By: Ganesh Rao, President and CEO
Certified organizations around the world are in the process of upgrading their management systems to comply with the 2015 revisions to ISO 9001 and ISO 14001 standards. Although the transition deadline of September 2018 looks far away, most organizations seek to complete the transition with their next re-certification audit or surveillance audit in 2017. The magnitude of effort to complete the transition is purely dependent on the size, maturity, and complexity of the organizations’ business processes. As always, leaders and forward-looking companies have already planned to complete the transition in 2016 to take advantage of the flexibility and business-focused requirements as a result of the 2015 revisions.
Here are the top 10 challenges organizations are facing with implementing the ISO 9001:2015 and ISO 14001:2015 standards:
- Context of the organization – requires an understanding of the external and internal factors that could impact the organization’s ability to meet its objectives.
- Identification of Stakeholders and Interested Parties – Although self-evident, the revised standards enlarge the group of stakeholders and interested parties beyond customers and owners / shareholders of the organization.
- Risk-based Thinking – An added dimension to decision making at all levels within the organization and encourages the consideration of risks and opportunities with achieving the desired objectives. Process level analysis has been present in sector specific standards; however, for many organizations the requirement to demonstrate risk–based decision making is challenging.
- Process Approach – A challenge even before the 2015 revisions. Organizations continue to address their management systems on the obsolete clause basis and are in the journey of thinking along business processes. Identifying business processes at a relevant level and assigning process indicators for effectiveness, has proven to be of great value to those organizations that have successfully made the transition.
- Out-sourced Processes – The applicability of these requirements has not changed and yet the type of control to be exercised over outsourced processes includes consideration of the environmental aspects and impacts over the life cycle of the product or service.
- Leadership and Commitment – The requirement to demonstrate commitment to the organization’s quality or environmental management systems and ensure the integration of those requirements into the organization’s business processes has drawn in executive responsibilities in the certification processes. By engaging top executive management in such decisions, organizations are now able to demonstrate the value of an effective management system in assuring business success. Complex structures and large organizations have the difficulty of assuring and demonstrating such leadership engagement and commitment for processes previously delegated to the “quality” or “environmental” department.
- Multi-Site Coordination – Larger organizations have an increased level of complexity with multiple locations and assuring consistent roll-out of business processes across the locations. Especially when the focus is in awareness, training, and competency development in the requirements such as risk-based thinking across all levels of the organization. Technology can be a great friend for such organizations in deploying the knowledge across multiple locations.
- Timing – In many large organizations, the timing decision on planning and implementing upgrades to the 2015 revision is made at a corporate or divisional level. While global or corporate processes are more conducive for changes with a short lead-time, it is often a challenge at site / plant level to deploy the information and changes with short notice. Deployment of internal assurances like internal audits, corrective actions, and management reviews requires advance planning prior to undertaking the upgrade assessments. A project plan that includes timing of awareness, education, training, and gap assessments could make the journey more predictable and less prone to risks.
- Terminology – The revised standards indeed include new terminology for business concepts currently in place. Most organizations practice some version of risk-based thinking in their decision making; however, building awareness and implementing risk-based thinking into all levels of the organization and into all the business processes is challenging. Similarly, integrating terminology such as context of the organization, stakeholder’s needs and expectations, and life cycle approach into current business practices is an evolution into the new requirements.
- Outcomes and Performance – One of the significant changes is the focus on “output matters” and “performance”. With the essential requirements for leadership commitment, risk-based thinking, and stakeholder expectations, organizations can focus on the achievement of intended results, i.e., output and performance. Organizations that have relied on volumes of procedures and documents that cover up inefficiencies may find it challenging to demonstrate the effectiveness of their business processes. The 2015 revised standards enable a strong focus on business outcomes and environmental performance such that value and return on investment in a certified management system is clearly evident.
A wealth of information is available for organizations to learn and implement the revised requirements. A staged approach that includes an in-depth understanding of the 2015 requirements and taking advantage of performing periodic gap assessments may provide increased opportunities and reduced risks for organizations.