#21 – ISO 9001 (2015) FREQUENTLY ASKED QUESTIONS SOLUTIONS MANUAL – GREG HUTCHINS

Greg Hutchins pixISO 9001 (2015) Committee Draft (CD) came out a few months ago.  For giggles, I decided to take a look at it because I heard that it had risk in it.  I was really surprised!

My thinking ran the gamut.  It was a revelation.  It was scary.  It was an opportunity (OK multiple opportunities).

So a little context may help.  In the early 1990’s, I had some of the best written books in the world on ISO 9001 and operational auditing.  These were good times for quality consulting.   High volume.  High margins.  But, ISO became commoditized around 20003 and we moved to risk.  Good decision.  Now, we’re trying to get all quality consultants and ISO registered companies to do the same.

So once we looked at the ISO 9001 CD, what did we do?  We wrote ISO 9001 (2015) Frequently Asked Questions Solutions Manual based on the CD and more than 25 years experience with the standard.  Before we knew it, we had 150 pages of questions and answers that strike to the core of the ISO families of standards and the future of the quality movement.

ISO 9001 CHALLENGES
The following are some high level conclusions we noted in the CD:

  • ISO 9001 (2015) is often more confusing that applicable by the certification body or the registered organization.  In some ways, this is understandable. ISO 9001 is a ‘what is’ standard, not a ‘how to’ get registered document.  In the next two years, most or all quality, six sigma, or operational improvement consultants are going to become risk consultants.
  • In ISO 9001 (2015) risk, process, QMS and other key concepts seem conflated and muddled.  Key risk concepts are not clear and may even conflict with other key standards, such as ISO 31000.
  • ISO 9001 (2015) can be the document to add cachet and brand equity to the quality function by moving it to the executive level.  I think that it may be the intent with the inclusion of risk in the new standard.  Only one problem: there is little guidance on how to do this.  If the ISO standard developers are not careful, quality again will be marginalized.

Twenty and even ten years ago, we had quality management, quality assurance, and quality control.  Quality was a core enterprise discipline and function.  With six sigma, quality has become tools based.  A friend of mine a quality guru says quality and specifically “six sigma seems like a hammer in search of a nail.”

  • The standard seems to be moving from Quality Management Systems to business systems or even risk management systems.  Key quality anchors such as ‘continual improvement’ and ‘quality manual’ are excluded in the document.
  • ISO 9001 does not seem linked with ISO 31000 (ISO risk standard) or aligned with other risk standards.  To use our language, the ISO risk taxonomy and syntax vary.  Lack of consistency implies lack of quality.  Huge issues that need to be resolved.
  • Key high level concepts such as Governance, Risk and Compliance (GRC) and Enterprise Risk Management (ERM) are implied in the standard, but not stated.  Of course, this is intentional.  ISO 9001 is an uber standard so that it can be used by the greatest number of organizations.

Got it!  But …ISO 9001 has general language of integrating QMS with the organization’s strategy and business processes.  This is great because in the last 10 years QMS management representative has been a first level supervisor or even a clerical person.  Not good!  

  • ISO 9001 may presage a new quality organization.  Quality organizations may need to rethink their purpose and direction as a result of the standard. We’re seeing quality organizations becoming more tools oriented and often lower level; being integrated into other functions, such as engineering, compliance, legal, or supply management; or being rebranded and reframed into a risk organization.
  • ISO 9001 (2015) is more difficult for the Certification Bodies to audit for conformity assessment.  The new standard has much more process, risk, and effectiveness requirements that don’t lend themselves to traditional ISO 19011 conformity assessment audits.

The entire ISO 9001 Certification Body accreditation and certification structure is based on audit consistency and defined levels of assurance.  The new standard creates more opportunities for variance or in other words risk through lack of consistency.

  • Certification Body (CB) auditors are already having problems with conducting AS 9100 risk audits.  The new ISO 9001 standard is a magnitude increase in complexity unless the above and many more issues are resolved.

Remember, ISO 9001 is a ‘what is’ document.  How will ISO 9001 certified companies demonstrate compliance and incorporate risk management.  I guess this is where consultants, our Certified Enterprise Risk Manager® come in and our next products come in.

ISO 9001 FREQUENTLY ASKED QUESTIONS (FAQ) SOLUTIONS MANUAL
As we noodled the above questions and many more (almost 300), we decided to write a book and hopefully add some clarity to the discussion.

Hence ISO 9001 (2015) FAQ Solutions Manual should be available in September, 2013.

Bio:

Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com)  is the founder of:

CERMAcademy.com
800Compete.com
QualityPlusEngineering.com

WorkingIt.com

He is the evangelist behind Future of Quality: Risk®.  He is currently working on the Future of Work and machine learning projects.

He is a frequent speaker and expert on Supply Chain Risk Management and cyber security.  His current books available on all platform are shown below:

Leave a Reply

Your email address will not be published. Required fields are marked *