Ready, Set, Transition
Effective ISO 9001:2015 transitioning strategies
by Govind Ramu
My organization transitioned to ISO 9001:2015 early, and it wasn’t a spontaneous decision. It was based on carefully structured and planned program management.
Ten of our sites were registered to ISO 9001:2008 and seven had integrated three management systems (ISO 9001, ISO 14001 and Occupational Health and Safety Assessment Series 18001). Luckily, as a member of the U.S. Technical Advisory Group to the International Organization for Standardization (ISO), I had an advantage from my participation in standards development going back to when these standards were in the committee draft stage.
My organization put together a transition team consisting of quality managers from several global sites and started discussing high-level changes from ISO 9001:2015 as part of the monthly global QMS meeting agenda, which kept the developments in the standard visible even before it was released.
As the standard evolved and reached the final draft stage, we continued our discussion specifically about the new requirements. The transition strategy illustrated in Figure 1 is a high-level summary of our program, which included three main areas—planning, communication and execution. A more comprehensive Gantt chart was developed to manage the overall global transition.
An organization’s planning starts by purchasing ISO 9000 and ISO 9001, and registering those standards as external documents within the quality management system (QMS).1, 2 It’s important to understand both standards before making improvements to the QMS. ASQ’s Knowledge Center and the ISO website have several free resources on ISO 9000 and ISO 9001.3, 4
My organization’s certification body (CB) developed interpretation guidelines for the standard, and your CB can provide similar guidelines as well as a transition checklist. Attending transition training also is helpful for employees.
With the CB’s guidelines, our transition team created a list of ISO 9001:2015 changes compared against the 2008 version. While information about major changes is available on ASQ and ISO websites, it was a good exercise for team members to do it themselves because it gave them an appreciation of the changes. As a team, you should perform an initial impact assessment of your existing management system compared with the 2015 revision’s changes.
After you’ve prepared a list of changes and their effects on the organization, it’s time to share the outcome with your management team. Depending on what the assessment reveals with regard to required changes and improvements, prepare a timeline to management that explains when the transition can be completed and the organization registered to the new standard. Obtain a commitment from management to sign off on the required resources and infrastructure improvements that will make the transition possible.
Organizations have until September 2018 to transition to ISO 9001:2015,5 but you don’t want to procrastinate until the three-year mark. Things can come up, such as unexpected organizational changes, a change in management or ownership, shifting market dynamics, and new priorities that stretch resources and make it challenging to transition by the deadline.
Externally, CBs become extremely overwhelmed if most organizations postpone the transition until year three. This may cause problems such as being unable to accommodate desired audit dates or secure auditors with relevant skills.
This becomes even more challenging if organizations have integrated management systems. Because auditors with qualifications for several management systems are limited in any CB, planning your transition audit with sufficient notice is important to ensure auditor availability. Communicate with your CB, and confirm the availability of dates and auditors for audit locations.
For some organizations, ISO 9001 can be a contractual requirement. Being unable to transition by the deadline not only means a discontinuation of the registration, but also a violation of existing customer contracts.
It’s important to share your organization’s transition plans with customers. Similarly, your external providers—that is, suppliers, subcontractors, contract manufacturers and outsourced service providers—also may be required to transition to the new standard if it’s an expectation in your organization’s purchasing conditions.
Periodically enquiring about the transition plan and status with the external providers will maintain healthy visibility. Quality audits and quarterly performance reviews with suppliers also are opportunities to discuss their plans and progress.
Your organization’s employees should be made aware of the transition. Consistent communication is important to maintain interest and gain their support.6 A program manager—for a large organization, typically a head the global QMS—could periodically publish a newsletter that covers the standard and provides easy-to-understand examples that explain topics in the revised standard, such as context of the organization, interested parties and requirements, risk-based thinking and organizational knowledge. For organizations that are small or medium-sized, the quality manager typically manages the transition.
My organization created a one-page handout that included key information with regard to the revised standard’s policies, objectives and audits. This also addressed the requirement from subclause 7.3 (awareness), which states:
The organization shall ensure that persons doing work under the organization’s control are aware of: the quality policy; relevant quality objectives; their contribution to the effectiveness of the quality management system, including the benefits of improved performance; the implications of not conforming with the quality management system requirements.7
At the execution stage, a program manager should create a training plan for the transition. The training should include employees at all levels, and the content should be customized for each level. While senior management should receive an orientation that gives an overview of the standard and its new requirements, shop-floor employees should be trained to build awareness of the standard.
Process owners—typically mid-level employees—should receive more-detailed training. The training should focus on helping them take a deeper look at their processes and how to serve as support auditors for an internal audit program.
After training, a detailed gap analysis should be performed by all process owners with the help of a site quality manager to identify gaps that must be addressed prior to the transition audit. There could be gaps in areas such as processes, document changes, competencies, infrastructure or changes to the operational environment. If there are any surprises from the detailed gap analyses that were not part of the early impact assessment, it’s a good idea to update management about them.
Implementation is where the rubber meets the road. An implementation plan should be developed with inputs from a detailed gap analysis. Mature organizations think beyond the requirements and don’t superficially address them. They understand the intent of a requirement and build processes and systems that are robust—that is, they consider the future organizational roadmap, product and service offerings, and scalability.
Remember, the purpose of obtaining an ISO 9001 certification is to bring value to your customers and organization, not just to become registered to the standard and have a plaque on the wall.
While it’s true the revision provides the flexibility to significantly reduce the burden of mandatory documentation requirements, many organizations need documentation to ensure standardization and consistency in their processes. One of the challenges for a transition team occurs when process owners suggest the organization should throw out its quality manual and existing documents, which are still relevant.
At this point, a program manager and transition team must provide additional clarification. ISO 9001:2015 subclause 7.5.1 states a QMS shall include "documented information determined by the organization as being necessary for the effectiveness of the QMS."8
The subclause also notes that the "extent of documented information for a QMS can differ" due to factors such as an organization’s size; its type of activities, processes, products and services; the complexity of processes and their interactions; and the competence of those performing work.9
There are 19 instances in which the standard says "the organization shall determine …" The challenge is that if an organization identifies the items required by the standard, how will this information be processed without documenting it? The information may not be in a standalone documented procedure, but it must be incorporated into some existing processes.
ISO 9001:2015 subclause 4.1 (understanding the organization and its context), for example, says, "The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its QMS. The organization shall monitor and review information about these external and internal issues"10
Documentation and risk
It’s important to consider two questions: How will these determined external and internal issues be reviewed and monitored without documentation, and how will this be verified?
If your organization is small, for example, you could argue that all your issues are known and continually monitored. During an audit interview, you will notice variation in the perception of the issues, monitoring methods and outcomes.
The same holds true for subclause 4.2 (understanding the needs and expectations of interested parties):11 If an organization hasn’t documented its relevant interested parties and their requirements, I would be concerned about the organization’s ability to consistently monitor and review information.
Risk-based thinking and organizational knowledge also are implementation and auditing challenges. The standard doesn’t require a knowledge management program or risk management to be conducted on QMS processes, but external auditors still haven’t wrapped their minds around this. Many of them are still looking for a formal risk-management program and knowledge management programs.
Organizations similar to mine had formal enterprise risk management and closed-loop learning programs long before ISO 9001:2015 was published. For smaller organizations, the challenge is in articulating a risk and showing evidence of addressing it in the action plan.
Smaller organizations also don’t use structured knowledge acquisition, storage and retrieval practices. Without adequate documentation of knowledge and its integration into process specifications and controls, knowledge can be lost.12
After the overall implementation is completed, compliance to ISO 9001:2015 and implementation effectiveness are reviewed through an internal audit program, and a management review addresses the overall status of the QMS and solicits management for improvement.
ISO 9001:2015 is not a giant, scary monster. It’s a commonsense approach to running any organization. When process owners complain about additional work that ISO 9001 creates, I always ask them, "Tell me one thing in ISO 9001 you wouldn’t do in a business?" With or without ISO 9001, the requirements outlined in the standard are fundamental to any business. Building awareness among all levels of the organization and effectively training process owners on the intent of the requirements are key to transition success.
References and note
- International Organization for Standardization (ISO), ISO 9001:2015—Quality management systems—Requirements.
- ISO, ISO 9000:2015—Quality management systems—Fundamentals and vocabulary.
- ASQ Knowledge Center, asq.org/knowledge-center/index.html.
- ISO, www.iso.org.
- ISO, ISO 9001: Moving From ISO 9001:2008 to ISO 9001:2015, http://tinyurl.com/2008-to-2015.
- For more information about building employee awareness for the ISO 9001:2015 transition, read "All Hands on Deck," (Standards Connection, December 2015) by visiting http://tinyurl.com/sc-all-hands.
- ISO, ISO 9001:2015—Quality management systems—Requirements, subclause 7.3—Awareness.
- ISO, ISO 9001:2015—Quality management systems—Requirements, subclause 7.5.1—General.
- ISO, ISO 9001:2015—Quality management systems—Requirements, subclause 4.1—Understanding the organization and its context.
- ISO, ISO 9001:2015—Quality management systems—Requirements, subclause 4.2—Understanding the needs and expectations of interested parties.
- Govind Ramu, "ISO 9001:2015: What Is New—An Overview," ASQ India, internal presentation, New Delhi, India, March 22, 2016, http://tinyurl.com/ramu-presentation.
Govind Ramu is senior director, global quality management systems, at SunPower Corp. in San Jose, CA. He has a licensed professional engineer from Ontario, Canada. He also is the chair of the U.S. Technical Advisory Group to International Organization for Standardization Technical Committee 176, subcommittee 1, on ISO 9000:2015 standards. Ramu is an ASQ fellow and holds six ASQ certifications: manager of quality/organizational excellence, engineer, Six Sigma Black Belt, auditor, software quality engineer and reliability engineer. He is a regular contributor to QP’s Expert Answers department, author of The Certified Six Sigma Yellow Belt Handbook, (ASQ Quality Press, 2016), co-author of The Certified Six Sigma Green Belt Handbook, second edition (ASQ Quality Press, 2015) and a contributing author of The Lean Handbook (ASQ Quality Press, 2012).