WEBINAR | Upcoming ISO 9001 & ISO 14001 Revisions: What You Really Need to Know

Show Notes

We break down what the upcoming ISO 9001 and ISO 14001 revisions signal, why the change is more evolution than revolution, and where auditors will push harder on existing requirements. 

We map the practical impact on leadership, process owners, internal audits, KPIs, sustainability, resilience, and business continuity so you can start preparing now:

• The real emphasis behind the revisions focuses on the weak implementation of existing requirements
• Stronger expectations for risk-based thinking, methods, and process owner involvement
• Sustainability, resilience, and business continuity planning, with ISO 14001 and ESG value chain impact
• Quality culture as business DNA rather than a quality department activity
• Leadership accountability, management review outputs, and links to business strategy and decisions
• KPIs that measure meaningful process performance, including efficiency, not just effectiveness
• Practical readiness steps, self-assessment, gap analysis, and uplifting internal auditors
• Digital tools for audit management, mobile auditing, data accuracy, and trend analysis

Please share far and wide, and do reach out to us if you require assistance. 

Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions

Sign up for our self-paced courses or instructor-led workshops at www.ht-a.solutions

Chapters

• 0:00: Welcome And Webinar Setup
• 3:09: Evolution Not Revolution Explained
• 13:34: Which Standards Change And When
• 15:29: Risk Thinking KPIs And Context
• 25:09: Leadership Process Owners And Culture
• 34:09: Readiness Checks And Gap Assessments
• 43:34: Digital Tools AI And Audit Efficiency
• 48:14: Q&A Documentation Time And Closing

Transcript

Welcome And Webinar Setup

Tarryn Jordaan 0:04

Hi everyone. Welcome to our webinar today, all about ISO revisions. Hence it's a popular one, it looks like.

Hans Trunkenpolz 0:14

Yeah, it appears to be, yes.

Tarryn Jordaan 0:17

I checked out the registrants. Obviously, it's not always exact because extra people join last minute, but we've got people from 23 countries and all okay, five continents, not all continents. Well, forgive the Australians. It's the middle of the night. I think we'd better check out check out why the Antarctica isn't on, because I'm sure those researchers must be using ISO standards in their labs. Okay, that's it. We've got everyone. So everyone, welcome. If you don't know me and you haven't met me before, I'm Taryn and been with HTA and a former incarnation of HTA and working with Hans for five and a half years now in various roles. I'm in a in a consulting position. So a little bit more quiet than what you might be used to hearing from me, but still very much here with HTA. Hans is like an uncle to me that won't leave me alone. So I can never split myself from him completely. I'm sure everybody on this call does, in fact, already know Hans. If there was a celebrity auditor, it would be him. Hans has over 3,000 audit days under his belt. And in particular, he is an ITF third-party auditor as well. Hans is, of course, his name's on the company, Hans Trunken Polesen Associates. Uh, how are you doing, Hans? And where are you today?

Hans Trunkenpolz 1:56

Very well. Thanks, Taryn, for the intro. I'm actually dialing in from Romania right now. It's a not very friendly weather condition, to be honest. But it's good, it's good to be here. Thanks for for having me. And yeah, hello to everybody that is dialing in from wherever in this world.

Evolution Not Revolution Explained

Tarryn Jordaan 2:19

Well, you'll be happy to know it's a bit of a gray cloudy day in News London and CINSA, so you're not missing out on too much here. Good. So as HTA, we provide consulting, auditing, and training services globally, which I think is represented by our attendees today. But also we our primary offices are located in South Africa and Romania. So today, jumping into before I jump into it, I just wanted to confirm as always, this recording as well as the slide deck will be made available to you within the next few days, certainly within this week. Please feel free to share far and wide. And of course, always you can get in touch with us at any time, at any time afterwards, if we can assist or answer any questions for you. Today we're looking at those upcoming ISO revisions and what the practical impact is. So our goal is to give you uh a few preparation steps for the next period. So, Hans jumping straight into it. When people hear ISO revisions, they panic. But you quoted in a quote the other day, you said this is more of an evolution, not a revolution. Which standards are being affected and why are they changing?

Which Standards Change And When

Risk Thinking KPIs And Context

Hans Trunkenpolz 3:46

Yeah, I Barron, I I certainly do stick to my quote earlier. It's that it's more an evolution than than a revolution, as you as you just uh mentioned. But we have to bring this into perspective. I I firmly believe that that ISO made a very smart move with this with this revision, not because of the brand new topics that's that are going to build in, but to much more emphasize on shortcomings from existing requirements, if that makes any sense. I'll give you a practical example. Uh to this day, for argument's sake, the internal audit program ISO found is not conducted in a very effective manner. Furthermore, the risk, the risk-based thinking approach uh is not conducted in a very effective manner, and so isn't the area about management reviews that should be owned by the top dogs of the organization. It's still too much quality department driven. And and uh so so the the the correct the correct statement would be the new revisions are are emphasizing a lot more existing requirements rather than bringing brand new requirements into to the game, if that makes any sense. But we will evolve, as you can see on this slide, there will be a much greater focus on the area of risks and opportunities. How do we identify risk fields? The current 2015 revision doesn't say much about how that should be done. In general, as as we have it with system standards, they they they they tell you what you have to do, but they don't necessarily tell you how you should do it effectively. And in the area of risk and opportunities, and we can see this clearly out in the industry, it's the same way of doing anywhere you go. So so so somebody made the starting point and everybody took it over. But there is a there there is much more to an effective enterprise risk management approach. Guys, out there, if if you want to write down two very, very clever standards that you could cross-read if you wanted to. One is the ISO 31000, so 3100, then that's an international standard on its own, how to effectively implement an enterprise risk management approach. And the second one I would like to bring forward is the ISO 31010. So 31010. That is also an international standard that provides 24 different risk assessment methods, if if I want to call it that. Um one is very well known, FMEA would be one of those 24, or SWOT analysis would be another one. So there's 24 different methodologies in which way you can identify risk fields and then work on them all the way through effectively to mitigate, if if I'm not called it that. The current ISO standard doesn't say much at all, other than do a risk and opportunities assessment. And from that perspective, there will be a much greater emphasis on it. There will be also much more clarity on what is exactly expected, and the same thing for sustainability and resilience. So the new standard is stressing the topic of business continuity. So BCP business continuity planning, continuity planning, uh the resilience, just to combat the days and age that we find ourselves in with all these horrible events that that the global markets are confronted with. So resilience will be will be emphasized a lot stronger, and also the change process. So nothing really new. We already had risk and opportunities. We already had requirements for changing. Uh, there's a much bigger emphasis on that. What will be stressed a lot more is the area of sustainability and resilience. But we're talking about 9001 and 14,000. Sustainability will be a lot more stressed in the 14,000 standard than in the 9001. So 9001 will not ask for footprint projects for argument's sake. 14,000 will be much more demanding in this, also linked to legal requirements specifically in Europe, with that ESG requirements for reporting and the likes of. And it also will bring forward, let's say, the the environmental impact over and above the own organization, but into the the life cycle. So all the way EOP end of production and also all the way to the recycling. And that's also linked to to ESG requirements, which is in Europe the legal requirement, which is cascading down now from the big corporations now to the small and mediums, latest by 2027. So much more clarity rather than new stuff coming in. The second one in the center here, stronger focus on quality culture. What does that mean? ISO is under the impression that the quality management system is has been delegated too much into a quality department. And this is not the idea of a quality management system. The basic understanding of quality management was actually in its beginning, but it it it got heavily misinterpreted. And now we're ending up that quality management systems are mostly driven out of a quality department. It was actually meant to be interpreted as the quality of management. So the quality of management in production, the quality of management in logistics, the quality of management in purchasing, and then we go on through all the departments. But it ended up through that misinterpretation that quality is running the show. And ISO now is, and this will be a huge impact for all the top dogs, all for the company leaders, and also for the quality guys, because they have to let go now. And this is what they say about quality culture. It must be incorporated into the business DNA, if you want to call it that, and not driven out of the quality departments. Much more clarity. Also, the internal auditors and auditors will have to prepare themselves to be a lot more stringent and be a lot more demanding where is quality taking too much lead, where are process owners not, where are process owners not empowered to be part of the framework of ISO 9001 or even ITF if for the automotive delegates that are that are dialing in. And uh last but not least, ethical behavior. ISO is also under the impression that this must come forward. Ethical behavior is also part of ESG, a legal requirement, and there will be a stronger emphasis on on that as well. And last but not least, on the right hand side, Darren, you need to understand we we're finding ourselves in the 21st century, and there's lots of technology now available. There is there is much happening now to in using digital tools and systems or or or data processing and and the likes of and we still we still seem to be very much in love with with our Excel sheets. And no offense against Excel, I love it to bits, but it's it's coming to his natural limits and border limits when when when processing data and and and using digital tools. The business continuity is not to only focus on on the effectiveness of the processes, meaning the dashboards, the targets, but also reviewing and managing the efficiency of the processes. That is also not a new requirement per se. But however, the auditors will all be instructed to stress that a lot more during audits as to what to what extent process owners are really reviewing the efficiency of their process. Is there not anything that makes my work faster, more efficient, lesser resources to contribute to the resilience or to the business continuity? Because process efficiency will be one of the main drivers in the future to maintain exactly that. So those are basically the the focus points on that. Yeah, and coming back to your question, which which standards, well, we talk about uh the 9001 and 14,001, but we can continue that as well. ISO 9001, guys, has is a little bit in delay. It was announced to to be published mid-year 2026. Currently, if you look at the information and data, it's rather gonna be Q3, if not even Q4, this year. So it's gonna be delayed. Yeah, by by by by end of this, uh by end of this year. It will be all still structured according, as you can see in the headline, according to that HSLS, the high-level structure, or the NX SL. So we still find the requirements from chapter four to chapter 10 in both 9001 and 14,001. 14,001, 9001 will land first. That that is yeah, that that is a known fact by by end of this year. 14,000 appears to follow then shortly into to Q1 2027. All right. Also, the 45,000 is under review and currently announced for 2027. And with that, with the revision of 9001, for all the automotive delegates that are dialing in, which I believe is the vast majority in any case, you can imagine that ITF is is coming to the party as well, as it currently sits, also somewhere in the beginning. They say February, but I believe rather half year in in 2027, we will be also facing a new ITF 69 for 9 revision in that. I hope that answered your question.

Tarryn Jordaan 15:25

Yes, thank you. And what are the key themes emerging so far?

Hans Trunkenpolz 15:34

Well, the key themes, as as I said earlier, the the the risk-based thinking approach has been already implemented, been implemented in the 2015 version. However, ISO is under the impression that the way the organizations conduct the risk-based thinking approach in terms of method use, but it also in rolling out the responsibility and empowering the process owners throughout the organization is still not effectively conducted and consequently a strong point of emphasis in the future where where the standard will bring in a lot more clarity and what is required and whatnot. Currently, and I can see that anywhere you go, it's still not incorporating and powering the process owners in this process to a level as it as it should be. So risk-based thinking will be a day-to-day process because you remember ISO 9001 is is the framework in which you conduct your business. That's basically what it is. But in that framework, you run your processes. Okay. But then we have, according to chapter four, 4142, we identify internal but also external issues. And those external issues are war in Russia, war in Iran, inflation, the general, the general marketplace condition, reduced quantities, customers are calling off. So those are all external factors that are currently ever changing, and they are bombarding my framework in which we conduct our business. That's the ISO or ITF system. So ISIS under the impression that the systems are currently way too static in the organizations to adapt to ever-changing external factors. And that's that's where they zoom in a lot more. And once again, we also need to prepare the auditors on all levels to consider that in their assessments and evaluations. Furthermore, where ISO also believes we need to perform a lot more is the area of how do we measure the process performance and the KPIs. So so ISU says we should we should be more facts-driven, data-driven, rather rather than just understanding what procedures say, if if if if that makes any sense. But they're not really meeting the effectiveness of the process per se. A practical example could be whenever you go in an HR department, you will find fluctuation, you will find uh turnover KPIs, and they're important KPIs, don't get me wrong. But there are neglectable, there's next to no KPIs to measure the competence of people at the organization. And and and ISO is going to be a lot more stronger on that, so that we use not just KPIs to show something to an auditor, but also are they relevant and are they effective to really monitor the process performance?

Tarryn Jordaan 19:25

Yeah, not just KPIs for the sake of a KPI.

Hans Trunkenpolz 19:28

Yeah, exactly. And last but not least, in chapter four, the context, the organization, which is actually the business DNA of the organization, the interest and the expectations of interested parties is an existing requirement. Once again, there's nothing new. But the the reviews, if the interested parties have all been considered and satisfied, will be a much bigger point of emphasis as well. And and also all the way to the life cycle perspective. So life cycle is what is after end of production, what's happening in the recycling area that's also linked again to legal requirements of ESG and and the like. So the life cycle will be much more in detail on the 14,000 than on the 9,000, but it already starts demanding that.

Tarryn Jordaan 20:22

Okay. Okay. Two clear things to me, uh Hans, is that um the essentialness of this risk-based thinking, because I'm just thinking back the last few years I've been working with you since that infamous year 2020. It just feels endless in terms of external factors. And then if we don't even take the major factors, you've got other potential crises in your supply chain that aren't some kind of global crises, but you know, uh supplier could be knocked out, or or whatever it is for whatever reason, an issue at their plant. So yeah, it seems essential to me. And and when I look at the sorry, you're you're 100% right.

Hans Trunkenpolz 21:07

And and the last one on the context here on the bottom one, when you see the life cycle, that also very, very specifically includes the supply chain. Because we do realize right now that that we're losing the supply chain more and more. And and we also need to understand that that the big corporations, the OEMs, if I want to call it that, they cannot only mingle around with the tier one suppliers, the tier ones also need a supply chain of sub-assemblies and components. And it's it's it's it's currently really, really a very challenging time around the to to maintain to maintain the this this supply chain. And consequently, ISO fires up now the focus on that life cycle, which includes uh also the the the supply chain. Yeah, definitely.

Tarryn Jordaan 21:57

Yeah, it's just things I've I've picked up over time. I feel like uh through the tears, the the The essentialness of these factors are important, and that's maybe missed. Yeah. I also like what you said about its quality mindset, not just the quality department in charge of this, which makes absolute sense. But I mean, we've done so many webinars on different topics, and then I think it's kind of similar to T-Sex. T-Sex is mistaken to be an IT department thing. It's not only an IT department thing, it's across the board. It's a way of thinking.

Hans Trunkenpolz 22:36

No, absolutely. Absolutely. And this is, and yeah, it's also a good point. And this is why, this is why, and I say this again, and I say this with confidence. It's it's not this reinventing the wheel that's that that one can expect in this revision. But be careful, it will emphasize a lot more on existing requirements, and the whole industry, auditor industry, will also be asked and updated and uplifted to specifically monitor these requirements that already existed, like risk assessment or management review or internal audits. Are they really conducted in an effective manner to reinforce and contribute to sustainability of the organization? Bottom line.

Tarryn Jordaan 23:30

And not just KPIs or documents or whatever it is or meetings for the sake of it, should actually really benefit the business. And you know, me, I'm a bit of a more of a creative mind. To me, something like standards and systems and processes and procedures. I'll openly admit I dodge them as quickly as possible. But where they are done and implemented in a way that benefits and actually helps us get through our day, it doesn't actually feel onerous. It's not that tick box exercise, which to me was was the misperception I had of these standards and their requirements.

Hans Trunkenpolz 24:10

Well, the misperception is still out there, Terry. Since 2015, based on that risk-based thinking approach, I swinged the organization, left it up to the organization based on the risk you decide what needs to be a documented information. All right. And and and and people went overboard with that, you know, just cutting here, cutting there. But if you want, if you want to have confirmation of of process performances, you know, you just can't get away with a certain amount of documented information and and and the likes of. And that's that that's basically what what ISO is after, stronger than ever before. I think there's a huge challenge to to uplift the auditors to really zoom into these focus points as as the new ISO standard uh planned it to be.

Tarryn Jordaan 25:05

Then it's actually that the next thing I wanted to ask you is that leadership's often asking what changes for them. Oh, you've got it there. What changes for them specifically? What are auditors expecting? What's your message to plant leadership in corporate teams?

Hans Trunkenpolz 25:22

Uh the the the plant, I I think the near revision with this high focus point, there are three interested parties that will be affected the most. Well, one, of course, are the top dogs, the runners of the business. And number two, the internal auditors or the auditors per se. And then thirdly, if not on the same level, the process owners, because ISO 9000, uh, you must remember the process owner requirements was not part of ISO 2015. All right. It was it was, and everybody that is in the automotive industry dialing in here today will confirm that has been a very specific ITF requirement.

Tarryn Jordaan 26:04

Oh, yes.

Hans Trunkenpolz 26:04

But but but ISO is bringing that forward and specifically talks about process owners now, more in the operational level, but but basically all identified processes from chapter four shall be sh shall have an a process owner. But but even in the ITF area, it's organizations often go the easy way. They they take the existing, they take the existing organization chart, and then they see there's all these department managers, and then they became automatically also the process owners. Which was never really which which was never really the intention of that standard. The true intention was basically to break down all the silo thinking and empower the organization over a broader range of people, basically. A process owner can still report to a manager, no problem. But that was also terribly misinterpreted in the majority of the organization. It's it's really it's almost ridiculous. And and that will also be stressed. Accountability, empowerment, so everything will have a much stronger emphasis than than than than ever before, uh, rather than formulating a new requirements.

Tarryn Jordaan 27:26

Okay.

Hans Trunkenpolz 27:27

If that makes sense. So quality alone, accountability cannot be delegated to quality. This is what I said about quality culture, very strong point. Uh, that's that's coming forward. And and and if these quality management system representatives that we still have to this day out in the industry, ridiculous, absolutely ridiculous. That position is actually been declared obsolete already in 2016 in the ITF. Yeah, obsolete, and still we do have them. And and and and these quality managers come a customer audit, comes a certification audit. They still walk with the auditors all along and spoon feed and babysit the whole organization. And ISO said, stop that. Empower the people, empower, bring the process owners forward, make them accountable, off we go. Yeah, so that was the real intention. ISO found out that this has never been implemented effectively. Consequently, they're not creating a new requirement, but they're emphasizing a lot stronger on the correct and effective implementation of existing. And and so so don't fall in this trap, guys, that you believe this quote what we made earlier, it's more an evolution than than than than the revolution. We it is not enough, people. It is not enough today to do the right things. We also have to do the things right, and that's a massive difference. ISO figured that out. We are not on that way yet. Consequently, improving the emphasis points and not not creating new requirements.

Tarryn Jordaan 29:20

Yeah.

Hans Trunkenpolz 29:22

If that makes sense.

Tarryn Jordaan 29:24

Absolutely. I'm actually just writing that down. We have to do it, it's not enough to do the right thing, we have to do the things right. Yeah. See, I tease you, but I'll do listen and learn a lot from you, huh?

Hans Trunkenpolz 29:37

Yeah, what what what else is on the management review, on the for uh the impact on on leadership is the process of of of management review. And I sort of found that out as well, and that's why we cannot, it is so difficult when you go out to connect any business strategy all the way to the decision-making process in the management review. It's it's it's next to impossible. All right. If you look, if you if I look, if I go for an audit and I look into the last, and I always ask for the last three years, last three years of what is the output of the management review.

Tarryn Jordaan 30:18

Okay.

Readiness Checks And Gap Assessments

Hans Trunkenpolz 30:19

First, I asked the top docs, said what is the difference between a management review and an ops meeting? And he said, not not much. He said, Well, have you ever considered that the QMS review might have a different purpose to your ops meetings that you do on a weekly and monthly basis in any case? If I asked 10 leaders and said, if I would take this management review report away from you, what as of tomorrow would run worse or better in your organization? And they all say, When you take it away from me. I thought we have to do it for the audit. And and and this is what what I saw is now after. So link everything with the business strategy, with resilience and business continuity, and and an effective decision making into the management review. Guys, understand one thing: this management review is your central driving tool to help your framework to adapt to external, ever-changing influencing factors. If you don't get this out of the management review, you have no other two. If you look into the three years back, conclusion: do we need any changes in the system? You can go back as many years as you want. How can your framework in this business remain static when the external factors like wars and inflation, all that are ever changing? It needs to adapt, and the QMS review is the driving force to reinforce your innovation of your business operating system framework, which we call ISO. And that will be stressed a lot. Interesting. Yeah, the the practical impact now means the management review must drive the decisions and actions. So the the the framework of your management system must be adaptive to the external factors. It cannot remain static. And it is over most of the times static. There's no impacts, there's no decisions made to drive. The management review drives the decisions and actions based on the link of the business strategy papers, three years, five years, whatever, or business plan, whatever you want to call it, and it must follow through all the way to risk-based thinking supported decisions in the management review. And those links are currently missing in the majority of the cases, and this will gonna be a focus point. Objectives must be linked to the risks, risk-based will be stressed a lot more with those leading and lagging indicators, not only for the process effectiveness, but also for the efficiency. Because again, the efficiency will be a massive contributor to sustain your operations. And last but not least, the environmental aspects, and that's 14,000 considered across the value chain as per ESG requirement, which is European legal requirement, and that's also involving the supply chain, end of production times, recycling times, and the like stuff. So and not so much focus the aspects on the company itself. So it goes beyond align with the ESG requirements.

Tarryn Jordaan 34:06

So what can be done like in the next in the next short term to prepare and start getting ready?

Digital Tools AI And Audit Efficiency

Hans Trunkenpolz 34:14

Darren, to be honest, to be honest, if someone feels comfortable now to say there's not many more requirements coming in, would be a big mistake. Simply because of the before said that we haven't cleaned up, we haven't implemented effectively so many existing requirements, which will be zoomed into much more, much more than than than ever before. So what can be done is to run your self-assessment. The standards are not ready released, but the this documents, the ones that are open for public, based on which we get all our information out, should be should be gathered at the first place immediately. It's unfortunately not free of charge, but but you can order that on the ISO on the ISO website at any given time. And review for yourself and get the operations ready with a self-assessment, a gap analysis, if you want to call it that. So maybe so complete a gap assessment against the new ISO themes with the high focus points, and then maybe start prioritizing already three, five actions, whatever it is, because you need to prepare now the process owners and the top dogs of the world, because the quality managers or the quality management system representatives, they will be taken out of the game. They will be put on pause by the auditors, and they want to talk to the process owners, and they will treat them like a like a DNA integrated, empowered process owner, if if that makes any sense. Yeah. And then prepare the leadership and internal auditors also for the new expectations. And well, that will be the quality departments in in any case. But whoever of you out there that that will be conducting internal audits, you may start to uplift already now. Elsewise, it will be an overwhelming amount of emphasis points, not new requirements. So we stick to our statement. It's not a revolution of news, but it's a higher emphasis on the shortfalls of existing requirements that I so felt we we need to clean up first. So that is something that that is my advice to each and everyone out there to start the engines now already, to not be overwhelmed with with uh the complexity and the in-depth focus of certain requirements that that will be much more clarified in the standard than than in the 2015 versions. Let's let's put it that way. Yeah, let's see what else we have. Yeah, these ISO readiness checks. That that's well worked into this presentation, Taryn. Well done. Uh, on the left side, you see those management system aligned with business strategy. This is what I I just uh I just elaborated on. It must follow through from the business strategy to the risk assessment, into the processes, operations, support processes. Process owners must review the efficiency and the effectiveness throughout the year and feed it in into the management review based on which management does make decisions. So that must be following through according to the PDCA circle. Uh, clear ownership of objectives, that means bringing the process owners forward a lot more, not relying so much on the quality departments and evidence-based management review decisions. And on the right-hand side, from green, yellow, and red, ask yourself that. Is that a shortfall? Are we in green? Are we in yellow? Are we in red? Okay, to the before set. And if you run into red, run. Start now. Don't don't wait till the standard comes in in the end of the year, because it will be very overwhelming. Because it needs a cultural change. You need to understand that. I mean, we've been process owners in these days, they feel very comfortable to have that QMR available. They feel very comfortable. All right. And but that's no more longer allowed. They must step back in a controlled manner to bring the process owners forward. Another checkpoint for you is that's on the leadership side, on the process performance, define process owners at operational levels, so operational and subprocess level. KPIs with effectiveness and the efficiency. And I want to stress this efficiency, where there is very, very insufficient reviews done by process owners for their own efficiency. That is running well in the operations. That's where we put food on the plate, uh, OEs and the likes of. But in the support processes, there is happening next to nothing. Also, how process owners are integrated into the risk assessment. That's a continuous process throughout the year. You cannot let the risk run and not mitigate when when outside factors change and wait till the end of the year because the management review is coming. Doesn't make any sense. And also, corrective actions must be driven by trends in all areas, not only from audit findings and the likes of. And then you can ask yourself again: do you find yourself in green, yellow, or red? If you find yourself, as per your self-assessment again on red, run. Simple. Run. Because it's a very time-consuming process to prepare the company leaders and the process owners for this change. This is a cultural change of note. And and and and and that cultural change request was already stipulated in black ink on white paper since 2015. Remember that. And in 11 years, we still have a situation where these requirements are not implemented effectively. Consequently, ISA was not creating a new requirement. They said, but let's focus in and let's help that these valuable requirements get implemented in the most effective manner to support resilience and sustainability and the business continuity and the like so. That's for process performance, for the risk assessment, your environmental aspects. They're leaving the boundaries of the company. That's for 14,000. It goes all the way to the life cycle. So end of production, all the way to recycling, very strongly linked to your strategy because as an input into your strategy, you get also legal requirements, and ESG is a legal requirement, or depending on the size of your organization. But as of 2027, literally every company is involved. So that needs to widen up the boundaries of the assessment of your environmental aspects and impacts. Risk and opportunities integrated into the planning. Planning is your chapter six in ISO or in ITF. When you plan your management system, and it's again not a quality department system, it's a business operating system. All right. So that risk and opportunity assessment, which will be much more clarified in the new updates, all right. Not as rudimentary and generic as we had it in the 2050 version. That's why it went all south. Integrated into the planning, and the auditors are now asked to really follow that through from the planning all the way to the execution to the monitoring and control. Pew. But that but that aspect was meant to be that way already since 2015. So I suppose it doesn't make sense to fire up more new requirements. Let's clean the existing ones up, if if that makes any sense. And the controls monitored and reviewed for effectiveness. Yeah, I did elaborate on that. So the future, one more time, guys, is not only to look at the effectiveness side that you have a green dashboard. We also need to look into the efficiency of the processes, including every support process. That's where we can reinforce and support sustainability and business continuity. That is a massive contributor to maintain your competitiveness, if you want to call it that. If you only look into what is happening now on AI supported tools only in quality management, it will blow your mind. And we still run around with Excel sheets and words and tablets and the likes. Not as many as I would wish to see, but the ones that I and I like to call them front runners, if you go into and Follow up what's already happening in AI-driven support tools to improve efficiency on the support processes is mind-blowing. It's absolutely mind-blowing. And the time is not already to implement AI tools in certain activities. The next step is already in preparation to make it a fully integrated into the infrastructure, IT infrastructure. So that's already the next step. But we need to start with the first one, you know, and sink your teeth into this. The quality guys are not having not having the time. And consequently, we need to free them by reinforcing and powering the process owners so that they find time to permanently check the markets and work with associations and the likes of to find what is new, what technology, what can improve the efficiency, and then bring it into the organization, make an assessment, give it to the process owner, and off we go. They just don't have time. So we keep on doing the things because we've always done it the same way. And that's very risky for sustainability. Yeah. And then I have, yeah. No, those are the ones I would like to bring forward as as recommended steps going forward. And again, you can do your self-assessment from green, yellow, and red. And if if you need any help, as as Taryn just said earlier, just just stay in touch with us and and we we can give you some further guidance. So that being said, ISO revision will reward a strong and well-run systems, not with new requirements, but checking more the effectiveness of existing ones. That's what it is, bottom line. And early preparation will reduce also your risk for certification, although you will have the typical three years transition period. So for all the standards, we're talking about three years transition periods and and and and and use the changes, not the changes, but the the higher emphasis to really strengthen your business operating system, which which ISO is or ITF is. It's a business operating system framework in which you conduct your business. And it must permanently adapt to the ever-changing external factors.

Q&A Documentation Time And Closing

Tarryn Jordaan 46:36

This sounds quite positive to me. Not as as scary as I expected an ISO update to be. Exactly.

Hans Trunkenpolz 48:11

Simple as that.

Tarryn Jordaan 48:13

So Hans, I'm gonna open the floor now for general QA from everybody. I think I've got a couple comments first from Florina. You've been presenting, so you wouldn't have had a chance to see these comments rather than questions. It makes sense. For planning, performing, and managing audits in a company, as well as managing KPIs and taking the correct decisions. The recommendation is to implement software for audit management. Of course. This allows continuous improvement of the audit process and stores all your data in one place, making it easy to analyze trends, identify risks, and generate audit-ready reports in seconds. Absolutely. Also, mobile apps are available and this makes it even easier for makes makes the audit process even easier for auditors, especially uh for layered process audits. Auditors can capture findings, attach evidence, complete entire audits right from the floor, online or offline. And exactly that. I mean, I'm all for tools like this. All the KPIs are generated just in time. In my opinion, Florina, this is the next strategy related to audit management for all companies that want to keep growing and take complete control over their audits. 100%.

Hans Trunkenpolz 49:36

Yeah, that's not a quote, that's a statement, huh?

Tarryn Jordaan 49:39

It's a statement, yes.

Hans Trunkenpolz 49:40

Yeah, no, I and I fully agree, guys. If you look out there, what is already available to reinforce exactly what's what this lady said, it it will blow you out of the puck. And it's uh and it's amazing. And it's all geared up for two things to drive efficiency and and and get data accuracy. That's where ISO will also put a high emphasis. Data accuracy, how do we statistically analyze the ISO is is tired of looking at these data cemeteries. You have so many databases, the data are coming out of your ears. But in what way are we statistically analyzing? Are these data accurately? And can we, does it support an effective decision-making process? That that's that's that's coming in here. Not a new requirement again, but it's now reinforced, as the lady says, by technology, by tablets, internal audits, and the like.

Tarryn Jordaan 50:39

Yeah.

Hans Trunkenpolz 50:40

Because your internal audit program is a farce, it's an absolute farce. It's just ticking the box for something. We're not getting enough out of this uh so powerful tool. The reputation of internal audits is down the drain. We're not getting the right things out of it, we're not generating enough improvement ideas and and and findings, nonconformities. And and and there it goes its way. And and and and and the bad thing for the QMRs is the top dogs are not supporting it, the process owners are not supporting it from bottom, and the quality guys get grinded there somewhere in the middle. And and over time they can only run away in frustration. There's no other way. I agree with the state very much.

Tarryn Jordaan 51:28

Always direct uh Hans. Your internal audits are far. He has a question coming up from Martin. Certifying auditors tell me that they are stuck with documentation and this they spend less time out where the magic happens. How do you think this might change with the new revisions?

Hans Trunkenpolz 51:51

Is this for certification auditors?

Tarryn Jordaan 51:54

Uh yes. Certifying auditors tell me that they are stuck with documentation, they spend less time out where the magic happens. How do you think that might change?

Hans Trunkenpolz 52:09

Honestly, whoever whoever raised this question, actually, I would like to I would actually like to take this offline to to stay politically correct. Honestly. Nothing. At least when I say nothing, let me elaborate on that. Certification auditors are extremely tight with with time. Reason being is that the audit mandates on site are dictated by the regulatories, and and and the amount of employees gives you certain minimum mandates that you have to spend for a certification audit. And and I I can tell you, with all the routine that I gathered over 3,000 days in the last 35 years, I I even still find it difficult to effectively zoom into what is needed to be done according to the plan. Time will show. But it's a challenge for the auditors, let me let me tell you that much. Yeah. But don't rely on them. This is where you need to up the game for the internal auditors and uplift them. They're still doing too much, too much the whole system. Put smaller, small amount of processes, increase the time and go into depth. Take your time and really get all the improvement leads up. And that's that's the that's actually the part of the internal audit, not so much of the certification audit. Okay, that makes sense.

Tarryn Jordaan 53:51

Not politically incorrect either. I've got a couple of couple raised hands, yeah, although I'm not sure because they've they've been since the start. Claudia and Steve, from your little widget for raised hands are up.

Hans Trunkenpolz 54:07

If you okay, if you would like to chat, just pop me a message. Claudia and Steve.

Tarryn Jordaan 54:30

It's like we expected, Hans, maybe fewer fewer questions for this topic, more more commentary. That's fine. Yeah, it's it's absolutely fine. It's a little bit like we expected. I trust and hope everybody uh I found this comprehensive. It's great for me. And for moving forward in the HTA team with the with the updates we need to make, I'm sure I can think of a few areas already to brush up on. The the recording for this meeting will be ready within the coming days, as I mentioned. Please share foreign wide. Please also reach out to us. It doesn't matter whether you whether it's a quick, short question or or something bigger. We are here to help. Hans, as always, thank you very much for making time.

Hans Trunkenpolz 55:20

And thank you. Thank you, everybody, for joining.

Tarryn Jordaan 55:26

Hey, first time ever, we hit it exactly on time. Bye, everyone.