While ISO 2008 required a documented procedure of preventative action to be implemented when appropriate after the corrective measures had been taken, the approach was a reactive response to an adverse event or nonconformity. In ISO 9001 2015, the notion of preventative action has morphed into a more proactive preventative approach applied in all the main processes of the quality management system: planning, design, development, manufacture, customer support and service. In this new standard, the measure is called risk-based thinking or RBT.
Understanding Risk in Context
Let’s first attempt to understand what is risk. The answer may ultimately be subjective when considering what risks are in the context of an organisation. However, one common explanation is, where there is risk, there is a chance or probability of something adverse happening or a chance to exploit a resulting opportunity. The end-product of risk is uncertainty and deviation from that which is intended. According to the new standard, this deviation could be positive or negative.
What is Risk Based Thinking?
While there is no definition for Risk-based Thinking (RBT) provided in ISO 9001 2015, there is some explanation in ISO 9001 and TC 176. This clause tells us that RBT is something we do “automatically in everyday life.” Some have described RBT as being a common sense measure. Perhaps the old adage is true;
“Common sense is not so common,” Voltaire
Where to Apply RBT
The new ISO standard states that RBT should be applied in each of the processes that make up the quality management system. However, each process of the quality management system holds varying levels of risk regarding the organization’s ability to meet its quality objectives. Because of this, more careful and formal planning and controls are needed for certain risk areas than others.
Understanding Opportunity as a Risk
When considering the context of the new standard, opportunity, is not merely the positive side of risk —but a set of circumstances in which an outcome is impacted to some degree, by either action or non-action. There is less risk involved when choosing to exploit an opportunity for a positive outcome than there is in failing to act when the result would have negative, neutral, or less than positive consequences. Therefore, each potential scenario is relevant to RBT in weighted amounts.
Planning and Implementation of RBT
RBT, as the standard requires, should be applied in the planning and formulation of the complete quality management system. This begins with a requirement for top management to identify and include both internal and external parties who have an interest in the effectiveness of the QMS. Those whose end goal is to achieve the production quality goods and services. For the same reason, top management is to identify both positive and negative issues that present opportunities and risks that are relevant to quality goods and services as these will need to be taken into account when planning and implementing the quality management system.
The Fluidity of Context of the Organisation
Because the context of the organisation is not a static trait, the risk potential also changes. It is important that an enterprise can appropriately evaluate risk potential, mitigate those risks and identify opportunities in the ever-changing environment of organisational context. While it is not a requirement, one suggestion for to successfully plan, implement and follow through with RBT in any number of risk areas is to utilise the following process:
Plan – Identify and plan to address the risk.
Do – Implement the plan to avoid, eliminate or mitigate the risk.
Check- Asking how effective your plan was at risk avoidance.
Documentation of RBT Processes
It is important to note that there is no explicit requirement for the process to be formalised into a written document nor is there any stipulation to retain documentation for recordkeeping. However, you must be prepared to present some form of evidence that suggests you engaged appropriately in risk-based thinking, as this process does require significant forethought and “what-if” or scenario planning.
Summary of the Requirements for RBT
Promote awareness of risk-based thinking allows leadership to determine and address various risks and opportunities which we otherwise might have missed.
Provide the necessary resources for RBT in all areas of risk or opportunity, remembering that risk is implicit whenever the conditions determine it suitable or appropriate
Monitor, measure, analyse and evaluate the effectiveness of actions taken to address the risks/opportunities.
Correct, prevent, or reduce artefacts, improving the QMS and updating risks and opportunities as needed within the changing context.
Consider including some evidence of risk identification and evaluation having been performed, if this action supports or adds value to the organisation.
Benefits of RBT
An organisation is responsible for its ISO application to have risk-based thinking and identify the actions it takes to address the risk including evaluation of opportunities as a risk. The standard, by applying risk-based thinking, greatly increases the likelihood of a company realising the following benefits
Proactive stance to prevent poor outcomes
Greater ability to recognise opportunity
Improved consistency and quality of products and services
Increased customer confidence and satisfaction
In summary, RBT is the next obvious step-up from the previous standard which was reactionary. Successful companies will have the common sense to intuitively incorporate proactive risk-based thinking into the existing quality management system. When properly implemented, RBT ensures greater knowledge of risks and better prepares the organisation to deal with those risks. It promotes a thought framework in which missed opportunities are also calculated as potential risks. It increases the likelihood of reaching objectives while reducing the possibility of undesirable outcomes.Read More
There are a few situations in which a company could benefit from hiring an ISO or quality management consultant such as expanding the scope of an existing ISO certification, improving your functional performance within the current QMS through additional training, resources, and education, and finally facilitating a new ISO certification project.
The relationship between client and consultant should be one built on trust and mutual respect. This is critical since the consultant will need the to lead the client through the ISO certification process informing and educating along the way so that the client becomes more knowledgeable and stronger while driving the implementation process forward.
An Organised Approach to Choosing a Consultant
But how do you go about choosing the ISO consultant that is best for your organisation? We recommend, starting early, gather information, and use the following methodical approach before you begin consultant interviews.
Establish an ISO Committee or Team that is made up of individuals who will serve as contact points for the consultants.
Assess the company’s strengths and its weaknesses, including issues that could threaten your ability to achieve certification.
Define exactly what it is you are hoping to achieve from ISO certification.
Conduct frank and open roundtable discussions to discover agendas and define goals.
Document your project goals.
Create a “wish list” that you will use as a guide for evaluating a consultants fitness to serve the interests of your organisation.
Basic Criteria for Choosing an ISO Consultant
1. Experience and Skills
You have to do your research, not only into the consulting company but also about the individual who will be performing the consulting. The following are some questions to help you evaluate this area.
Does the consultant have certificates like Lead Auditor Course or Lead Implementer Course?
How many jobs has the consultant performed?
Does the consultant have a track record of shortening implementation time?
How long has the consulting company been in this business?
Which industries has the company and consultant worked with?
Does the consulting firm have references that back up their experience and know-how for implementations of similar scope? It is important that your team does its due diligence by following up with the references provided.
3. Customized Services
Your company is unique so too must be the solutions the consulting company is prepared to offer. Avoid “copy and paste” consultants. They often show up with predesigned templates with little else to contribute. Unless the consultant is willing to tailor their services to your needs, you would be better off attempting the implementation unassisted.
4. Language and Communication
A consultant who doesn’t speak your native language (or speaks in a broken dialect) can lead to disaster. One job of a consultant is to understand the unique nuances of your day-to-day operations, and that can be difficult with a language or communication barrier.
A Word of Caution: Conflict of Interest
A consultant will be privy to your most critical and proprietary information. Make certain to have non-disclosure contracts in place to cover these areas so that you are not left vulnerable. Beware of contractors attempting to upsell you on software or other additional services.
A knowledgeable and professional ISO QMS consultant can make certification implementation a much easier process for your organisation. An expert consultant will possess analytic skills and the ability to identify and help you avoid pitfalls that can be time-consuming and add cost to the project. It is important that the consultant’s offerings are synergistic and align with your company’s goals and action steps. The consultant you choose should be an excellent communicator who has a process in place for leading you step-by-step through the complete certification project and a precise idea of what the auditors will look for, recommending the best solutions for your organisation.Read More
If your goal is building an organisation with prospects for long-term success, then you can look at what makes it sustainable. One approach is to focus on quality across the organisation. Sometimes, business leaders find it helpful to go through a process of certification, especially to demonstrate to customers that their business practices are worthy of ongoing loyalty. Businesses in nearly every industry may choose to become certified by the leading organisations in their field and also according to evaluations of their organisation in general. One option is becoming certified under ISO 9001. In this post, we examine the process-based thinking that leads to this certification.
A Focus on Quality Management
It’s worth pursuing ISO 9001 certification if your organisation already maintains a focus on quality. You can also use this methodology to improve operations prior to seeking certification. ISO 9001 means that every business unit and identifiable activity within a company is held to high standards. This doesn’t just occur in preparation for certification. It’s built into every operational area and signifies the status quo. Also, business processes and tasks that result in mediocre or poor quality are not acceptable. Management is responsible for correcting instances of less-than-standard quality, and the root causes of these instances must be researched and eliminated.
Everyone Gets Involved
ISO 9001 also means that all employees maintain a focus on continuous improvement; this comes from the deep-seated belief that customers will keep buying because they recognize quality in products and services. Employees want to work for an organisation with a reputation for high quality because they recognize the extreme value that customers get. Employees contribute to ever-higher levels of quality and help customers benefit from their entire experience with the company.
Getting certified under ISO 9001 requires reviewing all of an organisation’s internal operations and assessing them according to 7 quality management principles, or QMPs. These principles govern every task that employees perform and other indicators that are harder to measure, such as interactions between employees and customers. The QMPs are: customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision-making, and relationship management.
The Example of QMP #2: Leadership
Let’s take a closer look at one of the QMPs to help readers understand what ISO 9001 looks like in practice. According to the International Organization for Standardization (ISO), an organization will incorporate all of its managers into the process. “Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the organisation’s quality objectives.” This means defining what quality looks like in terms of a particular process, which is a combination of business activities. The rationale for focusing on leadership is as follows: “Creation of unity of purpose and direction and engagement of people enable an organization to align its strategies, policies, processes and resources to achieve its objectives.” This mindset does not leave room for people who do not support quality objectives and those who won’t follow policies and procedures. People who aren’t rule followers do not help an organisation reinforce its quality standards.
Is It for You?
The ISO 9001 certification could signify that your organisation has moved along a continuum, but you aren’t ready for it if your organisation is immature. The beginning of the continuum resembles total chaos, and the end of the continuum resembles a “self-learning” organisation. Without a commitment to effective leadership and the other six principles of ISO 9001, your organisation cannot demonstrate its sustainability to outsiders. The value of the products or services that you deliver to consumers will remain in question. You can say that the quality management principles have been implemented, but anyone looking closer can quickly find evidence that your organisation falls short.
When you get your ISO certification, there are a number of certification bodies you can get from. Many people wrongly assume that a certification from a larger certification bod has more value. However, this is a myth. The reality is that ISO certification bodies throughout Australia (in fact across the globe) provide the same level of certification, though it’s important to choose the one for your own reasons.
Why is ISO so Important?
ISO, known as the International Organization of Standardization, is responsible for developing and publishing international standards. When you want to assure people that you have a safe and reliable product, the ISO certification provides the necessary assurance. Many customers look for the certification, before they award the work.
When you choose ISO, you can actually use this as a strategic tool to reduce your costs because of minimizing errors and waste. You can ensure that you are using an international standard, and it will allow you access to new markets, including those overseas. The world as a whole is familiar with ISO certification and therefore you can get involved in fair global trade. Developing countries will often turn to the ISO to learn about new processes, such as managing animal welfare and improving sanitation.
ISO works within an array of sectors, including climate change, food, health and safety, energy and renewables, and much more.
How to Receive Certification
When you are ready to receive ISO certification, you need to choose a certification body, sometimes known as a conformity assessment body (CAB). To do this, you will want to look at a few different bodies in Australia to find out who they are and what they have to offer.
– Ensure that the body has a good reputation, see and understand what existing customers say
– Check for accreditation. A lack of accreditation does not mean the company isn’t reputable, though it will provide insurance that the body is competent.
After you have gone through the ISO certification process, you will identify a product or system with the numbers, such as ISO 9001:2008 certified. Saying “ISO certified” is not a proper way of displaying your certificate.
ISO does not provide the certification directly, which is another common myth about getting certified. It must come from a third party CAB.
Choosing the Right CAB
ISO recommends that you go through International Accreditation Forum (IAF) in order to find a CAB. The IAF is the world association for CABs in the field of products, services, and an array of management systems. You will have the ability to search for a CAB within a specific country as well as to read more about them.
The IAF also provides news and publications to educate you more about ISO standards as well as current trends that may be taking place across the industry. This can be used to conduct research about a specific product or service prior to getting certification to ensure that conformity on the latest best practices are in place.
In the end, the only thing that is displayed once ISO certification is received is the ISO stamp with numbers on the product or service. No one ever sees the assessment body. This means that you can use the body of your choosing in order to receive the ISO certification. One body is no stronger than another. It doesn’t mean that you have a better ISO certification than another. You either receive the certification or you don’t. This allows you to choose the body you want to work with, regardless of where you are located.
With many third party certifications to choose from, some research should be done. Sustainable Certification has a great reputation amongst businesses in Australia who are seeking ISO certification on various products and services.
In 2015, ISO revised the 9001 quality management systems and 14001 Environmental Management Systems. Significant changes were made and now it’s important to know how it will impact various organisations – particularly those who already hold the 9001:2008 certification and 14001:2004. Organisations throughout Australia are already working on making changes and updates.
What are the Major Changes?
There are quite a few ISO changes that you want to be aware of, as it applies to these management system. Reviews are conducted every five years and if a revision is determined to be necessary, then one is rolled out. Businesses and organizations face new and different challenges than several decades ago and the new environment requires a new approach with regards to ISO 9001. This is why there is now a 2015 rollout of changes, which everyone who has been considering getting ISO certified as well as those who are currently certified, need to be aware of.
Some of the biggest changes include:
- New structure, following many of the other ISO management system standards
- Focus on risk-based thinking
- Greater emphasis on leadership engagement
- Addresses supply chain management more prominently
- Simplified language is used
- User-friendly for knowledge-based and service organizations
Presentations are available on the various changes, including the risk based thinking. Although risk based thinking has always been present, there is more of a focus than in prior years. Multiple clauses are impacted by risk based thinking, including Clause 9, where an organisation must monitor, measure, analyse, and evaluate actions in terms of their effectiveness. This will in turn make it easier to manage risk. Risk management is an important part of ISO certification and is increasingly becoming more important. The changes reflect the changed attitude toward risk.
There are an array of benefits that come from this new certification. With all of the changes that have occurred across industries in the past few years, it only makes sense for ISO to make the adjustments. It allows businesses in Australia and the rest of the world to have the support they need in order to put greater emphasis on their business – and this can also lead to better customer service.
ISO 9001 changes are clearly identified and support is provided to those who are currently using the 2008 version. Every organisation is different and therefore it is a good idea to:
- Familiarise yourself with changes
- Identify gaps within your organisation
- Provide awareness and training as necessary
- Update your quality management system
It’s also important to contact a certifying body to learn about what else you can do.
What it Means for People with 9001:2008 Certification
The ISO 9001:2008 is still a valid certification. However, customers who are in the know of the new ISO standards may frown upon a product or service that shows an older year. The ISO provides organisations with a three-year transition in order to make the migration over to the newer standards. Now that the higher level structure is out, it’s important that you start working towards the 2015 standards so that you can update your certification.
Some customers may not mind seeing the 2008 within your ISO certification. Technically, your certification is still valid. However, it is not in response to the latest trends and therefore it is something to be aware of.
The ISO technical committee shares more information, though it’s a good idea to contact a certification body (CAB) in order to find out what needs to be done above and beyond what you already do in order to get the new ISO 9001:2015 certification on your products/services. This will allow you to display the new certification prominently and provide the necessary assurance to your customers, regardless of whether they are located in Australia or anywhere else in the world.
Enter Details and download