ISO 9001:2015 REQUIREMENTS (PART 1) DOCUMENTATION

ISO 9001:2015 REQUIREMENTS (PART 1) DOCUMENTATION

Preface The release of the Final Draft International Standard of ISO 9001:2015 has created a great deal of hand wringing and argument that many requirements of the ISO 9001-2008 standard have been deleted, abandoned and/or lessened.  Furthermore, it has been replaced by an over-worded document that doesn’t address the needed direction for an organization to follow in order to create and maintain a functioning and vibrant Quality Management System. Many tongues have uttered the soliloquy that an organization no longer needs to have a Quality Manual, Quality Objectives, or the six required procedures for their respective Quality Management Systems.  Reality: nothing could be further from the truth. The fact is that the ISO 9001-2015 standard does not reduce any requirements. It does require them in a different language, and does require/ empower the organization to decide the details. Quality Institute of America (QIA) is providing a series of articles to help people who wish to understand the new standard. These are divided into four groups: Group 1 provided an Introduction to the ISO 9001-2015 standard. This paper starts Group 2, subdivided into sub-parts to handle the standard piece by piece. The series is aimed at readers who currently use the ISO 9001:2008 version, and would like to know how to handle the ISO 9001-2015 version. Each of the sub-parts in the Part 2 series will take a portion of the ISO 900-2008version and help the reader understand the following: Where it is in the New Standard: Owing to the changed structure and organization of ISO 9001-2015 version, some may find a bit of a challenge in trying to relate to the new standard from the perspective of ISO 9001-2008 version. This subsection will help in navigating the new standard. What is Missing? This subsection will point out parts of the old standard ISO 9001-2008 that may have been omitted in the new standard ISO 9001-2015. What is Added/ Changed: This subsection will point to those requirements that did not exist in the ISO 9001-2008, and have been added to the ISO 9001-2015. Part 3 of this series will discuss the net additions to the ISO 9001- 2008 version, Part 4 will discuss implementation issues for each of the sections discussed in the Part 2 subseries, and Part 4 will discuss how to audit to the new standard ISO 9001-2015. We are presenting these articles through various channels, but principally through our web-sites: www.qi-a.com  and www.qisssoftware.com  as well as our blog page:https://plus.google.com/u/0/b/100418610237055178555/+QisssoftwareQMSsoftware/posts/p/pub START of REQUIREMENTS (Part 1) Below is a refresher on the requirements related to Documentation in ISO 9001:2008 What is in ISO 9001-2008 – Section 4 Quality Management System (QMS) Section 4.1 of the ISO 9001-2008 standard requires and organization to establish, document, implement, and maintain a Quality Management System (QMS), and continually improve its effectiveness. This needs to be achieved by determining the processes needed for the Quality Management System (QMS), their sequence and interaction, criteria and methods for operation and control of these processes, provide resources for these processes, and lastly: monitor, measure, analyze these processes and take actions to improve these processes. Section 4.2.1 of the ISO 9001-2008 standard introduced the general requirements of the documentation needed for a Quality Management System (QMS). It speaks of the need to have a written Quality Policy, Quality Objectives, a Quality Manual (QM), specific documented procedures and the need for documents that would be necessary to ensure proper planning, operation and control of the organization’s processes. When compared to the version of ISO 9001-2015, the contrast is, at first, quite striking. (as discussed and contrasted below). In section 4.2.2 of the ISO 9001-2008 standard, the three requirements related to the Quality Manual are discussed: scope of the Quality Management System (QMS), documented procedures and description of the interactions between processes. Section 4.2.3 of the ISO 9001-2008, standard, Control of Documents, sets forth the requirement for a documented procedure to govern the control of documents.  Seven subsections articulated the needs to: approve, review, ensure changes, have relevant versions available, be legible, ensure external documents are identified and prevent the unintended use of obsolete documents. Section 4.2.4 discusses the Control of Records. Records that are established or produced to provide evidence of requirement conformity and of the effectiveness of operation of the Quality Management System QMS shall be controlled.  Furthermore, the organization is required to produce and maintain a documented procedure to define the aforementioned controls.  All records are to remain legible, identifiable and retrievable. Where is it in ISO 9001:2015? ISO 9001-2015 – Sections 4.4.1, 4.4.2, 7.5.1, 7.5.2 and 7.5.3 (7.5.3.1 & 7.5.3.2) The new version ISO 9001-2015 expands the documentation process into two sections (4.4 Quality Management System QMS and its Processes and 7.5 Documented Information). Section 4.4.1 of the new version of ISO 9001-2015, addresses most of 4.1 of ISO 9001-2008. The organization is tasked with creating documented information (a new key word or term for documents) as a tool for establishing, implementing, maintaining and continually improving the company’s Quality Management System. Eight subsections (a-e) are presented that address a company’s Quality Management System and the related processes needed for that system. These eight subsections encompass the documentation required in the standard of ISO 9001-2008, as well as, some new considerations. Subsections (a) and (b) of the new version of ISO 9001-2015, Section 4.4.1 describe the necessary steps an organization must take to establish, implement and maintain their Quality Management System QMS – with information or data as would be contained in a pre-ISO 9001-2015 Quality Manual. For example, (b) states that an organization shall determine sequence and interaction of Quality Management System QMS processes.  By documenting theses interactions and sequences, an organization would document the definition and scope of these interactions and any necessary procedure for effectuating the desired resulting output. (in effect, documenting procedures). Thus, the requirements and need for a Quality Manual, while not spelled out as before, nevertheless exists and an organization would omit this at its own peril. Section 4.4.2 of the new version speaks of (a) maintaining and (b) retaining documented information to support operation of the company’s processes and have confidence that the processes are being carried out as planned. The new standard ISO 9001-2015 does not ask for procedures by name. It does better, by defining what a procedure does, and leaves it up to organization to decide how to produce, maintain documented information to support the operation of the processes. In a similar fashion, 4.4.2 defines what the old “record” used to do, and requires documented information to meet those functions. Sections 7.5.1, 7.5.2 and 7.5.3 of the new standard ISO 9001-2015 relate to Documented Information of the Quality Management System QMS. The correlating section would be 4.2.3 of the standard ISO 9001-2008, Control of Documents. 4.2.3 Set forth the requirement for a documented procedure to govern the control of documents.  Seven subsections articulated the needs to: approve, review, ensure changes, have relevant versions available, be legible, ensure external documents are identified and prevent the unintended use of obsolete documents. Section 7.5.1 does not discuss material or content relevant to version ISO 9001-2008, 4.2.3 and will be discussed at a later time. Section 7.5.2 discusses the creating and updating of documented information.  An organization shall ensure appropriate identification and description is present with all documented information (dates, titles, etc.); the appropriate format (language) and media (electronic, paper, etc.) are followed and review and approval for documented information suitability and adequacy is maintained. Note: this section encompasses and includes several of the subsections contained in section 4.2.3 of the old standard – identification, review, approval and relevancy. As a result, an organization would probably see the need to develop specific procedures or policies to govern the creation, maintenance and control of documented information. The new standard ISO 9001-2015 puts the onus on the organization to define and implement whatever documents, procedures, instructions or policies it deems as necessary to implement and manage its Quality Management System (QMS).  The ISO standard 9001:2008 version style of “spelling-out” the required documents and/or procedure requirements have been replaced with a standard that requires forethought and intention of action as to the documentation of information and one that is not easily in compliance with a cookie-cutter template of pre-defined documents and procedures. 7.5.3.1 Includes the remaining subsections of the ISO 9001:2008 standard 4.2.3, notably subsections relating to relevant versions, legible documents, and identification of external origin documents and prevention of unintended use of obsolete documents. 7.5.3.1. Requires documented information of the Quality Management System QMS shall be controlled to ensure: (a) it is available and suitable for use, where and when it is needed and (b) it is adequately protected (from loss of confidentiality, improper use or loss of integrity). Control of documented information shall be in the same processes as in the ISO 9001:2008 standard and a procedure of the type and manner of control is highly advisable. 7.5.3.2 Stresses additional control of documented information by addressing activities of: (a) distribution, access, retrieval and use, (b) storage and preservation, (c) control of changes and (d) retention (record keeping) and disposition. Note: Documented information kept as evidence of process conformity shall be protected from unintended alterations. (i.e. records, reports, etc.). This brief comparison between the language and intent of the new ISO 9001: 2015 standard for Documented Information and the ISO 9001:2008 standard Documentation Requirements shall be followed by additional papers dealing with a continued comparison and contrast between the two standards, a look at and explanation of the new parts of the ISO 9001: 2015 standard, additional requirements or language of the new standard and an overall definition breakdown of new terms or word groups that can and will affect an organization’s Quality Management System (QMS). What is missing in ISO 9001:2015? No material requirement in ISO 9001:2008 has been taken out. However, familiar terms like “procedures” and “records” have not been used. Instead, phrases and sentences that define the results and/or intent of these terms have been used. Organizations therefore, have been tasked with determine how they will meet the requirements. What is added/ changed? Paragraph 4.4.1.f has an additional (new) requirement to address “Risks and Opportunities” in the design and implementation of an organization’s Quality Management System QMS. Summary: ISO 9001: 2015 is a radically different approach for requiring the same requirements that were required in ISO 9001:2008, section 4. The difference is that it is worded in such a way that organizations are required to think through their method for meeting the requirements. The addition of 4.4.1.f imposes a new task to evaluate risks and opportunities while designing the Quality Management System QMS. The concept of Risk Management as a deliberate work-process (albeit mental) is pervasive in the new standard. Risk Assessment gets the process of Risk Management started, and should become a second habit before starting any new process or job.