Understanding ISO 9001:2015
Quality Management System Requirements
2 © 2015 Copyright Art Lewis – askartsolutions.com
Copyright Notice
Copyright © 2015 by Arthur J. Lewis - All rights reserved
No part (information or graphics) of this publication may be reproduced,
distributed, or transmitted or commercially exploited in any form or by any
means, including photocopying, recording, copy-typing or copying and pasting
onto your website, blog or elsewhere, or other electronic or mechanical methods,
without the prior written permission of the author, except in the case of brief
quotations embodied in critical reviews and certain other noncommercial uses
permitted by copyright law. For permission requests, please contact the author at
Disclaimer
The information provided within this eBook is based on my personal knowledge,
thoughts and interpretation of ISO 9001:2015 requirements and from 45 years of
experience in business. This book has not been created to be specific to any
organizations‟ situation or needs. It is not intended to be the definitive word on
ISO 9001 interpretation and implementation. You may discover there are other
equally acceptable methods and information to accomplish the same end result.
While I have made every effort to ensure that the information in this eBook was
correct at the time of publication, I make no representations or warranties,
express or implied, about the completeness, accuracy, reliability, suitability or
availability with respect to the information or related graphics contained in this
eBook for any purpose.
I do not assume and hereby disclaim any liability to any party for any loss,
damage, or disruption caused by errors or omissions, whether such errors or
omissions result from accident, negligence, or any other cause.
Understanding ISO 9001:2015
Quality Management System Requirements
3 © 2015 Copyright Art Lewis – askartsolutions.com
About The Author
A. J. (Art) Lewis
Business Management Consultant
SUMMARY
Art applies over 45 years of strong business and operations management experience to
provide results-oriented ISO 9001, AS 9100 (aerospace) and TS 16949 (automotive)
consulting, using a risk management approach. His services include interpretation,
documentation, system development, training, project management and system audits
leading to successful certification to these quality management standards. He has earned
a reputation for getting his clients certified, on their first attempt, on time, and within
budget. He also provides business planning, process streamlining and other value-added
services.
EXPERIENCE / ACCOMPLISHMENTS
Consultancy: He has helped over 200 clients in a wide variety of industries achieve
ISO 9001, AS9100 and TS 16949 certification. Industries include automotive metal
stamping and screw machine, fabrication, machining, assembly, electrostatic and
chrome plating, heat-treating, coatings, glass, plastic and rubber product and services,
electrical and electronic equipment, assemblies & components, UPS and batteries,
computer hardware and software, printing, placement and temporary help,
warehousing and distribution, repair facilities, consumer credit counseling agencies,
banks, call centers, etc.
Training: He has delivered public and on-site quality management training to over
4,000 students. Courses include ISO/TS – RAB approved Lead Auditor, Internal
Auditing, Implementation, Documentation, as well as customized ISO/AS/TS courses,
PPAP, FMEA, APQP and Control Plans. He has written the accredited Lead Auditor
Course for BSI in the US as well as Understanding ISO 9001:2008 and 2015 and other
related publications.
Auditing: He has conducted over 300 third party registration and surveillance audits
and dozens of gap, internal and pre-assessment audits to ISO/AS/TS Standards, in the
manufacturing and service sectors. He has worked as a freelance Lead Auditor with
major Registrars such as BSI, BV and SAI Global.
Other services: He has provided business planning, restructuring, asset
management, systems and lean manufacturing services to a variety of manufacturing
and service clients such as printing, plastics, automotive, transportation and custom
brokerage, warehousing and distribution, electrical and electronics, trading, equipment
leasing, etc.
Education & professional certification: Art has held IRCA certified Lead Auditor for
ISO 9000 as well as QS 9000 Lead Assessor certification. He holds a Bachelor of
Commerce degree and has a Canadian CPA and CMA designation. Prior to becoming a
business consultant more than 25 years ago, he has held senior financial (Vice
President - Finance & Administration and Controllership) positions in major Canadian
and US organizations.
For more on Art‟s work, please visit askartsolutions.com
Understanding ISO 9001:2015
Quality Management System Requirements
4 © 2015 Copyright Art Lewis – askartsolutions.com
Contents - ISO 9001:2015
Page
Copyright and Disclaimer 2
Author’s biography 3
List of Contents 4
Foreword 6
Overview 7
Correlation matrices - ISO 9001:2008 to ISO 9001:2015 and vice versa 9
Key themes 14
Introduction 15
Quality management principles 23
Process approach 30
Risk based thinking 51
1 Scope
Normative references
Terms and definitions
Context of the organization
56
2 59
3 59
4 60
4.1
4.2
4.3
4.4
Understanding the organization and its context
Understanding the needs and expectations of interested parties
Determining the scope of the quality management system
Quality management system and its processes
60
69
81
86
5 Leadership 103
5.1 Leadership and commitment 104
5.1.1
5.1.2
General
Customer focus
104
114
5.2 Policy 118
5.2.1 Developing the quality policy
Communication the quality policy
118
5.2.2 121
5.3 Organizational roles, responsibilities and authorities 124
6 Planning 128
6.1
6.2
6.3
Actions to address risks and opportunities
Quality objectives and planning to achieve them
Planning of changes
129
144
157
7 Support
7.1 Resources 163
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
General
People
Infrastructure
Environment for the operation of processes
Monitoring and measuring resources
Organizational knowledge
163
171
175
179
183
193
7.2
7.3
7.4
7.5
Competence
Awareness
Communication
Documented information
198
203
205
208
7.5.1
7.5.2
7.5.3
General
Creating and updating
Control of documented information
209
216
218
Understanding ISO 9001:2015
Quality Management System Requirements
5 © 2015 Copyright Art Lewis – askartsolutions.com
Contents - ISO 9001:2015
Page
8 Operation 222
8.1 Operational planning and control
Requirements for products and services
223
8.2 226
8.2.1
8.2.2
8.2.3
8.2.4
Customer communication
Determining the requirements related to products and services
Review of requirements related to products and services
Changes to requirements for products and services
226
228
230
232
8.3 Design and development of products and services 234
8.3.1
8.3.2
8.3.3
8.3.4
8.3.5
8.3.6
General
Design and development planning
Design and development inputs
Design and development controls
Design and development outputs
Design and development changes
235
235
241
246
250
253
8.4 Control of externally provided processes, product and services 254
8.4.1
8.4.2
8.4.3
General
Type and extent of control
Information for external providers
254
260
268
8.5 Production and service provision 271
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
Control of production and service provision
Identification and traceability
Property belonging to customers or external providers
Preservation
Post-delivery activities
Control of changes
271
278
281
283
284
288
8.6
8.7
Release of products and services
Control of nonconforming outputs
289
291
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation 296
9.1.1
9.1.2
9.1.3
General
Customer satisfaction
Analysis and evaluation
296
300
305
9.2
9.3
Internal audit
Management review
308
314
9.3.1
9.3.2
9.3.3
General
Management review inputs
Management review outputs
314
315
318
10 Improvement 320
10.1
10.2
10.3
General
Nonconformity and corrective action
Continual improvement
320
326
329
Thank You! 333
Understanding ISO 9001:2015
Quality Management System Requirements
6 © 2015 Copyright Art Lewis – askartsolutions.com
Foreword
The purpose of this eBook is to provide:
A clear and in-depth understanding of the intent and implication of each
clause and sub-clause of the ISO 9001:2015 standard.
Ideas, direction and sufficient insight for a quality practitioner to develop
and implement an effective quality management system (QMS) based on
this latest Standard.
Though not meant as an audit guide, there is plenty of audit evidence
provided especially for the new requirements to make this eBook very useful
to internal and external auditors.
This eBook can help:
Beginners - to understand and apply ISO 9001 requirements.
QMS managers - to develop a more effective QMS for their organization.
QMS auditors - to conduct more effective QMS audits.
Top management - to gain an understanding of ISO 9001 as a business tool.
Consultants - to provide value-added service to their clients.
Organizations – looking to smoothly transition from ISO 9001:2008 to ISO
9001:2015
Presentation of this eBook
The requirements of the ISO 9001:2015 standard are shown in the light
beige box by clause and sub-clause.
Below the requirements, I explain the specific concepts, principles and
requirements. You will find important points being repeated or further
elaborated in different parts of the standard. Whenever I make reference to
„you‟ or „your‟ QMS, I refer to your organization‟s or facility‟s QMS.
At the end of each section I provide test questions to strengthen your
understanding of that section. The answers will generally be found within that
section.
How to get the maximum benefit out of this eBook
In going through this eBook, I suggest:
1. You read each section more than once.
2. Answer all test questions before moving on to the next section. Review the
section if your answer is not correct or incomplete.
3. As you go through each section, pick a business process or activity within
your organization and practice applying the information to it.
4. Take your time. Don‟t try and rush through the material. There are a lot of
golden nuggets of information you may overlook.
Understanding ISO 9001:2015
Quality Management System Requirements
7 © 2015 Copyright Art Lewis – askartsolutions.com
By diligently following this approach you will learn a lot faster; connect the dots
on the various requirements; and be able to effectively apply this knowledge to
implement or audit a QMS or provide value-added consulting services.
Overview
The ISO 9001 standard is organized under the major headings listed above (0 -
10). The first four headings (clauses 0-3) do not provide any requirements for a
QMS. They provide background information on key concepts and elements
that form the foundation or backbone of the standard.
The remaining seven headings (clauses 4 through 10) provide the mandatory
requirements for your QMS. Each major clause heading has several sub-clauses.
Collectively, these seven clauses set out the requirements for developing
and implementing your QMS.
The following is a summary explanation of these 11 headings of the ISO
9001:2015 standard.
Clause 0 – Introduction
0.1 General
This subsection introduces a range of topics such as - the benefits of
implementing a QMS; concepts such as the process approach, PDCA (plan-do-
check-act), risk-based thinking, the need to adopt improvement, clarification of
terminology, and provision of flexibility in applying the requirements of the
standard to an organization‟s QMS, and that QMS requirements supplement
product and service requirements
0.2 Quality Management Principles
This subsection introduces the seven quality management principles that underlie
and form the basis for this standard.
0.3 Process approach
This subsection explains the process approach and the related PDCA (plan-do-
check-act) cycle, as well as the concept of risk-based thinking.
Overview 0. Introduction
1. Scope 2. Normative Reference
3. Terms and Definitions 4. Context of the organization 5. Leadership
6. Planning 7. Support
8. Operations 9. Performance Evaluation 10. Improvement
Understanding ISO 9001:2015
Quality Management System Requirements
8 © 2015 Copyright Art Lewis – askartsolutions.com
0.4 Relationship with other management systems
This subsection explains how this standard is related to ISO 9000 and ISO 9004.
Clause 1 Scope
This clause explains the scope of this standard
Clause 2 – Normative references
This clause references the ISO 9000:2015 standard – QMS fundamentals and
vocabulary, as being indispensable for applying ISO 9001:2015
Clause 3 Terms and definitions
This clause references ISO 9000:2015 for all terms and definitions used in ISO
9001:2015
Clause 4 – Context of the organization – sets requirements to understand the
organization and its context; understand the needs and expectations of
interested parties; determine the scope of the QMS; and establish and implement
the QMS and its processes.
Clause 5 - Leadership - sets requirements for top management to provide
leadership and commitment; promote customer focus; establish and
communicate the quality policy; and ensure that organizational roles,
responsibilities and authorities are assigned, communicated and understood
throughout the organization.
Clause 6 - Planning - sets requirements to determine and take actions to
address the risks and opportunities with reference to the context of the
organization and relevant interested parties; establish quality objectives and
plans to achieve them; and plan for changes to the QMS.
Clause 7 - Support - sets requirements to provide resources (people,
infrastructure, environment, monitoring and measuring; organizational
knowledge); ensure competence, awareness and communications; and control of
documented information needed for implementing, maintaining and improving
the QMS.
Clause 8 - Operations - sets requirements to plan and control the various
operational processes needed to provide products and services that meet
customer requirements. These processes cover customer requirements; design
and development; external providers of resources, processes, products and
services; production; and control of nonconforming product and services. There
are many sub-clauses within each of these main requirements.
Clause 9 – Performance Evaluation - sets requirements to monitor, measure,
analyze and evaluate QMS and process performance. This clause covers customer
satisfaction feedback; internal audit and management review.
Understanding ISO 9001:2015
Quality Management System Requirements
9 © 2015 Copyright Art Lewis – askartsolutions.com
Clause 10 - Improvement - sets requirements to pursue opportunities to
improve product and services; manage risk and take corrective actions to
improve QMS performance, meet customer requirements and enhance customer
satisfaction.
Correlation Matrix - ISO 9001:2008 to ISO 9001:2015
ISO 9001:2008 Clauses ISO 9001:2015 Clauses Contents Contents Foreword Foreword Introduction Introduction 0.1 General 0.1 General 0.2 Process approach 0.3 Process approach;
0.4 Plan-Do-Check-Act cycle 0.3 Relationship with ISO 9004 0.4 Relationship with other management systems 0.4 Compatibility with other management systems
0.4 Relationship with other management systems
1. Scope 1. Scope 1.1 General 1. Scope 1.2 Application 4.3 Determining the scope of the QMS 2. Normative references 2. Normative references 3. Terms and definitions 3. Terms and definitions 4. Quality management system Removed. 4.1 General requirements 4.4 Quality management system and its processes 4.2 Documentation requirements 7.5 Documented information 4.2.1 General 7.5.1 General 4.2.2 Quality manual Removed.
4.2.3 Control of documents 7.5.2 Creating and updating; 7.5.3 Control of documented information
4.2.4 Control of records 7.5.2 Creating and updating 7.5.3 Control of documented information
5. Management responsibility 5. Leadership 5.1 Management commitment 5.1 Leadership and commitment
5.1.1 General
5.2 Customer focus 5.1.2 Customer focus 5.3 Quality policy 5.2 Quality policy 5.4 Planning 6. Planning 5.4.1 Quality objectives 6.2 Quality objectives and planning to achieve them 5.4.2 Quality management planning 6.1 Actions to address risks and opportunities
6.3 Planning of changes
5.5 Responsibility, authority, and communication
5.3 Organizational roles, responsibilities, and authorities 7.4 Communication
5.5.1 Responsibility and authority 5.3 Organizational roles, responsibilities, and authorities 5.5.2 Management representative Removed. 5.5.3 Internal communication 7.4 Communication 5.6 Management review 9.3 Management review 5.6.1 General 9.3.1 General 5.6.2 Review input 9.3.2 Management review inputs 5.6.3 Review output 9.3.3 Management review outputs 6. Resource management 7.1 Resources 6.1 Provision of resources 7.1.1 General
7.1.2 People
6.2 Human resources 6.2.1 General 6.2.2 Competence, training, and awareness
Removed 7.2 Competence; 7.2 Competence 7.3 Awareness
6.3 Infrastructure 7.1.3 Infrastructure 6.4 Work environment 7.1.4 Environment for the operation of processes
Understanding ISO 9001:2015
Quality Management System Requirements
10 © 2015 Copyright Art Lewis – askartsolutions.com
Correlation Matrix - ISO 9001:2008 to ISO 9001:2015
ISO 9001:2008 Clauses ISO/DIS 9001:2015 Clauses 7. Product realization 8. Operation 7.1 Planning of product realization 8.1 Operational planning and control 7.2 Customer-related processes 8.2 Determination of requirements for products and
services 7.2.1 Determination of requirements related to the product
8.2.2 Determination of requirements related to products and services; 8.5.5 Post-delivery activities
7.2.2 Review of requirements related to the product
8.2.3 Review of requirements related to products and services
7.2.3 Customer communication 8.2.1 Customer communication; 7.4 Communication
7.3 Design and development 8.3 Design and development of products and services 7.3.1 Design and development planning 8.3.1 General;
8.3.2 Design and development planning 7.3.2 Design and development inputs 8.3.3 Design and development inputs 7.3.3 Design and development outputs 8.3.5 Design and development outputs 7.3.4 Design and development review 8.3.4 Design and development controls 7.3.5 Design and development verification 8.3.4 Design and development controls 7.3.6 Design and development validation 8.3.4 Design and development controls 7.3.7 Control of design and development changes
8.3.6 Design and development changes
7.4 Purchasing 8.4 Control of externally provided products and services 7.4.1 Purchasing process 8.4.1 General
8.4.2 Type and extent of control of external provision 7.4.2 Purchasing information 8.4.3 Information for external providers 7.4.3 Verification of purchased product 8.4.2 Type and extent of control of external provision
8.4.3.f Information for external providers 7.5 Production and service provision 8.5 Production and service provision (title only) 7.5.1 Control of production and service provision
8.5.1 Control of production and service provision 8.5.5 Post-delivery activities
7.5.2 Validation of processes for production and service provision
8.5.1 Control of production and service provision
7.5.3 Identification and traceability 8.5.2 Identification and traceability 7.5.4 Customer property 8.5.3 Property belonging to customers or external
providers 7.5.5 Preservation of product 8.5.4 Preservation 7.6 Control of monitoring and measuring equipment
7.1.5 Monitoring and measuring resources
8. Measurement, analysis, and improvement 9. Performance evaluation 9.1 Monitoring, measurement, analysis, and evaluation
8.1 General 9.1.1 General 8.2 Monitoring and measurement 9.1 Monitoring, measurement, analysis, and evaluation 8.2.1 Customer satisfaction 9.1.2 Customer satisfaction 8.2.2 Internal audit 9.2 Internal audit 8.2.3 Monitoring and measurement of processes
9.1.1 General 9.1.3 Analysis and evaluation
8.2.4 Monitoring and measurement of product 8.6 Release of products and services 8.3 Control of nonconforming product 8.7 Control of nonconforming outputs 8.4 Analysis of data 9.1.3 Analysis and evaluation 8.5 Improvement 10. Improvement 8.5.1 Continual improvement 10.1 General
10.3 Continual improvement 8.5.2 Corrective action 10.2 Nonconformity and corrective action 8.5.3 Preventive action 6.1 Actions to address risks and opportunities
Understanding ISO 9001:2015
Quality Management System Requirements
11 © 2015 Copyright Art Lewis – askartsolutions.com
Correlation Matrix – ISO 9001:2015 to ISO 9001:2008
ISO 9001:2015 Clauses ISO 9001:2008 Clauses Introduction Introduction 0.1 General 0.1 General 0.2 Quality Management Principles New 0.3 Process approach 0.2 Process approach 0.3.1 General 0.2 Process approach 0.3.2 Plan-Do-Check-Act Cycle 0.2 Process approach 0.3.3 Risk-based thinking New 0.4 Relationship with other management systems
0.3 Relationship with ISO 9004 0.4 Compatibility with other management systems
4. Quality management system - Requirements 1. Quality management system - Requirements 1. Scope 1. Scope – general and application
2. Normative references 2. Normative references 3. Terms and definitions 3. Terms and definitions 4. Context of the organization 4. Quality management system 4.1 Understanding the organization and its context
0.1 General
4.2 Understanding the needs and expectations of interested parties
New.
4.3 Determining the scope of the quality management system
1.2 Application 4.2.2 Quality manual
4.4 Quality management system and its processes
4.1 General requirements
5. Leadership 5. Management responsibility 5.1 Leadership and commitment 5. Management responsibility 5.1.1 General 5.1 Management commitment 5.1.2 Customer focus 5.2 Customer focus 5.2 Quality policy 5.3 Quality policy 5.3 Organizational roles, responsibilities and authorities
5.5.1 Responsibility and authority 5.5.2 Management representative 5.4.2b Quality management system planning
6. Planning 5.4 Planning 6.1 Actions to address risks and opportunities 5.4.2 Quality management system planning
8.5.3 Preventive action 6.2 Quality objectives and planning to achieve them
5.4.1 Quality objectives
6.3 Planning of changes 5.4.1 Quality objectives 5.4.2b Quality management system planning
7. Support New; Merged from old 6, 7.6, Control of measuring and monitoring equipment
7.1 Resources 6. Resource management 7.1.1 General 6.1 Provision of resources 7.1.2 People 6.1 Provision of resources 7.1.3 Infrastructure 6.3 Infrastructure
7.1.4 Environment for the operation of processes
6.4 Work environment
7.1.5 Monitoring and measuring resources 7.6 Control of monitoring and measurement equipment
7.1.6 Organizational knowledge New.
7.2 Competence 6.2 Human Resources
7.3 Awareness 6.2.2.d Competence, training, and awareness
7.4 Communication 5.5.3 Internal communication 7.2.3 Customer communication
Understanding ISO 9001:2015
Quality Management System Requirements
12 © 2015 Copyright Art Lewis – askartsolutions.com
Correlation Matrix – ISO 9001:2015 to ISO 9001:2008 ISO 9001:2015 Clauses ISO 9001:2008 Clauses 7.5 Documented information 4.2 Documentation requirements 7.5.1 General 4.2.1 General 7.5.2 Creating and updating
4.2.3 Control of documents 4.2.4 Control of records
7.5.3 Control of documented information 4.2.3 Control of documents 4.2.4 Control of records
8. Operation 7. Product realization 8.1 Operational planning and control 7.1 Planning of product realization 8.2 Requirements for products and services 7.2 Customer-related processes 8.2.1 Customer communication 7.2.3 Customer communication 8.2.2 Determining requirements related to products and services
7.2.1 Determination of requirements related to the product
8.2.3 Review of requirements related to products and services
7.2.2 Review of requirements related to the product
8.3 Design and development of products and services
7.3 Design and development (title only)
8.3.1 General New. 8.3.2 Design and development planning 7.3.1 Design and development planning 8.3.3 Design and development inputs 7.3.2 Design and development inputs 8.3.4 Design and development controls 7.3.4 Design and development review
7.3.5 Design and development verification 7.3.6 Design and development validation
8.3.5 Design and development outputs 7.3.3 Design and development outputs 8.3.6 Design and development changes 7.3.7 Control of design and development changes 8.4 Control of externally provided products and services
7.4 Purchasing
8.4.1 General 7.4.1 Purchasing process 8.4.2 Type and extent of control of external provision
7.4.1 Purchasing process 7.4.3 Verification of purchased product
8.4.3 Information for external providers 7.4.2 Purchasing information 7.4.3 Verification of purchased product
8.5 Production and service provision 7.5 Production and service provision 8.5.1 Control of production and service provision 7.5.1 Control of production and service provision
7.5.2 Validation of processes for production and service provision
8.5.2 Identification and traceability 7.5.3 Identification and traceability 8.5.3 Property belonging to customers or external providers
7.5.4 Customer property
8.5.4 Preservation 7.5.5 Preservation of product
8.5.5 Post-delivery activities 7.2.1 Determination of requirements related to the product (7.2.1.a) 7.5.1 Control of production and service provision (7.5.1.f)
8.5.6 Control of changes New 8.6 Release of products and services 7.4.3 Verification of purchased product
8.2.4 Monitoring and measurement of product 8.7 Control of nonconforming outputs 8.3 Control of nonconforming product
Understanding ISO 9001:2015
Quality Management System Requirements
13 © 2015 Copyright Art Lewis – askartsolutions.com
Correlation Matrix – ISO 9001:2015 to ISO 9001:2008 ISO 9001:2015 Clauses ISO 9001:2008 Clauses 9. Performance evaluation New. 9.1 Monitoring, measurement, analysis, and evaluation
8. Measurement, analysis, and improvement
9.1.1 General 8.1 General 8.2.3 Monitoring and measurement of processes
9.1.2 Customer satisfaction 8.2.1 Customer satisfaction 9.1.3 Analysis and evaluation 8.4 Analysis of data 9.2 Internal audit 8.2.2 Internal audit 9.3 Management review 5.6 Management review 9.3.1 General 5.6.1 General 9.3.2 Management review inputs 5.6.2 Review input 9.3.3 Management review outputs 5.6.3 Review output 10. Improvement 8.5 Improvement (title only) 10.1 General 8.5.1 Continual improvement 10.2 Nonconformity and corrective action 8.3 Control of nonconforming product
8.5.2 Corrective action 10.3 Continual improvement 8.5.1 Continual improvement
Annex A – Clarification of new structure,
terminology, and concepts
New.
Annex B – Other international standards on
quality management and quality management systems developed by ISO/TC 176
New.
Bibliography Bibliography
Understanding ISO 9001:2015
Quality Management System Requirements
14 © 2015 Copyright Art Lewis – askartsolutions.com
Key themes:
To help you get the most out this eBook, you might find it useful to follow key
themes that the ISO 9001 standard has emphasized. These include:
Your must use two tools - the process approach and the PDCA (plan-do-
check-act to improve) cycle as a consistent framework to manage QMS
processes and activities in an organized and disciplined way.
Your QMS processes and activities must be operated under controlled
conditions which are the requirements specified by the standard.
The controlled conditions must focus on the prevention of undesirable
outcomes by planning and implementing actions (risk-based thinking) to
reduce or eliminate risk and exploit opportunities for improvement (desirable
outcomes).
Internal and external contextual factors must be considered in applying
risk-based preventive controls to your QMS.
Your QMS must add value to your organization and customers by
improving its performance and the quality of products and services.
QMS processes and activities must be customer-focused. All personnel must
be aware of and strive to meet internal, regulatory and customer and
requirements.
Your QMS must always strive to enhance customer satisfaction.
The themes outlined above are all part of the seven management principles
(described in detail later) which form the backbone of the ISO 9001 standard
As you go about developing and implementing your QMS, ask yourself „Have I
addressed these key themes in each of my QMS processes?‟
Test your understanding of this section before you proceed to the
next section:
1. Which clause headings set out requirements to develop and implement your
QMS?
2. What information do the first four clause headings provide?
3. What is the common thread underlying the key themes listed in this section?
Understanding ISO 9001:2015
Quality Management System Requirements
15 © 2015 Copyright Art Lewis – askartsolutions.com
0.1 Introduction
0.1 General:
The adoption of a QMS is a strategic decision for an organization
that can help improve its overall performance and provide a sound
basis for sustained development initiatives.
The potential benefits to an organization of implementing a quality
management system based on this International standard are:
a) The ability to consistently provide product and services that
meet customer and applicable statutory and regulatory
requirements;
b) Facilitation opportunities to enhance customer satisfaction;
c) Addressing risks and opportunities associated with its context
and objectives;
d) The ability to demonstrate conformity to specified quality
management requirements
This International Standard can be used by internal and external
parties.
It is not the intention of this International Standard to imply the
need for:
Uniformity in the structure of different quality management
systems;
Alignment of documentation to the clause structure of this
international standard;
The use of the specific terminology of this international standard
within the organization.
The quality management system requirements specified in this
International Standard are complementary to requirements for
product and services.
This International Standard employs the process approach, which
incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based
thinking.
The process approach enables an organization to plan its processes
and their interactions.
The PDCA cycle enables an organization to ensure that its processes
are adequately resourced and managed and that opportunities for
improvement are determined and acted upon.
Understanding ISO 9001:2015
Quality Management System Requirements
16 © 2015 Copyright Art Lewis – askartsolutions.com
0.1 Introduction
The purpose of an organization is to identify and meet the needs and
expectations of its customers and other stakeholders and gain competitive
advantage. One of the strategies it might use to achieve this goal is to employ
universally recognized business tools to improve the effectiveness and efficiency
of its capabilities.
ISO 9001:2015 is a powerful business tool that organizations may use to
achieve this. Organizations use ISO 9001 to achieve goals and objectives related
to meeting customer and regulatory requirements and enhancing customer
satisfaction.
While the focus is on quality management, the ISO 9001 business model may be
applied just as well to manage the entire organization. The standard
embodies business concepts and principles universally recognized and applied for
sound business management. As such, ISO 9001 is a strategic management tool
that can be used as a starting point towards achieving sustained business
success.
As a strategic tool, it can be used as the framework to integrate other
strategic activities related to sales and marketing; technology; and product,
service and process design and development; corporate environment, structure,
culture and governance; product and service realization, delivery and support;
Risk–based thinking enables an organization to determine the factors
that could cause its processes and is quality management system to
deviate from the planned results, to put in place preventive controls
to minimize negative effects and to make maximum use of
opportunities as they arise (see Appendix A4).
Consistently meeting requirements and addressing future needs and
expectations poses a challenge for organizations in an increasingly
dynamic and complex environment. To achieve this objective, the
organization might find it necessary to adopt various forms of
improvement in addition to correction and continual improvement,
such as breakthrough change, innovation and re-organization.
In this International Standard, the following verbal forms are used:
“Must” indicates a requirement;
“Should” indicates a recommendation;
“May” indicates a permission;
“Can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or
clarifying the associated requirement.
Understanding ISO 9001:2015
Quality Management System Requirements
17 © 2015 Copyright Art Lewis – askartsolutions.com
facility and asset management, etc. it can also be integrated with other
business management systems such as environmental management system
(EMS) and occupational health and safety (OHS).
The various parts of an organization‟s management system, including its QMS,
can be integrated as a single management system. The objectives,
processes and resources related to quality, growth, funding, profitability,
environment, occupational health and safety, energy, security and other aspects
of the organization can be more effectively and efficiently achieved and used
when the QMS is integrated with other management systems.
Sustained business success can be achieved by developing growth and
improvement programs and initiatives that add value by addressing the present
and longer term needs of its interested parties that include customers, end-
users, investors/ shareholders (owners), people employed by the organization,
external providers, regulatory bodies, lending institutions, unions, partners,
interest groups and communities.
What this means is that the organization must take a long-term outlook to
attaining business success as well as addressing a broader scope of
stakeholder requirements, needs and expectations, not just its immediate
customers. In pursuing ISO 9001 certification and undertaking longer term
improvement initiatives, it must seek to achieve a balance between its economic-
financial interests and those of the social and ecological environment that it
operates in. The goals and objectives that it seeks to achieve must also strike a
balance between incremental improvement and breakthrough accomplishments.
The QMS that you develop for your organization (based on meeting the
applicable requirements of this ISO 9001 standard) must comprise of
interacting processes and activities which to some extent can be
predetermined, but at the same time must be flexible and adaptable to the
complexities of your environmental context. The ability to change may
sometimes require innovation to achieve breakthrough improvements.
Your organization must understand its internal and external context and
identify the needs and expectations of relevant interested parties. This
information must be used to develop your QMS to achieve organizational
sustainability. Although often appearing to be comprised of similar processes,
each organization and its QMS are unique.
The processes of your QMS can be defined, measured and improved. These
processes interact to deliver results consistent with your organization‟s objectives
and cross functional boundaries. Some processes can be critical while others are
not.
People collaborate within a process to carry out their daily activities. Some
activities are prescribed and depend on an understanding of the objectives of the
organization, while others are not and react to external stimuli to determine their
nature and execution.
Understanding ISO 9001:2015
Quality Management System Requirements
18 © 2015 Copyright Art Lewis – askartsolutions.com
Every organization has quality management activities, whether they have been
formally planned or not. ISO 9001 provides requirements on how to develop a
formal system to manage these activities. It is necessary to determine activities
which already exist in the organization and their suitability regarding the context
of the organization. ISO 9001 along with guidance from ISO 9000 and ISO 9004
can be used to assist the organization to develop a cohesive QMS. I will make
many references to information from these standards to give you a solid
understanding of ISO 9001.
A formal QMS provides a framework for planning, executing, monitoring and
improving the performance of quality management activities. The QMS does not
need to be complicated; rather it needs to accurately reflect the needs of the
organization.
A QMS is a dynamic system that evolves over time through periods of
improvement. QMS planning is not a static activity, but an ongoing process. Plans
evolve as the organization learns and adapts to its changing environment. Your
QMS planning must take into account all quality activities of your organization
and ensure that all applicable requirements of ISO 9001 are addressed. The plan
is implemented upon approval.
It is important for your organization to regularly monitor and evaluate both
the implementation of QMS planning and the performance of the QMS. Carefully
considered indicators facilitate these monitoring and evaluation activities.
Auditing is a means of evaluating the effectiveness of the QMS, in order to
identify risks and to determine the fulfillment of requirements. In order for audits
to be effective, tangible and intangible evidence needs to be collected. Actions
are taken for correction and improvement based upon analysis of the evidence
gathered. The knowledge gained could lead to innovation, taking QMS
performance to higher levels.
Your QMS must be able to identify risks and pursue opportunities to improve its
processes, products and services in order to achieve and enhance customer
satisfaction. ISO guidance documents suggest that many issues such as
innovation, ethics, trust and reputation could be regarded as parameters within
the QMS.
It is important to state here that ISO 9001 certification must not be the ultimate
goal of QMS implementation. Your primary long-term focus must be to
improve the effectiveness and efficiency of the organization for the benefit of all
its stakeholders. Obtaining certification must be considered as just a stepping
stone in this journey. Organizations that understand and follow this approach will
get the most benefit from QMS development and implementation.
The potential benefits from implementing a QMS based on ISO 9001 include:
a. The ability to consistently provide product and services that meet customer
and applicable statutory and regulatory requirements;
b. Facilitation opportunities to enhance customer satisfaction;
Understanding ISO 9001:2015
Quality Management System Requirements
19 © 2015 Copyright Art Lewis – askartsolutions.com
c. Addressing risks and opportunities associated with its context and objectives;
d. The ability to demonstrate conformity to specified quality management
requirements.
These benefits will be discussed in ample detail as we cover the various clauses
of the standard
So we can see from the above that ISO 9001 is just a good starting block for
sound business management. There are other standards, guidance documents
(e.g. ISO 9004) and business tools that go well beyond ISO 9001 and your
organization is encouraged to pursue these, once certification is obtained as it
charts its course towards achieving sustained business success.
Structure and terminology
The clause structure (i.e. clause sequence) and some of the terminology of this
edition of this International Standard, in comparison with the previous edition
(ISO 9001:2008) have been changed to improve alignment with other
management standards.
There is no requirement in this International Standard for its structure and
terminology to be applied to the documented information of an organization‟s
quality management system.
The structure of clauses is intended to provide a coherent presentation of
requirements, rather than a model for documenting an organization‟s policies,
objectives and processes. The structure and content of documented information
related to a QMS can often be more relevant to its users if it relates to both, the
processes operated by the organization and information maintained for other
purposes.
There is no requirement for the terms used by an organization to be replaced by
the terms used in this International Standard to specify quality management
system requirements. Organizations can choose to use terms which suit their
operations (e.g. using “records”, “documentation” or “protocols” rather than
“documented information”; or “supplier”, “partner” or “vendor” rather than
“external provider”).
Table A.1 show the major differences in terminology between this edition of this
International Standard and the previous edition.
Major differences in terminology between ISO 9001:2008 and ISO 9001:2015
Product and services Product and services
Exclusions Not used
(See clause A.5 for clarification of
applicability)
Management Representative Not used
(Similar responsibilities and authorities
Understanding ISO 9001:2015
Quality Management System Requirements
20 © 2015 Copyright Art Lewis – askartsolutions.com
are assigned but no requirement for a single management representative)
Documentation, quality manual, documented procedures, records
Documented information
Work environment Environment for the operation of processes.
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product and services Externally provided product and
services.
Supplier External provider
It is important to remember that each organization must use the requirements of
ISO 9001 to design and develop a QMS that fits the specific needs of its
business for it to be effective. Using a boilerplate approach that forces the
business to adapt to ISO 9001 will result in a superficial QMS and will not
generate buy-in from the workforce and will rarely be effective.
The ISO 9001 standard defines a generic set of requirements for all
organizations, regardless of the nature of product or service, for profit or not for
profit, size, complexity or industry sector. The standard define control
requirements for your quality management system (QMS) that focus on
improving the effectiveness of your QMS in meeting customer requirements and
thus enhancing customer satisfaction.
It is important to note that the ISO 9001 standard does not specify
requirements for product and services or service quality. Requirements for
products and services come from customers, end-users, regulatory bodies and
other interested parties. The standard sets generic control requirements for QMS
processes and activities to ensure that they consistently and effectively meet
these (customer product and service) requirements, needs and expectations to
drive sustained improvement, business growth and enhance customer
satisfaction.
The focus of all ISO 9001 generic control requirements is on your QMS and its
processes. By effectively controlling and continually improving your QMS
processes, there will obviously be a positive impact on product and service
quality and conformity to customer requirements.
Organizations implementing an ISO 9001 based QMS must conform to all
applicable requirements that the standard specifies. This provides internal and
external parties (customers, registrars and regulatory bodies), the basis (i.e. a
benchmark) against which to assess the organizations ability to meet customer,
regulatory and internal requirements. It is now a common practice to use ISO
9001 certification as a requirement for making contractual decisions.
QMS design and implementation will vary from organization to another. ISO
9001 allows this flexibility because organizations may have differing - goals and
Understanding ISO 9001:2015
Quality Management System Requirements
21 © 2015 Copyright Art Lewis – askartsolutions.com
objectives; business risks; range and complexity of product and services;
processes and resources; organizational size and structure; workforce
competence and stability; etc. This flexibility may also relate to QMS scope
You must ensure that the scope of your QMS addresses all customer
requirements. Customer requirements may show up in contracts, blueprints,
their supplier quality manuals, commercial terms and conditions, or referenced to
applicable industry and regulatory standards and codes, etc. QMS scope will be
covered in more detail under clause 1.0 and 4.3.
Under this clause, the standard introduces the PDCA (plan-do-check-act)
cycle. The PDCA is a structured approach that enables an organization to plan its
QMS processes and their interactions; ensure the processes are adequately
resourced and managed; and allows opportunities for improvement to be
determined and acted upon.
This section also introduces the concept of risk-based thinking, which enables
an organization to:
Determine the factors that cause the QMS and its processes to deviate
(positively or negatively) from planned results as defined by your PDCA;
To put in place preventive controls to remove or mitigate negative effects or
outcomes;
And to capitalize on opportunities as they arise.
I will provide more coverage on PDCA and risk-based thinking in later clauses.
This section also makes the point that in order to achieve sustained success in
an increasingly dynamic and complex business, social and political environment,
the organization must do more than just make incremental improvements
and correction as advocated in previous versions of the ISO 9001 standard. It
must undertake more significant actions such as breakthrough change,
innovation and reorganizatiion.
The standard clarifies the use of various terms used throughout the standard:
“Shall‟ - indicates a requirement that is contractually binding where the
requirement is included in the QMS scope; its implementation is mandatory
and must be verifiable for certification purposes. In my explanation of the
standard, I will use the word “must” instead of “shall” as it lends more
emphasis and urgency to implementing a requirement.
There are around 275 “shalls” requirements in the ISO 9001 standard.
“Should” indicates a recommendation. It is a requirement that is non-
mandatory but desirable and worth implementing and the outcome while
deemed more likely to be positive, may not always be fully verifiable for
certification purposes.
“May” indicates a permission. It is not mandatory, rather provides a choice of
whether to or not implement something depending upon the circumstances of
the situation. However if the choice is taken with deliberation to include an
Understanding ISO 9001:2015
Quality Management System Requirements
22 © 2015 Copyright Art Lewis – askartsolutions.com
activity in the QMS scope, then it attracts all the attention of a “must”. For
example in clause 4.3 Determining QMS scope (last paragraph)-“Conformity
to this International Standard may only be claimed if the requirements
determined as not being applicable do not affect the organization‟s ability”.
“Can” indicates a possibility or capability; be able to; there is a possibility of;
it is possible to; and relates to having the ability, power or the means to do
something. The word “can” is mostly found in the notes to various clauses for
example in clause 4.1 understanding the organization and its context – all 3
notes use the word “can”.
Test your understanding of this section before you proceed to the
next section:
1. Why is implementing a QMS based on ISO 9001 a strategic decision?
2. Why would you apply the requirements of ISO 9001 to manage your whole
organization?
3. What is meant by sustained business success?
4. Who are interested parties?
5. What should your QMS comprise of?
6. Why should your QMS be dynamic?
7. Why should your QMS be regularly monitored and evaluated?
8. What should your long-term quality management focus be?
9. Should you model your QMS aligned with the structure and terminology of
the ISO 9001 standard?
10. Why should you use the requirements of ISO 9001 to develop your QMS?
11. Why does the ISO 9001 standard not specify requirements for products and services?
12. What is the focus of ISO 9001 requirements?
13. Why do QMS‟s differ from one organization to another?
14. What is the PDCA cycle?
15. What is the concept of risk-based thinking?
16. What is the difference between “shall” and “should” in the context of the ISO
9001 standard?
17. What is the difference between “May” and “Can” ” in the context of the ISO
9001 standard?