Professional Documents
Culture Documents
ISO 9001:2015
Frequently Asked Questions, part 1
While the 2015 version of ISO 9001 is still about a year away from
publication, ISO 9001 certified organizations and those looking to get
certified in the near future wonder about the changes to come and
what they mean for their business. This white paper will answer some
of the most frequently asked questions about the upcoming revision.
Procedures, Manuals & Documentation The new standard takes a more intellectual
Requirements approach to acknowledging manufacturing’s
two primary risks to its customers: defects in
4. ISO 9001:2008 has 39 procedures. How many the product and late delivery. If businesses
procedures does the 2015 version currently correctly apply requirements from section
have? 8.5.3 to these risks, they can identify Preventive
actions in several areas. For example, training
In the ISO 9001:2015 version, there is no
could be conducted to prevent unsafe
requirements for “procedures” however there
operation of equipment, defect generation,
are currently six areas that require
and “off pace” or slow operations.
Management Systems Certification | ISO 9001:2015
Changes to Consider
7. Although there is no requirement for a Quality from a supplier, through an arrangement with
Management Representative (QMR), is there an associate company, through outsourcing
anything to prevent a senior manager from of processes and functions of the organization
assigning a QMR? With no QMR required, who or by any other means. The organization is
is now supposed to “manage” the QMS? required to take a risk-based approach to
There is nothing in the standard that prevents determine the type and extent of controls
an organization from assigning a QMR. appropriate for each external provider and all
However, the intent of eliminating the QMR external provision of goods and services.
requirement is to bring the leadership closer 10. Because ISO 9001:2015 does not require
to the essential responsibilities for establishing, manuals or procedures, what is the “starting
implementing and maintaining a QMS. point” for an auditor to review the Quality
Management System (QMS)?
In the current version of the standard, that
responsibility is assigned to “a member of Firstly, while no manual or procedure is
management,” which gives senior leaders required, if these documents are helpful to the
an opportunity to defer responsibility for business or facilitate the control of processes,
the essential management of the QMS as a they will add value to the QMS.
separate duty, usually assigned to the Quality
Manager. Secondly, if a customer chooses not to have
manuals or procedures, a more complex audit
The process owners will need to be able to planning and a lot of pre-audit preparation
articulate how their processes meet the ISO will be required. Auditors would need to get
9001 requirements and not rely on an ISO a sense of where documentation is located.
technician to translate for the auditor. As the traditional markers will be gone, it
would require some maneuvering between
8. Does the new version of ISO 9001 place less the systems (ERP to Handbooks to Control
emphasis on Design and Development? Software Packages) to obtain evidence
during an audit.
No. It has less structure but places the same
emphasis on controlling the design of goods This audit strategy might shift our focus from
and services. An organization needs to identify “Compliance” to “Effectiveness.” Auditors
how much risk the design activity poses to may become less concerned with structure
all interested parties. The design strategy (the path everyone must follow to achieve
must include a level of control needed to customer satisfaction) and more concerned
mitigate risks. The design effort must include with results (what is the proof that the client is
risks imposed at testing prototypes, installation, satisfying the customer).
vendor qualification, etc. that may not exist
once the design is moved into production. For For example: This is similar to the transition
example; “I designed an acid that will dissolve we saw in ISO 9001:1994 to ISO 9001:2000 in
anything. Now I need to figure out what to put the area of training. The focus used to be on
it in.” determination of training needs and using
sign-in sheets as evidence of training. No
9. Please explain the comment from your
further analysis of ability was required. Now,
webinar presentation, “Outsourcing cannot
we look for evidence that the training or hiring
be used as an excuse for the outcome of the
process was effective in achieving its goals of
system.”
having competent employees. Sign-in sheets
ISO 9001:2008 is clear in section 4.1 that are merely the evidence of presence at
outsourced processes must be controlled by training, at least long enough to sign in.
the organization. ISO 9001:2015 has a similar
requirement which addresses all forms of
external provision, whether it is by purchasing
www.tuv.com/us | info@tuv.com | 1-TUVRHEINLAND