Top 6 Issues for Implementing ISO 9001:2015 and ISO 14001:2015 Many certified organizations around the world are in the last minute process of adapting their management systems to comply with the 2015 revisions to ISO 9001 and ISO 14001 standards. Although the transition deadline of September 2018 seemed far away at the time it was released, the time for focused action is now. Most likely, your next audit is the upgrade to the 2015 edition of the standard (unless you were part of the 5% who did the work early). The magnitude of effort to complete the transition is purely dependent on the size, maturity, and complexity of the organization’s business processes. Here are the top 6 issues organizations are facing with implementing the ISO 9001:2015 and ISO 14001:2015 standards: 1- Context of the organization – requires an understanding of the external and internal factors that could impact the organization’s ability to meet its objectives. ISO/ TS 9002 includes examples on the implementation of this requirement. The intent of this requirement is to understand the external and internal issues that are relevant to the organization’s purpose and strategic direction and that can affect, either positively or negatively, the organization’s ability to achieve the intended results of its quality management system. Brainstorming and asking “what if” questions may be used in clarifying the Context. Although documented information is not required, one may be very useful in outlining the company’s approach in determining its Context. 2- Identification of Stakeholders and Interested Parties – Although self-evident, the revised standards enlarge the group of stakeholders and interested parties beyond customers and owners / shareholders. The list of relevant interested parties can be unique to the organization. These stakeholders could possibly influence or have an impact on the organization’s performance/decisions, or can affect the organization through their decisions or activities. Some key stakeholders may include customers, end users or beneficiaries, partners, bankers, unions, owners of intellectual properties, external providers, employees, regulatory requirements and others. Obviously, some interested parties have more impact than others, but until you list them, it’s difficult to assess that impact. Although documented information is not required, a simple document outlining the interest parties and their expectations may be a fruitful exercise in ensuring that those requirements are considered. 3- Risk based Thinking – Continued on page 4 Topics covered in this issue: Top Six Issues for Implementing ISO 9001:2015 and ISO 14001:2014, SQF Code 8 FAQ, IAAR Memo on the benefits of transitioning right away, ISO 45001 Update, and Aerospace Update 2017 Quarter 3
Transcript
Top 6 Issues for Implementing ISO 9001:2015 and ISO
14001:2015
Many certified organizations around the world are in the last minute process of adapting their management systems to comply with the 2015 revisions to ISO 9001 and ISO 14001 standards. Although the transition deadline of September 2018 seemed far away at the time it was released, the time for focused action is now. Most likely, your next audit is the upgrade to the 2015 edition of the standard (unless you were part of the 5% who did the work early). The magnitude of effort to complete the transition is purely dependent on the size, maturity, and complexity of the organization’s business processes. Here are the top 6 issues organizations are facing with implementing the ISO 9001:2015 and ISO 14001:2015 standards:
1- Context of the organization – requires an understanding of the external and internal factors that could impact the organization’s ability to meet its objectives. ISO/TS 9002 includes examples on the implementation of this requirement. The intent of this requirement is to understand the external
and internal issues that are relevant to the organization’s purpose and strategic direction and that can affect, either positively or negatively, the organization’s ability to achieve the intended results of its quality management system.
Brainstorming and asking “what if” questions may be used in clarifying the Context. Although documented information is not required, one may be very useful in outlining the company’s approach in determining its Context.
2- Identification of Stakeholders and Interested Parties – Although self-evident, the revised standards enlarge the group of stakeholders and interested parties
beyond customers and owners / shareholders. The list of relevant interested parties can be unique to the organization. These stakeholders could possibly influence or have an impact on the organization’s performance/decisions, or can affect the organization through their decisions or activities. Some key stakeholders may include customers, end users or beneficiaries, partners, bankers, unions, owners of intellectual properties, external providers, employees, regulatory requirements and others.
Obviously, some interested parties have more impact than others, but until you list them, it’s difficult to assess that impact. Although documented information is not required, a simple document outlining the interest parties and their expectations may be a fruitful exercise in ensuring that those requirements are considered.
3- Risk based Thinking –
Continued on page 4
Topics covered in this issue: Top Six Issues for Implementing ISO 9001:2015 and ISO 14001:2014, SQF Code 8 FAQ, IAAR Memo on the benefits of transitioning right away, ISO 45001 Update, and Aerospace Update
2017 Quarter 3
Occupational Health and Safety Management Systems ISO 45001 update
For those of you eagerly awaiting an update on the Occupational Health and Safety Management - ISO 45001 standard, here it is. The most recent round of voting on the ISO DIS 45001.2 has resulted in majority approval and can move forward towards publication. The ballot indicated 57 votes of approval, 7 votes of disapproval and 8 abstentions. The next step will take place in September of 2017, when the PC 283 committee meets in Malaysia to review the approximately 1630 comments received on the Draft International Standard (DIS). At that time, the committee will determine if the standard will be moved directly
to publication, which would mean potentially by the end of 2017, or if an FDIS (Final Draft International Standard) will be necessary. If an FDIS is deemed necessary, it would delay publication until 2018.
It is intended that the ISO 45001 standard will help organizations reduce the burden of occupational injuries and diseases by providing a framework to improve employee
safety, reduce workplace risks and create better, safer working conditions, all over the world.Currently, many organizations use OHSAS 18001 for minimum requirements for occupational health and safety management best practice. The intention is that OHSAS 18001 will be replaced by ISO 45001 when published.DQS Inc. is closely monitoring the development of this standard and is preparing to apply for accreditation as soon as the opportunity is available as well as preparing to offer certification services.
More to come on the progress of this standard after the September meeting!
Candace OrbaughSource: ISO.org
2
UPDATES TO STANDARDS
2017 Quarter 3
The Benefits of Transitioning to ISO 9001:2015 and ISO 14001:2015 ASAP
The following IAAR memo from Executive Director Milton M. Bush, JD, CAE and President and CEO John Knappenberger will be useful for DQS Inc. customers to learn about the advantages to starting the transitions as soon as possible. Please see below and contact us if you have any questions.
The Independent Association of Accredited Registrars (IAAR) and the ANSI-ASQ National Accreditation Board (ANAB) are writing those customers certified to ISO 9001:2008 and ISO 14001:2004 to explain the benefits of transitioning to the 2015 versions of these standards well before the deadline of September 15, 2018.
We realize by now your organization is well underway internally with changes necessary to conform to the revised standard. However, it is now time to work with your certification body to complete the process before the deadline.
It all comes down to planning
efficiency and cost minimization, with the key advantages of having the new certificate in hand prior to the deadline as follows:
• Starting earlier may allow your certification body sufficient lead-time to schedule an audit in conjunction with other clients and auditors in your geographical area which may reduce travel expenses.
• Starting earlier will reduce risk and anxiety in the event there are non-conformities. It is not just required that your audit is conducted by the deadline. If nonconformities are identified during the audit, they must be addressed with corrective action and approved by the certification body then a decision must be made by the certification body.
• Starting earlier will make it easier to conduct integrated audits.
• Starting earlier will
improve your management processes and will drive a risk-based approach to the management of your business. This will ensure that your organization will be able to identify risks and opportunities more effectively therefore improving operational efficiency, reducing duplication, saving both time and money.
• Starting earlier will reduce costs and investment to maintain a management system conforming to both the old and new versions throughout the time of transition.
• Starting earlier may give you a marketing advantage over your competitors that have not transitioned yet and will minimize questions from your customer base about your certification status as the deadline draws near.
Based on informal feedback of Continued on page 3
SQF Code, Edition 8
The SQF Code, Edition 8, is scheduled for implementation January 2, 2018. With that date quickly approaching, we understand our customers have questions they want answered. That is why we are partnering with SQF for a webinar on September 12 at 11am Central Time. Register for this webinar at https://dqsus.com/information-center/webinars/.
Also meant to help all SQF customers is the FAQ on Edition 8 that SQF put out. You can find the full list on their website at http://www.sqfi.com/wp-content/uploads/Edition-8-FAQs-Final.pdf, and read on for the Timing section of their FAQ.
1. When will edition 8 of the Code be active? The implementation date for edition 8 is scheduled for January 2nd, 2018. This is the date that all certification audits, recertification and unannounced recertification audits will commence under the SQF Code, edition 8. Any audit that is scheduled to commence on or after January 2, 2018 will be required to be audited against Edition 8 of the SQF Code.
2. Can we use edition 8 of the Code prior to the implementation date of January 2nd? Any audits scheduled prior to January 2, 2018, will be
under edition 7.2. There will be no exceptions.
3. Where can I download Edition 8? Edition 8 can be found on the SQFI website at www.sqfi.com/documents. All previous versions of the SQF Code can also be found by following that link.
4. Our initial certification audit is in 2017 under edition 7.2. Will I have to recertify to edition 8 in January once the Code is implemented? If a site is audited against edition 7.2 in 2017, then their recertification audit date will be conducted twelve months from their initial certification audit against edition 8. There is no need to have an audit prior to that date against edition 8.
5. Will our unannounced audit is scheduled to be conducted in 2018, will it be to edition 8? Unannounced recertification audits scheduled for 2018 will be under edition 8.
6. How much documentation is required to update our current SQF system to edition 8? For example, should my system review be against edition 7.2 or edition 8? Any auditors auditing against edition 8 of the SQF Code will be required to audit against all requirements (new and existing) that are contained in edition 8. Sites should evaluate their systems to ensure they meet the requirements of edition 8. It is recommended that there be at a minimum of 90 days of documentation to support any new program or requirement however that is not a requirement. The actual number depends on the program, policy or procedure that is being implemented.
7. What languages will the Codes be translated? When will that be available? Edition 8 of the SQF Code will be available in 5 different languages:
• English
• Chinese
• Japanese
• Spanish
• French Canadian
English is currently available on the SQFI website (sqfi.com) and the remaining languages are to be translated and available by July, 2017.
2017 Quarter 3
3
UPDATES TO STANDARDS
Continued from page 2
the IAAR accredited member certification bodies, more than 80% of certified organizations have not completed the transition process. With less than 15 months to the final deadline, organizations wishing to transition into 2018
are highly likely to experience difficulty in arranging desired audit dates and audit teams. As with previous transitions; the transition period will not be extended by the International Accreditation Forum (IAF). Unfortunately, organizations that do not complete the transition
process with their certification body by the deadline will no longer be certified.
We hope you take advantage of these earlier start benefits and avoid any potential for a certificate lapse by contacting your certification body soon to start the transition process.
Aerospace Update
The aggressive timeline that the Aerospace Industry has imposed on all those involved with third party certification continues to bring challenges to us all. The challenges have been shared with the industry
and they have communicated that they are holding to the original timeline established within the Supplemental Rules (SR-003).
This requires that all certified organization must have their transition audit, all NCRs closed
and verified as effective, technical review, certification decision, and publishing in OASIS completed by September 15, 2018. As we are now in the time when audits are required to be conducted to AS91XX:2016, the industry is seeing where Continued on page 4
2017 Quarter 3 www.dqsus.com
4
UPDATES TO STANDARDSContinued from page 1
An added dimension to decision making at all levels within the organization and encourages the consideration of risks and opportunities with achieving the desired results. Process level analysis has been present in sector specific standards. However, for many organizations,
the requirement to demonstrate risk–based decision making is challenging. There are many tools available for this, such as: FMEA, SWOT, ISO 31000, etc.
No one method is prescribed in the new standards. Different methods may be used for the various processes, as seen suitable by the organization.
4- Process Approach – This
concept has been in the ISO 9001 standard since the 2000 edition. The 2015 edition adds more structure to the requirement. Organizations continue to address their management systems on the obsolete clause basis and are in the journey of thinking along business processes. Identifying
business processes at a relevant level and assigning process indicators for effectiveness, has proven to be of great value to those organizations that have successfully made the transition.
5- Out-sourced Processes – The applicability of these requirements has not changed and yet the type of control to be exercised over outsourced processes includes consideration of the environmental aspects and impacts over the life cycle of the product or service for ISO14001.
6- Leadership and Commitment – The requirement to demonstrate
commitment to the organization’s quality or environmental management systems and ensure the integration of those requirements into the organization’s business processes has drawn in executive responsibilities in the certification processes. By engaging top executive management in such decisions organizations are now able to demonstrate the value of an effective management system in assuring business success. Complex structures and large organizations often have difficulty in assuring / demonstrating such leadership engagement / commitment for processes previously delegated to the “quality” or “environmental” department.
A wealth of information is available for organizations to learn and implement the revised requirements, including numerous recorded webinars on our website, ISO 9000:2015 -Fundamentals and Vocabulary and ISO/TS 9002:2016 - Guidelines for the application of ISO 9001:2015.
Continued from page 3
are not ready for transition.
With organizations not being ready, the industry is seeing many certified organizations requesting to postpone their audits. Unfortunately, the industry has a limited amount of resources available to do these audits and postponing these audits brings significant risk to the certification of those organizations.
Both ISO 17021 and AS9104/1
require annual audits for all certified organizations. This means that each certified organization must have an audit every calendar year. As there are limited resources, postponing audits to the end of 2017 is not feasible and brings significant risk to the certificate. Certificates for certified organizations that do not have their annual audit are required to be suspended on January 1st. Any suspended certificates will be viewable by the industry in OASIS.
Based on the timelines, resources, and risks as outlined above; we are encouraging organizations not to delay and proceed with the audit even if they are not completely ready. While there is a risk that there may be some nonconformities identified during the audit, this is typically a much lower risk than having a suspended certificate.
We look forward to continuing to work with you through this transition period.
