Introduction of participants
• The 5 W’s
▫ Who are you ?
What is your preferred name in class?
▫ Where do you work?
▫ What is your job title, and
▫ What are your main responsibilities?
▫ Why are you attending this course?
Please define your expectations
No smokingPunctuality Participation
• Welcome and Administration
• Introduction to ISO 9001 History
• Content of ISO 9001
• ISO 9001:2015
• ISO 9001 is a standard that sets out the
requirements for a quality management system.
It helps businesses and organizations to be more
efficient and improve customer satisfaction.
• A new version of the standard, ISO 9001:2015,
has just been launched, replacing the previous
version (ISO 9001:2008).
Who must attend this course
• Every body in the organization from different
levels as ISO is everybody concern.
What is ISO 9001?
• The ISO 9001 Quality Management System is the
world‟s most popular quality improvement
standard, with over one million certified
organizations in 180 countries around the globe. It
is the only standard in the 9000 family of standards
published by the International Organization for
Standardization (ISO) that can be used for the
purpose of conformity assessment. ISO 9001 also
serves as the basis for many other important sector-
specific standards, as well as widely used
management system standards such as OHSAS
18001 and ISO 14001.
ISO 9001 Revision
• The International Organization for Standardization
(ISO) is working on a major revision of the ISO
9001 standard. The last revision dates back to 2008
and introduced a small number of new
requirements. Publication of the final version of ISO
9001:2015 is expected at the end of 2015. The
working draft, ISO/DIS 9001:2015, is now available,
and has a clear objective.
Effectiveness and efficiency def:
• Doing the right thing (Result)
• Doing the thing in a right way (Methodology)
Give me example: A Football Match
Goals achieved (WON)
Performance and way in playing
W.I and SOP: How to do the Process
• The working draft, ISO/DIS 9001:2015 was distributed for
review and comment on May 8, 2014. The Committee Draft
(CD) published in the run-up to this draft received around
3,000 comments and was approved by 80% of the countries
in a preliminary vote. The international community has been
invited to submit their comments on this interim working
draft by July 2014.
• Publication of the official draft international standard (DIS) is
expected in September 2014. After the commenting period,
the final draft international standard (FDIS) will then be
passed before its presentation, scheduled for November
2014. Publication of the final version of ISO 9001:2015 is
expected in September 2015.
• It is certain that a “high-level structure“ will replace
the existing structure. This structure is in
accordance with the requirement of the ISO
Directive, Annex SL 2013.
• All management system standards developed in the
future will use a consistent structure and outline
such as identical core texts, common terms and core
definitions. This is to ensure that all sections of
management system standards share the same
section headings and core texts. The ISO 14001 and
BS OHSAS 18001 standards will also be revised in
accordance with the same structure.
Summary of the Key Changes
• The new draft is designed to make the standard
more generic and more easily applicable by
service industries. Therefore, the term “product“
has been replaced by “products and services“
when specifically referring to the deliverables for
Context of the Organization
• The high-level structure and the core text
established in Annex SL, Appendix 2, have
introduced two new clauses related to the
context of the organization:
• 4.1 Understanding the organization and its
• 4.2 Understanding the needs and expectations of
These two clauses require the organization to determine the issues and
requirements that can impact the planning of the quality management
system (QMS) and can be used as input for the development of the QMS.
The stakeholder approach, considered one of the most modern corporate
governance principles, is new. This approach is based on the assumption
that long-term business success can only be ensured by considering the
requirements of company stakeholders. The approach has been described
for many years in ISO 9004:2009, Section 4.4 “Interested parties, needs
and expectations,“ and has been introduced in the draft standard. In
comparison to “Customer Relationship Management“ (CRM), which only
addresses the relationship between an organization and its customers, the
principle of Stakeholder Relationship Management (SRM) goes
significantly further. It tries to balance the relationship of the organization
with all, or with the most important, stakeholders/interested parties.
These could include direct consumers, suppliers and retailers and other
parties along the supply chain, authorities and other relevant interested
parties. As a new feature in this draft, the term “interested parties“ now
also includes owners, people in an organization, bankers and even
• Although this DIS refers to the determination of
the requirements of major interested parties, it
does not require that products and services have
to fulfill the need and expectations of external
parties. This is with the exclusion of already
mentioned external parties in ISO 9001:2008,
i.e. customer and authorities, etc. Such a
requirement would require a change in the scope
of the standard, which is not covered under the
• The ISO 9001:2008 standard promoted the
adoption of a process approach when developing,
implementing and improving QMS effectiveness.
The draft standard does so even more explicitly in
Section 4.4 Quality management system and its
processes. This sub-chapter lists the essential
requirements of a process-focused management
approach. Inputs and outputs of each process must
be defined. In the future, the standard will require
the measurement of performance indicators and the
assignment of responsibilities.
What is the process approach?
The systematic management of processes and
their interactions to achieve intended results
What is the process approach?
All organizations use processes to:
• set interrelated or interacting activities
• transform inputs into outputs
• build in checks to meet objectives and
promote continuous improvement
The process approach integrates processes into
a complete system to achieve strategic and
How do I do it?
To use the process approach an organization
• understand and define the processes
needed to meet its objectives
• recognize that the processes are unique to
its own context
• integrate all of the processes and their
interactions into a system that utilizes
Process approach and risk-based
• The process approach incorporates risk-based
• Risk-based thinking ensures risk is
considered when establishing, implementing
and maintaining a management system, each
process and each activity
The process approach and PDCA
Processes can be managed using the PDCA
Plan set objectives and build
processes necessary to
Do implement what was planned
Check monitor and measure processes
and results against the objectives
Act take actions to improve results
• The term “documented information“ replaces
the previous terms “documents“ and “records.“
The intention was to give users more flexibility.
This also applies to the description of processes.
The organization determines the extent of
documented information on processes,
depending on factors such as process complexity
or employee competence. Documented
procedures previously required by the standard
are no longer necessary.
• The draft standards increase “management
responsibilities.“ In the future, responsibilities
previously held by the Quality Management
Representative will rest with top management
and a more precise assignment of roles and
responsibilities will be required.
• The scope of the management review is extended
by the addition of the aspects “strategic direction
of the organization,“ consideration of the
“relevant interested parties“ and “assessment of
risks and opportunities“ at a strategic level.
Risk and Preventive Actions
• The high-level structure and core texts specified in Annex SL,
Appendix 2, does not include a clause stating specific
requirements for “preventive measures.“ The reason is
because acting as a “preventive tool“ is one of the key
purposes of a quality management system (risk prevention).
The emphasis on a risk-based approach is referenced in many
places in the draft standard, from risk assessment in Section
4.4 “Quality management system and its processes,“
leadership issues in Section 5.1.1 and a separate sub-clause in
Section 6.1.2 “Actions to address risks and opportunities“ to
risk-based approaches in “Operational planning and control“
(Chapter 8.1) and “Management review“ (Chapter 9.3). While
the draft demands that risks are identified and acted upon,
there is no requirement for standardized risk management.
• "boiling frog syndrome," referring to the
metaphor that a frog put in boiling water
will jump out, while one in cold water
won't notice the danger if the
temperature heats up slowly.
• “What the market needs to focus on now is the
temperature of the water," Howard Esaki,
global head of structured finance
research at Standard & Poor's, said at a
year-end 2014 commercial real estate
What is Risk ?
“The level of exposure to uncertainties that the
enterprise/organization must understand and
effectively manage as it executes its strategies to
achieve its business objectives and create value.”
Source: Alain LeBlanc, CD, B.Eng., M. Sc, M. Eng. 2011, Canadian Society of Value Analysis
Define the following according to your
business position giving examples:
• Business objectives
• Lost value
• Gained value-added value
• Created value
Treatment Failure due to disease
A true story for understanding the next
Risk assessment and estimation differ from person to person
Risk: Internal or External ?
Your own Project
Your own Business
Inside the organization
Exchange Rate Fluctuations
Risk is not only something bad will happen but also something
good will not happen (opportunities Vs. Problems)
Diagrams shows forming of risk appetite:
(Green, High normal, above normal, yellow
2. Quantify Risks
• A Risk Matrix: a tool used to rate the
significance of the identified risks based on the
impacts and likelihood ratings.
• Different forms of the risk matrix can be used,
however, the simplest one is
3 X 3 Grid
2. Quantify Risks
•The risk rating which is a
combination of likelihood
and impact is a rating of
the significance of each
•The nearer is the risk to
the top-right right corner
of the matrix,
•the more significant is
3. Identify Countermeasures
• After the assessment of the identified risk and
prioritizing the risks.
How to deal with these risks ?
3. Identify Countermeasures
Risk responses based on significance
3. Identify Countermeasures
How to response to risks ?
3. Identify Countermeasures
• Risk Acceptance: When ?
▫ Likelihood = Low & Impact = Low
▫ Costs of addressing risk > Potential loss
3. Identify Countermeasures
• Risk Management: When ?
▫ Likelihood = High & Impact = Low
▫ Approaches through training, education and
monitoring, improving processes
3. Identify Countermeasures
• Contingency Planning: When ?
▫ Likelihood = Low & Impact = High
E.g. Large financial losses, reputation damage
3. Identify Countermeasures
• Contingency Plans could be:
- Crisis Management
- Communication with customers and
- Alternative ways of supply and
- Relocation and recovery of critical
3. Identify Countermeasures
• Example: To cross the road I may go directly or I
may use a nearby footbridge. Which process I
choose will be determined by considering the risks.
• Risk is commonly understood to have only negative
consequences; however the effects of risk can be
either negative or positive.
• In ISO 9001:2015 risks and opportunities are often
cited together. Opportunity is not the positive side of
risk. An opportunity is a set of circumstances which
makes it possible to do something. Taking or not
taking an opportunity then presents different levels
• Crossing the road directly gives me an opportunity
to reach the other side quickly, but if I take that
opportunity there is an increased risk of injury
from moving cars.
Risk-based thinking replacing preventive
action in ISO 9001:2015 – The benefits
• ISO 9001:2015 standard requires us to take a “risk-based
approach to quality management.” This involves taking a
greater strategic view of risk within your business, and
also ties in with the changes in leadership requirements
• So, given that your top management team should now be
involved in the process of identifying, recording,
removing, and mitigating risk, then you can see that
from the start, using a risk-based thinking process
should far surpass preventive action in terms of
effectiveness. Ensuring that your management team has
a forum for identifying risk at the regular management
meetings can be a vital step toward this. Equally
important is ensuring that all employees at a lower level
have a channel where they can feed their opinions
upwards for consideration by the management team.
• When these two processes are in place, you will have a
“risk-based thinking” process that is presided over by the
top management team, which holds all the key strategic
knowledge about threats to the business, and is
supported by information from all levels – some of
which may have previously remained unknown to them.
So, in effect, in place of a one-dimensional preventive
action process, which usually was carried out at a lower
level and remained there, you now have a risk-based
thinking process presided over by the team who has all
information available to them from the pinnacle of the
company, filtering all the way down. With the decisions
made from this process, and the ensuing actions, it is not
difficult to see that the documented actions and
objectives will be more effective on a company-wide
basis than the preventive action process was.
what does your organization have to do to get up
to speed with this change?
• There will be a transition period of up to three years for
implementation of the new standard, but some of the changes are
so beneficial that the sooner you start, the better. Encouraging
your top management team to embrace the changes in leadership
requirements and coupling this with a new risk-based thinking
process makes perfect sense. The sooner you can facilitate both,
and encourage the synergy between the two, the more in tune your
organization will be to the threats and risks you will have to
navigate in the coming months and years. And, as we all know,
where there are risks there are almost always opportunities, so
identification of these are another positive spinoff of adopting this
overall approach as soon as possible. Removal and mitigation of
risk almost always ensures company growth, which can only be
good news for your organization. ISO 9001:2015 is a standard that
goes far beyond company quality standards, and its outputs ensure
that your organization can be protected and improved, and new
opportunities identified, as stated above. Given that these changes
are so beneficial
• Introduction - the concept of risk-based thinking is
• Clause 4 - organization is required to determine its
QMS processes and address its risks and opportunities
• Clause 5 – top management is required to
▫ Promote awareness of risk-based thinking
▫ Determine and address risks and opportunities that
can affect product /service conformity
• Clause 6 - organization is required to identify risks and
opportunities related to QMS performance and take
appropriate actions to address them
Risk-based thinking is in:
Risk-based thinking is in:
• Clause 7 – organization is required to determine and
provide necessary resources
• Clause 8 - organization is required to manage its
• Clause 9 - organization is required to monitor,
measure, analyse and evaluate the effectiveness of
actions taken to address risks and opportunities
• Clause 10 - organization is required to correct, prevent
or reduce undesired effects and improve the QMS and
update risks and opportunities
• Note, risk is implicit whenever suitable or appropriate
is mentioned (clause 7 and 8)
Why use risk-based thinking?
Successful organizations intuitively apply risk-
based thinking because it brings benefits that:
• improve governance
• establish a proactive culture of improvement
• assist with compliance
• assure consistency of quality of products and
• improve customer confidence and satisfaction
How do I do it?
• Identify what your risks are – it depends on
• Use risk-based thinking to prioritize the way you
manage your processes
• ISO 9001:2015 does not require formal risk
• ISO 31000 Risk management — Principles and
guidelines may be a useful reference for
organizations that want or need a more formal
approach to risk (but its use is not obligatory)
How do I do it?
Balance risks and opportunities
• Analyse and prioritize your risks
what is acceptable?
what is unacceptable?
• Plan actions to address the risks
how can I avoid, eliminate or mitigate
• Implement the plan; take action
• Check the effectiveness of the action; does it
• is not new
• is something you probably do already
• is ongoing
• ensures greater knowledge of risks and improves
• increases the probability of reaching objectives
• reduces the probability of negative results
• makes prevention a habit
How Can You Prepare?
• At this stage, it is relatively easy to predict the
updated QM-specific contents that will be
included in the ISO 9001:2015. The
requirements of the above sections will only be
subject to minor changes. Organizations that
have established management systems should
familiarize themselves with the changes and
subsequently upgrade their management
systems accordingly in 2015 and 2016.
• There will be a three-year transition period
during which both the old and the new standard
will apply in parallel. However, within the scope
of certification, organizations should not leave
the upgrade until the very end of the transition
period. We recommend that organizations
upgrade their systems to the new standard at an
early stage within the scope of a regular re-
Your Business Benefits
• Save money and time – through quality management
practices that increase your organizational efficiency,
productivity and profitability.
• Minimize risk – by consistently achieving a level of quality
defined by the standard, thus ensuring your products and
services are less likely to fall short of customer expectations.
• Profit from an expert partnership – an internationally
recognised and respected brand.
• Increase your competitiveness – with a quality
management system that attracts investors and lowers trade
barriers to your business.
• Gain market recognition – with the world‟s most widely
known quality management system, which can help establish
your presence as a supplier when entering a new market.
• ISO 9000 was first published in 1987. It was based on
the BS 5750 series of standards from BSI that were
proposed to ISO in 1979. However, its history can be
traced back some 20 years before that, to the publication
of the United States Department of Defense MIL-Q-9858
standard in 1959. MIL-Q-9858 was revised into the
NATO AQAP series of standards in 1969, which in turn
were revised into the BS 5179 series of guidance
standards published in 1974, and finally revised into the
BS 5750 series of requirements standards in 1979 before
being submitted to ISO. The first revision was done in
1994, and the standard was issued as a quality assurance
system. At this point, the standard had three sub-
standards: ISO 9001, ISO 9002, and ISO 9003. The next
revision of the standard was done in the year 2000, and
this standard defined the Quality Management System.
In 2008 the third revision was published, and now the
2015 revision is the current revision
What are the major differences ?
• The most noticeable change to the standard is its new
structure. ISO 9001:2015 now follows the same overall
structure as other ISO management system standards
(known as the High-Level Structure), making it easier
for anyone using multiple management systems. More
information can be found in Annex SL of ISO/IEC
Directives Part 1 (the rules for developing ISO
• Another major difference is the focus on risk-based
thinking. While this has always been part of the
standard, the new version gives it increased
prominence. More information on how to adapt to this
risk-based thinking can be found on the Website run by
ISO/TC 176/SC 2, the group of experts behind the
ISO 9001:2015 version follows the new high-
level structure and comprises ten sections:
ISO 9001:2008 ISO 9001:2015
0. Introduction 0. Introduction
1. Scope 1. Scope
2. Normative reference 2. Normative reference
3. Terms and definitions 3. Terms and definitions
4. Quality management system 4. Context of the organisation
5. Management responsibility
6. Resource management 7. Support
7. Product realisation 8. Operation
8. Measurement, analysis and
9. Performance evaluation
DIFFERENT TERMINOLOGY IN ISO 9001:2008 AND ISO
ISO 9001:2008 ISO 9001:2015
Products Products and services
Documentation, quality manual,
documented procedures, records,
Environment for the operation of
Monitoring and measuring equipment Monitoring and measuring resources
Externally provided products and
Supplier External provider
• What does it require to eat an excellent
What’s the new structure?
• The new structure of 9001:2015 is similar to the
9001:2008 as the first 3 sections are Scope,
Normative References, & Terms and Definitions.
In the 2015 revision sections 4 through 8 are
now 4 through 10, but still based on the PDCA
So the structure is new, what else?
• The standard will have a cross-reference in its Annex comparing the changes
between 2008 and 2015.
• Risk management: This is probably the most significant change and is
mentioned throughout the standard. Formal risk management (e.g. according
to ISO 31000) is not required, but some form of consideration needs to be
• Process approach: This no longer only relates to recognizing the workflows in
the company, but now managing the workflows in a more specific manner.
• Documentation: Now more flexible. Records and documents will become
“documented information”. You shouldn‟t get rid of your documentation as
you still need objective evidence of meeting the requirements, but how you
document is more open to best fit for your organization
• Leadership: A formal management representative is no longer specified, but
the standard still requires commitment, responsiveness, active support,
communication, and feedback from the organization to ensure the
establishment, implementation and the maintenance of system. In short,
someone still has to be responsible but the responsibility is shared.
• Context of the Organization: Providing a high-level understanding of the issues
that can affect, either positively or negatively, the way the organization
manages its responsibilities for the system. Issues can include conditions,
characteristics, or changing circumstances that can affect the system.
I have an integrated ISO 9001 with ISO 14001 and/or
OHSAS 18001, how will this affect my system? ISO
9001:2015 HAS A HIGH LEVEL STRUCTURE (HLS)
• The standards are now being based on Annex SL to allow
for easier integration. You will need to plan your
transitions carefully as they have different publication
• As a result of the new arrangement in ten clauses, ISO
9001:2015 now has the same unambiguous structure as
all standardized management systems, known as a „High
Level Structure‟ (HLS).
• The core elements of ISO 9001, ISO 14001, ISO 22000,
OHSAS 18001, etc. are therefore all the same from now
on. This has made the integration of various
management systems much simpler. If, for example, an
organization wishes to implement ISO 14001 in addition
to ISO 9001, the parts that cover the same topic can
easily be seen in the standards.
Some of the proposed changes in
the updated standard include:
• New formatting of the Standard against Annex
• Removal of the Management Representative role
• Identification and management of Interested
• Removal of the preventive action principal
• Addition of risk based assessment of
• Reduction of Quality Principles from 7 to 8
How Change is addressed within ISO
• Purpose: To explain the new requirement for
Change in ISO 9001:2015
• 6.3 Planning of changes
• 8.1 Operational planning and control
• 8.3.6 Design and development changes
• 8.5.6 Control of changes
Purpose of this new requirement:
• One of the goals of the ISO 9001:2015 revision is to
enhance the requirements for addressing changes at
system and operational levels. The ISO 9001:2015
requirements provide a strong basis for a
management system for business that supports the
strategic direction of the organization. Once the
organization has identified its context and interested
parties and then identified the processes that
support this linkage, addressing changes becomes
an increasingly important component of continued
• Once its processes are determined, an
organization will need to identify the risks and
opportunities associated with these processes.
To achieve the benefits associated with the
determination of risks and opportunities,
changes may be needed. These changes can be
related to any element of the process, such as
inputs, resources, persons, activities, controls,
measurements, outputs, etc.
• Changes are intended to be beneficial to the
organization and need to be carried out as
determined by the organization. In addition,
consideration of new introduced risks and
opportunities need to be taken into account.
• To achieve the benefits associated with changes, the
organization should consider all types of changes
that may need to occur. These changes may be
generated, for example, in:
• Documented information
• employee training
• supplier selection
• supplier management
• and many others
• The successful management and control of these
changes has become a core requirement within
the organization‟s QMS.
• Clause 4.1 (Quality management system – General
requirements) of ISO 9001:2008 requires:
• “The organization shall establish, document,
implement and maintain a quality management
• In addition clause 4.2.1 (Documentation
requirements – General) of ISO 9001:2008 requires
organizations to have a Quality Manual as a part of
• Clause 4.2.2 (Quality manual) provides the details
on what should be included in the Quality Manual.
ISO 9001:2015 Quality Manual?
• Clause 4.4.1 (Quality management system – General) of ISO
9001:2015 Committee Draft (CD) requires:
• “The organization shall establish, implement and maintain a
quality management system ….”
• Newly release committee draft does not include the
requirement to “document” the Quality Management System.
• Also there is no mention of the word “Quality Manual” any
where in the draft standard.
• A Manual is not required to be produced for Environmental
Management System (ISO 14001) and some other
management standards. In an effort to ensure harmony
between different management systems the requirement to
produce a Quality Manual no longer
These new requirements are
referenced in ISO 9001:2015 as
6.3 Planning of changes
• When the organization determines the need for
changes to the quality management system, the
changes shall be carried out in a planned and
systematic manner (see 4.4).
• The organization shall consider the:
a) purpose of the changes and their potential
b) integrity of the quality management system;
c) availability of resources;
d) allocation or reallocation of responsibilities and
8.1 Operational planning
• The organization shall control planned changes
and review the consequences of unintended
changes, taking action to mitigate any adverse
effects, as necessary.
8.3.6 Design and development
• During design and development changes that are
identified will be reviewed and controlled to
ensure there is no impact to the conformity of
the product or service.
8.5.6 Control of changes
• The organization shall review and control
changes for production or service provision, to
the extent necessary to ensure continuing
conformity with requirements.
• The organization shall retain documented
information describing the results of the review
of changes, the persons authorizing the change,
and any necessary actions arising from the
• Footnote: Other references to change are found
in clauses; 4.4, 5.3, 9.2, 9.3, 10.2)
Things to consider when implementing the
new requirement for Change
• There are many triggers that can cause a change to the
Quality Management System:
▫ Customer feedback
▫ Customer complaint
▫ Product failure
▫ Employee feedback
▫ Determined risk
▫ Determined opportunity
▫ Internal audit results
▫ Management review results
▫ Identified nonconformity
▫ Many others
• NOTE: These recommendations not necessarily
applicable for every type of organization.
• Background: Some changes need to be carefully
managed while others can be safely ignored. In order to
sort through this, the organization should consider a
method to prioritize. (Executed Item)
• To determine the priority, the organization should
consider a methodology that allows them to take into
▫ Consequences of the change
▫ Likelihood of the consequence
▫ Impact on customers
▫ Impact on interested parties
▫ Impact on quality objectives
▫ Effectiveness of processes that are part of the QMS
Typical steps to Implement changes
▫ Define the specifics of what is to be changed
▫ Have a plan (tasks, timeline, responsibilities,
authorities, budget, resources, needed information,
▫ Engage other people as appropriate in the change
▫ Develop a communication plan (appropriate people
within the organization, customers, suppliers,
interested parties, etc. may need to be informed)
▫ Use a cross functional team review the plan to provide
feedback related to the plan and associated risks
▫ Train people
▫ Measure the effectiveness
What changes may need to be made?
• Change to a process (inputs, activities, outputs, controls,
• Communication with customers
• Communication with the supply chain
• Additional controls for processes
• Employee training
• Implement a new process
• Provide documented information
• Change existing documented information
• Improve employee competence
• Outsource a process
• Many others
• Other considerations:
• Prior to making a change, the organization
should consider unintended consequences
• After making a change the organization should
monitor the change to determine its
effectiveness and to identify any additional
problems that might be created
• Records of some changes may be needed as part
of the Quality Management System
Is there anything else companies need to know before
they get going with ISO 9001 or the new version ISO
• The requirement for formal procedures and a quality
manual have been scrapped in ISO 9001:2015, as was
stated above. Only relevant information has to be available
• Organizations that already have an ISO 9001 quality
management system do not have to discard their existing
procedures and documentation, of course. A good system
remains a good system and you will still need a proper
structure for your crucial documentation.
• If something is no longer obligatory, it doesn‟t mean that
you have to scrap it right away, of course. It‟s better to hang
on to what you are happy with and what helps your
organization to progress.
Assignment 2: Draw all ISO 9001 Claus in
a organizational structure(Flow Chart)
•Similar to ISO9001 : 2008 with the introduction of
the term "goods and services" as opposed to "
•Similar to ISO9001 : 2008
•Many terms are defined and in this section; need
to wait to see if they stay or get moved to
4 Context of the organization
•Need to define the organization's "purpose,
scope, environment, systems and interested
•Expect the QMS to focus on " risks and threats"
•Roles and Responsibilities" need defining
•Policies and objectives" need to be established
•Similar to current Section 5 (ISO9001 : 2008)
but no "management representative"
•Focus on how to address "risks" and
•Included are "structured planning processes",
planning for change , and clear planning
•Includes section on "Infrastructure, work environment , and
control of monitoring and measuring equipment."
•Includes terms focused on " competence , awareness,
communication" and a new concept called "knowledge"
•Documented Information" is in this section; "quality manual"
and "documented procedures" are not specified.
•This is the current (9001 : 2008) Clause 7.0 Product
Realization plus non conforming product (8.3)
•Clause 8.5 is a new version of the current 7.3 (Design and
•This clause includes "monitoring, measuring, analysis and
•Internal audits, management review and customer
satisfaction perception" are in this section
•Focus on the improvement of "suitability, adequacy, and
•Corrective action" identified
•Preventative action" and the term " continual improvement" is
not in the CD draft
• ISO 9001:2015 certification introduces a few changes and revisions to
accommodate the changing business environment of the modern
world. Organizations operate in a quite dynamic business scenario
where they are supposed to alter and tune business strategies at
regular intervals. 2015 update takes care of it by including several
terminologies, information restructuring, and importance to risk-
based thinking make it further applicable and relevant today.
• For ISO 9001:2015 upgrade, organizations should review the current
approach. Business leaders are required to engage with process owners
and team members to understand the process change with respect to
the proposed version. They should identify, manage, and control these
modifications as quickly as possible so that there is a minimized
• Organizations that are already certified for ISO 9001 should upgrade to
2015 version because it widens the horizon of applicability and
relevance. As per ISO norms, a transition period of three is given to
ISO 9001:2008 certified organizations. Organizations should apply the
principles of quality management for enhancing the business in such a
way that a sustainable business improvement can be obtained. It is the
biggest benefit of ISO certification. ISO 9001:2015 is beneficial for
small, medium and large organizations across industries.
What benefits does the new version
• The new version of the standard brings the user a
number of benefits. For example, ISO 9001:2015 :
• Puts greater emphasis on leadership engagement
• Helps address organizational risks and opportunities in a
• Uses simplified language and a common structure and
terms, which are particularly helpful to organizations
using multiple management systems, such as those for
the environment, health & safety, or business continuity
• Addresses supply chain management more effectively
• Is more user-friendly for service and knowledge-based
I am currently using ISO 9001:2008
What should I do ?
• The 2015 edition has now replaced the 2008
version. Since it has been revised to meet the
needs of today‟s business world, we recommend
that you update your quality management
system to fit the new version.
• Every organization is different, so the steps
needed to adjust your management system are
likely to be unique to your situation. However,
here are some tips that will help you get started
on the journey.
Tip 1 –
• Familiarize yourself with the new document.
• While some things have indeed changed, many
remain the same. A correlation matrix, available
• from ISO/TC 176/SC 2, will help you identify if
• of the standard have been moved to other
Tip 2 –
• Identify any organizational gaps which need to
be addressed to meet the new requirements.
• Tip 3 – Develop an implementation plan.
• Tip 4 – Provide appropriate training and awareness
• for all parties that have an impact on the
• of the organization.
• Tip 5 – Update your existing quality management
• system to meet the revised requirements.
• Tip 6 – If you are certified to the standard, talk
• to your certification body about transitioning
• to the new version.
I am certified to ISO 9001:2008. What
should I do ?
• If you wish to maintain your certification to ISO
9001, you will need to upgrade your quality
management system to the new edition of the
standard and seek certification to it.
• You have a three-year transition period from the
date of publication (September 2015) to move to
the 2015 version. This means that, after the end
of September 2018, a certificate to ISO
9001:2008 will no longer be valid.
So how will it affect your Organization
It is likely that you and your Organization will have to:
• Purchase a copy of the updated Standard
• Conduct a gap analysis/impact assessment against
• Alter the Management System to meet new requirements
• Train staff in new 9001:2015 requirements as well as
new Management System procedures/controls
• Train and update existing auditors with relevant
knowledge about 9001:2015.
• To make sure that your Company keeps up with the
development of the 9001 update and how it will affect
your Company, keep reviewing this website for updates.
How can companies transition from
ISO 9001:2008 to ISO 9001:2015?
• Assuming that a company is already ISO 9001
certified, I recommend taking the following
steps in order to comply with ISO 9001:2015:
1. Baseline measurement
• Perform a baseline measurement in your
organization. Make a complete overview of the
current status of your quality management
system and your organization's conduct of
2. Plan of approach
• Draw up a plan based on the baseline
measurement. Thanks to this plan, you can take
the time to make changes and to implement
improvements step by step.
• 3. Implementation
• Implement the changes in accordance with the
plan of approach. Incorporate measurement
points and milestones.
• 4. Auditing and process analysis
• Measure whether the changes have had the
desired effect. Measure the input and output of
the processes you consider to be important
because they are critical or risky, for example.
• Have your organization certified according to
6. Communication with interested parties
• Show your interested parties not just the
certificate, but also show them the results with
pride. Let them see how well your organization
manages its processes and continuously
• “Retain and Maintain documented information”
Differentiate and specify the clause Nr.
• Checklist formation for one clause or a part- how
could you ask, please enumerate all available Q.
• Risk Based Thinking is which Clause, please
identify according to the ISO Standard
• What are the main differences between ISO
9001:2008 and ISO 9001:2015
References and further information
• International Organization for Standardization
Tel: +41 22 749 01 11, Web: www.iso.org
• ISO/TC 176/SC2/N1287