All the ISO standards are written generically. The reason for this is so that any organization can apply them, irrespective of their size or type, or which services and products it provides.
The ISO 9001:2015 standard will enable organizations to achieve 2 broad objectives:
- It enables an organization to show that it can consistently deliver services and products that:
- Meets customer requirements and
- Meets any regulatory or statutory requirements that may be applicable.
- It enables an organization to improve customer satisfaction.
The requirements of the 2015 version of the ISO 9001 standard can be divided into 7 broad categories:
- Context of the organization.
- Performance evaluation
MyEasyISO makes it easy to meet the requirements of all these categories by having a specific module for each. The sub-clauses of the relevant category is catered for in detail within the module, with easy-to-use screens and templates, and context sensitive help every step of the way.
Let’s have a look at some of the detail of each of these categories:
- Context of the Organization
One of the first things that need to be done when starting a QMS is to identify both the external and internal issues that may have an impact on your ability to meet your strategic objectives.
External issues typically include things such as political, economic, regulatory, legislative, technological, environmental and social factors. Apart from identifying these factors, you need to understand how they could impact on your organization.
It is likely that internal issues will often follow as a direct result of external issues. If labor laws for example change, you might have to make changes to employees’ working condition to be compliant.
The second aspect you need to look at for this requirement is to identify interested parties and their requirements. Note that the word stakeholders used in the 2008 version of the standard has been replaced with interested parties. Once you know the needs and requirements of these parties, you can satisfy these, ultimately leading to you providing a quality service or product.
This version of the standard still requires that the scope of the organization be documented, as required in the 2008 version. Although the new version does not use the word ‘exclusions’ as the previous one did, if you are unable to meet specific requirements, you can’t simply leave them out, but have to justify why you’re doing so.
A big change in the 2015 version is that top management become wholly responsible for the QMS and should be able to demonstrate that they are involved.
The emphasis in this requirement is for top management to establish and implement a Quality Policy that is in line with the company’s overall strategy and objectives, and to allocate roles and responsibilities to employees responsible for implementing and maintain the QMS.
Top management should also show effective leadership by supporting other managers within the company and assist them in leading within their roles.
The standard changes the way organizations need to approach planning and focusses strongly on change management. With that comes risk-based thinking and to use risk analysis to manage operations. MyEasyISO’s risk modules are fully integrated with the other modules to make this process fit into the QMS seamlessly.
When objectives are set, this should automatically highlight risks and opportunities. In the 2015 version of the standard, all processes that are relevant to the QMS has to have their own objectives.
When any changes in the organization are envisaged, these must be planned for and once again the risks associated with the change need to be identified and mitigated where possible. The same applies to the internal and external issue identification mentioned earlier on. Each issue needs to be planned for and the risks evaluated.
The support requirement in the new version is virtually identical to the previous version, with the notable exception that a quality manual is no longer required.
The support clause in the standard consists of 5 elements:
Employees need to be aware of the organization’s quality policy and objectives, how their role affects the effectiveness of the QMS, and what the impact of non-compliance will be.
The level of competence required for roles need to be established, after which the organization needs to ensure that the people performing those roles have the required competence.
The organization needs to ensure that all the resources needed to make sure that the QMS is effective are in place. Resources include internal resources, people, external providers, organizational knowledge, monitoring and measuring resources and external communication.
The requirements of the QMS needs to be communicated to employees as well as external interested parties.
- Control of documented information.
All documented information needs to be controlled, with specific mention in the standard of access, integrity and confidentiality.
The process based approach should be used in all operational activities and processes, including planning, implementing and measuring. Rather than simply following procedures, the emphasis is on making sure that the desired outcomes are achieved, and that the requirements of the interested parties are met. This version of the standard also strengthens the need to apply these principles to processes that are outsourced, rather than only looking at in-house processes.
- Performance Evaluation
Performance evaluation starts with measuring and monitoring everything the organization has determined necessary, including things like customer satisfaction, whether planning has been effective, and if risks and opportunities that have been defined are being addressed properly.
Performance evaluation should also include the internal audit, and management review processes.
Organizations should continuously be working on improving not only their QMS, but also the way they do business. If the nonconformity and corrective action process is implemented and used properly, continuous improvement virtually follows automatically.
Fulfilling all the requirements if the ISO 9001:2015 standard might seem daunting at first, but if you break it down in steps as described here, it actually makes a lot of sense and is logical. If you’re still unsure of how to get going, why not sign up for a Free Trial of MyEasyISO to find out how we can help you easily meet all the requirements?
ISO 9001 quality management systems (QMS) are implemented using MyEasyISO software in Wellington (New Zealand), while ISO 14001 & OHSAS 18001 Health Safety Management Systems (HSE) are implemented with MyEasyISO in Ljubljana (Slovenia).