Featured Product
This Week in Quality Digest Live
Standards Features
Catherine Cooksey
Ensuring that measurements aid the broader industrial and scientific communities that depend on them
Clare Naden
One way is through a system of conformity assessment to ISO standards
Shaneé Dawkins
Research focuses on ensuring first responder communication tools are designed to meet users’ operational needs
Sheronda Jeffries
Inclusion of ISO 13485 certificates in IAF CertSearch could help protect first responders
Grant Ramaley
Verify ISO QMS certificates using the International Accreditation Forum (IAF) CertSearch database

More Features

Standards News
Design, develop, implement, continually improve risk management in systems and software engineering
ISO/IEC/IEEE 16085 has just been updated
Patient safety is a key focus in update of ISO 14155, the industry reference for good practice in clinical trials.
Is the standard adequate, or should it be improved? Deadline: Dec. 31, 2020
Good quality is adding an average of 11 percent to organizations’ revenue growth
Awards to be presented March 24, 2020, at the Quest for Excellence Conference, in National Harbor, MD
How the nation’s leading multistate cannabis company ensures quality and safety standards
New auditors must pass the exam before auditing for GFSI-recognized certification programs
ISO and WHO are working for universal access to quality health products that are all at once safe, effective, and affordable

More News

Mika Javanainen


ISO 9001:2015 and Enterprise Information Management

Get a head start on certification—evaluate your EIM against new requirements

Published: Tuesday, September 1, 2015 - 15:56

The recently released final draft of the ISO 9001:2015 standard for quality management systems has now been voted on by members of both the ISO and CEN standards bodies. The latest version still targets the same goal—to help organizations improve overall performance—while addressing the profound changes that have emerged during the last seven years.

As stated in the foreword, this fifth edition of the ISO 9001 standard introduces “revised quality management principles [and] new concepts.” A review of the new clauses reveals the goal to better align quality management with overall business management, and to simplify the implementation of the ISO 9001 requirements.

Sounds great... on paper. But how much pain will be involved to achieve ISO 9001:2015 certification? Some of the new concepts differ dramatically from previous practices and approaches.

Evolving quality concepts

ISO 9001:2015 requires that organizations determine relevant external and internal issues that can affect their ability to achieve the intended outcomes of their quality management systems (QMS). It further requires organizations to identify interested parties (both internal and external) that are relevant to their QMS, and the requirements of these interested parties.

These new protocols enhance overall risk management by helping businesses optimize their operations in a way that transitions the process from a reactive practice to a proactive one where issues can be identified and mitigated before they become more serious.

Another interesting addition is related to leadership and executive commitment. Management must ensure that quality policies and objectives are compatible with the organizations’ strategic directions, that quality system requirements are integrated with organizations’ business processes, and that the intended outputs of processes are achieved. In practice this means that organizations must ensure that they follow their own QMS. To effectively track and monitor intended outputs, management needs easy-to-use tools to make sure that  key performance indicators (KPIs) are regularly monitored, and actions are taken if outputs aren’t achieved.

Manual methods for managing documented information no longer sufficient

Many current ISO 9001:2008-certified quality systems consist of a few documents that are managed electronically or as printouts. The need to start tracking enterprise risks, objectives, stakeholders, process outcomes, and other core quality processes requires information architecture planning and more sophisticated tools than Excel and email.

Luckily, ISO 9001:2015 replaces language about “documents” and “records” with new requirements for “documented information.” Although some people might view this change as mere wordsmithing, it actually reflects a significant enterprise information management (EIM) trend. The idea of combining structured data (e.g., electronic forms, tasks, and KPIs) and unstructured content (such as documents), and then visualizing the relationships between those information assets aligns with best-in-class EIM solutions and approaches.

Whether the crafters of the latest version of the standard intended it or not, the change also embraces the benefits of an EIM solution that simplifies and unifies otherwise disparate, distributed content assets. The new approach promotes a unified view of all digital information, and fosters the integration of related information systems.

Of course, not all information management solutions and systems make it easy to connect and effectively manage different types of digital content—hence the potential pain point. Preparation for ISO 9001:2015 certification should include the recommended gap analysis, as well as the organization’s evaluation of the current information management foundations and approaches.

ISO-friendly information management: a checklist

An evaluation of the existing quality management practices and processes can uncover gaps that will have to be addressed for ISO 9001:2015 certification. Organizations seeking to become ISO 9001:2015-certified should consider the following:

• Information architecture: Can a unified and consistent view of all quality information be provided to users, regardless of where the information is located?
• Risk management: To actively prevent deviations (instead of just tracking them), does the company's EIM solution support the ability to define risk factors and attach those to relevant information assets and objects? Can the EIM platform automatically oversee defined risk factors and generate appropriate actions and alerts?
• Process model: How are core processes managed today? Are managers forced to rely on spreadsheets, email, and other cumbersome manual practices for oversight, or does the EIM solution make it possible to link process structures to content? Can outcomes or process execution steps automatically initiate additional actions? Does the EIM solution provide comprehensive audit logs to verify that processes have been followed according to regulations and standards?
• Safe access for external suppliers and services: Does the EIM system have adequate security controls to ensure that only authorized external entities have the ability to share designated information and collaborate with internal staff? Are there adequate oversight and evidence collection capabilities for risk mitigation?
• Does the EIM vendor have documented use cases and successes based on ISO 9001:2008, and a specific roadmap to ISO 9001:2015? Does the vendor provide solution templates for the key quality processes that you need to manage within the system?

An opportunity to improve your quality and information management processes

The changes in the ISO 9001 standard have the potential to vastly improve organizations’ approaches to information management. Getting started today with an evaluation of current information management policies and solutions will give you a head start in uncovering gaps in your business processes. ISO 9001:2015 should be viewed as an opportunity to improve business processes rather than as something you must address before your ISO 9001:2008 certification expires.

For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”


About The Author

Mika Javanainen’s picture

Mika Javanainen

Mika Javanainen is vice president of product management at M-Files Corp. Javanainen is in charge of managing and developing M-Files product portfolios, roadmaps, and pricing globally. Prior to his executive roles, Javanainen worked as a systems specialist, integrating document management systems with ERP and CRM applications. A published author, Javanainen has an executive MBA in international business and marketing. Follow him on Twitter @mikajava.


Nice Article

Nice article. Different and touches on a concept not addressed in many others that have been written about ISO 9001:2015. Many others rehash over the same topics just repeating the changes and over and over again. Nice to see someone actually put some thought into a new topic.