Interview: Lead ISO Auditor: Part II

November 4, 2015

As part of the eclipse commitment to quality, we submit to annual audits from a third-party auditing firm to review our deliverables and Quality documents each year.  This is part two of the series conducted by Kristie Lively, Vice President, Clinical Operations & Quality Compliance with a lead auditor from our selected firm – Kris Erickson, NQA USA.

What are the major changes to the new ISO standards?

ISO 9001:2015 will have a new structure. Instead of 8 sections, there will be 10.

ISO has developed a ‘High Level Structure’ to be utilized by the various ISO management system standards moving forward to allow for more consistency and better alignment across management system disciplines such as quality, environmental, information security, etc.

There is no requirement to have organizations re-number any documents or processes per se, however some organizations may find value in doing that, so that their documentation aligns with the Standard for clarity.

Some specific requirements have been dropped in the transition to ISO 9001:2015 – for instance:

  • A Quality Manual is not required
  • The number of documented procedures are left to the company’s determination
  • There is no Management Rep – top management is to be directly responsible and involved in the success of the Quality System
  • Preventive Action goes away – replaced by “risk-based thinking

These changes don’t require organizations to eliminate existing documents or roles if they are found to be effective or necessary for operation of the QMS, but do provide additional flexibility.

When should companies begin to transition SOPs and ISO policies and can you explain the transition cycle that companies should follow post publication?

Certified companies shouldn’t panic – they will have time to transition to the new standard!

It’s expected that organizations will have up to three years from the ISO release date to transition their existing certification (e.g. late 2015 to late 2018).

Transitioning will require organizations to meet the revised requirements and demonstrate effectiveness of their processes.

At NQA we’re already helping our clients through the process:

  • We have information currently on our website
  • We’re in the middle of a “2015 Transition Roadshow” with 6 sessions across the US and Canada for companies to come and find out more and begin to create a plan
  • Our auditors will sit with each client at their next audit activity and put together a plan for that client to transition

There will be dual compliance required to ISO 9001: 2008/2015.

Organizations will have to remain compliant to the ISO 9001:2008 standard while preparing for and implementing changes for ISO 9001:2015.

If they disassociate themselves from the 2008 requirements and their transition to 2015 doesn’t go smoothly, they may be left without a valid ISO 9001 certification.

Organizations should consider themselves ISO 9001:2008 certified and compliant until such time as they have their ISO 9001:2015 certificate in hand; then they can disassemble any 2008-required framework no longer mandated by ISO 9001:2015.

Could you describe the risk based methods appearing in in the new standards?

The inclusion of risk and related topics such as opportunities, consequences, and controls is likely the most discussed change to be seen in 9001:2015.

Risk is being made an explicit requirement.  The word “risk” appears 18 times in the DIS version of 9001: 2015 – specifically in these sections:

  • The QMS and its processes (4.4)
  • Customer focus (5.1.2)
  • Management review (9.3)

Related references to impacts, consequences, controls, etc. can be found in virtually every section of ISO 9001:2015 requirements. The term “Risk-Based Thinking” has been coined to help the concept of risk pervade throughout the QMS, and risk has also been incorporated into the process approach model.

While many organizations may already practice some level of risk-based thinking, the challenges within 9001:2015 may be to show such an approach within their QMS.

I’ve heard travel by airplane used as an example of risk analysis.  If we fly, and there is a problem, the consequences are bad.  But the likelihood of a problem is low, due to actions to reduce the risk:

  • Training
  • Backup systems
  • Maintenance

These efforts lower the odds of problems, and so plane travel is safe.

In my travels as an NQA auditor, I’ve seen many of our clients with a seasoned quality system that are ready to take the next step.  I think ISO9001:2015 will challenge these companies to think in new ways that will lead to success for their business with a greater significance than that framed piece of paper hanging on the wall.

Eclipse proudly integrates with Oracle solutions

Oracle CRO AdvantageOracle Silver Partner