Since 1987, ISO 9000 has been the guiding set of principles designed to help organizations maintain and optimize production processes, product quality and customer satisfaction. In September 2015, anticipated revisions to ISO 9001 were published to better serve the changing needs of today’s businesses, while retaining the intent to help organizations improve overall performance. ISO 9001 also strives to better align quality management with business management — with the promise of being easier to implement.
While ISO 9001:2008-certified companies have three years to complete migration to this newest edition of the standard, the changes introduced in ISO 9001:2015 can truly help organizations to improve their business processes, and therefore starting early gives your organization more time to reap the rewards of the improved quality system. As quality managers proactively gear up for the release of the updated standard, they should be mindful of four key changes forthcoming, and how to systematically prepare for their successful implementation.
New terminology allows for use of more sophisticated data management tools
The language of ISO 9001:2015 will differ from that of its predecessor with broader “documented information” replacing the old “documents” and “records” terminology. Although it might sound insignificant, this change is very welcomed and helps organizations move away from the traditional file-based thinking and start managing information in quality systems in formats that are the most efficient for each use case and information type. The new document control definitions reflect the modern ways in which business now operate, better encompassing the myriad of information that flows into and out of quality systems.
Forward-thinking companies are now integrating and harmonizing structured data objects (such as a checklists, and risk assessment e-forms) and unstructured content (such as SOPs and training material) in a way that not only ensure users can quickly find what they need, but also to create an intelligent information management environment where content is presented in context. Achieving this requires the ability to unify disconnected information silos and offer a consistent view of all quality information to users, regardless of where the information is located. This environment, which can be best achieved using an enterprise information management (EIM) solution, is also at the core of ISO 9001:2015, requires stringent tracking of enterprise risks, objectives, stakeholders, process outcomes and other core quality processes.
A "risk-based thinking" approach
One of the most fundamental changes in ISO 9001:2015 is the emphasis on risk management throughout all quality management processes. While risk-based thinking has always been implied in ISO 9001, it will now be a system-wide component of quality management systems that encompass both avoiding potential risks and identifying new opportunities to exceed existing expectations. This approach encourages organizations to move away from reactively recording deviations and corrective actions to proactively identifying risks and mitigating them before deviations occur.
To effectively implement risk capturing and mitigation processes, risks should be linked to processes and responsible persons within the company. Effectively executing this requires recurring routines within your quality management system that are easy to implement with automated workflows and notifications.
Understanding organizational context
Recognizing that a company’s strategy for quality management is connected to internal and external variables, the new standard will require that companies have a deep and fluid understanding of organizational context as it relates to quality management processes. In the simplest of terms, this requires that companies define the internal and external factors and interested parties that can affect their ability to achieve intended outcomes, and determine how each can influence both challenges and opportunities. Once these variables are identified, which may include culture, environment, performance and leadership, processes should be established to monitor them, and those processes should be documented and automatically tracked.
Understanding organizational context serves to enhance overall risk management by helping businesses optimize their operations in a way that is less reactive and more proactive. Under this new proactive approach, quality managers are empowered to be more mindful of the potential influencers of performance so that risks can be mitigated and new opportunities can be quickly identified and seized.
An organizations’ goals and strategy should align with their core quality processes, and these processes must be monitored with key performance indicators (KPIs). If KPIs are not met, processes must be revisited and recalibrated. Easily capturing the right data for these metrics and helping process owners identify gaps often requires changes to existing quality management system dashboards and workflows.
Process-oriented models
Another overarching theme of ISO 9001:2015 is the adoption of a process model for quality management systems. This requires that quality managers not only specify the processes that are relevant to the scope of their quality system, but that they also have the ability to capture evidence verifying that processes are being followed. With this change, quality managers can no longer rely on spreadsheets, email and other manual practices for oversight. They now need to link process structures to associated documents and objects, along with the ability to capture audit trails and electronic signatures to show proof of compliance — both enterprise-wide and across partner networks.
An effective approach for enterprise information management can play a critical role in achieving ISO 9001:2015 certification, particularly when validating control and compliance of external suppliers and services. For example, an EIM system can be used to facilitate the dissemination of standard operating procedures (SOPs) to third party partners, and collect evidence that those documents have been read and understood with electronic signatures.
The ISO 9001:2015 standard undoubtedly empower organizations with a modern framework for more efficient operations, and certification will serve as a testament to a company’s ongoing and systemic commitment to quality. To successfully implement ISO 9001:2015, quality processes will need to be more closely aligned with core business objectives, which ultimately will require tighter integration between related information systems. EIM solutions represent a viable foundation for creating this essential integration capability, offering organizations a way to better manage risk while improving operational quality.
Mika Javanainen is Senior Director of Product Management at M-Files Corporation.