Vous êtes sur la page 1sur 20

CUSTOMER FOCUS PROCESS APPROACH IMPROVEMENT

LEADERSHIP FURTHER EXCELLENCE RELATIONSHIP MANAGEMENT

ENGAGEMENT OF PEOPLE EVIDENCE BASED DECISIONS RISK MANAGEMENT

ISO 9001:2015 WHAT YOU NEED TO KNOW


HELPING YOU TO BETTER UNDERSTAND THE CONTENTS AND IMPLICATIONS OF THE CHANGES TO QUALITY
MANAGEMENT SYSTEM REQUIREMENTS IN ISO 9001:2015

SEPTEMBER 2015

AUTHOR
Chris Trott
Global Technical Manager,
Global Product Manager ISO 9001, SGS
ABSTRACT
This document aims to provide an insight into the contents of
ISO 9001:2015 recently issued. It is not intended to be a full explanation
of all of the requirements of ISO 9001:2015, rather it provides an
overview of the key changes to Quality Management Systems (QMS) in
the document.

CONTENTS
I. INTRODUCTION .................................................................................................................................3

II. EXECUTIVE SUMMARY ..................................................................................................................4

III. ANNEX SL .........................................................................................................................................4

IV. THE CORE REQUIREMENTS OF ISO 9001:2015 .........................................................................6

V. CONCLUSION ....................................................................................................................................18

VI. SGS SOLUTIONS FOR A SMOOTH TRANSITION .....................................................................18

2
I. INTRODUCTION

GENEVA

AMERICAS EUROPE, AFRICA & ASIA PACIFIC


440 OFFICES & LABORATORIES MIDDLE EAST 385 OFFICES & LABORATORIES
17 700 EMPLOYEES 30 300 EMPLOYEES
825 OFFICES & LABORATORIES
32 000 EMPLOYEES

With more than 1,250,000 certificates All ISO standards are, and have been,
expected to have been issued, in more periodically reviewed to ensure that 9%
than 185 countries by end of 2015, ISO they are still relevant and reflect current
9001 is by far the most recognised business practices and market demands.
management system standard in the The latest ISO 9001 revision process is
20%
globe. simply the latest in a series of revisions
ISO 9001 provides the requirements (1987, 1994, 2000 and 2008). However,
needed to establish, implement and as the 2008 revision to ISO 9001 made
only minor amendments, the expected
certify an organisations QMS. It is the
2015 revision will make the first 71%
management system most used to instil
trust and enhance customer satisfaction significant changes since the year 2000.
in the relationship between buyers and The figure to the right is based on the
sellers along the supply chain when it ISO Survey of Management System
comes to quality related matters. Standard Certificates 2014. It clearly ISO 9001
shows that ISO 9001 certificates
ISO 14001
represent almost 71% of the total
number of certificates issued globally. Others

3
II. EXECUTIVE SUMMARY III. ANNEX SL
ISO 9001:2015 positions the new version from a supplier, for example, or through There are many management system
of the standard as an integral part of the outsourcing of processes and standards covering a wide range of
an organisations efforts towards the functions, etc.) and all external provision areas such as quality, environment,
broader aim of sustainable development of goods and services. occupational health & safety etc. Over
and promotes it as a tool for improving the years organisations have tried
ISO 9001:2015 contains no requirements
an organisations overall performance. to implement and gain certifications
relating to the need for a Quality
This is in addition to the fact that the for multiple management system
Manual, Procedures or Records. There
adoption of a QMS is a strategic decision standards. Their attempts to combine
are now numerous references to
for an organisation. them into one effective and efficient
Documented Information (clause 7.5),
integrated system have not always been
Besides renaming and repositioning which is information that an organisation
easy since the requirements, terms
certain activities, other significant new is required to keep, control and
and definitions, etc. of the various ISO
requirements have been introduced. maintain, though there are no specific
management system standards can be
Some of these are a consequence of the requirements about its format or how it
significantly different.
adoption of the Annex SL framework and must be stored.
core text (see III. ANNEX SL below), but In recognition of this, the ISO Technical
There remains a requirement to identify
others are specific QMS requirements. Management Board produced Annex SL
and maintain the knowledge needed
of the Consolidated ISO Supplement of
There are now clauses relating to to ensure that the conformity of
the ISO/IEC Directives in 2012 (Annex
an organisations context and any products and services is achieved. This
SL), previously ISO Guide 83. The
associated internal and external issues organisational knowledge includes
stated aim of Annex SL is to enhance
which may have an impact on the information that is held by personnel,
the consistency and alignment of ISO
organisation and its QMS (clause 4.1) but it must also include consideration
management system standards by
and with the needs and expectations of of the context in which an organisation
providing:
those interested parties who can be operates.
affected by the organisations activities A unifying and agreed high level
There is no longer any requirement for an
(clause 4.2). These changes will require structure
organisation to appoint a Management
organisations to move away from a Identical core text
Representative (ISO 9001:2008 clause
purely inward-focusing approach to Common terms and core definitions
5.5.2), though this does not prevent
QMS development and implementation, organisations from retaining this position Consequently, Annex SL provides a
to one where external factors have a within their structure if they choose to. template or framework for all new and
greater influence on the way in which However, organisations need to note that revised MSS. The high level structure
the QMS is focused and prioritised; to be some of the activities and responsibilities (i.e. major clause numbers and titles) is
as effective as possible in meeting key typically undertaken by a Management fixed and cannot be changed, although
internal and external objectives. Representative now need to be carried discipline-specific sub-clauses may be
In addition, there are now requirements out directly by its top management and added.
relating to an organisations need to can no longer be assigned The intention is that all ISO management
identify potential risks and opportunities (ISO 9001:2015 clause 5). system standards (MSS) will be aligned
which may have an impact on its and the compatibility of these standards
ability to consistently meet customer
requirements (clause 6.1). Although ISO
THE ADOPTION OF A will be enhanced. For example, the
major clause numbers and titles in
9001:2015 no longer has any specific QUALITY MANAGEMENT all future ISO management system
requirements relating to Preventive SYSTEM IS A STRATEGIC standards will be identical. As a result,
Action (ISO 9001:2008 clause 8.5.3), DECISION FOR AN all MSS will look very similar. In addition,
the identification of potential errors and
taking action to address them remains
ORGANIZATION it is expected that this will lead to less
inconsistency as common terms will all
in the new requirements relating to risks have the same definition. This approach
ISO 9001:2015 more directly expects
and opportunities. The new requirement will be particularly useful for those
organisations to apply a process
in ISO 9001:2015 (clause 10.2) that an organisations that choose to operate an
approach when planning, implementing
organisation must determine whether integrated management system that
and developing their QMS. It also
any identified non-conformity could also meets the requirements of two or more
includes a list of requirements identifying
potentially exist or occur elsewhere, management system standards.
the essential elements of such an
also has obvious similarities with the (see Figure 1)
approach. The intention is to ensure that
current Preventive Action requirements.
organisations systematically define and
An organisation would be required to manage not just their processes, but also
take a risk based approach to determine the interaction between them.
the type and extent of controls
appropriate to all types of external
provider (whether it is by purchasing

4
ANNEX SL AND ISO 9001:2015 One of the consequences of adopting
ENHANCE THE ISO 9001:2015 uses the Annex SL
the Annex SL is that some of the
CONSISTENCY AND framework and adopts its high-level
requirements of ISO 9001:2008 which
are unchanged in ISO 9001:2015 are
ALIGNMENT OF ISO structure, core text and common terms
now located under different headings
MANAGEMENT SYSTEM and core definitions. The list of main
clauses is now as follows:
in differently numbered clauses. For
STANDARDS 1. Scope
example, Management Responsibility
activities from ISO 9001:2008 clause 5,
2. Normative references are now to be found under Leadership
Annex SL has already been used as 3. Terms and definitions in a new clause 5, whilst Product
the template for the new Business
4. Context of the organisation Realisation in clause 7 is now covered
Continuity Management standard, ISO
5. Leadership by the new clause 8 Operation.
22301, which was issued in 2012 and
for the 2013 revision to ISO 27001 6. Planning
Information Security Management. It 7. Support
has also been used for the revisions to 8. Operation
ISO 9001 & 14001 and will be used for 9. Performance evaluation MSS
the new Occupational Health and Safety MSS
10. Improvement
Management standard, ISO 45001. ANNEX
However, within sub-clauses to SL

these main activity headings, ISO


9001:2015 also includes those additional
requirements which are specific to
MSS
QMS. (see Figure 2)

Figure 1

Figure 2

5
IV. THE CORE REQUIREMENTS OF ISO 9001: 2015
CLAUSE 1 SCOPE CLAUSE 3 TERMS AND An organisations context will include,
for example:
The overriding aim or Scope of DEFINITIONS
ISO 9001:2015 is to specify the The specific objectives of the
All applicable terms and definitions are
requirements for a QMS that can be organisation
incorporated into the revised ISO 9000:
used by organisations that want to: 2015. These terms and definitions will The needs and expectations of its
Demonstrate their ability to include all those from Annex SL. customers and any other relevant
consistently provide products or interested parties
Annex SL itself contains 22 terms and
services that meet customer and definitions which must be included in The products and services it
applicable statutory and regulatory all management system standards. provides
requirements These are the terms and definitions The complexity of both the
Enhance customer satisfaction which would naturally be expected processes that the organisation
through the application of such a to appear in any MSS, irrespective uses and the way in which they
system, including processes for of the discipline addressed by the interact
improvement and the assurance of Standard itself; definitions of terms
Its size and organisational structure
conformity to those customer and such as audit, corrective action,
applicable statutory and regulatory management system, measurement, This is not a completely new concept
requirements objective, policy. All of these terms for QMS, as the Introduction to ISO
and definitions are included in ISO 9001:2008 (section 0.1 General) includes
Apart from some minor changes, the
9001:2105. a reference to the fact that the design
wording of this clause is almost exactly
and implementation of an organisations
the same as is used in ISO 9001:2008. However, many more additional
QMS is influenced by a similar list of
QMS-specific terms and definitions
However, there is no longer any issues and factors.
have also been added, which include
requirement for identification in a
related terms and definitions, such as
Quality Manual of any elements that CLAUSE 4.1 UNDERSTANDING THE
quality, customer, product, service
cannot be applied by an organisation
and design and development. In ORGANISATION AND ITS CONTEXT
implementing a QMS (ISO 9001:2008
addition, some of the terms used in ISO 9001:2015 now requires
clause 1.2). Nor are such exclusions
ISO 9001:2008 have been changed; for organisations to identify those external
limited to requirements found under
example: and internal issues that are relevant to
clause 7 Product Realisation. Although
all of the requirements in ISO 9001:2015 Product is replaced by Products its context and that can affect its ability
are intended to be applicable to all types and Services to achieve the intended outcome(s) of its
of organisations, it is recognised that management system. The organisation
Purchased Product is replaced by
there may be circumstances where must also continue to monitor and
Externally Provided Processes,
compliance with a specific requirement review those issues to establish
Products and Services
is impossible because an organisation whether any changes to them will affect
Work Environment is replaced by its QMS, or its purpose. Although many
simply does not undertake a certain
Environment for the Operation of organisations will already be monitoring
type of activity as part of its business.
Processes internal and external issues, this is a
In such cases, the organisation
can regard the requirement as not new requirement which all will now
applicable. However, it cannot do this CLAUSE 4 CONTEXT OF THE need to comply with.
if it would affect its ability to supply ORGANISATION Although there is no specific
products or services which comply with The context of the organisation requirement that the identification of
client requirements, or which adversely (sometimes called its business these internal and external issues, or
affect its ability to enhance customer environment) refers to the combination their monitoring and review, have to
satisfaction. of internal and external factors and be documented by an organisation, it
conditions that can have an effect on an will have to demonstrate that it has
CLAUSE 2 NORMATIVE organisations approach to its products done so. In many cases this information
REFERENCES and/or services. As a result, the design could already be available from several
and implementation of an organisations different sources. It may form part of
As with ISO 9001:2008, the key
QMS will be influenced by its context. an organisations documented business
normative reference remains ISO
(see Figure 3) plan or business strategy, for example,
9000: Quality management systems -
or be referenced on the organisations
Fundamentals and vocabulary.
website, in its annual reports to
shareholders, or there may even be
simply a section in the Management
Review minutes dealing with this issue.

6
CONTEXT OF THE ORGANIZATION

LEGAL
MARKET
INTERESTED PARTIES
ECONOMY PRESSURE
SHAREHOLDERS GROUPS
ORGANISATION:
VALUES
SUPPLIERS CULTURE CUSTOMERS CULTURE
KNOWLEDGE
PERFORMACE
EMPLOYEES END USERS
TECHNOLOGY

REGULATORS SOCIAL
COMPETITION

Figure 3

have an impact on the organisations An organisation must identify any


ISO 9001: 2015 ability to consistently provide products boundaries and/or limits on the
NOW REQUIRES and services that meet customer and applicability of its QMS. For example,
applicable statutory and regulatory
ORGANISATIONS requirements, or enhance customer
the scope can include the whole
of the organisation, specific and
TO IDENTIFY THOSE satisfaction. Every organisation will identified functions of the organisation,
EXTERNAL AND have its own set of relevant interested specific and identified sections of the
INTERNAL ISSUES parties and these may well change over organisation, or one or more functions
time. Every interested party will also
THAT ARE RELEVANT have its own set of requirements, but
across a group of organisations. Any
physical limitations to the scope of the
TO ITS CONTEXT AND not all of these will be relevant to an QMS will also need to be identified.
THAT CAN AFFECT ITS organisations QMS. Outsourced functions or processes are
ABILITY TO ACHIEVE THE Organisations will need to be able considered within the organisations

INTENDED OUTCOME(S) to demonstrate that they have been scope.

OF ITS MANAGEMENT through an initial process which both


identifies who their relevant interested
ISO 9001:2015 no longer makes
specific reference to exclusions
SYSTEM parties are, as well as their requirements when determining the applicability of
that are relevant to the organisations its requirements to an organisations
CLAUSE 4.2 UNDERSTANDING QMS. There will also need to be QMS. However, it is recognised that
THE NEEDS AND EXPECTATIONS OF evidence that the organisation continues an organisation might need to review
to review whether the relevance of the applicability of requirements due
INTERESTED PARTIES
these interested parties and/or their to the size of the organisation, the
An organisation is also required to requirements change. management model it adopts, the range
identify the interested parties that are
of the organisations activities, or the
relevant to its QMS.
CLAUSE 4.3 DETERMINING THE SCOPE nature of the risks and opportunities it
An interested party (sometimes OF THE QUALITY MANAGEMENT SYSTEM encounters.
referred to as a stakeholder) is
This clause covers some of the
any person or organisation that can CLAUSE 4.4 QUALITY MANAGEMENT
requirements in ISO 9001:2008 clauses
affect, be affected by, or perceive SYSTEM (QMS) AND ITS PROCESSES
1.2 Application and 4.2.2 Quality
themselves to be affected by the
Manual. However, whilst there is still a This clause addresses some of the
decisions or activities of the organisation
requirement that an organisation must requirements found in ISO 9001:2008
implementing the QMS. These
establish the scope of its QMS, there is clauses 4.1 General requirements, 5.4.2
interested parties could include the
now a specific requirement that when QMS planning and 8.2.3 Monitoring
organisations shareholders, employees,
doing so the organisation must consider: and measurement of processes.
customers, end users, suppliers,
regulators, pressure groups, etc. a. Its external and internal context ISO 9001:2015, however requires
issues referred to in clause 4.1 the adoption of a process approach
In order to determine whether an when developing, implementing and
interested party, or its requirements, are b. The requirements of relevant
improving the effectiveness of a QMS.
relevant to their QMS, the organisation interested parties referred to in
must consider whether or not they clause 4.2
c. Its products and services

7
However, as the achievement of CLAUSE 5.1.2 CUSTOMER FOCUS
consistent results and outputs is more THERE IS NOW AN ISO 9001:2015 enhances the current
likely when activities are understood
and managed as interrelated processes,
EMPHASIS ON requirement in ISO 9001:2008 clause

ISO 9001:2015 now includes specific LEADERSHIP RATHER 5.2 that top management simply ensure
that ...customer requirements are
requirements necessary for the adoption THAN JUST determined and are met with the aim
of a process approach. MANAGEMENT of enhancing customer satisfaction.
This process approach requires an Now they also need to demonstrate that
organisation to systematically define and any risks and opportunities are being
manage processes and their interactions CLAUSE 5.1.1 LEADERSHIP AND identified and addressed where they:
so as to achieve the intended results COMMITMENT TO THE QUALITY
Could potentially have an impact on
in accordance with both the quality MANAGEMENT SYSTEM (QMS) the organisations ability to supply
policy and strategic direction of the
Top management must be able to products and services that conform
organisation. Although there are similar
demonstrate that they have taken to customer requirements
requirements in ISO 9001:2008 (clause
responsibility for emphasising the In addition, top management have to
4.1), ISO 9001:2015 now specifically
importance of conforming to the demonstrate that they maintain a focus
requires an organisation to identify:
requirements of their organisations on consistently providing products and
The inputs required and the outputs QMS. In addition, they must ensure services that:
expected from processes that the QMS is achieving its intended
Conform to customer requirements
The measurements and related results and drive continual improvement
performance indicators needed to within their organisation. Meet applicable statutory and
ensure the effective operation and regulatory requirements
In those organisations where top
control of processes management have effectively delegated Enhance customer satisfaction
The assignment of the responsibility for the QMS down to a The reference to the need to
responsibilities and authorities for Management Representative (MR), ensure that the focus on enhancing
processes then under ISO 9001:2015 they will customer satisfaction is maintained
now have to demonstrate much more indicates that this is an ongoing
The risks and opportunities
direct involvement in the QMS. They requirement. Top management are
associated with processes (see
can still delegate tasks to others, required to demonstrate leadership
clause 6.1) and the planned and
such as the MR, but otherwise the and commitment with respect to
implemented appropriate actions to
specified requirements must be seen customer focus by ensuring that
address them
to be undertaken by top management these requirements are carried out.
Operational procedures, work themselves. Top management have to This wording suggests that these are
instructions, process diagrams, etc. be seen to be accountable for their tasks which do not have to be directly
would be examples of documented organisations QMS and to emphasise undertaken by top management and that
information used to support the the importance of effective quality responsibility for carrying them out may
operation of processes, but individual management and conformance with be delegated to other personnel.
organisations may have different QMS requirements. They must also
approaches to this (see clause 7.5, ensure that QMS requirements are
CLAUSE 5.2 QUALITY POLICY
below). integral to the organisations business
processes and be consistent with Although the requirements in relation
to an organisations Quality Policy
CLAUSE 5 LEADERSHIP its overall strategic direction and the
are broadly the same as those in
context in which it operates.
This clause does not just simply ISO 9001:2008, there are some new
cover the same areas of policy, Several of the ISO 9001:2015 elements
elements. ISO 9001:2015 now requires
organisational roles, responsibilities and that are aimed at top management
that an organisations quality policy is
authorities that are present in clause leadership and commitment require
appropriate to both its purpose and its
5 of ISO 9001:2008 Management them to ensure that certain activities
context and supports its strategic
Responsibility. There is now an are undertaken or carried out, this
direction. This means that once the
emphasis on leadership rather than indicates that these tasks may be
organisation has determined its context
just management. Top management are delegated to others. However, where
and the relevant requirements of its
now required to demonstrate a greater there is a specific requirement that
interested parties (clauses 4.1 & 2), top
direct involvement in the organisations top management must be taking,
management will have to review the
QMS and the removal of the need for a promoting, communicating, engaging
quality policy in light of that information.
specific Management Representative and supporting action(s), this
indicates that they must be seen to be The Quality Policy itself has to be
is partly an attempt to ensure that
undertaking these actions themselves. available as documented information
ownership of an organisations
and top management will need to
management system is not simply
demonstrate that they were involved in
focused on one individual.
its preparation.

8
There is also a new requirement. The
Quality Policy is to be made available to
the organisations interested parties.
Organisations will need to demonstrate
how this is done for both internal and
external interested parties. It may be
that the Quality Policy is available on the
organisations website, for example, but
other methods of ensuring its availability
could be used.

CLAUSE 5.3 ORGANISATIONAL ROLES,


RESPONSIBILITIES AND AUTHORITIES
Again, although this clause covers
some of the elements in ISO 9001:2008
clause 5.5 Responsibility, authority
and communication there are
some key changes. There is now a
requirement that responsibilities and
authorities must not only be assigned Based on the results of this assessment,
and communicated, but also that
they have to be understood within
ISO 9001:2015 NOW organisations then have to:

the organisation. An organisations PLACES A GREATER Take action to address any risks and

personnel must, therefore, be advised EMPHASIS ON THE opportunities identified

of their QMS responsibilities and PLANNING THAT AN Integrate and implement these
actions into their QMS processes
authorities, and a mechanism must
be in place to ensure that personnel
ORGANISATION DOES
Evaluate the effectiveness of the
understand them. In particular, top WHICH IS INTEGRAL TO actions taken
management need to ensure that ITS BUSINESS Not all of the processes of a QMS
specific responsibilities and authorities
represent the same level of risk
are assigned, communicated and
CLAUSE 6.1 ACTIONS TO ADDRESS or opportunity in terms of the
understood in relation to:
RISKS AND OPPORTUNITIES organisations ability to meet its
Ensuring that the QMS conforms to objectives. For that reason, ISO
the requirements of ISO 9001:2015 This is a new requirement which obliges
9001:2015 requires that the actions
organisations to identify those risks and
Ensuring that processes are taken to address any risks and
opportunities that have the potential
delivering their intended outputs opportunities are ...proportionate to
to impact (negatively or positively) on
the potential impact on the conformity
Reporting to top management in the operation and performance of their
of products and services. The
relation to QMS performance and QMS.
consequences of failures or non-
improvement opportunities Having identified those external and conformities in relation to processes,
internal issues that are relevant to systems products and/or services, for
CLAUSE 6 PLANNING FOR its context, as well as the needs of example, will not be the same for all
THE QUALITY MANAGEMENT interested parties (clauses 4.1 & 2), organisations. So when deciding how
SYSTEM (QMS) an organisation is required to use that to plan and control its QMS, including
information to determine both the its component processes and activities,
Although QMS planning has long been
risks and opportunities that need to be the organisation needs to consider both
a familiar requirement, ISO 9001:2015
addressed to: the type and level of risk or opportunity
now places a greater emphasis on
Ensure that its management associated with them.
the planning that an organisation does
which is integral to its business. An system can achieve its intended There needs to be evidence that the
organisation is now required to consider outcome(s) organisation has done this and that
both its context and interested parties Prevent, or reduce, undesired it continues to review whether these
when planning and implementing its effects issues and requirements change. It also
QMS. needs to demonstrate that the action
Achieve improvement
taken is subsequently reviewed to
confirm whether it has been effective
or not. Although risks and opportunities
have to be determined and addressed,
there is no requirement for a formal,

9
documented risk management process, CLAUSE 6.3 PLANNING OF CHANGES There is no specific requirement that
and organisations are free to choose the documented evidence needs to be
ISO 9001:2015 still contains the
assessment and evaluation mechanism available to demonstrate this, but
key requirement in ISO 9001:2008
they consider is most appropriate for organisations will need to demonstrate
clause 5.4.2 (b) that the integrity of an
them. that both internal and external resource
organisations QMS must be maintained
However, organisations must be able to requirements and capabilities are
when any changes to it are planned
demonstrate that they have a planned considered.
and implemented, but also now adds
methodology in place that allows
further requirements. In addition to a
them to determine all/any risks and CLAUSE 7.1.2 PEOPLE
general requirement that all changes to
opportunities relevant to the planning
an organisations QMS are ...carried out Essentially the same requirements as in
and implementation of their QMS.
in a planned manner this process must ISO 9001:2008 clauses 6.1 & 2, though
include consideration of: ISO 9001:2015 now makes an explicit
CLAUSE 6.2 QUALITY OBJECTIVES AND reference to the control of processes.
Why the change is being made and
PLANNING TO ACHIEVE THEM the potential consequences of that
The requirements relating to quality change
objectives in ISO 9001:2008 clause
ORGANISATIONS NEED
5.4 are retained in ISO 9001:2015.
Any effects on the integrity of the
QMS
TO TAKE INTO ACCOUNT
However, in addition to the need to
Whether the resources necessary
BOTH INTERNAL AND
establish measurable quality objectives
to carry out the change are available EXTERNAL RESOURCE
at relevant functions and levels, that are
consistent with an organisations quality The allocation or reallocation
REQUIREMENTS AND
policy, there are now requirements that of related responsibilities and CAPABILITIES
they must be established for relevant authorities caused by the change
processes and be relevant to the CLAUSE 7.1.3 INFRASTRUCTURE
Since ISO 9001:2015 clause 4.4
enhancement of customer satisfaction.
requires organisations to maintain/retain Although this clause covers the same
The implication of these changes is
documented information ...to the extent requirements as ISO 9001:2008 clause
that an organisation will now have to
necessary to support the operation of 6.3 Infrastructure, there is now
demonstrate that their quality objectives
processes then the activities related to clarification that Infrastructure can
actually add value and that they have
QMS changes, including consideration include:
not simply been established in order to
of the issues above, will need to be
meet the bare minimum requirements of buildings and associated utilities;
documented. Organisations will need
ISO 9001:2015. equipment including hardware and
to demonstrate that they have taken
The requirements relating to the these issues into account when making software;
planning needed to achieve quality changes to their QMS. transportation resources;
objectives implied in ISO 9001:2008
information and communication
are now more explicitly detailed. CLAUSE 7 SUPPORT technology.
Organisations are now required to
Having addressed the organisations
determine:
context, commitment and planning, this CLAUSE 7.1.4 ENVIRONMENT FOR THE
What resources will be required to clause sets out the QMS requirements OPERATION OF PROCESSES
achieve quality objectives relating to the support needed in order
The same key elements as in
Who will be responsible for them to meet the organisations goals.
ISO 9001:2008 clause 6.4 Work
What will be done and when environment, though there is now
CLAUSE 7.1 RESOURCES a requirement in ISO 9001:2015 for
How will achievement of the
objectives will be evaluated organisations to not only determine
CLAUSE 7.1.1 GENERAL what is a work environment suitable
Organisations will need to demonstrate
Although implicit in ISO 9001:2008 to ensure conformity of products and
that these what, when, who and how
clause 6.1 Provision of resources, ISO services, but also to provide and
elements have been satisfactorily
9001:2015 now makes consideration/ maintain it. The notes to the clause
planned, but since an organisation has
evaluation of resource capabilities a make it clear that Environment for
to retain documented information on
specific requirement. Additionally, the operation of processes can
their quality objectives this should be
when identifying the resources needed include physical, social, psychological,
available in some documented form
to establish, implement, maintain environmental and other factors (such
or other. Organisations will also have
and improve its QMS, there is now a as temperature, humidity, ergonomics
to demonstrate that the personnel
requirement that an organisation needs and cleanliness).
to whom responsibility for quality
objectives has been given are aware of to take into account both internal and
what their responsibilities are and have external resource requirements and
been given the resources to achieve capabilities.
those objectives.

10
Organisations will need to demonstrate The amount or level of organisational CLAUSE 7.2 COMPETENCE
that not only have they identified what knowledge needed may be large or
Essentially the same requirements as
the necessary environment is for the small, depending on an individual
in ISO 9001:2008 clause 6.2 Human
operation of its processes, but also that organisations activities, processes and
resources, though ISO 9001:2015
they have provided that environment; circumstances, but the key question is
now requires and organization to
taking into account the factors listed whether the organisation has identified
demonstrate that it has determined the
in the notes to the clause. This is likely the knowledge it needs to have in order
competency requirements for personnel
to require a review of the physical to carry out its processes and activities.
and then it must:
location(s) in which processes are
carried out. Organisations will also need Ensure that personnel meet those
to demonstrate that it has in place some ORGANISATIONS competency requirements
method for ensuring that the necessary NEED TO DETERMINE Take action to ensure that they
environment is maintained, though the AND MAINTAIN THE acquire the identified competence.
type of monitoring and controls required
will vary, depending on the processes
KNOWLEDGE OBTAINED The organisation also needs to

involved. BY THE ORGANISATION demonstrate that any action taken to


acquire or maintain competency is
(INCLUDING ITS subsequently reviewed to establish
CLAUSE 7.1.5 MONITORING AND PERSONNEL) TO whether it has been effective in raising
MEASURING RESOURCES ENSURE THAT IT CAN personnel competence to the required
Although this covers the same ACHIEVE CONFORMITY level(s).
requirements as in ISO 9001:2008
OF PRODUCTS AND A key addition to the requirements
clause 7.6 there is now a greater is that they now apply to all/any
emphasis on monitoring and measuring
SERVICES personnel under its control that
resources rather than just equipment. affect the organisations performance.
In this context, resources would This knowledge needs to be maintained This will include any sub-contract/
include personnel, training, workplace and made available where and when agency personnel, as well as anyone
environment, etc. Organisations will necessary. It is up to the organisation undertaking outsourced processes
need to retain documented information to decide how to do this and there and functions (see the reference to
to demonstrate not just that monitoring is no specific requirement that this the need to communicate competence
and measuring equipment is fit for knowledge has to be retained as requirements to external providers in
purpose, but that all monitoring and documented information. Additionally, clause 8.4.3 (c) below)
measuring resources are. when planning changes to its QMS or Organisations will need to retain
operational activities, an organisation is documented information to demonstrate
CLAUSE 7.1.6 ORGANISATIONAL required to assess whether its existing that all personnel under their control
KNOWLEDGE organisational knowledge is sufficient are competent. This is different to the
to satisfactorily manage these changes current ISO 9001:2008 requirement
This is a new requirement which
or if it needs to obtain additional that organisations must simply maintain
addresses the need for organisations to
knowledge to do so and take steps to appropriate records of ...education,
determine and maintain the knowledge
get it if necessary. training, skills and experience.
obtained by the organisation (including
its personnel) to ensure that it can
achieve conformity of products and
services. The primary requirement is
that an organisation must establish
the knowledge necessary for it to
satisfactorily operate the processes it
uses and provide products and services
which conform to requirements.
The type of organisation knowledge
that will need to be maintained will
vary from one organisation to another.
It is likely to include knowledge held
by competent personnel within the
organisation that they use to carry out
their operational tasks, for example, but
it may also include bespoke software
needed to run process equipment,
internal and/or external product
and service standards, technical
manuals, intellectual property, etc.

11
CLAUSE 7.3 AWARENESS information. This is defined as
information required to be controlled and
ISO 9001:2015 introduces a specific
maintained by an organisation, as well
requirement that an organisation
as the medium in which it is contained.
makes personnel under its control
Where ISO 9001:2008 currently refers
aware of the organisations quality
to documented procedures (e.g. to
objectives, as well as the consequences
define, control or support a process)
of non-conformance with its QMS
this is now expressed as a requirement
requirements. This is not the same as
to maintain documented information.
the requirement in ISO 9001 that an
Where ISO 9001:2008 now refers
organisation needs simply to ensure
to records, this is expressed as a
that its own personnel are aware of the
requirement to retain documented
...relevance and importance of their
information.
activities and how they contribute to the
achievement of the quality objectives. The extent of documented information
required for a QMS can differ from one
Organisations will need to demonstrate
organisation to another, due to:
that everyone (internal or external) doing
work for them has been made aware of: The size of organisation and its type
of activities, processes, products
The organisations quality policy and
and services
quality objectives
Their contribution to the The complexity of processes and
effectiveness of the QMS, including their interactions
the benefits of improved quality The competence of organisational
CLAUSE 8 OPERATION
performance personnel This is the clause that addresses
The implications of not conforming the main business activities of the
Each organisation needs to determine
with QMS requirements organisation implementing its QMS and,
the level of documented information
in addition to requirements relating to
necessary to control its own QMS.
CLAUSE 7.4 COMMUNICATION operational planning and control. This is
The requirements relating to the creation the section in which most QMS-specific
This covers much the same elements
and updating of documented information requirements are found.
as ISO 9001:2008 clause 5.3.3
are essentially the same as in ISO
Internal communication but there is
9001:2008 clause 4.2. However, whilst
now a specific requirement relating CLAUSE 8.1 OPERATIONAL PLANNING
there is no longer any requirement
to communication with persons AND CONTROL
for a document control procedure,
outside the organisation. There are
organisations will need to demonstrate Although these requirements are similar
specific requirements relating to this
that the documented information itself is to those in ISO 9001:2008 clause 7.1
communication process. Organisations
being controlled. This control now needs Planning of product realisation there is
will need to demonstrate that they have
to include adequate protection ...from now a greater emphasis on the control
identified both the internal and external
loss of confidentiality, improper use, or of processes. ISO 9001:2015 introduces
communications that need to take place,
loss of integrity. a requirement to establish the criteria
including:
for the processes and to implement
Control of access to documented
What needs to be communicated controls in accordance with the criteria.
information is now a specific
When this communication should The emphasis is on controlling the
requirement. Access can relate to
take place processes, so organisations will need to
permission to view the documented
How the information will be demonstrate that they have planned and
information only, or the permission
communicated implemented the appropriate process
and authority to view and change the
Who should receive such criteria:
documented information. Organisations
communications will need to demonstrate that where Inputs, outputs, resources, controls,
These requirements are different from documented information is held criteria, process measurement
those related to specific Customer electronically, there is adequate indicators, etc.
communication currently referenced in password or other access systems Organisations will need to demonstrate
ISO 9001:2008 clause 7.2.3 and which in place. Similarly, they will also that they have identified criteria for the
is now addressed in ISO 9001:2015 need to demonstrate that there are control of processes and that these
clause 8.2.1. satisfactory systems in place to permit controls have been implemented
access to documented information as planned. The processes involved
CLAUSE 7.5 DOCUMENTED when electronic systems crash or are will not only be those necessary to
INFORMATION otherwise unavailable. meet requirements for conforming
products and services, but also those
The terms documented procedure and
required to implement any actions
record used in ISO 9001:2008 have
needed to address identified risks and
both been replaced throughout ISO
opportunities.
9001:2015 by the term documented

12
Organisations are also required to
control not only planned changes to
processes (and to process controls), but
also to unintended, unplanned changes.
Where unintended changes are made,
the organisation has to demonstrate
that it identifies any actual or potential
adverse effects and takes action to
mitigate them.
An organisation is required to retain the
documented information necessary to
demonstrate both that its processes
have been carried out as planned and
that products and services conform
to requirements. This will include
information on any unplanned changes,
adverse effects and actions taken to
address them.

CLAUSE 8.2 REQUIREMENTS FOR


Again, organisations will have to CLAUSE 8.3 DESIGN AND DEVELOPMENT
PRODUCTS AND SERVICES
demonstrate they have a controlled OF PRODUCTS AND SERVICES
methodology in place for doing so.
CLAUSE 8.2.1 CUSTOMER Equally, organisations will have to
CLAUSE 8.3.1 GENERAL
COMMUNICATION be able to show that any claims they
make about their products and services Organizations are now required simply
The requirements in ISO 9001:2015 are
can be proved or demonstrated. This to establish, implement and maintain a
very similar to those in ISO 9001:2008
may include claims made in direct design and development process that
clause 7.2 Customer-related processes.
communication with clients, technical is appropriate to ensure the subsequent
However, there is now an additional
product information, marketing provision of products and services.
requirement that organisations must
communicate with customers in relation materials, etc.
CLAUSE 8.3.2 DESIGN AND
to specific, identified issues. There
is also now a requirement that these CLAUSE 8.2.3 REVIEW OF DEVELOPMENT PLANNING
processes must include, where relevant, REQUIREMENTS RELATED TO PRODUCTS ISO 9001:2015 now requires an
communicating with customers in AND SERVICES organisation, when determining the
relation to: necessary stages and controls for
This clause contains very similar
The handling or treatment of design and development, to also
requirements as in ISO 9001:2008
customer property consider:
clauses 7.2.1 & 2, and organizations
Specific requirements for are still required to retain documented The nature, duration and complexity
contingency actions information which describes the results of the design and development
of the review(s). activities.
Additionally, organisations must also
now have in place processes for In the same way, details of changes Whether customer and user groups
obtaining feedback relating to products to requirements and review of need to be involved in the design
and services, including customer those changes has to be retained as and development process and the
complaints. This is different to the documented information. level of control over the design that
current ISO 9001:2008 requirement to they will have.
simply obtain customer feedback. ORGANISATIONS NEED Overall, the requirements are more
Organisations will need to demonstrate TO DEMONSTRATE A detailed than those currently specified
in ISO 9001:2008 clause 7.3.1 and
that they have a controlled methodology
in place for communicating with
SPECIFIC PROCESS organisations will need to demonstrate
clients and that these processes are FOR ESTABLISHING that they have taken into account
systematically and consistently carried THE REQUIREMENTS all the issues highlighted in clause
out. FOR THE PRODUCTS 8.3.2. This will include the retention
of all documented information that
AND SERVICES IT the organisation has identified as
CLAUSE 8.2.2 DETERMINATION OF
REQUIREMENTS RELATED TO PRODUCTS
INTENDS TO OFFER TO necessary to confirm that the design

AND SERVICES
CUSTOMERS and development requirements have
been met.
ISO 9001:2015 now requires
organisations to meet the claims for the
products and services it offers.

13
CLAUSE 8.3.3 DESIGN AND CLAUSE 8.3.6 DESIGN AND As part of the process for defining
DEVELOPMENT INPUTS DEVELOPMENT CHANGES the controls to be applied to external
providers themselves and to the
Although the general requirements for The ISO 9001:2015 requirements are
products and services they supply,
design inputs in ISO 9001:2008 are broadly the same as for ISO 9001:2008,
organisations are now required to take
essentially unchanged, ISO 9001:2015 though there is no longer any reference
into account:
introduces the requirements that an to design and development changes
organisation must include the following having to be verified, validated and The potential impact of the
additional design inputs: approved before implementation (ISO externally provided processes,
9001:2008 clause 7.3.7). Organisations products and services on
Standards and/or codes of practice
are required to retain the documented the organisations ability to
that the organization has committed
information relating to design and consistently meet customer and
to implement
development changes. applicable statutory and regulatory
The potential consequences of requirements
failure due to the nature of the
CLAUSE 8.4 CONTROL OF EXTERNALLY The perceived effectiveness of the
products and services
PROVIDED PROCESSES, PRODUCTS AND controls applied by these external
Organisations will also have to providers themselves
SERVICES
demonstrate that they have a controlled
This means that an organisation is now
methodology in place for identifying the
CLAUSE 8.4.1 GENERAL required to take a risk-based approach
necessary inputs.
when determining the type and extent
Control of externally provided
of controls to apply to external providers
CLAUSE 8.3.4 DESIGN AND processes products and services
of processes, products and services.
DEVELOPMENT CONTROLS covers all forms of external provision,
whether it is by purchasing from a There is no requirement that this has
This is a new clause which largely
supplier, through an arrangement with to be documented, but given that
combines the requirements of ISO
an associate company, through the the criteria for selection, evaluation,
9001:2008 clauses 7.3.4 6 relating to
outsourcing of processes and functions monitoring and re-evaluation of external
design review, verification and validation.
of the organisation or by any other providers has to be documented (see
There are no significant changes in
means. clause 8.4.1 above), organisations
requirements, but the requirement in
should be able to demonstrate whether
ISO 9001:2008 that, where practicable, ISO 9001:2008 7.4.1 simply requires
they have adopted the risk based
validation should be completed prior to organisations to keep records of criteria
approach that is required.
the delivery or implementation of the for selection, but ISO 9001:2015 now
product/service has been removed. also requires them to establish specific
Unlike in ISO 9001:2008 clause 7.3.4, criteria for monitoring the performance CLAUSE 8.4.3 INFORMATION FOR
there is no specific requirement in ISO of external providers and to retain EXTERNAL PROVIDERS
9001:2015 as to who should participate documented information on the results The ISO 9001:2015 requirements are
in design reviews. of performance evaluation and re- very similar to those in ISO 9001:2008
evaluation monitoring. clause 7.4.2, but organisations are now
CLAUSE 8.3.5 DESIGN AND Organisations will, therefore have to also required to give external providers
DEVELOPMENT OUTPUTS demonstrate that they have: information about:

These requirements are essentially Established criteria against which How they will interact with the
the same as for ISO 9001:2008 they evaluate, monitor and re- organisation
clause 7.3.3, though there is now a evaluate the performance of How their performance will be
requirement that the outputs include or external providers monitored and controlled by the
make reference to any monitoring and Retained documented information organisation
measuring requirements. Organisations relating to the results of this There is also an additional requirement
are required to retain the documented evaluation, monitoring and re- that organisations must communicate
information resulting from the design evaluation to external providers any competence
and development process.
requirements which apply to their
Organizations must also specify the CLAUSE 8.4.2 TYPE AND EXTENT OF personnel. This is more than the
characteristics of products and services CONTROL OF EXTERNAL PROVISION requirement currently in ISO 9001:2008
that are essential for their intended clause 7.4.2 (c) that purchasing
purpose and their safe and proper The requirement in ISO 9001:2008
requirements should include any
provision. clause 7.4.3 that inspection activities
requirements for qualification of
should be in place to verify that
personnel.
purchased product meets specified
purchase requirements has been
changed to do not adversely affect
the organisations ability to consistently
deliver conforming products and
services to its customers.

14
Organisations will need to demonstrate A note now makes it clear that the A note in ISO 9001:2015 indicates
that the information specified in 8.4.3 definition of customer property has that post-delivery activities can
is communicated to external providers been widened to specify that it can include actions under warranty
and that the organisation ensures the include material, components, tools provisions, contractual obligations
information is adequate before it is and equipment, customer premises, such as maintenance services and
communicated to them. intellectual property and personal data. supplementary services such as
recycling or final disposal.
CLAUSE 8.5 PRODUCTION AND SERVICE CLAUSE 8.5.4 PRESERVATION
Organisations will need to demonstrate
PROVISION These requirements are almost the that, when deciding what post-
same as those in ISO 9001:2008 clause delivery activities are required, they
CLAUSE 8.5.1 CONTROL OF PRODUCTION 7.5.5, but again the emphasis now is on have considered the issues identified
process outputs rather than product. in clause 8.5.5 and taken them into
AND SERVICE PROVISION
A note in ISO 9001:2015 indicates that account where appropriate. Particular
Although the requirements in ISO preservation can include identification, attention will need to be given to this
9001:2015 are essentially a combination handling, packaging, storage, process where there is a high level
of those in clauses 7.5.1 & 2 in ISO contamination control, transmission or of potential risk associated with the
9001:2008, organisations will now have transportation, as well as protection. products and services (e.g. safety-
to demonstrate that controls have been critical components) or where there is a
The inclusion of transmission may
implemented in relation to: long product lifespan.
be an issue where an organisation
The availability of documented produces and circulates data or other
product/service/process information electronically as part of CLAUSE 8.5.6 CONTROL OF CHANGES
information a product or service. In such cases, ISO 9001:2015 includes new specific
Defined process criteria organisations will need to demonstrate requirements that were only implicit
that the data transmission protection in ISO 9001:2008 clauses 7.5.1 & 2.
Personnel competence
systems they have adopted reflect the Organisations need to demonstrate that
The suitability of infrastructure, risk of loss or security breach identified where changes to processes are made
environment and resources by the organisation. in order to ensure products or services
A key addition is that ISO 9001:2015 conform to specified requirements, that
CLAUSE 8.5.5 POST-DELIVERY
now specifically requires organisations these changes are reviewed and made
to maintain documented information ACTIVITIES
in a controlled manner. Where changes
which defines: This is a new clause which expands the are made, organisations must retain
The characteristics of the products ISO 9001:2008 requirement that post- documented information identifying:
to be produced, services to delivery activities are carried out under
The results of the review of
be provided, or activities to be controlled conditions. Organisations are
changes
performed now required to consider specific issues
when determining what post-delivery The personnel who authorised the
The results to be achieved changes
activities are required:
Any necessary actions
Any potential undesired
CLAUSE 8.5.2 IDENTIFICATION AND
consequences associated with a
TRACEABILITY CLAUSE 8.6 RELEASE OF PRODUCTS
product or service
Again, these requirements are very The nature of the product or
AND SERVICES
similar to those in ISO 9001:2008 clause service, how it will be used and Apart from some changes in
7.5.3, but the emphasis is now on what its intended lifetime is terminology, the requirements are
outputs rather than products. These the same as those in ISO 9001:2008
Any account customer feedback
outputs are the results of any activities clauses 7.4.3 & 8.2.4.
which are ready for delivery to the Any applicable statutory or
organisations customer, or to an internal regulatory requirements
customer (e.g. receiver of the inputs to
the next process).

CLAUSE 8.5.3 PROPERTY BELONGING TO


CUSTOMERS OR EXTERNAL PROVIDERS
These requirements are broadly in line
with those in ISO 9001:2008 clause
7.5.4, but they now also cover property
belonging to any external providers used
by an organisation in its own products
and services.

15
CLAUSE 8.7 CONTROL OF NON- CLAUSE 9.1.2 CUSTOMER SATISFACTION CLAUSE 9.2 INTERNAL AUDIT
CONFORMING OUTPUTS ISO 9001:2015 now requires The requirements are largely unchanged
The requirements are largely the same organisations to monitor information from those in ISO 9001:2008, but ISO
as those in ISO 9001:2008 clause 8.3, relating to the degree to which their 9001:2015 now requires organisations
but again outputs are now the key needs and expectations have been to demonstrate that when planning an
focus of the requirements. The options fulfilled. There is no specific requirement audit programme, they have taken into
available to an organisation when non- that this information has to be consideration:
conformities are identified are now more documented, but an organisation have to Any changes which have
explicitly detailed. Additionally, the details show how it does this and what it does taken place that impact on the
of the person or authority that makes with the information that it collects. organisation
the decision on how to deal with non- A note in ISO 9001:2015 makes it clear Additionally, there is now a specific
conformity has now to be identified. that information related to customer requirement that the results of audits are
Although there is no longer a requirement views or perceptions can include reported to the relevant management
for procedure, documented information customer satisfaction or opinion within an organisation.
still has to be retained which gives surveys, customer data on delivered
Although a documented procedure is
information on the actions taken to deal products or services quality, market-
no longer required, organisations must
with non-conformances. share analysis, compliments, warranty
retain documented information as
claims, etc.
evidence of the implementation of the
CLAUSE 9 PERFORMANCE audit programme and the audit results.
CLAUSE 9.1.3 ANALYSIS AND
EVALUATION
EVALUATION
CLAUSE 9.3 MANAGEMENT REVIEW
CLAUSE 9.1 MONITORING, MEASUREMENT,
Although the ISO 9001:2015
ANALYSIS AND EVALUATION The key requirements of the
requirements are similar to those in
Management Review process currently
CLAUSE 9.1.1 GENERAL ISO 9001:2008 clause 8.4, there are
in ISO 9001:2008 clause 5.6 remain,
now explicit requirements relating to
The current requirement in ISO but organisations now also need to
how the analysis and evaluation of data
9001:2008 clause 8.1 that an demonstrate that the inputs to its
must be used. Organisations now need
organisation has to plan and Management Review include:
to demonstrate evaluation as well as
implement the necessary monitoring, analysis of data (from measurement, Changes in external and internal
measurement, analysis and monitoring or other sources) and there issues relevant to both the
improvement processes has been has to be evidence of data analysis. organisations QMS and to its
replaced by the requirement that the strategic direction
organisation identifies the what how Although there is no specific
requirement that this analysis and Effectiveness of actions taken
and when of the monitoring and to address any risks and/or
measurement: evaluation has to be documented,
evidence of what the organisation is opportunities
What needs to be monitored and doing in terms of data analysis and confirmation of ongoing QMS
measured evaluation should be available. alignment with the strategic
The methods for monitoring, direction of the organization.
measurement, analysis and
evaluation, as applicable, that are
necessary to ensure valid results
When the monitoring and
measuring shall be performed
When the results from monitoring
and measurement shall be analysed
and evaluated
Organisations will also be required
to retain documented information as
evidence of the results of monitoring
and measurement activities.

16
The new ISO 9001:2015 requirements CLAUSE 10.2 NON-CONFORMITY AND Although a documented procedure
relating to organisational context CORRECTIVE ACTION is no longer required, organisations
and actions to address risks and are required to retain documented
These requirements are very similar
opportunities are reflected in these information which identifies the nature
to those in ISO 9001:2008 clause 8.5,
additions to the Management Review of any non-conformities, the subsequent
though there is no longer any reference
inputs. Organisations will need to action(s) taken and the results of any
to Preventive Action.
demonstrate that these broader corrective action.
organisational issues are integrated There is, however, now an additional
into the review process. The limited requirement for organisations to address
CLAUSE 10.3 CONTINUAL
focus of the current ISO 9001:2008 the consequences of nonconformities,
IMPROVEMENT
input requirements will no longer be which is recognition that not all of
sufficient and the organisation will need its processes and/or activities will The requirements are largely the same
to demonstrate that its Management represent the same level of risk in as those in ISO 9001:2008 (clauses
Reviews deal with how its overall terms of the organisations ability to 4.1 & 8.5.1), but organisations now
QMS performance is relevant to its meet its objectives. For that reason, also need to demonstrate that they are
strategic direction and organisational the consequences of failures or non- using the results from their analysis,
environment. conformities in relation to processes, evaluation and review processes
systems products and/or services will to identify any needs which must
Organisations are required to retain be addressed and opportunities for
not be the same for all organisations.
documented information as evidence of improvement.
When deciding how to deal with the
the results of Management Reviews.
consequences of nonconformities
(including its component processes and
activities) organisations will need to
CLAUSE 10 IMPROVEMENT
demonstrate that they consider both the
type and level of risk associated with
CLAUSE 10.1 GENERAL
them.
This is a new section which emphasises
There is also a new requirement to
the general need to improve processes,
determine whether any identified non-
products and services, as well as QMS
conformity could also exist elsewhere
results, in order to meet customer
within the organisations processes,
requirements and enhance customer
products, services and or systems, or
satisfaction. Organisations will need
whether they could potentially happen
to demonstrate that they actively look
elsewhere. This covers some of the
for opportunities to improve their
requirements previously included under
processes, products and services, as
Preventive Action.
well as the performance of their QMS.

17
V. CONCLUSION
It is important to note that despite the existing documentation and the process to include consideration of the level
changes in structure and terminology, security that it brings. There is no reason of training (or re-skilling) that may be
this does not mean that an organisation why they should remove or replace it if required of an organisations personnel.
is now required to get rid of all its they believe it is effective. The key issue Any organisation looking for a good
exiting manuals and procedures. An for any organisation will be ensuring starting point for adopting the changes,
organisations existing operational that it meets all the requirements in would do well to consider those key
procedures, work instructions, flow ISO 9001:2015. The QMS structure or organisational elements which are taken
charts, process maps, etc. are all documentation it uses will be irrelevant from Annex SL and introduced within
examples of documented information provided that it does so. ISO 9001:2015, by identifying:
and it does not now have to remove its The implications for individual
current Quality Manual or documented The organisations context
organisations will vary, depending on
procedures. If an organisation wishes the degree to which their own QMS Its interested parties
to retain these then they can do so. already covers the new or revised risks and opportunities relevant to
Similarly, organisations do not have to requirements. For that reason, it would its QMS
re-structure, re-name or re-number be sensible for each organisation,
their existing manuals or procedures Organisations should also give
to evaluate the amount of work that consideration as to whether their
just to bring them in line with the clause they are likely to need to undertake
structure in ISO 9001:2015. existing QMS contains and provides the
in order to be compliant with these documented information that is likely to
In many cases, organisations that have revised requirements. In addition to be required.
had a QMS in place for several years will consideration of the QMS requirements
have grown accustomed to using their themselves, this evaluation will need

VI. SGS SOLUTIONS FOR A SMOOTH TRANSITION


As the worlds leading certification ANNEX SL (IRCA APPROVED CPD) GAP ANALYSIS
body and a professional learning and
We help you understand the high level Our experts can carry out a gap analysis
development organisation, we offer
structure of the new framework and against the new requirements to make
you a variety of solutions during the
how integration with other management your transition smooth and transparent.
transition process.
system standards is becoming more This provides your organisation with
ISO 9001:2015 COURSES: efficient. structured assistance by highlighting
the extent that your existing systems
ISO 9001:2015 Quality
RISK-BASED THINKING and controls cover the requirements of
Management Systems - Transition
ISO 9001:2015 and by identifying an
Course This course covers the principals
implementation action plan where you
ISO 9001:2015 Quality that support the identification of risk
need it.
Management Systems - Lead and opportunities and the different
Auditor Course (IRCA Approved techniques/methodologies needed to ISO 9001:2015 CERTIFICATION
CPD) address them. SGS will, of course, now be offering ISO
ISO 9001: 2015 Quality 9001:2015 certification to both new and
Management Systems - Internal EMPOWERING LEADERSHIP existing clients.
Auditor Course (IRCA Approved A training workshop designed to address
CPD) the required leadership skills of those
ISO 9001:2015 Quality operating in Quality, Environmental and
Management Systems - Foundation Health and Safety roles in line with the
Course (IRCA Approved CPD) evolution of MSS within the Annex SL
Framework and their related commercial
impacts.

TO LEARN MORE ABOUT SGS ACADEMY LEARNING AND DEVELOPMENT SOLUTIONS VISIT
WWW.SGS.COM/TRAINING OR CONTACT TRAINING@SGS.COM

18
ABOUT THE AUTHOR ABOUT SGS
Chris Trott SGS is the worlds leading inspection, verification, testing and certification company.
Global Technical Manager, Global Product SGS is recognised as the global benchmark for quality and integrity. With more than
Manager ISO 9001: 2015, SGS 80,000 employees, SGS operates a network of over 1,650 offices and laboratories
Chris Trott has more than 20 years around the world.
experience in quality assurance We are constantly looking beyond customers and societys expectations in order
and quality management systems, to deliver market leading services wherever they are needed. We have a history of
including auditing and training. He is undertaking and successfully executing large-scale, complex international projects.
now Global Technical Manager within With a presence in every single region around the globe, our people speak the
SGS, responsible for implementing and language and understand the culture of the local market, and operate globally in a
maintaining systems that comply with consistent, reliable and effective manner.
appropriate scheme and accreditation
requirements. In addition, he has FOR AN OPTIMAL TRANSITION TOWARDS ISO 9001:2015 CONTACT
specific responsibility for managing the CERTIFICATION@SGS.COM OR VISIT WWW.SGS.COM/ISO9001-2015TRANSITION
SGS response to the revision of ISO
9001 and for the technical development
of the new and revised internal systems
required.

COPYRIGHT NOTICE

The information contained in this document represents the current view of SGS SA on the
issues discussed as of the date of publication. Because SGS must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of SGS,
and SGS cannot guarantee the accuracy of any information presented after the date of
publication.

This White Paper is for informational purposes only. SGS makes no warranties, express,
implied or statutory, as to the information in this document.

Complying with all applicable copyright laws is the responsibility of the user. Without
limiting the rights under copyright, no part of this document may be reproduced, stored
in or introduced into a retrieval system, or transmitted in any form or by any means
(electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without
the express written permission of SGS.

SGS may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in
any written license agreement from SGS, the furnishing of this document does not give
you any license to these patents, trademarks, copyrights, or other intellectual property.

ANY REPRODUCTION, ADAPTATION OR TRANSLATION OF THIS DOCUMENT


WITHOUT PRIOR WRITTEN PERMISSION IS PROHIBITED, EXCEPT AS ALLOWED
UNDER THE COPYRIGHT LAWS. SGS SA 2015. ALL RIGHTS RESERVED.

19
SGS Group Management SA 2015 All rights reserved SGS is a registered trademark of SGS Group Management SA.

WWW.SGS.COM