Share｜50 Frequently Asked Questions about ISO9001:2015 Quality System

01. When was the new ISO9001:2015 standard released?

September 23, 2015.

02. Why should the ISO 9001 standard be revised?

All ISO standards are reviewed every five years to determine if they need to be revised to ensure they are current and relevant to the market. The future ISO 9001:2015 will respond to the latest developments and be compatible with other management systems.

03. How long will the transition period be?

The transition period is three years, until September 23, 2018.

04. How many revisions has the ISO9001 standard undergone?

Since the official birth of ISO 9000 in 1987, the standard has undergone four official revisions, in 1994, 2000, 2008 and 2015.

05. Major changes in ISO 9001:2015:

1) The standard has been rearranged in full accordance with the format of Annex SL in the ISO/IEC Guide 2013.

2) Replace the word "product" in the 2008 version with "products and services"; strengthen the distinction between "products" and "services"; enhance the applicability of the standard to service industry organizations.

3) More requirements are put forward for top management. The requirements of "taking responsibility for the effectiveness of the quality management system; ensuring that the requirements of the quality management system are incorporated into the business operations of the organization; promoting the application of process approach and risk-based thinking; ensuring that the quality management system achieves its expected results; encouraging, guiding and supporting employees to contribute to the effectiveness of the quality management system; promoting improvements; supporting other managers to demonstrate their leadership within their responsibilities" have been added.

4) Replace "procurement" with "externally provided processes, products and services"; require to ensure that externally provided processes, products and services do not have a negative impact on the organization's ability to continuously provide products and services to customers.

5) The requirement for relevant documents such as "documented procedures" is replaced by maintaining "documented information", and "records" is replaced by retaining evidence of "documented information".

6) Newly added clauses "4.1 Understanding the organization and its environment" and "4.2 Understanding the needs and expectations of interested parties" require organizations to take the internal and external environment of the organization as the starting point for establishing, implementing and maintaining the quality management system; emphasize the suitability of the quality management system with the internal and external environment of the organization.

7) Emphasize the core concept of "risk-based thinking"; the entire standard from "planning-implementation-inspection-improvement" (Chapters 4 to 10) runs through the concept of risk control.

8) Manage “organizational knowledge” as a resource.

9) Deleted the specific requirements for “preventive measures”, “quality manual” and “management representative”.

10) Revised quality management principles; embodied three core concepts - process, risk-based thinking and PDCA cycle; most requirements are about output, focus on achieving expected results, and focus on performance.

06. What are the seven management principles in the new version of the standard?

1) Customer Orientation

2) Leadership

3) Employee awareness

4) Process approach

5) Improvements

6) Evidence-based decision making

7) Relationship Management

07. What is the roadmap for the new standard transition?

Internal auditor training, system revision, operation records, document review, and on-site audit.

08. When will ISO 9001:2008 expire?

The current ISO 9001:2008 standard will remain valid until September 23, 2018. ISO 9001:2008 and ISO 9001:2015 standards will coexist during the 3-year transition period. By September 2018, all ISO9001:2008 certificates will be invalidated and expired. All certified organizations need to take relevant measures to convert their current ISO 9001:2008 certificates to ISO 9001:2015 certificates during the 3-year transition period.

09. How can I obtain a copy of the revised ISO9001 standard?

Available for purchase from the National Standards Network

10. When will the new version of the national standard be released?

The new version of GB/T 19001 corresponding to ISO9001:2015 has been submitted to the General Administration of Quality Supervision, Inspection and Quarantine and the National Standards Committee for approval and is awaiting official release.

11. How are “risks and opportunities” reflected in system documents?

For the quality system, "risk" can be understood as the possibility of quality failure, and "opportunity" can be understood as the opportunity for improvement. They can be noted in different documents (such as "Control of externally provided products and services", "Design and development of products and services", "Production and service provision").

12. What is the core purpose of the new ISO9001 standard?

ISO9001 focuses more on one core purpose, which is the "expected results of the quality management system (QMS)".

13. How to implement the knowledge mentioned in the new version?

This part is newly added. It can consider whether the organization currently has sufficient knowledge in terms of developing new customers and products, expanding markets, increasing customer purchasing share, etc., and whether it needs to utilize external knowledge and conduct relevant external cooperation.

14. Should the management manual and management representative documents be cancelled compulsorily?

There is no need to cancel the previously established management representative method, provided that this method is applicable.

15. Who should be aware of the changing expectations in ISO 9001?

There are a number of key stakeholders in your organization who need to be aware of and understand the changes to ISO 9001:

With the removal of designated management representatives, senior management still needs to delegate relevant responsibilities to system managers.

Senior management needs to understand and align with the leadership elements of the new standard.

Process owners need to understand their obligations – to manage the identified processes and the associated metrics.

Internal governance teams (e.g. internal auditors and audit project managers) need to ensure that they understand the specific requirements related to environment, leadership and performance.

16. Is it necessary to conduct an internal review of the new version before switching?

Before applying for a recertification audit in accordance with the 2015 version, at least one complete internal audit and management review should be conducted in accordance with the revised documents based on the new version of the standard.

17. Is it necessary to update the quality manual after version 15?

The manual is the bridge that connects the standard with the company's quality management. It is written in accordance with the terms of the standard. If the standard is updated, the manual must be updated.

18. What documents must be established for the new standard?

The 2015 version does not mention which documents must be established (the 2008 version requires the preparation of a manual and six required procedure documents), but for the convenience of the organization, the manual should be available, and the rest will depend on the needs of the organization.

19. What are the new requirements for top leaders in the new version of the standard?

1) The implementation of the quality policy and the integration of the management system with the business are commitments to be fulfilled;

2) Improving awareness of process methods, increasing full employee participation, and enhancing continuous improvement and innovation are manifestations of leadership;

3) It is truly good only when everyone is well, and leaders at all levels can prove their leadership is also part of leadership.

20. How to understand the cancellation of the management representative requirement?

The top management of an organization can personally participate in the planning, implementation and improvement of the system and may not appoint a management representative. Of course, he or she can also appoint a management representative to execute on his or her behalf.

21. What should be paid attention to when planning and implementing the transformation work of the organization?

1) Translation and transformation of standards and revision and adjustment of approval specifications

2) Specific policies and implementation requirements for conversion review

3) Preparation for the conversion of accreditation bodies and certification bodies

4) Publicity and training for certification bodies

5) Approval of conversion implementation

22. Can it be upgraded during the surveillance audit or certificate renewal audit?

Yes, if your system meets all ISO 9001:2015 requirements.

23. What are the two models updated in the new standard?

The new version of the standard updates two models, namely the process model and the QMS structure model.

24. What are the three pillars of the new ISO9001 standard?

The new standard has indeed created a good framework for us from the three aspects of MSS high-level structure, risk-based thinking, and leadership, from different aspects of the physical structure and thinking structure, which actually constitute the three pillars of ISO9001.

25. Customer groups that adopt ISO 9001 as an independent organization

Current ISO 9001:2008 users, new users, and users of industry solutions based on ISO9001:2015.

26. Can enterprises still appoint management representatives?

Can.

27. Does the ISO 9001 conversion have any impact on the organization?

The potential impact of ISO9001 on your organization depends on the organization and its quality management system. Factors such as the maturity and complexity of the existing quality management system, the existence of other management systems such as ISO 14001 or OHSAS 18001, and the organization's ongoing risk assessment and management will largely influence the extent of the changes your organization will need to undergo to meet the future requirements of ISO 9001:2015.

28. What are the impacts of the changes in the new version of 9001 on small organizations?

For smaller companies, all new changes apply. The environmental nature of ISO 9001:2015 means that the approach and level of formality should be appropriate to the environment in which the organization operates. In simple terms, the organization does not need to do more to meet customer and regulatory requirements for products/services, but should achieve this through the ISO 9001 management system approach. This management system approach will vary more in smaller companies. However, the expected output is the same, namely meeting customer requirements and applicable regulatory requirements.

29. What are the internal stakeholders in the transformation of large and medium-sized organizations?

The most important internal stakeholder will most likely be top management. ISO 9001:2015 requires: greater understanding of the external environment, addressing risks and greater responsibility for “quality leadership” by senior management (which goes hand in hand with the tight link between the management system and product/service quality).

In the new standard, more emphasis is placed on the direct participation of internal stakeholders, or the supervision of the design, implementation, structure and performance of the organization's management system, to ensure that the quality management system is an integral part of the organization's business processes. If this is done well, the quality management system will provide a valuable mechanism for senior management to better meet their internal governance and control responsibilities and provide a good source of performance data in decision-making.

30. Is it too late to start ISO 9001 conversion training now?

It is never too late to understand topics that can make your management system more effective and bring greater benefits to your organization. The ISO 9001 transition will update the requirements through good management practices. Since the last major ISO9001 transition, a lot has changed in the past 15 years.

31. Is the 2015 version mandatory to use FMEA?

No.

32. What is risk-based thinking?

We all automatically engage in risk-based thinking, and often consciously try to get the best results when doing things.

The concept of risk has always been implicit in the ISO 9001 standard, but the new version makes it more explicit and extends it to the entire management system.

Risk-based thinking ensures that risks are considered from start to finish.

Risk-based thinking, making preventive measures an integral part of strategic and business planning

33. Which clauses of ISO 9001:2015 involve risks?

Introduction -- Explain the concept of risk-based thinking.

Chapter 4 – Requires organizations to define their QMS processes and address risks and opportunities.

Chapter 5 - Requires top management to:

-- Improve the meaning of risk-based thinking;

-- Identify and address risks and opportunities that affect product/service compliance

Chapter 6 - Requires organizations to identify risks and opportunities related to the performance of their QMS and develop appropriate responses.

Chapter 7 -- requires organizations to identify and provide the resources needed.

Chapter 8 - Requires organizations to manage their operations.

Chapter 9 - Requires organizations to monitor, measure, analyse and evaluate the effectiveness of actions taken to address risks and opportunities.

Chapter 10 - Requires organizations to correct, prevent or reduce unintended consequences and improve the QMS, updating risks and opportunities.

Note: Risks always exist and you should always maintain appropriate attention (Chapters 7 and 8).

34. Why use risk-based thinking?

Successful organizations consciously apply risk-based thinking because of the benefits it brings:

Improve management methods

Establish a proactive improvement culture

Coordination

Ensure consistency in product and service quality

Improve customer trust and satisfaction

35. How to do risk-based thinking?

Identify risks – This depends on the context.

Use risk-based thinking to prioritize processes.

Manage processes by prioritizing risks.

ISO 9001:2015 does not have prescriptive risk management requirements.

ISO 31000, Risk management — Principles and guidelines, may be a useful reference document (but is not mandatory) for organizations that want or need a more formal approach to managing risk.

Balancing risks and opportunities

Analyze and prioritize risks

36. What are stakeholders?

The definition of stakeholders is given in the terms and definitions of Chapter 3 of the 2015 version of the standard: individuals or organizations that can influence or be affected by a decision or activity, such as customers, owners, internal staff of the organization, suppliers, bankers, associations, partners, or social groups including competitors and opponents.

37. How to write the new version of the standard system document?

For enterprises, the absence of a unified format seems to give them more room to maneuver, but in fact the requirements are stricter. It is like a toddler who, without the help of a walker or his parents' hands, needs to be able to walk steadily and fast, which is something that requires practice.

38. What benefits can ISO 9001:2015 bring?

The new standard requires the integration and unification of an organization’s quality management system (QMS) with its business processes:

Giving top management a more active role will encourage them to lead and participate in the organization's quality management system to a greater extent.

Introducing the concept of “risk-based thinking”, which guides organizations to focus resources on addressing key and major risks, as well as areas that may present significant opportunities.

The element of "organizational environment" is added as the core and foundation of the entire quality management system. As an organization pursuing continuous success, it is necessary to understand and continuously monitor the internal and external factors that have a significant impact on the organization, which may include the macro and micro environment, the changing needs and expectations of customers, the evolution of new technologies, and the dynamics of competitors, so as to know both ourselves and our competitors.

The unified standard structure applies to all management system standards, which is conducive to the integration and compatibility of different management systems.

39. What is the ISO 9001 certification conversion process?

There are two options for certifying bodies and certified organizations.

Option 1: One-time audit

The certification transition process is managed through a one-time transition audit, which can be conducted at the same time as a surveillance audit, a recertification audit, or during a special audit.

This one-time audit only assesses compliance with the 2015 version of the ISO 9001 standard. If an organization is found to be non-compliant, certification will not be granted and the organization will not be able to obtain ISO 9001 certification.

Option 2: Phased review

Adopt a "phased" or "gradual" approach to manage the certification conversion process. IAF has not yet made detailed provisions for the program, but the idea is to adopt the surveillance audit and recertification audit originally used to maintain ISO9001:2008 certification, and conduct additional and subsequent assessments of the sub-category regulations of the revised standard.

Once all regulations have been met, the decision to grant certification can be made.

On the one hand, the "phased" conversion reduces the risk of the organization, but on the other hand, formulating such a conversion plan is more complicated and requires the organization to conduct detailed discussions with the certification body and reach a good consensus.

40. It is recommended that ISO9001:2008 organizations take the following measures:

Conduct a gap analysis between the application of new and old standards within the organization as soon as possible;

Establishing conversion implementation plans;

Provide training or inform all departments involved in the effectiveness of the management system of changes in standards;

Update the existing management system according to the new version of the standard to ensure that the system continues to meet the requirements of the new standard and maintain its effectiveness;

When using the new standard, please contact the existing certification body providing services to make arrangements for the conversion.

41. 2015 version of ISO9001 certification conversion period

From October 20, 2015 to September 15, 2018.

42. What is process-based audit?

Process approach audit refers to an audit method that takes the organization's actual operating procedures as the main audit line, follows a systematic and interrelated audit model, and makes a systematic evaluation of the organization's quality management system, processes, performance and risk management.

43. What are the changes in the structure and terminology of the new national standard?

In order to better align with other management system standards, the chapter structure (i.e., chapter order) of the new version of the standard has changed compared to GB/T 19001-2008, and is consistent with the high-level structure given in ISO/IEC Directives Part 1/ISO Supplementary Provisions Appendix SL. Some terms in the new version of the standard have changed, as shown in the following table:

44. What kind of files are considered external files?

Documents that are not required by the system and need to be communicated and executed within the organization are considered external documents.

45. What are the roles and positioning of the new conversion process?

The conversion process is determined by five institutions in the following order:

1) ISO (International Organization for Standardization)

Identify the four key nodes for the revision of each standard: promulgation of the final draft of the international standard (FDIS), promulgation of the formal international standard (IS), elimination of old versions of the standard, and expiration of old standards.

2) IAF (International Accreditation Forum)

Jointly issue transition period guidance documents with ISO.

3) Accreditation bodies

The IAF guidelines will be refined to define detailed requirements for accredited certification bodies.

4) Certification body

The regulations and guidelines of ISO, IAF and accreditation bodies are then combined to determine the conversion process and the options available to certified organizations.

5) Certified organizations

Work with your certification body to develop a detailed optimal conversion strategy.

46. ​​Difficulties in the new ISO9001 audit (2015)

In the process of confirming the 2015 version of the standard, people identified some difficulties that they thought might be encountered in the audit. These audit difficulties are new requirements in the standard, which will inevitably be difficult for new auditors.

The audit difficulties identified during the DIS version of ISO 9001:2015 confirmation process include: the organization's environment, relevant stakeholders, measures to address risks and opportunities, organizational knowledge, and the type and degree of external control.

From an operational perspective, the new version of the standard further emphasizes the need to move away from "item-by-item auditing". Because the audit process is mainly to review the organization's processes and track the trajectory of the process. When auditing the organization's processes, it is not just the process itself that is looked at. For example, when auditing the organization's procurement, it is not only necessary to look at clause 7.4. As a process, it is necessary to consider where the procurement demand comes from, the evaluation of the supplier, and the inspection of incoming materials. When auditing according to the process approach, you will find that it is related to many other things, such as capabilities, non-conformities, etc., and may also be related to corrective actions or procurement terms. As an auditor, you should ask yourself a question: whether the company has achieved the set process goals by doing this, and whether it can enable the organization to always achieve the set goals. If you think there is a problem, you need to further investigate and verify which requirement of the organization's system does not meet the ISO 9001 standard, and then conduct quantitative or qualitative analysis of the situation.

47. When sending controlled documents by email, do you need to ask the recipient to confirm that they have read it?

Of course it is necessary. It would be best if it can be achieved through the system (such as the system records when the file is clicked to open). If it cannot be achieved, other methods must be used for confirmation.

48. How to deal with enterprises that have deleted the original design control?

Production process transformation, process changes, proofing, formulation of work instructions, planning of service projects, etc. can be taken as objects of "design and development" management.

49. Does 9001 require process and product audits?

ISO9001 does not explicitly require process and product audits.

50. How to promote a good quality system in the company?

Make good use of the basic principles of quality management and implement the company's requirements, regulations, assessments, etc. through the quality management system.