Publication of new ISO 9001:2008 standard and the changes incorporated

1. Publication & Applicability –ISO 9001:2008

Published on 15-11-2008, as fourth edition

Accredited certification to the ISO 9001:2008 shall be granted after 15-11-2008.

Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after a routine
surveillance or re-certification audit against ISO 9001:2008.

One year after publication of ISO 9001:2008 all accredited certifications issued (new certifications or re-
certifications) shall be to ISO 9001:2008 – mandatory change over to the new standard (no fresh certification
against 9001:2000 after 15-11-2009)

Twenty-four months after publication by ISO of ISO 9001:2008, any existing certification issued to ISO
9001:2000 shall not be valid. ( the certification against ISO 9001: 200 becomes invalid after 15-11-2010)

2. Salient changes in the new Standard (ISO 9001:2008)

No new requirements

Requirements of certain clauses re-clarified by additional notes

Ambiguity in certain statements of the earlier standard removed by restating the requirements in a clear
manner

Old references in standard replaced by new references

Better consistency with ISO14001: 2004

3 SWISO’s plan for change over to new standard –ISO 9001:2008

All new certification and re-certification after 01-01-2009 verified against ISO 9001:2008 for compliance.

All the existing clients certified to ISO 9001:2000 shall complete transition to ISO 9001:2008 before 31-03-
2010 after verification through routine surveillance starting from April 2009. All the existing clients having their
routine surveillance due from April 09 onwards need to prepare themselves to confirm compliance against ISO
9001:2008.For clients having their surveillance due between now and march 09, they may also opt for
verification against ISO 9001:2008if they are prepared, but otherwise they have to complete the transition
before March 2010.

Page 1 of 10
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
0.1 Introduction ------(1) The design and the application
of an organization’s quality
management system is influenced by
varying needs, particular objective, the
products produced, the processes
employed and the size and the
structure of the organization
-------(2.) This international standard
can be used by internal and external
parties, including certification bodies, to
assess the organization’s ability to meet
customer, regulatory and the
organization’s own requirements
0.2 Process approach ------(1). for an organization to function
effectively, it has to identify and
manage numerous linked activities. An
activity using resources, and managed
in order to enable the transformation of
inputs into outputs, can be considered
as a process. Often the output from one
process directly forms the input to the
next.
(2). The application of a system of
processes within an organization,
together with the identification and
interactions of these processes, and
their management, can be referred to
as the “process approach”
0.3 Relation ship with (1) The present editions of ISO
ISO 9004 9901and ISO 9004 have been
Page 2 of 10
Changes - ISO 9001:2008 Implication (to client’s QMS
(Changes underlined) and auditing)
------(1) The design and the application of an For guidance and the changes
organization’s quality management system is may be noted
influenced by
(a) Its organizational environment, changes in
that environment, and the risks associated
with that environment
(b) Its varying needs,
(c) Its particular objective,
(d) The products it provides,
(e) The processes it employs,
(f) Its size and the structure of the
organization
-------(2.) This international standard can be used by
internal and external parties, including certification
bodies, to assess the organization’s ability to meet
customer, statutory and regulatory requirements
applicable to the product, and the organization’s own
requirements
------(1). For an organization to function effectively, it For guidance and the changes
has to determine and manage numerous linked may be noted
activities. An activity or a set of activities using
resources, and managed in order to enable the
transformation of inputs into outputs, can be
considered as a process. Often the output from one
process directly forms the input to the next.
(2). The application of a system of processes within
an organization, together with the identification and
interactions of these processes, and their
management to produce the desired outcome, can
be referred to as the “process approach”
(1) ISO 9001 and 9004 are quality management For guidance and the changes
system standards which have been designed to may be noted
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
developed as a consistent pair of
quality management system standard
which have been designed to
complement each other, but can be
used independently. Although the two
international standards have different
scopes, they focuses on the
collectiveness of the quality
management system in meeting
customer requirements (replaced)
(2) Last Para replaced
0.4 Compatibility with First Para replaced
other management
system
1.0 Scope / 1.1 general Note: in this international standard the
term “product ”applies only to the
product intended for or required by a
customer
2.0 . Normative Existing statement deleted and
references replaced
3.0 3. Terms & Existing statement deleted and
definitions replaced
Changes - ISO 9001:2008 Implication (to client’s QMS
(Changes underlined) and auditing)
complement each other, but can be used
independently
(2). At the time of publication of this international
standard, ISO9004 is under revision. The revised
edition of ISO 9004 will provide guidance to
management for achieving sustained success for any
organization in a complex, demanding, and ever
changing, environment .ISO 9004 provides a wider
focus on quality management system than ISO9001;
it addresses the needs and expectations of all
interested parties and their satisfaction, by the
systematic and continual improvement of the
organization’s performance. However it is not
intended for certification, regulatory or contractual
use
During the development of this international For guidance and the changes
standard, due consideration was given to the may be noted
provisions of ISO 14001:2004 to enhance the
compatibility of the two standards for the benefit of
the user community. Annex a shows the
correspondence between ISO 9001: 2008 and ISO
14001:2004
Note.1: in this international standard, the term” For guidance and the changes
product” only applies to may be noted
(a) Product intended for or required by a
customer
(b) Any intended output resulting from the
product realization process
The following reference documents are For guidance and the changes
indispensable for the application of this document. may be noted
For dated references, only the edition cited applies.
For undated references the latest edition of the
referenced document (including any amendment)
applies.
ISO 9000:2005, quality management systems-
fundamentals and vocabulary
For the purpose of this document the terms and All terms & definitions in QMS
definitions given in ISO 9000 apply. shall be based on ISO 9000:2005,
Throughout the text of this international standard applicable to client and auditing
whenever the term “ product” occurs, it can also

Page 3 of 10
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
4.1 General 4.1(a). Identify the processes needed
requirements for the quality management system and
their application through out the
organization (see 1.2)
4.1 Outsourcing Where an organization chooses to
outsource any process that affect
product conformity with requirements,
the organization shall ensure control
over such processes. Control of such
outsourced processes shall be
identified within the quality
management system
Note 1:processes needed for the quality
management system referred to above
should include processes for
management activities, provision of
resources, product realization and
measurement
4.2 4.2.1 general 4.2.1(d) &(e)
Note1: where the term” documented
procedure” appears within this
international standard, this means the
procedure is established, documented,
implemented and maintained
Page 4 of 10
Changes - ISO 9001:2008 Implication (to client’s QMS
(Changes underlined) and auditing)
mean “service”
4.1(a). Determine the processes needed for the Nil for client and auditing
quality management system and their application
through out the organization (see1.2)
Where an organization chooses to outsource any Applicable to client having its
process that affect product conformity with processes outsourced and the
requirements, the organization shall ensure control client shall address in QMS at
over such processes. The type and the extent of least the following
Control to be applied to these outsource processes (a) Processes outsourced
shall be defined within the quality management (b) Assumes responsibility to
system ensure conformity to all
Note 1:processes needed for the quality customer & statutory &
management system referred to above should regulatory requirements
include processes for management activities, (c) The type and the extent
provision of resources, product realization of control, a quality plan
measurement, analysis and improvement for outsourced activity
Note.2: an outsourced process is a process that the covering both process
organization needs for its quality management and the product
system and which the organization chooses to have (d) Contract with the
performed by an external party outsource body defining
Note.3: ensuring control over outsourced processes controls required on both
does not absolve the organization of the sides to be covered
responsibility of conformity to all customers, statutory through application of 7.4
regulatory requirements. The type and extent of
control to be applied to the outsourced processes All the above to be verified and
can be influenced by factors such as confirmed during the audit
(a) The potential impact of the outsource
process on the organization’s capability to
provide product that conforms to
requirements
(b) The degree to which the control for the
process is shared
(c) The capability of achieving the necessary
control through the application of 7.4
Both combined into 4.2.1(d) as “documents including (1) Records have wider application
records determined by the organization to be and pertain to activities related to
necessary to ensure the effective planning, operation effective planning, operation and
and control of its processes (record reference to control of its processes and not
4.2.4 removed giving wider scope) necessarily referenced by 4.2.4
Note1: where the term” documented procedure” alone. Client to include all the
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
4.2.3 4.2.3(f)-External To ensure that documents of external
documents origin are identified and their
distribution controlled
4.2.4 Control of records Records shall be established and
maintained to provide evidence of
conformity to requirements and of the
effective operation of the quality
management system. Records shall
remain legible, readily identifiable and
retrievable. A documented procedure
shall be established to define the
controls needed for the identification,
storage, protection, retrieval, retention
time and the disposition of records
6.2. 6.2.1 general Personnel performing work effecting
product quality shall be competent on
the basis of appropriate education,
training, skills 7 experience
6.2.2 (a) and (a) Determine the necessary
6.2.2(b) competence for personnel
performing work affecting
Page 5 of 10
Changes - ISO 9001:2008 Implication (to client’s QMS
(Changes underlined) and auditing)
appears within this international standard, this means documents and records in QMS
the procedure is established, documented, and the same verified during audit.
implemented and maintained .A single document
may address the requirements for one or more (2) Client can have one document
procedures. A requirement for documented describing more than one
procedure may be covered by more than one procedure e.g. for procedures on
document corrective and preventive actions
one document can address both
Note 2 & 3 retained as such these procedures and there should
be at least two documents
covering all mandatory procedures
To ensure that documents of external origin More clarity as what type of
determined by the organization to be necessary for external documents are necessary
the planning and operation of the quality to be identified and their
management system are identified and their distribution controlled
distribution controlled
(The requirements re-stated with more clarity) No change.
Records established to provide evidence of More emphasis on identifying
conformity to requirements and of the effective records correctly and controlling
operation of the quality management system shall be them. The procedure to define the
controlled. controls needed for the
identification, storage, protection,
. The organization shall establish a documented retrieval, retention and the
procedure to define the controls needed for the disposition of records
identification, storage, protection, retrieval, retention
and the disposition of records
Records shall remain legible, readily identifiable and
retrievable
(Replaced by, as under) Client shall ensure that all the
Personnel performing work effecting conformity to personnel performing work within
product requirements shall be competent on the the QMS are competent, not
basis of appropriate education, training, skills & personnel pertaining to product
experience quality alone.
Note: conformity to product requirements can be
affected directly or indirectly by personnel performing
any task within the quality management system
(c) Determine the necessary competence for Better clarity of expression.
personnel performing work affecting ■ product quality replaced by
conformity to product requirements conformity to product requirements
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
product quality
(b) Provide training or take other
actions to satisfy these needs
Changes - ISO 9001:2008 Implication (to client’s QMS
(Changes underlined) and auditing)
(d) Where applicable provide training or take i.e. wider applicability.
other actions to achieve the necessary Competence need to be defined
competence for all the personnel within the
QMS
■ objective of training is to make
personnel competent and not for
satisfying need. Need arises from
the gap between desired (defined)
competence and the competence
currently possessed by the
personnel

6.3 6.3© / infrastructure ©Supporting services (such as ©Supporting services (such as transport, Information system also included
transport or communication communication or information system) in the infrastructure .The client to
identify these if found applicable.
6.4 Environment - Note added:
Note ‘the term “work environment” related to those More clarity now as to what to
conditions under which work is performed including include in work environment. Client
physical, environmental and other factors (such as has to address how various
noises, temperature, humidity, lighting or weather) requirements are being managed
and the same demonstrated during
audit for compliance
7.2 Customer related © Statutory and regulatory © Statutory and regulatory requirements ■ Post delivery activities clearly
process -7.2© and requirements Applicable to the product, and identified and the client shall
(d) Related to the product, and (d) Any additional requirements considered accordingly address and
(d) Any additional requirements necessary implement them if applicable.
determined By the organization ■ More specific statements about
By the organization requirements for easy
Note: post –delivery activities include, for example, understanding and
actions under warranty provisions, contractual implementation, (Otherwise no
obligation such as maintenance services and basic change in requirements)
supplementary services such as re-cycling or final
disposal
7.3 7.3.1.Design and - Note added
development Note; design and development review, verification Organization to have more focus
planning and validation have distinct purposes. They can be on review, verification and
conducted and recorded separately or in any validation especially and
combination, as suitable for the product and the accordingly maintain appropriate
organization records for demonstrating
compliance during audit.
7.3.3.design and The outputs of design and development The outputs of design and development shall be in a Client shall include requirements

Page 6 of 10
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
development output shall be provided in a form suitable that
enables verification against the design
and development input and shall be
approved prior to release
7.5 Control of (d) The availability and the use of
production-7.5.1 (d) monitoring and measuring devices
7.5.2 Validation of The organization shall validate any
processes processes for production and service
provision where the resulting output
cannot be verified by subsequent
monitoring or measurement. This
includes any processes where
deficiencies become apparent only after
the product is in use or the service has
been delivered
7.5.4 Customer property -------. If any customer property is lost,
damaged or otherwise found to be
suitable for use, this shall be reported
to the customer and records maintained
Note: customer property can include
intellectual property
7.5.5 Preservation of The organization shall preserve the
product conformity of product during internal
processing and delivery to the intended
destination. This preservation shall
include identification, handling,
packaging, storage and protection.
Preservation shall also apply to
constituent parts of a product
7.6 Control of monitoring (1) The term “devices” appearing in all
and measuring the text changed.
equipment, 7.6. (a) & (2) 7.6. (a). Be calibrated or verified, at
(C) specified intervals or prior to use
against measurement standards
traceable to international or national
measurement standards; where no
such standard exist, the basis used for
Page 7 of 10
Changes - ISO 9001:2008
(Changes underlined)
form suitable for verification against the design and
development input and shall be approved prior to
release
Note: information for production and service
provision can include details for the preservation of
product
(d) The availability and the use of monitoring and
measuring equipment
The organization shall validate any processes for
production and service provision where the resulting
output cannot be verified by subsequent monitoring
or measurement and as a consequence deficiencies
become apparent only after the product is in use or
the service has been delivered
-------. If any customer property is lost, damaged or
otherwise found to be suitable for use, organization
shall report this to the customer and maintain records
Note: customer property can include intellectual
property and the personal data
The organization shall preserve the product during
internal processing and delivery to the intended
destination in order to maintain conformity to
requirements. As applicable preservation shall
include identification, handling, packaging, storage
and protection. Preservation shall also apply to
constituent parts of a product
(1) The term “devices” appearing in the old standard
has been replaced by” equipment” in all places
including in the title
(2) 7.6. (a). Be calibrated or verified or both, at
specified intervals or prior to use against
measurement standards traceable to international or
national measurement standards; where no such
standard sexist the basis used for calibration or
Implication (to client’s QMS
and auditing)
for the preservation of product in
the output and communicated to
production and service provision.
■organization to ensure
compliance and the auditor to
verify
Nil for client and auditing
Nil for client and auditing
Personal data also included in the
customer property. Client shall
also include personal data if any in
the customer property. Same
verified during audit
Nil for client and auditing except
better clarity in expression
■ Better clarity in requirements.
■ where no calibration standard
exist the basis used for calibration
or verification need to be recorded
mandatory now (4.2.4)
■ no need to have calibration
status on the equipment except for
identification number
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
calibration or verification shall be
recorded (4.2.4.
(3) 7.6©. . Be identified to enable the
calibration status to be determined
(4) Note: see ISO 10012-1 and ISO
10012-2 for guidance
8.1 General 8.1(a). To demonstrate conformity of
the product
8.2.1 Customer - Note: monitoring customer perception can include
satisfaction
8.2.2 Internal audit (1)------- the responsibilities and the
requirements for planning and
conducting audit, and for reporting
results and maintaining records (see
4.2.4) shall be defined in a documented
procedure
(2). The management responsible for
the area being audited shall ensure that
actions are taken with out undue delay
to eliminate detected non conformities
and their uses
Changes - ISO 9001:2008
(Changes underlined)
verification shall be recorded (4.2.4)
(3) 7.6©. Have identification in order to determine
calibration status
(4). Note: confirmation of the ability of computer
software to satisfy the indented application would
typically include its verification and configuration
management to maintain its suitability for use
8.1(a). To demonstrate conformity to product
requirements
obtaining input from sources such as customer
satisfaction surveys, customer data on delivered
product quality, user opinion surveys, lost business
analysis, compliments, warranty claims and dealer
reports
(1)-------(replaced by) a documented procedure shall
be established to define the responsibilities and the
requirements for planning and conducting audit,
establishing records and reporting results
. Records of the audits and their results shall be
maintained (see 4.2.4)
(2). The management responsible for the area being
audited shall ensure that any necessary correction
and corrective actions are taken with out undue delay
to eliminate detected non conformities and their uses
Implication (to client’s QMS
and auditing)
■ confirmation of the ability of
computer software now clarified
and records need to be
accordingly maintained, emphasis
on verification and configuration
management
Nil for client and auditing except
better clarity in expression
Customer perception now clarified
in terms of different inputs. The
client shall use a combination of
these inputs to assess the
customer satisfaction. Client to
establish or modify the existing the
system on these lines and these
will be verified during audit.
■ better clarity in requirements
■ clients shall now have to record
corrections and root cause & the
corrective actions for all the non-
conformances. The format for
reporting NCs and corrective
action shall be modified
accordingly. Will be verified during
audit

8.2.3 Monitoring & - Note: when determining suitable methods, it is Further clarification through
measurement of advisable that the organization consider the type and additional note. Client shall identify
processes the extent of the monitoring or measurement the monitoring and measurement
appropriate to each of its processes in relation to criteria appropriate to each
their impact on the conformity to product process. Will be confirmed during
requirements and on the effectiveness of the quality audit
management system
8.2.4 Monitoring & -------. Records shall indicate the -------. Records shall indicate the persons authorizing ■ Client to define the authority for
measurement of persons authorizing the release of the release of product for delivery to the customer release of product for delivery to

Page 8 of 10
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000
no
product product (see 4.2.4)
Product release and service delivery
shall not proceed until planned
arrangements (see 7.1) have been
satisfactorily completed, unless
otherwise approved by a relevant
authority and where applicable by the
customer.
8.3 Control of non ------. (1) The controls and the related
conforming product responsibilities and authorities for
dealing with non conforming product
shall be defined in documented
procedure
(2) Organization shall deal with non
conforming product by one or more of
the following ways
(3) When non conforming product is
detected after delivery or use has
stared, the organization shall take
action appropriate to the effects or
potential effects of the non conformity
8.4 Analysis of data (1) 8.4(b). Conformity to product
requirements (see 7.2.1)
(2) 8.4©. Charecteristsics and trends of
processes and products, including
opportunities for preventive action, and
(3) 8.4(d). Suppliers
8.5.2 Corrective action 8.5.2(f). Reviewing corrective actions
taken
8.5.3 Preventive action 8.5.3(e). Reviewing preventive actions
taken
Page 9 of 10
Changes - ISO 9001:2008
(Changes underlined)
(see 4.2.4)
The release of product and delivery of service to the
customer shall not proceed until planned
arrangements (see 7.1) have been satisfactorily
completed, unless otherwise approved by a relevant
authority and where applicable by the customer.
------. (1) A documented procedure shall be
established to define the controls and the related
responsibilities and authorities for dealing with non
conforming product
(2) Where applicable organization shall deal with non
conforming product by one or more of the following
ways
(3) This included as 8.3(d). By taking action
appropriate to the effects or potential effects of the
non conformity when non conforming product is
detected after delivery or the use has started
(1) 8.4(b). Conformity to product requirements (see
8.2.4)
(2) 8.4©. Charecteristsics and trends of processes
and products, including opportunities for preventive
action, (8.2.3 & 8.2.4) and
(3) 8.4(d). Suppliers (7.4)
8.5.2(f). Reviewing effectiveness of corrective actions
taken
8.5.3(e). Reviewing effectiveness of preventive
actions taken
Implication (to client’s QMS
and auditing)
the customer
■ Only products and delivery of
service meeting the requirements
shall only be released by the
defined authority
Compliance to be verified during
audit
■ Better way of expressing the
intent
Clients shall accordingly address
the ways of dealing with the non
conformities as applicable and the
same shall be verified during audit
.
Clarification with respect to the
type of data required to be used
for analysis. Clients shall
accordingly utilize this information
in their analysis of data including
process and product
measurements .
An ambiguity removed. Important
to review the effectiveness of
corrective actions taken
An ambiguity removed. Important
to review the effectiveness of
preventive actions taken
 Changes in ISO 9001: 2008
Clause Title / subject Existing – ISO 9001:2000 Changes - ISO 9001:2008 Implication (to client’s QMS
no (Changes underlined) and auditing)
Note (1) Only changes in the old document( ISO 9001:2000) high lighted
(2) For the remaining part of the old document,, same have been retained in the new document ( ISO 9001:2008)
(3) The clients need to make changes in the QMS in light of the new clarifications in ISO 9001:2008 and implement the same as per SWISO plan .
(4)The changes will be verified during certification, re-certification or routine surveillance as per SWISO plan and new certificate of compliance to ISO 9001:2008
issued .

Page 10 of 10