This is a 52 week discussion of the proposed 2015 revision of ISO9001. We challenge you to follow us each week, and review your QMS from top to bottom with us. By year end 2015, you can have your QMS upgraded and ready for the 2015 revision!
4.1 Understanding the organization and its context
This is the cornerstone upon which the QMS should be built. Previous versions of the standard have required the organization understand and identify the “scope” of their QMS. I personally really appreciate this particular revision for 2015. Here’s why.
Previously, the focus in this area would point to convenience for the auditor. Organizations would typically interpret this area as a way to introduce the auditor to the organization and begin to clarify any exclusions to the standard the auditor should be aware of. It sets a tone that reduces the value-proposition right from the beginning. It sends the message that rather than using the ISO standard to establish a compliant, and more importantly, effective QMS, we are going to structure our QMS to be easily evaluated by a third party.
This new language and the changes made are very subtle, but they do give more guidance to an organization about how to describe their business and which things should be considered. These areas, if well defined, will also provide many of the areas of “risk” that will be targeted later in the standard. But, we’ll wait to open that Pandora’s box about “Risk” until we come to it in Week 12.
What I don’t love about this section are the specific requirements of “shall monitor and review the information about these external and internal issues”. There is no requirement for a record of this review, but a “shall” is a “shall”. And given the guidance in NOTE 1 and NOTE 2, the context characteristics that might be considered would almost certainly not be “monitored and reviewed”. This looks like a great place to get stuck with an auditor in the age old argument – “we (monitor and review) them” + “how do I know that?” + “we promise” + “show me”…….
Nevertheless, notwithstanding the fact that there is some ambiguity here in terms of a compliance audit, I wish that all organizations would take a moment to consider and understand these characteristics about their business and make them the cornerstone of their QMS, or better yet, their business management system.
A WORD ABOUT DOCUMENTATION – Whether to document this particular section depends on how difficult it was to answer to the first few questions. But be advised that there is a requirement further ahead in 4.3 that the scope of the QMS be documented. There is a lot of discussion about documentation – some people want to document everything – some nothing. This is the time to put “risk” in the back of your mind and ask yourself some questions.. I find it the easiest way to decide whether I document something or not. What if I don’t document this? Will my organization-at-large be aware of the requirement and our answer to it? If the answer is YES, and if there is no specific requirement in the standard, I don’t document it. But if you are really into documenting things, ask yourself another question. What if I document this? Will my organization-at-large be aware of the document and how it affects them and the QMS? Be sure the answer is YES.
LAST WEEK’S HOMEWORK
Did you gather your information about last week’s 10 questions? If so you’re ready to go.
THIS WEEK’S HOMEWORK – Use last week’s questions to determine your organization’s purpose and strategic direction. Sometimes this begins with a mission statement, but whatever is appropriate to your organization will suffice. Remember, working through this section of the standard is an area where you should be aware of not adding unnecessary “fat” to your QMS. Decide who and what your organization is, then move forward accordingly with a clear focus. Next week, we’ll begin to use our purpose and strategic direction to identify our external and internal issues which should be considered in the architecture of our QMS. Good luck!
Stay involved and engaged – SUBSCRIBE!