Well-intentioned - but not concrete enough

ISO 9001:2015 is a well thought-out revision, as it no longer - one might almost say at last - focuses exclusively on the customer, even though the customer is of course still one of the most important stakeholders of organizations and his satisfaction is therefore indispensable.

The construct was expanded to include the context of the organization as a whole, i.e. a consideration of internal and external issues as well as all relevant interested parties, to which no relevant role had previously been attributed in ISO 9001 - in contrast to the TQM concept of ISO 9004, by the way. And it is precisely this effort to take a 360° view of the organization that reflects operational reality better than before. This is because it ultimately leads to a meaningful opportunity/risk analysis and thus represents an essential step when it comes to developing the approach of risk-based thinking in the context of the respective organization.

The big "but"

However, this positive intention of the standard setters and the associated opportunity for future-oriented management of organizations has so far been completely watered down in implementation. This is primarily due to the fact that the new requirements associated with this way of thinking have not been formulated concretely enough in the standard and little binding force is apparent. Instead of clear requirements, which would have to be fulfilled for the solution, the introduction and training as well as a basis for auditing, everything remains vague: It is true that the context of the organization, the interested parties, their requirements and expectations have to be determined and based on this a determination of opportunities and risks has to be made. However, the manner in which this is to be done and, above all, the depth to which it is to be carried out is not even rudimentarily formulated and is thus completely up to the organisation to be certified.

From a quick solution - writing down the context of an internationally operating organisation in two sentences, naming the interested parties in three key points and carrying out a five-minute risk analysis - to a real, beneficial implementation - intensive preparatory workshops and adaptation of the quality management systems to the requirements and expectations of all stakeholders - the audit criteria basically allow for everything.

An audit as a walk

Which is therefore not surprising: Due to the selected formulations in the standard, it is simply not possible for the certification bodies to translate numerous requirements into clear audit criteria and to provide their auditors with these audit criteria as a tool. To put it in extreme terms: As long as the customer has something to say about the requirements, it is always correct. It is difficult to impossible to formulate deviations - and, conversely, it is therefore even easier than before for organizations to pass certification. In practice, this looks like this: 100% of the "representatives" (of course, all managers decide that they will continue to exist!), who we prepared for the recertification last year, spoke of the audit as a walk in the park and expressed their feeling that it had been more difficult in the past.

Now it may not necessarily be the claim of an organization that the certification procedure must be particularly difficult to complete - but a certain disillusionment about a "missed opportunity" for a major revision of the standard is expressed everywhere. Above all, most auditors themselves would have wished - similar to IATF 16949 - to be provided with clear interpretations and certification rules in addition to the standard, in order to be able to classify poor implementation as a deviation. Remember: "Audit" translated from English ultimately means "examination".

The result: more customer audits

Nevertheless, neither the recertified organisations nor their clients will emerge as winners from the whole affair: even if the supplier presents the ISO 9001 certification, the product liability-oriented industrial client must, in case of doubt, check himself whether the ISO has been implemented in his sense. In our consulting practice, we are already noticing exactly this: Since there is a possibility that the QM standard is implemented inadequately and not in the sense of the standard setter, customers are increasingly going over to auditing suppliers themselves to an even greater extent. The latter therefore increasingly have customer audits in their annual audit plan - despite having successfully passed ISO 9001 certification and without more quality defects occurring in any form than before. Prophylactically, so to speak.

Different handling

The reputation of the standard, which was once the basis of every quality management standard worldwide, has thus suffered. In particular, industries with a strong regulatory focus, such as medical technology, automotive, aerospace and pharmaceutical products, are finding it more difficult to make tough and risk-minimizing demands on themselves and their suppliers on the basis of ISO 9001:2015. Individual industry-specific manifestations are therefore already in the process of breaking away from ISO 9001: for example, ISO 13485:2016 for medical devices does not take ISO 9001:2015 as a basis (a break). Whereas IATF 16949:2016 for series and spare parts production in the automotive industry requires the full implementation of ISO 9001:2015 and formulates its specific additional requirements based on this. Although there are no major differences in terms of the criticality of medical devices and automobiles, a different basis is required for the quality management systems! This alone shows the disjointedness that the revision has left behind.

Seize opportunities and focus on sustainability

Despite all the criticism, ISO 9001 is nevertheless a step in the right direction in terms of Total Quality Management with the current revision. It has succeeded in bringing it up to a more modern standard and better reflecting operational reality through the 360° view of the organization.

The good idea behind the standard was implemented to great effect in Rhein S.Q.M.'s certification projects last year. This has always been the case when the organization has recognized the meaning behind it and the management systems have been adapted in a beneficial way.

For those who approach the topic with motivation and recognize the opportunities that lie in the standard, lay the foundations for effective and efficient control with performance indicators and goals for the systematic improvement of the entire organization in the sense of the relevant stakeholders with the certification. This is what is known as "sustainability".

Conclusion: The standard is and remains what the individual organization makes of it!