ISO 9001:2015 - 5 More Changes to Look Out For!

There are 10 key changes to the new ISO 9001:2015 Standard, compared to the 2008 version. Here are numbers 6 - 10.

Part 2 (of 2) of Karen MacKenzie's summary of key changes to ISO 9001 in 2015. Catch the first five changes here.

6. At last... the death of the appalling phrase ‘product realisation’!

Even as an evangelist for quality management systems and the use of International Standards, I have always struggled to be enthusiastic about this terminology. As an accepted, descriptive phrase in use in the 2008 version, I always felt that it was one of those compromises like a ‘camel being a horse designed by a committee’ – it included everyone’s preferences but turned it to fit no-one’s requirements. So now we have ‘Operation’ (Clause 8 in 2015 version). There were also issues with product realisation, since it could be misleading in creating the assumption that design was excluded. There are potential areas of confusion in Operation – Clause 8 in the control of NCs (outputs in clause 8 and Non-conformity in Clause 10) and with purchasing and outsourcing; but good quality guidance from trainers, auditors and consultants should help with these issues.

7. The separation of performance evaluation and improvement

My personal opinion is that the jury is out on this change, and on the NC issues of NC outputs in Clause 8 and Non-conformity in Clause 10. There always were issues with monitoring, measuring and analysis, as laid down in the 2008 version, and I believe this will continue to be an area of confusion. However, again with good quality guidance from trainers, auditors and consultants, maintaining the view that practise in management systems should be founded on good theory and sound principles; and that a system should work for you and not consist of you working for the system... There is hope!

8. The removal of the word 'continual' from 'continual improvement'

If you know your quality gurus you’ll know that there is a plethora of written work on gradual, incremental improvement and on big breakthrough improvements; and in management systems - as in life - there tend to be both. Perhaps the removal of the word 'continual' was to assist in bringing more awareness of both types of improvement? Time will tell. But whatever the improvement is, it will need to be evidenced within the P-D-C-A model.


“Whatever the improvement is, it will need to be evidenced within the P-D-C-A model."


9. The shocking news that there is no longer any requirement for specific documented procedures

However... the standard has not moved so far away from ISO 9001:2008 Clause 4.2.1 (d):

d) Documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.

And within the 2015 version we find in 4.2.2, the organisation shall:

a) Maintain documented information to support the operation of its processes
b) Retain documented information to have confidence that the processes are being carried out as planned

So the requirement to show how you control processes is still there. You just don’t have to do it with procedures, but neither do you not have to do it with procedures!


10. (and I’ve left this till last, even though I think it’s probably the most important!) The focus on a risk based management system

Again, at SQMC we took on board many years ago the element of business risk in setting the standards within our organisational context training sessions. We focus a large part of our Lead Auditor training on risk within the management systems and risk based auditing and so this is not a big surprise to us. Preventive action clearly states within the 2008 version (Clause 8.5.3) that it’s designed to prevent occurrence, therefore it’s a risk assessment activity which puts control measures in place to minimise or prevent the risk occurring. Corrective action always contained an element of preventing recurrence of a non-conformance, and so if you previously managed these 2 areas as described in the standard then this should not be a huge change – it’s far from unusual for businesses to carry out SWOT and PEST analysis and identify areas of potential risk and to plan their operations with mitigation of risk as part of their normal working practise. For me, the standard has just caught up with this.

In the 2015 version, page vi states: “Risk-based thinking enables an organisation to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimise negative effects and to make maximum use of opportunities as they arise”.

Have we missed something? We'd love the input of our very knowledgeable readership! Please comment below. :-)