ISO 9001:2015 Implementation

Update your quality management system

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret the fundamentals of ISO 9000:2015 to help understand, and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018. The ISO Navigator Pro™ database divides the requirements into four sequential stages; Plan, Do, Check and Act.

Our range of ISO 9001:2015 quality manuals and integrated manual templates cover the requirements of ISO 14001:2015 and OHSAS 18001:2007, and offer an easy way to implement and document your organization's quality management system or integrated management system.

How to implement ISO 9001

Begin with the assumption that you are already doing most of what ISO 9001:2015 requires, you probably are! We suggest that you purchase copies of ISO 9000:2015 and ISO 9001:2015. Read them both and make yourself familiar with their language and concepts.

We also suggest that you use the familiar Plan-Do-Check-Act (PDCA) cycle to manage your organization’s transition to the new requirements. The following methodology provides nine simple steps to implement ISO 9001, using the PDCA approach:

Plan – Identify System Deficiencies & Develop a Plan Step 1 – Perform the Gap Analysis
Step 2 – Develop the Implementation Plan
Do – Implement Changes & Promote Awareness Step 3 – Implement Key Requirements
Step 4 – Provide Awareness Training
Check – Ensure the changes are Implemented Step 5 – Begin System Auditing
Step 6 – Review Findings
Act – Take action on the Audit Findings Step 7 – Implement System Changes
Step 8 – Begin Process Auditing
Step 9 – Continual Improvement
 

Transition methodology

Step 1 – Perform a gap analysis

The generalized audit questions in the gap analysis checklist will help you to highlight new requirements contained in ISO 9001:2015 and where they need to be implemented when compared with ISO 9001:2008.

The unique knowledge obtained about the status your existing quality management system will be the key driver of the subsequent implementation approach. Armed with this knowledge, it allows you to establish accurate budgets, resources, timelines and expectations which are proportional to the state of your current management system when directly compared to the requirements of the new standard.

Your organization may already have in place an ISO 9001:2008 compliant quality management system or you might be running an uncertified system. If this is the case, you will want to determine how closely your system conforms to the requirements of ISO 9001:2015.

The results of a gap analysis exercise will help to determine the differences, or gaps, between your existing management system and the new requirements. Not only will this analysis template help you to identify the gaps, it will also allow you to recommend how those gaps should be filled.

The gap analysis output also provides a valuable baseline for the implementation process as a whole and for measuring progress. Try to understand each business process in context of each of the requirements of the standards by comparing different activities and processes with what the standards requires.

At the end of this activity you will have a list of activities and processes that comply with the requirements and ones that do not comply. The latter list now becomes the target of your implementation plan in Step 2.

Step 2 – Develop your implementation plan

Once you have identified the gaps in the system and have a committed implementation team, it is now possible to develop an achievable and manageable implementation plan that identifies the necessary resources needed to fill the gaps. The implementation plan should focus on the results of the gap analysis by prioritizing the correction of non-compliant processes.

Ensure that the implementation plan has clear milestones and is supported by Top Management. Implementation planning is about controlling the development process. The organization must ensure that all related activities take place under controlled conditions. The implementation plan is a culmination of events that transfer the requirements of ISO 9001:2015 into quality management system.

A good plan is often the key to any successful project and without a plan; projects tend to run indefinitely and without showing measurable progress. By having a plan, you have specific deadlines to meet.

You can show progress as you meet the deadlines and take action if you are not meeting deadlines. If the implementation team is not expected to meet deadlines, other tasks will take precedence, the project will drag on and lose momentum. The implementation team must be watching the timeline and milestones while coordinating and implementing the plan.

Step 3 – Implement the key requirements

The process approach promoted by ISO 9001:2015 requires that each business process is defined along with its interaction within the quality management system model. A good process model will reflect your business and be unique to how your organization functions.

Identify the processes that comprise your management system, there are two main types of process that you should focus on. Key processes are steps that you go through to give the customer what they want, e.g. from order acceptance to design through to delivery while support processes are those processes that do not contribute directly to what the customer wants but do help the key processes to achieve it. Support processes include human resources, training and facilities maintenance, etc.

A good way to do this is to think about how workflows through your organization. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how the departments interface with each other.

Once you have defined the processes and interfaces; go back to the standard and determine which processes are responsible for meeting which requirements. When defining your organization’s processes, think about each process and department and assign try to define those processes around the current organizational model and not around the requirements of the standard.

The simplest tools are often the best; try to capture this information using process maps and/or flowcharts ensuring you use the terms and language of your organization to describe what happens where.

Another technique is to use a large clear wall and a pack of sticky notes. Write on the sticky those activities that happen in your organization and then organise the notes into a logical chain of events.

Step 4 – Provide awareness training

Awareness training should be given to all employees about the new elements of the quality management system and how it might affect their work. Employees should be made of the quality policy and its objectives. After training, employees should be comfortable with using the revised QMS and will demonstrate their knowledge by being able to locate and use the documented information that relates to their work. Employees should know:

  1. Types of documented information that applies to their work;
  2. Which forms to use, how to complete and process them;
  3. Know the quality policy and how objectives relate to their work;
  4. How to report non-conformances and issues for corrective action;
  5. Understand the context of the organization;
  6. Understand the risk and opportunities that affect their work.

Step 5 – Begin system auditing

During the implementation phase, you should carry out one or two system audits covering all of the requirements that are relevant to your quality management system.

Prepare the narrative for each section of the internal audit report and copy and paste the trend tables and charts to summarize your findings. Ensure the audit report is reviewed and approved. Submit the audit report to Top management for review and action.

Step 6 – Review audit findings

Top management should ensure that corrective action is undertaken on any adverse audit findings without delay. Make any necessary changes to the quality management system and the documentation information.

Certification bodies will wish to see at least three months of records. The new system will likely generate numerous corrective actions; if they are not investigated and completed, your quality management system will not be ready for a registration audit.

Once you have implemented the new key requirements and have dealt with any corrective actions, it is suggested that clients conduct at least one other internal (element) audit as per the defined milestones that were established by the implementation plan.

After this internal audit, Top management should again review the effectiveness of the system as whole and provide resources for corrective actions and improvements.

Step 7 – Implement system changes

Implement any changes to the quality management system processes that might have arisen from the outputs of previous step. Once the whole system is implemented, conduct a full system internal audit. Look for areas to streamline and improve.

Step 8 – Begin process auditing

Once the quality management system is complete and everyone is following the new system, you should conduct an audit of each key process. Begin by selecting a key process and identifying the inputs needed by the process and the outputs that are generated by the process.

Each process audit checklist is divided into two sections. The first section of the checklist deals with general questions that relate to the supporting processes that impact upon the functioning of the key process. The second section of the checklist deals with questions whose answers will reveal whether the key process itself is meeting the requirements of the standard. You may want to add other questions to the checklists that relate to assessing how well the process satisfies customer requirements.

Once the questions from the checklist are answered, you will be able to quickly identify and summarize the process by determining its performance level against the requirements of the standard or customer specifications. Consider these points:

  1. Is the process planned?
  2. Is there is an appropriate review to verify output?
  3. Is there confirmation that the output meets the input requirements?
  4. Is the process is verified for effectiveness? (measured)
  5. Is there validation to ensure that the process meets intended results?
  6. Is there continuity between the various processes in the organization?
  7. Is the task done consistently on a person-to-person basis
  8. Is the task done consistently on a day-to-day basis?
  9. Do the interfaces between the departments operate smoothly?
  10. Are corrective actions being used adequately in this process?
  11. Does product information flow freely?
  12. How are changes controlled?

Ensure that the results of the internal audits are reported to Top management and that appropriate action is taken to correct non-conformances.

Step 9 – Improvement

Clause 10.3 of ISO 9001:2015 requires organizations to ‘continually improve the effectiveness of the quality management system and its process’. Most auditors would expect you to revise the quality system documentation and processes as the quality management system matures or when a new process is implemented.

Processes can always be made more efficient and effective, even when they are producing conforming products. The aim of a continual improvement program is to increase the odds of satisfying customers by identifying areas that need improvement. It requires the organization to plan improvement systems and to take into account many other activities that can be used in the improvement process. Typically, these will be the results from the data analysis.

You will be required to ensure that you continually improve the degree to which your products and services meet customer requirements and to measure effectiveness of your processes. To this end the continual improvement principle implies that you should adopt the attitude that improvement is always possible and that organizations should develop the skills and tools necessary to drive improvement.

The PDCA cycle is a perfect way of introducing continual improvement to your organization’s activities. Each step to improvement can be defined by four sub steps, Plan, Do, Check and Act:

Plan Establish a timetable for internal audits and management reviews. Establish the objectives and processes necessary to deliver results in accordance with customer requirements and your organization’s policy. To improve the operation by finding what is going wrong (customer complaints, internal complaints, rework etc.) and come up with ideas for solving the problem.
Do Implement changes designed to solve the problems on a small scale first to see the effect. This minimizes disruption to routine activity while testing whether the changes will work or not.
Check Monitor and measure processes and product against policies, objectives and requirements and report the results. Also check on key activities to ensure that the quality of the output is conforming and not influenced by the changes.
Act Monitor and measure processes and product against policies, objectives and requirements and report the results. Also check on key activities to ensure that the quality of the output is conforming and not influenced by the changes.
 

Also act to involve other people, departments or suppliers affected by the changes and whose co-operation is needed to implement them on a larger scale. Make sure that changes are documented properly according to the documentation requirements.

All management reviews must be documented. Observations, conclusions, and recommendations for further necessary action from the review must be recorded. If any corrective action must be taken, top management should follow up to ensure that the action was effectively implemented.

The purpose and final outcome of the management review should be continual improvement of the QMS. As your organization’s QMS increases in its effectiveness and efficiency, your environmental performance will likewise increase.

Here's what ISO 9001:2015 is really all about: defining a policy, creating a plan devising with relevant objectives. You then implement the system according to the plan. You then begin auditing, monitoring and measuring performance against the plan and reacting to your findings. Bi-annual management reviews are insufficient in frequency to be able react to any issues effectively.

Performance metrics should be monitored with varying frequencies, some hourly, some daily, some weekly and some monthly. Management cannot wait for six months to respond, if they do, it will be too late. Every time management convenes to review and react to performance, it is considered as a management review. Whether they are reviewing an individual's performance, departmental programmes and projects, etc., this should be considered as valid management review.

Some companies have multiple review levels, whereby, each review may require multiple subjects and rely upon multiple metrics as inputs. Sometimes subjects are reviewed at more than one level, e.g. production numbers might be reviewed by the Production teams during daily production meetings and then by senior management, possibly weekly.

Top management might conduct weekly meetings in which they review metrics and objectives to determine if any corrective action is required. The process owner is then responsible for reporting close out progress in the meeting a week later.

Our quality management system templates offer a reliable way of achieving process based compliance to ISO 9001:2008 and will ease the eventual transition to the new version of ISO 9001:2015. The three year transition period, ending in September 2018, is plenty of time to achieve compliance even if you are beginning from scratch!

More on ISO 9001:2015

 

Why should you buy our templates?

Our audit checklists, procedures, quality manual and integrated manual templates have been successfully implemented by thousands of businesses globally to reduce the risk of minor, or major non-conformances during certification audits.

Certification Bodies such as BSI and UKAS, as well as independent External Auditors, have commented upon the high-level of detail and excellent presentation standard of the documents.

Our customers really value the in-depth content and the straight forward approach to implementation the templates provide.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.

Client list

Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.