ISO 9001: 2015 revision
Frequently asked questions
1. Why has the ISO 9001 standard been revised?
ISO standards are normally revised every 5-10 years (major and minor revisions). The last major revision to the ISO 9001 standard was in 2000. The business and economic landscape has changed significantly since the last revision. Supply chains have become more complex, customers have become more demanding and there has been a significant emergence of new technologies. The ISO 9001 standard has been revised to meet the increasingly complex business needs and expectations. The standard has also been revised so that it can apply to those organisations within the service sector and not just those in manufacturing. Finally the standards have been revised to meet the new high level Annex SL structure.
2. When is ISO 9001: 2015 published?
3. Where can we access the new ISO 9001: 2015 standard?
The ISO 9001: 2015 standard is now available.
You can purchase a copy of the ISO 9001: 2015 from the Exova BM TRADA bookshop.
Buy the ISO 9001: 2015 standard
Buy the ISO 14001: 2015 standard
4. How long will ISO 9001: 2008 continue to be valid?
The current ISO 9001: 2008 standard will continue to be valid, recognised and be audited to until the end of the three year transition period which is September 2018. After September 2018 ISO 9001: 2008 will be withdrawn and will no longer be valid.
5. We are not yet certified - which version should we implement?
If you are currently in the process of implementing a system to ISO 9001:2008 please note that Exova BM TRADA will continue to certify new customers to ISO 9001:2008 until 28th February 2017. After this date all new certifications must be to the new ISO 9001:2015 standard.
6. How soon should we start our transition to the new standard?
You should start your transition journey now by:
- Obtaining a copy of the ISO 9001:2015 standard.
- Starting to read and research the information that is available from both Exova BM TRADA and International Standards Organisation (ISO). ISO have published many in depth guidance materials covering for example “the process approach in ISO 9001: 2015”. The ISO guidance materials can be obtained by clicking on the link below.
- Communicating internally that the revision and transition is underway and the new requirements of the ISO 9001: 2015 standard especially with regards to the new requirements of top management.
- Read and understand the new Annex SL structure and top level clauses and their requirements.
- Start the review process to understand if/how your organisation is addressing and managing some of the significant new requirements around context, leadership and risk based thinking.
- Develop and communicate a project plan together outlining timescales and responsibilities for your transition to the new standard.
7. Do we have to transition immediately? What are the timescales?
You do not have to transition to the new standard straight away. Industry guidance and requirements have specified that organisations have three years to transition from ISO 9001: 2008 to ISO 9001: 2015, the deadline being 23rd September 2018. You can choose to transition at any time during this timeframe. Transition timescales are summarised in the illustration below:
8. Should we update, renumber, restructure our documentation?
You do not need to update, renumber, rename or restructure existing documentation. Providing all of the requirements containing within the ISO 9001: 2015 standard are met, your system will be compliant. You may choose to renumber / rename and update existing documentation for example to reference new terms and definitions, however it is down to you to determine whether the benefits gained from renumbering / renaming / updating will exceed the effort in implementing the change. In addition if you are more comfortable using your own terminology for example records instead of documented information, then this is also acceptable.
9. We have an integrated management system certified to ISO 9001 and ISO 14001. How do we manage the transition for both standards?
The ISO 14001: 2015 standard was published on 15th September 2015 and ISO 9001: 2015 was published on 23rd September 2015.
If you have an integrated management system you can start the transition process now by:
- Purchasing copies of the revised standards.
- Reading the Exova BM TRADA transition guidance material.
- Attending any required transition training courses.
- Communicating the new requirements and concepts internally.
- Engaging top management if they are not already demonstrating leadership and commitment to the organisations quality / environmental management system.
- Conducting analysis to identify any gaps in your current management systems against the requirements of the new ISO 9001:2015 and ISO 14001:2015 standards.
- Developing action plans with timescales and responsibilities to address the gaps.
- Speaking to Exova BM TRADA to discuss your transition arrangements.
If you are running an integrated management system that includes OHSAS 18001: 2007 it is suggested that you consider delaying your transition until the new ISO 45001 standard reaches the FDIS stage which is due mid-2016. ISO 45001 is the new ISO standard related to occupational health and safety management. Upon publication (due October 2016) ISO 45001 will replace the OHSAS 18001 standard.
As stated on page one, both ISO 9001: 2015 and ISO 14001: 2015 standards have been restructured to adopt the new high level Annex SL structure. ISO 45001 will also adopt the Annex SL high level structure making integration of standard requirements easier.
Annex SL will ensure that future ISO standards will adhere to a common high level structure, identical core text and numbering, and common terms and definitions. This will in turn remove duplication, conflicting requirements, confusion and misunderstanding arising from different standards being developed in isolation.
The new structure contains a core set of generic requirements that will be reflected in all management system standards. Discipline specific requirements will remain in each of the standards especially related to clause 8 – Operation.
The revised high level clause numbering and titles of all management system standards, including ISO 9001: 2015 is as follows:
- Normative references
- Terms and definitions
- Context of the Organisation
- Performance evaluation
10. ISO 9001:2015 does not require a quality manual. Is this still required?
A quality manual is no longer explicitly required in the ISO 9001: 2015 standard. The new standard requires the organisation to maintain documented information necessary for the effectiveness of the quality management system. However if as an organisation you feel that it is convenient and appropriate to describe your quality management system in a quality manual, it is working well for the business, and the quality manual is one of the items of documented information you feel necessary for the effectiveness of the quality management system then there is no need for it to be withdrawn.
11. There is no requirement for a management representative in the revised ISO 9001:2015 standard. What does this mean for this existing role?
Although the explicit requirements for a management representative have been removed from ISO 9001: 2015 there is no need for you to remove your management representative. ISO 9001: 2015 requires that top management assign the responsibility and authority for certain quality management system elements, for example reporting on the performance of the quality management system and on opportunities for improvement. Organisations may find it appropriate to continue to assign this responsibility to the management representative. It is important to note that some of the responsibilities previously assigned to the management representative by top management will in future need to be undertaken directly by top management themselves for example promoting and communicating the importance of the quality management system and improvement.
12. Can organisations still exclude requirements of ISO 9001?
ISO 9001: 2015 no longer refers to exclusions in relation to the applicability of its requirements to an organisations quality management system. All of the requirements of the ISO 9001: 2015 standard are generic and are intended to apply to any organisation, regardless of its type or size or the products or services it provides. ISO 9001: 2015 Annex A clarifies that the organisation cannot decide a requirement to not be applicable if it falls under the scope of its quality management systems. The organisation can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services.
13. How has documentation requirements changed?
Specific documented procedures are no longer required in the ISO 9001: 2015 standard. It is the responsibility of each organisation to maintain documented information to support the operation of its processes and retain the documented information necessary to have confidence that the processes are being carried out as planned. The extent of the documentation that is needed will depend on the size of the organisation and its type of activities, process, products and services, the complexity of processes and their interactions and the competence of persons.
Documents and records are now collectively referred to as documented information. Where that documented information might be subject to change (as in the case of procedures, work instructions, etc), organisations are required to maintain the up to date information. Where the information is not normally subject to change (for example records) the organisation is required to retain that information.
14. What is risk-based thinking?
The concept of risk-based thinking is used to describe the way in which ISO 9001: 2015 addresses the question of risk. The concept of risk has always been implicit in ISO 9001 through requirements for planning, review and improvement.
Use of the phrase risk-based thinking is intended to make it clear that while an awareness of risk is important, formal risk-management methodologies and risk assessment are not necessarily appropriate for all situations and there does not have to be a documented risk management processes.
The way in which organisations manage risk varies depending on their business context e.g. the criticality of the products and services being provided, complexity of the processes, the potential consequences of failure and the ability to meet objectives. ISO 9001: 2015 requires that each organisation is responsible for its application of risk based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.
15. What has been changed in terms of planning?
ISO 9001: 2015 requires organisations to address risks and opportunities, quality objectives and planning of changes throughout the business. As new products, technologies, markets and business opportunities arise, it is to be expected that organisations will want to take full advantage of these opportunities. This has to done in a controlled manner, and be balanced against the potential risks involved, which could lead to undesirable effects.
16. What is meant by the context of the organisation?
Context of the organisation is a combination of internal and external factors that affect an organisation's approach to the way in which it provides products and services that are delivered to customers.
External factors can include, for example, cultural, social, political, legal, regulatory, financial, technological, economic, and competitive environment, at the international, national, regional or local level.
Internal factors typically include the organisation’s corporate culture, governance, organisational structure, technologies, information systems, and decision-making processes.
17. What are the needs and expectations associated with interested parties?
Organisation need to determine the interested parties that are relevant to its quality management system and the requirements of those interested parties. It is important to highlight that this does not include all interested parties only those that are relevant to the organisations scope of their quality management system.
As stated in the scope of ISO 9001: 2015, the International Standard is applicable where an organisation needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction. There is no requirement for the organisation to consider interested parties where it has decided that those parties are not relevant to its quality management system.
18. What is meant by organisational knowledge?
Organisational knowledge is knowledge specific to the organisation. Organisational knowledge is gained by experience. It is information that is used and shared to ensure the operation of its processes and achieve conformity of products and services and the organisations objectives. Requirements regarding organisational knowledge were introduced for the purpose of safeguarding the organisation from loss of knowledge through staff turnover for example and encouraging the organisation to acquire new knowledge as its business context changes.