This guidance document aims to gives a basic overview of the changes to ISO 9001, resulting from the review and revision of the 2008 standard. It is not intended to give an exhaustive and in-depth explanation of all requirements in the new standard.

ISO standards are reviewed and revised on a regular cycle, typically every 5-10 years, and 2015 sees ISO 9001:2008 reaching the end of that review process. A draft international standard (DIS) was published, and after extensive review the final draft international standard (FDIS) was published in July. The ISO 9001:2015 standard was published in September 2015.

The International Standards Organization (ISO) has developed a common Higher Level Structure (HLS) for management system standards, issued under an ISO Directive;

That directive has a series of annexes, of which we are interested in “Annex SL – Proposals for management systems standards”. This annex states that all management system standards will use a consistent structure, common text and terminology, and this is enacted through “Appendix 2 – High level structure, identical core text, common terms and core definitions”.

Some revised and new standards have already implemented this requirement – for example ISO 27001:2013 Information Security Management Systems (revised) and ISO 55001:2014 Asset Management Standard (new).

ISO 9001 has been revised in accordance with the new HLS and, as is the case with other HLS-based standards, it also contains additional discipline-specific content.

A whole range of country-level committees feed into the overall ISO committees which meet to decide on the revisions. The committee for ISO 9001 is TC 176. If you are a member of IRCA, or a trade federation, you can get access to the latest version of the draft Standard(s) and even comment on the content.

After the new standards are published, there will be a transition period for fully complying with them. This period will be 3 years, but it is strongly recommended that you start thinking now about how it will impact you, and review what changes might be needed.

How we can help

We are here to support you during the transition, through;

■■ direct contact, e.g. with your lead auditor as part of scheduled audits

■■ open webinars and transition training

■■ classroom training courses – tailored to your needs

■■ gap analysis, either as a separate activity or combined with scheduled audit activity

■■ combination of training and gap analysis

■■ “Questions on the ISO 9001:2015 and ISO 14001:2015 revisions” – pls contact us at:

Scope ISO 9001.

This section explains the scope of the standard – i.e. what it is for and what it encompasses. It introduces the requirements of a quality management system which supports the delivery of a product or service, through the application of effective and continually improving systems, assuring conformity to customer and applicable legal requirements, whilst enhancing customer satisfaction.

The section on “Application” in ISO 9001:2008 has been dropped, along with reference to “exclusions” (see ISO 9001:2015 clause 4.3).

2. Normative references

ISO 9000:2015, Quality management systems — Fundamentals and vocabulary is normatively referenced within ISO 9001:2015.

3. Terms and definitions

This clause simply references back to ISO 9000:2015 (see clause 2).

4. Context of the organization

This clause sets out the requirements for an organization to take a high level overview of the business, considering the key internal and external factors which impact it, and how it should respond in the form of a defined management system.

Understanding the organization and its context

This clause requires the organization to consider a wide range of potential factors which can impact on the management system, in terms of its structure, scope, implementation and operation.

Impacting factors can be of internal or external nature, and are wide-ranging;

  • External factors can arise from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local.
  • Internal factors may be related to values, culture, knowledge and performance of the organization.

4.2 Understanding the needs and expectations of interested parties

Clause 4.2 requires the organization to determine the need and expectations of “interested parties”, both internal and external. Previous versions of the draft standard also contained the term “stakeholder”, which many organizations will be more familiar with – the terms are synonymous and there is no need to consider them to be any different. Interested parties could include;

  • Employees
  • Contractors
  • Clients/Customers
  • Suppliers
  • Regulators
  • Shareholders
  • Neighbours
  • Non-Governmental Organizations (NGOs)
  • Parent organizations

What is clear is that whilst the consideration of context and interested parties needs to be relevant to the scope and the standard, the assessment needs to be appropriate and proportionate.

What is also clear is that the output from clauses 4.1 and 4.2 is a key input to the assessment and determination of risks and opportunities required in clause 6.

In terms of demonstrating compliance, the ISO 9001 makes it clear that;

“The organization shall monitor and review the information about these external and internal issues” (clause 4.1).

“The organization shall monitor and review the information about these interested parties and their relevant requirements” (clause 4.2).

The above implies that there will need to be some form of retained documented information of this to evidence how internal and external factors and the views of interested parties have been considered. There are various methods and approaches which can be used to capture these inputs.

As with any significant revision to standards, hopefully there will be the development of a range of methods and examples for this. Some current examples include;

Internal and External Issues

  • Key economic and market development which can impact on the organization; your organization is probably acutely aware of what is happening in its markets but it may be undertaken in a very ad-hoc way
  • Technological innovations and developments; this is also an area critical to your business success and is also probably being monitored and discussed at numerous levels
  • Regulatory developments; a whole range of external regulations are being monitored by your organization. If you miss them then it could seriously damage your business, or if you capture early intelligence on them you could realize better opportunities
  • Political and other instabilities; if for example you rely on raw materials from one particular country which experiences major instability your whole business could be jeopardized; or if there are major ethical concerns regarding a source of materials or goods
  • Organizational culture and attitudes; an effective and motivated workforce will give you positive impacts, and many organizations canvas feedback from employees

Internal and External Parties

  • Stakeholder engagement exercises; already widely used to consult with interested parties and map out concerns and issues. More often utilized by larger organizations engaging with corporate social responsibility initiatives
  • Consultation meetings with neighbourhoods and NGOs on environment, planning and development issues; these are often used by major industrial plants with significant HSE risks
  • Meetings and other interactions with regulators; this can encompass for example quality-critical issues on product specifications and conformity as well as developing compliance requirements and standards
  • Employee meetings, consultations and feedback activities; this should be happening already, but maybe this will prompt more efforts to improve an area which has been at risk of “lip service” to ISO 9001:2008
  • Supplier reviews and relationship management; many organizations are trying to get much more mutual benefit from the supplier-client relationships which are critical to mutual success
  • Client/customer reviews and relationship management; of course this is a fundamental pillar of all standards and a key to success
  • It may be that when you reflect on how you capture key issues, and how many interested parties you engage with already you may be pleasantly surprised. It may be that you only engage with a limited number of internal and external parties, but now is the time to start thinking about whether that is enough, and whether you are missing some good opportunities.

There will be many ways in which to capture this – and hopefully some improved and new approaches might emerge as this part of the standard is considered. Approaches could include;

  • Summary information from the range of existing approaches used as listed above (e.g. a brief report)
  • Information summarized as part of inputs to risk and opportunity registers
  • Recorded in a simple spreadsheet
  • Logged and maintained in a database
  • Captured and recorded through key meetings

These clauses are asking organizations to think clearly and logically about what can internally and externally affect their management systems, and be in a position to show that this information is being monitored and reviewed. It also requires organizations to elevate the discussions to the highest levels, since capturing the above range of information is hard to achieve without senior management involvement.

4.3 Determining the scope of the quality management system

This clause should be familiar to most organizations, since ISO 9001:2008 clause 4.2.2 required the definition of the scope of the management system. For ISO 9001:2015 the scoping requirements have become more stringent and require the organization to consider the inputs from 4.1 and 4.2, along with the products and services being delivered.

For the defined scope of the quality management system, the organisation should apply all requirements of the standard if they are applicable. When any requirement is not applicable there needs to be a clear justification. The defined scope has to be made available and maintained as documented information. The standard states, ‘Conformity to this International Standard may only be claimed if the requirements determined as not being applicable do not affect the organization’s ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction’.

These clearer requirements on scoping will drive clarity in the thinking of organizations in scoping the management system. Certification bodies will, as before, look at

how organizations has defined its scope, ensuring that this is both appropriate and is reflected accurately by the management system and also in the scope of any certificate issued.

4.4 Quality management system and its processes

This clause basically states that the organization needs to establish, implement, maintain and continually improve a management system in order to deliver the required products, services and performance required under the scope. This should also be familiar to organizations which implement management systems in order to deliver compliance and improvement.

Where this clause is more focused is in requiring organizations to understand more about the range of processes relevant to the scope of the management system. The term process is defined as; “a set of interrelated or interacting activities which transforms inputs into outputs”.

or those who are committed to a management system which is at the core of their business, this will probably already be an integral part of that system, although you might need to review how effectively you connect those processes and understand the influence and impact of those processes on each other and on the business.

This should also elevate the system in terms of its importance and value to the business, because it should drive more meaningful analysis of the key business processes and critical aspects of those processes. In practical terms it will require an organization to more fully analyse its processes and ensure that there is good understanding of how they interact with each other- and not operate as isolated procedures without overlap.

Clause 4 introduces some significant innovations to the management system world, and could represent a challenge to some organizations who have not viewed the management system as pivotal to the business, focussed as it is on raising management systems to a higher level and to be more central to the way an organization functions.


Further information