ISO 9001, the world's most recognized Quality Management Standard, is a set of requirements that guide organizations in implementing standardized management practices to improve quality and customer satisfaction. It is used by about one and a half million companies in more than 190 countries,
ISO 9001 addresses Quality Management. This refers to what companies or organizations do to fulfill:
their customers' requirements and any applicable regulatory requirements,
while aiming to
enhance customer satisfaction and achieve continual improvement of its performance.
Companies that follow the ISO 9001 requirements have implemented an "ISO 9001 Quality Management System (QMS)". It is then possible to obtain a certificate that provides evidence the company has implemented ISO 9001 and is following all of its requirements – the prestigious "ISO 9001 certification".
Most companies gain significant benefits by following ISO 9001 requirements and holding ISO 9001 certification. These benefits can be divided into three groups:
Read more about how companies benefit from ISO 9001 in our article A detailed analysis of the benefits of ISO 9001.
ISO 9001 is published by the International Organization for Standardization, a non-profit organization usually referred to as ISO (ISO is not an acronym but a reference to the Greek word for "equal").
ISO is comprised of member bodies from about 190 countries, and develops and publishes international standards. Most of these standards are for products and services but a few, such as ISO 9001 and ISO 14001 (Environmental Management System) are standards for management systems. All standards are designed to be used worldwide.
While ISO 9001 has been translated into countless languages, the content is the same in each country. Some of the national members of ISO have changed the name of the ISO 9001 standard to include the name of their own national organization (for example, the ISO 9001 standard is called AS/NZS ISO 9001 in Australia and New Zealand); however, the actual content is unchanged.
An ISO 9001 certification (also called accreditation or registration) serves as evidence that a company is complying with ISO 9001 requirements and has adopted an effective ISO 9001 Quality Management System.
Certification is optional but most companies that implement an ISO 9001 Quality Management System also seek registration for marketing reasons or to satisfy customer requirements. In order for the ISO 9001 certification to be valid, the certificate must be issued by an independent, accredited registrar, and bear the logo of both the registrar and the accreditation body. Well-known accreditation boards include ANAB, UKAS, and JAS-ANZ.
Image: ISO 9001 certification mark with logos of registrar (Lloyd's Register) and accreditation board (ANAB)
ISO itself does not offer any certifications, nor does the organization certify companies or accredit registrars or accreditation boards. Here is how ISO 9001 certification works:
Companies and other organizations get certified to ISO 9001 by an accredited registrar. The certification process involves a registrar sending one or more auditors to perform an on-site evaluation of the company's ISO 9001 Quality Management System. The auditors also review and evaluate the company's ISO 9001 documentation. Where non-conformities (i.e., instances of inconsistencies or non-compliance with ISO 9001 requirements) are found, the audited organization must correct the problems before an ISO 9001 certification can be issued.
Accredited registrars (also called accredited certification bodies) are certified under the ISO/IEC TS 17021 standard. Their assessment and certification is performed by a recognized accreditation board that confirms their competence, impartiality and capability in auditing and issuing a particular certification (in this case, ISO 9001 certification). The certification of a registrar is called accreditation.
Accreditation boards are often regulated by their national governments. In Europe, each member of the European Union must appoint a single national accreditation body (for example, UKAS in the United Kingdom). Outside the EU, there is not a set regulation. Australia and New Zealand have their Joint Accreditation System of Australia and New Zealand (JAS-ANZ), and the United States has multiple accreditation bodies (for example, ANAB, the ANSI-ASQ National Accreditation Board).
Auditors who work for an accredited registrar must follow the requirements of ISO 19011:2018: Guidelines for Auditing Management Systems and receive certification by the same accreditation board as the accredited registrar.
A word of caution
Beware of ISO 9001 certificates issued by unethical companies that lack accreditation. Some consultants and template vendors "guarantee" ISO 9001 certification and issue an "ISO 9001 certificate" that is not backed up by an accreditation board. Displaying such a "certificate" will likely backfire and portray its bearer as dishonest.
Typically, the revision year is appended to ISO 9001 in order to distinguish the different revisions. For example, ISO 9001:2015 certification, ISO 9001:2015 registration, and ISO 9001:2015 accreditation all clarify that we are talking about the most current revision, released in September 2015.
Read more about how to achieve ISO 9001 certification in our article on ISO 9001 implementation and certification.
ISO 9000 is actually an entire series of standards that includes the ISO 9000 Standard, the well-known ISO 9001 Standard and less-known ISO 9004 Standard. All three are published and periodically revised by the International Standards Organization.
The ISO 9000 standard, officially referred to as ISO 9000: Quality Management Systems - Fundamentals and Vocabulary is a supplemental document that defines the vocabulary used in ISO 9001 and ISO 9004. The actual ISO 9000 standard is relatively unknown and most people who say "ISO 9000" actually mean the ISO 9001 standard.
The ISO 9001 standard, officially referred to as ISO 9001: Quality Management Systems - Requirements, is the core component of the ISO 9000 standards series: it contains the requirements for a company's Quality Management System (QMS); these are the requirements against which a company (or any kind of organization) can get certified and receive ISO 9001 certification.
The ISO 9004 standard, which is officially referred to as ISO 9004: Quality Management - Quality of an Organization - Guidance to Achieve Sustained Success, contains optional guidelines to further extend the benefits of ISO 9001 to a wider range of interested parties, including society in general. ISO 9004 is little known and rarely used, probably because one cannot achieve certification against ISO 9004.
What about ISO 9002 and ISO 9003?
Both ISO 9002 and ISO 9003 are no longer in use. In the year 2000, the ISO 9001, ISO 9002 and ISO 9003 were all combined into ISO 9001. However, prior to the year 2000, companies achieved certification in either of the three standards.
Up until the year 2000, ISO 9001 was used by companies that engaged in design, development, production, installation and servicing. During that time, ISO 9001 was generally considered to be a quality standard specific to manufacturing companies.
The ISO 9002 standard was used until the year 2000 by companies engaged in production, installation and servicing but not in design and development activities. It was almost identical to ISO 9001 but didn't cover design and development activities. Even though the text of ISO 9002 appeared to apply only to manufacturing companies, the standard was intended to be used by manufacturing companies and service providers alike.
The ISO 9003 standard was used by companies that were involved in final inspection and testing but did not engage in design, development and production.
Merging the ISO 9001, ISO 9002 and ISO 9003 standards into a new ISO 9001:2000 created a single standard with comprehensive requirements. ISO 9001:2000 has since been revised twice – first in 2008, and most recently in 2015. Companies that are not engaged in certain activities, for example, design and development, use ISO 9001 and simply omit the requirements that don't apply to them.
Most people are unaware of the different members of the ISO 9000 family. Since the differences between the ISO 9001, ISO 9002 and ISO 9003 standards were purely technical, it was common to refer to any of them as "ISO 9000". Even now, with ISO 9001 being the only standard in the series to which certification is possible, many people still prefer to call it "ISO 9000".
The International Organization for Standardization (ISO) periodically reviews and revises the ISO 9001 standard. The year of the revision is appended as it is in the current ISO 9001:2015.
A new revision of ISO 9001 is published approximately every 7-8 years. Prior to publication, ISO's technical committee ISO/TC 176 reviews ISO 9001 to determine if a revision is required to keep it current and relevant for the marketplace. Until now, ISO/TC 176 has always found it necessary to publish a revision, even if the revision is rather insignificant (as it was with ISO 9001:2008).
1987: This is the year of the original publication of the ISO 9000 series of standards (ISO 9001, ISO 9002 and ISO 9003). In its early years, the ISO 9000 series was limited to the rather narrow perspective of quality assurance.
1994: The first revision to the ISO 9000 series of standards was released in 1994. It stressed the importance of preventive action. The 1994 revision still included the three standards ISO 9001, ISO 9002 and ISO 9003.
2000: The year 2000 revision introduced numerous important changes. The three "requirement standards" ISO 9001, ISO 9002 and ISO 9003 were merged into a new, comprehensive ISO 9001 that could be applied to any organization of any industry. The new ISO 9001:2000 also introduced a much broader concept of quality management. Improving customer satisfaction became one of the performance measurements. ISO 9001:2000 also introduced the process approach in which managers focus on the inputs and outputs of activities and their interrelation. The year 2000 revision also increased the required involvement of management in an attempt to move the standard away from being considered a documentation task of a staff member.
2008: The ISO 9001 revision in the year 2008 is the most insignificant revision of the ISO 9001 standard so far. It was almost identical to its predecessor, as changes were limited to vocabulary and clarification of existing requirements. No new requirements or concepts were introduced.
2015: The current revision of ISO 9001 was published in September 2015; it supersedes ISO 9001:2008 which is phased out by September 2018.
Several significant changes characterize ISO 9001:2015:
it places greater emphasis on leadership and further involves top management in several areas, including the new section on risk management; it also places more emphasis on communication and awareness, and contains numerous clarifications on objectives, measurement and change; it now contains less prescriptive requirements, allowing for more flexibility in implementation; lastly, it has been restructured to be better aligned with other ISO management standards.
During the first three years after release of a new revision, the old version remains valid and organizations are encouraged to upgrade their ISO 9001 Quality Management System as required After the transition period, old ISO 9001 certificates are no longer valid.
Read more about the changes of ISO 9001:2015 in our article on The latest revision: ISO 9001:2015.
ISO 9001 contains the requirements for a Quality Management System, organized into chapters or clauses. The requirements affect virtually all aspects of the company or organization – not just quality control functions.
Introductory chapters: Clauses 0-3 are introductory chapters and don't contain requirements.
Context of the organization: Clause 4 contains the requirements that address the context of the organization. The "context of the organization" is the business environment in which the company or organization operates. Also part of this section are the requirements for the scope of the QMS and the process approach. This section contains the requirements for the foundation of the organization's ISO 9001 Quality Management System.
Leadership: Clause 5 is all about the involvement of top management in the ISO 9001 Quality Management System and how it gets integrated into the operational processes of the company. This chapter also contains the requirements for the quality policy and for the person or persons responsible for the ISO 9001 QMS (typically referred to as ISO 9001 Management Representative).
Planning: Clause 6 focuses on strategic planning and risk-based thinking, a concept that refers to the methods used to evaluate risks and opportunities, and the actions based on the evaluation.
Support: Clause 7 sets the requirements for various support functions: providing and maintaining resources, competence of staff, training needs, communication channels and documentation. This chapter also includes requirements related to organizational knowledge.
Operation: Clause 8 sets the requirements for the processes needed to create the product or service. This is how the company's product or service is designed, created, tested, handled, shipped, etc. A small part of this clause addresses QC inspections.
Performance evaluation: Clause 9 is all about measuring and evaluating. This clause contains the requirements for metrics and key performance indicators, as well as internal audits and management reviews.
Improvement: Clause 10 requires companies to determine and identify opportunities for improvement. An important part is the corrective action process.
This brief overview of the ISO 9001:2015 requirements makes it clear how the ISO 9001 standard affects every employee and every part of the organization. While quality control has its part in ISO 9001 (a small part of clause 8 is dedicated to QC and inspections), the standard takes a vastly more inclusive view than just focusing on quality control inspections. The comprehensive ISO 9001 Quality Management System is designed to ensure that every part of the company or organization contributes to quality and improvement.
Read more about the ISO 9001:2015 requirements in our article on A summary of ISO 9001:2015.