Biggest Changes in – ISO 9001:2015
1. The “Context of the Organization” must be determined. Therefore, they require a context analysis, stakeholder identification, and an understanding of their expectations.
2. The “Leadership and Commitment” replaces “Management Commitment.” Although it seems like a small change, the new standard has added a requirement for top management to take accountability for the effectiveness of the QMS, and QMS must be merged into a business process.
3. The “Management Representative” idea is removed from the standard. Instead, the commitment to quality through solid and visible leadership is strengthened. All leaders must involve in the QMS activities.
4. “Risk Management” has become the foundation of the standard. (Previously, it was process approach and PDCA)
5. Requirement for a “Risk-Based Approach” replaces preventive action. This implies the need for risk assessment and risk management activities related to company managerial decisions and below. The preventive actions are to be taken before starting a process and as part of the routine.
6. The clause ” Preventive Actions” is removed, but the requirement of Preventive Actions is highlighted in “Quality Objectives and Planning to Achieve Them” and in “Risk-Based Approach.”
7. “Documented Information” replaces Processes and Records. (There is no longer a specific requirement to have a Quality Manual, but documented information should be available when required).
8. The “Needs and Expectations of the Interested Parties” must be determined. This includes customers and all other stakeholders.
9. The term “Goods and Services” replaces “Products.”
10. The design and development process has reduced its segments. (Previously, it was Planning, Inputs, Outputs, Review, Verification, Validation, and Changes. Now it is Planning, Inputs, Controls, and Changes).
11. The purchasing process has been replaced by “Control of Externally Provided Products and Services,” including outsourced operations.
12. The customer property has been replaced by “Property Belonging to Customers or External Providers,” which includes external providers’ properties residing inside the premises.
Risk-Based Thinking – ISO 9001:2015
Enterprise Risk – Governance
- Risks related to the operation of the business, systematic issues, materials issues, etc.
- Risks related to planning and delivering a product or service and not meeting the project’s scope/quality schedule, costs including technology, and others.
Process Risk – Compliance / Assurance
- The risk relates directly to planning and delivering a product or service and not meeting stability, Capability, Improvement, and Ability to achieve consistent outcomes.
Inputs for Identification of Risks
The types of Risks are identified in four categories
- Buyers’ Buying Power
- Threats from Suppliers
- Threats from New Entrants
- Threats from Substitutes
The following methods can be used for determining the inputs for the identification of risks to the company,
- SWOT Analysis
- PESTEL Analysis
- Porter’s Five Forces
- Views of Senior Manager
- Views of Consultants
- Benchmarking Findings.