Introduction

0.1 General
Adopting a quality management system is a strategic decision that can help to improve overall
performance and provide a sound basis for sustainable development initiatives. This
International Standard employs the process approach, which incorporates the Plan-Do-Check-
Act (PDCA) cycle and risk-based thinking.
0.2 Quality management principles
This International Standard is based on the ISO 9000 quality management standards.
The explanations provide a summary of each principle, a justification for its
significance to the organization, some examples of advantages related to the principle,
and examples of usual measures to raise the performance of the organization. The
quality management principles are:

1. customer focus;
2. leadership;
3. engagement of people;
4. process approach;
5. improvement;
6. evidence-based decision making
7. relationship management
0.3 Process approach
0.3.1 General
The process approach involves the systematic definition and management of processes, and their
interactions, so as to achieve the intended results in accordance with the quality policy and strategic
direction of the organization. This approach enables the organization to control the interrelationships
and interdependencies among the processes of the system. The process approach involves the systematic
definition and management of processes, and their interactions, so as to achieve the intended results in
accordance with the quality policy and strategic direction of the organization. Management of the processes
and the system as a whole can be achieved using the PDCA cycle with an overall focus on risk-based thinking
(see 0.3.3) aimed at taking advantage of opportunities and preventing undesirable results.

The application of the process approach in a quality management system enables:

a) understanding and consistency in meeting requirements;
b) the consideration of processes in terms of added value;
c) the achievement of effective process performance;
d) Improvement of processes based on evaluation of data and information.

0.3.2 Plan-Do-Check-Act cycle

The PDCA cycle can be briefly described as follows:

1 Plan: establish the objectives of the system and its processes, and the resources needed to
deliver results in accordance with customers’ requirements and the organization’s policies,
and identify and address risks and opportunities;

2 Do: implement what was planned;

3 Check: monitor and (where applicable) measure processes and the resulting products and
services against policies, objectives, requirements and planned activities, and report the results;

4 Act: take actions to improve performance, as necessary.

0.3.3 Risk based thinking
For a quality management system to be successful, risk-based thinking is crucial. Taking preventive
action to eliminate potential nonconformities, analyzing any nonconformities that do occur, and
taking action to prevent recurrence that is appropriate for the effects of the nonconformity are just a
few examples of how the idea of risk-based thinking has been incorporated into earlier iterations of
this International Standard.
An organization must prepare and put into effect activities to manage risks and opportunities if it
wants to comply with the standards of this International Standard. Addressing both risks and
opportunities creates a foundation for the quality management system's increased efficacy, leading to
better outcomes and preventing unfavorable effects.
0.4 Relationship with management base standard
To promote alignment among its International Standards for management systems, ISO established
a framework, which is applied in this International Standard.
This International Standard enables an organization to align or integrate its quality management
system with the needs of other management system standards by using the process approach, the
PDCA cycle, and risk-based thinking..

Quality management systems — Requirements

Scope

This International Standard is intended to be applicable to any organization, regardless of its type or
size, or the products and services it provides. The terms "product" and "service" in this International
Standard only apply to goods and services intended for, or required by, a customer.

2. Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
3. Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9000:2015 apply.
4. Context of the organization

4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose
and its strategic direction and that affect its ability to achieve the intended result(s) of its quality
management system.
The organization shall monitor and review information about these external and internal issues.

4.2 Understanding the needs and expectations of interested parties

Numerous factors, including but not limited to the presence of interested parties and their potential
impact on the organization's quality management system, can affect an organization's capacity to
consistently deliver goods and services that satisfy customers and relevant legal and regulatory
requirements.

4.3 Determining the scope of the quality management system

The organization will decide what the quality management system's scope is before implementing it.
The scope must specify the categories of goods and services that are included and justify any
requirement of this International Standard that the organization decides does not apply to its intended
use. Only if it has no impact on an organization's capacity or duty to ensure the improvement of
customer satisfaction may this International Standard be claimed.
A company may only assert compliance with this international standard if the standards that were fou
nd to be inapplicable have no bearing on its capacity to ensure the conformity of its goods and servic
es and the improvement of customer satisfaction.
4.4 Quality management system and its processes
An organisation must establish, put into practise, maintain, and constantly improve a quality manage
ment system in accordance with the guidelines of this international standard. The business must deci
de on the procedures required for such a system, as well as the standards and techniques required to g
uarantee the efficient execution and management of these procedures. The organization shall
determine the processes needed for the quality management system and their application throughout
the organization, and shall determine the inputs required and the outputs expected from these
processes, determine the sequence and interaction of these processes, determine and apply the
criteria and methods (including monitoring, measurements and related performance indicators)
needed to ensure the effective operation and control of these processes, determine the resources
needed for these processes and ensure their availability,assign the responsibilities and authorities for
these processes, address the risks and opportunities as determined in accordance with the
requirements .

5. Leadership

5.1 Leadership and commitment

5.1.1 General
Top management must take responsibility for the quality management system's effectiveness and
ensure that its quality policy and goals are compatible with the organization's context and strategic
direction. They must also ensure that the requirements of the quality management system are
integrated into the organization's operational procedures.
5.1.2 Customer focus
By ensuring that customer and applicable legal and regulatory requirements are identified,
comprehended, and consistently met, the risks and opportunities that can affect product and service
conformity and the capacity to increase customer satisfaction are identified and addressed, and the
focus on enhancing customer satisfaction is maintained, top management must demonstrate
leadership and commitment with respect to a customer focus.

5.2 Policy

5.2.1 Establishing the quality policy

A quality policy that supports the organization's strategic direction, is appropriate to the
organization's purpose and context, and provides a framework for setting quality objectives is
required to be established, implemented, and maintained by top management. The policy must also
include a commitment to meeting all applicable requirements and to the ongoing improvement of the
quality management system.

5.2.2 communicating quality policy

The quality policy must be available, kept up to date, and maintained as documented information. It
must also be shared, understood, and applied within the company and made available, as necessary,
to relevant interested parties.
5.2.3 Organizational roles, responsibilities and authorities
Top management is responsible for ensuring that roles with related responsibilities and authorities
are assigned, communicated, and understood throughout the organization. Top management shall be
given the responsibility and authority for assuring that the quality management system complies with
the requirements of this International Standard, that the processes are producing the intended results,
that top management receives reports on the quality management system's performance and on
opportunities for improvement, and that the integrity of the system is maintained.
6. Planning

6.1 Actions to address risks and opportunities

6.1.1
To ensure that the quality management system can achieve its intended result, to enhance desirable
effects, prevent or reduce undesired effects, and achieve improvement, the organisation must take
into account the issues and requirements mentioned in the plan as well as the risks and opportunities
that must be addressed.
6.1.2
The company must determine how to take action to address these risks and opportunities, as well as
how to incorporate those activities into the processes of its quality management system and assess
their efficacy. The response to risks and opportunities must be appropriate to the likelihood that it
will affect the conformance of goods and services.
6.2 Quality objectives and planning to achieve to
The organization must set quality goals for all pertinent roles, levels, and procedures
required by the quality management system. The quality objectives must be related to the
conformity of goods and services and the improvement of customer satisfaction, be
measurable, take into consideration applicable requirements, be monitored, communicated,
and updated as necessary. The organization is required to keep records on the quality targets.
The organization must decide what will be done, what resources will be needed, who will be
responsible, when it will be finished, and how the outcomes will be evaluated when planning
how to attain its quality objectives.
6.3Planning of changes
Changes to the quality management system must be implemented in a planned manner when the
organisation decides they are necessary. The company must take into account the changes' intended
use and any potential repercussions, the integrity of the quality management system, the availability
of resources, and the division or reallocation of duties and powers.

7. Support
7.1 Resources
7.1.1 General
The company is responsible for determining the resources required for the creation,
implementation, upkeep, and ongoing improvement of the quality management system. When
deciding what needs to be received from outside sources, the organization must take into
account the limitations and capabilities of its current internal resources.
7.1.2 People
The organization must decide who will be needed for the efficient operation of its operations and the
application of its quality management system.

7.1.3 Infrastructure
The organization is responsible for deciding, providing, and maintaining the infrastructure
required for the execution of its operations and the achievement of product and service
compliance.
7.1.4 Environment for the operation of processes
The firm must choose, create, and maintain the environment required for its operations to run
smoothly and for its services and products to be compliant.

7.1.5 Monitoring and measuring resources

7.1.5.1 General
When monitoring or measuring is used to check whether goods and services adhere to specifications,
the company must decide what resources are required and make them available.
The organization is responsible for ensuring that the resources are maintained to ensure their
continued suitability for the type of monitoring and measurement activities being done.
The company must keep the necessary records as proof that the monitoring and measurement
resources are fit for their intended use.
7.1.5.2 Measurement traceability
Measurement equipment must be calibrated or verified, or both, against measurement standards
traceable to international or national measurement standards at specified intervals or prior to use
when measurement traceability is required or is thought by the organization to be a crucial
component of ensuring confidence in the validity of measurement results. If such standards are not
available, the basis used for calibration or verification must be kept as a record. When measuring
equipment is found to be inappropriate for its intended purpose, the organization must assess if the
validity of earlier measurement data has been negatively impacted and must take appropriate action.
7.1.6 Organizational knowledge
The organization must ascertain the knowledge required for the efficiency of its procedures and
the attainment of product and service compliance. This information must be kept up to date and
made available as needed. The company must take into account its current knowledge while
responding to shifting demands and trends and decide how to obtain or acquire any extra
knowledge that may be required. inside sources capture and sharing of undocumented information
and experience; the outcomes of changes in procedures, goods, and services); knowledge obtained
through experience; lessons learnt from unsuccessful and successful projects;.
7.2 Competence
In order to ensure that the performance and effectiveness of the quality management system are not
negatively impacted, the organization must identify the person(s) performing work under its control
who require the necessary competence, confirm that these individuals are competent based on the
necessary education, training, or experience, as applicable, take the necessary steps to acquire the
necessary competence, and assess the success of those steps. Keep the relevant, documented
information as proof of your expertise.
7.3 Awareness
The firm must make sure that anybody working for it is aware of its quality policy, pertinent quality
objectives, and contribution to the efficiency of the quality management system, including the
advantages of increased performance and the repercussions of not adhering to its criteria.
7.4 Communication
The organization must decide how and with whom to communicate internally and externally in
relation to the quality management system, as well as what information should be shared when and
with whom.
7.5 Documented information
Documented information judged by the organization to be required for the effectiveness of the
quality management system must be included in the organization's quality management system in
addition to the documentation required by this International Standard.

7.5.1 General
7.5.2 Creating and updating
The organization must provide proper identification and description (such as a title, date, author, or
reference number), format (such as language, software version, graphics), and media (such as paper,
electronic) while developing and updating documented material. Evaluation and approval for
appropriateness and sufficiency.
7.5.3 Control of documented information
 7.5.3.1

Information that must be documented in order to comply with this International

Standard and the quality management system must be controlled to ensure that it is
accessible, fit for use, and adequately secured when needed (e.g. from loss of
confidentiality, improper use, or loss of integrity).
7.5.3.2
The following actions must be addressed by the organization for the control of
documented information: dissemination, access, retrieval, and use; storage and
preservation, including legibility preservation; control of changes (such as version
control), retention, and disposition. The organization shall identify as appropriate and
handle any documented information of external provenance that it deems important for
the development and operation of the quality management system. Documented
information kept as proof of compliance must be shielded from unauthorized changes..
8 Operation

8.1 Operational planning and control

By identifying the needs for the products and services, the organization will be able to plan, carry
out, and manage the processes necessary to fulfil the act's requirements for the provision of goods
and services. Creating standards for: procedures, product and service acceptance identifying the
resources required to fulfil the needs for the product and service

8.2Requirements for products and services

8.2.1 Customer communication

In order to communicate with customers, you must share information about your products and
services. Processing client input regarding products and services, including customer
complaints, handling or controlling customer property, and when applicable, defining
particular rules for contingency actions.
8.2.2 Determining the requirements for products and services
The organization must make sure that the requirements for the products and services are
defined, including any applicable statutory and regulatory requirements, those that the
organization deems necessary, and those that will allow it to fulfil the claims it makes for the
goods and services it provides.
8.2.3 Review of the requirements for products and services

The company must make sure that it can provide clients with products and services that match the
standards. Before agreeing to provide goods and services to a customer, the organization shall
review a number of factors, including: requirements specified by the customer, including those for
delivery and follow-up tasks; requirements not stated by the customer but necessary for the
intended use; requirements specified by the organization; statutory and regulatory requirements
applicable to the goods and services; contract or order requirement.
The company must see to it that any contract or order criteria that diverge from those that have
already been established are met. If the customer does not offer a written declaration of their
requirements, the organization must verify those criteria before accepting the order.
8.2.3.2
If relevant, the organization must keep records of the review's findings and any
additional specifications for its goods and services.
8.2.4 Changes to requirements for products and services
The organization must make sure that relevant paperwork is updated and that the necessary
parties are informed of the new requirements when the requirements for goods and services
change.

8.3 Design and development of products and services

8.3.1 General
A design and development process that is appropriate to ensure the subsequent provision of
products and services must be established, implemented, and maintained by the
organization.

8.3.2 Design and development planning

The organization must take into account the nature, length, and complexity of the
design and development activities as well as the necessary process stages, applicable
design and development reviews, necessary design and development verification and
validation activities, and the roles and authorities involved in the design and
development process when deciding on the stages and controls for design and
development. the requirements for both internal and external resources in product and
service development the requirements for the provision of products and services later
on, the level of control expected for the design and development process by customers
and other relevant interested parties, the need to control interfaces between people
involved in the design and development process, the necessity of involving customers
and users in the design and development process, and more.
8.3.1 Design and development inputs
The organization is responsible for determining the prerequisites needed to design and
develop a given sort of product or service. The company must take functional and
performance needs into account. Information derived from prior similar design and
development activities, such as statutory and regulatory requirements, standards or codes of
practice that the organization has agreed to implement, potential failure outcomes due to the
nature of the products and services, and potential consequences of failure. The inputs must be
sufficient, comprehensive, and clear for design and development objectives. Resolution of
conflicting design and development inputs is required. The company must keep records of the
inputs used in design and development.
8.3.2 Design and development controls
The company will implement controls to the design and development process to make
sure that the intended outcomes are clear. Reviews are conducted to assess whether the
design and development outputs are capable of meeting requirements, verification
activities are carried out to make sure that they are, and validation activities are carried
out to assess whether the resulting products and services are capable of meeting
requirements for the application or intended use. Any necessary actions are then taken
in response to issues identified during the reviews, verification activities, or reviews
themselves.
8.3.3 Design and development outputs
The organization must make sure that design and development outputs are adequate for the
subsequent processes for the provision of products and services, including or referencing
monitoring and measuring requirements and acceptance criteria. These criteria must specify
the qualities of the products and services that are crucial for their intended use and the safe
and proper provision of those products and services. The organization must keep records of
the results of design and development.
8.3.4 Design and development changes

To the degree required to guarantee that there is no negative impact on conformity to

requirements, the organization shall identify, review, and regulate changes made during or
after the design and development of products and services. The organization must keep
records of design and development changes, evaluations, and other information

8.4 control of externally provided processes, products and services

8.3.5 General
The organization must guarantee that all procedures, goods, and services obtained from
outside sources adhere to specifications. When one of the following situations arises: a
process, or a portion of a process, is provided by an external provider as a result of a decision
by the organization; products and services from external providers are intended for
incorporation into the organization's own products and services; products and services are
provided directly to customers by external providers on behalf of the organization.
Based on their capacity to deliver processes, goods, and services that meet needs, the
company shall decide on criteria for the evaluation, selection, performance monitoring, and
reevaluation of external providers. The organization must keep records of these activities and
any subsequent actions resulting from evaluations.
8.3.6 Type and extent of control
The business must make sure that its capacity to consistently serve its consumers with
compliant goods and services is not adversely impacted by processes, goods, or services that
are provided by third parties. The organization must: ensure that externally provided
processes remain under the control of its quality management system; define both the
controls it intends to apply to an external provider and those it intends to apply to the
resulting output; and consider any potential effects that the externally provided processes,
products, and services may have on the organization's ability to consistently meet customer
and applicable statutory and regulatory requirements. Determine the verification or other
activities required to guarantee that the processes, products, and services delivered externally
meet standards..

8.3.7 Information for external providers

Prior to communicating the criteria to the external provider, the company must confirm that
they are adequate.

8.4. Production and service provision

8.3.8 Control of production and service provision

Production and service delivery must be carried out by the organization under strict
controls. The availability of documented information that defines the characteristics of
the goods to be produced, the services to be rendered, or the activities to be carried out,
the results to be achieved, the availability and use of suitable monitoring and measuring
resources, the implementation of monitoring and measurement activities at appropriate
stages to verify that criteria for control of processes or outputs, and acceptance and the
implementation of actions to prevent human error, the implementation of release,
delivery, and post-delivery activities, and the ability to achieve planned results of the
processes for production and service provision where the resulting output cannot be
verified by subsequent monitoring or measurement.
8.3.9 Identification and traceability
When it is important to ensure the conformance of products and services, the organization
shall utilize appropriate measures to identify outputs. Throughout the course of production
and service supply, the organization must determine the status of outputs in relation to the
monitoring and measurement needs. When traceability is required, the organization must be
in charge of the outputs' distinctive identity and must keep the documentation required to
support traceability.
8.5.2 Property belonging to customers or external providers
When it comes to property owned by clients or third parties that is in the organization's
possession or being utilized by the organization, the organization must take reasonable
care.In order to use or incorporate customer or external provider property into its products
and services, the organization must identify, confirm, protect, and secure that
property.When a customer's or third party provider's property is stolen, destroyed, or
otherwise deemed unusable, the organization must notify the customer or third party
provider and keep records of what happened..

8.3.10 Preservation
In order to ensure that the outputs are in compliance with the standards, the organization must
protect them during production and service delivery
8.3.11 Post-delivery activities
The company must adhere to regulations regarding the products and services' post-delivery
activities. The organization must take into account statutory and regulatory requirements,
potential unintended consequences associated with its products and services, the nature, use,
and intended lifetime of those products and services, customer requirements, and customer
feedback when determining the scope of post-delivery activities that are necessary.
8.3.12 Control of changes
The organization shall review and control changes for production or service provision, to the
extent necessary to ensure continuing conformity with requirements.
The organization shall retain documented information describing the results of the review of
changes, the person(s) authorizing the change, and any necessary actions arising from the
review.
8.4 Release of products and services
The company must put planned measures into action at the proper times to ensure that the
requirements for the goods / service have been met. If a relevant authority and, where
appropriate, the customer do not agree otherwise, the delivery of products and services to a
customer shall not begin until the intended arrangements have indeed been satisfactorily
accomplished.

8.5 Control of nonconforming outputs

8.5.1
In order to prevent their unplanned use or delivery, the organization must make sure that
outputs that do not meet their specifications are identified and controlled. Depending on the
type of nonconformity and how it affects the conformity of goods and services, the
organization must take the proper response. This also applies to nonconforming goods and
services found following delivery of the goods or during or following service provision.
8.5.2
In reaction to nonconforming outputs, the business must take any or all of the following
steps: rectification, separation, confinement, returning or suspending the provision of
products and services, notifying the customer, and requesting authorization for accepting
under a license. Checking for compliance is necessary when non binary outputs are corrected.
In response to nonconforming outputs, the corporation must do one or more of the following:
correct, segregate, contain, return or suspend the provision of products and services, notify
the customer, and get authorization for adoption under a concession. Checking for conformity
with the standards is necessary when nonconforming outputs are fixed. The organization is
required to keep records describing the nonconformity. Explains the activities done, any
concessions achieved, the authority making the decision, and the actions taken.

9. Performance evaluation

9.1Monitoring, measurement, analysis and evaluation

9.1.1 General

9.1.1 Customer satisfaction

The company will keep track of how satisfied clients feel their demands and expectations
have been met. The organization will choose the procedures for gathering, observing, and
analyzing this data.
9.1.2 Analysis and evaluation
The company must analyses and assess the pertinent data and information gathered through
monitoring and measurement. the degree of customer satisfaction, the performance and
effectiveness of the quality management system, whether planning has been implemented
effectively, the effectiveness of actions taken to address risks and opportunities, the
performance of external providers, and the need for improvements to the quality management
system will all be evaluated using the analysis' findings.

9.1 Internal audit

9.1.1
The organization shall conduct internal audits at planned intervals to
provide information on whether the quality management system conforms to
the organization’s own requirements for its quality management system, the
requirements of this International Standard, is effectively implemented and
maintained.

9.1.2
The organization shall plan, establish, implement and maintain an audit
programmer(s) including the frequency, methods, responsibilities, planning
requirements and reporting, which shall take into consideration the importance
of the processes concerned, changes affecting the organization, and the results
of previous audits define the audit criteria and scope for each audit select
auditors and conduct audits to ensure objectivity and the impartiality of the
audit process ,ensure that the results of the audits are reported to relevant
management ,take appropriate correction and corrective actions without undue
delay.
9.2Management review

9.2.1 General
At predetermined periods, top management must assess the organization's quality
management system to guarantee its continued applicability, sufficiency, effectiveness, and
alignment with the organization's strategic direction.
9.2.2 Management review inputs
Planning and carrying out the management review shall take into account the status of actions
from previous management reviews, changes in external and internal issues that are relevant
to the quality management system, information on the performance and effectiveness of the
quality management system, including trends in, customer satisfaction and feedback from
relevant interested parties, the extent to which quality objectives have been met, and process
performance.
9.2.3 Management review outputs
Decisions and actions about potential for improvement, any changes that may be required to
the quality management system, and resource requirements are among the outcomes of the
management review. The organization must keep records as proof of the outcomes of
management reviews.
 10.Improvement

10.1 General

10.2 Nonconformity and corrective action

10.2.1
When a nonconformity arises, including any that results from complaints, the
organization must respond to the nonconformity and, where necessary, take action to
control and correct it, deal with the consequences, and assess the need for action to
eliminate the cause(s) of the nonconformity, so that it does not recur or occur
elsewhere. This involves reviewing and analyzing the nonconformity, figuring out what
caused it, and determining whether or not similar nonconformities already exist or
could arise.

10.2.2
The organization must keep records that detail the nonconformities, any corrective measures
that were implemented, the nature of those actions, and their outcomes.

10.3 Continual improvement

The organization must constantly increase the quality management system's
suitability, sufficiency, and effectiveness. In order to decide whether there are needs
or opportunities that should be addressed as part of ongoing improvement, the
organization shall take into account the findings of analysis and evaluation as well as
the outputs from management review.
 Clause by Clause Comparison

ISO 9001: 2015 ISO 9001:2008 Discussion

4  Context of the 1.0  Scope
organization
4.1  Understanding New clause Organizations must determine the external
the organization and and internal issues that affect its purpose
its context and strategic direction as well as relevant
interested parties and their requirements.
4.2  Understanding New clause Relevant interested parties and their
the needs and requirements must be determined and this
expectations of information is to be monitored and
interested parties reviewed.
4.3  Determining the 1.2  Application There is no longer a requirement for the
scope of the quality 4.2.2 Quality manual Quality Manual. Determining and
management system describing the QMS scope is still
necessary.
4.4  Quality 4  Quality management This criterion still exists, but it has been
management system system updated to cover risks, opportunities, and
and its processes 4.1     General granting of process authority.
requirements
5  Leadership 5  Management
responsibility
5.1  Leadership and 5.1  Management
commitment commitment
5.1.1  Leadership and 5.1  Management According to the 2015 revision, top
commitment for the commitment management must take responsibility for
quality management the QMS' efficiency and integration with
system the company's operational procedures as
well as for ensuring that the quality policy
and objectives are appropriate given the
organization's situation and strategic
goals.
5.1.2  Customer focus 5.2  Customer focus The 2015 version addresses statutory and
regulatory obligations in addition to
including services (along with products).
5.2  Quality policy 5.3  Quality policy The quality policy needs to be compatible
with the organization's goals, strategic
direction, and environment.
5.3  Organizational 5.5.1  Responsibility The 2015 version requires top
roles, responsibilities and authority management to assign responsibility and
and authorities 5.5.2 Management authority for ensuring process are
representative delivering their intended outputs.
6 Planning for the 5.4.2  Quality
quality management management system
system planning
6.1  Actions to 5.4.2  Quality Risks and opportunities have replaced
address risks and management system preventative action..
opportunities planning 8.5.3
Preventive action
6.2  Quality 5.4.1  Quality quality goals must be watched. Planning
objectives and objectives the organization's strategy for achieving
planning to achieve its goals has extra needs.
them
6.3  Planning of 5.4.2  Quality
changes management system
planning
7  Support 6  Resource
management
7.1  Resources 6  Resource
management
7.1.1  General 6.1  Provision of
resources
7.1.2  People 6.1  Provision of
resources
7.1.3  Infrastructure 6.3  Infrastructure
7.1.4  Environment 6.4  Work environment
for the operation of
processes
7.1.5  Monitoring and 7.6  Control of
measuring resources monitoring and
measuring equipment
7.1.6  Organizational 6.2.2 Competence, The 2015 edition distinguishes between
knowledge training and awareness generic training or competency and
knowledge particular to the organization.
7.2  Competence 6.2.2 Competence, Competence clause separated for clarity
training and awareness and focus.
7.3  Awareness 6.2.2  Competence, Separating the awareness clause improves
training and awareness clarity and attention.
7.4  Communication 5.5.3  Internal In the 2015 revision, communication was
communication enlarged to include perpetual
communication.
7.5  Documented 4.2  Documentation The term "documented information" is
information requirements now used to describe documents and
records. When the words "retain" or
"keep" are employed, they both relate to
records and documents, respectively.
7.5.1  General 4.2.1  General
7.5.2  Creating and 4.2.3  Control of
updating documents
4.2.4 Control of
records
7.5.3  Control of 4.2.3  Control of New requirement to review records from
documented documents unintended alterations.
Information 4.2.4 Control of
records
8  Operation 7  Product realization
8.1  Operational 7.1  Planning of Reviewing the implications of
planning and control product realization unintentional modifications and taking
steps to lessen any negative effects are
now requirements.
8.2  Determination of 7.2  Customer-related
requirements for processes
products and services
8.2.1  Customer 7.2.3  Customer
communication communication
8.2.2  Determination 7.2.1  Determination of
of requirements requirements related to
related to products the product
and services
8.2.3  Review of 7.2.2  Review of
requirements related requirements related to
to the products and the product
services
8.3  Design and 7.3  Design and
development of development
products and services
8.3.1  General New clause Create, put into practise, and keep up a
design and development process that is
suitable for your firm..
8.3.2  Design and 7.3.1  Design and Organizations now have to take into
development planning development planning account the requirement for user and
consumer input during the design and
development process.
8.3.3  Design and 7.3.2  Design and
development Inputs development inputs
8.3.4  Design and 7.3.4  Design and
development controls development review
7.3.5   Design and
development
verification
7.3.6  Design and
development
validation
8.3.5  Design and 7.3.3  Design and
development outputs development outputs
8.3.6  Design and 7.3.7  Control of
development changes design and
development changes
8.4  Control of 7.4.1  Purchasing
externally provided process
products and services
8.4.1  General 7.4.1  Purchasing
process
8.4.2  Type and extent 7.4.1  Purchasing
of control of external process
provision 7.4.3 Verification of
purchased product
8.4.3  Information for 7.4.2  Purchasing
external providers information
8.5  Production and 7.5  Production and
service provision service provision
8.5.1  Control of 7.5.1  Control of
production and production and service
service provision provision
8.5.2  Identification 7.5.3  Identification
and traceability and traceability
8.5.3  Property 7.5.4  Customer Expands specifications for property
belonging to property owned by outside sources (as well as
customers or external customers).
providers
8.5.4  Preservation 7.5.5  Preservation of
product
8.5.5  Post-delivery 7.5.1  Control of The revised standard creates a separate
activities production and service sub-clause for post-delivery operations.
provision

8.5.6  Control of 7.3.7  Control of

changes design and
development changes
8.6  Release of 8.2.4  Monitoring and
products and services measurement of
processes 7.4.3
Verification of
purchased product
8.7  Control of 8.3  Control of
nonconforming nonconforming
process outputs, product
products and services
9  Performance 8  Measurement,  
evaluation analysis and
improvement
9.1  Monitoring, 8.2  Monitoring and
measurement, measurement
analysis and
evaluation
9.1.1  General 8.1  General
 9.1.2  Customer 8.2.1  Customer
satisfaction satisfaction
9.1.3  Analysis and 8.4  Analysis of data
evaluation
9.2  Internal audit 8.2.2  Internal audit Internal auditing is not mandated under
the new standard, but an internal audit
program must be implemented.
9.3  Management 5.6  Management The QMS is now evaluated as part of
review review management evaluations to ensure
alignment with the organization's strategic
direction. The extent to which quality
objectives have been accomplished, as
well as adjustments to internal and
external issues, must also be included in
the review inputs..
10   Improvement 8.5  Improvement
10.1  General 8.5.1  Continual
improvement
10.2  Nonconformity 8.3  Control of a new duty to update risks and
and corrective action nonconforming opportunities and analyses the success of
product 8.5.2 corrective actions.
Corrective action
10.3  Continual 8.5.1  Continual
Improvement improvement

Implementation of ISO 2015

The international standard SO 9001 outlines the ideal QMS procedures (quality management
system). It includes seven guiding principles that support organizations’ monitoring,
regulation, and performance and service benchmarking efforts. Adopting a QMS is a difficult
task that requires you to reconsider your company's operations and your strategic objectives.
However, there are many advantages, from expanding your business options to enhancing
your capacity to provide high-quality goods and services. In this blog, we describe how you
may use our 7-step program to become one of the more than one million organizations that
have previously achieved ISO 9001 certification.
1. Familiarize yourself with the ISO 9001 standard
Your first task should be to read copies of the ISO 9000 and ISO 9001 standards and
familiarize yourself with their key concepts.
ISO 9000 provides an overview of the family of standards that includes ISO 9001 and ISO
9004. Meanwhile, ISO 9001 contains the requirements that must be met to achieve
compliance.

Reading both standards will help you understand both the broad objectives of quality
management and the specific actions that you must take to achieve compliance.
 2. Secure senior management buy-in
Once you have a grasp of how ISO 9001 operates and how it might benefit your
business, you should ask the board for permission to put it into practice. Due to the
size of the implementation project, you will need both time and resources to finish the
job, which can only be done with top management's assistance. Always be sure to
describe ISO 9001's goals and the advantages it will provide when discussing it. You
can then develop a suggested implementation plan, a timetable, and an estimated
spending plan. A quality manager or management representative should also be chosen
to direct the project. This could be a senior-level full-time worker with extensive
knowledge of your company.
3. Create an implementation team
The quality manager will require a team to assist them in putting ISO 9001's criteria
into practice. To oversee the transition to your QMS, your organization must choose
pertinent managers from several business sectors.
4. Establish new roles and responsibilities
There should be personnel in charge of quality management duties such as audits,
record upkeep, and management reviews in every area inside your company. These
could be managers from your implementation team or new employees to whom tasks
have been assigned, depending on the size of your organization.
5. Conduct a gap analysis of your current management system
A gap analysis is a process in which organizations review the effectiveness of their
current practices and identify what improvements are necessary to achieve compliance. For
organizations seeking advice creating a gap analysis, there are a variety of tools that can help.
IT Governance’s ISO 9001 Gap Analysis Tool is designed specifically for those tackling the
project for the first time. The self-assessment tool provides a clear, color-coded report on the
general state of ISO 9001 compliance.

6. Create your documentation

The papers for your QMS must be written as the next phase. The quality manual,
which gives a high-level overview of your goals and objectives, comes first. You
should describe your quality policy and the operation of your QMS. This contains
explanations of the interactions between the processes in your system. Procedure
documents should be used in conjunction with the quality manual. These describe each
particular business procedure in depth. You should describe each process's design and
control, as well as the checks that are made to make sure they function as intended.
After that, you should draught work instructions that detail the rules that staff members
must abide by when doing organizational responsibilities.
Finally, you must document forms and records. These are used for collecting
information about how the QMS is operates and whether it remains ISO 9001-
compliant.
7. Involve employees and conduct regular staff training
you must conduct an introduction training session for the pertinent personnel
before implementing your QMS. This makes sure that everyone who uses the
system knows how it functions and what is expected of them. Additionally, it
offers you the chance to address any knowledge gaps that need more attention
and respond to any queries that employees may have. However, employee
engagement shouldn't end here. To assist you in identifying areas for
improvement, you should encourage personnel to voice any complaints they may
have regarding the QMS. Additional awareness training, team evaluations, and
specific feedback sessions should all be part of this.