Organizations will have greater flexibility in the way they choose to implement the standards and in determining the amount and nature of the documentation that they will produce.
The recurring review of the standards, every 6 to 8 years, is a consistent practice of the International Standards Organization (ISO) which aims to upgrade them to respond to the new developments, needs and trends of the global market making them more relevant and useful.
This particular review was considered by ISO as an evolutionary rather than revolutionary process and as the logical response to a constantly changing environment which poses enormous challenges to any business.
The main objective of the changes was the introduction of the risk assessment approach through which each organization is required to set its priorities, identify the high-risk areas for immediate action and build its management system.
The introduction of risk assessment eliminated the concept of preventive actions which have been removed from both standards.
The new version of ISO 9001 combines the process approach with the concept of “risk-based thinking” to assess operational risks, whereas, the new version of ISO 14001 integrates “risk-based thinking” with environmental aspects and impacts to assess environmental risks.
The new standards obligate organizations to think about their own particular conditions and environment, rather than “just” prescribe procedures. They are required to identify and analyze the external environment in which they operate -political, economic, social, technological, legal- and to diagnose and determine their organizational context in terms of knowledge, culture, values and resources.
The leadership of each organization is required to be actively involved and committed to define strategy, to provide resources and to ensure the systematic improvement of performance and competitiveness of the organization.
The requirement to designate a management representative is replaced with the more general requirement that the organization's management must delegate authorities and responsibilities for the compliance and improvement of the system/s.
Both standards have been revised with a view also to adopt a common approach, structure and language and to use the same terms, definitions and concepts. The aim was to achieve uniformity among all ISO standards in order to facilitate the integration of systems, a popular practice by many organizations.
Moving from the 2008 and 2015 edition
The transition for each organization will beunique according to its particular situation and environment. However, the basic steps to undertake are the following:
1. Familiarization with the new standard. Identification of what remains the same and what has changed
2. Consultation with the management about the changes and mapping the way forward
3. Undertaking a Gap Analysis of the system in place
4. Development of an action plan with activities, deliverables and timelines
5. Consultation with advisors and/or certification bodies if necessary
6. Training of employees to understand the new standard and presentation of the changes
7. Amendment of the system to conform to the new standard.
Transition time-plan
ISO 9001:2015 replaces the 2008 edition and certification bodies will have up to three years to migrate certificates to the new version.
Organizations must be informed, without delay, about the changes in the standards and gain a good understanding of the new requirements. They should contact their certification bodies to find out the specific timeframes set in order to determine the actions that need to be taken and to set timeframes for their implementation.
This way they will avoid the pressure for hasty decision-making and the possibility of making wrong decisions while they will ensure a better and smoother transition.
Author: Μaria Demosthenous
Principal
Management Consulting
T+357 22 209 031
E mariademosthenous@kpmg.com