ISO 9001 - the Standard is dead! Long live the Standard!

The latest version of the international quality management system standard, ISO 9001:2015, brings about a significant change in philosophy as well as structure. To give you a flavour, the ISO Technical Committee that oversaw the update actually considered removing the word ‘quality’ from the title and replacing it with ‘business’, as in business management system. They didn’t – maybe next time – but it shows a big difference in thinking and attitude that many people have been calling for in recent years. 

The latest version of ISO 9001 is based very much on the updated set of seven quality management principles :

• Customer focus - The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations

• Leadership - Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the organisation’s [quality] objectives

• Engagement of people - Competent, empowered and engaged people at all levels throughout the organisation are essential to enhance the organisation’s capability to create and deliver value

• Process approach - Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system

• Improvement - Successful organisations have an ongoing focus on improvement

• Evidence-based decision-making - Decisions based on the analysis and evaluation of data and information are more likely to produce desired results

• Relationship management - For sustained success, organisations manage their relationships with relevant interested parties, such as providers, e.g. suppliers, partners, etc.

Who could argue with those? If nothing else, you can use them to promote quality management without even mentioning the word ‘procedure’! However, it is the application of these principles, in particular the ‘process approach’, along with the themes of risk-based thinking and continual improvement that certification bodies will now be looking at. Conformity is now more about demonstrating adherence to the spirit of the standard rather than ‘box-ticking’. It will be a case of demonstrating how well you know what you’re trying to achieve and how you manage, govern, run and improve to ensure you achieve your intended goals. Of course, the detailed requirements of ISO 9001 can still be seen as demanding but they only set out the minimum practices and controls needed for sound business management. 

So what’s the catch, I hear you ask – cost? Simply applying the quality management principles to your organisation need not cost very much at all but could still lead to positive benefits. However, seeking certification to ISO 9001 does cost money, time and effort; and quite a lot of all three of those. As a result, it’s one of the first questions I ask of clients, “Do you really, REALLY need ISO 9001 certification…?” 

You must have a business imperative to go for certification to get value out of it. It’s quite common for customers to require you to have ISO 9001 certification because to them, it provides a degree of assurance that they will receive what they’re expecting. As a supplier of products or services in a densely populated marketplace, you might believe that ISO 9001 certification gives you a distinct advantage over your competitors. It may well be that a key stakeholder requires you to have ISO 9001 certification to help provide assurance that the way you operate meets applicable statutory and regulatory requirements (which is a fundamental requirement of all management system standards). Whatever the reason, it should benefit you more than it costs.

If you are already certified to ISO 9001:2008 or you believe certification is good for your organisation, what else can the 2015 version do for you? Well, I mentioned earlier that the structure of the ISO 9001 standard has changed. Pretty much all new and revised ISO management system standards are based on a template of ten clauses that set out common requirements, which makes it easier to implement other compatible standards to create an integrated system. For example, let’s start with ISO 9001:2015 because that’s the standard focusing on your core business – your raison d’être. If you also wish to improve your organisation’s ethical standing and reduce its impact on the environment, you may wish to consider ISO 14001:2015 (the standard for environmental management systems); however, because you already conform to many of the common template requirements, you would only need to look at implementing the requirements specific to controlling your organisation’s interactions with the environment. Other standards that might be relevant and to which the same approach can be taken, include: ISO 27001 for information security; ISO 45001 for occupational health & safety; ISO 44001 for collaborative business relationships. Taking a joined-up approach to certification for multiple standards could save you money!

Another sign that the philosophy – or at least, the perceived philosophy – of ISO 9001 has changed is the way assessment and audit is now undertaken. Previously, internal and external auditors would be ‘walked through’ elements of the management system, meeting people who did the work and examining procedures and evidence. If you were lucky, a senior manager might appear at the opening and closing meeting. Well, the tables have turned! Because of the focus on organisational context, risk-based thinking, the process approach and much enhanced leadership requirements, it is the expectation of one certification body that up to 60% of audit time will now be spent with Executive Board members, C-suite roles and other senior managers – particularly process owners. This might be a bit of a shock for some and could be enough of a reason for the top team not to go for certification; after all, they’ll be expected to explain how their organisation actually works!

Obviously, there are many more detailed changes but hopefully, this article will give you a flavour of the change in thinking and approach that shows that the ISO standards have finally caught up with how business works in the 21st century.

[1] The quality management principles are contained in ISO 9000:2015 Quality management systems – fundamentals and vocabulary