by Kevin Smith, President Vie Associates, LLC
As many organizations are beginning to realize, the new ISO 9001 standard brings to the table some new requirements along with some confusion as to the intent of the changes. Two of the most notable additions include the requirements that organizations consider: 1) the context in which they operate, and 2) the needs of interested parties. Both of these new requirements are aimed to provide insight while defining the risks and opportunities that face the certified organization.
These two requirements are more explicit than their counterparts in the old standard for sure – but not actually new. The old version of the standard tried to address risk management in the quality management system, but with little success in practical application. The 2008 version of the ISO 9001 standard did, after all, include a Preventive Action clause. This in essence was a risk management requirement since it required the identification of potential problems – or risks – before they became actual nonconforming issues. The problem in application was that many quality system managers did not understand how to get preventive action ideas into the system. This would typically result with an empty Preventive Action log most of the year with a last minute scurry to populate some entries before the registrar would come to audit.
The ‘context of organization’ and the ‘needs of interested parties’ provide management with a discussion guide for risk management. The context of the organization requirement encourages management to discuss the political, economical, social, and technological factors within their environment and determine what risks and opportunities are present. The needs of interested parties’ requirement guides management in uncovering risks and opportunities associated with various stakeholders and their needs and expectations.
These two new clauses, along with a basic understanding of risk throughout the organization, provides a focus on prevention rather than detection and gives top management a great place to start their discussion regarding the identification of risk. This focus on risk management appears to be the ISO 9001 developers’ definitive stance on effective preventive action.
As a gentle reminder, the deadline for compliance to the revised standard is September 2018.
Kevin Smith, President and Founder of Vie Associates, has spent most of his career assisting leaders in improving organizational performance and maximizing human resources.
Side note: Northwest Industrial Resource Center (NWIRC) will host an ISO 9001:2015 Internal Audit training in Erie (January 17-19) with instructor Kevin Smith. Click here for details about the training and to register. A session is also scheduled for May 2-4 in Corry.