Last reviewed 4 December 2014

ISO 9001 has been with us since 1994. It has gone through a major update in 2000 and a revision in 2008. In 2015, another major update takes place, so how will this impact on the FM sector? Alan Field explains what you need to know.

Overview: what is important?

In facilities management (FM), achieving ISO 9001 is not just for continual improvement. It is often a tendering or a contractual requirement. So, it is important to begin planning soon for the new version of ISO 9001.

Currently, the International Organization for Standardization (ISO) is not expecting to publish the final version of ISO 9001:2015 until next September. However, there are Committee Drafts already available to read. Then, by July 2015, the Final Draft International Standard (FDIS) should be available for ISO 9001:2015.

This means the exact details of ISO 9001 are not yet fully known but the key changes are. We can be certain about this because of a document called Annexe SL. This was previously known as ISO Guide 63. Annexe SL is now used by ISO as the basis for ensuring all their Management System Standards (MSS), such as ISO 9001, are consistent and compatible with one another.

For example, if your organisation has an ISO 14001 Environmental Management System (currently being revised and itself to be reissued in 2015) then this will be fully compatible with ISO 9001 Quality Management Systems in terms of key requirements and clauses. They have all been based on Annexe SL.

Of course, different specific requirements of the different MSS will still apply, but reading Annexe SL will give a useful overview of what is to come. For example, Appendix SL talks about new requirements regarding leadership, and these will be common across all applicable MSS.

Even if you decide to wait to until ISO 9001:2015 is finally published and not read any drafts, then reading Annexe SL itself will help you plan for the new requirements, be they challenges or opportunities or, more likely, a bit of both.

A clause by clause review of ISO 9001:2015 will not be attempted in this article — changes may be made before final publication. Instead, we will look at some key changes or shifts in emphasis that need to be understood at an early stage.

Risky business

When ISO 9001 was revised in 2000, there was a seismic shift. We went from a procedures-based management system to one that required a process-based approach to quality using Plan-Do-Check-Act (PDCA). This is sometimes known instead as the "Deming Cycle" or "Deming Circle", and is named after W. Edwards Deming (1900-1993), the quality guru who developed this process approach to management. The 2008 reissue of ISO 9001 kept the PDCA approach but simply made a number of specific and relatively minor changes to requirements.

The good news is that ISO 9001:2015 will still follow a PDCA approach to process management and, indeed, some might argue that the changes (from the 2008 version to the 2015 one) are not that great for some organisations.

If that is true, then it will only be so for those organisations that, first, have a risk-based approach to management and, second, have regular leadership overviews of all aspects of it. The two fundamental changes we know about so far are these two — they concern leadership and a risk-based approach to management.

Before we consider leadership, how will ISO 9001:2015 require a risk-based approach to management? In one way, the requirements are quite specific and don't actually say there needs to a holistic approach that requires risk to be considered at every stage of the management system or process. Yet the main requirement will be at the planning stage where leadership needs to decide on, first, actions to address risks and opportunities and, second, the objectives and planning to achieve them.

If your ISO 9001 management system doesn't explicitly consider risk and opportunities, then this may be a fundamental shift for you to consider; this change will be more than just a high level policy. Risk and opportunities will directly impact on measurable quality objectives (which, at the moment, do not necessarily need to be risked based). These quality objectives are an important element of the PDCA approach, and the management system implementation is supposed to be following these objectives. External assessors and internal auditors will, in due course, be looking at how risk based objectives are being measured and monitored.

The opportunity element of the risks and opportunities requirements appears to relate to planning for unexpected increases in business or other demands on the management system. Risk is not necessarily about negative outcomes. Yet positive outcomes need to be managed to ensure that any greater demand regarding customers (new or existing) can actually be met.

In FM, where many quality management systems are contract or project based, a facilities manager will need to be cognisant of what the specific targets or requirements are. It may take a while for client requirement to catch up with the risk-based thinking of ISO 9001:2015. This needs to be considered, and perhaps discussed, with customers at an early stage, because, as so often in FM, being proactive rather than just reactive can be seen by clients as adding value.

The other good news is that the definition of risk in terms of ISO 9001:2015 is very broad. Currently, it appears to be simply defined as the risk of uncertainty, and so matters such as not meeting statutory compliances or the risk of not meeting performance targets could be possible risk-based objectives.

Where risk registers are kept or where there are other more formal risk management processes these could also form the basis for distilling or inspiring risk-based planning and objectives for ISO 9001:2015. Considering how risk-based thinking could be incorporated into the management system could the first thing to review.

Leader of the pack?

One other significant change in ISO 9001:2015 is the shift from top management to leadership and commitment. It is difficult to be certain how this change will be interpreted in practice by external assessors and internal auditors, but we can look at the current proposal and start thinking about the implications arising from it.

Leadership isn't necessarily one individual — it may be all or some of the senior management team, depending on the size and complexity of the organisation.

What is certain is that the organisations where top managers, once a year, review policy, objectives and sign off on a Management Review Meeting — as they can currently with ISO 9001 — won't be meeting the requirements of ISO 9001:2015. In future, leadership will need to agree and ensure that management systems are integrated into the organisation’s business processes that are within the scope of the ISO 9001 certificate.

Leadership will also have to show their commitment by ensuring that the management system achieves its intended outcomes and has adequate resources although, arguably, this already is an ISO 9001 requirement. However, it is now more explicitly expressed.

Leadership will also need to demonstrate their understanding of the wider business environment, including appropriate social, cultural and regulatory aspects, and how these could or do impact on the organisation’s ability to meet customer requirements. This will also be extended to the involvement of wider stakeholders so, with FM, this may mean that leadership will need to be more involved with overseeing procurement and the re-evaluation of contractors who impact on customer delivery.

In short, the involvement of leadership in the management system will become more hands on and the impact of these changes on the performance measurement requirements of ISO 9001:2015 needs to be considered.


Whether ISO 9001:2015 will mean a significant change or not to your organisation or entail changes to specific FM contracts needs to be considered at an early stage. Even if the changes are found to be significant, it may provide an opportunity to provide added value to customers and the wider FM sector.