The 2015 edition of ISO 9001 has been published, with the changes intended to make the standard less prescriptive than the earlier version and more focused on performance. Nigel Croft, chair of the ISO subcommittee that developed and revised the standard, says in a new release that the new standard combines the process approach “with risk-based thinking” and employs the “Plan-Do-Check-Act cycle at all levels in the organization.”
ISO 9001:2015 focuses on risk-based thinking and engaging leadership in the quality management system. By placing more emphasis on leadership, the new standard “drives greater involvement in your organization’s quality management system by top management,” which should help ensure that employees are motivated toward stated goals and strategic objectives, according to Tim Ahn, senior manager food safety, and Erasmo Salazar, technical manager food safety, Lloyd’s Register Quality Assurance, Inc. (LRQA) Americas.
“This is an important time for the food industry with implementation of new food safety regulatory requirements, such as the Food Safety Modernization Act, or FSMA. These new rules place an emphasis on management accountability, risk assessment, and control of supply chains,” they say.
An increased emphasis on the process approach will significantly impact internal audits, according to Ahn and Salazar. “Changing the mindset of the internal auditors to move from 100 percent checklist-based audits to process-based audits will allow the organization to detect relevant areas of improvement.”
Walt Murray, director of quality and compliance consulting at MasterControl Inc., says that ISO 9001:2015 “embraces explicit requirements for a quality management system in how it is developed to manage, control, and implement improvement actions that are risk and opportunity driven.”
Previously, the standard has been one of implicit considerations for deploying improvements in quality and compliance, Murray says. The new standard is one of balanced implicit and explicit conditions for implementation. This standard “takes the process model approach of the last two revisions to a whole new level of verification and validation of activity for improvement,” Murray says.
The impact of the new standard could be significant if the activity level for a company has been static and pragmatic in its implementation, Murray explains. For example, investigators will no longer ask where the procedure is and the logs and records to support it. “The deal breaker will be the question: How did you make that decision and did you evaluate the risk of implementation, and/or the opportunity to prevent containment or mitigation activity as a result of the absence of such an evaluation?”