As Osprey CSL’s
quality contractor, responsibility is vested in me to assist the Managing
Director in meeting his quality responsibilities and advising him as
appropriate in ensuring the company has a quality system that’s not only fit
for purpose but provides added value in terms of producing a better product,
more efficiently and effectively.
I hope this has
paper answers some of those questions which you didn’t know the answer to and
will reinforce some of the thinking behind some of the newer initiatives Osprey
CSL has undertaken of late.
third key change for employees is the role interested parties must play within
an organisations quality system. This is
closely linked to RBT as they work hand in glove together.
leadership focus is key, and leaders are expected to take a much more focussed
interest in how the QMS is managed and exploiting the benefits that come from
it. Top management can no longer sit in
an ivory tower and take no interest or delegate all responsibility. They are expected to understand and
requires a different mind set and thought process to be applied to an
organisation’s quality activities when compared to how it operated under the
accreditation of ISO 9001:2008. The main
changes have been listed in this paper, however from an employee’s perspective
there are only really 3 significant changes that affect the day to day business
that’s carried out. First, RBT should
form a part of everybody’s routine activities.
Everybody should be thinking about the inherent and external risks
presented and how these risks may be best managed and, where appropriate, what
opportunities that result can be exploited.
There is no
longer any mention of ‘records’ neither, but of ‘retaining documented
information’. In order to prevent wholesale change when transitioning to the
new standard, Osprey CSL opted to retain its Quality Manual for simplicity,
which is updated along with the remainder of the company’s BMS.
states that it concerns ‘information that the organisation has to control and
maintain’. The information can be in any format and come from various sources
and media. Diverse forms of evidence or documentation are therefore possible.
no longer requires obligatory documented procedures or a quality manual. This
is noteworthy. This is now referred to as ‘documented information’ in
practically all clauses of ISO 9001:2015.
organisation, you must be aware of the importance of these interested parties’
(changing) requirements and standards, and anticipate them in the features of
your products and services. You cannot
make or deliver a good product without knowing the requirements and
expectations of customers and interested parties in any case. This is the basis
of a quality management system. Links
are provided within Osprey CSL’s BMS to its Interested Parties (both internally
and externally), this is a work in progress and as the new system matures, the
lists will be updated to offer employees the sighting of perceived importance
and influence of its interested parties.
9001:2008, customers were often named as being the only interested party. This
concept has been extended in ISO 9001:2015. Suppliers, personnel, shareholders,
legislative bodies, society, internal customers, etc. are now included as
interested parties, in addition to customers.
requires an organisation to construct its quality management system from the
specific context within which it is active. This means, among other things,
that, as an organisation, you have to take into account the needs and
expectations of interested parties and that you evaluate and deal with internal
and external strategic questions. You must show that, as an organisation, you
understand and respond to the expectations of all the parties concerned.
representative’ of ISO 9001:2008 was a member of the management committee who
had the responsibility and authority for steering the quality management system
along the right lines (for Osprey CSL this was the Operations Director). ISO 9001:2015 does not mention this aspect any
more. The idea behind the change is that quality is a matter for everyone and
for all levels within the organisation, however as previously stated, the
Managing Director and Operations Director are the quality drivers and
9001:2015 pays more attention to risk management, interested parties and the
context of the organisation, the quality management system also fits in better
with the needs of the top management. The
quality management system is now more than ever a means for being strategically
successful by addressing the needs of interested parties and by managing
opportunities and threats.
This way, ISO
9001:2015 is intended to encourage integration and harmonisation with business
processes and business strategies. The Top Management now must take more
responsibility for the effectiveness of the quality management system. In Osprey CSL terms, the Managing Director
and Operations Director are seen as the QMS ‘Top Management’ implementers and
leaders, with the remaining directors taking a less active role, however this
doesn’t devolve them of any QMS responsibilities!
also places more emphasis on leadership and management commitment; it is
probably the second biggest change from ISO 9001:2008. It requires much greater involvement by top
managers and business leaders in controlling the quality management system.
Leadership and Commitment
The addition of
risk-based thinking has made the ‘preventive measures’ of ISO 9001:2008
redundant. These preventive measures no longer appear in ISO 9001:2015.
analysis is required at all levels but particularly from Principal Consultant
upwards within Osprey CSL, and this has and continues to take place via Risk
and Opportunity registers, Bid checklists and alike. To emphasise their dominance, the concept of
‘risk’ occurs forty-eight times in ISO 9001:2015, compared with only three
times in ISO 9001:2008.
RBT has a very
important place in ISO 9001:2015, in fact it is probably the most important
change from ISO 9001:2008 and one in which the(CBs) take the most note of and
focus during audit activities. Osprey
CSL has embraced RBT as you may expect from an organisation that specializes in
Risk based activities for its own clients.
Risk Based Thinking (RBT)
Figure 3: Inputs v Outputs
ISO 9001:2015, you must closely monitor which articles, information and
specifications are involved in the production process (read Projects/Proposals
for Osprey CSL) and the quality of output is of greater interest. Generically as shown in Figure 3:
was a focus on input/output in ISO 9001:2008, there is more emphasis in ISO
9001:2015 on measuring and properly assessing the input and output of
Focus on Input/Output
Figure 2: ISO HLS
elements of ISO 9001, ISO 14001, ISO 22000, OHSAS 18001, etc. are therefore all
now the same. This has made the integration of various management systems much
simpler. If, for example, an organisation wishes to implement ISO 14001 in
addition to ISO 9001, the parts that cover the same topic can easily be seen in
the standards as illustrated in Figure 2.
As a result of
the new arrangement in ten clauses, ISO 9001:2015 now has the same unambiguous
structure as all standardised management systems, known as a ‘High Level
ISO High Level Structure
arrangement, the new ISO 9001:2015 strives to give additional momentum to the
continuous and systematic improvement of processes within organisations.
Clauses 4, 5, 6
and 7 of ISO 9001:2015 come under PLAN, clause 8 comes under DO, clause 9 comes
under CHECK and clause 10 is covered by ACT.
You could argue that clause 5 sits over the whole cycle with a lesser
interest in DO than in CHECK, ACT and PLAN
The first three
clauses in ISO 9001:2015 are largely the same as those in ISO 9001:2008, but
there are considerable differences between ISO 9001:2008 and ISO 9001:2015 from
the fourth clause onwards. The last seven clauses are now arranged according to
the PDCA cycle (Plan, Do, Check, Act). You may recall the PDCA cycle from
Safety work you have undertaken previously (or are currently). The following figure demonstrates how they
2. Normative reference
2. Normative reference
3. Terms and definitions
3. Terms and definitions
4. Quality management
4. Context of the
6. Resource management
7. Product realisation
8. Measurement, analysis
are structured around many clauses (which are further sub-divided). ISO 9001:2015 has ten clauses, whereas ISO
9001:2008 had eight. The following table shows the relationship of the ISO
9001:2008 clauses to those in the new ISO 9001:2015.
Structure of the Standards
ISO 9001 was
first issued in 1987: at that time, you had to describe in detail what your
business did. The 1994 version, required organisations to ‘say what you do and
do what you say’. In the 2000 version, the focus was placed on proper processes
to continually improve and thereby increase your customer satisfaction – this
was the most important output. There was nothing added in 2008, but it was more
precise about the interpretation of the standard. ISO 9001:2015 was published
on 23 September 2015 and organisations given three years to comply. Osprey CSL were accredited with the 2015
standard in November 2017, which lasts for three years providing the standard
is maintained. This is important to
Osprey CSL as circa 50% of its
revenue is generated by carrying out work for companies that mandate Osprey CSL
ISO does not
provide certification or conformity assessment. This is performed by accredited
Certification Bodies (CBs), which for Osprey CSL is currently LRQA. These are
establishments that evaluate an organisation’s management system and certify
them with respect to the published standards.
ISO 9001 is
managed by the International Organisation for Standardisation (ISO) in Geneva, Switzerland.
ISO is an independent membership organisation and the world’s largest developer
of voluntary international standards. ISO 9001:2015 was developed by the ISO /
TC 176 / SC 2 – Quality Systems Technical Committee.
THE MAIN DIFFERENCES BETWEEN ISO
9001:2015 AND ISO 9001:2008