ISO-9001:2015 – eight months later…
The newest version of the
ISO9001 family was released last fall in September 2015. In response to the
release, a bumper crop of consultants, experts in risk management and
risk-based thinking, have overtaken the QMS industry like spring dandelions in
a grassy field. Indeed, the ISO-related forums on LinkedIn have erupted with
thread after thread of expert opinions on how risk management MUST be a
requirement – well, just because. After all, if ASQ and registrars across the
globe are offering Risk Management training classes and implementation classes,
then all of this MUST be true. Well, isn’t it…?
Let’s look at some of the reactions
from implementing the standard.
1)
It remains
unclear, like next week’s weather forecast, that a quality manual is a necessity.
While the original elements for a quality manual from the 2008 standard still
exist in the 2015 flavor, though re-arranged like peas underneath walnut shells,
the fact that the standard does not
prescribe a quality manual does not mean one can simply eliminate it
without aftershock. Many consultants call it a business management manual,
others continue to broadcast that no such creature exists, just because the
standard no longer requires it.
The confusion
trickles down to the organizational level: quality managers broadcast their
confusion from the standard in the LinkedIn forums, even though the
DIS was available for a long time BEFORE the September 2015 release date.
2 )
Transition gap
assessments, the latest fashion rage, are intravenously fed to the client to
enable the transition to the 2015 standard. In the same vein, internal audits
are denounced as “improper” and “unacceptable” as an effective tool for assessing
the existing QMS for transition planning.
And why is
this?
Internal
audits provide an excellent assessment of current-state conformity, if
properly done. For future-state conformity assessment, simply perform the
internal audit against the 2015 standard. Voila! Instant assessment of current
and future state QMS conformity.
Of course,
the crop of consultants seems to have forgotten (or ignored) the TC176 cross
reference matrix, released in July 2014. Oops.
3)
What in Ned is a
“risk register”? Risk registers are another consultant-created response to
so-called risk management requirements. None of them are, of course, a
requirement – simply read Annex A.4 of the standard. Even under AS9100C, there
are no requirements for “risk registers”. One colleague asked me a very
intelligent question – if risks are identified on the register, what is the
condition to remove or no longer track –even consider – the risk as a risk?
4)
Back to the gap
assessment. Ever hear of a document titled, “N1224 ISO-9001 Correlation Matrices”?
It was issued back in July 2014, based on the then-DIS. There’s very little
delta between the DIS, the FDIS, and the final released standard. Reading the
details in this devil, one can easily determine what requirements are new…there
existed only THREE new requirements. The proof of this is left as an exercise
for the student…and consultant.
The creators
of the document, TC176, stated that after the standard was released, the
document would be revised. “An updated version of this document will be made available once the
next edition of ISO 9001 has been published…“
It’s eight
months later, and we’re still waiting…
5)
And for the coup de grâce, nowhere is risk-based
thinking defined. Nowhere. It's still "a concept."
In a future article, we’ll
describe some of the confusion encountered from implementing the new language
of the 2015 standard. I daresay that volumes of PhD doctorates will be
published. Teaser: the
organization can retain ALL language from the 2008 version in its 2015 QMS.
Summary
ISO 9001:2015 remains a
head-shaking experience for users and organizations. Does it bring value to the
organization and to its customers? Is it gentler and kinder like the new IRS? Unfortunately,
the ISO 9001 standard is a result of a group who decided to reinvent the wheel,
like someone named Clinton who tried to re-invent government. Chaos exists –
perhaps to the advantage of the weed-like QMS consulting industry. Everyone’s
an expert where none previously existed or was needed.
Guidance and advice are important, to be sure. You get what you pay for.
Guidance and advice are important, to be sure. You get what you pay for.
Please, continue to read my
past RBT and risk-related blog articles here on my blogsite. And, guess what? It’s
all free!
No comments:
Post a Comment