originally posted on Quality Progress by R. Dan Reid
As you probably know, ISO 9001, the fundamental international quality management system (QMS) standard, is being revised. It is at the draft international standard (DIS) stage at the time of this column’s publication and due to be released in September 2015. Figure below shows the revision timeline.
This article discusses some content in the current draft, but remember that changes still may be forthcoming, so you should not proceed too far with implementation of new content in the standard at this time.
It’s important to realize not everything in the new version of ISO 9001 is changing. The 2012 global user survey that was conducted to determine whether a revision to ISO 9001 was needed indicated a majority of users believed the standard was acceptable as-is or with slight modification.
The support for change came largely from within the International Organization for Standardization (ISO) community, when a small task force recommendation to use a new and mandatory clause structure was supported by the ISO technical management board.
The purpose of this support was to drive standardization among new or revised ISO management system standards, such as those related to quality, the environment, and occupational health and safety. The adopted proposal has been incorporated into the ISO directives, known as Annex SL, and also requires use of some common text under the required clause structure.1
Some carryover content between the ISO 9001:2008 and ISO/DIS 9001:2015 has to do with the clauses involved in vertical alignment. Many organizations, including those that certify and implement QMSs, do not understand the critical role and linkage of the clauses as intended by the standard writers.
The first process is to determine customer needs and expectations, which is located in two clauses of the new draft titled, Clause 4.2—Understanding the needs and expectations of interested parties, and Clause 5.1.2—Customer focus. There are three sources of specified requirements for organizations:
- Internal (for example, engineering).
- External (statutory and regulatory).
- External (customers).
The DIS addresses the external requirements in these clauses, which are then input for the quality policy. There are requirements for top management related to the quality policy in ISO 9001—one of which necessitates a commitment to meet applicable specified requirements.
W. Edwards Deming said management commitment to quality is insufficient without its also knowing what must be done to achieve quality. With ISO 9001 being the minimum set of requirements for a functional QMS, the QMS does not go that far. Without an effective process to determine customer requirements—the quality policy—effectiveness of the QMS is compromised. The quality policy is intended to drive conformance with specified requirements, as well as drive continual improvement of the QMS.
Note that in ISO 9001, continual improvement of products and services is not required because it would be difficult—if not impossible—for regulated industries to meet that requirement under the current regulatory environment. Continuing suitability of the quality policy is to be reviewed in formal management review meetings.
Quality objectives are to be established and to be consistent with the quality policy. The DIS defines an objective as a result to be achieved. Objectives start at the enterprise level to address the external specified requirements, such as regulatory and customer-related ones. There are generally five to 10 high-level objectives.
More detailed objectives, however, are to be deployed to relevant levels and functions within the organization to support the enterprise-level objectives, which are meant to drive conformance with requirements. Objectives are required to be relevant to product and service conformity and to the enhancement of customer satisfaction, and they must be measurable.
Objectives are part of planning the QMS, but after objectives are met, they should be revised to drive continual improvement. The need for adjustment of the objectives also should be evaluated in the management review process. The current standard lists the clauses in this order, but the revised draft lists objectives after planning, which arguably does not make as much sense. The process for setting objectives and flowing them to relevant levels and functions in the organization is a key driver of continual improvement in the standard. Organizations that do not use objectives in this manner are missing key value in the QMS implementation.
Objectives are meaningless without plans to achieve them. Plans must list who is going to do what and at what time in the project or process, the required resources and how progress will be measured along the way. Resource determination should be made using data, taking into consideration workload on existing employees, budget and resource availability.
Risks also must be considered in developing plans to ensure they are adequately prevented or mitigated by the QMS. Use of risk identification and quantification tools is recommended to appropriately prioritize efforts, based on data. Emphasis should be on error-proofing processes to prevent problems from occurring because detection is not as effective as it should be.
Plans should be reviewed for adequacy prior to release. Plans are developed with some expected end in mind. Ask: Does that end go far enough to meet specified requirements and drive continual improvement? Sometimes, it is known up front that the plans are not adequate to achieve the objectives. When this is the case, management should approve and consider revising the objectives.
Note that the clause on preventive action in the current ISO 9001 standard is not included in the draft revision. It was associated with the current corrective action clause, which is not truly an effective planning function. Current thinking is that planning the QMS up front is the best preventive action, making a clause linked to corrective action unnecessary.
After sufficient plans are in place, metrics are needed to monitor progress in achieving the objectives and specified requirements. Just as objectives are set at the enterprise level and deployed to relevant levels and functions in the organization, so must the metrics be set. They must be in place at relevant functions and levels, and for products and processes that can affect quality or delivery. There should be leading, contemporaneous and lagging indicators to adequately monitor the progress of plans being carried out across the organization.
Data for control charts in high-volume production processes are collected in real time, but a control chart can forecast future process performance if the process is statistically stable. If you have enough data and the process is stable, you can also accurately predict nonproduction process performance, such as achievement of annual cost savings. Lagging indicators, such as those about warranty issues and customer satisfaction, are also important to monitor and react to when necessary.
With regard to customer satisfaction, many organizations track metrics that are actually indicators of customer dissatisfaction, such as complaints, returns and parts per million (ppm) defects. The assumption is that if these metrics show low occurrence, customer satisfaction is achieved, but this is not necessarily so.
Your product or service performance may not be bad enough to cause a customer complaint, return or high ppm, but the danger is that a competitor may be satisfying and delighting customers, and your organization would not be able to detect this if it is tracking only customer dissatisfaction metrics.
Looking at the ISO 9001 DIS, many of the core concepts remain unchanged from the current standard. The changes that are being proposed provide an opportunity to implement the existing requirements more effectively to add value to the organization and not just implement a QMS because customers require it.
Receive Our Newsletter
Keep informed on best practice research and business improvement events from around the globe - be the first to read our Best Practice Reports