Professional Documents
Culture Documents
How Many Clauses Are in ISO 9001
How Many Clauses Are in ISO 9001
How Many Clauses Are in ISO 9001
(hint
there are 10!)
How many clauses are in ISO 9001? In the most recent 2015 version of ISO
9001, there are 10 separate, top-level clause headings. Below those
headings are 56 sub-clauses that each define over 300 individual
requirements.
Contents
What Are The ISO 9001 Clause Headings?
1. Scope 2. References 3.Terms and Definition
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement
Are The ISO 9001 Clauses Also Requirements?
The Seven Mandatory Clauses
Are There Any Exceptions?
How Have The ISO 9001 Clauses Changed Over The Years?
Unlike the previous version of ISO 9001, the current 2015 revision
contains a total of 10 headings or clauses, with 7 of them containing the
'mandatory' requirements (Clauses 4 to 10). The first three clauses provide
general information but they are no less important.
Each of these sub-clauses contain individual requirements and processes that must
be followed in order for the business to successfully attain certification, as well as
benefit from everything that comes from a properly executed quality management
system.
What Are The ISO 9001 Clause Headings?
Take a look at the list down below to learn the specific names of each ISO 9001
clause, and keep reading to get an idea of what each one is all about.
1. Scope
2. Normative References
3. Terms and Definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement
Let’s take a look at each one of these clauses, starting from number one all the way
to ten. The lists throughout the rest of this section will give you a general idea of
what is included within each sub-clause.
1. 2. & 3. Scope, References, Terms and Definitions
1 Scope of the standard
2 Normative references
3 Terms and definitions
The first three clauses in ISO 9001:2015 are scope, references, and terms and
definitions. These are informational clauses, rather than clauses that outline any
kind of actions or requirements. This is something we will get into in a later
sections.
The scope of the standard highlights the two basic tenets of what quality
management is intended to achieve.
2 Normative references
Other related and applicable standards that you could refer to might include, among
others:
Similar to the context review discussed above, cross functional input is vital, as
certain functions will identify with particular stakeholders, for example procurement
with suppliers, and sales with customers.
Once stakeholders and their requirements are identified, the next step is to
consider which stakeholder requirements generate compliance obligations. Legal
requirements should be identified before other requirements.
This process of adopting requirements will allow you to focus and coordinate on
what’s important.
Learn more about 4.2 Understanding the Needs and Expectations of Relevant
Stakeholders.
Look for confirmation that your organization has determined the boundaries and
applicability of the quality management system to establish its scope with reference
to any external and internal issues referred to in 4.1 and the requirements of
relevant interested parties referred to in 4.2.
The scope of your quality management system may include the whole of the
organization, specific and identified functions within the organization, specific
sections of the organization, or one or more functions across a group of
organizations.
This requires your organization to systematically define and manage processes and
their interactions so as to achieve the intended results in accordance with both the
policy and strategic direction.
5. Leadership
5.1 Demonstrating leadership and commitment, and customer focus
5.2 Establishing and communicating the quality policy
5.3 Establishing roles of authority and responsibility in the workplace
Management responsibility has to do, mainly, with customer commitment
requirements. This is basically the company’s commitment to serving the customer
and building a more loyal following.
This section also establishes a general focus of the company, in terms of the
customer. In other words, the company is pledging to always keep the customer
happy, and do what they can to improve their products, services, and procedures
accordingly.
Without solid management commitment, you will not have a successful quality
management system. This is not a commitment in words; it is the continuous and
active demonstration to everyone in the organization that the need to meet
customers' expectations is vital.
A quick and convenient way to promote and communicate the policy might be to
create a shortened version of main policy; try condensing it to five key words or
even a couple of short sentences.
This can be posted on bulletin boards in each department. You could even add it to
the reverse side of staff security passes or ID badges.
The definition of authority and responsibility in the workplace is another vital aspect
of ISO 9001.
Each employee needs to know who is responsible for the various elements of the
quality management system to ensure successful implementation, operation and
maintenance.
You should develop and make available to all employees a list of personnel and
their job descriptions, competence requirements, responsibilities, along with an
organizational chart of employees as they relate to the QMS.
6. Planning
6.1 Actions to address risks and opportunities
6.2 Management system objectives and plans to achieve them
6.3 Planning for change/change management
Risks and opportunities flow directly from clause 4.1 and 4.2. Determine, consider,
and where necessary, take action to address any risks or opportunities that might
impact the quality management system’s ability to deliver conformance.
Addressing the risks and opportunities will ensure the quality management system
is able to achieve its planned objectives!
The risks and opportunities should be relevant to the context of your organization
(Clause 4.1), as well as, any interested parties (Clause 4.2). You should ensure that
your organization has applied this risk identification methodology consistently and
effectively.
Understanding the risks and managing them appropriately will enhance your
organization’s ability to make better decisions, safeguard assets, and enhance your
ability to provide products and services and to achieve your mission and goals.
The objectives and targets must be consistent with the quality policy. It is also
important to ensure that the quality objectives and associated key performance
indicators (KPIs) are mutually consistent.
It is important to ensure KPIs are meaningful to all key stakeholders including the
customer(s), top management, supervisors and the staff who actually produce the
products and services.
Properly designed and implemented, management programme should achieve the
objectives and, consequently, improve your organization’s performance. The
management programme must:
To ensure the progress of the action plan and a coordinated effort, a target leader
should be selected for each target who will be responsible for ensuring a target is
achieved within the specified time-frame.
Changes are intended to be beneficial but they need to be carried out when
determined by your organization as relevant and achievable. In addition,
consideration of newly introduced risks and opportunities should also be taken into
account.
To achieve the benefits associated with changes, your organization should consider
all types of change that may occur. These changes may be generated, for example
by:
7.1 Resources
There are six sub-clauses in clause 7.1, and include general (7.1.1), people (7.1.2),
infrastructure (7.1.3), work environment (7.1.4), monitoring and measuring
resources (7.1.5), and organizational knowledge (7.1.6).
Ensure that your organization has determined and provided the resources needed
for the establishment, implementation, maintenance and continual improvement of
the QMS. Resources will often include raw materials, infrastructure, finance,
personnel and IT, all of which can be either internally or externally provided.
Check that your organization has identified which resources and the staff necessary
for the effective implementation of the QMS and for the operation and control of its
processes.
Sources of external knowledge often include other ISO standards; research papers;
conferences; or knowledge gathered from customers or external parties.
7.2 Competence
Even though some personnel may have the same job, the type or level of training
may vary according to each person’s past education, training, and experience.
The awareness training does not need to follow the format of classroom sessions,
techniques can include short training segments supplemented with videos and
hands-on demonstrations that address key elements of the QMS.
Other methods to promote and reinforce the quality awareness training sessions
include communication via electronic bulletin boards, posters, newsletters and
informational meetings.
7.4 Communication
Keep people informed of the progress of the project; e.g. what’s been done, what’s
to be done next and how the project is progressing against the plan.
A robust document control process invariably lies at the heart of any compliant
management system; almost every aspect of auditing and compliance verification is
determined through the scrutiny of documented information.
Individuals and their line managers should be responsible for the information that
they create, as well as being responsible for their retention and disposal in line with
legislative requirements and organizational needs.
The terms ‘documented procedure’ and ‘record’ used ISO 9001:2015 have both
been replaced by the term ‘documented information’, which is defined as
information required to be controlled and maintained by an organization, as well as
the medium on which it is contained.
8. Operation
8.1 Operational planning and control
8.2 Determining requirements for products
8.3 Design and development of products and services
8.4 Control of external processes, such as suppliers and contractors
8.5 Production and service provision
8.6 Release of products and services
8.7 Nonconforming products or services
Clause 8 is comparable to the requirements from ISO 9001:2008 Clause 7.1 –
Product Realization Planning, but it has been extended to include implementation
and control, as well planning, evidence of controls, acceptance criteria and
resources to address risks and opportunities.
For those risks and opportunities that your organization has identified, you should
seek evidence that these actions have been integrated into the quality management
system.
The sub-clause mandates that your organization should not issue a quotation or
accept an order until it has been reviewed to ensure requirements are defined, and
that the organization has the capability to meet the defined requirements.
It goes on to require that records of the review and any subsequent actions be
maintained.
This clause focuses on the need to develop, implement and maintain a design and
development process that is appropriate to the requirements for the provision of
products and services.
Design plans must specify the design and development stages, activities and tasks;
responsibilities; time-line and resources; specific tests, validations and reviews; and
outcomes.
You should also ensure that your organization has retained documented information
to confirm the identified design and development requirements were met and that
design reviews were undertaken.
Define which inputs are required to carry out the design and development process.
The inputs should be determined according to the design and development
activities. For example, which employees are required, or what information is
required for every step of the development.
You must maintain records of design verification as these records will indicate the
results of verifications and determine any necessary corrective actions.
Validation is similar to verification, except this time you should check the designed
product under conditions of actual use.
The design and development output is the result of design and development
process. The output is a clear description of the product, containing detailed
information for production. Design and development outputs must reconcile with
design and development inputs.
It is as important to control design changes throughout the design and
development process and it should be clear how these changes are handled and
what effects they have on the product.
Ensure control over design and development changes, design changes must be
identified, recorded, reviewed, verified, validated, and approved.
organizations need to identify which materials and services that they buy can affect
the quality of their products. Then they need to establish criteria for selection of
suppliers that can provide these materials and services.
You could consider dividing your suppliers into groups based on the product or
service they provide and what effect it has on the quality of your products or
processes, e.g. level I/II/III/etc.
Based on those categories, you can define the criteria for supplier evaluation and
approval. You are free to define your supplier levels and approval parameters
accordingly, but, whatever rationale is opted for, it should be properly documented.
There is no ‘right way’ for vetting suppliers. To meet the intent of the clause you
simply need to establish a process with properly documented criteria which are
based upon customer requirements. ISO 9001 requires that the purchasing
documentation contains the correct information before it is issued to a supplier.
You should seek and record evidence that your organization has controlled the
conditions by which products or services are provided, for example by ensuring that
monitoring and measurement take place at appropriate points in the production
process to ensure that both the processes themselves and the process outputs
meet the organization’s acceptance criteria.
There are several ways of identifying products. The most obvious is using tags or
stickers with part numbers, bar codes, job numbers, etc. The identification may be
engraved in the product itself, or the product may simply be marked by a color.
Preserve the product during internal processing and delivery to the intended
destination. Preservation, packaging and other product specific handling methods
are likely to an output of the product design process.
Respond to unplanned changes that are considered essential in order to ensure that
products or services continue to meet their specified requirements, in such a way
that conformity with requirements is maintained.
The release of product or delivery of service must not be completed until the
planned requirements have been met. ‘Release’ of product may include, according
to product planning and the verification stages, release to the next operation,
release to an internal customer, release to final customer, etc.
Every once in a while, there will be some product or service produced by the
company that is not up to the standard protocol that is defined by the ISO
9001:2015 standard. This is also known as a non-conforming product/service, or a
non-conformity.
Monitoring and measuring QMS operations and activities will establish a mechanism
to ensure that your organization is meeting its policies, objectives and targets. In
order to meet this requirement, your organization must perform six steps:
Just collecting data on customer perceptions is not sufficient, you should seek and
record evidence that your organization has analyzed and evaluated customer data
and that conclusions have been made with regard to the effectiveness of the QMS.
Analyze and evaluate data from both internal and external sources such as quality
records, monitoring and measuring results, process performance results, objectives,
internal audit findings, customer surveys and feedback, 2nd or 3rd-party audit
results, competitor and benchmarking information, product test results, complaints,
supplier performance information, etc.
These sub-clauses provide a clear framework for planning and conducting internal
audits. The internal audit process is a primary tool ensure the QMS is operating
effectively.
During the early stages of implementing ISO 9001:2015, or any other management
system standard, the internal audit programme often focuses on ensuring that any
compliance issues or non-conformities are discovered and rectified prior to the
Certification Body assessment.
However, once your organization becomes certified, the audit programme must
evolve. The focus of the internal audit programme should be re-directed, away from
'elemental' compliance with ISO 9001:2015, to an audit strategy that considers the
'status and importance' of each process comprising the quality management
system.
Here's what ISO 9001:2015 is really all about: defining a policy, creating a plan
devising with relevant objectives. Implement the QMS according to the plan, begin
auditing, monitoring and measuring performance against the plan and reacting to
your findings.
Management cannot wait for six months to respond, if they do, it will be too late.
Every time management convenes to review and react to performance, it is
considered as a management review.
Some companies have multiple review levels, whereby, each review may require
multiple subjects and rely upon multiple metrics as inputs. Sometimes subjects are
reviewed at more than one level, e.g. production numbers might be reviewed by
the production teams during daily production meetings and then by senior
management, possibly weekly.
Top management might conduct weekly meetings in which they review metrics and
objectives to determine if any corrective action is required. The process owner is
then responsible for reporting close out progress in the meeting a week later.
10.1 Improvement
Look out for objective evidence that improvement is taking place. However, while
improvement does not need to be continuous, it does need to be evidenced as
occurring.
Taking appropriate action to address the effects of the problem may require a
simple correction by the process owner or operator where it was discovered, or, if a
major failure or defect exists, more significant levels of resource would be needed
for problem solving and corrective action.
Improving your business will include assessing everything that is going on, deciding
how you can make it better, and implementing those positive changes. This does
not necessarily mean that anything is wrong with what you are doing, only that you
want to get better every day.
If you know anything about ISO 9001, then you probably understand how specific it
can get.
When a business wants to become certified with ISO 9001, they are required to
abide by a long list of very detailed processes that include defining the scope,
performing surveillance and analysis, and going through internal audits before they
can be considered ISO 9001 accredited.
With that being said, it is justified to assume that you must follow all of these
standards line by line as a business owner, in order to gain and hold onto your ISO
9001 certification.
To clear this up, take a look at the list down below to find out the answer to the
questions of whether or not all ISO 9001 clauses are requirements, and which ones
are mandatory, if not.
At this point, you might be wondering why the first three clauses are excluded from
the certification requirements. If they are not required for certification, then what is
the point of even reading them, right?
Clauses 1-3 are not requirements, only due to the fact that their purpose is to
provide general information and terminology that will be used throughout the
remainder of the standard.
In other words, clauses 1,2, and 3 of ISO 9001 do not outline any actionable
requirements at all, making them non-mandatory for company personnel.
To recap on what was discussed in the previous section and provide a more clear
distinction between the clauses, the list down below will highlight the mandatory
clauses of ISO 9001.
For all of the required clauses, must a business owner and company personnel
follow everything line by line? Generally, the answer to this question is yes, but
there is one small exception, which is contained in Clause number 7.
Let’s take a closer look at this clause, in particular. Refer to the list down below to
get a detailed outline on the Product Realization section of the ISO 9001:2015
standard.
Clause 8 - Operation
During this time, the requirements for the product will be defined. This includes
what it is supposed to do and how it will be executed. The same process goes for
services as well, but in a slightly different manner.
Then, the product will be designed and developed before the products are
purchased and everything is produced and supplied to customers.
Following these standard procedures, the company personnel must maintain control
of the equipment, by measuring inventory and resources, along with closely
monitoring everything else.
How Have The ISO 9001 Clauses Changed Over The Years?
As you might have caught already, there are several different versions of the ISO
9001 standard, with two in particular.
This is due to the fact that the ISO 9001 quality management system is constantly
changing and evolving to be more beneficial to everyone who is involved in a
business, from the owner and employees to the regular customers.
While the years are steadily progressing, so is the ISO 9001 standard. Let’s
take a look at what the two most recent versions of ISO 9001 are, before we get
deeper into each one.
1. ISO 9001:2008
2. ISO 9001:2015
The two most recent versions of the ISO 9001 standard include ISO 9001:2008 and
ISO 9001:2015. The older one was updated in the year 2008, while the most up to
date came out in 2015.
With these changes going on, there were a lot of alterations in the amount of
clauses between the two, as well as which clauses are considered to be
requirements. Let’s start with ISO 9001:2008.
ISO 9001:2008
8 clauses in total
Clauses 4-8 were requirements
The 2008 version of ISO 9001 contained 8 total clauses, instead of the 10 that are
contained in ISO 9001:2015.
Out of the total 8 clauses in ISO 9001:2008, there were only 5 required clauses,
which were 4-8.
ISO 9001:2015
10 clauses in total
Clauses 4-10 are requirements
More clauses and more requirements in the updated version
The 2015 version of ISO 9001, on the other hand, has 10 total clauses - meaning
that two of them were recently added on to the standard in order to improve the
system further.
Out of all 10, there are a total of 7 requirements, also meaning that the additional
clauses became mandatory to ISO 9001 users.
ISO 9001:2015 has more individual clauses as well as more requirements than the
older version from 2008.
So, now that you have learned everything there is to know about all 10 ISO
9001:2015 clauses, as well as which ones are required and how they have changed
over the years, you might be wondering how you can benefit from gaining
certification.
There are a multitude of benefits that come with ISO 9001 certification, for you as
the business owner, as well as your employees and customers.
When a solid quality management system is in place and working exactly how it is
supposed to, you will notice rewards coming from almost every avenue.
Whether you are most excited about gaining a loyal customer base and growing
your following or establishing long-term employees who are enthusiastic about their
positions, there is no doubt that both your business and revenue numbers will
increase exponentially when you do it right.
With a good grasp on what the ISO 9001 clauses consist of, as well as what is
expected from you within each section, you will be on your way to gaining an ISO
9001 certification and using the world-renowned quality management system in the
favor of your growing business as you excel toward a more quality future.