Updating the system with a changed document control system

I was commenting on a query on LinkedIn seeking guidance on managing change when the existing document control system is to be changed. Particularly when the number of documents involved is large.  My advise from experience is: 

The first question would be to establish if the change was necessitated/ driven by a NC? If yes then the RCA should have revealed this and differentiated between Correction and CA (Corrective Action) requirements. Where immediate consequences to the NC are relevant please consider updating those documents first. This prioritization is perhaps the first step.

If this is a PAR (Preventive Action Request) prompted by a need to stay ahead and ensure continual improvement please follow a plan. The changes can be implemented in a planned manner over a period of time. Perhaps an audit cycle.

Also separate out the documents (which presumably the organization will have don). Address the policy first and follow with the update of the procedures. The number of procedures can not be very many. You should be able to address these straight away. 

The WI (Work Instructions), SOPs (Standard Operating Procedures) can then be updated in a systematic manner per the guidelines you will provide to process owners. WI update should not be a centralized responsibility. Give 3 months and provide detailed briefing guidelines on the new document control system to all process owners. They should then implement it per their priorities.

P-D-C-A helps here too! make a good plan. As you go to the D stage do some briefing and take time and make the effort to explain the requirement to the stakeholders. Then go tot he C stage, conduct an audit. Establish what is remaining and I think in 4 to 5 months the change should be done.

ISO 9001 - The Revision Process

In these last few months I have had a hectic teaching schedule where I worked on teaching ISO 9001 and ISO 14001. It was only natural that students would have questions on the changes / revisions coming up for ISO 9001 as the ISO 9001:2015 version is being considered. Many of the students wanted to know if there was a process followed to update standards or was it just ad-hoc when some one felt the need and so on. 

At Huntington, WV with the CO and students

CG students in the 5 day RABQSA certified training, in Huntington and Duluth had questions and wanted me to explain the procedure. I also received an e-mail from a student of ISO 28000 from Qatar asking a similar question. This prompted me to write a few lines on the subject. In brief here is the process for updating the standard.

    The ISO 9001 as many good thoughts has its roots in the USA. It was first published as MIL-Q-9858 in by the Department of Defense in 1959. In 1969 NATO adopted it, subsequently the UK published it as BS5750 in 1979. As ISO 9000 it was first published in 1987. The first real revision came in 1994 and this was followed by a revision in 2000. The present standard came out as ISO 9001: 2008 in 2008. The 2008 version did not have many changes. It did stress on the outsourced processes and a few changes.

  

   This new version, expected in September of 2015, however has major changes. The fundamentals remain unchanged but more standardization has been introduced to enable ease of integration of standards. More on this in a separate article.

     The main stages of a standard development are:

1. PWI: This is the Preliminary Work Item where the preliminary work is done.
2. NP or NWIP: New Work Item Proposal. The proposal is put together at this stage. 
3. WD: Working Draft. This is the preparatory stage. 
4. CD: Committee Draft. 
5. DIS: Draft International Standard. This really is the inquiry stage. 
6.  FDIS: Final Draft International Standard 
7.  IS: International Standard. This is the stage when the finally approved standard is published.

In the development of the ISO 9001:20015, the standard reached the CD stage of voting in June 2013 and the voting closed in August 2013. This is a stage where the CD is distributed to the members of the committee. It is these committee members who can at this stage distribute the CD to public. We at QMII  re-reviewed a copy at this stage. (I shall be writing on some of the expected changes shortly.)

The DIS is expected sometime in August 2014. Traditionally the DIS is available to members of the public. It is expected that the FDIS ballot will close in August 2015 and the revised ISO 9001 will be published in September 2015.

QMII conducted the RABQSA certified EMS LA (Environmental Management System Lead Auditor) training for the USCG at Yorktown. The ISO 14001:2004, together with ISO 9001 and ISO 27001 will have a revised addition in 2015. All standards in future will incorporate the HLS (High Level Structure).

ISO 9001:2015 - Expected changes from ISO 9001:2008

I did make an introductory mention to the ISO 9001:2015 standard expected to be released in September 2015. The principled changes are mentioned there. Some QMII students and alumni have asked me to write a few introductory comments on the expected structure. I have already written on the HLS (High Level Structure). In this second blog entry on 9001:2015, I want to introduce our readers and followers of my blog to the expected changes to ISO 9001:2008 when it is revised and available as ISO 9001: 2015.

In the terms and definitions itself, some changes are expected. Stakeholder remains a term but the  preferred term “interested party” has been introduced.  Audit, conformity, continual improvement, correction, corrective action, documented information, effectiveness, management system, measurement, monitoring, non-conformity, objective, organization, performance, policy, process, requirement, risk, competence, and  top management , have now been defined. 

ISO 9001:2008 has stood the test of time, and there are statistics to clearly show that there is satisfaction with the current version. However, with the change in environment and to ensure the standard will continue to deliver in the future, changes are required. The standard must meet not only customer expectations but must consistently provide goods and services that meet the statutory and regulatory requirements. In the revised standard, the term “product” is being replaced by “goods and services.” Some of the standards had different definitions and or implications for the same term. Now these terms have been standardized for all the standards. The terms “outsourced” and “purchasing” have been removed and replaced with "external provision of goods and services". Another major conceptual change is that “design and development” has been replaced by “development.”

In ISO 9001:2008, clauses under 7.3 took us from design and development planning (7.3.1) to inputs (7.3.2) to outputs (7.3.3) to review (7.3.4) to verification and validation to control of design and development changes (7.3.4 thru 7.3.7). However, the standard allowed exclusions under 7.3 since not all organizations go through each of these stages. This has now been done away with. 

The principles in clauses grouped under 4 have not changed in concept, except that clause 4.3 has left the determination of the scope of the organization to the organization. The clauses under 5 are for leadership and these in principle have not changed. Clauses grouped under 6 provide the requirements for planning. Clause 6.3 is a change in that it requires an organization to plan the changes. It replaces the concept of integrity of the system covered under clause 5.4.2 of ISO 9001:2008.

As we study what to expect under clauses 7, we see overall the concept is the same. Except in 7.1 resources, there are changes. Presently in ISO 9001: 2008, clause 6.3 & 6.4 provide the requirements for infrastructure and work environment. This has been elaborated and process environment defined together with infrastructure, monitoring and measuring and in 7.1.5 Knowledge. This new requirement on how organizations manage knowledge, understand it and deal with it is a new concept. It is still not clear if this concept will remain and be approved by the committee. Clause 7.5.3 control of documented information replaces the ISO 9001:2008 clauses 4.2.3 and 4.2.4.

Auditors as Advisers!

I received a phone call from an ex-student, wherein she as an auditor wanted to add value by using her experience and expertise in advising the management on how they should improve the system.

I asked her if she had found any NCs (Non Conformities) during the audit. She said not really but she had recommendations to make based on her experience. My response to her was to please consider that auditors and managements have distinctly different roles. Though both performing their due diligence correctly will eventually benefit the management system/ the organization. It is when auditors want to add value and virtually impose their will, ideas,make recommendations or look for a reflection of their ideas that the seed of management failure occurs. Auditors are SME (Subject Matter Experts) in auditing, the standard(s) and the process approach etc.

We must respect the organization by agreeing that the managements are the SME in their business and specialty and in meeting customer requirements and ensuring the service and goods (products) are delivered to meet requirements. If they do not meet the requirements, the greatest service we do as auditors is to provide a correctly written NC.  It is for the management to follow up on the NC and carry out RCA (Root Cause Analysis).

Is she not obliged to assist in RCA and problem solving as an auditor? My response is that RCA and problem solving starts when auditors leave. Of course there may be occasions when as internal auditors you perhaps wear two hats; a challenging situation. Yet with a little maturity it can be ensured that the two roles are not mixed. Verification which follows the implementation of the RCA results, does indeed, need a little "research", but might I suggest, not of what you as an auditor expect, but of what is acceptable to the organization.

I further advised my readers to consider that by giving advice are you taking on the management's role? From my experience, whenever auditors do that, they slowly kill the management. Often the first step in that death of an organization is that the management just does what the auditors recommend/advice, forgetting their role at the Act stage of the P-D-C-A cycle in terms of Management Review (MR) clause 5.6 of ISO 9001. Please always remember the role of the auditors in the 'murder' of Enron. Yes with your consultant's hat, it is acceptable. I agree. After all the managements use consultants, not auditors, for advice.

Introduction to HLS - High Level Structure

At QMII since 1986 we have been introducing and encouraging the integrated approach to management. As President and CEO of QMII I have emphasized this specially to the maritime industry, where for example a passenger line is meeting various demands related to passengers, food related, health and hygiene related and to an extent considering social responsibility aspects as a requirement to encourage passengers. Having discrete systems makes the implementation a challenge.

It is therefore very heartening that as the ISO 9001, ISO 14001 and ISO 27001 are being revised the standards will all incorporate a common structure which will make implementation of an integrated system a reality. All future standards starting with ISO 9001:2015 have incorporated this change. The purpose of the HLS – Higher Level Structure is to ensure all future standards (as they get revised) will have identical text covering the common components. Actually ISO 9001:2015 will be the second standard to adopt this. The standard on Business Continuity Management ISO 22301:2012 already incorporates this HLS. ISO 14001: 2015 too will incorporate the HLS.

So what is this HLS? All standards as of date already have Introduction clauses which under 1 cover scope, 2 to cover normative references and 3 to cover terms and definition. These will be the same in all standards and so remain unchanged.

The changes that the HLS will bring in are that all standards will now look the same and the other clauses would be grouped as follows:

4- Context of the organization

5- Leadership

6- Planning

7-Support

8-Operation

9- Performance evaluation

10- Improvement

This will then be followed by the Appendix and Bibliography.

For readers who are already familiar with the existing ISO 9001: 2008, please note these changes to the structure.

More detailed inputs/ comments on the structure follow in future articles. Please stay connected to the blog.