This blog has moved

To a new website

ISO 9001:2015

This may be a bit of a surprise when we’re just getting used to ISO 9001:2008 but the next version of ISO 9001 is now being considered and it’s likely to be 2015 before it’s published.

The committee responsible for ISO 9001 is in the early stages of working out what changes need to be made in the next version of the standard. The first version of ISO 9001 (1987 version) took 7 years to develop. The 1994 edition took another seven years and the major revision ISO 9001:2000 took 6 years. The 2008 version, which had only minor changes, took another 8 years (though that was more to allow the 2000 version to settle rather than the scale of changes in ISO 9001:2008).

The next version could therefore be as early as 2013 but 2015 seems more likely.

One of the difficulties to be faced in the next version is the increase in the number of “management system standards”. ISO 9001 was the first but was followed by others such as ISO 14001 for environment management systems. ISO has stated that all management system standards need to be aligned to the extent that they have as far as possible identical clause titles, sequence of clauses, definitions and as much identical text as feasible.

This drive for commonality amongst the management system standards may detract from the need to include new ideas in ISO 9001. One of the criteria for developing ISO 9001:2000 was that no “new” requirements were added – it was more of a structural change. So many of the concepts in ISO 9001:2000 and the 2008 edition are unchanged from the 1994 version and if the next version doesn’t appear until 2015, and no new concepts are introduced it will contain concepts that are over 20 years old!

In the post about David Hoyle’s ISO 9000 Quality Systems Handbook, I mentioned that the book is openly critical of ISO 9001’s inconsistencies. So, despite the fact that ISO 9001 has become a worldwide baseline for quality management, there are lots of improvements that could be made.

For example, the purpose of ISO 9001 is still largely misunderstood. It is not a “model quality management system”. To many organisations and consultants that advise them seem to think that paraphrasing the ISO 9001 standard is the correct way to document a quality management system. ISO 9001 is a list of the requirements that a quality management system shall meet to enable it to be assessed. It is not a documented quality management system (that’s just one of the requirements to be met).

Another improvement would be to deal with the challenge that ISO 9001 stifles innovation by placing a greater emphasis on compliance that on improvement.

How can you influence what goes in the next version of ISO 9001? Get in touch with your national standards body - the British Standards Institution in the UK – or email the UK representative on the ISO committee Charles.Corrie@BSI-global.com

ISO 9000 Quality Systems Handbook

The latest edition of the ISO 9000 Quality Systems Handbook is the sixth revision of this excellent book by David Hoyle.

It has been updated to cover the changes in ISO 9001:2008 that I have already covered in this blog.

In my view, this is all you need to understand and apply ISO 9000 to your business whether it's in pursuit of ISO 9001:2008 certification or just business improvement in general. Of course, if you're a quality consultant and auditor like me you'll find this weighty tome invaluable.

David's style, and approach in general to the ISO 9000 series, has always been constructive but direct. If he thinks the standard is unclear or ambiguous, as it is in many places, he says so, why he thinks so, and how best to deal with these failings. In this edition he has even considered the views of John Seddon, a long time critic of ISO 9001 (see his book The Case Against ISO 9000).

The ISO 9000 Quality Systems Handbook now has a new structure.

Part 1 Before You Start puts the ISO 9000 family of standards into context, defines quality and why it is important to organisations. It introduces the management principles on which the standards are based. There is a whole chapter on stakeholders, the importance of whom will become much more apparent when the new version of ISO 9004 is available. This part ends with a practical guide to the use of the ISO 9000 family of standards.

Part 2 Approaches to Achieving, Sustaining and Improving Quality covers six different approaches to getting to the level of quality that will lead to sustained success, the benefits and drawbacks of each approach.

Part 3, 4, 5, 6 and 7 deal with Complying with ISO 9001 Sections Requirements. These are the sections most people will turn to who are trying to achieve ISO 9001 certification. It's a little bit odd that David couldn't have put another Part in front of these so that they were numbered the same as the ISO 9001 sections! Each requirement is explained in terms of What Does This Mean? Why Is This Necessary?, How Is This Demonstrated?, so that you not only get to know what the standard says but why it says it and what you need to do to comply with it.

Part 8 System Assessment Certification and Continuing Development provides tools to help you prepare for assessment, how assessments are conducted and how to progress beyond ISO 9001 certification.

It remains to be seen what the effect of the new version of ISO 9004 will be (called ISO 9004:2009 though it's struggling not to become ISO 9004:2010!). In the meantime, beyond obtaining a copies of ISO 9000:2005 and ISO 9001:2008, this is the only other publication you might need.

Giving Good Audit Feedback

My favourite quotation that sums up the way too many auditors behave is that “auditors are sent in after the battle to bayonet the wounded!”

That’s just what it feels like to many people having a daily struggle against demand outstripping supply and management that doesn’t see to care. Then in comes the auditor and tells them what they already know – there too much for them to do and they haven’t got the right staff with the right training and the right tools to do the job effectively let alone efficiently.

That said, when I’m auditing I believe it’s important to communicate both conformity and nonconformity as the audit progresses. When summarising the audit findings at the closing meeting, or at any interim feedback meeting, it is sometimes too easy to lay most of the emphasis on nonconformity.

I use a simple mechanism to ensure feedback is balanced between areas of both conformity and nonconformity. This also reminds me to seek out areas of good practice as well as areas that need improvement.

Instead of describing findings “good” and “bad” I try to categorise them as “good” and “could be better.” I use a simple format to communicate this mixture of feedback. A sample is shown in the table below.



The left column keeps the entries numbered. From there, the next column details the areas of good practice. The next column describes the areas for improvement. If I’m auditing against a particular standard (such as ISO 9001) then I usually include the relevant clause number in the final column on the right.

Although this feedback can be typed and presented as a document at the closing meeting, I prefer to write it on a flipchart. In this way I can ensure that everyone at the closing meeting can see the feedback. In addition, I often reveal the feedback line by line, keeping the rest of the feedback covered to ensure everyone stays focused as each individual finding is presented.

In the example shown in Figure 1, each of the entries except three and five shows balanced feedback. Entry three includes only an area of good practice—no improvements were suggested. In the case of entry five there was no mitigating good practice to offer following the audit. Customer satisfaction was not being measured at all. This is nonconformity against ISO 9001 clause 8.2.1, as shown in the final column on the right.

Those who are being audited appreciate this balanced feedback approach. The approach also encourages us as auditors to seek areas of good practice during the audit and offer praise where it is appropriate.

I also receive clear feedback on our findings at the closing meeting. The entire findings are presented in this feedback format as an overview. Therefore, there will be no surprises in the audit report that is prepared and delivered later. Nothing is included in the audit report that was not covered in this balanced feedback offered in the closing meeting.

I believe this approach makes me a better auditor and gives audits a more constructive tone.

BS EN 16001 Energy Management

BSI is adding to the range of standards you can be certified to by releasing BS EN 16001 Energy Management Systems.

This standard recognises that businesses need to become more energy efficient to be competitive.

This new standard, which follows the Plan, Do, Check, Act approach of previous management standards, such as BS EN ISO 9001, BS EN ISO 14001, and more recently BS EN 12001, provides:

• A structured approach to identifying your energy-related assets


• A framework for controlling, monitoring and measuring your energy consumption


• A means to identify opportunities to cut energy costs and increase energy efficiency

The standard defines the requirements of an energy management system (EnMS).

BS EN 16001 can help you to:

• Reduce operating costs by controlling in-house energy costs


• Improve your reputation by demonstrating that you are controlling greenhouse gas emissions


• Deal with the growing amount of legislation including the Carbon Reduction Commitment which becomes mandatory in April 2010 for organisations using more than 6,000MWh/yr
  

An energy management system, designed around BS EN 16001, will help to embed best practice energy management into normal operations, everyday decisions and behaviour.

BS EN 16001 can be obtained from the BSI Shop priced £100 (£50 to BSI Members).

There is also a companion guide BIP 2187:2009 Energy Management Principles and Practice providing expert insights on implementing BS EN 16001 and having an effective energy management system in place. This is £30 (no discount for BSI Members) and offers a practical and easy to follow introduction to the technical considerations, human factors and management aspects of energy saving in commerce, industry and the public sector.

ISO 9004:2009

The latest draft of ISO 9004 has received broad approval and the final draft of this International Standard (FDIS) is due to be released at the end of August 2009 with the publication of the revised standard in October or November 2009.

ISO 9004 has a new title "Managing for the sustained success of an organisation - A quality management approach" and is shorter than its predecessor, ISO 9004:2000 at 44 pages compared to 56. This reduction is in part due to the removal of the ISO 9001 text that appeared at the start of each section. Although ISO 9001 and ISO 9004 are still "a consistent pair" of standards, ISO 9004 no longer has the same clause by clause naming as ISO 9001. This helps to emphasise that it is not a guide to ISO 9001.

The contents of ISO 9004 (at the draft stage) are:

1. Scope
2. Normative references
3. Terms and definitions
4. Managing for the sustained success of an organisation
5. Strategy amd policy formulation, planning and deployment
6. Resource management
7. Process management
8. Monitoring, measurement, analysis and review
9. Improvement, innovation and learning
Annex A - Self-assessment tool
Annex B - Quality management principles
Annex C - Correspondence between ISO 9004-2009 and ISO 9001:2008
Bibliography

The aim of ISO 9004 is to help users of ISO 9001 to obtain long-term benefit from a broader, in-depth, quality management system (QMS) based on their existing QMS. It uses the same quality management principles as ISO 9001. It is not to be used for assessment or certification purposes.

ISO 9001 focusses on customers. ISO 9004 extends the focus to include all interested parties including society, suppliers, employees and shareholders.

One of the main areas of comment on the ISO 9004 draft has been the relationship between the main body of the standard and the guidance on self-assessment in the annex. This self-assessment is based around 5 maturity levels (now, where have we come across that before?)

1. Beginner - focus is on products, processes are ad-hoc, results not predictable, improvement actions forced by customers
   
2. Proactive - QMS implemented, corrective and preventive actions well-organised
   
3. Flexible - process management implemented, predictable results, strategy focussed on customers and some other stakeholders
   
4. Progressive - balanced focus on all stakeholders, consistent positive results, continual improvement based on learning and sharing of knowledge
   
5. Successful - capable of maintaining good performance over time and developing further in the long term

From this it would seem that an organisation that has just been certified to ISO 9001 would not be higher than Level 2.

In addition to the ISO 9004 standard, a guide to this self-assessment tool is being produced along with an implementation guide for ISO 9004:2009.

When the final draft International Standard (FDIS) is available further detail will be provided.

Preventive Action, Corrective Action and Correction

What's the difference between corrective action and preventive action? Are separate procedures required by ISO 9001?

The corrective action process is a problem-solving process and the preventive action process is a risk-analysis process.

Corrective action

Corrective action is defined in ISO 9000 as "action taken to eliminate the cause of a detected nonconformity or other undesirable potential situation" and notes that corrective action is taken to prevent recurrence. ISO 9000 also points out that corrective action differs from correction.

Correction is defined in ISO 9000 as "action to eliminate a detected nonconformity". Put simply, if something has gone wrong then the action you take to fix that instance is correction. For example, if a part comes off the production line with a screw missing, then putting the missing screw back is correction. The action you take to stop it happening again is corrective action. Using the same example, making sure the correct number of screws are supplied for each part would be corrective action. It gets confusing when that is referred to as preventing a recurrence. In ISO 9000 terminology that action is not preventive.

There has to be a problem for you to take corrective action. If no problem exists but there is a possibility that a problem might occur, preventing that potential problem is preventive action.

Preventive action

Preventive action is defined in ISO 9000 as "action taken to eliminate the potential causes of a nonconformity or other undesirable potential situation". ISO 9000 distinguishes preventive action from corrective action by noting that "preventive action is taken to prevent occurrence" as opposed to recurrence which characterises corrective action. In the example used above, planning the production of the part to ensure that all the screws are fitted would be preventive action.

A risk management process is a good example of preventive action. Assessing the impact and likelihood of a risk occurring and taking action to prevent occurrence is preventive action.

Other examples of methods for identifying potential nonconformities are:

• trend analysis for process and product characteristic (where a worsening trend indicates a potential problem)
• monitoring of customer feedback
• evaluation of problems in similar processes or products
• planning of new processes and products
  

Procedure Requirements

On the question of procedures, ISO 9001:2008 makes it clear that although a procedure is required for corrective action and a procedure is required for preventive action. There is no stipulation that these should be separate documents (see the NOTE 1 under 4.2.1 in the standard). However, the combination of a corrective action procedure and a preventive action procedure into a single document is not recommended as it then becomes more difficult to clearly separate the two distinctly different approaches. You may also find it difficult to demonstrate to an external assessor that the processes are separate and that you actually perform both types of action.

Note that in the above discussion, reference is made to ISO 9000 and not ISO 9001. ISO 9000 contains the concepts and terminology on which ISO 9001 is based and is essential reading to gain a full understanding of ISO 9001.