Call Us: +974 6683 3413
Email us: info@usis-gulf.com
Fax: +974 44839970
Call Us: +974 6683 3413
Email us: info@usis-gulf.com
Fax: +974 44839970
September 15, 2018. About ten years after being introduced ISO 9001:2008 was withdrawn. If you remember the 2008 changes – they were minimal. Indeed the standard has not changed since 2000. So after 18 years, the old standard will be withdrawn.
Often we hear criticism about how the standard changes too frequently but even if it was substantial changes every time that would still be only every 8 or 9 years. If your management system is not evolving faster than that you have more significant problems than a new standard. A change in the standard is an excuse to review things, push them, get everyone to improve.
Despite any prior warnings, it is reasonably sure that September will come and go without any fanfare and nothing notable. Anyone needing to beat the Sept 15 deadline should have already transitioned. There might be some last minute questions but no frenzy and nothing unusual.
The new standard has explicitly included many new requirements that encompass the strategic activities a company has. Strategy was probably always implied in ISO, but because it was not explicit, organizations minimized it, and certification auditors ignored it. Development of a clear direction for the organization is essential. It’s the basis of creating a culture and leading the organization where it needs to go and like everything else in the organization will form the basis of what quality is trying to achieve. ISO doesn’t demand complicated procedures, but it requires some discipline and definition, and this is a significant enhancement. The procedures should pull the whole organization together. If organizations have transitioned and done it well – the benefits are going to start coming. The benefits are many. Organizations used to minimize the ISO control over their objectives and their change management activities. ISO has circumvented this too, insisting on meaningful and valuable goals with detail to ensure they will be reached. Similarly, it asks for the detail behind providing change is managed effectively. There is no downside to this, just more benefits. Organizations who transitioned, who implemented these new requirements, controls, processes, need to reflect on them and reorganize them as necessary to ensure they maximize the value from them. If they cut corners, its time to review and optimize. It is fair to appreciate that some organizations did just that to transition. They thought they understood the requirement, the auditor explained it differently but passed them. Now there is time. Focus on the benefits and start to get the value from the system. Some organizations decided not to transition. They typically did not get any value from ISO and did it because a customer demanded it. They complained about competitors without ISO getting contracts and did not promote their ISO. The costs of some significant changes with this transition were enough for them to put it off to save the effort and the money. The question here is “Will ISO 9001 go away”? If the standard is going to be dropped then these organizations will be on the leading edge. However, that is not likely. ISO still provides benefits for any customer. A customer can demand it without much effort and it “should” assure quality. Moreover, customers also see these changes coming in, and they see them as hopeful to further the assurance of their supplier base (which fundamentally is all they are concerned about – as well as the cost of course). Agreed there are some circumstances where ISO doesn’t work for customers, but those organizations, those that claim ISO but let their customers down are usually dropped quite quickly by customers. So, if you did not transition, that may prove to be a mistake. Some organizations did not transition on time but recognize or have been told by their customers that they need to get it back. If they are quick, then the transition will be an upgrade project to their previous system. If they leave it too long, then it will be like starting again. It is hard to perceive a situation where ISO will go away. The basic principles behind ISO are hard to ignore and done right it will work well for both the customer and the organization. If organizations do it right, do it well then there are few contrary arguments, and there are serious benefits to be gained.
The standard has changed significantly. The newer areas include the concept of allowing the organization to demonstrate conformance rather than dictating how it is done. This includes strategy, risk, and knowledge. There are also significant changes to Objectives, Change, Communication. As you can see, there are a lot of new requirements. One of the more visible signs of the changes is the restructuring of the standard to adopt the annex SL approach. In some quarters a little controversial but probably overall a good idea for consistency going forward. A whole new standard to learn. Yes. You cannot argue the need to learn the new requirements if you want to get or remain certified. One thing that has not changed; ISO is about QMS and QMS is about quality. This has not changed, not in the 31 years of its existence (since 1987). If you designed your ISO solution to be a QMS focused on quality then you probably have a good solution and your basic solution can stay. Yes, some new ideas (which because you focused on quality originally, you probably already addressed to some degree) and some changes to help focus and improve discipline perhaps) but the fundamentals are already there. Ensuring the focus is on quality and not directly on requirements will ensure your solution evolves through the transition in a meaningful way. It is a lot easier to get support and resources for something that makes sense.
Focus on outcomes. It is very common to insist on a gap analysis. Technically in most project management situations, this is an important step in determining where you are versus where you want to be. In this instance – less so. So much so that a gap analysis should not be required. You have a reasonable system. You have implemented ISO 9001:2008 and you meet those requirements well – your certification body has already confirmed. You audit your processes – thoroughly and effectively – and your certification body confirms it as well. Bottom line is you already know where you are. That is part of what having a QMS is about. The next step is to determine where you want to be. You also already know that. You want ISO 9001:2015 certification. The gaps are defined by the differences between 2008 and 2015. But what does that mean specifically to you? Same answer. The Gaps are identified. Solutions are another matter. The purpose of a gap analysis is not to determine solutions. The main function of transition is knowing where you want to be. Solutions require review, thought, and pondering. You need to put some time into determining what the best solution will be based on all the inputs. This might require analysis, brainstorming, consultation. For instance, in 2008 we had preventive action. In 2015 we have to include a risk process. It’s a clear gap. There is nothing to explain what the solution should be. Your solution might have a weighted colored risk matrix with defined criteria and definitions for each characteristic. Or it might require a simple list. The solution needs to be appropriate and effective for you. Don’t waste time quantifying gaps. Invest in a comprehensive, solutions-based, project plan.
ISO removed the need for many (any?) documents. So what? The standard changed in a really valuable way. It never made sense to require a procedure for internal audit but not for engineering. Why should ISO say what documents are needed in an organization? By not insisting on any particular documents, the standard created a lot of confusion. With this change organization’s thought: “Now I don’t need any documents.” That is not what it says and it is definitely not what it means. First, the standard should not tell anyone how they demonstrate their system. By specifying mandatory documents and records it imposes tasks on organizations, to create and maintain the documents, this is something a standard has no business doing. Whether the documentation is good or not, it is not a standards place to say how. Further, by specifying, it implies that these are the only documents required and that if others were needed then they too would have been specified. Remember the ‘six mandatory procedures’? Not true and not what it says but that’s what happened. This alone led to terribly structured and impossible to operate solutions. Now you may be saying: “But the new standard is worse or at least more confusing”. No. It clearly says that you have to be able to operate your system and demonstrate it. While it is possible to do this without documentation, getting this right is really difficult. The documentation describes how we define the process (and system) and without the documented description it is not possible to communicate it for clarity, training, reliability, or verify it or audit it. You can achieve this without documents but it is not easy. Bottom line: you need all the procedures, documents, and records. This has little to do with ISO and everything to do with operating a successful organization (and being able to demonstrate it).
Forever we have had our ISO programs led by dedicated professionals – the ISO Management Representative. In some quarters there has been noticeable confusion over the management representative. Often the ISO guy is not the representative. They do all the work but a VP covers the official role. This can be both good and bad. The 2015 standard removes the requirement for a management representative which many imply as getting rid of the role.Let’s get one thing straight, there is no suggestion of getting rid of the role. The title is not discussed but it equally the standard does not say you cannot have one. This is up for the organization to decide. The important task here is making sure the responsibilities – all the responsibilities – for quality are properly determined and communicated. If you change this role or title or activity ensure the responsibilities are managed correctly. All too often the ISO guy is tasked with keeping or getting certification. But it is not the job of one quality guy.Now, look at this point from a positive perspective. The management representative may lose a title but they still should oversee the system. Now the system includes the organizational purpose and strategic direction for quality formally included in ISO. They are obviously important to quality – essential in ensuring everything makes sense. It will not be possible to achieve certification if these elements are not part of the solution. This gives access to very high-level processes in the organization such as strategic and business planning. The management representative now has access to top management, and in a way has become a part of top management.
ISO has introduced new, sensible, and important processes, however, we have found most if not all organizations already do these things. New requirements bring new processes and new controls. As discussed earlier, if it is important in an organization, then it is already being done, perhaps informally but still getting done. This is true of the big new areas brought into the ISO 9001:2015 standard. New to the standard…less so for the organization. Business Planning, Strategy, and Purpose – the standard is very specific and requires us to start our quality systems with reference to organizational purpose and strategic direction. This helps appreciate that context is about understanding the environment and influences that affect quality so that planning can be completed…in context. Larger organizations already have a strategic or business planning process. Often quality is not explicitly included but can be achieved easily by adding a few simple controls to the process. In small organizations, it happens just the same. For instance, the owner goes to dinner once a year with their accountant and discusses how things went and what they want to happen next year or perhaps the owner has ideas for new products or new markets that should be pursued. At the moment this is informal, without structure, but it is being done and it just needs to add controls, some discipline, and organization. Let’s be clear about this, we are not doing this for ISO. We never do any of this for ISO. We are doing this because it’s a great thing to do for the organization. That is why it goes on irrespective. A QMS helps us ensure these processes are deliberate, meaningful and valuable to the organization. Nothing new. Just a little more disciplined.
Never forget what we are doing here. The most important thing about ISO is that it is about QMS. What is QMS about? It is about being successful. To be successful you have to be effective, efficient, improving, and profitable – every good characteristic of an organization that you care to characterize it with. Whenever you are writing procedures, designing solutions, looking at controls, implementing ISO you need to proactively ensure you apply that principle always. Everything you do in ISO is good. If its not….stop it. QCS has been working with ISO for many years. We are process and management system experts and craft solutions that don’t ask organizations to change to meet ISO, We see how ISO meets what you already do. Our focus is on solutions that are meaningful, help management deliberately achieve success and also happen to get them ISO certified. Guaranteed in writing. We have never had a failure. It is this experience that allows us to identify 5 tricks and 1 philosophy.
2018 USIS - All Rights Reserved | Powered by TS Qatar Systems and Communicaations WLL