Change is in the air – ISO 9001 and Requirements for Managing Change!
The current version of ISO 9001 has some important requirements for managing change. This is no surprise, and we are wise to remember that change introduces risk into our organizations. So when you’re planning a change (and we hope you are planning it!) remember to assess the level of risk associated with ‘something new’.
1. System Changes
Clause 6.3 in the Planning section wants us to make sure we plan the change. This helps reduce, or at least mitigate the risks associated with the changes. This clause highlights the importance of determining the reason for the change and any impacts. Remembering that we are operating a system, any change will have a ripple effect in our organizations.
Along with (perhaps) a process change, allocation of resources will be a sensible aspect to consider, and of course the resulting change in responsibilities, if that’s the case.
2. Documentation Changes
When we look at 22.214.171.124 c), there’s nothing really new here, and it’s a natural flow from the process change to the related documentation change. One new wrinkle is the requirement to keep records (retained documented information) free from unintended tampering.
From a risk perspective communicating documentation changes will be the wild card that needs to be tamed.
3. Changes to Requirements
Changes to customer requirements – 8.2.1 b), 126.96.36.199 b) and 8.2.4
Probably one of the most critical changes to manage. If this ball is dropped, the rest follows! I imagine that we could use Pareto’s Law to show that 80% of our problems come from the 20% of our customer requirements that get changed.
These are all high risk areas and need to be managed with care.
Design and Development changes – 8.3.6
Nothing new here, but once again, these changes will raise the risk temperature significantly. I think it’s safe to say that we need to always be vigilant when managing change and include a risk review with each one.
4. Process Changes – 8.5.6
Here’s where process maps can be really helpful. By following the flow of the work through our organizations, we can more easily anticipate where this change might cause problems or disturbances. This is so important, that OHSAS 18001 requires ‘consultation’ with people who’s safety might be impacted by a change to a process.
It’s important to make sure that an ‘improvement’ in one process doesn’t create sub optimization in another area. This can only be avoided by using careful planning, doing, checking and acting.
Make it pay
We all know the requirements for making changes to improve our systems. The key is to make the change pay dividends. By planning the change, assessing the related risks and reviewing the results, we have a better chance of making real improvements that give us a decent return on our investment.
This article first appeared on October 31, 2015.