ISO 9001 has proactively kept up with various industry expectations, over the years, to allow
application by a broad spectrum of industry including the defense forces. The 2015 revision was
a thoughtfully planned giant step. It defined risk (ISO 9001 Clause 6.1) in the context of the
organization (ISO 9001 Clause 4.1 & 4.2) and removed exclusions provision from certification by
redefining what an organization does not do or outsources in the scope (ISO 9001 Clause 4.3). It
also removed preventive action, a reactive concept, and introduced proactive risk appreciation
(Clause 6.1 of ISO 9001 & Clause 8.1 in industry specific standards as AS9100).
This took preventive action from the delayed “Act” stage of the PDCA (Plan-Do-Check-Act) stage
to the more logical sensible “Plan” stage. After all, “look before you leap”, as the historical
fundamental, could not be left as a preventive action decision. It had to be at the look – plan
stage! Risk also needed not just mitigation, but also acted as an input, to be used to bring in
innovation in terms of OFI (opportunity for improvement).
These were all positive steps in keeping with technical advancements and computerization and
AI (artificial intelligence) tools. The HLS (high level structure), later updated to HS (harmonized
structure), recognized the need to enable ease of implementation of integrated management
systems. This in turn leading to efficiency, ROI (return on investment) and where applicable
environmental protection, security of the global supply chain, business continuity, cyber
security and health and safety.
The differentiating of knowledge (ISO 9001 Clause 7.6) from competence (ISO 9001 Clause 7.2)
was also a clever needed change. Organizations needed to define their corporate knowledge
aspects and differentiate it from the individual knowledge of personnel. Knowledge and
competence needed merging and a healthy marriage but needed recognition that they were
different. Removal of the reference to Quality Manager (QM) and Quality Manual from the
standard, took away the narrowness of thinking in quality, and brought the clarity to leadership
to remain accountable and to differentiate authority delegation from retaining the
accountability.
I am a member of the TAG-176 group, and yet have not really contributed much to the next
expected changes to ISO 9001. I am sure the TC-176 is working on this. Nevertheless, it is time
to debate and consider updating the standard.
Since the 2015 version was a major fundamental change, I doubt there would be a significant
departure from this 2015 version in the next major update. Unlikely that the next version may
have revolutionary updates. The emphasis, I think would be to clarify and strengthen the
present thoughts in the 2015 version. I would consider the following:
1. Two Standard Concept: I have over the years thought about the two prongs:
manufacturing and service, approach. Both the service and the manufacturing industry
have been using the standard. Some may consider the need for a separate
manufacturing and a service standard as the next step. However, over the years I have
feared too much bureaucracy which the two standards approach brings. I think the two
standard approaches may actually cause more issues than to resolve them. Might I
opine that Clauses under 8.3 for D&D can, if needed, be strengthened, clarified or more
useful notes as applicable to service version incorporated to assist implementers,
consultants and auditors?
2. Risk be better defined and OFI be clarified, to avoid auditors using it as a tool to sneak in
recommendations. OFI is the outcome of considering risk as an input for innovation. It is
not a recommendation.
3. The knowledge clause needs meat to strengthen it, and to better make it inclusive to
systematizing the requirements for organizations to systematize lessons learnt.
4. An annex added to bring clarity and ease to designing and implementing a combined
management system for an organization.
5. Clause 4.3 Scope, in defining scope requires consideration of the context of the
organization, which is based on Clauses 4.1 and 4.2. However, while the scope has to be
available as documented, 4.1 and 4.2 do not require documentation. I would suggest
both clauses 4.1 & 4.2 to have context as a documented requirement.
In conclusion, I think, updating the standard ground up is not a wise idea at this stage. Perhaps
slight tweaking to include some minor changes would give stability in implementation of an
already robust standard.
