ISO 9001:2015

Quality Management System

1
Contents
1. Introduction: About ISO
2. Revision of Quality principles
3. Annex SL
4. Main Outlines
5. ISO 9001-2015 Structure
6. Terms & Definition Highlights
7. ISO 9001-2015 Requirements Highlights

2
 1-About ISO

 ISO (International Organization for Standardization) is the world’s

largest developer of voluntary International Standards.
 ISO is based in Switzerland, over 165 nations participate with
approximately 20,000 standards since 1947
 All ISO standards are based on consensus
 ISO standards are usually developed by Technical Committees (TCs)
or their sub-committees, or by Project Committees
 ISO work involves experts nominated by their national standards
bodies
 ISO International Standards impact everyone, everywhere.
 ISO 9000 Series; Background

• First published in 1987, ISO 9000 has consistently been

ISO’s most popular series of standards.

• Building on 25 years of success, ISO technical committee

ISO/TC176, Quality management and quality assurance,
subcommittee SC 2, Quality systems, is busy laying the
groundwork for the next generation of quality
management standards.

4
 ISO 9001 revisions since beginning

1994
2000

1987 Revisions

2008

2015
9001-2008

6
9001-2015

4. Process
Approach

7
 Comparison of Principles
Ser ISO 9001:2008 ISO 9001:2015
1 Customer Focus Customer Focus
2 Leadership Leadership
3 Involvement of People Engagement of People
4 Process Approach Process Approach

5 System Approach

6 Continual Improvement Improvement

Factual Approach to Evidence Based Decision
7
Decision Making Making
Mutually Beneficial
8 Relationship Management
Supplier Relationship

8
 ISO 9001: 2008 is based on 8 principles.
 ISO 9001:2015 is based on 7 in line with the recent revision
of the Quality Management Principles
 The main changes are :
 Dropping “Principle 5: System approach to management” because it is
already covered by the act of having a quality management system).
 The last principle is referred to as 'Relationship Management', replacing
"Mutually beneficial supplier relationships".
 Changed from "continual improvement" to just "improvement".

9
1- Customer Focus
• The primary focus of quality management is to meet
customer requirements and to strive to exceed
customer expectation

2- Leadership
• Leaders at all levels establish unity of purpose and
direction and create conditions in which people are
engaged in achieving the quality objectives of the
organization

3- Engagement of People
• It is essential for the organization that all people are
competent, empowered and engaged in delivering
value

10
4- Process Approach
• Consistent and predictable results are achieved more
effectively and efficiently when activities are
understood and managed as interrelated processes
that function as a coherent system

5- Improvement
• Successful organizations have an ongoing focus on
improvement

6- Evidence-based Decision Making

• Decisions based on the analysis and evaluation of
data and information are more likely to produce
desired results

7- Relationship Management
• For sustained success, organizations manage their
relationships with interested parties, such as suppliers

11
 3-Annex SL

In an effort to ensure consistency of structure and terminology used across the

available managements standards, so that they become more compatible and
easier to use, ISO has developed what is now called Annex SL.
 high level structure
 identical core text
 common terms and key definitions
All MSs shall in the future, in principle, use consistent structure, common text and
terminology so that they are easy to use and compatible with each other.

Annex SL, however, is not for management standards to have a “same look” only.
More to that, it re-enforces what is referred to as same “feel”.
This brings the ISO 9001 standard into line with ISO's new harmonized and consistent
structure

Hoped to facilitate the integration of the different ISO standards and the
development of integrated MS. Having a uniform structure as the basis of certification
for MS will more likely improve the comprehensibility of standards and make
combined certification more efficient.
12
 Based on the assumption, however, that Annex SL is not a static framework, but
allows a change, prompted by the subject specific area of regulation, quality
specific aspects have been added in the draft version. For example, planning
of changes has been added to Annex SL (now Clause 6.3.) This has been stated
to reflect the „recognition“ in the quality world that things change.

 The revised standard comes with an uniformity of terms. Common terms and
definitions are in use now, that are the same across all management systems
standards.

 This change will benefit those clients who have implemented or planned to
implement multiple ISO management systems e.g. ISO 9001 and ISO 14001. As
the trend for these two standards will be using Annex SL as the basic structure, it
will be easier to integrate multiple management systems.

 This change will be beneficial to auditors who audit integrated management

systems which will be based on the same structure. More efficient auditing is
expected.
13
 4- Main Outlines
 ISODIS/9001:2015 puts a greater emphasis on the definition of leadership,
which has always been important and critical aspect of a quality
management system.
 Now top management have greater involvement in the management
system. They have to make sure that the requirements of the MS are
integrated into the organization’s processes and that the policy and
objectives are compatible with the strategic direction of the organization .
 Senior management is now required to take a more active involvement in the
quality management system. Stronger emphasis on the overall accountability
of top management for the effectiveness of the quality management system.

 The figure of management representative no longer explicitly mentioned. In

the absence of specific requirement for a management representative, the
organization may choose a structure of assigning responsibilities as
appropriate to ensure relevant responsibilities and authorities are assigned.

14
 Further to the ISO/IEC Directives using the term “products and services", ISO/DIS
9001:2015 has replaced “product” with “products and services”.
 This is to make it more generic and applicable to organizations of any kind, i.e. in
the service fields, and remove the existing bias towards companies that deal with
physical products
 “Purchasing” and “outsourcing” are now replaced by “external provision of goods
and services”. Clause 8.6 Control of External Provision of products and Services
addresses all forms of external provision, whether it is by purchasing from a supplier,
through an arrangement with an associate company, through the outsourcing of
processes and functions of the organization, or by any other means. The
organization is required to take a risk-based approach to determine the type and
extent of controls appropriate to each external provider and all external provision
of goods and services.
 The developments in the technology give rise to enhancements in processes that
deal with Knowledge Management, Technology and changes in Infrastructure
and Communications.
 In recognition of the above, ISO/DIS 9001:2015 has introduced the new concept of
knowledge (Section 7.1.5). It relates to how organizations understand, maintain
and deal with knowledge. 15
 In line with Annex SL Appendix 2 , ISO/DIS 9001:2015 contains general
requirements for documentation only, with no reference to documented quality
manual, documented procedures or to quality records. 'Documented
information' now replaces both procedures and records which seems to be
more accepting of electronic documents and document control approaches.
Consequently the terms “document” and “record” have both been replaced
throughout the requirements text by “documented information.”

 Document control (ISO 9001:2008 Clause 4.2.3) and record control (Clause 4.2.4)
procedures do not exist anymore. Nill mandatory procedures are required by the
new version.

 Preventive action has been removed from ISO/DIS 9001:2015. To be replaced by

the wider perspective of planning, risk management as a core element of
planning, and the having of a management system in the first place. Indeed, all
references are made to risk, identification of risks and opportunities and planning
actions to address risks and opportunities identified. Risk based thinking goes
throughout the entire ISO/DIS 9001:2015.
16
 Stays in line with Annex SL that contains no specific requirements for
‘preventive action’
 An effective risk management process will be critical for the successful
certification to the new version.

 Risk is the effect of uncertainty on an expected result and the concept of risk-
based thinking has always been implicit in ISO 9001. This International Standard
makes risk-based thinking more explicit and incorporates it in requirements for
the establishment, implementation, maintenance and continual improvement
of the quality management system.

 The new ISO 9001-2015 revision focuses on risk management at the

organizational level. While this may seem a departure from a strict quality
management focus, there is ample focus within the existing standard on
controlling risk to justify an expanded focus.
 The new revision in its current draft form appears to expand these more
tactical risk management elements into a more programmatic view.
17
• Risk and Preventive Action
Auditors will not need to use the term “Preventive Action” anymore as it no
longer exists in the ISO 9001:2015 Standard. Risk-based thinking and risk-driven
approach shall be required from the clients by auditors when auditing clients’ QMS.

• the term of “documented information” which replaces the terms of “document”

and “record”.

18
 5- ISO 9001:2015 Structure

Clause Description

1 Scope
2 Normative References

3 Terms and Definitions

4 Context of the Organization
5 Leadership
6 Planning
7 Support
8 Operation

9 Performance Evaluation
10 Improvement
19
20
21
Model of a process-based quality management system,
showing the links to the clauses of ISO 9001:2015
 6- Terms & Definition Highlights

3.02 Interested party

Person or organization that can affect, be affected by, or perceive themselves to
be affected by a decision or activity
Example: Customers , owners, people in an organization, suppliers , bankers,
unions, partners or society that may include competitors or opposing pressure
groups.

23
3.09 Risk
Effect of uncertainty on an expected result
Note 1 : An effect is a deviation from the expected — positive or negative
Note 2 : Uncertainty is the state, even partial, of deficiency of information related
to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 : Risk is often characterized by reference to potential “events” (as defined
in ISO Guide 73:209, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009,
3.6.1.3), or a combination of these.
Note 4 : Risk is often expressed in terms of a combination of the consequences of
an event (including changes in circumstances) and the associated “likelihood” (as
defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
Note 5 : The term “risk” is sometimes used when there is only the possibility of
negative consequences

24
 Risks in ISO 9001:2015
• 4.4.f “the risk and opportunities in accordance….

• 5.1.2.b ”the risks and opportunities that can……

• 6.1 “Actions to address risks and opportunities”

• 6.1.1 “determine the risks and opportunities…

• 6.1.2.a “The organization shall plan…risks….

• 8.5.5 “the risks associated with the products….

• 9.3.1 “ …of actions to address risks and opportunities…..

• 10. the organization is required to improve by responding to

changes in risk 25
3.11 Documented information
Information required to be controlled and maintained by an organization and the
medium on which it is contained

Note 1: Documented information can be in any format and media and from any
source.
Note 2: Documented information can refer to the:
• Quality management system, including related processes
• Information created in order for the organization to operate
• Evidence of results achieved (records)

3.13 Performance
Measurable result
Note 1: Performance can relate either to quantitative or qualitative findings.
Note 2: Performance can relate to the management of activities, processes,
products, services, systems or organizations.
26
3.14 Outsource (Verb)
Make an arrangement where an external organization performs part of an
organization’s function or process.

Note 1 : An external organization is outside the scope of the management system

, although the outsourced function , or process , is within the scope.

3.24 context of the organization

Business environment
Combination of internal and external factors and conditions that can have an
effect on an organization's approach to its products , services and investments
and interested parties
Note 1 : The concept of context of the organization is equally applicable to not-
for-profit or public service organizations as it is to those seeking profits.
Note 2 : In English this concept is often referred to by other phrases such as
business environment, organizational environment or ecosystem of an
27
organization .
 6- ISO 9001-2015 Requirements Highlights
4.1 Understanding the context of the organization & Internal & External Issues affect
this context
• External Issues such as legal, technological, competitive, cultural, social, economic and
natural environment on international, national, regional or local levels related to the
organization’s strategic purpose
4.2 Understanding the needs and expectations of interested parties
• The organization shall determine:
a) the interested parties that are relevant to the quality management system
(direct customers, regulators, end users, suppliers, distributors, retailers or others
involved in the supply chain )
b) the requirements of these interested parties that are relevant to the quality
management system.
4.3 Determining the scope of the quality management system
The organization shall determine the boundaries and applicability of the
quality management system to establish its scope.
28
5.1 Leadership and commitment _ for more commitment, requirement such as:
• Taking accountability of the effectiveness of the quality management
system
• Promoting continual improvement;
• Supporting other relevant management roles to demonstrate their
leadership as it applies to their areas of responsibility.
• Many clients acknowledge that standards perform better when they are
aligned to the business strategies of an organization and therefore the
role of top management in their deployment is a key element. This is the
first key change in the new standard.
Where this could be achieved by:
5.2 Quality policy to be in place, well understood & communicated
5.3 Organizational roles, responsibilities and authorities to be determined and
implemented

29
6.1 Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the
issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and
opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement.
N.B.
There is no requirement in ISO 9001 to use a formal risk assessment method however there
needs to be some consideration of risk qualitatively.
The extent and level of risk assessment will depend on the nature and type of business.
ISO 31010 provides information of risk assessment techniques that can be used but it is
down to the organization to determine the best way to evaluate risk and opportunities for
themselves, depending on the nature and complexity of the organizations processes and
operations, size, resources available etc.

30
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system
processes (see 4.4);
2) evaluate the effectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the
potential impact on the conformity of products and services.

NOTE: Options to address risks and opportunities can include: avoiding risk, taking risk in
order to pursue an opportunity, eliminating the risk source, changing the likelihood or
consequences, sharing the risk, or retaining risk by informed decision.

6.2 Quality objectives and planning to achieve them

(SMART objectives and Detail planning is required now)
31
6.3 Planning of changes
Where the organization determines the need for change to the quality management
system (see 4.4) the change shall be carried out in a planned and systematic
manner.

A planned and systematic “management of change” process is required to

evaluate the effect / consequences of any changes to the management system
prior to implementation of the change. See 8.1

7.1.2 People
To ensure that the organization can consistently meet customer and applicable
statutory and regulatory requirements, the organization shall provide the persons
necessary for the effective operation of the quality management system, including
the processes needed.
7.1.3 & 7.1.4
Infrastructure and Environment for the operation of processes are rephrased and
clearly emphasised.
32
7.1.6 Organizational knowledge
The organization shall determine the knowledge necessary for the operation of its
processes and to achieve conformity of products and services.
This knowledge shall be maintained, and made available to the extent
necessary. When addressing changing needs and trends, the organization shall
consider its current knowledge and determine how to acquire or access the
necessary additional knowledge.
-NOTE 1 Organizational knowledge can include information such as intellectual
property and lessons learned.
-NOTE 2 To obtain the knowledge required, the organization can consider:
a) internal sources (e.g. learning from failures and successful projects, capturing
undocumented knowledge and experience of topical experts within the
organization);
b) external sources (e.g. standards, academia, conferences, gathering
knowledge with customers or providers).

33
7.2 Competence
7.3 Awareness
Persons doing work under the organization’s control shall be aware of:
a) the quality policy;
b) relevant quality objectives;
c) their contribution to the effectiveness of the quality management system,
including the benefits of improved quality performance;
d) the implications of not conforming with the quality management system
requirements.
7.4 Communication
Communication is important for both internal and external stakeholders and
an organization must develop a communication plan. It is important to decide
who will own the communication and ensure that they have the appropriate
authority, competence and knowledge.
The communication plan can include a variety of mediums including briefings,
meetings, seminars, conferences and knowledge
34
7.5 Documented information The organization’s quality management system shall
include
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary
for the effectiveness of the quality management system.
NOTE: The extent of documented information for a quality management system
can differ from one organization to another.
The organization shall maintain documented information to the extent necessary to support the
operation of processes and retain documented information to the extent necessary to have confidence
that the processes are being carried out as planned.
It means that:
Documented process is really needed
7.5.2 Creating and updating
7.5.3 Control of documented Information
No mandatory manual or procedure is referred!
No obligation for ANY procedures –BUT what it does ask _ is to show control. The
organization needs to demonstrate that it has identified areas and can control
the outcomes. 35
8.7 Control of nonconforming process outputs, products and services
More detailed requirements on dealing with non conforming product
The organization shall retain documented information of actions taken on
nonconforming process outputs, products and services, including
on any concessions obtained and on the person or authority that
made the decision regarding dealing with the nonconformity.

36
9.1.1 General
The organization shall determine:
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as
applicable, to ensure valid results;
c) when the monitoring and measuring shall be performed;
d) when the results from monitoring and measurement shall be analysed and
evaluated. The organization shall ensure that monitoring and measurement
activities are implemented in accordance with the determined requirements and
shall retain appropriate documented information as evidence of the results.

37
9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information
arising from monitoring, measurement and other sources.
The output of analysis and evaluation shall be used to:
a) demonstrate conformity of products and services to requirements;
b) assess and enhance customer satisfaction;
c) ensure conformity and effectiveness of the quality management system;
d) demonstrate that planning has been successfully implemented;
e) assess the performance of processes;
f) assess the performance of external provider(s);
g) determine the need or opportunities for improvements within the quality
management system

38
10 Improvement
The organization shall determine and select opportunities for improvement and
implement necessary actions to meet customer requirements and enhance
customer satisfaction.
This shall include, as appropriate:
a) improving processes to prevent nonconformities;
b) improving products and services to meet known and predicted requirements;
c) improving quality management system results.

NOTE Improvement can be effected reactively (e.g. corrective action),

incrementally (e.g. continual improvement), by step change (e.g. breakthrough),
creatively (e.g. innovation) or by re-organisation (e.g. transformation).

39
10.2 Nonconformity and corrective action
When a nonconformity occurs, including those arising from complaints, the
organization shall:
a) react to the nonconformity, and as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in
order that it does not recur or occur elsewhere, by:
1) reviewing the nonconformity;
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) make changes to the quality management system, if necessary.

40
10.3 Continual improvement
The organization shall continually improve the suitability, adequacy, and
effectiveness of the quality management system.

41
THANK YOU

42