When the International Organization for Standardization revised its ISO 9001 in September 2015, it included a three-year window during which companies could become current.
Some companies took action on their update immediately. Others looked at the 2018 deadline, scheduled the task for a 2017 follow-up, included a reminder, and returned their attention to business as usual.
Now, with little more than 12 months remaining, that task reminder has been activated. To maintain their certification, all registered organizations must transition to the new standard by September 14, 2018.
How Has the Standard Changed?
The fifth edition of ISO 9001 outlines the new requirements for quality management systems (QMS). These systems of processes and procedures have been adopted by companies across the globe to manage and monitor operations. ISO 9001 outlines the organizational conduct needed to achieve and measure consistent service and performance in these systems. It is the world’s most recognized QMS benchmark.
Generally, ISO 9001 is considered to be less prescriptive than its predecessor, which was introduced in 2008. The requirements for documented procedures and records are less onerous this time around, with the focus shifting even further to performance.
The most noticeable change to ISO 9001 is its new structure, which now follows the same overall structure as other ISO management system standards. Known as the High Level Structure (HLS), it was created five years ago to make it easier for organizations that want to follow multiple management standards. By aligning structure, text and terminology among the standards, the drafters of the HLS hoped to improve integration and compatibility.
The switch from ISO 9001:2008 to ISO 9001:2015 also places greater emphasis on the role of risk in business processes. While the previous standard addressed risk, it cordoned it off into a discrete section called “preventive action.” The new requirements, on the other hand, incorporate “risk-based thinking” throughout the standard, requiring organizations to consider its application more generally – from planning to performance evaluation. To expand the role of risk in system-wide processes, the ISO adopts the Plan-Do-Check-Act (PDCA) cycle of continual improvement. The PDCA management method inserts risk-based thinking at each of its four stages.
In revising its flagship standard, the ISO aimed to ensure that ISO 9001 remains a useful tool in the marketplace. The challenges facing business and organizations nowadays are very different from those they encountered a decade or two ago. A failure by the ISO to act would have violated the very emphasis on iteration that its standards promote.
Among the changes that the update addresses:
- Increased globalization. Penetration of distant geographical markets has changed the way business and organizations operate their supply chain, which in turn has become more complex.
- Market demands. New and increased expectations from customers, shareholders, communities and society at large, combined with more access to information, have created additional operational systems demands.
- New sectors for ISO 9001. Originally embraced by manufacturing, the standard has now migrated to a wider spectrum of organizations, such as government and healthcare, which have taken notice of the benefits realized by their counterparts in the manufacturing sector. These organizations use additional industry-specific standards to manage their processes, which weren’t compatible with ISO 9001.
The 2015 version of the standard brings multiple benefits to users who transition to the new standard (or who receive certification for the first time). The revised ISO 9001 standard:
- Emphasizes the recognition of interested parties and provides guidance on how to address their concerns
- Accentuates greater leadership engagement, with leaders at all levels being required to be at the forefront of transformative processes
- Provides enhanced guidance on how to address organizational risks and opportunities in a structured manner
- Includes wider-use terminology, particularly helpful to organizations interested in using multiple management systems (e.g., environment, health and safety, document control)
- Addresses supply chain management more effectively
- Delivers a more user-friendly structure for service and knowledge-based organizations.
ISO 9001 Transition: Not a DIY Project
Although the standard is applicable to any type of business, every organization is different, so the steps required to adjust and enhance your current management system are most likely unique to your situation.
Companies that have yet to begin their transition process need to move quickly but intelligently. While the process may seem straightforward, it comprises a slew of components, and last-minute complications can derail an organization’s objectives.
Depending on the complexity and multi-location scope of transitions or new system certification engagements, the projects themselves can span between two to four months for transitions, and 9 to 12 months for new implementations, from the date of kick-off.
In addition, it is advisable to run the new system for three to six months prior to scheduling the external recertification audit. In this time, employees can become accustomed to the new procedures, and one or more internal audits are completed, which may uncover non-conformities or opportunities for further QMS improvements. The ultimate purpose is to ensure that everyone in the organization feels comfortable with the changes and fully understands the new procedures. These steps will help show the auditors that the new system is providing maximum client satisfaction.
As a result, you may need to adopt an accelerated transition strategy that fits the needs of your organization. Lean on your advisors to define the appropriate transition scope and implementation plan, but remember not to forfeit your decision-making prerogatives. As the transition progresses, remain engaged in the scheduling and delivery of activities.
Based on the PDCA approach, we have identified a 4-step framework to help organizations transition to the new standard:
For many business leaders, the requirement to transition to a new ISO 9001 is being viewed as just one more cost of doing business. But savvy executives might consider another perspective by recalling their latest trip to the doctor. While inconvenient, the latest update represents an opportunity for your organization to administer the type of periodic check-up that even the healthiest organizations book in their calendar. You may emerge with a clean bill of health. Even better: you may discover ways to streamline your processes, improve your bottom line and win new business.
For advice on how to transition your company to the new ISO 9001 standard, contact your local BDO office or George Stefan, National Leader, Business & Technology Certification.
Contact us today to learn more about BDO’s manufacturing consulting services.