More on ISO 9001:2015

This article includes the clause structure and common text planned for new and revised management system standards, such as ISO 9001 and ISO 14001.

Annex SL, Appendix 3, of ISO/IEC Directives, Part 1, “Consolidated ISO Supplement – Procedures specific to ISO”, proposes the high-level structure, identical core text, and common terms and core definitions for use in management systems standards.

The aim of the document is to align all management system “requirements” standards and enhance their compatibility. It is expected that individual management system standards will add additional “discipline-specific” requirements as required.

This approach to management system standards will increase the value of these standards to users. It will be particularly useful for organizations that choose to operate a single, integrated management system that meets the requirements of two or more management system standards.

I have included below the clause structure and common text for management systems. You can see the terms and definitions that I left out at this ISO web page.

Clause Structure and Common Text

Introduction
1. Scope
2. Normative references
3. Terms and definition

4. Context of the organization

4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its XXX management system.

4.2 Understanding the needs and expectations of interested parties

The organization shall determine

  • the interested parties that are relevant to the XXX management system, and
  • the requirements of these interested parties.

4.3 Determining the scope of the XXX management system

The organization shall determine the boundaries and applicability of the XXX management system to establish its scope.

When determining this scope, the organization shall consider

  • the external and internal issues referred to in 4.1, and
  • the requirements referred to in 4.2.

The scope shall be available as documented information.

4.4 XXX management system

The organization shall establish, implement, maintain and continually improve an XXX management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.

5. Leadership

5.1 Leadership and commitment

Top management shall demonstrate leadership and commitment with respect to the XXX management system by

  • ensuring that the XXX policy and XXX objectives are established and are compatible with the strategic direction of the organization
  • ensuring the integration of the XXX management system requirements into the organization’s business processes
  • ensuring that the resources needed for the XXX management system are available
  • communicating the importance of effective XXX management and of conforming to the XXX management system requirements
  • ensuring that the XXX management system achieves its intended outcome(s)
  • directing and supporting persons to contribute to the effectiveness of the XXX management system
  • promoting continual improvement
  • supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

NOTE: Reference to “business” in this International Standard should be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.

5.2 Policy

Top management shall establish a XXX policy that

  • is appropriate to the purpose of the organization
  • provides a framework for setting XXX objectives
  • includes a commitment to satisfy applicable requirements, and
  • includes a commitment to continual improvement of the XXX management system.

The XXX policy shall

  • be available as documented information
  • be communicated within the organization
  • be available to interested parties, as appropriate.

5.3 Organization roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.

Top management shall assign the responsibility and authority for:

a) ensuring that the XXX management system conforms to the requirements of this International Standard; and

b) reporting on the performance of the XXX management system to top management.

6. Planning

6.1 Actions to address risks and opportunities

When planning for the XXX management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to

  • assure the XXX management system can achieve its intended outcome(s)
  • prevent, or reduce, undesired effects
  • achieve continual improvement.

The organization shall plan:

a) actions to address these risks and opportunities, and

b) how to

  • integrate and implement the actions into its XXX management system processes
  • evaluate the effectiveness of these actions.

6.2 XXX objectives and planning to achieve them

The organization shall establish XXX objectives at relevant functions and levels. The XXX objectives shall

  • be consistent with the XXX policy
  • be measurable (if practicable)
  • take into account applicable requirements
  • be monitored
  • be communicated, and
  • be updated as appropriate.

The organization shall retain documented information on the XXX objectives. When planning how to achieve its XXX objectives, the organization shall determine

  • what will be done
  • what resources will be required
  • who will be responsible
  • when it will be completed
  • how the results will be evaluated.

7. Support

7.1 Resources

The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the XXX management system.

7.2 Competence

The organization shall

  • determine the necessary competence of person(s) doing work under its control that affects its XXX performance, and
  • ensure that these persons are competent on the basis of appropriate education, training, or experience;
  • where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken, and
  • retain appropriate documented information as evidence of competence.

NOTE: Applicable actions may include, for example: the provision of training to, the mentoring of, or the re-assignment of currently employed persons; or the hiring or contracting of competent persons.

7.3 Awareness

Persons doing work under the organization’s control shall be aware of

  • the XXX policy
  • their contribution to the effectiveness of the XXX management system, including the benefits of improved XXX performance
  • the implications of not conforming with the XXX management system requirements.

7.4 Communication

The organization shall determine the need for internal and external communications relevant to the XXX management system including

  • on what it will communicate
  • when to communicate
  • with whom to communicate.

7.5 Documented information

7.5.1 General
The organization’s XXX management system shall include

  • documented information required by this International Standard
  • documented information determined by the organization as being necessary for the effectiveness of the XXX management system.

NOTE: The extent of documented information for a XXX management system can differ from one organization to another due to

  • the size of organization and its type of activities, processes, products and services,
  • the complexity of processes and their interactions, and
  • the competence of persons.

7.5.2 Creating and updating
When creating and updating documented information the organization shall ensure appropriate

  • identification and description (e.g., a title, date, author, or reference number)
  • format (e.g., language, software version, graphics) and media (e.g., paper, electronic)
  • review and approval for suitability and adequacy.

7.5.3 Control of documented information
Documented information required by the XXX management system and by this International Standard shall be controlled to ensure

  • it is available and suitable for use, where and when it is needed
  • it is adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).

For the control of documented information, the organization shall address the following activities, as applicable

  • distribution, access, retrieval and use
  • storage and preservation, including preservation of legibility
  • control of changes (e.g., version control)
  • retention and disposition

Documented information of external origin determined by the organization to be necessary for the planning and operation of the XXX management system shall be identified as appropriate, and controlled.

NOTE: Access implies a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.

8. Operation

8.1 Operational planning and control

The organization shall plan, implement and control the processes needed to meet requirements, and to implement the actions determined in 6.1, by

  • establishing criteria for the processes
  • implementing control of the processes in accordance with the criteria
  • keeping documented information to the extent necessary to have confidence that the processes have been carried out as planned.

The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

The organization shall ensure that outsourced processes are controlled.

9. Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

The organization shall determine

  • what needs to be monitored and measured
  • the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results
  • when the monitoring and measuring shall be performed
  • when the results from monitoring and measurement shall be analysed and evaluated.

The organization shall retain appropriate documented information as evidence of the results.

The organization shall evaluate the XXX performance and the effectiveness of the XXX management system.

9.2 Internal audit

The organization shall conduct internal audits at planned intervals to provide information on whether the XXX management system;

a) conforms to

  • the organization’s own requirements for its XXX management system
  • the requirements of this International Standard;

b) is effectively implemented and maintained.

The organization shall:

a) plan, establish, implement and maintain an audit program(s), including the frequency, methods, responsibilities, planning requirements and reporting. The audit program(s) shall take into consideration the importance of the processes concerned and the results of previous audits;

b) define the audit criteria and scope for each audit;

c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;

d) ensure that the results of the audits are reported to relevant management, and

e) retain documented information as evidence of the implementation of the audit program and the audit results.

9.3 Management review

Top management shall review the organization’s XXX management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.

The management review shall include consideration of:

a) the status of actions from previous management reviews;

b) changes in external and internal issues that are relevant to the XXX management system;

c) information on the XXX performance, including trends in:

  • nonconformities and corrective actions
  • monitoring and measurement results, and
  • audit results;

d) opportunities for continual improvement.

The outputs of the management review shall include decisions related to continual improvement opportunities and any need for changes to the XXX management system. The organization shall retain documented information as evidence of the results of management reviews.

10. Improvement

10.1 Nonconformity and corrective action

When a nonconformity occurs, the organization shall:

a) react to the nonconformity, and as applicable

  • take action to control and correct it, and
  • deal with the consequences;

b) evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by

  • reviewing the nonconformity
  • determining the causes of the nonconformity, and
  • determining if similar nonconformities exist, or could potentially occur;

c) implement any action needed;

d) review the effectiveness of any corrective action taken; and

e) make changes to the XXX management system, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered.

The organization shall retain documented information as evidence of

  • the nature of the nonconformities and any subsequent actions taken, and
  • the results of any corrective action.

10.2 Continual improvement

The organization shall continually improve the suitability, adequacy and effectiveness of the XXX management system.