What you need to know about the ISO 9001:2015 Revision
ISO 9001 has been the quality management standard, with more than 1 million businesses certified around the world, according to American Society for Quality. ISO has had many revisions including, 1994, 2000 and 2008 versions, respectively. But the 2015 revision has an added element to consider– RISK.
We are all acutely aware of how ISO International Standards ensure that products and services are safe, reliable and of good quality. ISO Standards serve as strategic tools to reduce costs, minimize waste and errors, and increase productivity. The adoption of ISO Standards can also provide a roadmap to new markets by leveling the playing field for developing countries by facilitating free and fair global trade.
“This revision deserves particular attention, because it’s not only a change to the requirements themselves; it’s a change to the structure of the Standard, with a new focus on risk management,” said Terry Weiner, Senior Consultant, California Manufacturing Technology Consulting, a Manufacturing Extension Partnership (MEP) affiliate.”
Companies in the know will need to re-examine the structure of current systems and documentation to ensure it fits the new ‘High Level Format’ or HLF that is now under consideration by the committee.
Even AS 9100, which already has a requirement for risk identification, assessment and mitigation, will be affected. Risk management as part of AS9100, currently focuses on product-based risk. The risk management proposed in the ISO 9001:2015 Standard encompasses supply chain risks from the suppliers all the way to the customer, and includes consideration of both risks and opportunities, alike.
“In the aerospace world, AS 9100 is the de facto standard and anyone who qualifies is assumed to be in compliance to the ISO Standard,” said Bob Uptagrafft, Aerospace Specialist from Impact Washington, the state’s MEP.
“We assist about 25 to 30 companies a year to prep for initial registration or audits to AS 9100, and the risk component is of particular concern for this industry – which is so heavily regulated,” continued Uptagrafft.
The MEP has developed a Risk Management Program as part of their Supply Chain Optimization program, which helps companies incorporate risk management components, strategically and effectively throughout their supply chain. The program developed as a result of a Voice of the Customer Study (links to: http://www.mepsupplychain.org/wp-content/uploads/2013/11/SC_Whitepaper_rev111313.pdf) identified weaknesses in mitigating global risk as a top concern.
Embedded in all of this change is a movement to incorporate Risk Management into all of the Standards, as witnessed in an excerpt from the current draft of the 2015 revision. The following is excerpted from Committee Draft Document dated Jun 3, 2013: ISO/TC 176/SC 2/N 1147.
6. Planning
6.1 Actions to address risks and opportunities when planning for the quality management system, the organization shall…determine the risks and opportunities that need to be addressed to a) assure the quality management system can achieve its intended outcome(s), b) assure that the organization can consistently achieve conformity of goods and services and customer satisfaction, c) prevent, or reduce, undesired effects, and d) achieve continual improvement. The organization shall plan: a) actions to address these risks and opportunities, and b) how to 1) integrate and implement the actions into its quality management system processes and 2) evaluate the effectiveness of these actions. Any actions taken to address risks and opportunities shall be proportionate to the potential effects on conformity of goods and services and customer satisfaction.
A Risk Management Program has four key elements that are tied together in a top level Risk Management Plan.
• Risk Identification
• Risk Assessment
• Risk Action Management
• Risk Reporting and Monitoring
MEP assisted more than 800 companies in 2013 with an industry-specific certification (like AS9100) or general quality certification or system. The MEP has created tools that simplify the development of each of the four stages of the Risk Management Plan as part of the Supply Chain Optimization program. Templates are provided for planning, reaction to trigger events, and risk management meeting minutes.
The result of participating is learning a structured process for identifying and mitigating risks and acquiring knowledge of how to:
- Create a Risk Management Plan to document mitigation strategies
- Describe trigger events
- Establish monitoring metrics and assign monitoring activities
- Determine the financial impact of risk through a tool called Value at Risk (VaR)
- Implement a Risk Management Program that complies with ISO 9001:2015
Published previously by Quality Digest and used with permission.
Bio: