An ISO 9001 Gap Closure Plan
The ISO 9000 standard offers an approach to quality management for companies. Adapting the ISO standard can help companies become more efficient, reduce cost, and increase quality by improving processes (International Organization for Standardization, 2015). ISO 9001:2015 identifies the criteria for a quality management system and is the only standard in the family of ISO 9000 standards that is certifiable.
Companies who currently adhere to the 9001:2008 standard who wish to transition to the new 2015 standard need a roadmap for doing so. An overview of both standards will be presented, highlighting the changes in the new standard. An implementation plan will be offered for companies interested in adopting ISO 9001:2015.
Auditing is an important component of certification. Companies will have set time periods for adapting to the new standard. An implementation plan will assist companies to prepare for a future audit. A correlation matrix will be presented which will outline all of the important components of the standard which auditors will be measuring against for compliance.
Keywords-The International Organization for Standardization (ISO), International Standards, ISO 9000, ISO Audit
The International Organization for Standardization (ISO) is an independent, non-governmental membership organization and is the world's largest developer of voluntary International Standards (International Organization for Standardization, 2015). International Standards give world-class specifications for products, services and systems, to ensure quality, safety and efficiency. They are instrumental in facilitating international trade.
The ISO 9000 family addresses various aspects of quality management and contains some of ISO’s best known standards (International Organization for Standardization, 2015). The standards provide guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer’s requirements, and that quality is consistently improved. ISO 9001:2008 and ISO 9001:2015 are part of the ISO 9000 family of standards. This paper will focus on how to adapt the new ISO 9001:2015 Quality Management System (QMS) standard.
Pressure began in the 1950’s for companies to provide evidence that procedures were in place to ensure that business was operating efficiently (Dale, Wiele, & Iwaarden, 2007). Quality management started off as contract requirements issued by major purchasers. Internal quality control was mainly maintained through inspection. These beginnings of quality management provided the foundation for the QMS.
According to Evans & Lindsay (2013), a QMS provides a basis for documenting processes used to control and improve operations, drive innovation, and achieve the following objectives:
- Higher product conformity and less variation;
- Fewer defects, waste, rework, and human error; and
- Improved productivity, efficiency, and effectiveness.
ISO 9000 has three principal benefits (Evans & Lindsey, 2013):
- It provides discipline. The auditing process ensures that organizations routinely review its quality system. If deficiencies are identified, auditors will issue corrective actions.
- It contains the basics of a good quality system. Identifying customer needs, ensuring resources for maintaining quality, and that problems are identified and corrected.
- It offers a marketing program. ISO certified organizations can use their certification as a means of gaining a competitive advantage.
The ISO 9001:2008 requirements provide a structure for a basic quality assurance system. It consists of four major areas (Evans & Lindsey, 2013):
- Management Responsibility: addresses what top management must do to ensure an effective quality system, such as defining a quality policy and objectives, clearly defining responsibilities, and controlling documents.
- Resource Management: ensures that an organization provides sufficient staff, facilities, and training.
- Product Realization: controlling process from conception through design, procurement, manufacturing and distribution.
- Measurement, Analysis, and Improvement: control procedures for assuring quality and developing corrective and preventative measures.
A literature review was conducted to complete this analysis. Research materials included texts provided in the MSTM 6033 Quality Systems course, journal articles, and resources provided by the International Organization for Standardization. Benefits of implementing a QMS are outlined, as well as ways to implement an ISO 9001:2015 system.
The main changes found in the new standard are outlined. A correlation matrix between the 2008 and 2015 standard is provided in Appendix B. Focus is given to the main area of change in the new standard, which is the concept of risk management.
Quality Assurance and Quality Control are discussed. The Plan-Do-Check-Act process is discussed as it is a key feature of an ISO 9001 system. Auditing is another important feature of being ISO certified, so there are some auditing guidelines provided.
The purpose of a QMS is to design a framework that ensures consistency of processes. It defines and documents clear policies and procedures, and monitors the efficacy of work (Dale et al., 2007). A QMS must be documented to clearly define responsibilities and provides a way of assessment and measurement. It can be regarded as a good management practice.
The objective of a QMS is continual improvement (Dale et al., 2007).. A QMS can help gain personal buy-in to quality processes for which employees are responsible. Once issues are identified, actions can be taken to prevent the mistake from being repeated. A QMS ensures an investigation of non-conformances is completed and that corrective and preventative actions are implemented.
A documented QMS requires a stated quality policy and procedures. The procedures will outline the structure of the organization with clear roles and responsibilities for ensuring quality. The specifics and methods for performing work that meets quality standards will be outlined. There will usually be a database for reference documents, forms, and standards (Dale et al., 2007). An effective QMS is developed in relation to a company’s corporate strategy and objectives. A commitment to quality is visible through goals and policies.
The ISO 9001 quality management system standard is well known with over 1.1 million certificates (International Organization for Standardization, 2015). A QMS can be certified to the 9001 ISO standard. A QMS which can be demonstrated by assessment with compliance with ISO 9001 provides an effective framework to build an approach to the process of continual improvement (Dale et al., 2007).
Some benefits of implementing a QMS include (International Organization for Standardization, 2015):
- Meet customer expectations;
- Meet regulatory requirements; and
- Demonstrate conformity to QMS requirements.
QMS principles include (International Organization for Standardization, 2015):
- Customer focus;
- Engagement of people;
- Process approach;
- Evidence-based decision making;
- Relationship management.
The ISO 9001 standard provides a definitive list of features which should be found in documented policies, manuals, and procedures. The standards are reviewed every five years to determine if revisions are required (International Organization for Standardization, 2015). A QMS provides a way to manage Quality Assurance and Quality Control. An ISO 9001 certified QMS ensures the organization has (Dale et al., 2007):
- A quality policy;
- Standardized procedures;
- Monitoring of defects;
- A corrective and preventative action system; and
- Management reviews.
3.1 Quality Control
The broad principles of Quality Control (QC) are defined in the standards; there are no specific methods by which control can be achieved (Dale et al., 2007). The ISO standard allows for various interpretations and application in a wide range of industries (Evans & Lindsey, 2013). Each organization develops its own system and tests it against the ISO standard.
Control is “the activity of ensuring conformance to the requirements and taking corrective action when necessary to correct problems and maintain stable performance” (Evans & Lindsey, 2013). QC is a key aspect of process management, ensuring a high level of performance in organizations.
3.2 Quality Assurance
Quality Assurance provides confidence that quality requirements are being fulfilled. QA departments oversee the conception of an idea through the life cycle of a product or service and address any weaknesses in the system. The objective of QA is to build quality into design and planning and ultimately provide confidence to consumers and stakeholders (Dale et al., 2007).
The ISO 9001:2015 standard is current with latest trends and is designed to be compatible with ISO 14001 (International Organization for Standardization, 2015). The new standard gives increased importance to risk. Organizations are allowed a three year transition period to upgrade from the 2008 standard. The most recent standard was issued on September 15, 2015. After the end of September 2018, a certificate to ISO 9001:2008 will no longer be valid (International Organization for Standardization, 2015).
The main components of the ISO 9001:2015 standard are:
- Evaluation; and
Some of the main changes in the new version of ISO 9001:2015 are (International Accreditation Forum, 2015):
- An explicit requirement for risk-based thinking to support and improve the understanding and application of the process approach;
- Fewer prescribed requirements;
- Less emphasis on documents;
- Increased leadership requirements;
- Greater emphasis on achieving desired outcomes to improve customer satisfaction.
4.1 The Plan-Do-Check-Act Model
The Plan-Do-Check-Act (PDCA) model (See Figs. 1 & 2) is used in the ISO 9001 standard. The PDCA cycle ensures processes are adequately resourced and managed, and that opportunities for improvement are acted upon (International Organization for Standardization, 2015). The cycle can be applied to all processes and to the QMS as a whole. It can be used to implement the new ISO 9001:2015 standard. This model was first introduced by Deming (Evans & Lindsey, 2013).
Figure 1: The PDCA model. Gough, D. (2015).
Figure 2: The PDCA Model. From International Organization for Standardization (2015). Quality Management Systems-Requirements. Switzerland.
4.2 Risk-Based Thinking
Risk-based thinking is essential to an effective QMS. This concept is given prominence in the new ISO 9001:2015 standard. To conform to the requirements of the ISO standard, organizations need to demonstrate that they are implementing actions to address risk and opportunities ((International Organization for Standardization, 2015). In ISO 9001:2015, risk-based thinking needs to be considered from the beginning and throughout the system, making preventive action inherent to planning, operation, analysis and evaluation activities (International Accreditation Forum, 2015).
Principles of risk-based thinking include (International Accreditation Forum, 2015):
- Carrying out preventative action to eliminate potential nonconformities;
- Analyzing any nonconformities that do occur; and
- Taking action to prevent recurrence.
4.3 Other Key Changes
The following is a list of other key changes provided by the International Accreditation Forum as guidance for implementation (2015). Also see Appendix A: Major Differences in Terminology Between ISO 9001:2008 and 9001:2015 and Appendix B: ISO 9001:2008 to ISO 9001:2015 Correlation Matrix.
- “Procedures”, “Records”, and “Documents” have all been eliminated in favor of “Documented Information.” The standard is trying to be more inclusive in accepting alternative approaches to these areas.
- All references to “Product” will now read “Products and Services.” This has long been the case already, as clause 3 of ISO 9001:2008 stated “Wherever the term “Product” appears it can also mean Service.” The standard is further pushing the idea of ISO 9001 as being applicable to multiple types of businesses (those with and those without a tangible product.
- “Management Responsibility” has become “Leadership.” Pushes further the concept that Management must lead by example and involvement, rather than simply directing that activities are performed.
- “Continual Improvement” has evolved into a larger section called “Improvement.” Promotes the concept that Continual Improvement is not the only aspect of improvement strived for in a quality system (improvement can also be characterized by breakthroughs, reactive changes, and reorganizations.)
- Suppliers are now referred to as “External Providers.” This is intended to better accommodate service organizations.
- ISO 9001:2015 will not specifically require any of the following:
- Quality Manual
- Procedures Manual
- Work Instructions
Organizations could theoretically achieve certification without any of these documents, however auditors will still be required to verify consistency with the applicable requirement, consequently the organization will need to be prepared to show a consistent, effective process for whatever activity is being reviewed. If this can be accomplished without a procedure/quality manual, it will be accepted.
- The title of “Management Representative” does not appear within the ISO 9001:2015 standard. The implication is not that this responsibility has been eliminated, but rather that many of this party’s key functions should now fall to top management itself. This reflects the current “in practice” arrangement for many of the companies already certified.
- Most key changes are found in Sections 4, 5, and 6.
Companies with ISO quality management systems will perform internal and external audits to ensure compliance with the standard. Internal audits can be performed by internal staff, but external audits are conducted by third party companies to ensure integrity (International Organization for Standardization, 2002). An audit will identify any deficiencies, but also identify strengths. The auditor will make recommendations for improvement and follow up on those recommendations to ensure they have been implemented.
The ISO 9001 standard emphasizes the importance of audits as a management tool to verifying the implementation of a QMS (Dale et al., 2007). Audits are an essential part of conformity assessment of ISO certification. The International Standard provides guidance for the management of audit programs (International Organization for Standardization, 2002).
The responsibility for managing the audit program should be assigned to one or more individuals who have a general understanding of audit principals are competent with the application of audit techniques (International Organization for Standardization, 2002). They should establish the objectives and extent of the audit program, assign responsibilities, and ensure records are maintained. Please see Appendix C for an outline of the audit process.
- Audit plans;
- Audit reports;
- Nonconformity reports;
- Corrective and preventive action reports; and
- Audit follow-up reports.
ISO 9001 implementation guidelines are suggested by Dale et al. (2007):
- Be clear on reasons for seeking the ISO 9001 registration ensuring that benefits outweigh costs.
- The development of the QMS should be managed as a project with an implementation plan and timelines.
- Perform a GAP analysis which examines the company’s current situation and where it wants to go.
- Establish a steering committee which includes the CEO and management representatives from each department.
- Seek to exceed the standard; the ISO standard should be regarded as minimum requirements.
- Leadership involvement is imperative; executives must be involved with the development of policies and objectives.
- Ensure participation by providing training to all employees.
- Procedures must be accurate, practical, and easily implemented.
- Involve employees with writing their own procedures – they know best and it ensures ownership. It is not desirable to have external consultants write procedures.
Other elements to keep in mind when adapting the new 2015 standard (International Accreditation Forum, 2015):
- Plan a careful review of the new standard upon its publication;
- Identify gaps that exist within their current system;
- Determine strategies for gaps that do exist;
- Make sure that your existing documentation (Quality Manual, Procedures) works for your organization;
- If a re-numbering enables the documentation to work better for your organization, than do so, but it will not be required;
- Provide appropriate training and awareness for all parties that have an impact on the effectiveness of the organization;
- Update the existing QMS to meet the revised requirements and provide verification of effectiveness; and
- Where applicable, liaise with their Certification Body for transition arrangements.
Dale, B.G., Wiele, T., & Iwaarden, J. (2007). Managing Quality, 5th Edition, Chcihester, UK: Blackwell Publishing.
Evans, J. & Lindsay, W. (2013). Managing for Quality and Performance Excellence. 9th Edition. Mason, OH: South Western-Cengage.
International Accreditation Forum (2015). Transition Planning Guidance for ISO 9001:2015.
International Organization for Standardization (2002). Guidelines for Quality and/or Environmental Management System Auditing. Switzerland.
International Organization for Standardization (2015). Quality Management Systems — Requirements. Switzerland.
7.1 Major Differences in Terminology Between ISO 9001:2008 and 9001:2015
7.2 ISO 9001:2008 to ISO 9001:2015 Correlation Matrix
Appendix A: Major Differences in Terminology Between ISO 9001:2008 and 9001:2015
Appendix B: ISO 9001:2008 to ISO 9001:2015 Correlation Matrix
ISO 9001:2008 to ISO 9001:2015
|ISO 9001:2008||ISO 9001:2015|
|1 Scope||1 Scope|
|1.1 General||1 Scope|
|1.2 Application||4.3 Determining the scope of the quality|
|4 Quality management system||4 Context of the organization|
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.4 Quality management system and its processes
|4.1 General requirements||4.4 Quality management system and its processes|
8.4 Control of externally provided processes, products and services
|4.2 Documentation requirements||7.5 Documented information|
|4.2.1 General||7.5.1 General|
|4.2.2 Quality manual||4.3 Determining the scope of the quality management system|
4.4 Quality management system and its Processes
|4.2.3 Control of documents||7.5.2 Creating and updating|
7.5.3 Control of documented Information
|4.2.4 Control of records||7.5.2 Creating and updating|
7.5.3 Control of documented Information
|5 Management responsibility||5 Leadership|
|5.1 Management commitment||5.1 Leadership and commitment|
|5.2 Customer focus||5.1.2 Customer focus|
|5.3 Quality policy||5.2 Policy|
5.2.1 Establishing the Quality policy
5.2.2 Communicating the Quality policy
|5.4 Planning||6 Planning|
|5.4.1 Quality objectives||6.2 Quality objectives and planning to achieve them|
|5.4.2 Quality management system planning||5.3 Organizational roles, responsibilities and authorities|
6.1 Actions to address risks and opportunities
6.3 Planning of changes
|5.5 Responsibility, authority and communication||5 Leadership|
|5.5.1 Responsibility and authority||5.3 Organizational roles, responsibilities and authorities|
|5.5.2 Management representative||5.3 Organizational roles, responsibilities and authorities|
|5.5.3 Internal communication||7.4 Communication|
|5.6 Management review||4 Quality management system|
4.1 Understanding the organization and its
4.2 Understanding the needs and expectations of interested parties
9.3 Management review
|5.6.1 General||9.3.1 General|
|5.6.2 Review input||9.3.2 Management review input|
|5.6.3 Review output||9.3.3 Management review output|
|6 Resource management||7 Support|
|6.1 Provision of resources||7.1.1 General|
|6.2 Human resources||7.2 Competence|
|6.2.1 General||7.2 Competence|
|6.2.2 Competence, training and awareness||7.2 Competence|
|6.3 Infrastructure||7.1.3 Infrastructure|
|6.4 Work environment||7.1.4 Environment for the operation of processes|
|7 Product realization||8 Operation|
|7.1 Planning of product realization||8.1 Operational planning and control|
|7.2 Customer-related processes||8.2 Requirements for products and services|
|7.2.1 Determination of requirements related to the product||8.2.2 Determination of requirements for products and services|
|7.2.2 Review of requirements related to the product||8.2.3 Review of the requirements for products and services|
8.2.4 Changes to requirements for products and services
|7.2.3 Customer communication||8.2.1 Customer communication|
|7.3 Design and development||8.3 Design and development of products and services|
|7.3.1 Design and development planning||8.3.1 General|
8.3.2 Design and development planning
|7.3.2 Design and development inputs||8.3.3 Design and development Inputs|
|7.3.3 Design and development outputs||8.3.5 Design and development outputs|
|7.3.4 Design and development review||8.3.4 Design and development controls|
|7.3.5 Design and development verification||8.3.4 Design and development controls|
|7.3.6 Design and development validation||8.3.4 Design and development controls|
|7.3.7 Control of design and development changes||8.3.6 Design and development changes|
8.5.6 Control of changes
|7.4 Purchasing||8.4 Control of externally provided processes, products and services|
|7.4.1 Purchasing process||8.4 Control of externally provided processes, products and services|
8.4.2 Type and extent of control
|7.4.2 Purchasing information||8.4.3 Information for external providers|
|7.4.3 Verification of purchased product||8.4.2 Type and extent of control|
8.4.3 Information for external providers
8.6 Release of products and services
|7.5 Production and service provision||8.5 Production and service provision|
|7.5.1 Control of production and service provision||8.5.1 Control of production and service provision|
8.5.5 Post-delivery activities
|7.5.2 Validation of processes for production and service provision||8.5.1 Control of production and service provision|
|7.5.3 Identification and traceability||8.5.2 Identification and traceability|
|7.5.4 Customer property||8.5.3 Property belonging to customers or external providers|
|7.5.5 Preservation of product||8.5.4 Preservation|
|7.6 Control of monitoring and measuring equipment||7.1.5 Monitoring and measuring resources|
220.127.116.11 Measurement traceability
|8 Measurement, analysis and improvement||9 Performance evaluation|
9.1 Monitoring, measurement, analysis and evaluation
|8.1 General||9.1.1 General|
|8.2 Monitoring and measurement||9.1 Monitoring, measurement, analysis and evaluation|
|8.2.1 Customer satisfaction||9.1.2 Customer satisfaction|
|8.2.2 Internal audit||9.2 Internal audit|
|8.2.3 Monitoring and measurement of processes||9.1.1 General|
|8.2.4 Monitoring and measurement of product||8.6 Release of products and services|
|8.3 Control of nonconforming product||8.7 Control of nonconforming outputs|
10.2 Nonconformity and corrective action
|8.4 Analysis of data||9.1.3 Analysis and evaluation|
|8.5 Improvement||10 Improvement|
|8.5.1 Continual improvement||10.1 General|
10.3 Continual Improvement
|8.5.2 Corrective action||10.2 Nonconformity and corrective action|
|8.5.3 Preventive action|| 6.1 Actions to address risks and opportunities (see 6.1.1, 6.1.2)|
10.3 Continual Improvement
 International Organization for Standardization (2015). Quality Management Systems — Requirements. Switzerland.
 International Accreditation Forum (2015). Transition Planning Guidance for ISO 9001:2015.
 International Organization for Standardization (2002). Guidelines for Quality and/or Environmental Management System Auditing. Switzerland.