Critical Upgrade for ISO 9001-Certified Organizations

More than a million organizations around the world embrace the ISO 9001 quality management system (QMS) standard to guide their businesses and operate in the most efficient manner possible. The International Organization for Standardization (ISO) has recently updated ISO 9001 from its 2008 version; the 2015 date assigned to the latest revision reflects the completion of work by the various technical committees that contribute to major updates of ISO standards.

The roll out of the new ISO 9001 standard began in 2016, and we now approach the critical time frame in which registered organizations need to complete recertification to the new standard or risk losing their ISO 9001 certification altogether. All certificates connected to the 2008 version of the standard will expire and become invalid in Sept. 2018. That may seem like a long way off, but when considering the time it takes to schedule, prepare, and conduct a third-party certification audit, the opposite is true. Time is on the verge of running out.

Loss of certification can have a significant negative effect on your company’s reputation and disrupt your business flow as customers and supply chain partners who require a valid ISO 9001 registration react to your loss of certification.

The good news is that, by all accounts, the transition to ISO 9001:2015 is quite seamless for most organizations. Those that are having difficulty are, in our experience, generally less adroit with ISO 9001 certification in general; in other words, they are not tripping up specifically on new requirements of the 2015 version. Make no mistake, there are significant changes in the new standard, but those already familiar with and certified to ISO 9001:2008 should make the transition without trouble. There is some new language and a renovation of the chapter listings, but all of this was carefully engineered to make the process more consistent to implement and to make a more tangible contribution to your business success.

ISO 9001:2015 ushers in a series of new and/or revised requirements; let’s first look at the actual list of changes (as per the International Accreditation Forum), then touch upon the few that represent the most significant conceptual shifts in the evolution of the world’s most relied-on QMS standard:
• The adoption of the high-level structure as set out in Annex SL of ISO Directives, Part 1
• An explicit requirement for risk-based thinking to support and improve the understanding and application of the process approach
• Fewer prescribed requirements
• Less emphasis on documents
• Improved applicability for services
• A requirement to define the boundaries of the QMS
• Increased emphasis on organizational context
• Increased leadership requirements
• Greater emphasis on achieving desired outcomes to improve customer satisfaction

Based on experiences of organizations that have been through their upgrade certification, we can focus on a couple of macro issues that truly represent the major qualitative difference in the new standard. According to Damon Anderson, president at Compliancehelp Consulting, the most significant hot spots are:
• Risk-based thinking
• Strategic direction
• Objectives and planning

“The word ‘risk’ is mentioned nine times in the auditable parts of ISO 9001:2015,” says Anderson. “The new version of the standard—keeping in mind that risk has always been a part of ISO 9001—puts a spotlight on being more strategic about risk and opportunity.”

DNV GL has been helping organizations manage risk for more than 150 years. We can attest to the fact that ISO 9001:2015 represents a turning point in the standard. Across the global economy we see businesses taking a proactive approach to risk. ISO 9001 is, more than ever, a direct enabler of this new kind of risk management, one that seeks opportunities as much as it tries to avoid threats. At DNV GL we use what we call Next Generation Risk Based Certification. It’s how we help organizations go beyond compliance and realize deeper business value from certification.

Strategic direction is something healthy businesses are addressing every day, without ISO 9001. But surprisingly, the phrase is not present in the 2008 version of the standard. With the new version, it is casually mentioned but deeply incorporated in the spirit of the standard. Auditors will want proof that you are looking at the broadest possible scope of your business, considering the needs of all stakeholders. That includes employees, shareholders, investors, customers, supply chain partners, regulators, and the communities in which you operate.

“This is much easier than it sounds,” says Anderson. “The standard isn’t asking for anything that you are not already doing if you are running a quality-driven business. The biggest misperception of ISO 9001 is that it’s abstract or bureaucratic. Nothing is further from the truth. It is quite simple and straightforward and the new version is designed to be even better.”

On Tues., Feb. 21, 2017, join Manuel Marco, director of North American Western Territory Sales for DNV GL Business Assurance; Damon Anderson, principal, Compliancehelp Consulting; and Dirk Dusharme, editor in chief of Quality Digest, for the webinar, “ISO 9001:2015 Transition Experiences,” beginning at 10 a.m. Pacific and 1 p.m. Eastern. Register here.

About The Author