ISO 9001:2015 is the international standard that specifies requirements for a quality management system (QMS). This standard provides a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management in an organization.
Purpose of Clause 1: Defines what organizations the requirements are applicable to and identifies the general focus on consistency in providing products and services meeting customer and regulatory requirements.
| Aspect | Description |
|---|---|
| Universal Applicability | ISO 9001:2015 applies to any organization, regardless of size, type, or product/service offered. |
| Process Approach | Focuses on enhancing customer satisfaction through effective process application and continual improvement. |
| Exclusions | Organizations may claim exclusions where certain requirements within clause 8 don't apply to them due to their industry or business model. |
Clause 2 identifies documents essential for the application of ISO 9001:2015. The only normative reference is ISO 9000:2015.
| Component | Description |
|---|---|
| Primary Reference | ISO 9000:2015 provides the terminology and fundamental principles for quality management systems. |
| Applicability | Required for all organizations implementing ISO 9001:2015. Use for clarification of terms. |
Ensures consistent usage and understanding of specific words and phrases. All terms and definitions are found in ISO 9000:2015.
| Term | Definition |
|---|---|
| Quality | Degree to which a set of inherent characteristics fulfills requirements. |
| Process | Set of interrelated or interacting activities that use inputs to deliver an intended result. |
| Risk | Effect of uncertainty on objectives. |
| Improvement | Activity to enhance performance. |
| Documented Information | Information required to be controlled and maintained, and the medium on which it is contained. |
Focuses on understanding internal and external factors, interested parties, and determining the QMS scope.
| Section | Key Requirements |
|---|---|
| 4.1 Understanding the Organization | Analyze internal/external context including legal, market, competition aspects. |
| 4.2 Understanding Needs and Expectations | Identify interested parties (customers, employees, suppliers, regulators) and their requirements. |
| 4.3 Determining QMS Scope | Define boundaries, products/services, and justify exclusions. |
| 4.4 Quality Management System | Establish processes with inputs/outputs, resources, risks, and necessary documentation. |
| Principle | Description |
|---|---|
| Customer Focus | Organizations depend on their customers and therefore should understand their current and future needs, meet requirements, and strive to exceed expectations. |
| Leadership | Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged. |
| Engagement of People | Competent, empowered and engaged people at all levels are essential to enhance the organization's capability to create value. |
| Process Approach | Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes. |
| Improvement | Successful organizations have an ongoing focus on improvement. |
| Evidence-based Decision Making | Decisions based on analysis and interpretation of data and information are more likely to produce desired results. |
| Relationship Management | For sustained success, organizations manage their relationships with interested parties such as providers, partners, and customers. |
| Clause | Focus Area |
|---|---|
| 1. Scope | Applicability and scope of the QMS |
| 2. Normative References | Referenced standards and documents |
| 3. Terms and Definitions | Key terminology and definitions |
| 4. Context of the Organization | Understanding internal and external factors |
| 5. Leadership | Management commitment and responsibilities |
| 6. Planning | Risk-based thinking and objectives |
| 7. Support | Resources and organizational knowledge |
| 8. Operation | Operational planning and control |
| 9. Performance Evaluation | Monitoring, measurement, and analysis |
| 10. Improvement | Nonconformity and corrective action |
| Area | Change | Impact |
|---|---|---|
| Risk-based Thinking | Explicit integration throughout | Proactive approach to planning |
| Context | New requirement added | Better strategic alignment |
| Leadership | Enhanced requirements | Greater management involvement |
| Documentation | More flexible approach | Reduced mandatory procedures |
| Phase | Activities |
|---|---|
| Plan | Establish objectives and processes |
| Do | Implement the processes |
| Check | Monitor and measure processes |
| Act | Take actions to improve |
| Challenge | Solution |
|---|---|
| Understanding context | Systematic analysis of internal/external factors |
| Risk-based thinking | Integration into all processes |
| Process approach | Clear process mapping and interaction |
| Leadership engagement | Regular management reviews and involvement |
| Benefit Area | Impact |
|---|---|
| Customer Satisfaction | Improved product/service quality |
| Operational Efficiency | Streamlined processes and reduced waste |
| Risk Management | Better prevention and control |
| Market Opportunities | Enhanced competitiveness |
| Employee Engagement | Clear roles and responsibilities |
The ISO 9001 requirements are structured around seven main clauses that define the framework for a quality management system (QMS).
Promoting the use of the process approach and risk-based thinking, implementing the ISO 9001 requirements will help businesses to focus on achieving customer satisfaction and ensuring the consistent delivery of products and services that meet customer and regulatory requirements.
Businesses should adopt and integrate 305 individual ISO 9001 requirements into their processes and culture when implementing an ISO 9001 quality management system. These can be seen in our Internal Audit Checklist. Each audit question phrases a single ISO 9001 'shall' requirement as a question with a drop-down menu to select and capture the audit finding.
The audit results charts quantify and visualize the conformity of your quality management system to the ISO 9001 requirements. It offers a practical and versatile solution for evaluating process performance, analyzing data, and generating actionable insights. It enables you to easily input audit findings data to generate interactive trend charts and to develop improvement plans based on the collected data.
The internal audit checklist offers exceptional value with comprehensive coverage and sophisticated analytics and reporting capabilities, with 85% of commercial software functionality at less than 2% of the cost.
Don't Try to Manage It All Alone! All of the ISO 9001 requirements are fully-documented and explained in our Quality Manual Template.
ISO 9001 is structured around ten clauses. Seven of those ten clauses contain the requirements that define the framework for a quality management system.
All of the auditable ISO 9001 requirements are part of the PDCA cycle, and in combination with the quality management principles, the ISO 9001 requirements can be introduced and maintained in a controlled manner.
The following diagram represents the structure of ISO 9001 requirements in the PDCA cycle:
This is the 'Planning' part of the PDCA process, and it includes the ISO 9001 requirements from clause 4, context of the organization, clause 5, leadership, and clause 6, planning.
| Clause | Requirements |
|---|---|
| 1 Scope | |
| 2 Normative references | |
| 3 Terms and Definitions | |
| 4 Context of the organization | 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the quality management system 4.4 Quality management system and its processes |
| 5 Leadership | 5.1 Leadership and commitment 5.1.1 Leadership And Commitment For The Quality Management System 5.1.2 Customer Focus 5.2 Policy 5.2.1 Establishing the quality policy 5.2.2 Communicating the quality policy 5.3 Organizational roles, responsibilities and authorities |
| 6 Planning | 6.1 Actions to address risks and opportunities How to address risk in ISO 9001 6.2 Quality objectives and planning to achieve them 6.3 Planning of changes |
Establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organizational policies. This is often implemented using stated objectives, work instructions, or procedures as required for consistent process output. Risk-based thinking is required in the following clauses.
This is the 'Doing' part of the PDCA process, and it includes the ISO 9001 requirements from clause 7, support, and clause 8, operation.
| Clause | Requirements |
|---|---|
| 7 Support | 7.1 Resources 7.1.1 General 7.1.2 People 7.1.3 Infrastructure 7.1.4 Environment for the operation of processes 7.1.5 Monitoring and measuring resources 7.1.6 Organizational knowledge 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating documented information 7.5.3 Control of documented information |
| 8 Operation | 8.1 Operational planning and control 8.2 Requirements for products and services 8.3 Design and development of products and services 8.4 Control of externally provided processes, products and services 8.5 Product and service provision 8.6 Release of products and services 8.7 Control of nonconforming outputs |
Ensure the availability of resources and information necessary to support the operation and monitoring of your processes. This may be through management review or other methods that define resource requirements.
This is the 'Check' part of the PDCA process, and it includes the ISO 9001 requirements from clause 9 performance evaluation.
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.2 Customer Satisfaction
9.2 Internal Audit
9.3 Management Review
Monitor, measure, and analyse process performance. Monitor and measure processes and products against policies, objectives, and requirements, and report the results. The methods employed and the timing of such analysis should be based upon priorities established by the organization.
This is the 'Act' part of the PDCA process, and it includes the ISO 9001 requirements from clause 10 improvement.
10 Improvement
10.1 General
10.2 Nonconformity in ISO 9001
10.2 What is Non-conformance?
10.2 Corrective Action
10.3 Continual Improvement
Implement the actions necessary to achieve the planned results and to continually improve those processes. Auditors will expect to see evidence that corrective action is taken when measurable objectives and performance indicators fall below target or a pre-defined action level.
The scope of registration and certification will need to reflect precisely and clearly the activities covered by your organization's quality management system; any exclusion to non-applicable ISO 9001 requirements should be documented and justified in the quality manual, and discussed with your external auditor.
No single business-related activity should exist outside of the quality management system's scope. It is likely that only the ISO 9001 requirements from Section 8 can be excluded, e.g., 8.3 design and development would not apply to organizations that do not have design responsibility, for example.
In order to comply with ISO 9001 requirements for documentation, it is essential that all personnel understand what type of documents should be controlled and, more importantly, how this control should be exercised.
The type and extent of documented information that your organization should retain and maintain, in order to be compliant with ISO 9001:2015, clearly depend on the nature of your organization's products and processes.
You will be required to have a control system in place for your documentation that shows records of approval, updates, and revisions of documents. Only the most current version of any document should be available for your employees to access, giving them only the information they need.
To be certified and compliant with the ISO 9001 requirements, documented information must be controlled and maintained by your organization. Your management system documentation should be updated as needed based on any system improvements you put in place, but keep your quality management system documentation simple!
ISO 9001 requires businesses to maintain the following data as documented information:
The documented information required by ISO 9001:2015 is shown in the section below. All of your documentation should be specific to your organization and entirely relevant. It should also be written clearly, easy to navigate, and understandable. Documents should be accessible to everyone within the company, should they need them.
As per ISO 9001 requirements, records provide evidence that the processes that make up your QMS are being implemented as described. Start by identifying what QMS records are required. Look at your other procedures and work instructions to determine what evidence is needed to demonstrate conformity to ISO 9001 requirements. Also, records that are required by various legal requirements should be considered. Focus on records that add value, and avoid bureaucracy.
You may need to generate certain forms to implement your management system. When these forms are filled out, they become records. Forms should be simple and understandable for the users. Master forms should be signed by the initiator and dated to evidence their authority.
ISO 9001 requires businesses to retain the following data as 'documented information':
The ISO 9001 requirements for record management are straightforward: decide what records you will keep, how you will keep them, and for how long. You should also think about how you will dispose of records once you no longer need them. Forms should be controlled via their unique number and revision status, and pre-printed material should be referenced by the appropriate procedures and work instructions.
There are 7 key principles of quality management that form the foundation of ISO 9001:2015 and are relevant to the entire organization.
Top management are responsible for the quality management system, whilst all employees are responsible for delivering quality to their individual aspects of work.
Top management should decide on one person in your organization who will be the lead during the entire certification process. This person is generally a quality manager or leader already familiar with your organization's functions. They should have the appropriate authority to change operations and a firm grasp of the ISO 9001 requirements and how they must be deployed in your business.
If your company has more than one physical location, a Management Representative should be appointed for each one. One leading Management Representative should oversee the progress of the other local Management Representatives.
If you are considering asking an external consultant to help implement the ISO 9001 requirements, you must provide the consultant with a clear brief as part of the written contractual agreement. There may be cases where you need specialist advice and assistance, particularly in compliance, risks, handling corrective action, and auditing.
The consultant will review your company's existing practices, processes, controls, and documentation using the ISO 9001:2015 requirements as the assessment criteria. An organization that assists in developing and implementing the management system requirements cannot also provide its services as a third-party certification body.
A consultant's familiarity with the management system, the ISO 9001 requirements, and other applicable standards can save you time and money. It will ensure you achieve effective quality practices and successful management system certification. Although this will cost money, it may save you time and allow you to benefit from the consultant's experience.
When seeking outside help, ensure potential consultants have the necessary technical or industrial experience and qualifications. Choose a management system specialist who is familiar with your business sector's particular issues and regulatory requirements and understands staff training needs.
The certification audit represents the final stage of the certification process by ensuring the ISO 9001 requirements have been addressed.
The certification body will request a site visit, which will require desk space for their personnel. This visit will confirm that the written procedures are actually used in practice and that the ISO 9001 requirements are met.