Question

In addressing clause 4 of ISO 9001:2015 regarding organization context and interested parties, what type
of tool (spreadsheet,diagram,flowchart,etc), would you recommend to use to simplify the practice and
to give a proper understanding for auditors ? I understand that risk evaluation (ISO 9001:2015) should
be accomplished not only at a high level of establishing and planning objectives, but also at the
processes level. If this is right, could organization use some criteria to select processes to be evaluated?

Answer

Thanks for contacting ASQ’s Ask the Experts program. Regarding your inquiry, your selection of tools
such as spreadsheets, diagrams, flowcharts and etc., should be driven by whatever best fits your
organization’s context, QMS scope and requirements of interested parties. However, before proceeding
with tool selection to “simplify” practices as mentioned in your inquiry, it is essential that the changes
and new requirements of ISO 9001:2015 are fully understood and communicated throughout the
organization. As you know, transitioning from ISO 9001:2008 to ISO 9001:2015 will require much more
than providing understanding to Auditors. The transition process should begin with top management
and then flow down to the process owners and others throughout the organization. If a gap analysis
hasn’t already been completed, consider doing so to identify those processes that must be improved to
meet ISO 9001:2015 certification requirements.

As you know, risk based thinking (RBT) must be a part of an every organization’s process approach, to
ensure risks and opportunities are identified and addressed. Although RBT is not new, it is a changed
approach. ISO 9001:2015 supports the scalability of quality management systems which allows them to
be specific to an organization’s processes, products, and services. The landscape of today’s quality
management systems has changed. It’s not a “one size fits all” situation. For this reason, it’s essential
for top management, process owners as well as the QMS Auditors to develop a thorough understanding
of ISO 9001:2015 and its requirements. Also of equal importance is the familiarization of top
management, process owners, and Auditors with the principals of risk assessment, management and
related terminologies (i.e., ISO 31000:2009).

The effectiveness of future QMS audits will depend upon Auditors that can apply their collective
knowledge of ISO 9001:2015, risk assessment, and management requirements, as well as their in-depth
knowledge of the industries, processes, products, and systems, audited. Exemplar Global and other
accredited ISO 17024 personnel certification bodies have developed online training courses for the
purpose of explaining the requirements of ISO 9001:2015. Other information about transitioning to ISO
9001:2015 is available on the International Accreditation Form’s (IAF) website at www.iaf.nu. Click this
link to read about the recent publication of ISO 9001:2015
http://www.iaf.nu/articles/Publication_of_ISO_90012015/443

About the second part of your inquiry (item b.), it’s important to be aware that RBT applies to every
process that comprises your organization’s quality management system. RBT should be integrated into
your organization’s QMS and product planning processes to ensure risks and opportunities are identified
and addressed.

A few key questions to consider include, how will your Registrar verify your organization’s conformance
with ISO 9001:2015 requirements? What is your Registrar’s timeline for transitioning existing clients to
ISO 9001:2015 requirements? What type of support will be provided to assist clients through the
transition process?