Reasons to certify
Q: My organization will soon decide whether it wants to obtain the revised ISO 9001 certification. What are some advantages of certifying that I should consider in my proposal?
A: Perhaps a more pointed question is: "How can the 2015 revision of ISO 9001 correct or improve those systems and processes within my organization that consistently fall below expectations?"
The easy first answer—the low-hanging fruit—is probably your preventive action (PA) process. It is consistently problematic for most organizations I visit as a third-party auditor.
During the management review portion of the audit, I often ask the management group to rate the effectiveness of the six elements of their quality management system (QMS) that must be documented in ISO 9001:2008 with the typical result of preventive action at the bottom of the list. The discussion that follows often leads to one or more suggestions as areas of improvement.
The 2015 revision of ISO 9001 replaces PA with risk-based thinking, and does so in many areas of the standard. It properly adjusts the QMS’s approach to PA from a detached, discrete activity to a foundational, interwoven requirement of the decision process in several important clauses.
The logic of this approach begins with the understanding that organizations have been applying risk-based thinking all along, and the 2015 revision is now recognizing this vital and ongoing component of how to best manage business affairs.
So, if your internal analysis uncovers PA as worthy of improvement, the 2015 revision will (finally) open new avenues of enhancement, upgrade and clarity regarding this entire subject.
It’s important, once again, to ask some difficult questions about the current state of your QMS. For example: How effective is your approach to internal auditing? Are your audits still mired in compliance to the requirements of the standard, or do they provide a robust examination of the effectiveness of your organization’s processes? Internal audit requirements in the 2015 revision are not much different from the current 2008 revision; however, the text is considerably improved and structured.1
If your approach to internal audits creates little more than a string of reports confirming compliance to clauses, the 2015 revision is an opportunity to apply the process approach and thereby improve the significance of internal auditing.
Perhaps a better way to express the difference in approach would be to ask: Are you conducting internal audits primarily to satisfy the standard’s requirement to do so, or to benefit your organization?
Compliance and effectiveness are equally important, but when the approach is restructured to "processes first," audits become far more relevant and important; improving output and significance when assessing resource distribution.
If your internal examination uncovers a split between your organization’s business objectives and quality objectives, the 2015 revision is clearly poised to eliminate such practices. Far too many organizations still employ a system best described as a bolt-on QMS. QMS output is reported to top management as a separate entity through management review, often as an annual progress report in which objectives—while certainly supporting business success—still remain subordinate to top-level business goals. The 2015 revision simply ends this practice by "ensuring the integration of the quality management system requirements into the organization’s business processes."2
Support from the top
The 2015 revision’s efforts to unite business and quality objectives are a long overdue concept offering several improvement drivers, starting with senior management involvement. There’s no secret that without top management support, the QMS struggles to be truly relevant.
Without direct top management involvement, the strength and character of the quality program becomes more or less a support function.
If the QMS is, instead, designed to directly improve and achieve top management’s business expectations, it can no longer be considered separate, but instead a full partner in the organization’s success, solidifying—in fact, demanding—top management’s involvement. Needless to say, this can be a significant improvement for those organizations still operating bolt-on QMSs.
Advantages to upgrading your organization’s QMS to the intent and requirements of the ISO 9001:2015 revision are therefore subject to your unique application.
This will require discussion with all concerned—starting with top management. Search for and define your constraints and your unique needs—along with your strengths. After they are identified, enter into a three-way discussion about the ISO 9001:2015 revision with the affected parties and QMS management. How can ISO 9001:2015 assist in each of these areas? What clauses in the revised standard clarify, simplify or otherwise offer a new approach or set of activities that improve the current state?
So the answer to the original question is based on having first asked more questions about your current QMS and its effectiveness. And if there is a single-most important component of that inquiry, I would offer this: "Are we doing this to improve or to pass the next audit?"
For every clause that fulfills little more than maintaining a plaque on the wall, remember that it is within your power, let alone part of your job description, to create value in the face of mediocrity.
- International Organization for Standardization, ISO 9001:2015 Draft International Standard—Quality management systems—Requirements, section 9.2.
- International Organization for Standardization, ISO 9001:2015 Draft International Standard—Quality management systems—Requirements, clause 5.1.1 d.
Chairman, ISO technical committee 176, Subcommittee 1
President and principal consultant Business Systems Architects Inc.
Fargo, ND, and Prescott, WI
Annual audit event?
Q: How many ISO 9001 internal audits should companies perform each year? Should they audit all their processes every time they perform an internal audit?
A: It’s important to know that ISO 9001:2008, clause 8.2.2, does not define any frequencies for conducted internal audits. ISO 9001:2008, clause 8.2.2, does, however, require a documented procedure be maintained and that the frequencies for conducting internal audits be determined by the organization.
In addition, ISO 9001:2008 requires audits to be planned, to take into account the importance of the processes or areas to be audited, and to consider the results of previous audits conducted.
As a common practice, most organizations schedule all quality management system processes to be audited at least annually (12 months).
QMS processes that have been identified by previous audits to require improvement or where negative trending is found should be audited on a more frequent basis to verify:
- Past corrective actions taken were effective in preventing recurrence of nonconforming conditions.
- No additional nonconforming conditions have resulted from the corrective actions taken.
Process audits are intended to assess specific QMS processes. ISO 9001:2008 does not require every QMS process to be assessed as a part of each audit.
It’s completely acceptable for an organization to conduct a full system audit that may be followed later by an audit on only certain process areas in which nonconforming conditions were found.
It’s the organization’s decision to determine whether full system or process audits are required.
Aston Technical Consulting Services LLC