2015 updates for ISO 9001, 14001 align with other standards

The newest International Standards Organization (ISO) standards revisions are restructured to have the same 10 clauses as other management systems, making them simpler for manufacturers and other organizations to integrate their standards and certification efforts.

Fabricators, metal formers, and other manufacturers can now begin International Standards Organization (ISO) 2015 certifications. In September 2015, the universally recognized global standards body released its 9001:2015 standards for quality management systems (QMS) and 14001:2015 for environmental management systems (EMS). Fabricators can continue to use the 2008 and 2004 standards until September 2018, but they won’t find validating agencies certifying the 2008 revision after September 2016.

Key changes to both the ISO 9001 and ISO 14001 standards are that they are structured to align with other standards; are less prescriptive; require greater upper management involvement; and require less documentation but more emphasis on defining processes and risks and opportunities planning. They also require that the manufacturer determine its context both internally and externally.

A Lot in Common

Fabricators and metal formers familiar with previous ISO versions and other standards, such as the AS9000 Aerospace Basic Quality System Standard, and those issued by other organizations, such as the American Society for Quality (ASQ), will recognize that the ISO structure has been reorganized to integrate with other standards via a common structure and 10 clauses:

0. Introduction
1. Scope
2. Normative references
3. Terms and definitions
4. Context of organization
5. Leadership
6. Planning
7. Support
8. Operations
9. Performance evaluation
10. Improvemet

A common structure is possible because basic concepts such as management, customer requirements, policy, procedure planning, performance, objective, control, monitoring, measurement, auditing, decision-making, corrective action, and nonconformity are common to all management system standards, according to Chuck Jenrich, an ISO certification specialist. “A common structure should make it easier for organizations to implement multiple standards because they will all share the same basic language and the same basic requirements,” he said.

“This will enable better integration into an organization’s overall strategy, rather than management of a series of ‘bolt-on’ systems,” said Karen Lutz, senior program manager, EHS compliance and sustainability for TRC, in her article “Update: Environmental Management Systems Standard ISO 14001-2015.”

The new standard is less prescriptive, Jenrich said, doing away with the requirement for a quality manual and management representative and instead leaving it up to the company to devise strategies to meet the other requirements. “The standard says, we still want you to have satisfied customers at the end of the day. We want to make sure you can do it in the way that works best for your company.”

There is a decreased emphasis on documentation and increased emphasis on achieving value for organizations’ customers, Jenrich added.

Context of the Organization (4.0)

This is a new requirement. A company must now understand its context before establishing its management system. This means it must consider factors that are relevant to its purpose and strategic direction and how they influence those factors and are influenced by them.

For example, “context” means that an organization seeking ISO 14001: 2015 must not only consider the impact of its activities on the environment, but also the impact of the environment on its activities, such as anticipated impacts from climate change, raw material scarcities, energy management, and so forth, Lutz said.

Context is already very germane to 14001 environmental standards, given that a company must consider its impact on water, air, energy, material resources, emissions, ground contamination, and its community in general.

However, context is a little harder for companies to understand and apply to the 9001 standard, Jenrich said. Where are you in your industry sector compared to your competitors? Where are you within your customers’ supply chains? Who are all your company’s interested parties—stakeholders, stockholders, employees, neighbors, people in your industrial sector? All of those comprise the context of your organization, he said.

Under Clause 4.4, companies still must devise a management system, but now they must also assess risks and opportunities and assign authority for processes. “Most companies don’t understand their capacity—or their capabilities. Let’s say a company takes on an order for a product it doesn’t know if it can make. So, what’s the risk of doing that? It’s a new product. New customer. New technology. New supplier. All those risks have to be considered. You have to go through that process. And that’s what ISO wants with risk management,” Jenrich said.

He added that the risk management process is similar to a SWOT analysis that assesses strengths, weaknesses, opportunities, and threats.

More Leadership Involvement

The new version (5.1.1) requires top management to become more accountable than before for the quality or environmental management system’s effectiveness. Its objective is the decentralization of the system and sharing of the responsibilities throughout the company, Jenrich and Lutz said.

No longer will management be able to remain uninvolved in the standards, leaving all of the tasks and accountability to one person or small group, Jenrich said.

The greater emphasis on leadership involvement is intended to ensure that the management systems are embedded at the strategic level, and that they are consistent with the organization’s strategic direction and processes.

The new version details the responsibilities, roles, and authorities within the QMS and EMS.

Risk Planning Replaces Preventive (6.1)

The new ISO standards no longer require preventive action; now they expect companies to establish a risk planning process. This process identifies and addresses the risks and opportunities that could influence the performance of their management systems, disrupt their operations, or impede their ability to provide compliant and satisfactory products. It then expects them to define actions to address these risks and opportunities—and determine how they’re going to make these actions part of their management system processes.

“Risk-based thinking has always been implicit,” states the standard, driving training, planning, validation, auditing, monitoring, measuring, and controlling—all intended to prevent mistakes and reduce risk. “Now it is explicit,” Jenrich said.

How to Achieve Objectives (6.2)

ISO pushes companies a little further in this planning clause in that it not only requires companies to plan objectives, as was required in the 2004 and 2008 revisions, they must also describe how they will achieve those objectives.

Bye-bye Records, Documents; Hello Documented Information. The new ISO has eliminated the long-standing distinction between documents and records (7.5.2). Now they are both referred to as “documented information,” which refers to information that must be maintained and retained. The standards ask manufacturers to maintain information—what used to be referred to as documented procedures—and retain that information—what used to be referred to as records. “So while the definition of the term ‘documented information’ abandons the distinction between documents and records, essentially it is still required that companies document and record information,” Jenrich said. “Companies don’t need to keep records they can later get sued for, but they have to show their process methodology.”

The new version emphasizes documenting the treatment of customer property (8.2) as well as monitoring and controlling external providers (8.4.3). This is especially significant for environmental management. Operational scheduling and controlling should pay closer attention to upstream and downstream processes—in particular, outsourced processes—including their environmental impacts, Lutz said.

Transition Period

Leading certification bodies have announced that they will stop certification on the 2008 revision in September 2016. Companies certified against the 2008 revision must transition by September 2018. The 14001 environmental standards have been unchanged since 2004. “That’s unprecedented,” Jenrich said.

Companies can certify the 2015 revision right now, though Jenrich and Lutz advise companies to jump in with only one foot for now.

They advise manufacturers seeking ISO 9001:2015 and 14001:2015 certification to begin with a gap analysis—a comparison of where the company is now against what it needs to do to satisfy certification requirements. They should identify necessary changes in their organization. Is training required? Does the company need to make adjustments to its documentation or existing management system? “Then that plan becomes part of your new management system,” Jenrich said.

“Immediately intensify consideration of the environmental impacts of the value chain of your products, processes, and services regarding raw materials, suppliers, customer use, and waste management,” Lutz advises for those seeking ISO 14001.

Manufacturers need to stay up-to-date on the public debate regarding the standard and interpretation of its requirements, she added.

Fortunately, ISO plans to maintain the 2015 standards for 10 years, so certifying manufacturers can be assured that they won’t need to make changes again for about a decade.

Source: Chuck Jenrich, “ISO 2015: Are you ready for the transition?” presented at The Business & Professional Institute of Rock Valley College, October 13, 2015.