Scott Paton  |  10/29/2008

Are You Ready for ISO 9001:2008?

The release of the amended standard is an excellent time to assess your QMS.

By the time you read this, the new version of ISO 9001 should be out. ISO 9001:2008 is the result of years of work by an international team of volunteer experts. These dedicated men and women gave up hundreds of hours of their time and traveled to locations around the world, usually at their own expense, to revise the standard.

The revision process began almost as soon as the year 2000 version of the standard was published. In fact, work on the next revision of the standard--slated for the year 2015--has already begun.

Most people have three primary questions about the new standard:

What’s new?

When does it take effect?

How long do I have to transition to the new standard?


Let’s start with the first question. As the authors of the article in this issue “The Insiders’ Guide to ISO 9001:2008” (starting on page 43) point out, “The changes are minor in nature and address such issues as the need for clarification, greater consistency, resolution of perceived ambiguities, and improved compatibility with ISO 14001, which relates to environmental management systems.” In essence, ISO 9001:2008 contains no new requirements. In fact, the team that drafted the standard worked very hard to avoid adding any new requirements. The goal was to clarify the standard’s intent.

Because there are no new requirements in ISO 9001:2008, many people are dismissing it. In fact, there are a lot of people out there who think that because there are no new requirements, there is no work for them to do. Although this may be technically true, at a minimum those responsible for maintaining their organization’s quality management system (QMS) should evaluate their QMS in relation to the new standard to see how it compares.

Ideally, the release of ISO 9001:2008 should be a time to go in and give your QMS a major tune-up. It’s an excellent time to evaluate your quality manual, procedures, document control system, corrective action process, internal auditing systems and your auditors, and your management review process. ISO 9001 is at its heart about process improvement. Sure you’ve got an internal audit program, and you’ve got a third party coming in twice a year to audit your compliance to the standard. But when was the last time you really dug into your QMS?

Many of those responsible for their organization’s QMS might not have even been around when it was developed. In essence, they inherited a system that someone else designed. If this is true in your case, you owe it to your organization to do a thorough investigation into your QMS. Ask yourself:

Do we have an effective, efficient corrective action process? Are we doing correction or corrective action? Do we have a database of corrective actions to use for future problems?

Do we have an effective preventive action process in place? Is preventive action an integral part of our business?

Do we have an effective root cause analysis process?

Do our policies and procedures make sense for the way our organization works today?

Is our document control system functioning effectively? Is it meeting our needs today? Will it meet tomorrow’s needs?

Who is our management representative? Is he or she the most logical choice or the most convenient choice? Is he or she a member of the organization’s management (as the new standard requires)?

Do we have an effective training process for new and current employees? How do we evaluate the competence of our employees?

Do all employees have a good working knowledge of what ISO 9001 is and how it relates to their role in the organization?


These are just a few questions to ask. In addition, for those of you who are registered to other sector-specific standards that are based on ISO 9001, such as ISO/TS 16949, now is also a good time to evaluate your compliance to those standards. They will all eventually be updated to reflect ISO 9001:2008’s new structure.

Now, let’s answer the second question: When does it take effect? Organizations cannot be registered to the new standard until it is released, which should be sometime before the end of this month. Also, organizations currently registered to ISO 9001:2000 must undergo a routine surveillance or recertification audit against ISO 9001:2008, according to an International Accreditation Forum-ISO joint communiqué.

The same communiqué answers the third question: How long do I have to transition to the new standard? Organizations will have 24 months after the publication of ISO 9001:2008 to transition to the new standard.

What have you done to prepare for ISO 9001:2008? Are you proactively working on your QMS in anticipation of ISO 9001:2008, or are you taking a wait-and-see attitude? Share your thoughts at .



About The Author

Scott Paton’s picture

Scott Paton

Scott Paton is the president and CEO of Certus Professional Certification  and the president of Paton Professional. He’s the former editor and publisher of Quality Digest, and now serves as editor at large.