ISO9001:2008

Release date is now targeted for 31st October 2008 (as of Nov 1st, 2007) and is approaching the end of the "enquiry stage". This means that it has only one set of actions (the "approval stage") before it is published.  

What's likely to change?

The changes are defined by ISO as being for clarification and harmonization with ISo14001. There are also some changes made for internal consistency (so that things are described in the same way throughout the standard and that each clause has a similar structure).

The effect is that the changes are generally quite minor. In some cases, your quality system may require less content than in the current version. But in some cases you may require more content. 

Please note that this review is based on the 8th Feb 2007 draft. The standard is likely to change without notice and you should not make any changes to your system based on this review or upon the draft standard.

• in clause 4.1 (a), instead of requiring you to  "identify" the processes needed in your system, it now requires that you "determine" them. This means that provided you know what they are, you don't need to specify them.
• at the end of clause 4.1, you are now longer required to define any outsourced processes. But you must define the controls used to control them.
• oddly enough, a new Note (2) in clause 4.1 now says that clause 7.4 may apply to outsourced processes. I always thought it did...
• the control of documents (clause 4.2.3) has been amended slightly. The scope of "documents of external origin" has been clarified to state that it only applies to those external documents which are needed for the planning &operation of the system.
• clause 4.2.4 (control of records has been extensively rewritten but seems to mean exactly what it did before.
• clause 5 has only had two very minor clarifications.  Neither of these should have any effect on your system. 
  • clause 5.1 (a) now says "statutory and regulatory" instead of "regulatory"
  • clause 5.5.2 now states that the Management Representative must be a member of "the organization's management", instead of just "of the management"
• In clause 6.2.2, training is now only required "where applicable" to achieve the necessary competence. The other changes to this clause are just clarifications or changes for consistency with other clauses.
• clause 6.3 (c) now includes "information systems" under the "Infrastructure of the organization.
• since almost no-one could figure out the difference between clause 6.3 (Infrastructure) and clause 6.4 (Work Environment). Those nice chaps at ISO have included a note which explains it for us. But, I still don't see how they don't overlap so much as to be the same clause, in effect....
• in clause 7.2.1 those thoughtful ISO folks have added another new note. This one explains what they meant by the term "Post delivery activities". There are a few very minor clarifications in this clause
• in clause 7.3.1, they have added yet another note, which explains that review, verification and validation are different processes. There is another note in clause 7.3.3 which explains that "production and Service Provision" includes preservation of product.
• clause 7.5.2 has always been one which confuses people. In essence, if you can verify your products are correct before they leave the building (along with Elvis), you probably don't need to validate your processes. Note 1 implies that the clause probably applies to service industries. Note 2 gives examples of some service industries and manufacturing industries to which this clause probably applies.
• The requirements of clause 7.5.3 for Identification & traceability have been increased. Product status must identified throughout the production process.
• Clause 7.5.4 and clause 7.5.5  have been "harmonized" but their requirements have not altered at all.
• Clause 7.6 has been "harmonized" but its requirements have not altered at all. The reference to ISO10012 has been updated. Note 1 and Note 2 have been added to provide further clarifications. It would seem that Note 1 implies that if you perform a visual check to see if your products are acceptable, you will need to have your eyeballs calibrated...
• in clause 8.2.1 it is now accepted that Customer perception of meeting requirements is just an "indicator", not a measurement of the performance of the system.
• Clause 8.2.2 (auditing) has been "harmonized" but its requirements have not altered at all. The reference to ISO19011 has been updated to ISO19011.
• Clause 8.2.3  and clause 8.2.4 have been harmonized, but again, there is no impact on their requirements. More notes have been added to these clauses.
• Clause 8.3 has been "harmonized". Two words have been added which could have a large impact on your system. The sub-clauses (a) - (d) only apply "where practicable". Also, the last sentence of the 2000 version of the standard has now been moved up to become sub-clause (d).
• In both clause 8.5.2 (corrective action) and clause 8.5.4 you are now required to review the effectiveness of the actions taken. (most assessors and auditors currently assume that it says this already, although it doesn't!).

Please be aware that these comments are based on a draft version. It can and will change, so don't try changing your system based on this review. Wait for the new version to be released (now targeted for Oct 31st, 2008, but could be delayed) , the buy one of our CDs, which will contain a full list of the changes and how to modify your system, with examples and step by step guidance.