Changes to ISO 9001:2015 – an Overview

Using ISO 9001:2015 to Improve

A history lesson on  ISO 9001:2015

The standard has been around since 1988. It does have its roots in WWII military specs but the first time ISO 9001 existed was in 1988. It was revised in 1996, 2000, 2008 with some minor edition changes in between. Business has changed in the last decade so it is not unreasonable to expect some updates.

At the time ISO issued ISO 9001 they were not in the management standards business. They regulated things, like the size of a piece of paper or a sea-tainer. The first version of the standard was a verbatim copy of a British standard, BS 5750. Over time ISO developed many other standards, such as environmental (ISO 14001), safety  (ISO 45001), information security (ISO 27001), etc. All of them had different formats and numbering so companies wanting to implement procedures relative to each had a difficult time figuring out which numbering system to implement or if they should implement multiple numbering systems. A new document Annex SL set up a standard format for management documentation and as standards were written or revised they were converted to this standard format.

What’s changed in ISO 9001:2015?

Starting simply, the numbering has changed. Here is a correlation table from the technical committee (Here is the link if you would like to download it directly from TC176. )

ISO 9001:2015 ISO 9001:2008
1          Scope 1         Scope

1.1      General

4         Context of the organization 4         Quality management system
4.1      Understanding the organization and its context 4         Quality management system

5.6     Management review

4.2      Understanding the needs and expectations of interested parties 4         Quality management system

5.6     Management review

4.3      Determining the scope of the quality management system 1.2      Application

4.2.2  Quality manual

4.4      Quality management system and its  processes 4         Quality management system

4.1      General requirements

5          Leadership 5         Management responsibility
5.1      Leadership and commitment 5.1      Management commitment
5.1.1  General 5.1      Management commitment
5.1.2  Customer focus 5.2      Customer focus
5.2      Policy 5.3      Quality policy
5.2.1  Establishing the Quality Policy 5.3      Quality policy
5.2.2  Communicating the Quality Policy 5.3      Quality policy
5.3      Organizational roles, responsibilities and  authorities 5.5.1  Responsibility and authority

5.5.2  Management representative

5.4.2  Quality management system planning

6         Planning 5.4.2  Quality management system planning
6.1      Actions to address risks and opportunities 5.4.2  Quality management system planning

8.5.3  Preventive action

6.2      Quality objectives and planning to achieve them 5.4.1  Quality objectives
6.3      Planning of changes 5.4.2  Quality management system planning
7         Support 6         Resource management
7.1      Resources 6         Resource management
7.1.1  General 6.1      Provision of resources
7.1.2  People 6.1      Provision of resources
7.1.3  Infrastructure 6.3      Infrastructure
7.1.4  Environment for the operation of processes 6.4      Work environment
7.1.5  Monitoring and measuring resources 7.6      Control of monitoring and measuring equipment  General 7.6      Control of monitoring and measuring equipment  Measurement traceability 7.6      Control of monitoring and measuring equipment
7.1.6  Organizational knowledge No equivalent clause
7.2      Competence 6.2.1  General

6.2.2  Competence, training and awareness

7.3      Awareness 6.2.2  Competence, training and awareness
7.4      Communication 5.5.3  Internal communication
7.5      Documented information 4.2     Documentation requirements
7.5.1  General 4.2.1  General
7.5.2  Creating and updating 4.2.3  Control of documents

4.2.4  Control of records

7.5.3  Control of documented Information 4.2.3  Control of documents

4.2.4  Control of records

8         Operation 7         Product realization
8.1      Operational planning and control 7.1      Planning of product realization
8.2     Requirements for products and services 7.2      Customer-related processes
8.2.1  Customer communication 7.2.3  Customer communication
8.2.2  Determination of requirements for products and services 7.2.1  Determination of requirements related to the product
8.2.3  Review of the requirements for products and services 7.2.2  Review of requirements related to the product
8.2.4  Changes to requirements for products and services 7.2.2  Review of requirements related to the product
8.3      Design and development of products and services 7.3Design and development
8.3.1  General 7.3.1  Design and development planning
8.3.2  Design and development planning 7.3.1  Design and development planning
8.3.3  Design and development inputs 7.3.2  Design and development inputs
8.3.4  Design and development controls 7.3.4  Design and development review

7.3.5  Design and development verification

7.3.6  Design and development validation

8.3.5  Design and development outputs 7.3.3  Design and development outputs
8.3.6  Design and development changes 7.3.7  Control of design and development changes
8.4      Control of externally provided processes, products and services 7.4.1  Purchasing process
8.4.1  General 4.1     General requirements

7.4.1  Purchasing process

8.4.2  Type and extent of control 7.4.1  Purchasing process

7.4.3  Verification of purchased product

8.4.3  Information for external providers 7.4.2  Purchasing information

7.4.3  Verification of purchased product

8.5      Production and service provision 7.5      Production and service provision
8.5.1  Control of production and service provision 7.5.1  Control of production and service provision

7.5.2  Validation of processes for production and service provision

8.5.2  Identification and traceability 7.5.3  Identification and traceability
8.5.3  Property belonging to customers or external providers 7.5.4  Customer property
8.5.4  Preservation 7.5.5  Preservation of product
8.5.5  Post-delivery activities 7.5.1  Control of production and service provision
8.5.6  Control of changes 7.3.7  Control of Design and Development Changes


ISO 9001:2015 Documentation Changes

I have a potential client who is very frustrating. Since there is no longer a requirement to have a quality manual or procedures he has decided to dispose of all his documentation. While required documents are gone, there is a need to communicate and in many applications that is most easily done through the quality manual and procedures. In addition there are at least 30 references throughout ISO 9001:2015 to “documented information”. Current procedures, work instructions, etc. and records fall into the category of documented information.

The Context of the organization in ISO 9001:2015

In the 2008 version there was a requirement to define the scope of the organization. It still exist as a subset of the context of the organization. What is added is who is affected by the management decisions and what influences the management of the organization both internally and externally. This means you must identify the interested parties, the external factors and the internal factors. I will be putting up subsequent articles about those items.

ISO 9001:2015 expects a process approach

Look at the interaction of each step from the time an order is received to the time product ships. A simple tool is a turtle diagram. A process is identified along with the steps in the process, the inputs, equipment, materials, operators, support documents and criteria are identified and the outputs defined. The output of each process should be the input of the next major step in the process. Using ISO 9001:2015 the QMS looks at interrelationships and how product is developed, manufactured and shipped. In the 2008 version, audits were more likely to look at discrete chunks of the operation rather than the operation as a whole with the chunks defined by the individual documents such as procedures and work instructions.

Risk Based Thinking in ISO 9001:2015

The idea of risk based thinking has created a great deal of stress for individuals involved in managing the QMS. At this point in time, ISO 9001:2015 is not looking for a formal risk management program with the employees hired just to study and address risk. What is expected is the process has been evaluated for both risks and opportunities and management is incorporating them into the strategic planning. For this reason, preventive action is now considered as part of the strategic and operational planning and is not a specific element of ISO 9001:2015 as it was in ISO 9001:2008.

Leadership in ISO 9001:2015

This is an important change. Top management must be involved and aware and lead the organization. It is something that will not be auditable with a single document or record. Top management must demonstrate how they lead.

Internal audits with ISO 9001:2015

When using ISO 9001:2008, most internal audits were conducted with a checklist derived from the standard and the procedures. The standard would read, “The organization shall…” and the checklist would read “Does the organization…” generally with evidence which referenced the procedure and records. With ISO 9001:2015 there is no requirement for procedures but the organization is still required to carry out internal audits at planned intervals which take into consideration the importance of the process, changes and the results of previous audits. This means to audits should follow the process, not a single document.

Moving forward

If you are already using the 2008 revision of ISO 9001 than you are in a good position to transition to ISO 9001:2015. If you would like some help, please feel free to contact me at or at (708) 814-3685.