Understanding ISO 9001:2015
What is the ISO 9001
standard all about?
The ISO 9001 standard incorporates internationally recognized management concepts, principles and practices
into a set of standardized requirements for a quality
management system (QMS). These standardized requirements define controls that focus on improving an organization’s ability to
deliver products or services to:
Consistently meet customer’s quality requirements
Meet applicable regulatory requirements
Enhance customer satisfaction
Improve its performance in pursuit of these objectives.
The ISO 9001 standard focuses on improving an organization’s management system and processes. It does not specify
any requirements for product or service quality. Customers typically set product and service quality
requirements. However, the expectation is that an organization with an effective ISO 9001 based QMS will indeed
improve its ability to meet customer and regulatory requirements.
ISO 9001requirements are complementary to customer’s contractual and applicable regulatory requirements. Those
implementing a QMS conforming to ISO 9001 must ensure that the specific requirements of their customers and
regulatory agencies are met.
In the past few years, industry groups have developed sector specific applications of the ISO 9001 standard. These
include the automotive, aerospace, environmental, telecommunications, health and safety, etc. All these
sector-specific standards incorporate the full requirements of ISO 9001 as their foundation and then add new
requirements or amplify ISO requirements.
responsible For revising the standards?
The ISO Technical Committee no.176, Sub-committee no.2 (ISO/TC 176/SC2) is responsible for the revision process in
collaboration with quality and industry experts nominated by ISO Member bodies, and representing all interested
Why the need
to issue a new version of ISO 9001?
is subject to periodic review to determine whether it is still relevant in its application to the
business environment and its needs. The review process determines what requirements need to be added, updated or discarded.
The last review and update
was in 2008. That change was considered minor and dealt with clarification of points already in the standard rather
than the inclusion of new requirements.
This latest edition of the
ISO 9001 standard ISO 9001:2015, Quality Management System – Requirements is the 5th edition of the ISO 9001 standard since it was first published in 1987. This
change is considered major and some of the reasons given include:
The need to reflect and adapt to the
increasingly dynamic and complex business environments
in which organizations operate.
Increasing cultural diversity of the
The emergence of new
More complex supply
chains. (Copyright material
To ensure the new standard reflects the needs of all relevant
Decrease the emphasis on
Increase the emphasis on providing value for the organization
and its customers.
Recognize the risk management thinking underlying the
preventive focus of previous versions of the standard to achieve
Organizations that use multiple management system standards are
increasingly demanding a common format and language that is aligned between those standards.
Greater awareness of the need for sustainable development initiatives towards
a consistent foundation for the future.
What are the potential
benefits expected from the new version of ISO 9001?
Less prescriptive, but with greater focus on achieving conforming products and
services. (Copyright material askartsolutions
More user friendly for service and knowledge-based organizations
Greater leadership engagement
More structured planning for setting objectives
Management review is aligned to organizational results
The opportunity for more flexible documented information
Addresses organizational risks and opportunities in a structured manner
Addresses supply chain management more effectively
Opportunity for an integrated management system
that addresses other elements such as environment, health & safety, business continuity,
Does ISO 9001 still apply
to all organizations – big, small, different sectors and different items – products,
The concept of the standard has not changed; it’s applicable to any type of organization – manufacturing, service
and non-manufacturing; for profit or not for profit businesses, regardless of the size, type or its core
What are the key changes in
the new standard?
The adoption of a 10-cl
ause structure and core text consistent with all other ISO management
Better compatibility with the service sector and non-manufacturing
A need to clearly understand the organization and its context to avoid a “one size
fits all” approach to QMS application and implementation;
The recognition that while preventive action was implicit throughout the standard, there was need to
make it more explicit through the application of risk-based thinking, i.e. the identific
ation and associated mitigation, both at the strategic and (Copyright material askartsolutions 2015)
The need to consider additional factors in determining the boundaries and applicability of the QMS to
establish its scope.
Improving the understanding and app
lication of the process approach through the application of risk-based thinking in conjunction with the
context of the organization;
A somewhat co
ntentious change to the use of the term “documented information” from the terms “documents” and
“records”; and secondly providing greater flexibility in the need for providing documented
information; (Copyright material
A change in terminology from the use of the te
rms “purchasing” and “outsourcing” to the term “externally provided products and
A wider scope has been put on seeking opportunities for improvement. While continual improvement still
remains a requirement at the operational level to e
nhance customer satisfaction, the need for strategic improvements through break-through change,
innovation, use of new technologies, reorganization and other means to significantly improve products,
performance and customer satisfaction, has been added;
The wording of Leadership requirements have been beefed up to put more specificity and emphasis on
More emphasis on change management throughout the standard;
need to establish and maintain the continuity of organizational
More specificity in requirements related to post-delivery
The scope of requirements to analyze and evaluate the data and information gathered
from monitoring and measurement, while not widened, has been made more
The need to track trends in operational performance and customer satisfaction for management (Copyright
material askartsolutions 2015) review;
Further dampening down of manufacturing sector terminolo
gy for greater application and acceptability by the services and
How has the structure of
the standard changed?
new structure is designed to align with the uniform 10-clause high level structure developed by ISO to
facilitate greater harmonization among the many different ISO management system standards. The next revision to ISO
14001 will also adopt this same structure, which is based on the PDCA (Plan-Do-Check-Act) methodology. All ISO
management system standards will now adopt this structure. (Copyright material askartsolutions
This will make it easier for organizations to integrate the common requirements of more than one ISO management
system standard within a single system. This should provide significant economies in terms of effort and cost in system development,
implementation, maintenance and (Copyright material askartsolutions 2015) costs of
The following chart illustrates so
me of the key structural differences between ISO 9001:2015 and the current ISO
Structure Comparison Chart (FDIS
3. Terms and definitions
Terms and definitions
4. Context of the organi
Quality Management System
Measurement, analysis, and improvement
Do we have to change our QMS structure and terminology to
reflect the changes in the revised standard?
is no requirement for the
structure and terminology used in this Standard, to be applied in developing and documenting an organization’s
quality management (Copyright material askartsolutions 2015) system. Organizations can choose to use
structure and terminology that suits their operations (e.g. using “records”, “documentation” or “procedures”
rather than “documented information”; or “supplier”, “subcontractor” or “vendor” rather than “external
following table shows the major differences in terminology between this new edition of the Standard and the 2008
Products and services
(See clause A.5 for clarification of applicability)
material askartsolutions 2015)
(Similar responsibilities and authorities are assigned but no requirement for a
single management representative)
Documentation, quality manual, documented procedures,
Environment for the operation of processes
Monitoring and measuring equipment
Monitoring and measuring resources
Purchased product and services
Externally provided product and services and services
The structure of clauses is intended to
provide a logical presentation of requirements, rather than a model for documenting an organization’s
policies, objectives and processes. It can be more relevant to the organization's users if the structure and
content of QMS documented information relates to the processes operated by the organization and information
maintained for other purposes.
How has documentation requirements
documented procedures are no longer mentioned; it is the responsibility of the organization to
maintain documented information to support the operation of its processes and
retain the documented information necessary to have confidence that the processes are being (Copyright material askartsolutions 2015) carried out as planned
. The extent of the documentation that is needed will depend on the business context.
The standard does not mention a quality manual. Is it
The new standard does not specifically mention a quality manual, however it requires the organization to
maintain documented information necessary for the effectiveness of the quality management system (QMS). A quality
manual is one of many ways to do this. An organizations may find it quite convenient and appropriate
to describe its quality management system in a quality manual.
Why has management review been moved to performance
The sequence of the new version of ISO 9001 is based on the Plan, Do, Check, Act methodology. Management review is
a tool to evaluate the overall performance of the quality management system. So it makes sense for management
review to come under performance evaluation after requirements for analysis and evaluation of quality management
The title of management representative has been removed.
How is the performance of the system reported to top management?
Although the specific requirement for a management representative has been removed, top management must
still ensure that roles and responsibilities are assigned for reporting on the performance of the QMS. Some
organizations might find it convenient to maintain their current set-up and designations, with a single person
carrying out this role. Others might (Copyright material askartsolutions 2015) take advantage of the additional
flexibility to consider divvying up the responsibilities depending on their organizational
Why has product been changed to product and
ISO 9001:2008 had already made it clear that the term product also includes service, so there is no impact in
practical terms. The change is more to reflect the far wider use of the standard outside (Copyright
material askartsolutions 2015) the manufacturing sector and to emphasize its applicability in the service
What is risk-based thinking and why has it been
introduced into the standard?
The phrase risk-based thinking is used by ISO 9001:2015 to introduce the requirement for addressing the
question of risk and its control. The concept of risk has always been implicit in ISO 9001, by requiring the
organization to plan and implement its processes and manage its business to avoid unwanted results. Organizations
have typically done this by putting greater emphasis on planning and controlling those processes (Copyright
material askartsolutions 2015) that have the biggest impact on the quality of the products and services they
The way in which organizations manage risk varies depending on their business context (e.g. the criticality of the
products and services being provided, complexity of the processes, and the potential consequences of failure). Use
of the phrase risk-based thinking is intended to make it clear that while addressing risk is important,
formal risk-management methodologies and risk assessment are not needed for all business situations and
organizations. For further information about risk-based thinking (see Annex A).
What has been changed in terms of
ISO 9001:2015 has widened the scope of planning and now requires the organization to address risks and
opportunities, quality objectives and planning of changes throughout the organization. As new products,
technologies, markets and business opportunities arise, it is to be expected that organizations will want to take
full advantage of these opportunities. This has to done in a controlled manner, and be balanced against the
potential risks involved that could potentially lead to undesirable side-effects.
Are organizations still allowed to exclude requirements
of ISO 9001?
9001:2015 no longer has a specfic reference to “exclusions” in relation to the applicability of its
requirements to the organization’s quality management system. However, an organization is still allowed
to determine the applicability of requirements. All requirements in the new standard are intended to
apply. Conformity to this standard (Copyright material askartsolutions 2015) can only be claimed if the
requirement determined by the organization as not being applicable does not affect its ability or
responsibility to (Copyright material askartsolutions 2015) ensure the conformity of products and services
and the enhancement of customer satisfaction.
What is the process approach and is it still applicable
to ISO 9001:2015?
The process approach is a methodology for
obtaining a desired result, by managing activities and related resources as a process. Although the clause
structure of ISO 9001:2015 follows the Plan-Do-Check-Act sequence, the process approach is still the underlying
concept for the QMS. For further guidance, please refer to the Support Package module: Guidance on the
Concept and Use of the Process Approach for management
Alignment of the revised standard to the PDCA format
(Plan, Do, Check, Act)
Clause 4 – Context of the organization
Clause 5 – Leadership
Clause 6 – Planning for the QMS
Clause 7 – Support
Clause 8 – Operations
Clause 9 – Performance evaluation
Clause 10 - Improvement
material askartsolutions 2015)
What is meant by the context of the
This is the combination of relevant internal and external factors that affect an organization's ability and
approach to providing products and services to its customer.
External factors can include, e,g. cultural, social, political, legal, regulatory,
financial, technological, economic, and competitive environment, at the international, national, regional or local
Internal factors typically include the organization’s corporate
culture, governance, organizational structure, technologies, information systems, and decision-making processes
(both formal and informal).
The standard requires that an organization determine which of these factors could impact its
purpose, direction and quality management system and accordingly monitor and review (Copyright material
askartsolutions 2015) these factors and use this information in determining the scope of the quality management
What are the needs and expectations associated with
interested parties? (4.2)
the interested parties that are relevant to the quality management system and the requirements of those interested parties, as outlined in clause 4.2. However, there is no intent in this standard to broaden the scope of the
quality management system to include meeting the needs and requirements of interested parties, other than customer
and applicable regulatory requirements. Such a change would require a change
to the scope of the standard which is not permitted by the mandate for this revision.
The organization is required to identify these interested parties, monitor and review information about their
needs and requirements that are relevant to the QMS and consider it in determining the scope of the
The relevant interested parties other than
customers, external providers or suppliers and regulatory bodies can include investors, top management, employees
and their unions, the community and environment around the organization depending on it. The organization
(Copyright material askartsolutions 2015) needs to interact with these parties on a periodic basis to understand
their needs and expectations
the scope (clause
1), this standard is applicable to an organization when it needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction.
Needs and expectations
Quality, price, delivery, services
compliance with legal requirements
Good job environment; job security; recognition and reward
Mutually lasting beneficial relationship
Environmental protection; ethical behavior
What is meant by organizational knowledge? (7.1.6
is knowledge specific to the organization; it is the accumulation of knowhow and useful information relevant to
the organization obtained through experience, improvement achieved, lessons learned and the application of
technology and research. It is information that is used and shared to achieve and further the organization’s
objectives. Requirements regarding organizational knowledge were introduced for the purpose of safeguarding
the organization from loss of knowledge (Copyright material askartsolutions 2015) and encouraging the
organization to acquire new knowledge as its business context changes.
Documents and records have been replaced by documented
information. What does this mean? (7.5)
Documentation, documents and records are now collectively referred to as documented information. Where
that documented information might be subject to change (as in the case of procedures, work instructions, etc),
organizations are required to maintain the information up-to-date; where the information is not
normally subject to change (for example records) the organization is required to retain that
There is no requirement for the terms used by an organization to be replaced by the terms used in
ISO 9001:2015 to specify quality management system requirements. Organizations can choose to use terms which
suit their operations, e.g., records, documentation, protocols, etc. rather than documented
Why has Purchasing changed to ‘Control of externally
provided processes, products and services’? (8.4)
This change reflects the fact that not all products, services or processes that an organization acquires are
necessarily purchased in the traditional sense. Some may be acquired from other parts of a (Copyright material
askartsolutions 2015)corporate entity, for example, as part of a shared pool of resources, products donated by
benefactors or services provided by volunteers. Even with the changed and beefed up wording, the control
requirements of this standard are essentially the same as in the 2008 version.
What has happened to validation of processes or what used
to be called special processes? (8.5)
Although there is no longer a standalone sub-clause, this requirement continues, and has been incorporated into the
sub-clause on control of production and service provision. (Ref. 8.5.1)
What is meant by post delivery activities and what is the
extent of an organization’s responsibility? (8.5.5)
This means that based on customer agreements or other requirements, the organization may be
responsible for providing support for their product or service after delivery. This could include, for example,
technical support, training, on-site testing and start up and commissioning, field service, routine maintenance, or
in some cases recall. All of these (Copyright material askartsolutions 2015) would typically be part of the
contractual requirments agreed to with customers or in some cases may be required by regulatory
What is the difference in the standard between
improvement and continual improvement? (10)
ISO 9001:2008 used the term continual improvement to emphasize the fact that this is an
ongoing activity. However, it is important to recognize that there are a number of ways in which an organization
may improve. Small step continual improvement is only one of these. Others may include breakthrough improvements,
reorganization, re-engineering initiatives or innovation. ISO 9001:2015 therefore uses the more general term
improvement, of which continual improvement is one but not the only component.
What is the transition time frame to comply with this
There will be a three year transition
period from the publication date of ISO 9001:2015.
Eighteen (18) months after publication of ISO 9001:2015 all accredited new
certifications issued (initial certifications) shall be to ISO 9001:2015.
Three years after publication of ISO 9001:2015, any existing accredited certifications issued to ISO
9001:2008 shall not be valid.
Guidance for transition
For the average ISO 9001:2008
certified company, the impact of the revised standard
be minimal and quite manageable.
One of ISO’s goals is to seek
greater inclusion for the ISO 9001 standard. They want to see it
into new sectors and be more user friendly than it is now. (Copyright material askartsolutions 2015) R
equiring a company to aggressively overhaul their current ISO 9001:2008 system is not consistent with this
For any organization the degree of change necessary will be dependent upon the
maturity and effectiveness of the current management system, organizational structure and practices, therefore
an (Copyright material askartsolutions 2015) impact assessment is strongly recommended in order to identify
realistic resource and time implications.
How will the revision affect my current
Organizations using ISO 9001:2008
a) Current users
Organizations that are
already certified to ISO 9001:2008 should contact their certification/registration bodies (CB/RB) to agree a
program for analyzing the clarifications in ISO 9001:2015 in relation to their individual quality management
systems and for upgrading their certificates.
should bear in mind that ISO 9001:2008 certificates have the same status as new ISO 9001:2015 certificates
during the co-existence period.
Organizations in the
process of certification to ISO 9001:2008 should change to using ISO 9001:2015 and apply for certification to
b) New users
New users should start
by using ISO 9001:2015.
Industry Sector Schemes
All of the major sector specific standards, including TS 16949, AS9100, and TL9000 have indicated their intentions
to transition and continue their alignment with ISO 9001. The timelines for these other standard updates are not
fully known at this time, bu
t a 2016 publication date seems likely for all three.
present the only major standard that is not planning to continue its alignment to ISO 9001 is ISO 13485, which is
in the midst of its own update with a targeted publication of early 2016.
(Copyright material askartsolutions 2015)
Accreditation Rules 20 and 21 were published July
22, 2015. Each includes a timeline indicating when CBs need to complete required actions
after publication of ISO 9001:2015:
CB Required Action
Consequences of Failure
3 months after publication
Apply for transition
6 months after publication
9 months after publication
Before or at the end of 3-year transition
All ISO 9001:2008 certificates expire.
(Copyright material askartsolutions 2015)
CBs are allowed to use the
FDIS ISO 9001:2015 version of the standard to begin the transition process. However, no CB can grant or date an
accredited certification to the new standard before the date on which the CB transitions its
Organizations certified to ISO 9001:2008 are recommended to take the following
1. Top management should
conduct a full QMS review to identify organizational gaps which need to be addressed to meet new
2. Develop an implementation
plan with assigned responsibilities,
3. Provide appropriate training
and awareness for all parties that have an impact on the effectiveness of the (Copyright material askartsolutions
4. Update existing quality
management system (QMS) to meet the revised requirements and provide verification of
5. A full system
internal audit followed by a management review should be completed.
Actions for all internal audit findings should be in process or complete.
7. Where applicable, contact
your certification body for transition arrangements.
How will the revised standard affect the employees of an
This will depend on the extent of revisions that an organization
may need to make
to its quality management system, but generally it will be expected to provide some form of transition training to
its staff. At a minimu
m, awareness training of the new standard
ould be provided, as well as an assessment (Copyright material askartsolutions 2015) of the new standard’s impact
on the various processes and personnel. However, it is entirely possible that the majority of organization’s
workforce will feel little or no
effect from the organizations transition to ISO 9001:2015.
How will this revised standard affect auditors and their
Moving from a prescriptive approach to a process based approach requires new thinking on how to audit.
Even though the process based approach to qms auditing was advocated as early as the ISO 9001:2000 edition,
unfortunately, many certification body (registrar) auditors continue to use checklists aligned with the clauses
from the standard.
The writers of the ISO 9001:2015 standard are hoping that with the strengthening of the process based
requirements, aligning the clauses to the PDCA methodology and addition of risk-based thinking, audits will take
place through a series of in-depth discussions and analyses focused on the evaluation of risk identification of the
QMS and its processes and related mitigation of risk to determine whether customers consistently receive their
expected outputs or services.
All QMS auditors,
internal and external, must beef up their skills by receiving new training in the concepts, tools and methods for
risk management and use this knowledge to investigate and evaluate conformity and effectiveness of processes and
QMS outcomes in consistently meeting customer requirements. The training should also focus on the
(Copyright material askartsolutions 2015) significant changes to
the standard and highlight key areas such as the process approach, customer focus, interested parties,
outcomes, and the integration of clauses when auditing a process.
9001:2015 eBook shows you how to easily and
effectively IMPLEMENT the requirements of this Standard.
Copyright material askartsolutions 2015