Featured Product
This Week in Quality Digest Live
Standards Features
Megan Wallin-Kerth
Thermo Fisher has a team that is primarily an IT department dedicated to quality
Peter Bilello
How best to keep all the moving parts in the digital enterprise from running off the rails
Del Williams
Options to address the risk of combustible dust explosions for NFPA 61 compliance
Craig Matthews
And how to get a job done right
Medical device manufacturers get additional three or four years, depending on risk class

More Features

Standards News
New lines improve software capability and analysis
Automotive cybersecurity on Feb. 9, and AS9145 on Feb. 28
Keeping consumers protected and happy is the key
Automates adherence to guidance from leading quality and risk-management standards
Review will assess how Baldrige Performance Excellence Program can best advance U.S. competitiveness
Better manufacturing processes require three main strategies

More News

Denise Robitaille

Standards

Committee Draft of ISO 9001 Is Out

Changes include genuine improvement; some will make implementation more difficult

Published: Wednesday, July 24, 2013 - 12:21

Editor’s note: Denise Robitaille is a member of the U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She will be reporting on the revision progress to ISO 9001, which will be completed in 2015. Read other articles in the series here.

The first committee draft of the next revision of ISO 9001 is out. Multiple changes are being proposed and the structure is markedly different. Terms have been added, and concepts and requirements have been shifted around.

This new structure is based on Annex SL, a new high-level structure developed by the Joint Technical Coordination Group (JTCG), which was subsequently approved and incorporated into the ISO directives. While the Technical Management Board (TMB) issued a resolution allowing for deviation from the high-level structure and common text, it has requested that any deviation be explained.

The hope appears to be that there would be few deviations, since the intent is to bring alignment to the growing cadre of ISO management system standards. Both ISO 14001 and ISO 9001 are being revised at about the same time, although 14001 is further along in the revision cycle. Whether attempting to impose a common structure on all standards will be a benefit to the users remains to be seen.

The new standard has 10 sections instead of the current eight. They are:
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

The first two sections, while not unimportant, are not much different than previous versions of 9001. However, a note is found in section one that introduces the phrase “goods and services” to be substituted for the term “product.” Throughout the document, the phrase “goods and services” now appears. The intent seems to be to make the document more amenable to service organizations. One of the decisions that should emerge from this first round of reviews and comments is a determination about the value and advisability of diverging from the established use of the term “product” to denote both the output of a process as well as that which is ultimately delivered to the customer. Up until now, “product” has included both tangible goods and services.

Section three of the committee draft currently contains a multitude of definitions. There is a note that the definitions have only been inserted to facilitate the work of the developers, and that they will later be moved to ISO 9000. (In previous iterations this section had a simple comment referring users to ISO 9000 for definition of terms.) Since the technical experts have traditionally left undefined any words that had broadly accepted connotation in common everyday usage, and since ISO 9000 is under the management of a separate subcommittee (SC1), it’s unclear how many of the definitions will become normative (implying a requirement).

The requirements for control of outsourced processes has been significantly diluted to the point where they don’t have nearly the weight they have in the current version. It would be unfortunate if organizations started backsliding to the point where the diminished ISO requirements gave them an opportunity to absolve themselves from any level of accountability for outsourced processes.

Throughout the document “continual improvement” has been replaced by “improvement.” This is consistent with the revised Quality Management Principles, whose release will coincide with the publication of the new version of ISO 9001. The notion of “continual” improvement has long been a source of aggravation among users, who either misunderstood the requirement or found it unnecessary and daunting.

The concept of risk has been added under Planning in Section 6. This is a welcome improvement because it better conveys the intent originally covered under subclause 8.5.3—Preventive Action, which is to address the potential for errors, accidents, and other problems throughout the organization. This inclusion completely eliminates the need for any language about preventive action and is actually easier for users to understand—giving them a better shot at meaningful application of the requirement.

Section 4 introduces the concept of understanding the context of the organization. As guidance, similar language in ISO 9004:2009 was helpful for organizations trying to move beyond basic compliance to the standard. Unfortunately, the way the concept is presented may be confusing to smaller companies. However, a welcome addition that should be helpful to organizations of all sizes and ilks is the need to understand needs and expectations of interested parties. The standard gives examples of the most relevant interested parties so that users better understand the intent.

The standard has replaced the term “top management” with “leadership.” Whether this change will have any effect on users is hard to say. However, it’s important to remember that the two terms are not synonymous. The requirements for the management representative have also been diluted. There is no longer a need for the ISO rep to be a member of management. This also seems to be a step backward because it opens the door for this role to be relegated to a clerk or minor administrative staff member.

In attempting to accommodate service organizations much of the language found in section 7 of the current version—Product Realization—has been pared down in its new section 8, Operation. Language relating to understanding customer requirements is for the most part unchanged. The requirements for design and development have experienced a major re-write, with development gaining prominence over design. This seems antithetical to the addition of risk earlier on, in that properly controlled design processes are indispensable to mitigating product risk.

Suppliers are referred to as “external providers.” Considering the fact that terms like supplier and supply-chain management are globally accepted, it’s hard to understand the change to such an awkward term. Again, the only possible rationale is to accommodate service organizations.

The language relating to control of monitoring and measuring equipment has also been truncated, ans some key requirements are now reduced to a note. Since the Notes throughout the standard are only for guidance and do not carry any requirements, this is a detriment to any organization that needs to control, verify, or calibrate equipment.

Perhaps the most egregious change is the substitution of “documented information” for documents and records. The market has long understood the distinction between document and records, and how the relationship between the two mirrors the process approach—namely inputs (found in documents) and outputs (found in records). This change will only serve to confuse users and does a great disservice to the market.

There are obviously many other changes—mostly minor. Some will have greater significance to some users than others. Some of the changes are genuine improvements, while others will make implementation more difficult, especially for small and medium-size companies.

It's still early in the game, and there will still be time to comment and to make revisions. Users should voice their concerns to TAG members or through any forum where they can be heard.

Discuss

About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.

She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.

As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.

Comments

It's only words ?

Yes, I can't but think of the Bee Gees' Words song lyrics, when reading about the "new" ISO 9001. I'm especially concerned with the requirements 4.4.2 - 5.1.2 - 6.1 and 9.2: my comments on which so called novelties can probably be read somewhere else. In short: the elephant gave birth to a mouse, I expected a much more thorough job from ISO, to counter-act its addiction to the year 2000 edition approach. Thank you.  

ISO 9001:2015 References to Documents and Records

I was stunned by the fact that the latest revision no longer talks about documents and records.  I did not see one place where it says a documented procedure is required.  Does that mean we get to decide what gets documented and ISO no longer cares? 

Also, I found the clause on corrective action to be disturbing.  It says "When a nonconformity occurs, the organization shall:  a) react to the nonconformity, and as applicable 1) take action to control and correct it; and 2) evaluate the need for eliminating the causes of the nonconformity, in order that it does not recur or occur elsewhere...".  This entire statement says we need to react to everything and then decide in each case whether a corrective action (not just a correction) is warranted.  In fact, the way it should be done is a correction should be done for all nonconformities.  A corrective action should be done through the analysis of all or a sample of all nonconformities in order to determine if a systemic issue is in place.  To require a response to each nonconformity which also evaluates the need for corrective action seems a bit like overkill to me.   I know that the previous standard was not that clear on this either.  But the point is, if we keep treating common cause issues as if they are special cause, we will quickly wear ourselves out with huge expenditures of resources and little to show for it. 

- Mike Harkins

Excellent Observation

Your comments about distingushing between special and common causes is right on. The time wasted on searching for special causes that don't exist is uncalculable.

Rich

Outsource, corrective action

Based on my study of CD 9001, I think the idea of controlling for outsourcing has been beefed up. 9001:2008 had a paragraph under 4.1. In CD 9001, section 4.1 Understanding the organization and its context, 4.2 Understanding needs and expectations of interested parties, and 4.3 Determining the scope of the qms all apply to outsourcing. Now organizations will need to really think about the structure of the qms and the interrelations with interested parties which includes suppliers and others invovled in the supply chain. This must include outsourced services.

I hope organizations react to nonconformities with scraping, reworking, segregating, containing, identifying, removing, waiving, etc. All requirements after the intial reaction are "as applicable." "React" is not defined and control, correct and deal with consequences are "as applicable". I think an organzition could define react in a very geneal sense and try to defend that no control, correction or dealing with consequence was appicable. The next section states to evaluate the need for action. If the evalaution determines the issue is a common cause and you don't want to take action for fear of tamerping, you don't have to per CD 9001.