Keeping Up with ISO: A New High-Level Structure, Part 2

Last month, we reviewed the changes and business impact of Clauses 1.0-3.0 of ISO 9001:2015. We learned that Clause 1.0 Scope sets out the intended outcomes of the management system. These outcomes are industry-specific and should be aligned with the context of the company. This is where Clause 4.0 picks up.

4.0 Context of the Organization: This clause refers to the individual responsible for the quality management system (QMS), specific job functions involved and tools to be used. Under ISO 9001:2008, this clause stated that the QMS was the quality manager’s responsibility, and this person was responsible for manufacturing/production, which involved checking and recording operator and product/process performance, as well as confirming order entry, and making and shipping the order. The quality manager had little, if any, responsibility for understanding the quality needs and expectations of direct customers, end users, suppliers, distributors, regulators and other relevant interested parties. The result was a lack of company-wide communication, as the quality manager only kept records on quality as a percent of scrap, returns and productivity measures (yield/trends). The customer, therefore, did not always receive the required supporting documentation, such as signed or dated certificates of quality.

Under ISO 9001:2015, this clause places the quality responsibility with the CEO/owner of the company, who must now use assessment tools such as 5S or other quality/environmental/safety internal audits to identify organizational strengths and key areas for improvement. This process includes a review of external (outside vendors, auditors, regulators and others) and internal issues (safety, employees, machinery, process improvement and more) relevant to the company’s purpose, and that affect its ability to achieve the intended outcomes of its QMS.  For example, moldmakers and molders must sign and date certificates of quality, confidentiality and intellectual property protection for new designs and engineering projects. 

Another new requirement of Clause 4.0 is the use of processes to set direction and goals, monitor progress, make resource decisions and take corrective action when progress does not proceed according to plan. This might include, for example, using “Performance Excellence Criteria” to help develop comprehensive, cost-effective solutions for streamlining manufacturing cycles and shortening product delivery times. This requires the CEO/owner and the heads of the financial, operational and sales departments to meet monthly to discuss problems and solutions, and to document “Management Review Meeting” minutes on business measures such as return on investments, scrap, rework, returns, customer feedback, yield/trends, team building, employee and management motivation, increased customer base, customer satisfaction, customer perception, supplier scorecard, environmental (water/electric/gas usage, hazardous waste disposal), recyclables (paper, glass, plastics, metals, cardboard), and safety (accidents, time off).     

The use of these measures is intended to ensure that strategies are balanced, meaning they do not inappropriately trade off among important stakeholders, objectives, or short-and long-term goals. However, the criteria do not prescribe how your company, or various departments within, should be structured or managed, because these factors differ among companies and are likely to change over time.    

5.0 Leadership: The new high structure under ISO 9001:2015 uses this clause to place particular emphasis on leadership, not just management, as set out in ISO 9001:2008. This clause now examines how your company’s top management should address values, directions and performance expectations, as well as a focus on customers and other stakeholders, empowerment, innovation and learning. It also examines the company’s governance, and how public and community responsibilities are addressed.  

Top management (CEO/owner) now has greater accountability and involvement in the organization’s management system. These individuals need to integrate the requirements of the management system into the organization’s core business process to ensure the management system achieves its intended outcomes and allocates the necessary resources. Top management is also responsible for communicating the importance of the management system and heightened employee awareness and involvement.

For example, moldmakers and molders may have always been dedicated to providing total customer satisfaction, but preferred shops are those in which the CEO/owner trains employees to prevent non-conformances, which are defined as defects that can be identified through customer complaints, internal audits, incoming material inspection, or simply during normal testing and inspection activities. They train employees to initiate action in an appropriate manner to prevent the occurrence of non-conformances relating to the product, process and quality system; identify and record any problems relating to the product, process and the quality system through appropriate channels; initiate, recommend or provide solutions to the departments affected through designated channels; verify the implementation of solutions to problems; and control (hold) any nonconforming product until the deficiency is corrected. 

6.0 Planning. Until the 2015 revision, this clause did not require companies to manage risks in their supply chain. Now, they must do so by examining how they develop, deploy and measure their strategic objectives and action plans as part of monthly Management Review Team meetings. This risk assessment takes into account follow-up actions from previous meetings, customer complaints, internal audit results, corrective and preventive actions, process and product performance reviews, recommendations for improvement, and forward actions. 

Once the company has identified risks and opportunities, it must then stipulate how these will be addressed through planning. The planning phase reviews what, who, how and when these risks must be addressed. This proactive approach replaces the previous preventative action approach and reduces the need for corrective actions down the road.