This is a guest post by Allen Gluck, president of ERM31000 Training and Consulting in Spring Valley, NY, and an adjunct professor at Manhattanville School of Business in Purchase, NY. He has a master’s degree in leadership from Bellevue University in Nebraska. Gluck is an ASQ member and a member of the U.S. Technical Advisory Group to ISO Technical Committee 176 (TAG 176), which develops ISO 9001, and TAG 262, which develops ISO 31000. He may be contacted via his website: www.erm31000.com or at email@example.com.
The ISO 9001:2015 revision is bringing big changes. This post is designed to assist your organization with the implementation of one of the new requirements: Clause 4.1, “Understanding the Organization and its Context.”
The new requirement reads: “The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.”
In order to explain how to go about making this determination and clarify the purpose it serves, an introduction is in place.
Although it is not obvious to the casual reader, the new standard alludes to decision-making in three places. The first is a quality principle quoted from ISO 9000:2015, namely “evidence-based decision making.” It is not hard to understand that better decisions are made when they are based on evidence rather than by conjecture.
The second almost surreptitious reference to decision-making is found in Clause 0.1, “Addressing risks and opportunities associated with its context and objectives.” Addressing risks means proactively managing uncertainties. The simple meaning of “managing uncertainties” is that decisions should be made with consideration of the possible positive and negative consequences that the uncertain future may bring.
Finally, in Clause 5.1, entitled Leadership and Commitment, we find a requirement for top management: “Ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization.” Top management’s most basic role is strategic decision-making for the organization.
In essence, all three references require that informed decisions are to be made based on some kind of evidence. Where is this evidence to be found? All the evidence you’ll ever need is available in the context of your organization, whether it be external or internal.
What is the context of an organization? Let’s begin with examples of your internal context. Your company’s vision, mission, strategic objectives and direction, your org chart, SOPs, resources, culture, contractual relationships – these and more, are factors you should consider when making all decisions and when addressing uncertainties about the future.
On the other hand, the legal, social, political, regulatory, financial, economic, key drivers, trends, natural and competitive environment, and perceptions of external stakeholders (or interested parties) are all part of your external context. Each of these factors should be considered in the course of business leadership, when managing risk or uncertainty, and when making decisions that may affect the quality or service you provide.
One of the concerns raised about this new requirement is related to auditing. How can an auditor accurately audit context? What set of requirements does he or she audit against? Furthermore, will an omission from this potentially endless list yield many new non-conformances?
Quality management systems are built on PDCA, also known as the Deming cycle. “Understanding the organization and its context” are part and parcel of this process of continual improvement. As such, it is never complete on the first go-around. Indeed, the new standard states, “The organization shall monitor and review information about these external and internal issues,” which clearly indicates the standard experts’ broad understanding that context is a moving target.
As such, evidence of an ongoing process to establish and understand an organization’s context is absolutely satisfactory to satisfy an audit to these requirements. Only an egregious omission could legitimately be viewed as a non-conformance by an auditor who has trained for proficiency to this standard.
- Quality decisions are no different than any other decisions; uncertainties may help or hinder your objectives.
- Your best decisions are based on the best available evidence.
- Most of this evidence which you require is readily available within:
– your organization’s external and internal context
– the context and content of your “interested parties”
- This process is auditable
Thank you to the hard-working men and women of the U.S. Technical Advisory Group to TC 176 for their years of volunteer effort resulting in the new ISO 9001 standard.
This is a guest post by Lorri Hunt, a U.S. technical expert and task group monitor for the next revision to ISO 9001. She is an ASQ Senior member, an Exemplar Global lead auditor, a frequent contributor to quality publications and journals, and a speaker all over the world. She is the president of Lorri Hunt and Associates Inc.
Author’s Note: ISO 9001:2015 is still in the revision process and subject to change. Information in this blog should be used with caution when making changes to a quality management system or for legal agreements.
ISO 9001:2015 is currently at the Draft International Stage (DIS) with a scheduled publication date of September 2015. As organizations have gotten their first glance at the proposed changes, many have focused on specific words rather than what the requirements actually say. While a new structure demonstrates the biggest visual change, the standard also uses different words, in some cases, to explain requirements that have existed in ISO 9001 since its infancy.
Some of these changes are based on the fact that the text related to certain concepts is part of the standard structure and common text and definitions that have been established for every management system standard to follow. This includes documented information instead of documents and records, and the removal of terms such as the “quality manual” and “management representative.” Other terms have been changed by the technical experts who are drafting ISO 9001:2015. These include “external provider” instead of “supplier” and “applicability” instead of “exclusion.”
In all of these cases, the requirements that relate to them have not changed, just the term.
Requirements for assigning responsibilities and authorities are included in Clause 5.3 Organization Roles, Responsibilities and Authorities. All of the requirements for the role of management representative from ISO 9001:2008 are included with some minor enhancements. The ISO 9001:2015 DIS just doesn’t define the term.
The requirements that would have been included in the quality manual from ISO 9001:2008 are included in Clause 4.3 Determining the Scope of the Quality Management System and 4.4 Quality Management System and Its Processes. The information that was included in the quality manual must be maintained as documented information. It just doesn’t call the documented information a quality manual.
The requirements that were included under control of documents and control of records in ISO 9001:2008 are included in 7.5 Documented Information. Because there have been substantial changes in how documented information is controlled, the difference between a document and a record has become more difficult. To help users, the phrase “maintain documented information” is used when referring to the legacy term “document” and the phrase “retain documented information” is used when referring to the legacy term “record.” Organizations that have a quality management system that is compliant to ISO 9001:2008 requirements should be compliant to ISO 9001:2015 requirements.
In ISO 9001:2008, organizations could exclude requirements as long as they did not affect an organization’s ability to provide product that conformed to requirements. In the DIS, an organization can determine that a requirement does not apply if it does not affect the organization’s ability to ensure that a product or service conforms to requirements. This application must also be maintained as documented information according to the requirements in 4.3 Determining the Scope of the Quality Management System.
In each of these cases of change of terminology, many users see this as a reduction or change in requirements. However, there has not been a reduction in requirements. The change in terminology is simply providing a less prescriptive standard. As users begin the transition to ISO 9001:2015 and initiate a gap analysis to the requirements, it is important to not just consider the words that have been written, but the requirements that they represent.
Users of the standard can also continue to use whatever terminology they wish when implementing a quality management system. This concept is reinforced in Annex A.1 in the DIS for ISO 9001:2015.
Simply put, there is not a need to throw everything you have in your quality management system out, but ensure that your quality management system meets the new requirements in ISO 9001:2015 regardless of the terminology used.