KEEP

CALM
AND

PREPARE FOR
ISO 9001:2015
Eight experts outline key changes
and how to handle them

ISO 9001:2015

REVISIONS OF ISO management systems are often accompanied by

a bit of anxiety. More than 1 million organizations have been certified to ISO
9001:2008, the international quality management system (QMS) standard, and
they now must embark on implementing a revised version to be published later
this month.
Most organizations are on pins and needles: What are the key changes we
must be aware of? When and how should we introduce the required changes?
What resources will we need?
The international technical advisory groups (TAG) to ISO Technical Committee 176, the group responsible for writing ISO 9001, have toiled to achieve
the highest caliber revision. You can imagine how challenging it is to achieve
a consensus among hundreds of individuals in dozens of countries, with multiple languages and cultures. This is why a betteralthough not perfectISO
9001:2015 is on track for finalization.
The following pages are meant to calm your anxieties by helping you to
understand five of the key changes in ISO 9001:2015, what they mean, what you
must do to meet the new requirements and the resources available to you during the transition process.
Certainly, not every change can be fully detailed in this article, and youll
find most of the changes relate to one another. Risk-based thinking, for example, which arguably may be the most impactful change in ISO 9001:2015, is
engrained in several aspects of the standard.
In a perfect world, a revision for an established, internationally accepted
standard such as ISO 9001 should be easier to read, learn and implement. It
should provide noncontroversial, improved tools for quality management.
Although our world is not yet perfect, ISO 9001:2015s new features do provide
promise for improved quality.
Allen Gluck
Editors note: This following article was written by several standards experts before the
release of the final version of ISO 9000:2015. Information presented here was based on the
draft international standard (DIS) and final draft international standard (FDIS) versions
of ISO 9001:2015.

September 2015 QP 19

THE PANEL OF EXPERTS

BILL ASTON is managing director of Aston Technical Consulting Services LLC in Kingwood, TX, and worked 40
years in the oil, gas and chemical industries. A senior member of ASQ, Aston is an ASQ-certified quality auditor,
an Exemplar Global-certified quality management system (QMS) auditor and a Professional Evaluation and Certification Board-certified trainer and lead auditor. He is also a voting member of the U.S. Technical Advisory Group
to ISO Technical Committee 176 (TAG 176) and the American Petroleum Institute Quality subcommittee 18.
SUSAN L.K. BRIGGS is a member of the task force in the Joint Technical Coordination Group that wrote Annex
SL and the associated guidance. She is the chair of TAG 207 on environmental management and the convener
of the international working group revising ISO 14001:2015. She has a bachelors degree in natural science
from Harvard University in Cambridge, MA. Briggs is an ASQ-certified quality/organizational excellence manager, auditor and engineer.
CHARLES A. CIANFRANI is a principal consultant for Green Lane Quality Management Services in Green Lane,
PA. An ASQ fellow, Cianfrani is a U.S. expert representative to ISO Technical Committee 176 (ISO/TC 176). He has
an MBA from Drexel University in Philadelphia and a masters degree in applied statistics from Villanova University in Pennsylvania. Cianfrani has implemented ISO 9001-compliant processes on six continents.

DEANN DESAI is a project manager for Georgia Techs Enterprise Innovation Institute in Atlanta. She has a
masters degree in statistics and polymers from the Georgia Institute of Technology in Atlanta. An ASQ member,
Desai is an Exemplar Global-certified QMS lead auditor, energy management lead auditor and environmental
management systems lead auditor. Desai is a member of multiple ISO standards committees, including TAG 176
and the task force in the Joint Technical Coordination Group that wrote Annex SL and the associated guidance.
ALLEN GLUCK is president of ERM31000 Training and Consulting in Spring Valley, NY, and an adjunct professor
at Manhattanville School of Business in Purchase, NY. He has a masters degree in leadership from Bellevue
University in Nebraska. Gluck is an ASQ member and a member of TAG 176, which develops ISO 9001, and TAG
262, which develops ISO 31000.

PAUL PALMES is president and principal consultant with Business Systems Architects Inc. in Fargo, ND, and
Prescott, WI. He is a member of TAG 176 and chair of international ISO/TC 176, subcommittee 1, responsible for
the revision of ISO 9000. He has been international ISO/TC 176 liaison to the International Accreditation Forum
(IAF), co-chair of the IAFs ISO 9000 advisory group, and member of the Auditing Practices Group and the Accreditation Council of the ANSI/ASQ National Accreditation Board. Palmes is an ASQ-certified quality manager,
British Standards Institution-certified ISO 9001 auditor and has a masters degree in administration from Gonzaga University in Spokane, WA.
DENISE ROBITAILLE is the author of 12 books, including ISO 9001:2008 for Small and Medium-Sized Businesses (ASQ Quality Press, 2010), and an internationally recognized speaker and trainer. She is an active member
of TAG 176, where she has participated in the revision of multiple standards. Robitaille is an ASQ fellow, an
Exemplar Global-certified lead assessor and an ASQ-certified quality auditor.

JOHN E. JACK WEST is a member of Silver Fox Advisors in Houston. He is past chair of TAG 176 and lead
delegate of the committee responsible for the ISO 9000 family of quality management system standards. He is
an ASQ fellow and has co-authored several ASQ Quality Press books.

20 QP www.qualityprogress.com

ISO 9001:2015

Prepare for a New Structure

by Deann Desai and Susan L.K. Briggs
What is the change?

a unifying and agreed-on high-level structure, identical

The structure of ISO 9001 has been revised. Clauses and

core text, and common terms and core definitions.

subclauses are retitled and reordered according to a

There are 10 elements in the Annex SL high-level

high-level structure that allows for all management sys-

structure:

tem standards (MSS) to be aligned.

1. Scope.

To fully understand this change, some background

2. Normative references.

explaining why it was done should be helpful. From the

3. Terms and definitions.

early 1990s, the International Organization for Standard-

4. Context of the organization.

ization (ISO) technical committee for quality manage-

5. Leadership.

ment (ISO/TC 176) and its technical committee for en-

6. Planning.

vironmental management (ISO/TC 207) worked together

7. Support.

to enhance compatibility and avoid conflicting require-

8. Operation.

ments between ISO 9001 and ISO 14001, the internation-

9. Performance evaluation.

al environmental MSS.

10. Improvement.

In 2003, the ISO General Assembly received advice

These elements have driven the changes that users

from advisory and user groups that greater alignment of

will find in ISO 9001, including the restructuring of the

the structureincluding clause sequence and require-

standard from eight clauses in the 2008 version to 10

ments in the standardswas desirable and achievable,

clauses in the 2015 version.3

and that this would benefit organizations implementing

more than one MSS.

What do I need to do?

In 2005, the ISO Technical Management Board estab-

A frequently asked question about this change is: Must

lished a technical advisory group to fulfill this task, and a

organizations renumber their documents and other rel-

joint vision and high-level structure for all MSSs was de-

evant items based on the new structure of the standard?

veloped. Building on this, the group developed the MSS

The short answer is: No, you do not need to renumber,

requirements, which were published as Annex SL in the

but many organizations will choose to do so as a tracking

ISO/IEC Directives1, 2 in 2011.

mechanisma way to keep things straight and ensure

Annex SL defines the high-level structure including

they are able to do a full review and cover the require-

common text, terms and definitions along with guidance on

ments. Keep in mind that there is no guarantee the num-

how they should be applied. The impact of Annex SL is that

bering will remain the same in future revisions.

all ISO management system requirements standards will be

Some of the main changes in ISO 9001:2015, includ-

aligned, and ISO will seek to enhance the compatibility of

ing introduction of context of the organization and risk,

these standards through the promotion of identical:

came from the use of the high-level structure.

Clause titles.

One of the key responses in the user survey conduct-

Sequence of clause titles.

ed prior to writing the revision was that the connection

Text.

with the larger, strategic view of the organization was

Terms and definitions.

missing. The introduction of a clause related to a con-

These items are permitted to diverge among standards only where necessitated by specific differences in
managing the individual fields of application.

cept called the context of the organization addressed

this concern.
The intent of this clause is for organizations to have a
high-level (strategic) understanding of the important is-

What does it mean?

sues that can affect a management systempositively or

The aim of Annex SL is to enhance the consistency and

negatively. Part of an organizations context also includes

alignment of existing and future ISO MSSs by providing

relevant needs and expectations of interested parties that

September 2015 QP 21

apply to its QMS. Knowledge of the issues and inter-

prevents or reduces undesired effects, and achieves

ested party requirements is used to guide the efforts to

continual improvement. Annex SL calls for actions to

plan, implement and operate a QMS.

address risks and opportunities in subclause 6.14 but

The issues identified by an organization and the relevant requirements of interested parties are linked to

does not require risk management, risk assessment or

risk treatment.

the section on planning. The organization plans how

The addition of these two strategic business pro-

it will address any negative or positive consequence

cesses were included to encourage an organizations

posed by these issues and requirements in a prioritized

top management to become more actively engaged,

fashion in its QMS.

ensuring the QMS takes a more strategic view and is

The purpose of planning is for an organization to

integrated into its business processes, with the overall

anticipate potential scenarios and consequences, and

intent to promote improved performance of the QMS.

as such, is preventive in addressing undesired effects

before they occur. Similarly, organizations should look
for favorable conditions or circumstances that can offer a potential advantage or beneficial outcome, and
include planning for those worthy of pursuit.
An organization has the authority and autonomy to
decide which risks and opportunities it must address
to ensure its QMS achieves its intended outcome,

REFERENCES AND NOTE

1. International Organization for Standardization and International Electrotechnical Commission, ISO/IEC Directives, Part 1, Consolidated ISO Supplement, Procedures specific to ISO, sixth edition, 2015, Annex SL, Appendixes
2 and 3.
2. For additional guidance on the intent of Annex SL, review Appendix 3 of
Annex SL in the ISO/IEC Directives, see reference 1.
3. Sandford Liebesman, Work in Progress, Quality Progress, November 2013,
pp. 52-53.
4. International Organization for Standardization and International Electrotechnical Commission, ISO/IEC Directives, see reference 1, subclause 6.1.

Understand Your Context

by John E. Jack West and Charles A. Cianfrani
What is the change?

direction, and to monitor and review information re-

The latest edition of ISO 9001 contains content that will

lated to these external and internal issues.

appear new to some users. The newness of the content

These requirements inject a QMS into an organiza-

will vary widely among organizations depending on

tions strategic planning process. At a minimum, to de-

their existing QMSs. An organizations prior compli-

termine external and internal issues that are relevant to

ance could have ranged from the absolute minimum

its purpose and its strategic direction,2 an organization

to deployment of processes that address the explicit

must know its strategic direction.

requirements and the intent of the latest requirements.

This clause introduces the concept of requiring an

ISO 9001:2015s clause 4, dealing with context of the

organization to think at strategic and tactical levels

organization, therefore may require a widely different

when it develops and deploys its QMS. Neither big-pic-

range of attention by organizations transitioning to the

ture strategic thinking nor detailed analysis and tacti-

new version.

cal thinking is sufficient by itself.

Clause 4 introduces some new language and ex-

The standard mandates consideration of internal

pands concepts related to defining requirements. A few

and external issues that affect the ability of the organi-

of the more notable changes include:

zation to achieve its intended results. The requirements

Understanding the organization and its context.

also say the organization shall monitor and review the

External and internal issues.

issues it considers to be relevant to its purpose.

Understanding the needs and expectations of relevant interested parties.

What does it mean?

Subclause 4.1 contains requirements for an organi-

The requirements for understanding an organization

zation to determine external and internal issues that

and its context mean an organization must know itself

can affect and are relevant to its purpose and strategic

and the external organizations and factors that do or

22 QP www.qualityprogress.com

ISO 9001:2015

can affect it. Achieving such an understanding can result

considered for serious attention. Self-assessments can

from activities such as performance of competitive anal-

be complex, using criteria such as those of the Malcolm

ysis, assessment of existing and emerging technology,

Baldrige National Quality Award, the European Founda-

and evaluation of its impact on the environment.

tion for Quality Management or the ASQ guidelines for

Such activities and assessments are elements of over-

performing a QMS self-assessment.

all strategic and tactical planning for an organization and

Assessment also can be simplified by using the seven

its associated QMS. It also forms a context for develop-

quality management principles as a guide.4 It is up to

ing, implementing, maintaining and improving a QMS.

each organization to determine how detailed the analy-

This subject is a normal topic for top managers and is

interrelated with subclause 5.1.1 on leadership and commitment,3 which requires top management to ensure a

sis should be and what follow-up action, monitoring and

review is needed.
External issues can be found through several tech-

quality policy and quality objectives are compatible with

niques such as analysis of:

an organizations strategic direction and context. This is

Economic environment and trends.

a key top management role in the development of a QMS.

International trade conditions.

Competitive products and services.

What do I need to do?

Opportunities and conditions related to outsourcing.

What is meant by determine external and internal is-

Technology trends.

sues? What should be considered? How far should you

Raw material availability and prices.

go?

Potential changes in statutes and regulations.

One suggested approach is to have a formal process

for deciding what to consider and why. This approach
makes sense for several reasons:

Benchmarking best-in-class performers in and outside the current marketplace.

Also consider the potential interactions with other

1. It formalizes the process to ensure it is invoked.

processes of your QMS. For example, subclause 4.1 may

2. It precludes going overboard on determining pertinent

have direct or indirect interactions with your processes

external and internal issues.

3. If certification is an organizational objective, it pre-

dealing with interested parties, risks and opportunities,

or with clauses 8, 9 and 10.

empts disputes with external auditors regarding

These new requirements related to the organization

compliance. The notes to subclause 4.1 provide guid-

and its context should provide the organization an op-

ance.

portunity to expand the breadth and depth of its QMS,

An organization, for example, could develop a list of

integrate the QMS with the strategic and tactical manage-

areas in which issues could exist and perform periodic

ment of the organization, and align objectives throughout

evaluations of any existing or emerging problems that

the organization.

might affect meeting requirements.

Examples of internal issues that could be considered
include:
Internal audit results and self-assessment results.
Analysis of quality cost data.
Analysis of technology trend information.
Competitive analysis.
Results of customer reviews, audits, complaints and
feedback.
Actual versus intended internal values and culture.
Organizational performance.
Best practices of the organization and comparisons
with industry benchmarks.
Employee satisfaction data analysis.
One process that is underused but powerful in identifying internal issues is a self-assessment. It should be

REFERENCES
1. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, clause 4.
2. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, subclause 4.1.
3. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, subclause 5.1.1.
4. International Organization for Standardization, ISO/FDIS 9000:2015Quality
management.

SMALL BUSINESS
CHALLENGE

Are you a small business trying to navigate the transition to ISO

9001:2015? Read about the unique obstacles small business face in
implementing ISO 9001 and the resources available to help in Denise
Robitailles online sidebar Resources: The Small Business Challenge,
on this articles webpage at www.qualityprogress.com.

September 2015 QP 23

Consider Risk
by Denise Robitaille
What is the change?
Many of the changes in ISO 9001:2015 will involve a

ISO 9001:2015 disperses language relating to risk

paradigm shift across all functions. The most prevalent

throughout the standard. The logical segue is that be-

of these relates to the concept of risk-based thinking.

cause the QMS touches most processes and departments, the need to engage in risk-based thinking is

What does it mean?

similarly expanded to encompass multiple functions

The idea of risk-based thinking isnt particularly dif-

throughout the organization.

ficult. Whenever an organization decides to change

What happens if you change the design of your most

something or to respond to an impending change, there

popular product? You improve your position in the

are choices, consequences, opportunities and risks.

marketplace and beat the competition. You also incur

ISO 31000 GUIDES RISK-BASED THINKING

ISO 9001 includes two new and related requirements: under-

popular internationally, and it will be helpful in implementing ISO

standing the organization and its context, and risk-based think-

9001:2015. As a guidance document, it allows for tailoring to

ing. The latter is a term that is nonexistent in current quality and

various systems including the management of quality. It is help-

risk nomenclature. How should you understand, implement and

ful for understanding the organization and its context, which

audit to this requirement?

is sparsely defined in ISO 9001:2015, but more fully detailed in

Fortunately, you dont have to reinvent the wheel. These

concepts and their implementation are detailed in ISO 31000,1
the international risk management standard. Although ISO

sections 4 and 5 of ISO 31000. These sections explain the how

and why of establishing the context.
Like ISO 9001, ISO 31000 is more clearly understood after

31000 uses different terms, referring to that standard can help

professional training. Quality professionals who master ISO

organizations implement risk-based thinking in the context of

31000 will be able to identify how detailed an organizations

ISO 9001.

risk-based thinking implementation must be to satisfy the re-

The writers of ISO 9001:2015 state that risk-based thinking

has always been implicit in ISO 90012 and chose not to require

quirements of ISO 9001:2015.

Why should your organization embrace risk management as

a full, formal and systemic risk management method, such as

part of your quality system? The answer is stated in ISO 31000:

ISO 31000. The risk-based thinking requirement allows organiza-

All organizations manage risk to some degree.3 In laymans

tions the flexibility to choose either a basic approach or a more

terms, managing risk is simple: Make decisions while consider-

extensive formal risk management process based on what is

ing how the potential consequences of unknown factors can

appropriate for an organization.

help or hinder your organizations objectives.

Explicit in the new standard, however, is the requirement that

This idea is not new. The management of uncertainty is

some minimal risk management be integrated into an organiza-

something you do each day in your personal and professional

tions quality system. Indeed, the writers deliberately created

lives to ensure you achieve your objectives. The requirement

the term risk-based thinking to encompass the varying, ac-

that consideration of uncertainty be part of formal and auditable

ceptable degrees in which organizations may choose to manage

processes will serve to further quality and corporate objectives.

risk. Employing the term risk management may have implied

full adherence to the ISO 31000 standard is required, a suggestion defeated in early international revision negotiations.
While using ISO 31000 is not required in ISO 9001:2015,
the existing risk management standard already has become

24 QP www.qualityprogress.com

Allen Gluck
REFERENCES
1. International Organization for Standardization, ISO 31000:2009Risk management
Principles and guidelines.
2. International Organization for Standardization, ISO/FDIS 9001:2015Quality management
systemsRequirements.
3. Ibid.

ISO 9001:2015

the need to carry inventory of replacement parts be-

ses and implementing sophisticated risk management

cause youve made a commitment to your customers

programsall slick with data, pretty charts and graphs

to continue to support older versions of the product.

printed on high-gloss paper. This is hardly a capabil-

How about signing a contract that will double your

business? Youll make a ton of money if you can: Get

ity for a small delivery service organization or a fiveperson machine shop.

suppliers to ship extra raw material, hire 15 more

To help an organization of any size get over this

techs, put on a second shift and maintain the produc-

hurdle, look no further than clause 4 of ISO 9001:2015.1

tion schedule to keep your other customers happy.

All of the language about the context of the organization is directly relevant to the conversation about risk.

What do I need to do?

To understand your risks, you must understand your

All organizations, but especially small companies,

organizationits internal and external issues, the in-

must apply risk-based thinking in their internal envi-

terested parties that can have an effect on it and its

ronments. A small amount of effort along these lines

ability to fulfill customer expectations.

can lead to big results. ISO 9001:2015 allows organiza-

These concepts also can be parsed into smaller

tions the flexibility to apply as little effort as is needed.

components. For smaller organizations, issues can be

When implementing risk-based thinking, parse

as simple as the retirement of one person, the loss of a

things out into manageable chunks. The benefit is that

supplier, a change in cash flow, a major road repair out-

youll have fewer unpleasant surprises resulting from a

side their entrance or change in the local schools cal-

failure to adequately assess the risk associated with a

endar affecting parents who need daycare. All of these

change. The change can be as small as substituting an

events carry risks that must be managed properly.

epoxy or as overwhelming as moving the business to a

new facility.

There are other changes that must be understood

and implemented. All the changes carry some benefit.

One of the side benefits of the inclusion of risk-

The transition process itself carries its own benefit

based thinking in ISO 9001:2015 is that it eliminates the

because implicit in the transition is the opportunity to

ineffectual and cumbersome preventive action process

objectively assess a system and sweep away what isnt

included in ISO 9001:2008.

working.

Often, risk is presumed to be within the purview

of large companies with loads of quality technicians
and MBAs performing failure mode and effects analy-

REFERENCE
1. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, clause 4.

Leaders, Step Up
by Paul C. Palmes
What is the change?

ed issueswith primary top management interaction

The 2015 revision of ISO 9001 contains several impor-

through management review.

tant improvements regarding top management. Specifi-

Thats about to change. According to subclause 5.1.1,

cally, subclause 5.1.1 on leadership and commitment

top management is required to demonstrate leadership

for the QMS1 includes 11 requirements designed to en-

and commitment with respect to the QMS by:

sure top management is involved and committed more

1. Taking accountability of the effectiveness of a QMS.

than ever before to the QMS.

2. Ensuring the quality policy and quality objectives

Observers of ISO 9001 throughout the years have

are established for a QMS and that they are compat-

consistently and correctly commented that QMS imple-

ible with the strategic direction and the context of

mentation results suffer without real top management

support. As a result, organizations are left to install
bolt-on quality systems limited to production relat-

an organization.
3. Ensuring the quality policy is communicated, understood and applied in an organization.

September 2015 QP 25

4. Ensuring the integration of the QMS requirements

into an organizations business processes.

If you can clearly imagine the best outcome of each

meeting, you can work backward to imagine everything

5. Promoting awareness of the process approach.

you may need to achieve a successful set of results.

6. Ensuring the resources needed for a QMS are avail-

After all, for many organizations, effective implemen-

able.
7. Communicating the importance of effective quality
management and of conforming to QMS requirements.

tation of subclause 5.1.1 will require a fundamental

paradigm shift in which top management participates
rather than observes.
There is, for example, a new requirement to promote

8. Ensuring a QMS achieves its intended results.

awareness of the process approach. No doubt, this may

9. Engaging, directing and supporting persons to con-

become a teachable moment for many organizations,

tribute to the effectiveness of a QMS.

10. Promoting continual improvement.

requiring prepared materials to explain this fundamental concept to top management during these meetings.

11.
Supporting other relevant management roles to

Take your time. Be prepared and professional in

demonstrate leadership as it applies to leaders re-

your approach. Develop appropriate action items and

spective areas of responsibility.

venues for each requirement. Perhaps your organization routinely schedules an all-organization business

What does it mean?

status meeting conducted by top management. This

From the perspective of an organization that is already

may be the perfect place to communicate the impor-

implementing ISO 9001 and looking to transition to the

tance of effective quality management and of conform-

new version of the standard, some will proudly affirm

ing to QMS requirements.3

the existing link between quality and business goals,

Others requirements in subclause 5.1.1 are also fair

while others face a major realignment of their existing

game for such events, and if you use PowerPoint to

systems.

present, you now have a record of compliance. (The

Yes, some of the above requirements, such as en-

correct term is now documented information, but its

suring that the quality policy is communicated, un-

still acceptable to use terms to which youve become

derstood and applied within the organization, are

accustomed).

management responsibility-related holdovers from

Naturally, to just proclaim support is not enough,

the 2008 revision. Several additional requirements in

and similarly no one expects top managers to move

the 2015 revision, however, affirm a fundamental shift

into the quality department. The real work will be

from having top management simply provide direction

somewhere in between when it becomes obvious to

and support to its becoming a key participant.

everyone that top management actually is using the

The QMS now must consider how to manage ensur-

quality system to guide and validate its decisions and

ing the integration of the QMS requirements into the

to encourage the discovery of new areas of improve-

organizations business processes. They are now one

ment throughout the organization.

and the same, requiring quality objectives to support

the achievement of the organizations business goals.

Fundamentally, clause 5.1.1 in ISO 9001:2015 is a

call for top management involvement in the QMS. In-

Who better to ensure business success than top

tegration of the QMS requirements into the organiza-

management? After all, top management also is tasked

tions business processes requires analysis and collab-

in the new version of ISO 9001 with engaging, direct-

oration on both sides. As the two become one, working

ing and supporting persons to contribute to the effec-

together to support common goals, the organization

tiveness of the QMS.

develops deeper purpose, strength and success.

What do I need to do?

wish to achieve when you begin with the end in mind.

Thats the vision you must encouragethe goal you

Given the importance of the material, explaining all
these changes to top management will best be accomplished through several meetings. It may be constructive to use the second of Stephen R. Coveys seven
habits by beginning with the end in mind.2

26 QP www.qualityprogress.com

REFERENCES
1. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, subclause 5.1.1.
2. Stephen R. Covey, The Seven Habits of Highly Effective People, Free Press,
1989.
3. International Organization for Standardization, ISO/FDIS 9001:2015Quality management systemsRequirements, see reference 1.

ISO 9001:2015

Determine Your
Documentation Needs
by Bill Aston
What is the change?

lowing 18 records to be retained:

One of the more notable changes in ISO 9001:2015 will

1. Monitoring and measurement of resources (sub-

be the nonexistance of any reference to requirements

clauses 7.1.5.1 and 7.1.5.2, a).

for a quality manual, documented procedures and re-

2. Personnel competency (subclause 7.2, d).

cords to be maintained. Does this mean documented

3. Operational planning and control (subclause 8.1, e).

procedures, records and other QMS documents are not

4. Review of requirements related to products and services (subclause 8.2.3.2).

necessary?
No, that is not the case. Consider the requirements

5. Design and development inputs (subclause 8.3.3).

of ISO/FDIS 9001:2015, subclause 4.4.2.1 This sub-

6. Design and development controls (subclause 8.3.4, f).

clause requires an organization to maintain document-

7. Design and development output (subclause 8.3.5).

ed information (procedures) to support the operation

8. Design and development change (subclause 8.3.6).

of its processes and to retain documented information

9. Externally provided product and services (sub-

(records) to have confidence that processes were per-

clause 8.4.1).
10. Traceability (subclause 8.5.2).

formed as planned.
Annex A, section A.6, provides guidance regarding
the references made to requirements throughout the

11. Property belonging to customers or external parties

(subclause 8.5.3).

standard to maintain documented information (such

12. Control of change (subclause 8.5.6).

as procedures, quality plans and a quality manual) as

13. Release of product and services (subclause 8.6).

well as to retain documented information (records).

14. Control of nonconforming process output, products

How are an organizations requirements for QMS

documents determined? Every organization will be
responsible for determining the level of documented

and services (subclause 8.7.2).

15. Monitoring, measurement, analysis and evaluation
(subclause 9.1.1).

information, such as procedures, needed to support its

16. Internal audit (subclause 9.2.2).

QMS, processes, product and services.

17. Management review (subclause 9.3.3).

ISO 9001:2015 will specifically require risk-based

thinking to be a part of every organizations process

18.
Nonconformity and corrective action (subclause
10.2.2).

approach to quality. Risk-based thinking is not a new

activityits a regular part of an organizations QMS

What does it mean?

and product planning processes, which includes ensur-

Concerning requirements for documented information

ing controls, such as procedures or instructions, are

to be maintained (procedures), ISO 9001:2015 will be

established to address identified risks.

less prescriptive. This increased flexibility will sup-

ISO/FDIS 9001:2015 requires the following docu-

port requirements for documented information to be

mented information to be maintained by every organi-

scaled to be appropriate to the complexity and criti-

zation:

cality of the products produced or services provided.

Scope of the QMS (subclause 4.3).

The greater the risk or potential consequences of the

Information needed to support the operation of its

nonconformance, the more control (procedures) re-

processes (subclause 4.4.2, a).

Quality policy (subclause 5.2.2, a).
Quality objectives (subclause 6.2.1).
Control of product and services (subclause 8.5.1).
Furthermore, ISO/FDIS 9001:2015 identifies the fol-

quired to address the probability of the risk and its

potential impact.
Documented information may include procedures, work instructions, drawings, checklists, data
sheets, media or records as deemed appropriate for

September 2015 QP 27

ISO 9001:2015

an organizations operation.

ISO 9001:2015 will provide an organization in-

Risk-based thinking is essential for identifying risk

creased flexibility to maintain a QMS specific to its

and the resources, such as personnel competencies,

particular processes and product. Risk-based thinking

equipment, facilities, product and services design, ma-

will drive the organizations need to ensure document-

terials, process procedures and instructions required

ed information, such as procedures, instructions and

to address those risks. ISO 9001:2015 will not require

other QMS documents, are available to address risks

formal risk assessments. The organization will deter-

and opportunities. ISO 9001:2008 certifications will not

mine whether a formal risk assessment is required and

be valid after three years from the publication date of

if so, select a risk assessment method that best suits

ISO 9001:2015.

its needs.

The International Accreditation Forum Informa-

Future QMS audits will require auditors, consul-

tive Document 9: 2015 Transition Planning Guid-

tants and other interested parties to use a different ap-

ance for ISO 9001:20155 provides general guidance to

proach to determining an organizations conformance

organizations, certification bodies and accreditation

with ISO 9001:2015 requirements. Auditors must be

bodies for preparing to transition from ISO 9001:2008

knowledgeable about the risks associated with the

to ISO 9001:2015.

products, services and processes being audited, and be

Future QMS auditing will need a different approach

able to assess the effectiveness of the controls used to

to determining an organizations conformance with

manage those risks.

ISO 9001:2015 requirements. Techniques and skills

for auditors, consultants and other quality profession-

What do I need to do?

als must change to meet the new challenges of ISO

Consider the following actions to prepare for transi-

9001:2015. QP

tioning to ISO 9001:2015:

1. Obtain a copy of ISO FDIS 9001:2015 and become
familiar with its requirements.
2. Attend ISO 9001:2015 training via your registrar, the
Professional Evaluation and Certification Board,
Exemplar Global College, ASQ or other accredited
training providers.
3. Consider training on ISO 31000:2009Risk man-

REFERENCES
1. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, subclause 4.4.2.
2. International Organization for Standardization, ISO/FDIS 9001:2015Quality
management systemsRequirements, Annex A, section A.6.
3. International Organization for Standardization, ISO 31000:2009Risk managementPrinciples and guidelines.
4. International Organization for Standardization, Technical Committee 176,
Subcommittee 2 (ISO TC/176/SC2) homepage, http://tinyurl.com/TCSC2.
5. International Accreditation Forum (IAF), IAF Informative Document 9: 2015
Transition Planning Guidance for ISO 9001:2015, Issue 1, Jan. 12, 2015.

agementPrinciples and guidelines to ensure familiarization with basic risk-management practices

and terms.3
4. Download free copies of risk-based thinking documents and PowerPoint slides via the ISO website.4
This information may be helpful for promoting and
understanding risk-based thinking.
5. Conduct a gap analysis of your existing QMS. Ask
your registrar to provide a checklist suitable for this
purpose.
6. Contact your registrar to determine its timeline
and requirements to transition clients with existing QMS certifications from ISO 9001:2008 to ISO
9001:2015.
7. If your organization is currently planning or in the
process of obtaining an ISO 9001 certification, contact your registrar to determine their timing to begin
issuing ISO 9001:2015 as opposed to ISO 9001:2008
certifications.

28 QP www.qualityprogress.com

REVISION
RESOURCES

ISO 9001:2015 is scheduled to be released later

this month and will be available for purchase at
asq.org. Find out more about the new standard by:
Tuning in to the ASQ Standards Channel (videos.
asq.org/asq-standards-channel) to watch
experts discuss changes and transition advice.
Subscribing to the Standards Connection
enewsletter at asq.org/standardsconnection to
have information delivered to your inbox every
month.
Visiting Standards Central at asq.org/standards,
where you can find updates, articles and more.