Managing Change

One of the goals of the ISO 9001:2015 version of the Standard was to enhance the requirements for addressing changes to the Quality Management System and its processes (and therefore the organisation itself). Addressing changes in a structured manner is an increasingly important component of any management system.

All processes in an organisation are linked, and therefore tasks, activities, decisions and other actions have an effect elsewhere in the system. If we don’t consider the impact of change on associated aspects of the company, we will inadvertently create problems for other people, parts of the system and the organisation as a whole.

There are many triggers that can cause a change to a Management System, for example:

  • Customer feedback
  • Customer complaint
  • Product and service failure
  • Employees and other interested parties feedback
  • Innovation
  • Determined risk
  • Determined opportunity
  • Internal or external audit results
  • Management review results
  • Identified nonconformity
  • Identified opportunities for improvement


To achieve the benefits associated with changes, an organisation should consider all types of changes that are likely to occur.  For example, these changes can be generated in:


  • Processes
  • Documented information (process documents, procedures, work instructions, checklists, etc.)
  • Tooling and equipment
  • Supplier management
  • Customer requirements
  • Contracts or SLA’s


The management and control of these changes should be controlled within the management system.


Change is mentioned in several sections of the ISO 9001: 2015 standard:


6.3 Planning of changes

When the organisation determines the need for changes to the quality management system, the changes shall be carried out in a planned manner.


  • Change to a process (inputs, activities, outputs, controls, measurements, resources, information, responsibility, procedures, etc.)
  • Change related to external providers
  • Changes in communication with customers
  • Develop documented information
  • Improve employee competence


8.1 Operational planning and control

The organization shall control planned changes and review the consequences of unintended changes, taking action to prevent or mitigate any adverse effects, as necessary.


  • Additional inspection
  • Outsource a process


8.3.6 Design and development changes

During design and development, changes that are identified shall be reviewed and controlled to ensure there is no adverse impact to the conformity of the product or service.


  • Changes in communication with the supply chain


8.5.6 Control of changes

The organization shall review and control changes for products ion or service provision, to the extent necessary to ensure continuing conformity with requirements.


  • Implement a new process
  • Change existing documented information


Note: Other references to change are found in clauses 4.4, 5.3, 8.2.4, 9.2.2, 9.3.2, 9.3.3, 10.2.1.


So, what should we think about when we are going to make a change?


  • Prior to making a change, consider how to address unintended consequences of the change
  • Monitoring the change to determine its effectiveness and to identify any additional risks and opportunities
  • Preventing risks to achieving objectives by managing the change process


Some changes need to be carefully managed, while others may be more flexible and not need formal additional action. To help with this, consider a methodology to prioritise which changes will be managed.


To determine the priority, consider a methodology that takes into account:


  • Risk assessment (e.g. consequences of the change, likelihood of these consequences)
  • Impact on customers
  • Impact on relevant interested parties
  • Impact on quality objectives
  • Effectiveness of processes


You might want to consider a ‘change matrix’. List the types of change on the oleft hand side of the matrix. Define their consequence and then the considerations and actions as a result. Actions may involve:

  • Communicating with someone or groups of people internally or externally
  • Updating documentation or other types of records
  • Deleting documentation, records, products, etc.
  • Amending
  • New or altered risks/opportunities

For further guidance on managing change in the context of a management system, get in touch here.






Back to Blog