference services as its own entity.

Annex SL

Annex SL is ISO’s concept for a consistent structure across all its standards and features 10 clauses as well as definitions applicable to all ISO management system standards, of which ISO 9001 is only one. Others include ISO 14001 for environmental management systems and ISO/TS 16949 for quality management systems in the automotive industry. Companies will need to understand the definitions in order to meet the system requirements. Annex SL already shows up in some of the other ISO standards, including ISO 27001—“Information security management,” and ISO 22301—“Societal security—Business continuity management systems.”

Impact on the QMS

To prepare for the new ISO 9001:2015, companies will need to evaluate their own QMS to determine their maturity and complexity. This includes other standards to which they might be certified. Once the evaluation is complete, companies can determine the degree of change needed to adopt the new approach, with an emphasis on managing the activities that are high risk.

One immediate action would be to identify those individuals responsible for managing the QMS and together create a transition plan to familiarize the other quality team members with the expected changes to the standard, securing leadership support.

For more information, join Sparta Systems for a free webinar, “The Impact ISO 9001 Revisions Will Have on Your Business and Quality Management System,” December 9, 2014, at 2 p.m. Central. Register here.


About The Author

Rick Calabrese’s picture

Rick Calabrese

Rick Calabrese is the global corporate director of quality systems at Sartorius Group North America Corp. He’s been involved with quality in the pharmaceutical industry for more than 30 years. He has more 12 years’ experience performing internal and external audits. Calabrese is past chairman of ASQ’s Long Island section and the current co-chair for RX-360, a supplier-led initiative committee. Calabrese holds a bachelor’s degree in geology and a master’s degree in industrial management, both from SUNY Stony Brook in New York.


A Standard Without A Standard!

If one would search for a definition of “standard”, several definitions would be encountered. Although they may not be using exactly the same words, the basic idea covered under various definitions would point to a consensus about the concept of “standard”.

The definition given under the heading of “What is a standard?” on the web page of International Organization for Standardization (ISO) summarizes this consensus very well: “A standard is a document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose.”

The keyword that distinguishes a “standard” from other types of regulatory documents is “consistency”. The great-grand father of quality management standards, the venerable MIL-Q-9858 reflects this principle idea of consistency in an exemplary manner. Starting from its initial issue in 1959 to its withdrawal in 1996, it has gone through only one single revision. The robustness, expected from a standard, is demonstrated by the minimal effect of that single revision on the users of the document.

However, the ISO 9000, and even its off-spring ISO 9001, has been defying the most basic principle of a standard, as if denying its lineage to MIL-Q-9858. The revisions ISO 9000 went through in its short life to date have been more than annoying for the businesses that have tried to adopt it. Even ISO admits on its own web site that the ISO 9000 series of documents had a “muddled” character. This is revealed by the succession of revisions that play around with words without any effective contribution to the functions of a business. Unfortunately, the extent to which the change in terminology is to be reflected in the quality management documents of the business is left to the whims of the independent auditor.

Those who work in the committees to review the ISO 9000 series, and those that request the revisions and changes, may have had fun in their sand-box, but the businesses who had to re-write their internal documents to comply with the latest wording of the revised “so called standards” were very much aware of the cost, both in time and money, they were incurring because of trivia.

As if the grievance caused was not enough, the upcoming revision to ISO 9001 is changing the complete paragraph structure. A gross violation that renders “characteristics that can be used consistently” obsolete; a sin! While the committee members may emerge from their playground with smiling faces, the businesses will have to trash all of their current quality management documents and re-write them to align with the new paragraphs.

Once more; ISO 9000 and its off-spring ISO 9001 will carve fame for themselves as being “a standard without a standard”.

P.S.: If management has not already taken responsibility for managing the business, they will be already out-of-business.

Double-Edged Sword?

Thanks for the article, I like the history lesson.

About the double-edged sword, though, I disagree. I don't believe there is any downside to making management responsible for determining how to manage quality systemically in thier organizations. It's always been up to management to manage quality in their organizations and it was a mistake to think ISO 9001 demanded otherwise. ISO 9001 never assumed the responsibility for configuring QMSs. ISO 9001 requires a QMS to be established, but it never represented a configuration to accomplish it. The downside of ISO 9001 is that it was commonly treated as a management system design specificiation.

So I don't see any double edges being presented by the 2015 standard. It's making more clear what was apparently not clear enough since the original release of the standard: management is responsible for defining thier management systems, ISO 9001 is not. (This is all part of the process approach push.) Management system definition should be process-centric, not ISO centric. 

The standard never did prescribe how to configure a QMS. ISO-centric (clause-by-clause) QMSs never met the intent of ISO 9001 in any of its revisions. The standard has always given companies the freedom to do what's best for them (assuming conformity can be demonstrated). The idea that the standard ever did prescribe HOW managment should configure or run its operations to assure quality is incorrect. Tighter controls aren't necessarily required of 2015, but sensible controls are (those exhuding effective risk-based thinking and a process approach). 

As it becomes more clear to organizations that the standard encourages them to "do their own thing" to assure quality instead of "doing the ISO 9001 thing" to assure quality--as has always been the case--management will stop viewing ISO 9001 as being a problem. At that point, they'll begin to take responsibility for their own management systems and those with troubled systems will stop blaming ISO for it.