What a wild ride it’s been updating the IQPS Internal Auditor Training Course to ISO 9001:2015! I wanted to take some time to contemplate the various opinions out there as we all learn about ISO 9001:2015 together. I have been listening to clients and experts, reading a few books and attending training classes to absorb all the information I possibly could—considering my heavy business travel schedule. All of these classes that tell you about interested parties and risk assessments are great until you have to sit down and define a management system on paper.

  • Where do you start?
  • Do you even need a quality manual?
  • What do you do with the procedures?

Well, I’ve just finished my first ISO 9001:2015 manual and have decided on my approach. First, if your current quality policy manual repeats the standard, throw it away! I can’t tell you how many quality manuals I have read that are just a repeat of the standard. Everybody already knows the standard. My quality manuals have always combined some policy but primarily documented procedures.

Since I already audit ISO 27001 for information security, ISO 14001 for environmental systems and ISO 45001 for health and safety systems, all of these systems have one theme in common: identifying and putting controls in place to mitigate risk. These risks include losing information, spilling a drum of oil or avoiding an injury. Now ISO 9001:2015 expects us to mitigate business risks such as losing a sole supplier.

When I looked at all three risk standards, I decided that ISO 27001 was the best fit. After all, ISO 27001:2013 was the first standard to be converted to the Annex SL format. When I first read context of the organization in ISO 9001:2015 and attended my second training class the light came on. They were really talking about the scope document in ISO 27001, which is where the quality manual went!

When I read about contractors in ISO 9001:2015, I see relationships on how ISO 14001 requires you to treat contractors, i.e., those working on your behalf. I also see similarities in statements about communications in ISO 14001 for internal and external communication processes. So for those of you who have organizations certified to ISO 14001 standard, I would incorporate some of this language into your scope document.

Join The Internal Auditor Training Course

For those of you just looking for an ISO 9001:2015 update, I have separated this discussion out from my Internal Auditor Training Course into its own course, called ISO 9001: 2015. I think having audited ISO 27001, 14001 and ISO 45001 has given me some brilliant insights and I look forward to sharing them with you!

ISO Internal Auditor Training Course Signup