Communities are showing Interest in Environmental Management Systems – By Peter Burke

As the debate over global warming continues, more and more communities are looking inward to see what they can do to reduce their environmental impact.   ISO 37101:2016 was released in July of this year with the same ten clause High Level Structure (HLS) as ISO 14001:2015 – Environmental Management Systems.   ISO labels ISO 37101 as “Sustainable development in communities – Management system for sustainable development – Requirements with guidance for use”.

The Foreword to the standard makes reference to other related standards like ISO 50001:2011 – Energy Management Systems, ISO 14046:2014 – Environmental management – Water Footprint, ISO 26000:2010 – Guidance on social responsibility, ISO 45001 – OHSAS Management Systems System (scheduled for release in early 2017) and ISO 20121:2012 – Event sustainability management systems — Requirements with guidance for use.  All of these standards will be updated to the new HLS in the next few years, which will make it easier for communities to have an integrated management system with multiple standards.

The Foreword also makes reference to the 3 pillars of sustainability – social, environmental, and economic, just like ISO 14001:2015.    By identifying and focusing on all three pillars, a community can try to reach a sustainability balance for their community and surround communities.   When operating in areas with limited water, ISO 14046 may be a good standard to consider along with ISO 37101 and ISO 14001.  If the community uses a lot of energy, ISO 50001 should be considered. 

While ISO 37101 is not certifiable, it can be considered and implemented, by small and large cities that want to conform to a sustainable ISO standard.  Communities may want to have people trained to meet both ISO 14001 and ISO 37101 standards, to win favor with EPA and government officials.  EPA recommends ISO 14001 for communities, and implementation of the standard could help prevent occurrences like what happen to the water systems in several cities over the last few years.  And, since both standards have the ten clause HLS, it is easier to adapt to the existing management system in place.  Communities can use all or part of ISO 37101 standard to improve their Carbon Footprint and reduce their environmental impact. 

QMII can help an organization decide which ISO standards would work best for their community, and whether they would be more comfortable being compliant to ISO 37101, or want to be certified to ISO 14001, or both.

 

More Tips for ISO 9001:2015 Auditors

Over these last nine months the inputs provided by QMII, on the changes in the 2015 version of ISO 9001, have been very well received by our alumni and clients. As such, we continue this discussion in the editorial to the April issue of the Globe we would like to suggest some thoughts on specific areas of the standard which an auditor should look at, to see the compliance to ISO 9001:2015. As the system is updated it should definitely consider that the implementation of the standard is aligned with and integral to the business management. The revised standard, in defining Policy requirements in clause 5.2.1a, specifically requires the policy to be based on the context of the organization and supportive of the strategic direction of the business. This is further emphasized in clause 5.1.1b where the need to align policy and objectives to the strategic direction of the business is a requirement. 5.1.1c requires integration of the QMS to the business processes.

Documented evidence removes doubts between records and documents in 2008 version. The term exclusion is removed. As such, the organization has to now further determine what is applicable to them, making it necessary for the organization to remain responsible and keep the promises to customers. Organizations do not have to meet the quality manual requirements if they already have the information elsewhere, perhaps on their websites. This does not mean you have to throw away your quality manual if you have one! All the standard is asking organizations to do is to incorporate quality in all they do and not let quality become a separate entity. Some organizations, already certified to ISO 9001:2008, have concerns about transiting to the 2015 version.

I think in the overall perspective these organizations will find it valuable to transit sooner, rather than wait for the 2018 cutoff. After all if a risk exists, it must be assessed, mitigated or used as an opportunity for improvement quickly. Waiting for preventive action which is data driven under the 2008 version at the Act stage of the P-D-C-A (plan-do-check-act) cycle is not responsible of the organization or to the customers.

Appreciating the context of the organization and understanding the risks is the right way to go about meeting requirements. Auditors must audit to see correct understanding and successful implementation of clause 4.1 of the ISO 9001:2015. Understanding the needs and expectations of interested parties (clause 4.2 of ISO 9001:2015) has to be successfully implemented by organizations. This should be an item on the audit to be well established.

For further information on this refer to the blog

Adoption of risk based thinking is emphasized throughout the revised standard and auditors must see proof of implementation. There is greater emphasis on the process approach used to achieve intended objectives. Continual improvement has been replaced by improvement. The organization must see overall benefits in the business achieving set results.

These and many more benefits of the revised standard should be the objective of auditors auditing the organization to ISO 9001:2015. Good luck with the implementation of revised ISO 9001 and stay tuned for more tips.

Measuring the ROI of your system

Weighing the value of a product against the perceived value in terms of ROI (return on investment) is fair. However, where the client is opting for a process based management system consultancy, and is starting at a stage of near zero level understanding of the product and or service, price unfortunately, often dictates the decision. ISO 9001:2015 Clause 8.4.1 clearly and categorically requires that external providers of products, processes and services, to be selected based on their ability to perform and meet requirements; implying not based on the lowest price!

In this 30th year of service to our clients and alumni my introspection and analysis brings me to look critically at what we are celebrating. QMII is celebrating the success of our clients. If the client is not successful we have failed. Successful clients have enabled QMII to reach this 30 year milestone. If the client does not use the system or simply is left with a certificate hanging on the wall I do not consider it value added or call it success. Perhaps, it met the client’s immediate requirement of winning a contract because the certificate was a prerequisite. But beyond certification the investment becomes lost money. The system must work.

As President and CEO, leading the QMII Team, I have always thought of the value we provide in meeting client objectives; stated or unstated. It can at times be difficult to predict what the client considers of value. However, with our experience and a methodology developed over 30 years QMII knows how to deliver more in specific terms:

Functional gains in achieving efficiency, time saving, waste reduction, and overall effect to the bottom line of the client business – what QMII coined as “Cash in the Bank.”

The reduction in the tension and stress on the client leadership by reducing anxiety about the outcome of the system implementation.

QMII has very consciously avoided templates. Templates in effect throw away the existing management system! Our belief has been to “Appreciate your Management System”. The QMII Team works with the client to capture the “As-Is” of the system and proceed forward from there.

Corporate Social Responsibility (ISO 26000) is still not a requirement and understandably has a cost value to it. The gains of being socially responsible are often not tangible or immediately visible in the short run. We have assisted organizations, to adopt these values in a manner which does not affect productivity and as a result, in the long run these organizations are respected by their clients.

It worth re-emphasizing Dr. Deming’s “A bad system will defeat a good person every time.” The endeavor of the QMII Team in these 30 years has been to understand and appreciate the client’s needs; assisting with development and implementation of successful management systems in varied discipline. Meeting client objectives.

So while the ROI may not be apparent to some at the outset, we can say with confidence that those we have worked with have gone from success to success.

What came first – the DATA or the DECISION?

In today’s digital world, collecting data has almost become second nature in any organization. After all, in the end, it is only a few gigabytes on a cloud or local server. Not much thought is given to the usefulness or purpose of a data collected. The basic thought is ‘who knows when we may need it?’ Large organizations are leaders in this data collection obsession. In our line of work, we work with numerous clients. One thing in common that we often find is the organizations collecting data with no objective of where, how or when the data will be used.

As a result of this obsessive, compulsive, purposeless data collection, leaderships are now driven to draw conclusions and trends from the data collected; without the data in the first place being aligned to a purpose. At times, we hear ‘the data is not helping us make a decision’ or ‘we are not sure why we are collecting the data … we just have to’. Data collection should lead to it being converted to information. Information should then be analyzed and enable informed decision making and improvement of the system.

The human mind is a great data storage center and we can probably learn a few things from it. We use the memory space allocated very carefully; selecting what we collect as data for future use or for making an informed decision. However, let’s take a step back and a moment to think on how we are able to do this. It being a second nature it may not be readily apparent to us. In essence, we start with a decision we need to make and based on this decision we decide on the kind and quantity of information we require for analysis, which would give us the ‘confidence’ to either proceed ahead or maintain a neutral position. This confidence is based on statistics (this includes inputs based on our personal experiences). It should always be that the decision drives what data we assimilate and not the other way around. It may be argued that some of this data we store may be based on previously collected inputs that we at the time did not have use for but collected. Nevertheless, even when we do, our brain sees a possible use for it in the future resulting in us storing it.

So, as you look at the data you have or, are beginning to collect, ask yourself ‘what is the purpose, the end result, the objective for which the data is being collected?’ Once the objective is defined, then only will the correct data be collected and be useful, informative and productive enabling objective cost effective decisions. Starting with the objective is critical in all that we do; and we already do it subconsciously. So going forward, make a ‘conscious decision’ to get data that is useful.

Objective Auditing Meets ISO 9001:2015

How Auditors can help organizations understand context and risk

Objective auditing has always been a challenge, and this is especially true now for ISO 9001:2015 audits. To better meet customer expectations, fundamental changes have been introduced to the standard to address current business realities and advancements in technology. Much of the responsibility of meeting the new requirements falls on leaders, and a careful, objective audit to the standard can help them.

It’s human nature that with knowledge and experience comes a touch of ego, but an auditor with an ego can be a liability. Experienced auditors must guard against a tendency to add subjective opinions to their audit reports and focus instead on providing objective inputs. In this way they can help leaders make rational, objective decisions. This challenge is further compounded for auditors experienced in auditing to ISO 9001:2008, with its emphasis on preventive action. ISO 9001:2015 no longer addresses preventive action but instead focuses on establishing risk-based thinking throughout the management system. What’s the best way to audit this?

The starting point for corrective action (CA) is the nonconformance report (NCR). A well-written NCR clearly states the standard’s requirement, the objective evidence for citing the nonconformance, and a description of the failure that occurred. If at this point an auditor allows his experience to bias what he expects should happen instead of sticking to the requirement, management ends up with a subjective input.

A closed NCR provides data that management can analyze for possible trends, which can then be addressed by preventive action. For previous editions of ISO 9001, that was the fundamental base of a successful management system: Basically, data drove trends and preventive action.

With ISO 9001:2015, preventive action has been replaced by risk-based thinking, which requires a more dynamic role for leaders. They must understand and continuously assess risks at every stage, mitigating them and considering opportunities for improvement (OFI). This is important to do even before the planning stage of the plan-do-check-act (PDCA) cycle, by first understanding the context of the organization.

Leaders’ understanding of the context of the organization, as well as their ability to assess risk and consider opportunities for improvement, need to be audited. Auditors must be especially careful here and not jump in and confuse management by offering their own opinions. ISO 9001:2015 has strengthened the leadership role, not weakened it, and by offering subjective advice, auditors could jeopardize this. They must limit their role to providing objective NCRs and allow management to make the decisions.

Understanding the organization in context

Per clause 4 of ISO’s Annex SL, ISO 9001:2015 and other ISO standards require an organization and its leadership to understand the context of the organization when determining key management system elements such as the scope of the system (clause 4.3), processes (clause 4.4), the quality policy (clause 5.2), and planning, objectives, risks, and opportunities (clause 6). For more about this, see also ISO/DTS 9002—“Quality management systems—Guidelines for the application of ISO 9001:2015.”

So what, then, is this “context of the organization?” Put simply, leaders must thoroughly understand the relevant internal and external issues, both positive and negative, that can affect their organizations’ ability to achieve intended results. Consequently, they must monitor and review these issues regularly.

Leadership also has a tremendous responsibility in being fully aware of the risks to the organization. An understanding and appreciation of the context of the organization can help with this, particularly if it’s undertaken before the planning stage of the PDCA cycle. When fully appreciated, the context will not only promote more robust plans but also highlight inherent risks that can provide opportunities for improvement and innovation. This is vital in the success of the organization.

When organizations undergo mergers and acquisitions, relocate, outsource large parts of their business, or change their products, the context of the organization changes. The internal and external factors change. Leadership must understand the implication of these changes in the context of the organization. Doing this will also allow them to see the risks and perhaps opportunities for improvement.

It’s like going into battle. A lot of things must happen before troops are deployed. For example, the logistics of deploying troops in harsh terrain surrounded by hostile countries, and the chances that they may fail, must be considered. If the risk is too great, then perhaps the nation’s diplomats should first reach out to surrounding countries to create a safe corridor for supplies or retreat. This diplomacy might uncover opportunities for better relations with these states. The risk might also require intelligence agencies to assess conditions on the ground. Thus prepared, the military leadership can best ensure the mission’s success.

Similarly, business leaders have to understand the context of their organizations clearly when they develop a quality management system and before proceeding to the “act” stage of PDCA. This understanding will provide the foundation for determining key QMS elements.

Information about internal and external issues affecting the outcome of the QMS in the context of the organization should be collected from all sources. These may be from internal documents and meetings, national and international press, various websites on the subject, publications from national statistics offices and other government departments, and professional and technical publications, conferences, and meetings. Other resources include think tanks, professional associations, and independent subject matter experts. Many sources are available, and leaders need to consider all relevant ones to make the best assessment of potential organizational risk.

Internal issues to consider are resources such as infrastructure, the environment for operations, and organizational knowledge. Competence of employees, organizational culture, and perhaps the relationship with unions should be included. There are also delivery capabilities, customer evaluations, and management issues such as decision making and organizational structure.

External issues that might affect the organization include macro-economic factors such as money exchange rates, the economic situation, inflation forecast, and availability of credit. Then there are social factors such as local unemployment rates, safety perception, education levels, work ethics, and political factors. Existing international trade agreements, including sanctions, might affect the outcome of the organization’s performance in meeting objectives. Competition as it relates to market share might require study. Relevant legislation also must be considered.

An organization that understands “what it does,” and how various internal and external issues affect how well its QMS meets requirements, is better placed for success. Auditors can best help organizations by establishing, through objective auditing, that these requirements are met.

Organizational knowledge

ISO 9001:2015’s clause 7.1.6 has introduced a new requirement: organizational knowledge. When auditing this, auditors must keep in mind not only the existing context of the organization but also the changing context, if relevant. The organization when addressing changing needs and trends must consider its current knowledge and determine how to acquire or access any necessary additional knowledge or required updates. Going forward with changes, mergers, acquisitions, or moving operations globally without assessing the risks introduced by lack of knowledge can mean the difference between success and failure. Both internal and external sources for knowledge as mentioned above are relevant here. Future needs and their relationship to innovation is also mentioned in the standard’s introduction.

Evidence-based decision making

When determining conformity of a management system to ISO 9001:2015, auditors will need to ascertain that all aspects of the management system adopt both the PDCA cycle and risk-based thinking. Per the standard’s introduction, auditing should reveal that the processes have been adequately resourced and managed, and opportunities for improvement are determined and acted on. Auditors must also confirm that the organization’s leadership has considered risks and encouraged risk-based thinking to determine the factors that could cause the system (i.e., processes) to deviate from planned results.

The first phase of a system audit, during which the auditor interviews top management with systematic and well-thought-out audit questions, is vital to establish that management clearly acknowledges its role in understanding the context of the organization and how it influences the required customer focus. Employees must also understand the expectations of management. To successfully engage employees in a customer focus, company policies must smoothly flow into measurable objectives. Auditors must prepare well to audit top management and determine its commitment to the process approach and continual improvement. A system that doesn’t require management reviews periodically to establish that the PDCA cycle is in place even at this level means that leaders are at risk of making subjective decisions. During their interview of top management, auditors must be able to establish conformity to evidence-based decision making.

Conclusion

There is much more to auditing than looking for nonconformities. Auditors must also understand how the context of an organization relates to quality management principles. If they do, then they will look for conformities in the management system to ISO 9001:2015 requirements. If during this audit they do find nonconformities based on requirements, they must provide well-written NCRs to encourage a process-based management system. An objective audit will enable management to better use the system to consistently meet requirements, and the processes themselves will add value, help mitigate risks, and create opportunities for improvement.

http://www.qualitydigest.com/inside/statistics-article/030316-auditing-revised-standards-challenge-auditors.html?utm_source=MadMimi&utm_medium=email&utm_content=QDD+3-15-16+MicroRidge+Proof+2&utm_campaign=20160314_m13024#

 

Auditing to the Revised Standards – Are You Ready?

With the revised HLS standards auditors face a new challenge in auditing aspects that were not previously addressed by ISO 9001 and other standards. Even the concept of risk until recently, only addressed the negative aspects of it and not the opportunities for improvement that arose out of taking a risk. Managements and organizations often face the challenge of selecting objective auditors that do not have a tendency to use their experience to add subjectivity to their audit reports. With the new changes auditors we teach often ask how they can address the clauses in the new standard. The fundamental base of a successful management system was a closed non-conformity that provided the data point, which over time constituted the data base providing information that the management team used to analyze and provide trends and potential NC. The management with time then took preventive action.

With the revised ISO 9001:2015 fundamental changes have been introduced. First the concept of preventive action has been replaced by addressing risks, though in essence they are similar; except preventive action was previously interpreted and applied as an afterthought.  Dynamic leadership appreciates and assesses the risk(s) all the time; at every stage, mitigating risk and considering Opportunities For Improvement (OFI). Not just at the Plan stage of the P-D-C-A cycle (Plan-Do-Check-Act), but even at the pre-plan stage by first understanding the context of the organization. A risk when appreciated can be avoided, mitigated or may present alternatives or bring out ideas for innovation as such presenting opportunities for improvement.

The understanding of the context of the organization and the management’s ability to assess risk and consider OFI needs to be audited. OFI tends to open an area for auditors to jump in confuse the leadership of an organization by bringing in their opinions! That is not the intent of the standard. The revised standard has strengthened the leadership role not weakened it. Auditors could jeopardize this by subjective NCs. This is an area for concern. Managements need to be all the more cognizant of their responsibility and ensure the management role is not usurped by auditors. Auditors in their wisdom have to be sure of their role in assisting the system to run with its own leadership by providing objective NCs to enable management to make decisions.

Clause 7.1.6 of ISO 9001:2015 has introduced a new requirement: Organizational Knowledge. Auditors will have to audit this keeping not only the existing context of the organization in mind but also the changing context if relevant. The organization when addressing changing needs and trends must consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates. Going forward with changes, merger, acquisitions or moving operations globally without assessing the risks introduced by lack of knowledge can mean success or failure. Both internal and external sources for knowledge as mentioned in the clause ibid are relevant.

Auditors in looking for conformity of the system to the standard will need to see carefully that all aspects of the process based management system adopt both the P-D-C-A cycle and the risk based thinking. Auditing should show that the processes have been adequately resourced, managed and the OFI are determined and acted on.  Further auditors will need to assess that the leadership has considered risks and encouraged risk based thinking to determine the factors that could cause the system (processes) to deviate from planned results. Future needs and their relationship to innovation is mentioned in the introduction to the standard.

The first phase of a system audit where the auditor interviews the TM is vital to establish by systematic well thought of audit questions, perhaps a good check list to see that the leadership of the organization clearly understands its role in understanding the context of the organization to be able to have the required customer focus.  The employees in any organization need to understand the expectations of the management. To be able to engage people to the customer focus the policy must smoothly flow into measurable objectives. Auditors must prepare well to audit the TM to see the commitment to the process approach and continual improvement. A system lacking in the P-D-C-A cycle working with TM not conducting the MR (management reviews) periodically will end with leadership making subjective decisions. Auditors in their interview of the TM must be able to establish conformity to evidence based decision making.

There is more to auditing than for an auditor to go looking for non-conformity! If the auditors understand the relationship management aspect of the quality management principles they will look for conformity.If they do find NCs based on requirements and provide well written NC statements the PBMS (process based management system) approach will enable management to better use the system; providing consistency in meeting requirements. Further the processes will add value to achieve set objectives, mitigate risks and/or use the OFI for better performance with time.

Understanding the ‘Context of the Organization’

ISO 9001:2015 and other standards per the new High Level Structure (HLS) format require the organization and its leadership to understand the context of their organization in determining key Management System elements such as the scope of the system (clause 4.3), the processes (clause 4.4), the quality policy (clause 5.2), planning, objectives, risks and opportunities (in terms of Clause 6). So what then is this ‘context of the organization’ as per the new ISO standards?

Leadership has a tremendous responsibility in fully and comprehensively appreciating the risks to the organization. As the P-D-C-A Cycle (Plan-Do Check-Act) is used as the tool to bring efficiency using the Quality Management System (QMS), it is not just the Plan stage which is important but also the pre-Plan stage that is vital in the success of the organization. Sometimes the leadership even before formulating a plan at the very conceptual level may benefit the organization and make more robust plans if the context of the organization is understood and appreciated. The context when fully appreciated will bring out the inherent risks as also then provide opportunities for improvement and innovation.

In addition and in conjunction with this requirement organizations also need a good understanding of the relevant internal and external issues that can adversely or positively affect the organization’s ability to achieve the planned results. The leadership must be cognizant of both the internal and external issues that can affect this intended outcome. Consequentially it must monitor and review these on regular basis.

When organizations go in for mergers and acquisitions, or change their product or make other major organizational changes or perhaps outsource large parts of their business or relocate, the context of the organization changes. The internal and external factors change. The leadership needs to understand the implication of these changes in the context of the organization. As they do this they would see the risks and also perhaps opportunities of improvement and innovation.

In battle, the deployment of the troops comes much later. The internal and external factors; the logistics for example of deploying them in harsh terrain surrounded by hostile countries and the chances that they may fail have to be considered. If the risk is above acceptable limits, then the nation’s diplomats may consider reaching out to neighboring countries to create a safe corridor for logistics. This diplomacy may present opportunities for better relations with these littoral states. The risk may require intelligence agencies to gather realities on ground. Thus armed, the military leadership can best ensure the success of the mission.

The same logic would apply to a surgery. The surgeon needs to know that it is an open heart surgery! Among those factors to be considered would be the hospital facilities available and working, the fitness of the patient, the location, reliability and availability of ancillary services among others. In a similar manner every organization has to understand the context of the organization clearly as it makes its plans to use the quality management system and proceed to the implementation stage of the P-D-C-A cycle.

This understanding will provide the foundation for determining key QMS elements such as the scope of the system (clause 4.3), the processes (clause 4.4), the quality policy (clause 5.2), planning, objectives, risks and opportunities (in terms of Clause 6). The technical committee when revising the ISO 9001:2008 to the 2015 version was very aware of the changing world and the easily available data and information as also in some case analysis on the internet. There was no reason not to consider such inputs available and pointing to risks already considered in any part of the world. Therefore information about internal and external issues affecting the outcome of the QMS in the context of the organization should be collected from all sources. These may be from internal documents and meetings, national and international press, various search websites on the subject, publications from national statistics offices and other government departments, professional and technical publications, conferences and meetings. Then there are the think tanks and professional associations and independent subject matter experts. Many sources are available and the leadership needs to understand this to make the best appreciation of the risk.

As such, why would leadership not consider the overall performance of the organization, including its financial information, when it may already be publicly available? Some of the other internal issues to be considered could be resource factors including infrastructure, environment for operations and the organizational knowledge. Another factor would be the competence of the employees, the organizational culture and perhaps relationship with unions. Then there are the delivery capabilities, customer evaluations, factors in the governance of the organization such as the decision making and organizational structure.

External issues which may affect the organization may include macro-economic factors such as money exchange rates, the economic situation, inflation forecast, and availability of credit. Then there are the social factors such as local unemployment rates, safety perception, education levels, work ethics, and political factors. Existing international trade agreements including sanctions and so on may affect the outcome of the organization’s performance in meeting objectives. Competition as related to the market share may require a study. Then legislation and other factors need to be considered.

Management which understands “what it does” and how various internal and external issues will affect the outcome of the QMS meeting requirements is better perched for success. It can assess the risks in the context of the organization and from that understanding either mitigate the risks, avoid them or come up with opportunities for improvement. Innovation could be an outcome.

QMII has been meeting client requirements for over 30 plus years now. Our expertise in correctly assessing the issues and assisting You understand the context of the organization in a systematic manner, as you transit from ISO 9001:2008 to ISO 9001:2015 will be valuable. If you are considering aligning your system to the ISO 9001:2015 for the first time, please call us. This could be the most valuable call you have made!

Enhanced Role for Leadership in Implementing ISO 9001

ISO 9001:2008 grouped the management responsibility under Clause 5. There was a requirement to show commitment (clause 5.1). Customer focus was a requirement and so the quality policy was to be devised under 5.3. It had planning requirements which required management to have measurable objectives. It took the management to responsibility, communication and management review requirements. Yet in effect the managements considered it a quality department initiative Responsibility to ensure the system met expectations efficiently while continually improvement rested with the management, however in effect it kept the Top Management (TM) as an observer from the outside.

ISO 9001:2015 changed all this. TM now in their role as leaders in terms of the clause 5.1.1 is directly involved in their Quality Management System (QMS). They had this responsibility earlier too, but now they need the wider understanding of their business success and business processes to be integrated into the QMS. The success of the business, implying meeting and exceeding targets the organization has set itself to achieve, is integral to the QMS. The QMS is not an appendage to the business management system. It is now for the leadership to integrate and use the QMS to achieve the business goals of the organization. In this manner they not only study the context of their organization, but also appreciate and mitigate the risks; developing purpose, strength and success for their organization.

Clause 5.1.1 on leadership and commitment specifies ten requirements which bind the leadership into the QMS for the organization. Leadership is no more a bolt on to the system approach. A common complaint received over the years, as QMII implemented and assisted organizations to run efficiently, was lack of commitment from the TM. Sometimes the only role played by the TM played was to conduct the MR (Management Review). In sub clauses a through j of clause 5.1.1: the leaders are required to take accountability of the effectiveness of the QMS, ensuring that not only are quality policy and measurable objectives established for the QMS but also aligned with the strategic direction and context of the organization. In sub clause c of 5.1.1, the standard further emphasizes and requires leadership to ensure integration of the QMS into the organization’s business processes. Promoting awareness of the process approach is now a leadership responsibility.

Sub clause e of 5.1.1 requires the management to provide the resources for the QMS. This is a major change in which resourcing has been included in the leadership responsibility. Where leadership delegates authority now, they need to carefully consider the required resources to enable the QMS and business objectives and requirements to be met. Whereas earlier, invariably the publishing of QMS benefits and users buy-in was left to the QM/ management representative, the revised standard clearly charges the leadership to communicate the importance of the quality management and the need to conform to QMS requirements. The revised standard further requires the leadership to ensure the QMS achieves its intended results.

In sub clause h of 5.1.1, it clearly tasks the leadership to engage, direct and support persons to contribute to the effectiveness of a QMS leading to promoting continual improvement. The 2008 standard did not emphasize team building. As long as there was no NC or the system functioned well, the leader could work without involving the team (in this connection clause 7.1.6 on organizational knowledge too is relevant). This had an inherent drawback in that often the continuity of the leadership was not ensured. Even though maintaining the integrity of the system was a requirement it was not directly related to the leadership responsibility. With sub clause j of 5.1.1 supporting the relevant management roles to demonstrate their leadership as it applies to their areas of responsibility is a leadership requirement.

ISO 9001:2015 Tools: Incorporating Risk in the CAR/NCR form

As organizations plan to transition from ISO 9001:2008 to ISO 9001:2015 one of the major adjustments is accepting the fundamental change that preventive action (PA), one of the mainstays of the ISO 9001:2008, has been removed! The standard mandated the six documented procedures, control of documents (4.2.3), control of Records (4.2.4), internal auditing (8.2.2), control of non-conforming products (8.3), corrective action (8.5.2) and finally, in the last clause of the standard, preventive action (8.5.3). The tail of the standard with its sting, formed the very basis of the standard. The success of the correct implementation of the standard, lay in the appreciation of trends through analysis of data (clause 8.4) and prevention of potential non-conformities (NCs) by taking preventive action.  This Preventive Action invariably occurred at the A-stage of the PDCA cycle, where the inputs from audits, inspections, feedback and any other means, were analyzed and the system reviewed to re-source / update the plan. Therefore the pundits of system approach used the CAR/PAR (Corrective Action Request/ Preventive Action Request) forms to record NCs, followed by Corrective Action based on root cause analysis.

ISO 9001:2015 has brought about this fundamental change in thinking, asking implementers of the system approach to be cognizant of the risks at the plan stage of the P-D-C-A cycle. “Look before you Leap” is as old adage, but the methodology to date did not promote this thinking! This need to appreciate risk early, at the plan stage and in consideration of the context of the organization, will require the existing quality management system forms to be updated. On debating this new thought process internally, we at QMII agree that an organization must also appreciate the risk on receiving a NC . As such the CAR/NCR form now needs to be just the CAR Form for recording the NCs/CARs and if risk assessment is missed by the organization the auditors would recognize it as a NC.

The NC/CAR would then be followed up by the organization, taking the immediate remedial measures or doing correction; following it with CA and risk analysis. The risk assessment and analysis would not only mitigate the risk but would also identify opportunities for Improvement (OFI). It would also require the organization to appreciate the risk or OFI as a consequence of mitigating the risk too.

The updated form has been pioneered and can be downloaded here.

ISO 14001:2015 – Enhanced Environmental Management System Performance

ISO 14001 is one of the more popular and recognized ISO standards, with more than 300,000 organizational certifications; used in more than 170 countries. It therefore made sense for ISO to update the standard at the same time it was updating the most popular industry standard in the world, IS0 9001. Under the new High Level Structure (HLS) format ISO standards are being aligned to make it easier for industry to implement integrated management systems. The standards will now have 10 clauses each.

The easier implementation should encourage more organizations to readily accept and implement them. ISO 50001, Energy Management, is scheduled to transition to the new HLS in 2016, and others will be following on progressive basis. Organizations have three years to migrate to the new standard from the day it is published. However, at QMII, we ask “why stay in the past when the future is here?”. The new standards reflect the complex environment in which organizations operate today. Many corporations and government organizations operate internationally, and the ISO standards will make it easier for organizations to communicate with partners, government organizations and other stakeholders. As other ISO standards migrate to the new HLS, it will be easier to implement some of the new security, safety, health and communication protocols required in today’s technology driven environment.

The new ISO 14001 and ISO 9001 standards have an increased focus on leadership and top management involvement in management system development. While 14001 has always been a risk based standard, the risk based approach to 9001 has been a fundamental change; organizations now are asked to consider the risks (opportunities) at each stage of the PDCA cycle rather than wait till the end to implement Preventive Action. The goal still remains to manage the intended and unintended outputs of an organizations process. A new emphasis on objectives measurement and change, communication and awareness are some of the key changes to the standard. There are fewer prescriptive requirements compared to before and organizations still need to be aware of legal regulations and requirements, but they are now covered under “compliance obligations”.

The new standard does not require an organization to have an environmental management manual, but the scope and goals of the environment management system must be documented. How an organization chooses to document its environmental management systems is not dictated, but documented information must be maintained and available to those responsible for compliance. The use of the word documents and records has been replaced by documented information and some new terms and definitions have been added. Lifecycle thinking is a broader concept than recycling and organizations need to focus on environmental performance issues as they relate to their own organization. ISO 14001:2015 should be well received by organizations that are currently certified. The new HLS will make it easier for companies that are getting recertified for ISO 9001:2015 to also consider adopting the ISO 14001 Standard or vice-versa. The movement to be more environmentally friendly will continue to make this a popular standard. We encourage those implementing the standard to go beyond certification in using and improving their management systems.