The latest version of the time honoured ISO 9001 has been recently released. Whilst having very strong alignment with the previous version, there are some truly significant aspects to the new version which will undoubtedly test some ‘dyed in the wool’ QA auditors. In addition, there is now much more alignment with WHS aspects which truly brings the systems closer together and creates the conditions for near perfect ‘Integrated Management Systems’ which are so often espoused by companies but which truthfully rarely exist!

The most significant changes are briefly described below:

  • The ‘clause structure’ now better aligns with other ISO standards and other management systems such as Environmental;
  • Some old terms have been eliminated and includes ‘Exclusions’ and most interestingly, the ‘Management Representative’ requirement is gone and is replaced by a general requirement for responsibilities and authorities to be assigned, another is Product Realisation which is now replaced by ‘Operations’;
  • A major new requirement at item 4.2 is the need to determine the needs and expectations of ‘Interested Parties’. This imposes on the organisation the need to identify ALL the parties that are or may be impacted by its activities and ensure that they are correctly considered as part of business;
  • There is greater clarity of including ‘Services’ under the standard. While it was always technically included, it was not always clear that it was and for many it was generally regarded as only being applicable to the production or manufacture of something;
  • There is a very clear requirement for ‘risk-based’ approach. Again this was always intended in the previous version, however it was not clearly required as is now the case. This aspect is further discussed below;
  • Going on from the item above concerning ‘risk based thinking, it was noted above that the term ‘Exclusions’ has been removed. It is now for the organisation, as part of their risk assessment process, to decide exactly which part and the extent of their processes, activities or operations will be included or otherwise.

This ‘risk based’ approach will be an area of major challenge for many existing QA auditors and organisations, as now it is for the organisation to assess their activities and decide the extent and degree of application of the quality requirements within the standard to those activities, this is clearly specified in s 4.3. For auditors, the previously clearly defined requirements are now ‘grey’ and the provisions now need to be questioned and tested to determine whether there is alignment and compliance of the organisations decision making with the standards intended outcomes.

The challenge here will be for the organisations to actually undertake this risk management process and establish a methodology for defining risk ‘levels’ to align with that which is currently done under the business and safety regimes. There are a few organisations who have already attempted to establish risk matrices to be ‘all inclusive’ and encompass safety, business, environmental, reputational and other risks within them. These vary considerably from one entity to another and often are defined by ‘The seat of the pants’ thinking or by some creative plagiarism rather than truly examining the risks and potential consequences. The current ISO 3100 has some basic guidance on the establishment of risk criteria but in particular in the SA/SNZ HB 436 Risk Management guidelines – Companion to AS/NZS ISO 3100 has excellent advice and help in this area.

Done correctly with a supporting procedure and evidence of consideration of the development of the matrices as applicable to the organisations risk profile, there should be little basis for any auditor to dispute the decision making. Without this being done correctly, it will be very valid for challenge to be made on the decisions and outcomes of the organisation by the auditor. This brings much closer alignment with what has been normal under WHS legislation and its requirements for many years.

There is no doubt to me that if this is correctly done by organisations, there is a real opportunity to greatly improve and streamline their business management processes, reduce bureaucracy and make life somewhat simpler, more efficient and SAFER than ever before. These things all combined, make this truly a standard for the future by enabling greater integration of all business processes including WHS and environment. The challenge is for organisations to seize this opportunity and effectively implement it to their best advantage, taking a whole of business viewpoint and always remembering that fundamental principle of KISS!