ISO 9001:2015 FAQs

If you have questions about the new ISO 9001:2015 revision, they may have been answered in the list of Frequently Asked Questions at the ISO Technical Committee 176 web site:

1. Why has it been decided to issue a new version of ISO 9001?

Business needs and expectations have changed significantly since the last major revision of ISO 9001 in the year 2000. Examples of these changes are ever more demanding customers, the emergence of new technologies, increasingly more complex supply chains, and a much greater awareness of the need for sustainable development initiatives.

2. Does ISO 9001 still apply to all organizations – big, small, different sectors and different items – products, services?

The concept of the standard has not changed; it’s applicable to any type of organization, regardless of the size, type, or its core business.

3. How has the structure of the standard changed?

The structure has been changed to align with the common 10-clause high level structure developed by ISO to ensure greater harmonization among its many different management system standards. The new revision to ISO 14001 will also adopt this same structure, which is built around the PDCA (Plan-Do-Check-Act) sequence.

All ISO management system standards are now required to adopt this structure. This will make it easier for organizations to address the requirements of more than one ISO Management System Standard within a single, integrated system.

4. What are the main differences in content between the old and new version?

  • Adoption of the high level structure as set out in Annex SL of ISO Directives Part 1
  • An explicit requirement for risk-based thinking to support and improve the understanding and application of the process approach
  • Fewer prescriptive requirements
  • More flexibility regarding documentation
  • Improved applicability for services
  • A requirement to define the boundaries of the QMS
  • Increased emphasis on organizational context
  • Increased leadership requirements
  • Greater emphasis on achieving desired process results to improve customer satisfaction

5. How have the documentation requirements changed?

Specific documented procedures are no longer mentioned. It is the responsibility of the organization to maintain documented information to support the operation of its processes and to retain the documented information necessary to have confidence that the processes are being carried out as planned. The extent of the documentation that is needed will depend on the business context.

6. The standard does not mention a quality manual. Is it still required?

A quality manual is no longer specifically required. The new standard requires the organization to maintain documented information necessary for the effectiveness of the quality management system (QMS). There are many ways to do this and a quality manual is just one. If it is convenient and appropriate for an organization to continue to describe its quality management system in a quality manual then that is perfectly acceptable.

7. Why has management review been moved to performance evaluation? (9.3)

The sequence of the new version of ISO 9001 is based on the Plan, Do, Check, Act cycle and so, in order to evaluate quality management system performance, it makes sense for management review to follow the measurement of the system performance.

8. The title of management representative has been removed. How is the performance of the system reported to top management?

Although the prescriptive title of a management representative has been deleted, it is up to top management to ensure that the roles and responsibilities are assigned for reporting on the performance of the QMS. Some organizations might find it convenient to maintain their current structure, with a single person carrying out this role. Others might take advantage of the additional flexibility to consider other structures depending on their organizational context.

9. Why has product been changed to products and services?

ISO 9001:2008 already made it clear that the term product in the previous version of the standard also includes service, so there is no impact in practical terms. The term “products and services” is now used throughout the standard to reflect the far greater use of the standard outside of the manufacturing sector, and to emphasize its applicability in the service industries.

10. What is risk-based thinking and why has it been introduced into the standard?

The phrase risk-based thinking is used to describe the way in which ISO 9001:2015 addresses the question of risk. The concept of risk has always been implicit in ISO 9001, by requiring the organization to plan its processes and manage its business to avoid undesirable results.

Organizations have typically done this by putting greater emphasis on planning and controlling processes that have the biggest impact on the quality of the products and services they provide. The way in which organizations manage risk varies depending on their business context (e.g. the criticality of the products and services being provided, complexity of the processes, and the potential consequences of failure).

Use of the phrase risk-based thinking is intended to make it clear that while an awareness of risk is important, formal risk-management methodologies and risk assessment are not necessarily appropriate for all business situations and organizations.

11. What has been changed in terms of planning?

ISO 9001:2015 requires the organization to address risks and opportunities, quality objectives, and planning of changes. As new products, technologies, markets and business opportunities arise, it is to be expected that organizations will want to take full advantage of these opportunities. This has to done in a controlled manner, and be balanced against the potential risks involved, which could lead to undesirable side-effects.

12. Are organizations still allowed to exclude requirements of ISO 9001?

ISO 9001:2015 no longer refers to “exclusions” in relation to the applicability of its requirements to the organization’s quality management system. However, an organization can determine the applicability of requirements. All requirements in the new standard are intended to apply. The organization can only decide that a requirement is not applicable if its decision will not affect its ability or responsibility to ensure the conformity of products and services and the enhancement of customer satisfaction.

13. What is the process approach and is it still applicable to ISO 9001:2015?

The process approach is a way of obtaining a desired result, by managing activities and related resources as a process. Although the clause structure of ISO 9001:2015 follows the Plan-Do-Check-Act sequence, the process approach is still the underlying concept for the QMS.

14. What are the benefits of the new version of ISO 9001?

  • Less prescriptive, but with greater focus on achieving conforming products and services
  • More user friendly for service and knowledge-based organizations
  • Greater leadership engagement
  • More structured planning for setting objectives
  • Management review is aligned to organizational results
  • The opportunity for more flexible documented information
  • Addresses organizational risks and opportunities in a structured manner
  • Addresses supply chain management more effectively
  • Opportunity for an integrated management system that addresses other elements such as environment, health & safety, business continuity, etc.

Questions relating to specific clauses in the standard

15. What is meant by the context of the organization? (4)

This is the combination of those internal and external factors that affect an organization’s approach to the way in which it provides products and services that are delivered to its customer.

External factors can include, for example, cultural, social, political, legal, regulatory, financial, technological, economic, and competitive environment, at the international, national, regional or local level.

Internal factors typically include the organization’s corporate culture, governance, organizational structure, technologies, information systems, and decision-making processes (both formal and informal).

16. What are the needs and expectations associated with interested parties? (4.2)

The organization will need to determine the interested parties that are relevant to the quality management system and the requirements of those interested parties, as outlined in clause 4.2. This does not extend past the quality management system requirements and the scope of this International Standard.

As stated in the scope, ISO 9001:2015 is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction.

17. What is meant by organizational knowledge? (7.1.6 )

Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization’s objectives. Requirements regarding organizational knowledge were introduced for the purpose of safeguarding the organization from loss of knowledge and encouraging the organization to acquire new knowledge as its business context changes.

18. Documents and records have been replaced by documented information. What does this mean? (7.5)

Documentation, documents, and records are now collectively referred to as documented information. Where that documented information might be subject to change (as in the case of procedures, work instructions, etc.), organizations are required to MAINTAIN the information up-to-date. Where the information is not normally subject to change (for example records) the organization is required to RETAIN that information.

19. Why has Purchasing changed to ‘Control of externally provided processes, products and services’? (8.4)

This change reflects the fact that not all products, services or processes that an organization acquires are necessarily purchased in the traditional sense. Some may be acquired from other parts of a corporate entity, for example, as part of a shared pool of resources, products donated by benefactors or services provided by volunteers.

20. What has happened to validation of processes or what used to be called special processes? (8.5)

Although there is no longer a standalone sub-clause, this requirement continues, and has been incorporated into the sub-clause on control of production and service provision. (See 8.5.1.f)

21. What is meant by post-delivery activities and what is the extent of an organization’s responsibility? (8.5.5)

This means that based on customer agreements or other requirements, the organization may be responsible for providing support for their products or services after delivery. This could include, for example, technical support, routine maintenance, or in some cases, recall.

22. What is the difference in the standard between improvement and continual improvement? (10)

ISO 9001:2008 used the term continual improvement to emphasize the fact that this is an ongoing activity. However, it is important to recognize that there are a number of ways in which an organization may improve. Small step continual improvement is only one of these. Others may include breakthrough improvements, re-engineering initiatives or innovation. ISO 9001:2015 therefore uses the more general term improvement, of which continual improvement is one component, but not the only one.

The FAQs list will be reviewed and updated on a regular basis to maintain its accuracy, and to include new questions where appropriate. You can view the current list at this web page.