WHAT DO ISO 9001:2015 & OSH ACT COMPLIANCE MEAN? – a Layman’s take on the subject


Prior to the ‘new ISO 9001’ standard issued in 2000, updated in 2008 and again in 2015, the whole ISO 9001/2/3/4 exercise was a monolithic beast, difficult and expensive to implement and a nightmare to maintain – unless you were the consultant retained to do so!


Then in the mid 1990s the major international Corporate companies approached the ISO Headquarters and basically said that while they believed in the concept, the practice was too unwieldy and expensive to work and needed revision. 


The ISO 9001:2000 specification, updated in 2008 and again in 2015, is the result:  a lean and mean, simple, easy to implement and inexpensive to maintain, certification system which can be cost effectively applied whether the company employs 10 or 10 000 people.


So what is it about?

The ‘new’ ISO 9001:2015 is simply about good management practice and risk management, from which flows the assurance that the product and/or service delivered by an organisation will be up to scratch and meet customer expectations.


To clarify the terminology about to be used, a ‘process’ consists of a series of ‘procedures’ (which are in fact ‘mini-processes’) that need to be performed in order to achieve the required outcome.  Put another way, a ‘process’ is the big picture and  ‘procedures’ are the detail of it.


ISO 9001:2015 is based on the concept that businesses are not ‘procedurally’ but ‘process’ based.  In other words, delivering a widget is a process which flows from quote submission and acceptance through to internal order issue, product and/or service delivery, invoicing, the check that the customer is happy with the widget delivered and finally, receiving payment.


Every company has a unique way of achieving this, and an ISO 9001:2015 system implementation is not about telling a company how to run its business.  It simply consists of:

balbul1  Analysing the processes involved;

balbul1  Writing them down;

balbul1  Fine tuning them where necessary (the changes required are generally obvious as soon as the process has been written down);

balbul1  Writing them up in a format suitable for the type of business;

balbul1  Assembling them all together in a logical way in what is known as the “ISO 9001:2008 Quality Procedures Manual”.  Properly executed this need not be more than 20 to 30 pages long for most businesses.

balbul1  Writing an even shorter, summary manual called the “ISO 9001:2008 Quality Policy Manual” which contains what the name suggests: an executive summary of the quality policy and objectives of the company.  Properly designed this can be a powerful marketing tool.


THE ISO9001:2015 AUDIT

When doing an ISO 9001:2015 certification audit (or re-audit), the Certifying Body simply checks that the business does things the way it says it does; nothing more and nothing less.


That said, there are six basic procedures that are required, but these are so basic that every company will normally need them in order to operate properly:


1.     The control of documents – the configuration (revision) control of standard documents like product specs and service delivery templates, standard documents like check-lists etc.

2.     The control of records – essentially the company’s filing system(s).  You need to define where documents are kept, for how long and who is responsible for each.  This includes documents like purchase orders, records of internal audits etc (items 1 and 2 can often be combined).

3.     The internal audit procedure – when and how do you check your systems yourself?

4.     Control of non-conforming product – how do you ensure that a faulty widget isn’t delivered in error, and what do you do when you find a faulty one?

5.     The measurement, analysis and improvement process (reducing risk) – how do you rectify faults and implement potential improvements to ensure that the same problems don’t occur again?

6.     Actions to assess risks & opportunities (previously Preventive action) – this is very similar to item 5, only looking to the future; ie. taking a present pro-active action to prevent future problems (items 5 and 6 are often combined).


Any and all other procedures developed and implemented are entirely at the discretion of the company concerned, and would be introduced to meet their own specific and unique business needs.  They will be audited by the Certification Authority but are not a mandatory requirement of the ISO 9001:2015 standard.




Safety is an integral and inseparable part of quality.  Ideally, therefore, your Total Quality Management System should have Safe Operating Practices at its core.

If a job is worth doing it is…

balbul1  Worth doing properly, first time; and

balbul1  Worth  doing safely.

When developing your ISO9001:2015 Quality Management System, the incorporation of Safe Operating Practices will be a core focus.




Copyright © http://www.hoare.co.za/ 2016