8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 1/10

Webinar, 20th

June 2014

“ISO 9001 – The Story so Far”

On June 20th

, IRCA and CQI hosted a live webinar explaining and analysing the ISO 9001 revision. During the webinar,

we received over 500 technical questions relating to the standard and its implications. Our technical experts have

answered a selection of questions on the most common issues.

This document is hot-linked: click on the headers below to go to the relevant section

Contents

General ...................................................... .............................................................. ......................................................... 2

Quality manual .............................................................. .............................................................. ..................................... 3

Annex SL .............................................................. .............................................................. ............................................... 3

Customer focus ............................................................. ............................................................... .................................... 3

Information for IRCA auditors ............................................................ .............................................................. ................ 4

Information for companies................................................................ .............................................................. ................. 5

Risk ............................................................ .............................................................. ......................................................... 5

Quality management principles ........................................................ .............................................................. ................. 6

Management ...................................................... ............................................................... ............................................... 7

PDCA.......................................................... .............................................................. ......................................................... 7

Interested parties .......................................................... .............................................................. ..................................... 7

Documentation.................................................... .............................................................. ............................................... 8

Other ........................................................ .............................................................. .......................................................... 9

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 2/10

2

General

Q: What are the main differences between ISO 9001:2008 and ISO 9001:2015 for each of the clauses?

A: The best source of this information is the CQI/IRCA DIS 9001:2014 report which is now available free to CQI and IRCA

members. Non-members can purchase a copy of the report at a cost of £25. Please visit the IRCA site or the CQI site for

more information.

Q: Will ISO provide an official cross-reference between the 2008 and 2015 versions?

A: This is being considered. At a high level this would be fairly straightforward to put together, however, at the level of 

detailed requirements it would be considerably more complicated. This is because clauses have not necessarily been

relocated to the 2015 version as complete entities. A number have been broken up and elements of them have been

relocated to several of the new clauses.

Q: What will be the effect of the new version on companies with quality management systems that are currently

implemented and certified to QMS 9001:2008?

A: This will vary from organisation to organisation in terms of how much change will be needed. There will be a three-

year transition period for certified organisations which will start when the standard is published. However, the standard

writers and certification bodies are already encouraging organisations to make a start. The first step is to gain an

understanding of the new and enhanced requirements. Then do a gap analysis. Some will prefer to wait for the FDIS

before launching into redeveloping the quality management system, but we believe there is work that you can usefullyget on with now.

Q: It is very difficult to start to carry out many actions based on a draft – this can still change. How certain are you

that the final version will be very similar to the DIS?

A: There will be changes between now and the final version of the standard. That is why IRCA typically does not revise

its course criteria until the FDIS is published. Having said that, changes arising from the adoption of Annex SL are among

the most likely to remain unchanged, as changing Annex SL would impact not just 9001 but all Annex SL-based

standards. At this point you should certainly be looking to carry out a gap analysis between the current and proposed

new requirements (our DIS report will be useful for this). You should also be raising awareness within your organisationon what the future may look like, particularly for top managers. We would also recommend working with your auditors

to make them familiar with the new structure of the standard and its headline requirements.

Q: The intent of ISO 9001, when first published in 1987, was to specify minimum requirements for certification.

Considering the present status of certification, is the time ripe for raising this bar so high?

A: Some would argue that the basic intent of ISO 9001 has always been to specify requirements for a quality

management system that will give assurance to purchasers that the product will meet requirements. ISO 9001:2015 will

continue this underlying approach. Accredited certification is intended to avoid multiple audits by different purchasing

organisations and enable mutual recognition across country borders. If there are issues with certification, then these

need to be addressed without compromising the expectations of management system standards.

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 3/10

3

Quality manual

Q. In my experience organisations that operate integrated management systems already reduce their quality

documentation to an absolute minimum. By removing the requirement for a quality manual and procedures, are we

in danger of universally sanctioning this minimalistic approach?

A: DIS 9001:2014 does not require either a quality manual or documented procedures. It does however require specific

'documented information' to be either retained or maintained. If an organisation wishes to be certified then it must of 

course meet all of the requirements within a standard, including those pertaining to documented information, and it

must be able to show this as evidence to you. There is nothing to stop an organisation operating a QMS based on a

subset of the ISO 9001 requirements, but it cannot then legitimately claim to meet the standard.

Annex SL

Q: In the DIS, there is no reference to Annex SL. What exactly is contained within Annex SL?

A: Annex SL could be described as the standard writers’ 'standard'. It was developed to ensure all future ISO

management system standards share a common format irrespective of the specific discipline to which they relate.

Annex SL prescribes a high-level structure, identical core text and common terms and definitions. Consequently, users

of ISO management system standards can expect to find a lot more commonality across standards which should make

implementing and auditing multi-discipline and integrated systems more straightforward. Please look at the briefing

note on Annex SL available on the IRCA and CQI websites.

Q: Why was it necessary to designate Annex SL as an annexure and not a full standard? The very designation ‘Annex

SL’ suggests that it is part of another document.

A: It is part of another document, used within ISO. It is an annex to ISO/IEC Directives Part 1 and Consolidated ISO

Supplement. This Directive defines the basic procedures to be followed in the development of international standards.

Annex SL of this Directive is titled ‘Proposals for management system standards’.

Q: Each of the management standards, e.g. ISO 9001, will consist of a core structure, reproducing the requirements

of Annex SL. If there are any amendments in future, will all the standards have to be amended?

A: We would expect this to be the case, otherwise the purpose of having the same high-level structure and common

core text will be lost. It is not yet clear how this will be accomplished, with standards having different revision dates.

Customer focus

Q: In Annex B, customer focus is expressed as a state in which we strive to exceed customer expectations. It is only

said to enhance customer satisfaction in 5.1.2 – which is correct?

A: The definition of 'customer satisfaction' tells us these are both saying the same thing. It's not the case that one is

correct and one is not.

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 4/10

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 5/10

5

Information for companies

Q: Will clients be given a three-year time frame to convert to the new standard?

A: Yes, there will be a three-year transition period for existing 2008 registrations.

Q: What are the main QMS mandatory procedures that need to be implemented or changed for the currently

certified ISO 9001:2008 company?

A: The CQI/IRCA DIS report will advise you on which elements of your existing system can remain the same and which

will need to be revised. It also highlights instances where you need to introduce new elements into your QMS to meet

new requirements.

Q: What would you advise an organisation to do that is considering ISO 9001 certification at the moment– wait for

the new standard to come into effect before applying, or go ahead and then convert to the new standard?

A: Interesting question. The time required to implement 9001 and achieve certification varies according to a range of 

factors but 8–12 months is typical. That would take you pretty much up to the anticipated release

date of the new standard. So, do you develop a QMS against the established requirements of ISO 9001:2008 or the

potential requirements of ISO 9001:2015 as contained within the DIS?

If you go down the former route you are working with a set of ‘known’ factors. The 2008 requirements are known andyou also know that you will have until 2018 to transition to the 2015 requirements.

On the other hand, if you develop a system based on the requirements of the DIS 9001:2014, you are working with

something which is still work in progress and is liable to change. This approach therefore carries inherent risk. If the

changes between DIS 9001:2014 and ISO 9001:2015 turn out to be minimal, then you’ll have relatively little work to do

in order to achieve a QMS which meets the latest standard. If the changes are significant, however, you’ll need to do

more, but this will still be less than those that need to fully transition.

Personally, I would work within the known parameters, being mindful wherever possible to write the system in such a

way that it is capable of meeting both the current 2008 requirements and the projected 2015 requirements. The  CQI/

IRCA DIS report highlights those clauses where this approach could be employed.

This is a close call however and if someone advised me they were implementing a QMS against the DIS, their reasoning

would be perfectly understandable.

Risk

Q: In all instances risk is used in the sense that it is the possibility of an undesirable result, particularly in 0.3 and 6.1,

but the definition given (3.09) implies risk has a positive effect. Which is correct?

A: This lack of clarity has its origins in pre-Annex SL times. Different disciplines have traditionally held different views on

risk. Risk management professionals have always seen risk in the Annex SL sense, as both positive and negative.

However quality professionals (and most people in the street) usually regard risk as exclusively negative, and

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 6/10

6

environmental professionals prefer to talk in terms of 'threats'. As risk is defined as a common term everyone should be

adopting both the positive and negative interpretation, but there is still some resistance to this.

Q: Please can you provide more explanation about what risk-based thinking actually means?

A: The concept of risk-based thinking is discussed in section 0.5 of the DIS. Risk-based thinking is about demonstrating

that you understand the risks to your QMS and its constituent processes which might affect your ability to achieve your

intended outcomes. You need to show evidence that you have determined the risks to your system and have taken

action that is proportionate to the potential impact of the risk, should the risk become an issue. Risks are dynamic –

they change through time – so risk-based thinking is an ongoing exercise and not a one-off event. Throughout the DIS,

you will see requirements referring to the need to consider risk.

Q: With reference to the ‘risk management’ requirement, will ISO 31000:2009 be compulsory for that analysis?

A: No. DIS 9001:2014 does not prescribe a particular risk-management methodology. It is up to each organisation to

decide how it wishes to meet the new risk-related requirements. In section 0.5 of the DIS, we are advised that

organisations may choose to go beyond the requirements of 9001 and adopt ISO 31000 if they chose to do so. There is

no obligation to do so.

Q: I'm still not sure that the terms ‘risk’ and ‘opportunity’ should be derived from issues. I think that risk could be

derived from context or situation rather than issues.

A: In DIS terms the context of an organisation is the product of the internal and external issues that it faces which are

relevant to its purpose, strategic direction and its ability to achieve intended results and the relevant requirements of 

relevant interested parties. A risk only becomes an issue when it has materialised. Until that point it remains as

something that could occur.

Quality management principles

Q: What are the changes to the quality management principles?

A: We believe the revised quality management principles will be:

QMP 1 – Customer focus

QMP 2 – Leadership

QMP 3 – Engagement of people

QMP 4 – Process approach

QMP 5 – Improvement

QMP 6 – Evidence-based decision making

QMP 7 – Relationship management.

Q: Why do seven principles now remain? Was the system approach introduced into the process approach?

A: The Process approach principle is revised so that “Consistent and predictable results are achieved more effectively

and efficiently when activities are understood and managed as interrelated processes that function as a coherent

system”. This has removed the need for a separate 'systems approach' principle.

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 7/10

7

Management

Q: Why does the standard require a QMS to be established (4.4) when it also implies in 5.1.1 that those elements of 

business processes that exist to manage product and service quality constitute the QMS, i.e. the system already

exists?

Q: You may be referring to 5.1.1d which requires top management to ensure the integration of the quality

management system requirements into the organisation's business processes. Our understanding of this is exactly what

it says – quality management system requirements should be an integral part of the business management processes,

not something separate operated, for example, by the quality assurance department. Of course, the organisation's

business processes will most likely include processes outside of the scope of the quality management system.

Q: Why was the requirement to have a management representative cancelled?

A: This is an attempt to ensure that ownership of the quality management system does not centre around a single

individual. DIS 9001:2014 replaces management responsibility with leadership, and repositions a number of ISO

9001:2008 requirements as leadership activities. There will be a greater need for top management to be actively

involved in the operation of their quality management system. This does not mean that organisations need to remove

their management representatives, but some duties traditionally assigned to the management representative by top

management will, in future, need to be undertaken directly by top management themselves.

Q: To comply with the 2008 standard top management normally signs the policy and approves the actions from the

management review. What else will they have to do to comply with the new standard?

A: This is detailed in the CQI/IRCA DIS report. There are now activities which top management are not able to delegate,

but which they must undertake themselves. For us, the changes relating to leadership are among the most significant

changes in the new version of the standard.

PDCA

Q: Will the 2015 version still recommend the use of PDCA?

A: Yes, PDCA applies at both the quality management system level, i.e. plan the QMS, operate the QMS, check the QMS

and then adjust the QMS as necessary, as well as at the process level. Please see the DIS 9001:2014 Introduction

Section 0.4 for more details.

Interested parties

Q: Please explain how interested parties are being introduced to this new version

A: Relevant interested parties are groups or individuals who have the ability to impact (or potentially impact) the

organisation's ability consistently to supply products and services that meet customer and applicable regulatory

requirements. Customers, board members and competitors would all fit into this classification. Each organisation will

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 8/10

8

have its own set of interested parties and this set will change over time. The final decision as to whether a party is

relevant rests with the organisation, not the party.

Documentation

Q: How can the redesign of the quality manual be done?

A: Organisations do not need to renumber existing QMS documentation to correspond to the new clause references. It

is the responsibility of each organisation to determine whether the benefits gained from renumbering will exceed the

efforts involved.

Q: Please specify any changes related to documentation and ISO mandatory procedures

A: References to a documented quality manual, documented procedures and to quality records have been removed.

Instead throughout ISO 9001:2015 DIS there are specific references to Documented Information. This is information

which the organisation is required to keep, control and maintain. While ISO 9001:2008 specified a number of 

mandatory documents, DIS ISO 9001:2014 does not. However that does not mean that organisations have to throw

away their quality manuals and documented procedures. If this documentation is in place and working well, there is no

need to withdraw it.

Q: It feels like auditing is going to be more difficult with the removal of documentation requirements. To ensure

compliance, you need to check records which show conformity to the requirement. So how will we understand the

requirement if it is not documented well and how should we ascertain its conformity without records?

A: It is correct to say DIS ISO 9001:2014 does not mandate documented procedures and records, in the way that ISO

9001:2008 does. However, in effect, both versions require the organisation to maintain documented information

(documented procedures) sufficient to support the operation of processes and retain documented information

(records) to the extent necessary to have confidence that the processes are being carried out as planned.

Organisations do not need to throw away their quality manuals and documented procedures if these are in place and

working well. The requirement for documented procedures was very much reduced with the introduction of ISO

9001:2000, compared to the previous version. But a majority of organisations chose to keep their documented

procedures and records. The same is likely to be the case in 2015. And as is the case now, if an organisation has not got

documented procedures, the first question an auditor should ask is 'how have you defined the process requirements,how do people know what to do and what acceptable evidence can you show me to support this?" Our opinion is that

auditors are likely to find themselves spending more time looking at everyday business information and IT-based

information, and less time looking at documentation created especially for the auditor.

Q: The 2008 version was asking for six mandatory procedures: what will it be in the 2015 version?

A: There are no mandatory procedures in 2015. Instead you will find requirements throughout the DIS to either

'maintain' or 'retain' documented information. The CQI/IRCA DIS report explains what is meant by 'documented

information' and highlights where this is required.

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 9/10

9

Other

Q: What is the position on clause exclusions? In particular for design, which could now be interpreted as a

requirement for all organisations.

A: All references to ‘exclusions’ in the 2008 version (sub-clause 1.2, ‘Application’) have been removed. This is because

all of the requirements in ISO 9001:2015 are intended to be applicable to all types and size of organisation. However,

DIS 9001:2014 Annex A, A.5 recognises that there may be circumstances where it is impossible for an organisation to

conform to a specific requirement – for example, where it does not operate a ‘required’ process. In these instances, the

organisation can deem the requirement ‘not applicable’, providing this doesn’t affect its ability to supply conforming

products or services, or compromise its aim to enhance customer satisfaction. So design is applicable to all

organisations.

Q: In what way do processes needed for the quality management system (4.4) differ from the processes needed to

run the business and satisfy the stakeholders (5.1.1)?

A: Business processes are likely to include processes that are outside the scope of the quality management system,

such as health and safety, financial and maybe some regulatory processes.

Q: Concerning the definition of scope of the management system in regard to Clause 4.3 of the DIS – if an

organisation manufactures a product and wishes to be certified to ISO 9001 at a particular manufacturing location

(location A), but the design of that product is conducted at a different location (location B) by the same organisation:

a) Would the design of the product have to be included in the scope (of certification) at location A?

b) Would location B have to be certified to ISO 9001 for its design activity?

A: a) No, but the organisation (location A) has to ensure that the controls that they (the organisation) and the external

supplier (whoever they are) are up to the job – ensuring the product does what it says on the tin. This means that there

have to be criteria, controls, etc. This situation comes under 8.4 – Control of externally provided products and services

(8.4.1)

b) No, location B does not have to be certified to ISO 9001.

Q: In terms of requirements based on business strategy, will it not require organisations to spell out their vision and

mission statements?

A: Establishing and communicating a clear purpose and direction for the organisation is part of understanding the

organisation and its context and is part of leadership. However there is no requirement for organisations to 'spell out

their vision and mission statements'.

Q: Will English-speaking companies be allowed to use familiar words such as Procedure, Records, and Purchasing?

A: Try to use the new terminology. The new terms have specific meanings that do not equate with current ISO9001:2008 terminology. There is no DIS 9001:2014 concept of a procedure, record or purchasing. Nonetheless, you can

8/10/2019 Irca - Iso 9001... Webinar Faqs

http://slidepdf.com/reader/full/irca-iso-9001-webinar-faqs 10/10

10

use whatever terminology you want, provided you are able to prove that you are meeting the requirements of the

standard in full.

Q: Why is there a shift from 'continual improvement' to 'improvement'?

A: This acknowledges that improvement is not necessarily continual. There may be periods where no improvement

occurs followed by a technical breakthrough leading to the organisation then operating at a whole new level.

Q: Preventive actions are now replaced with the concept of improvement. Does this mean there are any changes to

the methods?

A: Preventive action has actually become redundant as a result of the introduction of risk-based thinking. In future

organisations will need to employ risk management methods.

Q: Please explain the reporting process for internal audits

A: You need to retain documented information evidencing the implementation of an audit programme and also the

results of audits. The results of audits now need to be fed back to the 'relevant management' as opposed to the ISO

9001:2008 requirement to feed results back to ‘the management of the area audited’.

Q: What will be the difference on audit methodology?

A: That issue is too significant to explain in full here. This (or rather Annex SL) will change the way auditors plan,conduct and report audits. There are potential implications in respect of audit duration and audit team composition.

Q: Regarding 8.5.5, Post-delivery activities – can you provide an example to help us understand it better?

A: Note 4 to 8.5.5. provides examples of post-delivery activities. Post-delivery activities would include commissioning a

piece of machinery you have supplied after it has been delivered to the site, repairing your products if they break down

and taking back items that you are legally obliged to recycle. There are many instances where you may need to carry

out work after the initial product or service has been delivered.

Q: Are there any specific requirements (added) for outsourced process?

A: Yes, you will need to apply criteria for the monitoring of the performance of external providers of processes, in

addition to your existing criteria for evaluating, selecting, and re-evaluating them.

For more analysis of the DIS 9001:2014, please see our exclusive report “DIS

9001:2014 – Understanding the Draft International Standard”. It is free for IRCA

and CQI members and costs £25 for non-members. Go to the  IRCA or CQI sites

to find out how to download it.