ISO Standards Revisions

ISO 14001 Revisions

GAP Analysis
ISO/DIS 9001:2014 Draft International Standard Analysis
All Standards Revisions News
Training - ISO Standards Transition
Videos

ISO/DIS 9001:2014 Draft International Standard Analysis

Introduction
The publication of the Draft International Standard (DIS) of the International Quality Management System
(QMS) Standard (ISO/DIS 9001:2014) signifies the first time all current and future users can access and
review the proposed changes to ISO 9001.
As a result, organisations will be able to start planning for their transition to the new standard when it is
published (currently forecast by ISO to be September 2015).
The DIS contains both new elements and existing elements that are changing and this document sets out to
provide interested parties with insight into the potential impact of the changes on organisations.
What's New?
The elements that are new to ISO/DIS 9001:2014 can be separated into two types, 1) those inserted as part of
the wider Annex SL introduction to all ISO Management System Standards (MSS) and 2) those specifically
introduced as part of the revision process for ISO 9001.
Common Terminology & Structure
As anticipated and as previously highlighted by LRQA, ISO/DIS 9001:2014 incorporates the high level
structure and common terminology from ISO Directive Annex SL. The incorporation of Annex SL means a
new structure and layout out for ISO 9001 and one which all management system standards are adopting as
they are revised or introduced in the future.
This DIS version contains many definitions; they have been included to help the reader understand all the
terms used. An understanding of the definitions is vital in order to fully grasp the new standards
requirements. A decision will be taken later as to which definitions remain in ISO 9001 and which are
included in ISO 9000.
One term that is used extensively throughout ISO/DIS 9001:2014 is Determine. Determination is defined in
ISO/DIS 9001:2014 as:
activity to find out one or more characteristics and their characteristic values
Within the management systems environment, organisations will have to consider how they can provide
evidence that a process of determination has taken place and that an output from that process exists.
Annex A has been introduced and is informative in nature. This Annex provides clarification for the new
Structure, Terminology and Concepts contained within ISO/DIS 9001:2014.
Whilst the structure and terminology has changed, there is no requirement for an organisation to use these
terms or to follow the numbering or structure within their management system.
Context
Context of the Organization is new and requires an organisation to determine the internal and external issues
and requirements that can impact on the planning of the quality system. Context becomes an important

consideration and helps to ensure that the management system is designed and suitably adapted for a specific
organisation. This helps provide the right focus, approach and balance to the different elements of the
management system rather than the same generic approach across all organisations.
Risk Based Approach
The incorporation of Annex SL into ISO/DIS 9001:2014 now drives a risk based approach to thinking and
acting. The requirements under a risk based approach affect quality planning and now incorporate much of
what was previously titled Preventive Action. Now an organisation will need to determine the risks and
opportunities that need to be addressed to give assurance that the QMS can achieve its intended results.
This may appear as a new area to ISO 9001, however many organisations already have risk based thinking
and planning in many parts of their organisation which may or may not have been connected to the QMS in
the past. This greater focus on risk will mean that an organisation will need to demonstrate how this
requirement is met. The extent and formality of the approach needed in a particular organisation will - of
course - be influenced by its context.
Scope and Applicability
The way inclusion and exclusion of requirements for ISO/DIS 9001:2014 is addressed is different from
previous versions. Now organisations will have to determine the scope of the management system (similar to
other management system standards) and maintain this scope as documented information. The scope will need
to be determined from the boundaries of the organisation, its context, its interested parties and its products and
services. Where requirements can be applied, it is expected that they will be unless there is a clear reason that
they are not applicable.
Documented Information
The terms documented procedure and record and have been replaced with document information. In use,
this means that documented procedures are replaced by the requirement to maintain documented
information and records are replaced by the requirement to retain documented information. The nature and
type of documented information that an organisation needs to maintain or retain is dependent on the context
and its operating environment. The way documented information is defined in ISO/DIS 9001:2014 provides
more scope for an organisation to determine what is appropriate for its unique set of circumstances, rather
than just following a prescriptive format.
Organisational Knowledge
An organisation will now need to consider what knowledge it needs to achieve conformity of products and
services along with how it will develop, maintain and retain such knowledge. Whilst this is a new requirement
in the standard it may not mean it will be a new requirement for any certified organisation as any well
managed organisation will usually have methods to manage the information and knowledge it needs in order
to perform successfully.
Control of externally provided products and services
Purchasing has been retitled as Control of externally provided products and services to make it clear that the
requirements apply to both physical product and consumed services related to the end product of the
organisation. Whilst not specifically a new requirement, there has always been some confusion around certain
categories of externally provided products and services whether this has been through an associate company,
joint venture or outsourced activity. Now it is clear that however provided, an organisation will need to apply
a risk-based approach and determine the type and extent of controls necessary.
Whats Changing?
Along with the above areas which may appear new to many users of ISO 9001:2008, there are many other
changes to the text of existing requirements. These changes often clarify the intent of a particular clause or
make implicit requirements more explicit. These may not require an organisation to change its management
system in any way. However, it would be worthwhile for an organisation to review whether the new wording
of the standard aligns with their current organisational practices, a number of which are highlighted below:
Quality Manual

The requirement for a specific document called a Quality Manual has been replaced with a clause titled
Quality Management System and its Processes. Organisations are now required to determine the processes
needed for the quality management system - their inputs, outputs, sequence and interaction - then maintain
documented information to the extent necessary to support the understanding and operation of those
processes. If the current quality manual fulfils these requirements then it can stay as is.
Leadership
The requirements relating to the relationship between the role Top Management play in creating and
supporting an effective quality management system have been enhanced. There are now more areas where
Top Management needs to demonstrate their involvement and engagement with the quality management
system, such as
Ensuring integration of QMS requirements into the organisations business processes
Promoting awareness of the process approach
Assuring the QMS achieves its intended results
Supporting other relevant management roles to demonstrate their leadership
Management Representative
ISO/DIS 9001:2014 no longer requires a specific role of a management representative but defines roles where
Top Management needs to assign appropriate responsibility and authority. If this can be achieved through
assignment to one person, then it may be that no change is necessary. If, however, the range of roles is
broader than that of one person, then an organisation will need to show how these have been assigned to
appropriate personnel.
Planning of Changes
Another requirement that has been expanded and clarified is that of Planning of Changes. Where the need for
change is identified there is now a much clearer requirement for such changes to be carried out in a planned
and systematic manner. Again an organisation will need to review its own approach to managing changes to
see if any revision of its QMS is necessary.
Analysis and Evaluation
The ISO/DIS 9001:2014 text has expanded and enhanced the previous requirements to clarify what is
expected. The Performance, Monitoring and Review definitions are all relevant here. Analysis and Evaluation
of appropriate data covering conformity of products and services, customer satisfaction, conformity to the
management system, process performance, external provider performance and so on, are all areas where an
organisation will a] need to review its current approach and b] determine if any change is necessary. The
output of the Analysis and Evaluation is now a defined input into the Management Review process.
Management Review
Because of the incorporation of Annex SL and the revision to other areas within the DIS such as the areas
highlighted above, the scope of information to be considered at Management Review may also need to be
extended to include these areas. There is now an explicit requirement for Management Review to consider 1]
how changes in its context affect the QMS and its strategic direction and 2] the effectiveness of actions taken
to address risks and opportunities.
What should I do next?
There are many changes currently included in the revision to ISO/DIS 9001:2014; whether these translate into
a need for an organisation to change its management system is a more difficult question to answer. The degree
of change necessary will depend on how an organisation has developed and uses its existing management
system. Consideration needs to be given to a] whether its ISO 9001:2008 is limited to strictly meeting the
requirements as specified in the standard or b] whether it has systems and processes in place that, while not
specifically required in ISO 9001:2008, are viewed as management best practice and may be contained in
other MSS, such as ISO 14001 or OHSAS 18001.
An organisations current evaluation and management of risk will also heavily influence the degree of change
that an organisation will need to undertake in order to meet these future requirements of ISO 9001:2015.

Against this backdrop, there are four main steps that organisations should be considering:
1) Start with the DIS and focus on the areas that are completely new or have been revised. Those are the areas
that are likely to be included in your transition plan. Also, make sure that quality managers and internal
auditors understand the differences that Annex SL will bring to your QMS and any other management system
standards in your organisation.
2) Ensure that your certification body not only understands the DIS, but more importantly, understands what
the DIS means to your QMS and wider organisation.
3) Engage your certification body to find out how a gap analysis and training on specific areas of ISO
9001:2015 can benefit you personally, as well as your organisation.
4) Begin formalising a transition plan and process and ensure that top management is involved from the start.
Given that there is a three-year transition period from the date the new standard is published, this timeframe
will allow organisations to change at a pace suited to them, which will typically involve one certification
cycle. Early adopters and, indeed, any organisation can have their systems assessed against ISO/DIS
9001:2014 at any stage, in part, or in whole towards awarding certificates at the earliest opportunity against
the final published standard. At this relatively early stage in the process that will lead us to a final and
published ISO 9001:2015, it remains unclear how these requirements will affect audit durations, auditor
competence and audit methods, as well as what will be proposed as the transition policy by the accreditation
authorities. The ongoing interested parties engagement process, including discussions and debates around the
new and revised areas within ISO/DIS 9001:2014, will culminate in an FDIS, which will provide more
specific transition criteria and allow organisations, consultants and certification bodies to formally begin the
transition to ISO 9001:2015.
How can LRQA help?
LRQA is a major contributor to the development and improvement of standards and associated guidance in
the fields of management systems and conformity assessment worldwide. As recognised voices in the industry
- driven through our membership of the IIOC (Independent International Organisation for Certification), the
global certification trade body - our experts are actively involved in the international technical committees for
all three of the worlds leading Management System Standards, specifically ISO 9001, ISO 14001 and ISO
45001/OHSAS 18001 (occupational health and safety).
Our range of transition services include gap analysis, training and educational tools (including webinars)
which have been designed to ensure that organisations understand what ISO 9001:2015 means to them.
Combining technical expertise, industry-leading assessor training, a field force of sector specific assessors and
our unique Business Assurance assessment methodology LRQA is able to help our clients ensure that they are
prepared for the transition to ISO 9001:2015.
For more information, please em