Author Gary Hibberd
In the world of ‘Industry Standards’ it’s not often we get excited, but when there’s a refresh of an old ‘classic’ like ISO 9001, there’s a real sense of suspense and expectation! And today at the ISO 9001:2015 – Update seminar, hosted by the British Standards Institute the air positively ‘crackled’ with expectation!!
Ok… Ok… I may be exaggerating slightly, but the Industry Standard for Quality Management, ISO9001 has been around for a long time and the update of the standard to fall in line with the new structure made popular in ISO27001 (Information Security) and ISO22301 (Business Continuity) is much welcomed.
ISO 9001:2015 – Update Seminar
So today we travelled to Durham to listen to the BSI explain the key changes in the new version of this very popular standard which has more than 30,000 UK companies certified to it.
It was an excellent set of presentations which outlined the purpose of the ISO9001 standard and what the fundamental differences are between the 2008 version and 2015 version.
To summarise an information packed morning is difficult, but I’ve highlighted just a few points below to give you a feel of what I believe are some of the key points raised.
Those who are familiar with the new ISO27001:2013 and ISO22301:2012 standards will not be surprised to hear that ‘Leadership’ is a major part of the new ISO9001:2015 standard and being able to demonstrate this commitment is fundamental to being able to achieve (and retain) certification.
Focus on Risk
Those who have read the ISO9001:2008 standard will know that the word ‘Risk’ only appears once in the whole standard (But you knew that anyway didn’t you?). In the 2015 edition you will see that there is now a focus on Risk Management and Risk Prevention. How you identify risks and how you manage them will be determined by your business, but manage them you must. A key indicator of this new focus is highlighted in the auditing process which will become a risk based audit and not simply a compliance based audit.
Engaged Vs Involved People
Another important step forward (and improvement) is the requirement to ensure (and demonstrate) people ‘engagement’ and not simply ‘involvement’. This may sound like a subtle difference but being ‘involved’ is a passive activity, whilst being engaged is active. This means that it is no longer enough to say ‘the MD is involved in X process’, they must be ‘engaged’ and able to demonstrate this engagement.
ISO9001 – The Old, ‘New’ kid on the block.
Management Systems have been around for a long while and ISO9001 is one of the more popular systems for a reason; It has provided businesses with a way to demonstrate quality in their products (and services) and helped eliminate errors and waste or reduce operating costs.
The new edition of the standard is significantly different, but in a good way. It is aligned to other standards and therefore will be easier to implement (so long as you understand Annex SL). It is risk based and more focused on principals rather than dictating a set of rules you must follow.
The new version isn’t out until September 2015 so there’s still plenty of time to look at the standard in its current form and even take a look at the DIS (Draft International Standard) if you want to see what’s coming down the line. ISO9001:2008 will still be with us until 2018 so there’s no panic! But for those who are forward thinking, the new standard offers many benefits which have already been discussed.
The BSI event today was very interesting and enlightening and going on the number of people attending (around 80 people) I suspect this is a standard that still holds a lot of interest.
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.
Please contact us here to speak to a member of our team.