Inquiry:
Question received via ASQ’s Ask the Experts Blog, Published 10/21/2015
In addressing clause 4 of ISO 9001:2015 regarding organization context and interested parties, what type of tool (spreadsheet,diagram,flowchart,etc), would you recommend to use to simplify the practice and to give a proper understanding for auditors? I understand that risk evaluation (ISO 9001:2015) should be accomplished not only at a high level of establishing and planning objectives, but also at the processes level. If this is right, could organization use some criteria to select processes to be evaluated? AG
Reply:
Hello AG,
Regarding your inquiry, your selection of tools such as spreadsheets, diagrams, flowcharts and etc., should be driven by whatever best fits your organization’s context, QMS scope and requirements of interested parties. However, before proceeding with tool selection to “simplify” practices as mentioned in your inquiry, it is essential that the changes and new requirements of ISO 9001:2015 are fully understood and communicated throughout the organization. As you know, transitioning from ISO 9001:2008 to ISO 9001:2015 will require much more than providing understanding to Auditors. The transition process should begin with top management and then flow down to the process owners and others throughout the organization. If a gap analysis hasn’t already been completed, consider doing so to identify those processes that must be improved to meet ISO 9001:2015 certification requirements.
As you know, risk based thinking (RBT) must be a part of an every organization’s process approach, to ensure risks and opportunities are identified and addressed. Although RBT is not new, it is a changed approach. ISO 9001:2015 supports the scalability of quality management systems which allows them to be specific to an organization’s processes, products, and services. The landscape of today’s quality management systems has changed. It’s not a “one size fits all” situation. For this reason, it’s essential for top management, process owners as well as the QMS Auditors to develop a thorough understanding of ISO 9001:2015 and its requirements. Also of equal importance is the familiarization of top management, process owners, and Auditors with the principals of risk assessment, management and related terminologies (i.e., ISO 31000:2018).
The effectiveness of future QMS audits will depend upon Auditors that can apply their collective knowledge of ISO 9001:2015, risk assessment, and management requirements, as well as their in-depth knowledge of the industries, processes, products, and systems, audited. Professional Evaluation Certification Board (PECB) has developed several ASTM E2659 compliant training courses applicable to ISO 9001:2015. Other information about transitioning to ISO 9001:2015 is available on the International Accreditation Form’s (IAF) website at www.iaf.nu. Click this link to read about the recent publication of ISO 9001:2015 http://www.iaf.nu/articles/Publication_of_ISO_90012015/443
About the second part of your inquiry (item b.), it’s important to be aware that RBT applies to every process that comprises your organization’s quality management system. RBT should be integrated into your organization’s QMS and product planning processes to ensure risks and opportunities are identified and addressed.
A few key questions to consider include, how will your Registrar verify your organization’s conformance with ISO 9001:2015 requirements? What is your Registrar’s timeline for transitioning existing clients to ISO 9001:2015 requirements? What type of support will be provided to assist clients through the transition process?
I hope this helps.
Best regards,
Bill