The ISO 9001:2015 quality standard is a set of requirements that affect virtually all aspects of the operations of corporate enterprises, non-profit organizations and government entities. Our research, supported by feedback from Council members, drives home the point that companies generally achieve increased sales and profitability by implementing ISO 9001.
ISO 9001 sets the requirements for a company's Quality Management System (QMS), but a QMS is very different from quality control. Quality control refers to checking product or service features to verify they conform to requirements, while a Quality Management System is about the management of the entire enterprise and its operational processes.
ISO 9001 is designed for any company (in fact, for any organization) of any size and in any industry. This broad application results in ISO 9001 Standard being rather broad, and its requirements rather difficult to read and understand. The following is a summary of the ISO 9001:2015 requirements in lay man's terms.
Clauses 0-3 of ISO 9001:2015 are introductory chapters that don't contain any requirements.
The introduction includes information on the quality management principles and the process approach, both of which form the basis of ISO 9001:2015. There is also some information on how ISO 9001:2015 relates to other ISO standards.
This section sets the requirements for the foundation of the ISO 9001 Quality Management System. The "context of the organization" is the business environment in which the company operates.
The first requirement is to identify external and internal strengths and weaknesses that are relevant to the company and the ISO 9001 Quality Management System.
Next, the needs and expectations of not only the customers but a wide range of "interested parties" (or stakeholders) need to be determined, and how they are relevant to the ISO 9001 Quality Management System.
Here you also need to decide on the scope of the ISO 9001 Quality Management System (and the ISO 9001 certification). While it is possible to exclude functions and certain products or services, the scope will in most cases be the entire company.
Finally you will need to use the process approach to determine the processes of the ISO 9001 Quality Management System. The Quality Management System will need to be implemented, maintained and continually improved upon.
The documentation of the Quality Management System must include procedures and work instructions to ensure the effective operation and control of all processes. This documentation must be controlled to ensure the correct people have access to current revisions.
Records are established and controlled to provide evidence of a properly maintained ISO 9001 Quality Management System.
Remember that "Quality Management System" refers to integrated management processes throughout the entire company.
There is a common misconception that ISO 9001:2015 requires less documentation than previous revisions of the standard because there is no longer an explicit requirement for a quality manual. However, ISO 9001:2015 contains numerous implicit documentation requirements. Since most companies consider the documentation the most difficult part of the ISO 9001 implementation, the use of good ISO 9001 templates can be beneficial (please refer to our section on templates for more information).
This section of ISO 9001:2015 is all about the involvement of top management in the ISO 9001 Quality Management System.
The first part of this clause summarizes the various responsibilities of top management with regards to the ISO 9001 Quality Management System. Among those is the requirement that top management integrate the ISO 9001 Quality Management System into the operational processes of the company, and aligns policy and objectives with the strategy of the company.
Importantly, top management must take leadership when it comes to customer focus, including determining customer requirements, determining related risks and addressing them, and maintaining a focus on customer satisfaction.
Top management establishes its quality policy. Particular attention is given to a commitment to meeting requirements and to continual improvement, and a framework for establishing and reviewing quality objectives.
Top management ensures that responsibilities and authorities within the company are clearly established. A task or job can only be accomplished if it is clear who is responsible for it.
Top management is ultimately responsible for the ISO 9001 Quality Management System but they may appoint an ISO 9001 Management Representative who takes on various responsibilities and authorities of the ISO 9001 Quality Management System.
Use good standard forms to simplify compliance. For example responsibilities and authorities are best established using job descriptions; a good standard format will save much time when creating new job descriptions, when advertising positions, when performing employee evaluations, etc.
This section focuses on planning and the concept of risk-based thinking.
The first part addresses how the company needs to engage in risk and opportunity management. ISO 9001 doesn't dictate action to address all risks and opportunities but requires to set up a system of evaluating risks and opportunities in order to make an informed decision as to what (if any) action is needed.
Secondly, senior management needs to establish measurable quality objectives and plan how to achieve them. Those quality objectives are basically strategic objectives of the company that are relevant to product and service requirements, as well as customer satisfaction.
Lastly, clause 6 addresses the planning of changes, which has to be done in a systematic manner.
Risk management does not require the establishment of a new department or the hiring of a risk manager. Small to mid-size companies may choose to use a risk management matrix and calculate a priority number - it's a simple yet effective system.
This section of ISO 9001:2015 is all about support functions: various resources, competence and training, communication and documentation.
The first part of this clause clarifies the requirement for a company to determine and provide, in a timely manner, resources needed to implement and improve the processes of the Quality Management System.
Resources include people (human resources) and their competence, as well as training necessary to achieve the required competencies.
Further, the company must identify, provide and maintain the infrastructure needed to achieve the conformity of its products or services. Infrastructure includes buildings, equipment, transportation and communications technology.
The company must identify and manage those human and physical factors of the work environment needed to achieve conformity of its products or services.
Maintenance activities of equipment, machinery as well as the work environment are part of this section.
The company must take special care of all measuring devices and properly calibrate them.
Organizational knowledge is another resource that must be determined, maintained and, importantly, shared so that the company can fully utilize it. Organizational knowledge is a wide-ranging term, which includes best practices.
When addressing the needed competence of its people, the company must not only consider training but also hiring and reassignment of people.
Awareness is another part of clause 7. Management and staff must be aware of the quality policy and relevant objectives, as well as their part in the ISO 9001 Quality Management System.
Further, the company needs to have established internal and external communications channels.
Last but not least, clause 7 addresses documents and records. Essentially, the company must control its documents to ensure that the right people have the current version of the right document available. Records must be kept for numerous activities.
Integrate your company's HR function well into your ISO 9001 quality system, and make them take on a leading role during the ISO 9001 implementation.
In this section, the ISO 9001:2015 standard sets the requirements for the processes needed to achieve the product or service. This is how your product or service is designed, produced, tested, handled, shipped, etc.
Emphasis is placed on how the company understands, communicates and meets customer requirements, and what it does if customer requirements change. Design and development reviews, verification, and validation must be planned for at the very beginning of the design and development process. This clause also addresses the purchasing of products and services and outsourcing. Controls include supplier evaluations, selection, disqualification and receiving inspections.
The clause specifies several controls for the actual production and service provision, ranging from work instructions to QC inspections. There are also requirements for the identification of components and the ability of tracing a product or service back, as well as for handling products that belong to customers or suppliers.
Then the standard addresses how the final product or service can eventually be released to the customer.
Lastly this clause addresses cases in which output is found as not conforming to requirements, including cases in which such a nonconformance is only detected after the product has been delivered or the service provided.
Most companies write work instructions and flowcharts to define and standardize their work processes. You will save yourself much time if you follow the ISO 9001 requirements for document control from the beginning when writing these documents.
This section is all about measuring and evaluating.
Measurement and monitoring activities needed to assure conformity and achieve improvement must be defined, planned and implemented. Measuring and monitoring allows the company to manage by fact, not by guess. The company must monitor information relating to customer perception as to whether the company has fulfilled customer requirements.
Further, this section focuses on the analysis of data arising from monitoring and measurement activities. There are several methods to analyze data, including statistical techniques, but the outcome of the analysis is designed to gain the necessary information to make fact-based decisions.
Internal auditing of the company must be done at planned intervals to understand if the ISO 9001 Quality Management System is working as planned. Audits are checks on the system, not on individuals.
Finally, management reviews will need to be carried out. The management reviews cover a wide range of topics related to the ISO 9001 Quality Management System, ranging from customer satisfaction to the performance of suppliers. The result of management reviews are decisions and actions regarding improvements, changes and resource needs.
Start your internal audit program early during the implementation phase - your initial audits can double as training opportunities.
The last section of ISO 9001:2015 requires companies to determine and identify opportunities for improvement.
There is a requirement for the improvement of products and services with an eye to current and future market needs. This clause also includes requirements regarding the correction of nonconformities. First, companies must react to the nonconformity. Secondly, companies must engage in corrective action to correct the underlying causes of existing problems, as well as engage in preventive action to correct situations that could lead to potential problems.
Last but not least, the company must plan and manage the processes for the continual improvement of the ISO 9001 Quality Management System. The company must use the quality policy, objectives, internal audit results, analysis of data, corrective and preventive action and management review to facilitate continual improvement.
This is a very important section of the ISO 9001 Standard. Depending on how it is implemented, it can add tremendous value or create bureaucracy and waste. We highly recommend placing emphasis on this crucial section.