The first concern usually expressed regarding the ISO 9001:2015 standard is that it is organized very differently from 2008. This page provides an excellent high-level overview of the changes. There are new requirements, but not all the requirements have changed. The ISO organization realizes the need to improve its own processes and documents to make the standards more effective and efficient.
ISO 9001:2015 Change 1: Annex SL
The first change is the reorganization of the ISO 9001 document to be in accordance with “Annex SL.” The latter provides a common structure across all standards to minimize confusion and help compliance efforts. As explained by InsideStandards.com, Annex SL “was designed to make it easier for organizations that have to comply with more than one management system standard.” It organizes content of standards to be consistent such as starting with a scope, a clear location for terms and definitions, and other improvements. See also “Annex A (Informative)” in the 9001:2015 document for more information on transitioning to the new document structure.
ISO 9001:2015 Clarification 1: Scope (1)
An organization still must define the scope of its quality management system (QMS); that stays in place in the 2015 version of the standard. However, the requirement to include a “broader perspective” frequently raises the question of whether the accounting department must now be included, when it wasn’t in the past. The answer is no. Usually the QMS focuses on business processes supporting delivery to customer.
ISO 9001:2015 Change 2: Context (4.1)
A new term debuted in ISO 9000:2015: “Context of the organization: A combination of internal and external issues that can have an effect on an organization’s approach to developing and achieving its objectives.”
“Context” is the way that the 2015 standard asks that a company examines how it does business, not just how it manages quality. The term widens the perspective to include issues relevant to your business as well as “interested parties” who impact your ability to meet your goals. Those parties are not just customers. They include suppliers, employees, business partners, etc.
Context also recognizes that “frequent internal and external changing circumstances affect many organizations. Given that every organization has a unique set of issues, no two organizations should have identical management systems.” (Lloyd’s Register LRQA USA).
NOTE: Environmental concerns tie in with ISO 14001.
ISO 9001:2015 Change 3: Risk-Based Thinking (A.4)
Risk-based thinking was implied in earlier versions of the standard. ISO now asks company leadership to “promot[e] the use of the process approach and risk-based thinking.” (5.1.1.d)
In combination with context (see above), the intent of risk-based thinking is to encourage companies to think more deeply about various factors in its environment that affect its ability to succeed. The standard encourages companies to determine risks that need to be dealt with during planning and implementing QMS processes. That’s because a key purpose of a QMS is to act as a “preventive tool.”
That said, there is no requirement in the standard for formal risk management (RM) methods or RM processes.
See the links below for an ISO Technical Committee (TC) 176 document that more thoroughly explains the new approach to risk-based thinking, why use it, how to do it, and the associated actions.
ISO 9001:2015 Change 4: Organizational Knowledge (A.7)
Organizational knowledge is not the same as competence; it’s sometimes referred to as “tribal knowledge,” information accumulated over time and mostly retained in individuals’ memory versus a formal “knowledge base.”
The standard’s intent is to focus the organization on retaining knowledge acquired from experience, mentoring, benchmarking, etc., that is lost most often through staff turnover. The standard requires that organizations determine what knowledge is needed for its operations and to achieve product/service conformity, and how it will be maintained.
ISO 9001:2015 Change 5: Auditing Context and Risk-Based Thinking
An auditor will ask questions at a variety of leadership levels to look for consistency with a strategic plan and to find evidence of risk-based thinking. Sample questions to expect from an auditor are:
- What are the issues and growth opportunity for organization?
- Have you identified actions to address those?
- Has the company leadership clearly defined issues that could impact the company’s ability to achieve their quality goals and objectives?
- Have you identified the “interested parties” who impact your ability to meet your goals? Have you determined their requirements?
Helpful ISO TC 176 Documents about the ISO 9001:2008 Transition to 2015
For more information, refer to this section of the ISO organization library containing other helpful documents published by ISO Technical Committee (TC) 176:
- “Risk-Based Thinking in ISO 9001:2015”: Go to above link and click on “ISO9001andRisk.docx” to download.
- “Correlation matrices between ISO 9001:2008 and ISO 9001:2015”: Go to above link and click on “ISO 9001Correlation_Matrices.doc” to download. It has 2 matrices. The first one shows how the content of the paragraph numbers changed from 2008 to 2015. The second shows where the information in 2008 was moved to in 2015 to be compliant with Annex SL.
Here is a PDF document I complied with a table showing a more detailed comparison of the two versions of the ISO 9001 Standard.
Difference Between ISO 9001:2008 and ISO 9001:2015 Standards-Compass Quality Solutions
Photo Credit: © CanStockPhoto / kgtoh