ISO 9001:2015 – Newsletter – Issue 68

Issue 68 – Interpretation challenges?

ISO 9001:2015…

Interpretation challenges?

I appreciate receiving emails with questions and/or comments from readers of this Newsletter… please continue to do so since it provides me with direction on where to aim the content of these publications.  The theme I would like to discuss in this Newsletter relates to what I will call “differences of opinion” or “differences in interpretation” between some ISO Registrars and their Customers (the organizations trying to address the stated requirements within the ISO 9001:2015 Standard).

In my last Newsletter (ISO 9001:2015 Newsletter Issue 67) we discussed the topic of “surprises during the upgrade audit” where I mentioned how the new word “risk” had no teeth in its associated requirements.  Well, this was also the area where “differences in opinion” arose between some ISO auditors and their Customers.

Some auditors expected to see a type of risk register, or listing of risks, associated with each of the QMS processes.  Although this approach may be helpful to an organization in running their business, nothing in the new Standard requires them to do so, in order to obtain ISO 9001:2015 Certification.

All of the requirements for “risk-based thinking” and “risks and opportunities” can easily be addressed by directing the auditor to the many EXISTING mechanisms within your current QMS such as “internal audits”; “control of non-conformances”; “corrective actions”; “complaint handling”; “establishing quality objectives”; “management reviews”; and the list goes on and on.  If you really feel the need to “document” something regarding this topic, then insert a section in your Quality Manual outlining that this is how your organization has interpreted the word “risk”.  This approach to addressing “risk” was outlined way back in many of our previous Newsletters, and was accepted by many ISO Registrars during upgrade audits.

Another area that caused lively discussions with some ISO Registrars was “Understanding the needs and expectations of interested parties” (Clause 4.2).  Some auditors thought that “employees” need to be added to the list of interested parties, as well as environmental and safety regulatory bodies.

Let me start by asking “where does it say a list of interested parties is even needed?”, since Clause 4.2 has no requirement for “documented information”.  Someone from top management can simply verbally explain who they see as “parties” that are “interested”, and what their requirements would be that are “relevant” to the QMS.  As was recommended in previous Newsletters, you can choose to insert a list of interested parties into the Quality Manual, but you are not required to do so.

With regards to employees being an interested party, that does make some sense since they play a significant role in assuring quality of the products and services so that Customers keep placing orders (which translates into job security for the employees).  If I did add them to a list in the Quality Manual, then I would reference Clauses 5.3, 7.1, 7.2, 7.3 and 7.4 as to where to find their “interested party requirements”.

With respect to environmental and safety regulatory bodies, I must have missed the memo about how these government agencies provide companies with “quality” requirements pertaining to the products and services they sell to their Customers.  I am not suggesting that there is no connection between quality and safety/environmental activities but these government agencies focus on protecting people from injuries and protecting the air/water/land from harm, NOT in outlining specification limits of your products and services (quality characteristics).   Therefore I obviously don’t agree that they are “interested parties” for ISO 9001.  Are they “interested parties” in ISO 14001 and the new ISO 45001?… most definitely!