News on the standard ISO 9001 version 2015: quality management systems - requirements

13/10/2023

The ISO 9001:2015 standard is published.

You can buy it from BSI for £ 114

The three pillars of the ISO 9001:2015 standard are:

• process approach
• risk-based thinking
• continual improvement

ISO 9001 version 2015 requirements and comments

See also the quiz "ISO 9001 version 2015 requirements"

T 15 ISO 9001: 2015 readiness (e-learning course) and enjoy free demo without registration

T 35 ISO 9001: 2015 internal audit and enjoy free demo without registration

T 65 ISO 9001: 2015 training package readiness and internam audit

1. The clauses are 10 using the new "high-level structure":

1. Scope

2. Normative references

3. Terms and définitions

4. Context of the organisation (P)

5. Leadership (P, D, C, A)

6. Planning (P)

7. Support (D)

8. Operation (D)

9. Performance evaluation (C)

10. Improvement (A)

2. The New annexes :

• Annex A (Informative) Clarification of new structure, terminology and concepts
• Annex B (Informative) Other International Standards on quality managemet and quality management systems developed by ISO/TC 176

3. The risk approach (risk-based thinking) is the great novelty

The term risk is used 48 times. The expression risks and opportunities is used 14 times.

4. The clause terms and definitions is empty. 

The terms and definitions are all left in the ISO 9000 2015 standard.  

5. The quality manual and procedures are no more mandatory but there are however requirements to:

• maintain documented information (procedures) - 5 times (version 2008 - 6 procedures):
  • scope of the QMS (sub-clause 4.3)
  • process control (sub-clause 4.4.2 a)
  • quality policy (sub-clause 5.2.2 a)
  • quality objectives (sub-clause 6.2.1)
  • operational control (sub-clause 8.1)
• retain documented information (records) - 21 times (version 2008 - 21 records):
  • process performance (sub-clause 4.4.2 b)
  • fitness for purpose of inspection persons (sub-clause 7.1.5.1)
  • calibration (sub-clause 7.1.5.2)
  • competence of persons (sub-clause 7.2)
  • conformity of products and services (sub-clause 8.1)
  • results of the review of products and services requirements (sub-clause 8.2.3.2)
  • design and development inputs (sub-clause 8.3.3)
  • design and development expected results, reviews, verifications and validations sub-clause 8.3.4)
  • design and development outputs (sub-clause 8.3.5)
  • design and development changes (sub-clause 8.3.6)
  • evaluation activities and actions of external providers (sub-clause 8.4.1)
  • product and service characteristics, related activities and results to be achieved (sub-clause 8.5.1)
  • traceability of products and services (sub-clause 8.5.2)
  • situation of the property of a customer (sub-clause 8.5.3)
  • results of the review of changes (sub-clause 8.5.6)
  • release of products and services (sub-clause 8.6)
  • treatment of nonconforming products and services (sub-clause 8.7.2)
  • inspection results (sub-clause 9.1.1)
  • audit programme and audit results (sub-clause 9.2.2)
  • management review outputs (sub-clause 9.3.3)
  • nonconformities, actions and results (sub-clause 10.2.2)

6. The verb shall is present 309 times in clauses 4 to 10

In the 2008 version it was 305 times

7. The sub-clause Preventive action is dropped

Now, the quality management system and the risk-based thinking are considered as a global prevention tool

8. New sub-clauses:

• Context of the organization
• Leadership
• Planning
• Performance evaluation

9. Some sub-clauses have new names:

• Support instead of Resource management
• Operation instead of Product realization

10. Some terms are replaced:

• documented procedure and record by documented information
• supplier by external provider
• exclusion by applicability

11. The quality management principles are no more 8 but 7.

See ISO 9000 2015, § 2.3

12. Details of the new clauses and sub-clauses:

• Introduction
  • 0.1 General
  • 0.2 Quality management principles
  • 0.3 Process approach
    • 0.3.1 General
    • 0.3.2 Plan-Do-Check-Act cycle
    • 0.3.3 Risk-based thinking
  • 0.4 Relationship with other management systems standards
• 1 Scope
• 2 Normative references
• 3 Term and définitions
• 4 Context of the organisation
  • 4.1 Understanding the organisation and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.3 Determining the scope of the quality management system
  • 4.4 Quality management system and its processes
• 5 Leadership
  • 5.1 Leadership and commitment
    • 5.1.1 General
    • 5.1.2 Customer focus
  • 5.2 Quality policy
    • 5.2.1 Developing the quality policy
    • 5.2.2 Communicating the quality policy
  • 5.3 Organizational roles, responsibilities and authorities
• 6 Planning
  • 6.1 Actions to address risks and opportunities
  • 6.2 Quality objectives and planning to achieve them
  • 6.3 Planning of changes
• 7 Support
  • 7.1 Resources
    • 7.1.1 General
    • 7.1.2 People
    • 7.1.3 Infrastructure
    • 7.1.4 Environment for the operation of processes
    • 7.1.5 Monitoring and measuring resources
      • 7.1.5.1 General
      • 7.1.5.2 Measurement traceability
    • 7.1.6 Organizational knowledge
  • 7.2 Competence
  • 7.3 Awareness
  • 7.4 Communication
  • 7.5 Documented information
    • 7.5.1 General
    • 7.5.2 Creation and updating
    • 7.5.3 Control of documented information
• 8 Operation
  • 8.1 Operational planning and control
  • 8.2 Requirements for products and services
    • 8.2.1 Customer communication
    • 8.2.2 Determining the requirements related to products and services
    • 8.2.3 Review of requirements related to products and services
    • 8.2.4 Changes to requirements for products and services
  • 8.3 Design and development of products and services
    • 8.3.1 General 
    • 8.3.2 Design and development planning
    • 8.3.3 Design and development inputs 
    • 8.3.4 Design and development controls
    • 8.3.5 Design and development outputs 
    • 8.3.6 Design and development changes 
  • 8.4 Control of externally provided processes, products and services                   
    • 8.4.1 General 
    • 8.4.2 Type and extent of control 
    • 8.4.3 Information for external providers 
  • 8.5 Production and service provision 
    • 8.5.1 Control of production and service provision 
    • 8.5.2 Identification and traceability 
    • 8.5.3 Property belonging to customers or external providers 
    • 8.5.4 Preservation
    • 8.5.5 Post-delivery activities
    • 8.5.6 Control of changes
  • 8.6 Release of products and services
  • 8.7 Control of nonconforming outputs
• 9 Performance evaluation
  • 9.1 Monitoring, measurement, analysis and evaluation 
    • 9.1.1 General
    • 9.1.2 Customer satisfaction
    • 9.1.3 Analysis and evaluation 
  • 9.2 Internal audit
  • 9.3 Management review
    • 9.3.1 General
    • 9.3.2 Management review inputs
    • 9.3.3 Management review outputs
• 10 Improvement
  • 10.1 General
  • 10.2 Nonconformity and corrective action 
  • 10.3 Continual improvement

13. Comments

• the term "conformity to requirements" is a pleonasm because the definition of conformity is "fulfilment of a requirement" and so we obtain "fulfilment of a requirement to requirements"
• no process mapping requirement
• no requirement for risk process
• no documented information requirement for risk (maintain or retain)
• no requirement on partner management
• no requirement on listening to the market
• no requirement on innovation (cited in the introduction and in the Note to sub-clause 10.1)
• no requirement for staff satisfaction, perception, valuation and recognition 
• the motivation and commitment of staff are not covered but only awareness is present (sub-clause 7.3)
• no quality tools are cited - no trace of FD X50-819 (Guidelines for creating synergies between Lean Management and ISO 9001)