Using a Conformity Matrix to Align Processes to ISO 9001:2015

No need to rewrite procedures; simply demonstrate how they meet the standard’s provisions

Published: Monday, November 21, 2016 - 11:27

Sept. 22, 2018, is the deadline for registration to ISO 9001:2015, and this seems to allow organizations plenty of time to make the transition to the new standard. The good news is that, despite the radical changes to the standard’s structure, the underlying requirements are not particularly different. This means that no extensive overhaul of existing documents and processes is necessary. The bad news is that the transition must be performed well before the deadline, and ISO 9001:2015 is therefore closer than we think.

ISO 9001:2008 requires internal audits and management reviews of the quality management system, and it therefore comes as no surprise that ISO 9001:2015 also requires them. The catch is that, to qualify for registration to ISO 9001:2015, the internal audit and management review must meet the requirements of the new rather than the old standard.

It is therefore better to begin early, and discover and eliminate any gaps between the QMS and the standard’s new requirements, than to begin late and not complete the required internal audit and management review in time for a third-party audit in 2018. On the other hand, the organization does not need an entirely new set of procedures and processes. It needs to ensure only that the ones it has employ the new standard’s requirements.

Use a conformity matrix to align processes to ISO 9001:2015

If your QMS meets the requirements of ISO 9001:2008, it already meets most of the requirements of ISO 9001:2015. This means there is no need to rewrite procedures and work instructions for the sole purpose of restructuring. All that is necessary is to demonstrate how they meet the provisions of the new standard.

While ISO 9001:2015 does not require a quality manual, my personal position would be to retain one, if for no other reason than to cross-reference procedures with the current version of the standard. The conformity matrix is a useful tool for doing this, and also to identify any gaps between what the organization has and what the new standard requires.

A conformity matrix is simply a matrix whose rows are the clauses of the standard, and whose columns are the organization’s procedures and processes. An X or other mark is placed at the column and row intersection when a procedure or process meets or supports the corresponding element of the standard. A row in which no X appears is an immediate visual indicator of a gap between the QMS and the standard, and a procedure must be written or revised to eliminate the gap.

It is possible to enhance the conformity matrix by using the L-Type Matrix in which some kind of weighting symbol, rather than just an X or other check mark, is placed at a row and column intersection. In the book CQE Primer (Quality Council of Indiana, 2006) Bill Wortman and his coauthors use three different symbols for “strong relationship,” “relationship,” and “possible relationship.” We can similarly use different symbols for primary, secondary, and supporting relationships.

Suppose for example that an organization has a procedure for document control, which includes a provision for review and approval of document changes, distribution of the current document, and removal of obsolete documents. This procedure would have a primary relationship with ISO 9001:2015 clause 7.5, “Documented information.” That is, the procedure’s express purpose is to meet the documented information requirements of the standard.

A procedure for calibration and measurement systems analysis (MSA) would similarly have a primary relationship with 7.1.5, “Monitoring and measuring resources,” while a procedure for control of quality records would have only a supporting relationship with this requirement. Calibration and MSA would certainly generate quality records that must be retained, made readily available, and protected from loss, but the procedure for quality records cannot possibly fulfill the requirements for 7.1.5 by itself. It can only support 7.1.5 by preserving the quality records that show that gauges and instruments were in fact calibrated, and that required gauge reproducibility and repeatability analysis were in fact performed. This means that, if we are using the conformity matrix to identify gaps between the QMS and the standard, a supporting relationship alone does not meet the requirements.

Figure 1 shows a sample conformity matrix with general procedures and processes versus a portion of ISO 9001:2015. The cells at the right are programmed to add the Xs, which reflect a process or procedure that meets the requirements of the standard, and use conditional formatting to turn them red if no X appears. S (for support) does not count. As an example, the Quality Records procedure supports 7.2 (“Competence”) by retaining records of training, but it doesn’t make the training happen. Only when we add the Training procedure’s effect (item 9) do we get an X in the row for 7.2 and thereby meet the requirement. This procedure would almost certainly require the organization to retain a record of the employee’s training with the record retention period specified in the Quality Records procedure.

Figure 1: A conformity matrix as a visual control. Click here for larger image.

The good thing about the conformity matrix is that it eliminates the need to write a new quality manual every time ISO 9001 is revised. It’s only necessary to create a new conformity matrix that reflects the new standard’s requirements, and cross-reference the existing QMS accordingly. The procedures and processes can also be hyperlinked to the actual document so any auditor, or anybody else, can see the document and verify that it does, in fact, meet the indicated clauses of the standard. This turns the conformity matrix into a visual control that makes gaps immediately visible and also directs the user to the necessary information without making them search for it. The only caveat is that any change to a documented process or procedure requires a review to reflect any change in that process’ or procedure’s role in reference to the standard.

Note also that a comment can be added to any cell by right-clicking on it, e.g. to provide a small amount of detail on how the process or procedure deploys the ISO clause.

The stakeholder matrix

Another useful tool is the stakeholder matrix, which ties in directly with clause 4.2—“Understanding the needs and expectations of interested parties.” This clause requires the organization to determine the requirements of interested parties that are relevant to the quality management system. Not all interested parties are relevant, and the stakeholder matrix makes this emphatically clear. When stakeholders (or interested parties) of “little or no importance” exercise “significant influence,” we have a highly dysfunctional situation in which the tail is allowed to wag the dog. A commentator on Sun Tzu’s Art of War (Oxford University Press, 1963) described this situation as follows. “And it is said one must consult the Army Supervisor in these matters! This is as if in building a house beside the road one took advice from those who pass by. Of course the work would never be completed!” The Victoria State Government reference defines similarly the high influence but low importance stakeholders as “a source of significant risk.”

Conclusion

The bad news is that the real deadline for ISO 9001:2015 is much sooner than Sept. 22, 2018, because the organization must complete an internal audit and management review prior to an audit by a registrar. The good news is that few real changes need to be made to existing quality systems to align them with the new standard, but “now” is not too soon to begin.

About The Author

William A. Levinson

William A. Levinson, P.E., FASQ, CQE, CMQOE, is the principal of Levinson Productivity Systems P.C. and the author of the book The Expanded and Annotated My Life and Work: Henry Ford’s Universal Code for World-Class Success (Productivity Press, 2013).