ISO 9001:2015 is Here

Are you ready?

SS: ISO:9001

Sponsored by:

1

About ISO 9001The ISO 9001 standard related to quality management systems helps businesses better serve their customers and consistently provide products and services that meet both customer and regulatory requirements.

More than a million businesses and suppliers in quality-intensive and highly-regulated industries have been ISO 9001 certified, and there are many reasons why businesses continue to join the worldwide ISO 9001 community. The standard has gained acceptance to the degree that many major global corporations and organisations require ISO 9001 certification from their partners and solution providers. The roadmap it provides for quality management has been proven over more than five decades to help lower risks, especially in quality-intensive and highly regulated industries.

Despite the original guidelines being drafted 55 years ago and many updates made over the years, the core advantage remains the same; being certified gives partners and customers reassurance that a business maintains strict processes for ensuring its quality policies are followed throughout the organisation.

What does ISO 9001:2015 mean for you?Companies have a grace period in which to transition to the new standard before losing their certification. In this period they must ensure they meet the amended requirements in order to remain certified.

The new version follows a new, higher-level structure to make it easier to use in conjunction with other management system standards, with an increased focus on risk mitigation.

“The new version is very strongly based on three basic core concepts,” said Nigel Croft, Chair of the ISO subcommittee that revised the standard. He states that one is the successful process approach from the 2008 version. The second is the plan-do-check methodology based upon the system of processes. “The third core concept that is new in the 2015 version is risk-based thinking, aiming at preventing undesirable outcomes,” Nigel concluded.

Risk is the factor likely to have the biggest impact on businesses looking to become ISO 9001:2015 certified. The new version calls for increased risk awareness, where organisations recognise and evaluate potential risks within their environment and quality management system. After identifying, assessing and prioritising each risk, the company decides whether to accept or avoid the risk, or develop a plan to minimise its impact. This must be clearly outlined within their quality management system.

Why you should be preparedWhile ISO 9001 is a cross-industry standard, companies that operate in highly-regulated industries such as manufacturing, life sciences, food processing and energy production are likely to be most significantly impacted.

ISO 9001:2015 is here. Are you ready?

ISO 9001:2015 is here. Are you ready?

2

The content and process management demands that compliance and quality requirements place on organisations in highly-regulated sectors are high. For example, there are more than 14,000 laws, standards and regulations in the U.S. alone that dictate how long to keep paper and electronic records (Source: Cadence Group).

Given the high priority that organisations in highly regulated industries must place on quality and compliance management, and the amount of documentation they must produce to support and fulfil compliance initiatives, it is no longer practical to manage content separately from quality and compliance. As a result, management systems for both documents and information, as well as processes, procedures and templates, must play a central integrated role in effective quality and compliance management. In short, document management and quality management should no longer be viewed as two separate entities.

So how can you prepare?There are three key considerations that can make the transition to ISO 9001:2015 as smooth as possible.1. Arm yourself with all the information you need on what the requirements are, the changes in the

latest version, and a step-by-step guide to achieving and maintaining compliance.2. Are your current systems and processes able to cope with the increased expectations placed upon them? If not,

or there’s a question about whether they are, consider the next-generation of solutions for quality management and compliance support.

3. Store and manage certification related information in an easy-to-access, compliant way.

1. Arm yourself with all the information you needYou need to ensure that you understand the differences between ISO 9001:2015 and ISO 9001:2008, and are able to identify any gaps in your current QMS and related processes that will need to be addressed to ensure your continued compliance. It is therefore worth speaking to the experts now

and planning to invest in resources that will ease your ISO 9001:2015 implementation, and save you time and money.

IT Governance is a leading global provider of IT governance, risk management and compliance solutions – including documentation toolkits containing management system document templates that have been created by consultants with extensive experience implementing management system standards.

Organisations that are beginning to plan their ISO 9001 transition projects can utilise IT Governance’s free ISO 9001:2008 to ISO 9001:2015 Conversion Tool, which summarises the key changes to the standard, maps the standard’s clauses from version to version, and provides a breakdown of the requirements for documented information, thereby helping organisations to easily identify the changes they need to make to their QMS.

You can download your free ISO 9001:2008 to ISO 9001:2015 Conversion Tool here

Alternatively, you can use the standard alongside the ISO 9001:2008 to ISO 9001:2015 Gap Analysis Tool to monitor what needs to be done and develop an implementation plan to ensure a smooth and structured transition. All employees involved in quality management processes will need to be made aware of the revision, and the changes and impacts that will arise from it. Most importantly, they will need to be clear on their roles and responsibilities in ensuring the requirements of the new standard are met.

Taking advantage of the expertise of an organisation such as IT Governance can streamline the transition process considerably by reducing the project’s time and costs, and ensuring that your transition to ISO 9001:2015 is as seamless as possible and does not impede your everyday business activities. Organisations that use IT Governance’s

3

ISO 9001:2015 is here. Are you ready?

toolkits can effectively use consultancy expertise without going to the expense of actually engaging consultants.

IT Governance’s ISO 9001:2015 QMS Documentation Toolkit contains the fundamental tools and materials you need to easily start your QMS project and continuously support implementation. Using the toolkit’s one-click customisation feature, you can create documents that are tailored to your company’s needs and satisfy the requirements of multiple management systems.

You can order the ISO 9001:2015 QMS Documentation Toolkit from IT Governance here

2. Next-generation quality managementTraditional QMS systems and approaches typically focus on policy-related documents and the workflows to control these documents. This structure leads to data silos, and locating policy information and ensuring it is kept up to date can be manual and laborious.

For instance, it is not uncommon for organisations to use multiple different systems for managing the various elements associated with quality management. There is likely a separate system for document management (or even just network drives) where documentation, such as CAPA templates and risk assessment forms, will reside. Risk management could be managed independently from the rest of the quality system as well. This approach is cumbersome and results in silos of information and the lack of transparency across all quality-related processes.

Modern QMS offerings break down these silos by providing a single, centralised system for managing quality processes and associated documentation and other information. Further, leading solutions can manage and track core business objects and related processes in addition to only documents, such as Word or Excel files.

For example, internal production processes often include a variety of other common, important business-related information objects that are often even managed in other systems, such as an ERP or CRM. In manufacturing operations for example, these can be common objects or items, like parts and assemblies, or other entities critical to the business like customers, vendors and contractors. They can also represent important information that is tied to the production process, such as work orders or lots. There are also various stages such as parts specification and manufacturing, assembly, testing and release. The ability to easily view and access important information from any stage in the process or vantage point is a crucial aspect of providing quick, easy access to the “right” content in context.

More importantly, when these disparate forms of information are integrated and then leveraged to index and organise the documents and files we typically think of as unstructured content (such as purchase orders, invoices, contracts, proposals, shipping bills, etc.) the foundation for a powerful and efficient quality management system is formed. Even more powerful is the ability then to establish linkages between related information to provide a 360 degree view, such that one can find whatever they are looking for from any starting point or stage of the process. This can include identifying stakeholders, such as process owners or project team members, or any other related information or content, such as workflows, risk assessments, deviations and audit trails, along with other information about relevant standard operating procedures and regulations.

A key benefit of industry-leading QMS solutions is that regulatory compliance is greatly simplified, becoming a day-to-day way of working, versus a system for collecting static documents filed away in a quality manual. All compliance related documentation is stored and managed in a centralised system and instantly accessible by users at any stage of a given process. Important processes and standard operating procedures are automated with simple notifications and alerts to required parties, and then supported with electronic and digital signatures and clear audit trails. This improves transparency and ensures that required compliance-related tasks are completed on time by the right people, and that related information is up-to-date and always available.

4

ISO 9001:2015 is here. Are you ready?

Further benefits of a next-generation QMS solution include:• Streamlining process management: Internal processes and workflows can be automated, with the Quality

Manager having complete visibility of process status. Electronic signing capabilities can further automate workflows whilst increasing security and reducing risk.

• Protection of sensitive and valuable content: Access and permission management features ensure the security of confidential or mission-critical information.

• Easy templates to ensure consistency and convenience: Create templates for CAPAs and SOPs, audit procedures and more; this not only minimises the time required to create such critical documents, but ensures that they are created to an appropriate standard.

• Document control and learning: QMS should be an essential training tool, to ensure that necessary information has been learned. It’s simple to see who has and has not completed their required training, and easy to send reminders to ensure that they do. This can also be critical for other compliance initiatives, such as health and safety legislation.

3. Store and manage informationFor organisations in highly regulated industries, information management is a critical component of compliance, and not only for ISO 9001 requirements. In addition to extensive laws, regulations and ‘good practice’ standards, businesses are striving to improve operational excellence, organisation,

clarity, transparency and accountability.

Enterprise Information Management (EIM) solutions can enable organisations to effectively manage both their ISO 9001-related content as well as other core information assets, making it simpler to adhere to the ISO 9001:2015 standard. Here’s how:

• Spend less time looking for ISO 9001 documents: All ISO 9001-related content can be tagged with metadata attributes that identify them as ISO 9001-related as they are created or saved. These metadata attributes allow documents to be retrieved based on context and relevance instead of the folder in which they are stored. The added layer of intelligence makes it quick and easy to locate relevant ISO 9001 information, or to retrieve related documents for any other purpose or project. Put simply, searching for ISO-related documents becomes completely painless.

• Improve visibility of ISO assets: Digital content can be managed as part of a single virtual repository, eliminating silos of information that are time consuming to search and tend to proliferate duplicate information when users recreate materials they can’t locate.

• Automate version control and archiving: Employees can access the most current information, or retrieve historical documents, while employers have a full audit trail of document access and changes made.

SummaryBy taking a pragmatic and proactive approach to information management and risk mitiation, organisations in highly regulated industries can transition to the updated ISO 9001:2015 standard faster and more efficiently. Through the use of toolkits, training and consultancy, as well as a QMS solution that streamlines process management and the management of associated documentation, businesses can establish and enforce document and data control procedures and ensure that

processes are followed according to regulations and standards. Regulated businesses can lose the complexity, but not the control, of achieving and maintaining ISO certification.

Furthermore, the next-generation quality management systems provide the seamless link between document and quality management. As the emphasis on risk increases in ISO 9001:2015, a management solution needs to help minimise risk by automating quality processes, for example Corrective and Preventive Actions (CAPA). These systems

5

ISO 9001:2015 is here. Are you ready?

can come with not only the tools needed, but ready-made processes inbuilt, to further simplify compliance-related efforts and initiatives.

AboutM-Files document management and quality management solutions improve and simplify how businesses manage compliance-related documents and other information. M-Files provides packaged solutions for managing a variety of different quality processes, such as document control, CAPA and deviation processing, audit management and training management. The company’s solutions help regulated companies become more productive, more efficient and to stay compliant with standards including but not limited to ISO 9001.

M-Files also offers a purpose built QMS solution that goes above and beyond typical document or quality management solutions. It is unique in that information and documents, along with quality processes such as CAPA, change controls and audits, can be managed from one single tool. By being able to provide both QMS and document management in one solution, M-Files stands out from the crowd.

M-Files eliminates information silos and provides quick and easy access to the right content from any core business system and device. M-Files achieves higher levels of user adoption resulting in faster ROI with a uniquely intuitive approach based on managing information by “what” it is versus “where” it’s stored. With flexible on-premise, cloud and hybrid deployment options, M-Files reduces demands on IT by enabling those closest to the business need to access and control content based on their requirements. Thousands of organisations in over 100 countries use M-Files as a single platform for managing their critical business information, including iLOQ, Bentley Instruments and Fläkt Woods. For more information, visit www.m-files.com.

About IT GovernanceIT Governance Ltd is the single-source provider of books, tools, training and consultancy for information security, IT governance, risk management and compliance (IT GRC). It recognises that cyber security is a business issue, not an IT issue, and talks to management in business, not technology, terms. Its comprehensive range of products and services, combined with flexible and cost-effective delivery options, provides a unique, integrated alternative to the traditional consultancy firm, publishing house, penetration tester or training provider.

IT Governance serves an international customer base and delivers a broad range of integrated, high-quality solutions globally, while meeting the real-world needs of today’s organisations, directors and practitioners. The company’s customer base spans Europe, the Americas, the Middle East, South Africa and Asia. More information is available at www.itgovernance.co.uk.