Summary of Differences and Changes - ISO 9001:1994 and ISO 9001:2000

[Marc]

In misc.industry.quality Scott P. Duncan wrote:

As promised, here are my observations on the major changes made in going from the CD2 version of ISO 9001 (2000) to the DIS version.

In general, I'd say there is enough difference that, if specific wording is a concern at this time, you may want to get a copy. If nuances that would be of concern in an actual conformance audit situation are not that important right now ( i.e., you can wait for the FDIS text, at least), then you can probably avoid buying the DIS version. I have not tried to cover, word-by-word, everything that is different as what follows is long enough and, I think, gets across the major ideas.

The DIS version uses less verbose wording and uses an outline (main statement with a), b), etc. bullets) rather than a paragraph structure with sentences in many cases. It strengthens some words, e.g., saying define and identify rather than just determine.

It also removes system level when discussing procedures and replaces General Requirements with Planning as the name of various subsections. Overall, intent seems clearer, redundancy is eliminated, and a greater emphasis is placed on implementation of effective process as opposed to just establishment and definition.

I'll try to take a section-by-section approach to the comparison.

Under Terms and Definitions it now states what a product is (adapted from the vocabulary in ISO 9000 (2000) document). This leads to eliminating use of product and/or service in favor of just product throughout the document.

Quality Management System

The General Requirements section requires an organization to ensure the availability of information necessary to support the operation and monitoring of the processes defined by the quality system.

A note has been added that [w]here the term Œdocumented procedure‚ appears ... [this] requires the procedure to be established, documented, implemented, and maintained.

Management Responsibility

Various sections now emphasize that top management shall ensure that requirements for each section are achieved.

The Management Commitment section adds the need to be sure the organization understands legal and regulatory expectations as well as customer requirements. (The Legal Requirements section is deleted though it was about making sure that the organization has access to such requirements rather than management making sure it communicates the importance of them to the organization. But the same effect is achieved since being able to communicate them would imply having access to them to do so.)

The Customer Requirements section is renamed Customer Focus and it no longer says management must ensure requirements are fully understood and met but does say the requirements must be fulfilled.

The Quality Policy section says it should be appropriate for the needs of the customer as well as the organization. It also says the policy shall be controlled according to section 5.5.6, Control of Documents.

The Planning section‚s Quality Objectives requirement says that objectives shall be measurable. It‚s Quality Planning requirements no longer mention identifying quality characteristics at different stages to achieve the desired results nor does it mention verification activities or criteria at all. Instead it says planning shall include continual improvement of the quality system.

What was the Quality Management System section under Management Responsibility is now called Administration and the General Requirements paragraph is gone, being redundant (in my opinion) with much of what is stated elsewhere up to this point. The Responsibility and Authority paragraph no longer mentions defining organizational freedom regarding tasks that affect quality.

The Management Representative requirements now say promoting awareness of the quality system within the organization rather than ensuring it. However, the Internal Communication requirement now says the organization shall ensure communication between its various levels and functions rather than just establish and maintain procedures for such communication.

The Quality Manual requirements now mention that it include the scope (and justification for any exclusions which is the new term for any reductions in scope), documented procedures or reference to them, and the sequence and interaction of the processes in the system. The phrase description of the elements of the quality management system does not appear. As with the policy, the manual must be controlled according to 5.5.6, Control of Documents. A note indicates the quality manual may be part of the overall documentation of the organization of saying it need not be a stand-alone document.

The Control of Documents requirements no longer mention a master list, just saying instead that revision status must be identified. Neither do they specifically discuss removal of obsolete documents to prevent unintended use. They just say some procedure must exist to see to it that such use does not occur. Also, the note regarding documents being in any form or any type of media is gone, perhaps because it is considered too obvious to state by now.

The Management Review section no longer discusses establishing a procedure for management review, just that top management will periodically review the quality system. It does say that one of the outputs, instead of actions related to process, product and/or service audits will be actions related to improvement of product related to customer requirements.

Resource Management

The General Requirements section is now called Provision of resources and specifies resources needed to improve quality system processes, not just establish and maintain them. They also include resources to address customer satisfaction.

The Human Resources section in its requirements on competency, training, and awareness (qualification having been dropped from the title) states that employees must be aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives. This, presumably, is intended to replace the e)-i) statements in the CD2 version which are gone.

The Information section is gone.

The Infrastructure section is now called Facilities and suitable maintenance has been removed as a requirement, presumably because and maintain the facilities is in the requirement already.

The Work Environment section no longer specifies points a)-d) as details backing up the more general statement preceding them.

Product Realization (since product includes services, this word is not in the title any longer).

The Planning of realization processes section does not specifically reference the Quality Planning requirements though it speaks of planning the processes for realization of product. The a)-f) statements are replaced by four which reference quality, processes and documentation specific to the product, v&v activities and acceptance criteria, and records necessary to provide confidence of [product and process] conformity.

The Review of Product Requirements section (which had used the word customer, not product in the title) now refers to documented requirements rather than using the word written. It also states that relevant documentation is amended if requirements are changed and that relevant personnel are made aware of the changed requirements.

The Customer Communication requirements combine c) and d) into customer feedback, including customer complaints.

Design and Development

The Design and/or development planning section states that [p]lanning output shall be updated, as appropriate, as the design and/or development progresses. The Input requirements now include functional as well as performance requirements, but do not mention environmental ones.

The Output requirements include the need to provide appropriate information for production and service operations and refer to section 7.5, Production and Service Operations. The Verification and Validations requirements no longer mention planning, emphasizing performance of the activities instead.

The Control of Change requirements are renamed to make it clear these items are speaking about change to design and/or development. The detail in a)-d) is missing and replaced by a more generic statement regarding evaluation of the effect of changes on constituent parts and delivered products. It also specifies that, besides approval of changes, that they be verified and validated, as appropriate. A note is added to [s]ee ISO 10007 for guidance.

Purchasing‚s General Requirements section is now called purchasing control but reads about the same. Under Purchasing Information it is now clear that quality system management requirements are the ones of concern rather than any management system requirements as previously stated.

The Production and Service Operations section‚s General Requirements are now called Operations Control and no longer addresses the provision of suitable working environments. Reference to parts or components of a product or elements of a service have been removed and, in some cases, constituent parts of a product is the phrase used instead.

In the Validation of Processes requirements, the phrase readily or economically has been removed. The phrase monitoring, inspection and/or testing is replaced with measurement or monitoring. The phrase effectiveness and acceptability has been changed to ability...to achieve planned results. The whole sentence starting Evidence of validated processes has been removed. And finally, c) use of specific procedures and/or records has been split into two items mentioning defined methodologies and procedures and requirements for records.

Under Control of Measuring and Monitoring Devices, a lot of wording has been changed, mostly to be less verbose, but some which removes requirements. One particular removal has been the statement that special purpose software developed specifically to test a product has to meet the Design and Development section requirements. Another thing removed has to do with the specific requirement on suitability of environmental conditions.

Measurement, Analysis and Improvement

The Planning section does not mention analysis but does address determining the need for, and use of, applicable methodologies including statistical techniques. Issues of type, location, and frequency, periodic evaluation of effectiveness, appropriate statistical tools, and the use of analysis as an input to the management review process are no longer mentioned. The Measurement and Monitoring section no longer has the system performance requirements paragraph.

Its Internal Audit requirements say periodic, not objective, audits and eliminates the statement that an organization may out improvement audits. Obviously an organization may do many things besides what the standard says they shall or must. But added requirements include the need to document responsibilities and requirements for conducting audits, independence, and the recording of results to report to management. In addition [m]anagement shall take timely corrective action on deficiencies found during the audit and make sure verification of the implementation of such actions occurs.

Under Product measurement it states they should occur at appropriate stages during realization of the product and that release of the product shall not proceed until all specified activities have been satisfactorily completed, unless otherwise approved by the customer.

The Control of Non-Conformity section is no longer split into general requirements and those regarding review and disposition, removing redundancy between the subsections. The major content removed is the list of dispositions, i.e., the DIS no longer says what dispositions shall be carried out.

The Analysis of Data for Improvement section is now just called Analysis of Data. The five point list on what information the analysis should provide no longer mentions suitability, effectiveness, and adequacy of the quality management system as this is addressed earlier in the section. It also replaces process operation trends with suppliers.

The Improvement section, as others, renames General Requirements to Planning (in this case, for continual improvement). Interestingly, it removes the word internal from audit results, implying that external audit results should not be ignored as input to improvement activity. The Corrective Action requirements no longer says to establish a process to reduce or eliminate causes of nonconformity but say that corrective action shall be taken to eliminate such causes, emphasizing the doing of the process of addressing nonconformity, not just its definition. The same is true for the Preventive Action requirements.

Scott P. Duncan

[Marc]

Duane Allen wrote:

> Thanks for posting your analysis. I found it most informative. And
> posting it on this forum is a service (at least to me).

I'm hoping other folks who have the information can comment and add in any of the various differences I did not mention if they find them of importance. As I said, there is more than what I posted, but I think it fallsd into one of a couple categories:

a) Wording differences that would be important to make sure of absolute compliance in cases of differing opinions as to an implementation -- though I considered them trivial enough if you are really going with the spirit of the standard not the letter of the law. If the latter is the situation in which you find yourself or want to place yourself, then getting all the wording exactly would matter. However, since this is a DIS, I'd suggest waiting until at least the FDIS since that version will be what is most like the final IS.

b) More terse wording where the meaning is now clearer and concentrated but which does remove wording that offers potentially different interpre- tations as to the extent of the demand of the standard. I found the DIS to get the point across with less wording, but, truthfully, one could make a case for the CD2 version saying something slightly different from the DIS. Again, if the letter of the law is important at this time, get the DIS, but, if not, I think my notes pretty much make it clear what has changed in going from the CD2 to DIS version.

For those not familiar with the ISO naming converntions and what they mean:

a) "CD" is a Committee Draft and from CD version to the next, one might expect a number of changes as the folks working on it deal with comments and try to resolve disagreements; b) "DIS" is a Draft International Standard which is the big step toward the final standard version, though it still allows comments to be made and changes to occur in the content -- an overall Yes vote moves it to FDIS; c) FDIS is a Final Draft International Standard which resolves changes as a result of voting and comments on the DIS -- only a Yes or No vote is permitted here, no comments, with Yes making it an IS (International Standard).

Even after the FDIS is voted into IS status the document is not immediately published since there are formatting changes and translation considerations before it is put out under the ISO label.

It is rare that there is an overall No vote at the FDIS stage or even at the DIS one since it is usually regarded as the duty of the committee/group working on the document to iron out all serious problems through the various CD versions. Rejection of at DIS or FDIS, if I'm not mistaken, pushes the document back several steps since that indicates a poor job seems to have been done in preparing the document for major voting.

In the case of the ISO 9000 set, it would appear unlikely to see this happen, i.e., the DIS will likely be approved, perhaps with comments, and move to FDIS which will likely be approved, making it an IS. The set I have suggests the move to FDIS will occur "during the 3rd quarter of the year 2000" and published as IS "is expected in the 4th quarter," assuming the FDIS is approved. Thus, any registration starting in 2001 could use the new version as official, though companies already regis- tered will be given a grace period by registrars to transition to the new version from the '94 one.

Since I am working with at least one organization hoping to have their first registration audit occur in the first quarter of 2001, the ongoing status of the document set is of importance to me. They've never had any formal quality system covering everything (even in the '94 version) before and will be developing much documentation from scratch, so following the format of the 2000 version rather than 20 element format of the 1994 one is what they wish to have in place by next summer.

Scott

[Marc]

From: "Lucian Nowicki"
Newsgroups: misc.industry.quality

Dear colleagues,

The requirements of the new ISO 9001 year 2000 version are significantly different from those of ISO 9001:1994. Therefore I would like to encourage a discussion, which would practically help us all in as effortless as possible conversion of the existing systems.

As a starting point I wish to state some of my observations and questions.

1) The major effect of the introduced changes is a move from a system-based management approach a process-based approach, which is "systematic identification and management of interaction of processes". "This is seen as a logical progression in line with other contemporary management systems".

Q. Which other contemporary management systems are referred?


2) The structure of the new standard is different. Instead of 20 major elements it has only 4 major elements.

Q. What do we do? Do we restructure the existing systems?

3 There is a noticeable softer approach with regard to the system documentation requirements. Some of the system level procedure which were mandatory in ISO 9001:1994 are not mandatory any more under the requirements of ISO 9001:2000.

This change affects the following elements of ISO 9001:1994:
(4.1.2) Organization
(4.3) Contract review
(4.4) Design control
(4.6) Purchasing
(4.7) Control of customer supplied product
(4.8) Product identification and tractability
(4.9) Process control
(4.10) Inspection and testing
(4.11) Control of measuring and test equipment
(4.15) Handling, storage, packaging and delivery
(4.18) Training
(4.19) Servicing
(4.20) Statistical techniques

Q. What do we do? Do we delete them, or do we maintain them? They are still useful, but unnecessarily complicate and enlarge the system, which in accordance with the intention of the new standard should be simplified.

Lucian

[Andy Bassett]

I was at a presentation for the new ISO 9000.2000 today, and below is what the presenters said is the main difference with the new standard.

1. A new 'process oriented' structure is required.
2. Defining and satisfying customers requirements is now more clearly required.
3. A more clear definition of managements responsibility is described.
4. The role of the relevant departments in reaching the quality targets has to be more clearly defined.
5. New requirements exist for resource management.
6. Training appropiateness and success has to be evaluted.
7. Customer Satisfaction has to be measured and evaluated.
8. Processes have to be measured and evaluted.
9. Evidence has to exist that the data form all these measurements has to be analysed and used.
10. A commitment to continuous Improvement has to exist.

Here is my take.

If you have built a system that contains your company business processes, and if you are making an effort to continuosly review and refine the system, you are not going to have many problems.

If you or your company has been doing ISO on the fly.....you are going to get problems

------------------
Andy B

Read the requirements for the Quality Manual. does not require coverage of "the requirements of this .... Standard. Listing the requirements is 90% of most QM's.

BIG difference

[Andy Bassett]

Marc - The company was TUV Rhineland in Germany.

ISO Dog, sorry i did not understand your point. Do you want to have another go.

Regards

------------------
Andy B

The ISO 9000:2000 does NOT require a "Quality manual covering the requirements of this Standard" (1994 language). It only requires a scope, procedures or reference thereto, and a
description of the sequence and interaction of the processes (a flow chart?).

If I interpret this correctly, and there is every opportunity I haven't, the Quality
Manual is one page and a flow chart.

Opinions???
Dave

it is not importsant to know that dptdog and isodog are friends