ISO9001 2015webinar FAQ July

DQS Inc.
Management Systems Solutions
ISO 9001:2015 FAQ
The focus of this FAQ is to provide answers to questions that have been received to date, and
asked at the ISO 9001:2015 Revision Training webinar held on October 29th, 2014.
A1. Where can the current DIS draft of ISO 9001:2015 be found?
The current DIS draft of ISO 9001:2015 can be purchased from numerous organizations,
including ISO and ASQ. Additional information may be obtained at.
http://iso.org/iso/iso9001_revision.html
http://asq.org/standards-iso-9001-2015.html
A2. What is the auditor certification process for ISO 9001:2015?
Since the requirements of ISO9001:2015 are fundamentally different than ISO9001:2008, ,

DQS, Inc. auditors will be going through extensive training in 2015 after the release of the
FDIS. Following the training, all auditors will be tested to validate their knowledge and
understanding of the new requirements prior to them performing any audits.
In particular, we will assess our program to ensure that our auditors and other relevant
personnel demonstrate knowledge and understanding of:
• The requirements of the latest ISO 9001: 2015 Standard;

• The new “risk-based thinking” as part of the requirements of the revised standard;
• Definition of certification scope in light of the changed exclusion requirements;
• Performance of system document reviews in light of the reduced emphasis on
mandatory requirements for documented procedures in the new standard.
A3. Can you certify to 2008 version after 2015 has been released?
After publication, there will be a three-year period during which certificates against the
current standard will still be valid. All such, these certificates will expire on the third
anniversary of the date of publication of ISO 9001:2015.
On request of a client, DQS, Inc. may still issue new certificates against the current
standard version (ISO 9001:2008) within a period of 24 months after the publication of the
revised standard. However, clients shall note that these certificates get a restricted validity
period, expiring on the third anniversary of the date of publication of ISO 9001:2015. To
allow time for the positive certification decision, all upgrade audits will be required to be
done at least 3 months prior to the expiration of the certificate (33 months from the
issuance of the standard).
1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

Buffalo Grove, IL 60089 www.dqsus.com Ganesh Rao
USA
DQS Inc.
A4. For a company with recertification in December 2015, will they be able to go to the
2015 Standard?
For registered clients, the most cost-effective way of transitioning will be to use their
scheduled recertification audit for assessment against ISO 9001:2015. This is possible
within the three year transition period announced by ISO. Should a registered organization
wish to be assessed against ISO 9001:2015 prior to or after its scheduled reassessment, it
may arrange a special audit for that purpose. The number of audit days for the special audit
will be equivalent to a Recertification audit, as a minimum.
A two-stage approach will be used for all upgrades, and will be composed of “readiness
review” and “system audit”. Details of the transition plan will be covered again during our
webinar of July 29, 2015.
A5. Our triennial is in late 2015. Is it preferable to wait, and not transition right away in
late 2015?
Please refer to A4. The most cost-effective way is to do the transition during the Triennial
audit. However, a client may decide to transition to the new standard during a regularly
scheduled surveillance audit (or at any other time independent of any scheduled
surveillance or recertification audit). In such cases, the number of audit days shall be
equipvalent to a recertification audit as a mimimum. After a positive certification decision,
the client will receive a new certificate with a validity of three years.
A6. How will ISO 9001:2015 affect an organization that is certified as an

Integrated Management System (ISM)?
Conformance with the requirements of ISO9001:2015 is independent of the company’s

registration to any other quality management system standard. As such, clients with
multiple registrations will have to show evidence that the requirements of ISO9001:2015
were effectively implemented and compliance with the requirements of the other standards
is concurrently maintained.
A7. If your quality manual is currently written to reflect the ISO 9001:2008 standard,
does it have to be re-written to reflect the now 10 instead of 8 sections?
No, assuming that the Quality Manual does not provide any contradictory information
concerning the requirements of ISO9001:2015. However, the requirements of the two
standards are significantly different. Upgrading the Quality Manual to comply with the
requirements of the new standard may be a valuable effort to better identify the deficiencies
within the organization and to have them addressed prior to the upgrade audit.
Renumbering of the pages and/or sections is not essential as the new standard does not
even require that a Quality Manual be maintained.

USA
DQS Inc.
A8. Does the ISO 9001:2015 revision require a Quality Manual?
Please refer to A7.
A9. If a company has a manual based on standard requirements, won’t they need to
update to reflect process approach?
There is no requirement for a quality manual in the draft for 2015. The new standard also
requires that the processes be identified and that their interaction be defined. The internal
audit process must use the “process approach”. The process approach requirement has not
changed. However, although the “Process Approach” was noted in the ISO9001:2008
standard, the new standard explicitly requires the use of the “Process Approach” when
implementing the Quality Management System. Furthermore, the new standard requires the
top management to demonstrate leadership and commitment by promoting awareness of
the “Process Approach” within the organization.
Since a Quality Manual is no longer required, the “documented information” required by the
standard may be in any media or format.
A10. If we are concurrently certified to AS 9100, are there changes in ISO 9001:2015 that
are not covered under the aerospace standard?
We have not performed a one to one analysis at this time with the first draft. The IAQG is
developing revisions to the AS9100 standard concurrently with the ISO 9001:2015
development and is currently targeted for release in April 2016. They have proceeded with
the intent to retain the ISO 9001:2015 requirements with additional AS9100 additions. The
IAQG had over 60 inputs into the ISO 9001:2015 draft. Please refer to Q6 as well in regard
to integrated management systems. Information about the AS9100:2016 development
process is available here:
http://www.sae.org/aaqg/publications/9100_series_rev_overview.pdf
A11. For medical devices companies, if ISO 13485:2015 is going to align with ISO
9001:2008, how will that impact the transition to ISO 9001:2015?
If an organization that is certified to ISO 13485 intends to remain certified to ISO 9001, the
requirements of the 2015 version must still be met. Or an organization that is certified to
ISO 13485:2015 and does not want to upgrade to the ISO 9001:2015 version will lose ISO
9001 certification once ISO 9001:2008 becomes obsolete. DQS, Inc. is prepared to audit to
the additional requirements of ISO 9001:2015 in order to maintain both.
A12. How does the transition period affect companies not yet certified?
Please refer to A3.

USA
DQS Inc.
A13. Will there be access to a gap analysis tool?
For most of our clients, the extent of the revision to the Quality Management System will be
dependent upon the maturity and effectiveness of the current management system,
organizational structure and practices. Therefore, a “Gap”-audit or “diagnostic” might be
useful in order to identify realistic resource and time implications.
Such audits to verify the conformity status of organizations against the revised standard or
draft standard may be scheduled at any time, independent or together with a scheduled
audit. The purpose of these audits is to show clients their conformity status and to identify
any actions required to assure a successful transition. The audit time will be depend on the
desired depth (sampling or full conformity verification). To ensure availabiity of adequate
resources, please contact your Customer Service Representative well in advance if you will
be interested in scheduling a “ Gap“ assessment.
Also, upon confirmation of a gap assessment and/or the Stage 1 assessment, we will make
available a quality management system questionnaire designed to cover the major aspects
of the changes and to assist clients in their identification and implementation of the
changes.
A14. You mentioned that a management representative is not required any more.
How about MRM?
Although the requirement for having a management representative has been removed, the
new standard now allows for multiple individuals to be responsible for different aspects of
the quality management system (Process owners, instead of just one person for the entire
system). Management is now required to identify the responsibility and authority of the
personnel affecting quality. Section 9.3 of the Standard clearly defines the requirements for
the Management Review Process. It is an essential part of the PDCA cycle for
performance evaluation.
A15. What are some of the new requirements for Leadership and how will the new
Standard be friendlier to service companies?
Section 5 of the new Standard outlines the requirements for “Leadership and Commitment”
within the organization. By requiring fewer Procedures and other non-prescriptive
requirements, the new standard is generic in nature and the requirements are intended to
be applicable to all organizations, regardless of type, size and product provided.
A16. Are site extensions (process moved to a separate building, but still under the same
management umbrella sharing the same QA manual, procedures QA manager,
purchasing, shipping, etc.) allowed under the main location certificate?
Under ISO 9001:2015, yes. Each program, such as AS9100, has its own specific
requirements for identifying the nomenclature and method for determining days and
combinations of locations/buildings. Site extensions are not allowed if your organization is
registered to TS16949.

USA
DQS Inc.
ISO 9001:2015 Auditor Training

B1. Should auditors re-do external auditor training in regard to this change?
Since the requirements of the new standard are significantly different than ISO9001:2008,
all Internal Auditors should be “deemed competent” in conducting these audits. Although
no external training has been mandated, it may be beneficial to have the auditors trained in
the new approach. Upon release of FDIS, DQS, Inc. will be offering public seminars,
webinars and on site informational sessions. Details on the availability of the additional
services will be announced during our webinar of July 29, 2015.
B2. Does the Lead Auditor for an organization have to recertify?
Please refer to B1. Section 7.4 of the new Standard requires an organization to determine
the necessary competence of person(s) doing work. As such, all auditors are required to
be “deemed competent” by the organization.
If adequate auditing can be done at the current level of competency, then no additional
training may be needed. However, if additional competency is needed to ensure effective
implementation of the requirements and for better understanding of the concept of the new
standard, then external training may be beneficial. Inadequate coverage of the
requirements, lack of understanding of “process approach”, and unfamiliarity with the
organization’s requirements may indicate the need for additional training of the auditors.
B3. What will be the auditor training requirements?
Please refer to B2. Competency requirements will have to be defined by the organization,
and may be unique.
DQS, Inc. is offering informational sessions, and additional information concerning this
service will be provided by July 29, 2015. Should you be interested in receiving Auditor
Training from DQS, Inc., please notify your Customer Service Representative so you could
be kept advised of the training sessions as soon as they are announced.

USA
DQS Inc.
Risk-Based Approach
C1. The concept of risk management is raising concerns in our organization. If no risk
register or formal assessment is required, could you describe what would be
required? What would the risk-based thinking process look like for a small
company?
The concept of “Risk-Based Thinking” is noted in section 0.5 of the Standard. Risk is
defined as the effect of uncertainty on an expected result. Every organization has risks to
consider in order to fulfill its commitments to its stakeholders and to ensure customer
satisfaction.
C2. What is the number of risk documents you suggest we review?
ISO 31000 Risk Management will be helpful but not mandated.
C3. Can you give an example of a risk based approach and how it would work in
practice?
An excellent example of “Risk” in ISO9001:2015 is provided in Document N1222 (July

2014) published by ISO/TC 176/SC2. A link to the document and related N1221 Risk-
Based Thinking presentation is provided below. Under section 1, please select “A paper on
ISO9001 and Risk” for more information.
http://isotc.iso.org/livelink/livelink/open/tc176SC2public
C4. Can you give an example of what risk might mean in a manufacturing setting?
Examples include availability of skilled labor, limited resource materials, union conditions,
unemployment rate, transportation conditions, seasonal natural events and outdated
equipment. Risk based thinking occurs at all levels in all processes. Please refer to C3 as
well.
C5. Without a risk registry, how will the auditors be able to determine if we have
identified and addressed risks?
The new standard does not require the use of a risk registry. However, that may be an
effective way of demonstrating that the risks have been considered. Other methods will be
equally acceptable if all applicable Risks are clearly identified.

USA
DQS Inc.
C6. Does risk analysis have an acronym rule of thumb, i.e. plan, act, do, check?
None has been identified at this time. However, this International Standard makes risk-
based thinking more explicit and incorporates it in requirements for the establishment,
implementation, maintenance and continual improvement of the quality management
system. Essentially, risk can be associated with all aspects of the PDCA cycle.
C7. Will there be any recommended tools for conducting a risk analysis?
ISO 31000 Risk Management will be helpful but not mandated. Also, please see C3.
C8. Is there a note on how long you have to maintain risk based approach in your
organization before you are considered ready to get a 3rd party audit?
No specific timing requirements have been identified for evidence of risk-based thinking /
approach. Evidence will need to demonstrate that risks and opportunities have been
identified, actions have been planned and implemented to minimize the most significant
risks and that the effectiveness of these actions has been checked.
C9. Are PEARs a good way to deal with the proof of risk analysis?
PEARs are an evaluation of the process effectiveness and do not address risk, risk
assessment or any actions taken to mitigate risk.

USA
DQS Inc.
TS 16949 and ISO 9001:2015
D1. When will the TS 16949 standard be revised and will the auto industry follow
ISO 9001:2015 changes or stick with ISO 9001:2008?
The following was posted on the IATF website on December 5, 2014
“The IATF has established a work team consisting of IATF member organizations to
develop a design specification for the revision of ISO/TS 16949 to align with the ISO
9001:2015 based structure and requirements.”
D2. If we are certified to TS 16949, should we wait to make changes and do training until
the TS update comes out?
If your organization is dual registered to ISO 9001 and ISO/TS 16949, system upgrades will
be needed to meet the ISO 2015 requirements for your ISO registration. There is no
information on the transition plan for the new TS.
D3. Would it be possible / recommended for TS companies to upgrade to new

ISO certifications before TS upgrades, or just wait?
TS16949 may be updated by 4Q, 2016. All ISO9001 registered organizations, regardless
of their registration to other standards, will be required to meet the requirements of
ISO9001:2015 as noted in A3. If published on time, 2017 may be a good year to upgrade to
both at the same time. Or, they may be upgraded individually.
D4. How will current TS 16949 customers be audited in the transition time between
ISO 9001:2015 and TS revision?
If you are not dual certified with ISO 9001, there will be no concerns until the new TS is
published. If you are certified to ISO 9001 and wish to maintain that certification, please see
D3.

USA
DQS Inc.
February 18, 2015 Webinar Questions

Q1 What is the current difference between element approach and process approach?
Explanation of Process Approach was included in slides 30-49. ISO9001:2015 requires all
Processes (value-added activities of the organization) be identified and managed as a process.
Element-based standards just outline the requirements.
Q2 What do you mean by the standard now requires min 17 "documented information"
“Retain Documented Information“ appears 17 times in the Standard. Namely, in sections 4.4,
6.2.1, 7.1.5, 7.2, 8.1.e), 8.2.3, 8.3.5, 8.3.6, 8.4.1, 8.5.2, 8.5.6, 8.6, 8.7, 9.1.1, 9.2.2, 9.3.2 and
10.2.2.
This is equivalent to the current Quality Records requirement, where the information can be in any
media or format. For clarification, please note that “Maintain documented information“ is equivalent
to the current “Documented Procedure“ requirement.
Q3 What does PDCA stand for?
Plan-Do-Check-Act. Please refer to slides 15-19.
Q4 How do I obtain training in Risk Management? Where do I go to learn more? Will the
ISO9000:2015 numbering align with ISO14k and the OHSAS18k?
We will be covering Risk Management as part of our March 25 Webinar. Yes, the numbers will
align for all ISO standards, but not necessarily for some industry based standards such as
TS16949 and AS9100 at this time. Those changes are made by the governing organizations of
those standards. Please refer to slides 54-55. All new ISO standards will be utilizing the same
High Level Structure that is noted in Annex SL. Actual clause numbers may vary but core
definitions and structure will be consistent.
Q5 Sessions on April 19th or April 29th?
The next webinars have been scheduled for March 25, April 29 and May 26. Also, the final
webinar will be held after the issuance of FDIS, on August 19, 2015. Please register on our
website once more for access to the next four free webinars.
Q6 What will be the deadline to update documentation to the 2015 standard after
release? If we just got re-certified, will we have to do it again, or can we do it at the next 3
year cycle?
Please refer to slides 56-63 and FAQ question A5.

USA
DQS Inc.
Q7 The ISO 176 link is no longer valid. Can you supply the new link?
http://isotc.iso.org/livelink/livelink/open/tc176SC2public . As of February 22, 2015, the link is still

active.
Q8 Can you provide the FAQ location again?
http://dqsus.com/iso-90012015/
Q9 I missed the link to the Risk based thinking document. What is it ?
Please refer to slide 53. The correct link is http://isotc.iso.org/livelink/livelink/open/tc176SC2public
Q10 How is transition audit schedule affected for those clients duel certified by other
standards such as ISO/TS 16949 if those standards haven't been modified yet? Don't the
changes to this standard put you in a noncompliance with the other standard before they
are changed?
There don’t seem to be any contradictory requirements between ISO/TS16949:2009 and

ISO9001:2015. Nonetheless, the additional requirements in ISO9001:2015 will have to be
addressed. Please refer to FAQ questions D1, D2, D3 and D4.
As of 2-22-2015, the following was posted on the IATF website :
“The IATF assigned work team will be seeking stakeholder inputs on potential enhancements to the
ISO/TS 16949 standard. Additionally, customer requirements are being analyzed for potential
inclusion in the future standard. Completion of the revised quality management system standard is
targeted for Q4 2016. Posted on 16 Feb 2015“
Q11 When is the deadline to upgrade to 2015?
Please refer to slide 57. Current certificates will have to be upgraded within three years of issuance
of the revised Standard. Additional information concerning the transition process will be presented
during our webinar of July 29, 2015.
Q12 You showed several examples of "not a process map" and one bad process map.
Could you explain what a good process map looks like, requires, etc.?
ISO9001:2015 requires all processes to be identified. Furthermore, clause 4.4b requires the
“sequence and interaction of the process“ be defined. A process map is not required, but is a good
way of showing compliance to these three requirements. A good process map should identify the
processes, show their sequence and interaction. Slides 34-35 comply with these requirements.
Additional information on this subject will be provided on March 25th as part of the review of
section 4 requirements.

USA
DQS Inc.
Q13 Is presentation (not only slides_ will be recorded? I would like to show this to my
PMs.
The entire session was recorded, and is now available on our website (www.dqsus.com)
Q14 Can I download it? or I will be able to see it only online?
You will be able to download the powerpoint slides but the video will only be online.
Q15 Related to the above question, is this Online Webinar Program -Free? or what is the
Pricing?
In an effort to assist our currently registered clients, all information provided on the webinars will be
free of charge.
Q16 So we will have to re-do our internal auditor certifications that we currently have?
Not necessarily. Please see FAQ questions B1, B2 and B3.
Q17 Why change to ISO 9001:2015, just stay at ISO 9001:2008

ISO committee is made up of 163 member countries, each with a single vote. All ISO standards
are normally reviewed every five years to assure that they are still relevant and adequate in an
ever changing world.
In the case of ISO 9001, the increasing diversity of ISO 9001 users had to be considered, including
the increased interest in the service industries as well. It was also necessary to verify the impact of
the new developments in knowledge and technologies which have changed significantly during the
last few years, broader user interests and changes in industries.
In 2010 and 2011, ISO conducted an extensive web-based user survey, asking about the need for
a revision and the future needs and interests of the standard users.
The answers were evaluated and the majority asked for changes to be made to consider the above
factors and for ease of applying the standard to all types or organizations and industries.
In 2011 the responsible ISO committee, the Technical Committee 176, started the systematic
review of the standard and decided in March of 2012 to have it revised.
The changes are intended to better assist organizations in meeting customer requirements and
enhancing customer satisfaction. Also, the new requirements are meant to be easier to implement.
All current certificates to ISO9001:2008 will be required to be upgraded to ISO9001:2015 within
three years of issuance of the new standard.
Q18 Will TS 16949 Auditor training likely be required? Or, will ISO 9001 training be
adequate?
TS16949 training requirements are governed by IATF. Any training requirement will be announced
by them.

USA
DQS Inc.
Q19 When will you be offering the internal auditor training?
Additional information concerning the Internal Auditor Training Program will be made available
during the July 29, 2015 Webinar. All future webinars will continue to be provided free of charge.
Q20 How do we register for the internal auditor training?
The link is http://dqsus.com/iso-90012015-training.
Q21 Do you accept other training certificate from other organization, e.g. the XXX Group.
Is formal internal auditor training required?
Please refer to FAQ questions D1, D3 and D4.
Q22 Will there be any webinars in the coming months that deal with any changes to the
TS-16949 standard?
Yes, part of our commitment to assisting our clients, future changes will be communicated as well.
It is a bit early now for those webinars to be scheduled as the changes are currently being worked
on.
Q23 What is the ballpark cost for the internal auditor certification?
Additional information concerning the Internal Auditor Training Program will be made available
during the July 29, 2015 Webinar
Q24 Is it a requirement to recertify client internal auditor? Are you saying internal
auditors need to be certified for ISO 9001:2015?
No. However, all auditors must be deemed “competent“ to conduct these audits in line with the
Process approach requirements. Please refer to FAQ questions D1, D2 and D4.
Q25 Is it required to attend the internal audit training at UL's selected place of training
Will the on-line training module AND the 2 day training session both be required
Internal Auditor Training program is an optional new service that we will be offering to ensure our
clients know what our auditors know. We will be using the same Auditor Training process that our
auditors will have to complete prior to conducting any audits to ISO9001:2015. To obtain auditor
certification, completion of the on line module and attendance of the two day training session will
be mandatory. Although completion of this extensive training may be optional for our clients, all
DQS, Inc. auditors will be required to complete this training prior to conducting any audits to
ISO9001:2015.

USA
DQS Inc.
Q26 For family owned companies, involvement of management is very rare and the real
actions are really limited to the doers in the company. I am afraid that to be able to
implement the new requirements
On the contrary, the new requirements have been defined so as to make them easier to implement
in smaller organizations. With reduced need for documentation, the ISO9001:2015 is less
prescriptive. Please attend our upcoming webinars where we will discuss in detail each of the
requirements and show ways of complying with those requirements. The focus may be different
now, but ways to comply with the new requirements are practically endless.

USA
DQS Inc.
March 25, 2015 Webinar Questions

Q27 Slide 8 of the presentation material for part 1 cross-referenced ISO9001:2008
sections to 2015 sections. I found many errors. You may want to revisit it.
The references are as outlined in document N1224 by TC176/SC2. A copy of this document can
be obtained at http://isotc.iso.org/livelink/livelink/open/tc176SC2public titled “ISO
9001Correlation_Matrices.doc“. Please note that the intent of the current requirements may be in
the new standard, but not necessarily in the same familiar wording or format.
Q28 Can we assume the terms of definitions in the draft of ISO9001:2005 will be the
definitions in ISO9000’s next revision.
ISO9000 Vocabulary is currently under revision as well. The next update to ISO9000 is expected
to include the definitions currently included in ISO9001:2015. ISO9000-2005 currently does not
include all the definitions currently included in DIS ISO9001:2015.
Q29 The corrective action must eliminate the “cause”. If the cause is an operator do we
need to get rid of the operator?
Getting rid of an operator may not be the real solution. If the root cause is not eliminated, any
other operator will face the same challenges and pose risk to your customers. Please note that in
a very limited number of cases, operator error is the true root cause. Additional training may be
needed to further strengthen their skills and mistake-proofing concepts may be used to eliminate
the possibility of the problem from occurring in the first place. The question to consider is how the
process allowed the error to be made by the operator in the first place and drive root cause from
there.
Q30 Will this new definition for corrective action imply that the bar will be raised by
auditors on the results expected on the determination of the cause of each nonconformity
detected internally and/or externally?
The definition for corrective action has not changed. The intent is to eliminate the root cause and
prevent problems from happening in the first place. Correction to stop the continuation of the
problem should be done as soon as possible. Once this is accomplished, then, root cause of why
it occurred should be done. The corrective action requirements apply to all internal and external
nonconformities.
Q31 Is the Context Of The Organization directed only towards the Quality Management
System or the Entire Business Management System.
With respect to the context of the organization, the Quality Management System requirements are
to be considered in meeting customer requirements. Furthermore, those requirements will have to
be integrated into the Business Management System of the organization. There is some guidance
in ISO 31000 that may be helpful when looking at risk and considering the context of the
organization.

USA
DQS Inc.
Q32 At what level of the organization will the standard expect that the 4.1 requirements of
understanding of the organization and the context can be explained to an external or
internal auditor? Meaning is this requirement OK if Upper Management and Middle
Management can explain how the organization is and its context? Or will the standard
require that at least a basic explanation of the organization could be given by the plant
operator or a mechanic at the shop floor.
Determining the Context of the Organization is a Leadership responsibility and is noted under
section 4.0. Once the context is considered, policies will have to be put in place to address the
requirements of interested parties. Operators are expected to know the policies as they apply to
them, but not necessarily the overall context of the organization. The context of the organization
should be what is important to the organization given its business needs to meet stakeholder
requirements to operate its business per its policies and objectives.
Q33 Are you suggesting that the company will now need process maps for each identified
process? Will
A process map is not required, but is a good way of identifying the processes and showing their
sequence and interaction. Other methods will be equally acceptable if they cover items a-h of
section 4.4. These requirements apply to all processes of the organization supporting the quality
management system requirements of ISO9001:2015. Many organizations have seen benefit in
using process maps since it is a more visual way to increase understanding. However there may
be other ways that are just as effective based on the organization context and needs.
Q34 Can the processes be grouped? For example, can the manufacturing processes be
grouped together with generic inputs, outputs, measures, responsibilities, etc. or does each
specific process need to have each item listed in clause 4.4.
Items a-h of section 4.4 has to be addressed for all processes. If a generic map is used for the top
level process map, then sub-process maps will have to clearly define items a-h for the process
under consideration. Identification of those items are needed to define the process and to show
improvement.
Q35 We have the processes explained in written documents where the information
required by 4.4 can be found. Some of the requirements are in different documents as for
example the indicator and its target value. Do we have to go to a more graphic approach for
process definition as the turtle diagram or equivalent when we certify to ISO9001:2015.
The turtle diagrams and process maps were all examples of how the requirements of the standard
may be met. Other methods will equally meet the requirements of the standard as long as items
a-h of section 4.4 has been addressed for all processes.

USA
DQS Inc.
Q36 Is the ISO9001:2015 standard still on track to be released by this September.
The current timeline for FDIS publication is July 15, 2015 and for the final Standard by September
2015. Any changes to these dates will be communicated during the upcoming webinars.
Q37 If the company has multiple sites in which sections is excluded, can those sites lose
certification if main company don’t maintain those exclusions.
That may depend on the type of certification being sought. For single site registrations,
ISO9001:2015 will continue to be site-specific. If, at a specific site, a requirement does not apply,
then it must be identified as exclusion. In case of Corporate Registrations covering various plants,
any requirement that may not be applicable to the entire organization may be identified as
exclusion. If a company is design responsible and seeking corporate registration, then the design
activity cannot be excluded from the scope. However, if the scope of registration is only limited to
one plant and a sister plant is responsible for design, then design may be excluded.

USA
DQS Inc.
April 29, 2015 Webinar Questions

Q38 In 7.1.5, it is noted to do assessment if equipment is found to be “defective”.
Would this include out of tolerance conditions as well.
Defective is defined in 3.40 as “a nonconformity related to an intended or specified use”. If

the equipment is found to be out of tolerance during the calibration process, it is essentially
considered defective as its validity to meet its intended use. Therefore an impact
assessment will have to be done to analyze the effect of this out of calibration condition on
the products since the last known valid calibration. In the industry the potential variance is
know as “variable data“.
Q39 Do you feel audits will take longer due to evaluation of risk assesment
evidence?
While it is not intended for the overall number of audit-days to change significantly because
of the recent changes to the ISO9001:2015 Standard, it is recognized that this will depend
on how the organization intends to change their system to conform to the revised Standard.
Please keep in mind that upgrade audits will be done in two stages. Stage 1 is required to
ensure full understanding of the new requirements, implementation of process approach,
risk-based thinking, identification of interested parties, along with a review of the other
requirements, and is expected to be half or one day in duration. The number of audit days
for upgrade audit itself will likely be equivalent to the number of recertification or initial
certification days depending on system changes for conformance to the revised standard.
By performing the stage 1 we can confirm audit days in the most effective way to meet your
needs. The transition process was covered in February, and additional information
concerning this process will be presented during the upcoming webinar of July 29, 2015.

USA
DQS Inc.
May 26, 2015 Webinar Questions

Q40 How should we address the exclusion of design process in our organization.
Clause 4.3 requires justification for any instance where a requirement of ISO9001:2015
cannot be applied to be maintained as “documented Information“. If your organization is not
design responsible, the exclusion and justification must be defined in any document, or any
media. It could be beneficialto include it where the other processes are identified for
section 4.4 (i.e. a process map).
Q41 Is traceability back to a specific gage number required for product

acceptance?
Section 8.3.5 does require the design and development outputs to include or reference
monitoring and measuring requirements, and acceptance criteria, but not monitoring and
measuring equipment. Apologies for the oversight and misstatement.
Q42 On Slide 30, what do the yellow balloons reference to?
The yellow balloons were intended to show the logical sequence of auditing a process. On
slide 30, it would be best to start the process audit by verifying the responsibilities and
authorities (1), followed by the quality objectives (2), the finished products (3) and so on.
Q43 Regarding Internal Audits, another registrar is offering it as an outsourced

process. Does DQS, Inc. also offer this service as an outsourced process?
Based on the accreditation requirements defined in ISO/IEC 17021, a registrar can only
perform internal audits for an organization that they do not provide 3rd party certification to.
A minimum of two years from the internal audit and certification is allowed if impartiality
cannot be maintained
Q44 Will element-based audits definitely not meet the requirements of the
standard?
Coverage of elements alone during the internal audits will not meet the requirements of
ISO9001:2015. With the explicit need for implementation of process approach within the
organization, the audits will have to cover compliance of those processes with the
requirements of ISO9001:2015, the company’s stated requirements and ensure
effectiveness of those processes. Also, completing one audit checklist for all processes will
not meet the intent of the standard as each process is required to be audited to ensure
compliance with the applicable requirements.

USA
DQS Inc.
Q45 When is the readiness audit (Stage 1) done?
Stage 1 audits should be scheduled 2 to 3 months prior to the Stage 2 audit. Consideration
should also be given to the impact the revision has had on the management system in
determining the timing. The Stage 1 must be conducted within 6 months of the Stage 2
audit or the Stage 1 audit will need to be repeated.
Q46 Is Stage 1 something that needs to be scheduled separate from an annual

audit?
Only the upgrade audit will require a Stage 1 and it will be scheduled separate from the
Stage 2 portion of the assessment. Annual assessments, if not part of the upgrade audit,
will not require a Stage 1.
Q47 Will Risk Analysis need to be done to processes such as Purchasing, Human
Resources, Training, etc. ?
Clause 4.4, item (f) requires that the risks and opportunities be determined for all
processes. Clause 6.1 requires the risks to be addressed. Also, actions taken to address
risks and opportunities may be proportional to the potential impact on the conformity of the
products and offered services.

USA
DQS Inc.
June 29, 2015 Webinar Questions

Q48 How does the Mission and Vision statements relate to the Organizational
Context? Our vision statement states who we are and what we want to accomplish.
Does that satisfy the Organizational Context Requirements?
The requirements related for Context of the organizationa re defined in sections 4.1 to 4.4,
and described in detail in our webinar of March 25, 2015 (slides 33-44). Depending on the
content of the Mission and Vision statements, they may be adequate to demonstrate that
the organization “has determined external and internal issues that are relevant to its
purpose and strategic direction and that can affect its ability to achieve the intended results
of its quality management system (4.1)“. Additional information may be needed if the
Mission and Vision statements do not clearly address this requirement.
Q49 If documented information is not required for Context and Interested Parties,
how will DQS, Inc. train their auditors on how to audit this without documented
information? Or will you require your clients to have something documented?
Please refer to question A2. The mandatory procedures are noted in the standard for
having “documented information” available. The standard does not prohibit having a
document to describe the context and interested parties. If it will be easier to demonstrate
compliance with this requirement, a procedure may be established. However, the standard
does not require documented information for this section. Evidence of compliance may be
collected during the audits by interviewing top management in lieu of availability of
documented information, in line with our normal auditing techniques.
Q50 What is DQS, Inc. understanding of Risk-Based Thinking versus a formal risk
management program? It is my understanding that a formal program to manage risk
is not required, but we should be able to show that risk and opportunities are
evaluated and responded to.
The requirements for Risk-Based Thinking were presented in detail during our webinar of
April 29, 2015 (slides 26-59). A formal risk management system, such as ISO31000, is not
required, but desired.
Q51 With the terms Risk and Opportunity, lots of consultants are talking about the
use of SWOT analysis. Is this tool recommended by ISO?
No preferred method is described in ISO9001:2015. Standard requires that the Risks and
Opportunities be identified, and SWOT analysis is one form of doing that. Other methods,
such as FMEA, Risk Register, or formal risk management programs may be adequate as
well.

USA
DQS Inc.
Q52 Will an ISO transition guidance document be issued? If so, when?
Since every organization’s registration is unique, we do not have a plan to publish an

external guidance document at this time. Nonetheless, an internal guidance document is in
place and you Customer Service Representatives will be happy to discuss your transition
plans to ensure that the guidelines are being followed. .
Q53 We are a TS16949 and ISO9001 certified company. Will a new TS16949
standard come out with the updated ISO9001:2015?
Please refer to questions D1 to D4.
Q54 Is it OK to maintain ISO13485:2003 hence no ISO13485 upgrade to the 2015

version is required?
The ISO13485 Standard is currently under revision and is expected to be released as noted
in question A11. However, the upgrade is based on the core requirements of
ISO9001:2008 and not ISO9001:2015. Therefore, upgrade to ISO9001:2015 is not
required if your organization is registered to ISO13485 only. However, if it also registered
to ISO9001:2008, then the new requirements will have to be implemented in accordance
with the transition plan. In this case, additional audit time will be added to review the
requirements of ISO13485 that is based on ISO9001:2008 and the new requirements of
ISO9001:2015. Please contact your Customer Service Representative for additional
information.
Q55 Can we take the on-line review even if we don’t plan to attend the 2 day
Internal audit class?
The online review is currently intended for use during the 2 day Informational Sessions. We
don’t have any plans to make it available by itself at this time.
Q56 For companies on a sampling plan, do all sites need to complete a stage 1 and
stage 2 before the certificate is issued? Or will the normal sampling plan be applied
like when we first received our certificate?
The normal sampling plan will apply to all upgrade audits for companies that are on a
sampling plan. However, as part of the Stage 1 process, we will be seeking information
about the organization’s ISO9001:2015 implementation plan to ensure that all affected sites
are upgraded, even if they are not subject to audit during the current cycle. Evidence of
completed Internal Audits at all locations may be one way of demonstrating that the
changes have been implemented and verified at all locations.

USA
DQS Inc.
Q57 Please explain the rational why there is emphasis on risks. In ISO9001:2008
the risks is addressed via the Preventive Action. Does it mean that risk identified by
auditor will become a minor finding?
Risk-based Thinking is one of the major changes from the previous edition. This subject
was covered in detail in our webinar of April 29, 2015 (slides 31-59). The biggest difference
is that in ISO9001:2008, Preventive Action was in the “ACT” section of the PDCA cycle.
Now, it is moved to the “PLAN” section to identify the risks during the planning process.
Q58 Do you have any recommendations for an ISO9001/TS16949 registered

company that is getting pressure to need ISO13485 certification?
The need for registration is customer driven and not mandatory. The decision to pursue
ISO13485 may depend on the benefits of registration to the organization.
Q59 Many of the changes seem have been addressed in TS16949. What are the
most significant “adds” beyond what is covered in TS. Does FMEA work cover Risk
Analysis? Can we just apply TS processes and activities for ISO if we are ISO/TS
dual registered?
We don’t have a one-to-one comparison of ISO9001:2015 and TS16949:2009 at this time.

However, the changes are significant and registration to TS16949 will not automatically
guarantee registration to ISO9001:2015.
In the automotive industry, FMEA is typically used during the product design and
manufacturing phases only. ISO9001:2015 requires that the risks be identified for all
processes, such as Purchasing, HR, maintenance, etc. Please refer to questions D1-D3
and Q10 for further information.
Q60 We are ISO9001/AS9100 Certified, with our recertification assessment planned

for this fall. How do you recommend we manage our Internal Audit process during
the transition period to ISO9001:2015 and AS9100D? Continue auditing against
ISO9001:2008 and AS9100C until internal transition is complete, or start auditing
against new standards once AS9100D is released to help identify gaps?
Internal Audits are required to be done to ensure compliance with the requirements of the
registered standard. For example, in order to maintain ISO9001:2008, internal audits will
be required to ensure compliance with the requirements of the said standard.
During the transition phase, internal audits to the revised standard will be needed to confirm
that the changes have been made to the quality management system to address the
requirements of the revised standard. Customer requirements should be considered when
updating the quality management system for conformance with the new standards.

USA
DQS Inc.
This document will be updated periodically.

Please email your questions to
ISO9001_2015_Questions@dqsus.com
and we will provide an answer as part of the next update.
Updates will be available at : http://dqsus.com, under the

ISO9001:2015 Revision banner.

USA

ISO9001 2015webinar FAQ July

Uploaded by

Copyright:

Available Formats

You might also like

ISO9001 2015webinar FAQ July

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO9001 2015webinar FAQ July

Uploaded by

Copyright:

Available Formats

DQS Inc.

Management Systems Solutions

ISO 9001:2015 FAQ

A2. What is the auditor certification process for ISO 9001:2015?

Since the requirements of ISO9001:2015 are fundamentally different than ISO9001:2008, ,

• The requirements of the latest ISO 9001: 2015 Standard;

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

A6. How will ISO 9001:2015 affect an organization that is certified as an

Conformance with the requirements of ISO9001:2015 is independent of the company’s

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

A8. Does the ISO 9001:2015 revision require a Quality Manual?

Please refer to A7.

Please refer to A3.

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

A13. Will there be access to a gap analysis tool?

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

ISO 9001:2015 Auditor Training

B2. Does the Lead Auditor for an organization have to recertify?

B3. What will be the auditor training requirements?

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

C2. What is the number of risk documents you suggest we review?

ISO 31000 Risk Management will be helpful but not mandated.

An excellent example of “Risk” in ISO9001:2015 is provided in Document N1222 (July

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

TS 16949 and ISO 9001:2015

The following was posted on the IATF website on December 5, 2014

D3. Would it be possible / recommended for TS companies to upgrade to new

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

February 18, 2015 Webinar Questions

Q3 What does PDCA stand for?

Plan-Do-Check-Act. Please refer to slides 15-19.

Q5 Sessions on April 19th or April 29th?

Please refer to slides 56-63 and FAQ question A5.

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

http://isotc.iso.org/livelink/livelink/open/tc176SC2public . As of February 22, 2015, the link is still

Q8 Can you provide the FAQ location again?

Q9 I missed the link to the Risk based thinking document. What is it ?

Please refer to slide 53. The correct link is http://isotc.iso.org/livelink/livelink/open/tc176SC2public

There don’t seem to be any contradictory requirements between ISO/TS16949:2009 and

As of 2-22-2015, the following was posted on the IATF website :

Q11 When is the deadline to upgrade to 2015?

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

Q14 Can I download it? or I will be able to see it only online?

Not necessarily. Please see FAQ questions B1, B2 and B3.

Q17 Why change to ISO 9001:2015, just stay at ISO 9001:2008

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

Q19 When will you be offering the internal auditor training?

Q20 How do we register for the internal auditor training?

The link is http://dqsus.com/iso-90012015-training.

Please refer to FAQ questions D1, D3 and D4.

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

March 25, 2015 Webinar Questions

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

1130 W. Lake Cook Rd, #340 Tel. +1 800 285-4476 President:

Q36 Is the ISO9001:2015 standard still on track to be released by this September.