ISO 9001:2015

Click on Image Download

ISO 9001:2015

Quality management is the act of managing all activities and functions needed to maintain a consistent level of excellence in an organization, product or service. Quality is an essential factor that differentiates an organization from its competitors. Undertaking quality initiatives will lead to superior products or services which meet and exceed customer expectations, increase revenues and productivity for the organization.

Quality has become a global priority as many organizations have benefited from its practices. Commitment to quality is related to the intent to remain competitive and stay in business due to increased global competition. Quality management is crucial for the success of every organization, which is why many organizations engage in the process of continual improvement to secure their future. Paying attention to quality management has proven to lead to successful and competitive organizations, which are capable of offering superior products and services.

An overview of ISO 9001:2015

The International Organization for Standardization (ISO) is a non-governmental organization whose role is to facilitate international coordination and the standardization of industrial standards. These standards contribute to the development, manufacturing and delivery of products and services that are more effective, safer and clearer. ISO performs systematic reviews every 3-5 years to keep these standards up-to-date.

The revision process adjusts them to changes in the environment with the aim at improving organization’s ability to offer products and services that meet customer’s requirements. ISO has revised world’s leading Quality Management System (QMS), ISO 9001:2008 to ISO 9001:2015.

Key clauses of ISO 9001:2015

Following the new structure is organized into the following main clauses:

Section 0: Introduction

This section introduces the purpose, principles and key concepts of the standard, including risk-based thinking and the process approach.

  • Seven Quality Principles

Section 1: Scope

This section defines the scope of the 9001:2015 standards. In summary, the scope includes specifying requirements for a QMS of any organization.

Section 2: Normative References

The supporting standard referenced in ISO 9001:2015 and is indispensable for its application is ISO 9000:2015 which covers terminology and fundamentals. This and other supporting standards make up the 9000 series.

Section 3: Terms and Definitions

Terminology used throughout this standard comes directly from ISO 9000:2015, Quality management systems – Fundamentals and vocabulary.

Section 4: Context of the Organization

The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its QMS such as:

  • issues arising from technological, competitive, market, culture, social, and economic environments;
  • issues related to values, culture, knowledge and performance of the organization;
  • the identified needs and expectations of relevant interested parties;
  • applicable legal, regulatory and other requirements to which the organization subscribes.

Defining the scope of the QMS, taking into account the organization’s strategic objectives, key products and services, risk tolerance, and any regulatory, contractual or stakeholder obligations is also part of this clause.

Section 5: Leadership

Top management shall demonstrate leadership and commitment with respect to the quality management system by:

Taking accountability of the effectiveness of the quality management system;

  • Ensuring that the quality policy and quality objectives are compatible with the strategic direction and the context of the organization;
  • Ensuring that the quality policy is communicated, understood and applied within the organization;
  • Ensuring the integration of the QMS requirements into the organization’s business


  • Promoting awareness of the process approach;
  • Ensuring that the resources needed for the QMS are available;
  • Ensuring that the QMS achieves its intended results;
  • Engaging, directing, and supporting persons to contribute to the effectiveness of the QMS;
  • Promoting continual improvement;
  • Ensuring that customer requirement and applicable statutory and regulatory requirements are deter- mined and met;
  • Ensuring that the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addresses;
  • Establishing, reviewing and maintaining the quality policy;
  • Ensuring that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the

Section 6: Planning

This is a critical stage as it relates to establishing strategic objectives and guiding principles for the QMS as a whole. The intent of the organization to treat the risks identified and/or to comply with the QMS requirements can be expressed through the QMS objectives. The quality objectives shall:

  • be consistent with the quality policy;
  • be measurable;
  • take into account applicable requirements;
  • be relevant to conformity of products and services and the enhancement of customer satisfaction;
  • be monitored, communicated and updated as An organization wishing to comply with ISO 9001 shall at least:

Select and define a risk assessment methodology.

  • Demonstrate that the selected methodology will provide comparable and reproducible results
  • Define criteria for accepting risks and identify acceptable levels of

Section 7: Support

The day-to-day management of an effective quality management system relies heavily on using the appropriate resources for each task. These include having competent staff with

relevant (and demonstrable) training and supporting services, awareness and communication. This must be supported by properly managed documented information.

Both internal and external communications of the organization must be considered in this area, including the format, the content and the proper timing of such communications.

The requirements on the creation, update and control of documented information are also specified in this clause.

Section 8: Operation

After planning the QMS, an organization must put it into operation. This clause includes:

>>Operational planning and control: This activity includes implementation of plans and processes that lead the organization towards meeting the quality management system requirements. Additionally, this clause requires from organizations that they establish controls which help in preventing any deviation from the quality policy, objectives, and legal requirements.

After the requirements have been established, the organization should control the planned changes and review the unintended changes to mitigate any adverse effect. All the processes within the organization, including outsourced processes should be controlled.

>>Determination of requirements for products and services: The organization shall determine all the requirements related to products and services, such as customer requirements, organizational, statutory and regulatory, and ISO 9001:2015 requirements. The organization shall establish an effective customer communication process. After all the requirements have been determined, they must be reviewed to ensure contract or order requirements differing from those previously defined are resolved.

>>Design and development of products and services: This activity requires that organizations establish, implement and maintain a design and development process.

>>Control of externally provided products and services: The organization shall ensure that externally provided processes, procedures, and services conform to specified requirements. This clause applies to both physical products and consumed services related to the end product of the organization. An organization will need to apply a risk-based approach and determine the type and extent of controls necessary.

>>Production and service provision: Businesses should control delivery and post-delivery activities to ensure that the product and service provision is implemented under controlled conditions. This requirement expects from organizations to have traceability mechanism to identify process outputs, protect and safeguard the property belonging to customers or external providers, and to preserve the products and services.

>>Release of products and services: Organization should verify conformance to acceptance criteria when re-leasing the products and services. Acceptance criteria is the criteria set by the organization specifying certain indicators or measures employed in assessing the ability of a component, structure, or system to perform its intended function. Setting the criteria before initiating the project makes its development much easier. Each organization should define its own criteria in order to ensure a higher level of customer satisfaction.

>>Control of nonconforming process outputs, products and services: This activity involves identification of control of products and services to ensure that they comply with the stated requirements. Nonconforming processes, products and services have to be corrected,

segregated, or returned. Additionally, the standard requires that organization inform the customers for the nonconforming products to prevent customer dissatisfaction.

Section 9: Performance Evaluation

Once the QMS is implemented, ISO 9001 requires permanent monitoring of the system as well as periodic reviews to:

  • demonstrate conformity of products and services to requirements;
  • assess and enhance customer satisfaction;
  • ensure conformity and effectiveness of the quality management system;
  • demonstrate that planning has been successfully implemented;
  • assess the performance of processes;
  • assess the performance of external providers
  • determine the need or opportunities for improvements within the quality management

Section 10: Improvement

Continual improvement can be defined as all the actions taken throughout the organization to increase effectiveness (reaching objectives) and efficiency (an optimal cost/benefit ratio) of processes and controls to bring increased benefits to the organization and its stakeholders. An organization can continually improve the effectiveness of its management system through the use of the quality policy, objectives, and audit results, analysis of monitored events, indicators, risk analysis, corrective actions and management review.

ISO Benefits:

  1. Improved organizational effectiveness and efficiency;
  2. Improved understanding of the business as gained through risk identification and analysis
  3. Operational resilience which results from implementing risk reduction
  4. Downtime reduction due to the identification of alternative processes and workarounds
  5. Protection of stakeholder value
  6. Increase customer and employee satisfaction;
  7. Increased market share and profit;
  1. Improved organizational culture;
  2. Enhanced continuous improvement;
  3. Process improvement; and
  4. Avoidance of liability

Quality Management Principles:

ISO 9001:2015 is based on seven quality management principles that can be used by top management to lead the organization towards improved performance.

  • Customer focus: Organizations depend on their customers and therefore should understand current and future customer needs, meet customer requirements and strive to exceed customer
  • Leadership: Leaders establish the unity of purpose and direction of the organization. They should cre- ate and maintain the internal environment in which people can become fully involved in achieving the organization’s
  • Engagement of People: People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization’s benefit.
  • Process approach: A desired result is achieved more efficiently when activities and related resourceare managed as a process
  • Improvement: Improvement of the organization’s overall performance should be a permanent objective of the
  • Evidence-based Decision Making: Effective decisions are based on the analysis of data and
  • Relationship Management: An organization and its interested parties are interdependent and a mutu- ally beneficial relationship enhances their ability to create

ISO Implementation Methodology:

ISO Process:

The usual process for an organization that wishes to be certified against ISO 9001 is the following:

  1. Implementation of the management system: Before being audited, a management system must be in operation for some time. Usually, the minimum time required by the certification bodies is 3
  2. Internal audit and review by top management: Before a management system can be certified, it must have had at least one internal audit report and one management
  3. Selection of the certification body (registrar): Each organization can select the certification body (registrar) of its
  4. Pre-assessment audit (optional): An organization can choose to perform a pre-audit to identify any possible gap between its current management system and the requirements of the
  5. Stage 1 audit: A conformity review of the design of the management system. The main objective is to verify that the management system is designed to meet the requirements of the standard(s) and the objectives of the organization. It is recommended that at least some portion of the Stage 1 audit should be performed on-site at the organization’s
  6. Stage 2 audits (On-site visit): The Stage 2 audit objective is to evaluate whether the declared management system conforms to all requirements of the standard is actually being implemented in the organization and can support the organization in achieving its objectives. Stage 2 takes place at the site(s) of the organization’s sites(s) where the management system is
  7. Follow-up audit (optional): If the auditee has non-conformities that require additional audit before being certified, the auditor will perform a follow-up visit to validate only the action plans linked to the non- conformities (usually one day).
  8. Confirmation of registration: If the organization is compliant with the conditions of the standard, the Registrar confirms the registration and publishes the
  9. Continual improvement and surveillance audits: Once an organization is registered, surveillance activities are conducted by the Certification Body to ensure that the management system still complies with the standard. The surveillance activities must include on-site visits (at least 1 per year) that allow verifying the conformity of the certified

client’s management system and can also include: investigations following a complaint,

review of a website, a written request for follow-up, etc.