Welcome to my blog for all things related to business quality (processes, systems and ways of working), products and product quality, manufacturing and operations management.

This blog is a mixture of real-world experience, ideas, comments and observations that I hope you'll find interesting.



ISO 9001:2015 – what does it mean for you?

The latest version of the international standard for Quality Management Systems, ISO 9001:2015 was published in September 2015. There will be a transition period until September 2018 for organisations that are certified to ISO 9001:2008 to upgrade to the new version.

For a summary of what is different about the new standard and what will have to change, see my previous blog.


Clearly this depends on your business and its existing Quality Management System, but assuming that you are a typical SME with a Quality Management System that complies with ISO 9001:2008**:

  1. Issues for Top Management

 One of the key differences in the new version of ISO 9001 is that it has pushed some important elements of quality ‘up the pecking order’ in the organisation, i.e. these issues become the responsibility of all top management (albeit with guidance from quality management) not just a single Management Representative or a delegated Quality Manager:

  • Scope of the QMS, and Quality Policy and Objectives (which must now be measurable)
  • Business Context (information about internal and external issues that affect its strategic direction; risks and opportunities and actions to address them) – this needs regular attention
  • Responsibilities – there is no longer a single-point requirement for a Management Representative, so how is responsibility and accountability for quality to be distributed amongst top management in a way that ensures the appropriate priority is given to these issues and leadership is provided not dispersed or lost?
  • Improvement, especially regarding discontinuities (as opposed to continuous improvement as per ISO 9001:2008) such as innovation, breakthrough change, re-organisation, etc.
  • The deployment of risk-based thinking – one common process to be used throughout the business, or bespoke processes for different areas (although not stated the same way in ISO 9001:2015, I think that Corrective Actions could also be similarly evaluated as being pan-business or specific to given areas).
  1. New Processes or Substantial Changes

Some new requirements require significant thought about how to implement and will need new or substantially changed processes:

  • Risk identification, analysis and mitigation (includes both opportunities and threats) as part of risk-based thinking
  • Organisational knowledge capture, maintenance and effective usage
  • Definition of ‘Interested Parties’, their requirements and how to meet these requirements
  • Improved supplier management, including measurement
  • Changing the appropriate processes to include risk-based thinking (once it has been defined; see above)
  • Communication and ensuring awareness of quality measurement – and their role in it – amongst all staff and other parties
  1. ‘Just Do It’ Changes

Some changes can be made as part of normal continuous improvement to the QMS; they aren’t difficult or contentious and don’t need a lot of careful planning, they can just be implemented:

  • Documenting the new processes or modifying existing ones, including references or links from other documents or processes in the QMS to make it all work together as an integrated whole
  • Management Review changes
  • Nomenclature changes (no Management Representative any more, CAPA changes to just Corrective Actions, no Records – see (4), below)
  • Re-categorising / changing / updating Preventive Actions (see (4), below) to either become Corrective Actions or to be incorporated into the chosen risk-based thinking process
  • Aligning Key Performance Indicators / metrics with the new Quality Policy and Objectives
  • The standard says that ‘QMS changes must be planned’ – how is this to be done (as opposed to happening on an ad-hoc basis)? 
  1. What Can You Dispense With

You don’t have to, but if you choose to do so you can dispense with:

  • The Quality Manual (although consider retaining a token summary-level version if you think that some customers may demand to have a copy and it is difficult or unwise to provide them with your entire QMS)
  • The ‘PA’ (Preventive Actions) part of ‘CAPA’ (Corrective Actions and Preventive Actions) as these are replaced by risk-based thinking
  • Explicit references to Records as opposed to Documents in general
  • Procedures (as opposed to Processes) – the ‘documented information’ should be what your business requires, although there are still some requirements to retain certain documented information so effective document control is as important – arguably more important – than ever.
  1. What Conclusions Can We Draw From All This?

I will suggest the conclusions most appropriate to typical SMEs in a future blog.

In the meantime, if you need help in understanding, interpreting and applying the new standard in a beneficial, pragmatic, low-bureaucracy way please get in touch with us: information@primilis.com, 0800 6126 593.

** If you think this doesn’t help you, or fear it’s too difficult or too bureaucratic, or don’t know how to go about it, do get in touch as we have a proven, easy-to-adopt, low-bureaucracy approach to managing business processes that we think you will find to be refreshingly pragmatic and effective.

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>