Meeting the Requirements of ISO 9001:2015

The ISO 9001:2015 standard may still be in draft form, not quite set to replace the existing standard until the end of 2015, but it’s important to keep apprised of these changes and what they will mean for you when complying with the new standard. So what changes lie ahead? In this article we’ll look into how the new version of ISO 9001 represents not necessarily a change in the actual requirements, rather, the difference in the approach. In other words, it’s the mind-set that’s changing.

Quality is everyone’s responsibility

That mindset has become one in which no single person has the primary responsibility for an organization’s quality. Instead, we get a broad look in which everyone is committed to quality, to customers, and beyond. So, if there isn’t one core person who “owns” quality, where does quality live, and how does the entire company become engaged?

The broader approach provides a much more flexible interpretation of ISO 9001, which enables companies to focus on consistency, customer focus, leadership, and improvement, among other things. This interpretation brings ISO 9001 to a new level of attention, and also recognizes the changes in technology that now yield best practices for quality. This allows people to implement technology to help them automate and build flexibility into their quality management system (QMS) solutions.

So what are we seeing with the new standard?

Where technology fits

Let’s look into several of the key components of the initial draft as we map the technology considerations relating to the new standard.

Clause 4—“Context of the Organization”: This is essentially the planning for how your organization will manage quality. A lot of it becomes a strategic decision, but where technology fits is in subclause 4.4, which centers on establishing a “... process-based quality management system.”

Technology considerations: You want a solution that will be able to focus on the process as it relates to your organization. The QMS provides you with a centralized, common, and collaborative environment to maintain all of your policies and procedures. This is where flexibility becomes an important component:

• Flexibility to adapt to the various processes, and match what you’ve outlined for your commitments to quality and your customers
• Builds in the functionality that will support your needs and the needs/requirements of the standard

Clause 5—“Building Leadership”: There’s no longer a single representative for quality, no single “quality police.” Companies as a whole must establish a focus on quality, customers, and companywide commitment. At the same time, you must look to establishing a quality “policy”—as opposed to a manual— which will more broadly assess and help improve organizational quality.

Technology considerations: How are you effectively collaborating on a commitment to quality? You need a solution that will give the entire company visibility into and control over the quality effort by ensuring that all data related to processes and procedures is kept in a centralized location accessible by all necessary parties:

• A centralized system, one holistic place for quality policy that provides transparency of information
• Document and communicate your policy—control and disseminate information in a consistent manner

Clause 6—“Planning”: The biggest change here involves risk management. The standard is shifting from a preventive action approach to a risk-based approach, not just in the identification of risks, but also in controlling and mitigating them. At the same time, you’re benchmarking those risks against your overall quality objectives, taking actions to ensure you’re meeting them, and instituting methods for management of change.

Technology considerations: Building risk into a system is critical; you need a system that is objective, repeatable, and systematic. This takes several elements. First is assessing hazards and identifying and measuring risks (e.g., severity and frequency). Having a way to not only define the measurement of risks, but also to align them with your quality objective and then assess them from an operational perspective, is critical. This is done through a risk matrix, which enables you to calculate risk by quantifying your hazards by plotting them on a graph. The resulting calculation of severity and frequency becomes your risk factor. Once the risk matrix has been vetted by your organization through real-world scenarios to ensure its effectiveness, your organization can apply this tool to the risk management process.

• Risk matrixes, built into the operational processes, not only calculate risk but enable immediate remediation of high-risk events.
• A solution should have the ability to set up a risk assessment calculation, benchmarked against your requirements/objectives, and provide a way for you to take action on high-risk events.

Clause 7—“Supporting your QMS”: This is where you focus not only on the people who support your quality initiatives, but also on the infrastructure to support your QMS. You’re looking at the infrastructure of how you’re going to deliver quality, and by whom. This relies on ensuring that your people are trained and given the right documentation to operate efficiently and effectively.

Technology Considerations:

• The concept of document control is not just about document repositories; it’s about establishing a process by which documentation is created, reviewed, approved, consumed, trained, audited, and ultimately, revised. It’s far more than just a simple documentation tool—it’s how you have a central location for communicating processes and information to the company. A technology solution will build in functionality around the process of review and approval, integrated with training, change and revision control processes, and periodic reviews. Collaboration on documentation improvement is key to this element.
• Employee training isn’t just about a training tool; it’s more integrated, collaborative, and based on the idea that one process blends into the next. So, from a technology standpoint, you want an integrated document control and training system. The process includes the training of people and communication, by which new information is disseminated and consumed. Being able to automate much of this is key, especially when you’re  looking to create a more seamless, collaborative, and companywide perspective on quality.

Clause 8—“Operational Processes”: This section provides the framework for how you design, source, produce, and monitor your operations, with respect to products and services. It covers the processes by which you evaluate the design, the “external parties” (a term which replaces “suppliers”), and plans for your product and measurement of controls within your operations.

Technology considerations: The processes are the biggest component, and whether you’re building a design plan, a supplier evaluation, or establishing nonconforming material criteria, it’s important to ensure that information is transferred from one process to the next. A technology solution that will take design information, such as a bill of materials, and communicate to production and suppliers, and include potential nonconforming criteria to be assessed, rests in the ability of the system to provide traceability, visibility, and control.

Clause 9—“Evaluation”: The concept of evaluation sits on its own in ISO 9001:2015, which certainly highlights the importance of feedback and regular assessment. The key point to take away is, “How do you build a constant feedback loop from your operations to ensure that you are saying what you do, and doing what you say?” This not only includes regular auditing and feedback measures from customers, but also how you’re consuming this information as a management team.

One of the key areas is establishing a method for consuming customer feedback. You need to have an established way to build a data set from all customers, and categorize and analyze the type of feedback you’re getting. You also need to build both an internal and an external auditing program. This isn’t different than previous requirements. Finally, you still need to take the QMS data and conduct management reviews, and produce outputs against your core objectives.

Technology considerations: It’s important to “close the loop” on your QMS with your most important asset—your customer. A solution that can collect customer data via post-market feedback such as complaints and adverse events, and allow you to take action on that data, is vitally important to understanding if you’re meeting your quality commitment to your customer. Having a centralized and aggregated way to organize the feedback data is essential, and an automated QMS will provide:

• Auditing solutions: Most organizations are very familiar with building an auditing plan, but as a company grows more complex, it becomes more difficult to manage how much auditing needs to take place, when to audit, and what to audit. It’s important to have a solution that not only manages and standardizes the auditing process, but also the scheduling process. Centralization and harmonization are key in keeping things straight; technology helps to achieve this by providing you with a centralized repository where all your data is kept.
• Measuring effectiveness with collaborative reporting: Management review is an important step to evaluation. However, without a way to organize and filter the data, it’s very difficult to make informed and strategic decisions. You really not only need a strong reporting tool to gather all this information, you also need to ensure that you are integrating the whole process into the data collection. This is where having a closed-loop QMS solution is most valuable; it provides data from design, production, documentation, training, feedback, audits, and beyond. This provides a larger and more valuable view into the data, and lets management act or react or improve more efficiently.

Clause 10—“Improvement”: The key concept and the chief focus of ISO 9001:2015 is around a commitment to customers, to improvement, and to companywide involvement. So when we look at this section, the emphasis must be on fostering overall improvement.

You’re building a process by which you’re able to quickly react to nonconformities and take action on correcting these nonconformities. You’re also looking to see if you need to eliminate the cause of these problems. So, you are first looking to correct and control, and then determine if a corrective action is needed.

If there’s a systematic cause of a nonconformance, then you need to build a corrective action. Again, this is how you take an adverse event and create steps to reduce the likelihood of recurrence. Finally, you also want to look for ways to improve your overall QMS, find trends, and identify opportunities for improvement.

Technology considerations:

• Nonconformance management: Being able to record information in a single location is critical. You want to eliminate as much double entry and data as possible, so importing data from other areas (e.g., production, suppliers, customers, etc.) is key. They next key point is that, if you’re going to issue a corrective action, it should be traceable back to the nonconformance. This is where integration comes into play—linking a nonconformity to a corrective and preventive action, and being able to create a seamless closed loop on the process, will ensure that data is not lost or entered incorrectly.
• Lastly, you want to build reporting and data collection to look for improvement areas. Having a robust reporting system on the entire QMS is critically important to make informed decisions.

Conclusion

The revisions coming forth in ISO 9001:2015 bring a fresh perspective to the standard. Taking full advantage of the opportunities presented by the new standard lies in having a centralized, common, and collaborative environment that not only gives you the visibility into where you are in your QMS, but also makes you active participants and champions of quality. This is where technology, automation, and an integrated QMS take over.

ISO 9001:2015 was built with the acknowledgement of technology today, and the standard embraces concepts that can only be achieved with this in mind.

For more on this topic, be sure to join Quality Digest editor in chief Dirk Dusharme and myself for the webinar, “ISO 9001:2015 Compliance—How Automation Can Help,” on March 24 at 2 p.m. Eastern, 11 a.m. Pacific. Click here to register.

For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”

About The Author