Understanding changes of ISO 9001-2008 to ISO 9001-2015
1. José Alejandro Soto Zevallos
Understanding changes of
ISO 9001: 2008 to ISO 9001: 2015
2. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Índice
Introduction 3.....................................................................................................
Generalities of the correlation of ISO 9001:2008 to ISO 9001:2015 4...............
Excludable requirements 5.................................................................................
Risk Management and Preventive Action 5........................................................
Correlation of clause 4 of ISO 9001:2008 6.......................................................
Correlation of clause 5 of ISO 9001:2008 8.......................................................
Correlation of clause 6 of ISO 9001:2008 10.......................................................
Correlation of clause 7 of ISO 9001:2008 11.......................................................
Correlation of clause 8 of ISO 9001:2008 13.......................................................
Differences in the Terminology between ISO 9001:2008 and ISO 9001:2015 15
Conclusions 16.....................................................................................................
Bibliography 17....................................................................................................
About the autor 18...............................................................................................
José Alejandro Soto Zevallos 2
3. Understanding changes of ISO 9001:2008 to ISO 9001:2015
“In the race for quality there is no finish line” - David T. Kearns
Introduction
In 2012 the International Organization for Standardization - ISO decided that all standards of
management systems (Standards) should use a common framework containing a macro
structure consisting of common texts and the same terminology, which would be applicable
to new standards and future revisions of existing ones.
The generation of this common framework seeks to achieve the following objectives:
✓ Standardization and efficiency in the development of standards for ISO technical
committees.
✓ Greater alignment and compatibility between standards.
As part of this process, the ISO 9001:2008 standard was replaced by the ISO 9001:2015
standard in the month of September of the year 2015 and this 2018 definitively ended the
validity of the 2008 version.
This document provides a clear understanding of the changes in ISO 9001:2015, which you
can use to support the migration of your QMS.
José Alejandro Soto Zevallos 3
4. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Generalities of the correlation of ISO 9001:2008 to ISO 9001:2015
The new ISO 9001:2015 brings very important changes, although the most prominent one is
the incorporation of risk management or the risk-based approach in the Quality Management
Systems.
Although it is a technique normally applied in organizations until now, it was not aligned with
the SGC.
The main changes established in ISO 9001:2015 are:
✓ Structure and terminology, including the incorporation of the SL annex as a frame of
reference for the new structure of regulatory requirements;
✓ The broader internal and external context for the Organization's Quality Management
system (clauses 4 and 6);
✓ More detailed requirements for the Quality Management System (extension of clauses: 5
and 7 - 10).
José Alejandro Soto Zevallos 4
5. Understanding changes of ISO 9001:2008 to ISO 9001:2015
In order to better integrate all the standards and to make a greater understanding of the
process approach, the chapters of the standard have been restructured in 10 blocks, which is
called HLS (high level structure, in its acronym in English), the which will be common for the
new standards and updates, and includes:
✓ Introduction
✓ 1. Reach
✓ 2. Normative references
✓ 3. Terms and definitions
✓ The regulatory requirements are presented from the 4th to the 10th block. And in the case
of ISO 9001, a correlation can be made between the requirements structure of the 2008
version and the new one, by means of a correlation matrix from ISO 9001:2008 to ISO
9001:2015.
Excludable requirements
The ISO 9001: 2015 Standard provides that all its requirements are applicable, leaving open
the possibility of determining and justifying the non-applicability of a requirement as long as it
does not affect the ability or responsibility of the organization to ensure the conformity of its
products and services and the increase in customer satisfaction.
This determination may vary over time, based on the nature of the risks and opportunities you
encounter. You can not decide not to apply a requirement when it, based on the scope of the
organization, can be applied perfectly.
Risk Management and Preventive Action
Risk management involves a preventive design of the management system, which is why the
specific section "Preventive Action" disappears.
Organizations are asked to identify the context in which they operate and locate the risks and
opportunities that should be addressed, which should be one of the bases for the design of
the quality management system.
“ISO 9001:2015 encourages greater guidance in quality
management as part of a risk-based approach”
José Alejandro Soto Zevallos 5
6. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Correlation of clause 4 of ISO 9001:2008
ISO 9001:2015 requires organizations to establish a Quality Management System determining
the relevant internal and external aspects, understanding the need and expectations of
interested parties, specifying the scope of application of the Quality Management System and
considering these aspects together in order to properly understand the opportunities and
risks they represent for the organization.
The change established in the methodology implies a distancing of the approach "towards the
interior of the organization" directing the development and implementation of the Quality
Management System towards an approach where external factors have a great influence on
the way the Management System of Quality is focused and prioritized to be as effective as
possible in relation to the main internal and external objectives.
An organization that seeks to implement a Quality Management System, will need to
determine the relevant stakeholders to the Quality Management System, follow up and review
the information on these interested parties and their pertinent requirements.
Closely aligned with the context of the organization is the adoption of a risk-based approach
when developing and implementing the Quality Management System.
4. Quality management system
ISO 9001:2008 ISO 9001:2015
4 Quality management system 4 Context of the organization
4.1 General requirements 4.4
Understanding the organization and
its context
4.2 Documentation requirements 7.5 Documented information
4.2.1 General 7.5.1 General
4.2.2 Quality Manual
4.3
Determining the scope of the quality
management system
7.5.1 General
4.4
Quality management system and its
processes
4.2.3 Control of documents 7.5.2 Creation and updating
7.5.3 Control of documented information
4.2.4 Control of records 7.5.2 Creation and update
7.5.3 Control of documented information
José Alejandro Soto Zevallos 6
7. Understanding changes of ISO 9001:2008 to ISO 9001:2015
The organization must identify the risks and opportunities that must be addressed to ensure
that the Quality Management System can achieve the expected results, particularly those
related in a relevant way to the context of the organization.
The organization must have action plans to address said risks and opportunities, integrate
them and implement them within the processes of the Quality Management System and
evaluate the effectiveness of said actions.
References to the quality manual, documented procedures and quality records have been
removed. Instead, throughout the ISO 9001:2015, specific references are made to
"documented information" which is the information that the organization requires to maintain
and control. The means to record this information depend on the organization itself; The
formats and methods of conservation are not prescribed in the ISO 9001:2015 standard.
José Alejandro Soto Zevallos 7
8. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Correlation of clause 5 of ISO 9001:2008
The concept of risk-based thinking has been implicit in previous editions of ISO 9001, for
example, through requirements for planning, review and improvement. ISO 9001: 2015
specifies requirements for the organization to understand its context and determine the risks
as a basis for planning. This represents the application of risk-based thinking to the planning
and implementation of system processes.
The risk-based thinking applied in ISO 9001: 2015 has allowed some reduction in the
prescriptive requirements and its replacement by performance-based requirements. There is
5. Responsibility of management
ISO 9001:2008 ISO 9001:2015
5 Responsibility of management 5 Leadership
5.1 Management commitment
5.1 Leadership and commitment
5.1.1 General
5.2 Focus on the client 5.1.2 Customer focus
5.3 Quality policy 5.2 Policy
5.4 Planning 6 Planning
5.4.1 Quality objectives 6.2
Quality objectives and planning to
achieve them
5.4.2 Planning of the QMS
6 Planning
6.1
Actions to address risks and
opportunities
6.3 Planning of changes
5.5
Responsibility, authority and
communication
5 Leadership
5.5.1 Responsibility and authority 5.3
Organization roles, responsibilities
and authorities
5.5.2
Representative of the
management
5.3
Organization roles, responsibilities
and authorities
5.5.3 Internal communication 7.4 Communication
5.6 Management review 9.3 Management review
5.6.1 Management review - General 9.3.1 General
5.6.2 Information for the review 9.3.2 Management review inputs
5.6.3 Results of the review 9.3.3 Management review outputs
José Alejandro Soto Zevallos 8
9. Understanding changes of ISO 9001:2008 to ISO 9001:2015
greater flexibility than in ISO 9001: 2008 in the requirements for processes, documented
information and the responsibilities of the organization.
Although section 6.1 specifies that the organization must plan actions to address the risks,
there is no requirement in terms of formal methods for risk management or a documented
process of risk management.
Organizations can decide whether or not to develop a risk management methodology that is
broader than required by this International Standard, for example through the application of
other guidance or other standards.
Not all processes of a quality management system represent the same level of risk in terms of
the ability of the organization to meet its objectives, and the effects of uncertainty are not the
same for all organizations.
Under the requirements of section 6.1, the organization is responsible for the application of
risk-based thinking and the actions it takes to address the risks, including whether or not it
maintains documented information as evidence of its risk determination.
José Alejandro Soto Zevallos 9
10. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Correlation of clause 6 of ISO 9001:2008
In addition to the adoption of the risk-based approach, there are several new requirements:
✓ Any organization that implements a Quality Management System must identify the
necessary competence for the personnel that perform tasks that affect Quality, as well as
ensure that said personnel is competent to perform it.
✓ The requirement to identify and maintain the necessary knowledge to ensure compliance
of products and services remains.
The requirements related to the knowledge of the organization were introduced with the
purpose of:
a) safeguard the organization from loss of knowledge, for example:
- because of staff turnover;
- failure to capture and share information;
b) encourage the organization to acquire knowledge, for example:
- learning from experience;
- tutorials;
- comparative studies with best practices.
ISO 9001: 2015 directly expects that organizations really apply a process-based approach
when planning, developing and implementing the Quality Management System. The 2015
version also includes a list of essential requirements for such an approach. The intention is to
ensure that the organization systematically defines and manages, not only the processes, but
the interaction between them.
6. Resource Management
ISO 9001:2008 ISO 9001:2015
6 Resource Management 7.1 Resources
6.1 Provision of resources
7.1.1 General
7.1.2 People
6.2 Human Resources 7.2 Competence
6.2.1 General 7.2 Competence
6.2.2
Competence, training and
awareness
7.2 Competence
7.3 Awareness
6.3 Infrastructure 7.1.3 Infrastructure
6.4 Work environment 7.1.4
Environment for the operation of
processes
José Alejandro Soto Zevallos 10
11. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Correlation of clause 7 of ISO 9001:2008
7. Product realization
ISO 9001:2008 ISO 9001:2015
7 Product realization 8 Operation
7.1 Planning and product realization 8.1 Operational planning and control
7.2 Customer related processes 8.2
Requirements for products and
control
7.2.1
Determination of requirements
related to the product
8.2.2
Determining the requirements for
products and services
7.2.2
Review of requirements related to
the product
8.2.3
Review of the requirements for
products and services
7.2.3 Customer communication 8.2.1 Customer communication
7.3 Design and development 8.3
Design and development of
products and services
7.3.1 Design an development planning
8.3.1 General
8.3.2 Design and development planning
7.3.2 Design an development inputs 8.3.3 Design and development inputs
7.3.3 Design an development outputs 8.3.5 Design and development outputs
7.3.4 Design an development review 8.3.4 Design and development controls
7.3.5
Design an development
verification
8.3.4 Design and development controls
7.3.6 Design an development validation 8.3.4 Design and development controls
7.3.7
Control of design and
development changes
8.3.6 Design and development changes
7.4 Purchasing 8.4
Control of externally provided
processes, products and services
7.4.1 Purchasing process
8.4.1 General
8.4.2 Type and extent of control
7.4.2 Purchasing information 8.4.3 Information for external providers
7.4.3 Verification of purchased product 8.6 Release of products and services
7.5 Production and service provision 8.5 Production and service provision
7.5.1
Control of production and service
provision
8.5.1
Control of production and service
provision
8.5.5 Post-delivery activities
José Alejandro Soto Zevallos 11
12. Understanding changes of ISO 9001:2008 to ISO 9001:2015
The term "product" is replaced by "products and services". Previously, the inclusion of
services in the definition of products was implicit. With the inclusion of an explicit reference to
services, the drafters of the standard try to reinforce that ISO 9001 is applicable to all
organizations, not only those that offer physical products.
The clauses of the 2008 version (7.3.4, 7.3.5, 7.3.6 and 7.3.7) that referred to the revision,
verification, validation and control of design and development changes, have been merged in
clause 8.3. 4 'Controls of design and development', avoiding ambiguities in the focus of each
of these activities.
The phrase "products and services provided externally" replaces "Purchases". Clause 8.4
establishes all forms of external provision, either by purchasing from a supplier, through an
agreement with an associated company, through the outsourcing of the processes and
functions of the organization, or by any other means.
Outsourcing always has the essential characteristic of a service, since it will have at least one
activity necessarily performed at the interface between the provider and the organization.
The controls required for external provision may vary widely depending on the nature of the
processes, products and services.
The organization can apply risk-based thinking to determine the type and extent of
appropriate controls for particular external providers and for processes, products and
services provided externally.
7.5.2
Validation of processes for
production and service provision
8.5.1
Control of production and service
provision
7.5.3 Identification and traceability 8.5.2 Identification and traceability
7.5.4 Customer property 8.5.3
Property belonging to customers or
external providers
7.5.5 Preservation of product 8.5.4 Preservation
7.6
Control of monitoring and
measuring equipment
7.1.5
Monitoring and measuring
resources
José Alejandro Soto Zevallos 12
13. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Correlation of clause 8 of ISO 9001:2008
The "Preventive Actions" are no longer a specific clause in ISO 9001:2015, since prevention is
the primary objective of a Quality Management System in addition to the risk-based
approach.
References to preventive action have disappeared, however the basic concept of identifying
and addressing potential problems before they happen is reinforced in this new version.
ISO 9001:2015 now speaks in terms of risks and opportunities. Organizations must show that
they have determined, considered and, when necessary, taken actions to address the risks
and opportunities that could affect (positively or negatively) the capacity of their quality
management system to meet the expected results or that can affect customer satisfaction.
8. Measurement, analysis and improvement
ISO 9001:2008 ISO 9001:2015
8
Measurement, analysis and
improvement
9.1
Monitoring, measurement, analysis
and evaluation
8.1 General 9.1.1 General
8.2 Monitoring and measurement 9.1
Monitoring, measurement, analysis
and evaluation
8.2.1 Customer satisfaction 9.1.2 Customer satisfaction
8.2.2 Internal audit 9.2 Internal audit
8.2.3
Monitoring and measurement of
processes
9.1.1 General
8.2.4
Monitoring and measurement of
product
8.6 Release of products and services
8.3
Control of nonconforming
product
8.7 Control of nonconforming outputs
8.4 Analysis of data 9.1.3 Analysis and evaluation
8.5 Improvement 10 Improvement
8.5.1 Continual improvement
10.1 General
10.3 Continual improvement
8.5.2 Corrective action 10.2
Nonconformity and corrective
action
8.5.3 Preventive action 6.1
Actions to address risks and
opportunities
José Alejandro Soto Zevallos 13
14. Understanding changes of ISO 9001:2008 to ISO 9001:2015
ISO 9001:2015 in clause 10 recognizes that gradual (continuous) improvement is not the only
way to achieve and demonstrate improvement, it may also arise as a result of periodic
advances, reactive change or as a result of the reorganization. Therefore, the title of this
clause is now "Improvement" (ISO 9001:2008 8.5.1 refers to "continuous improvement").
José Alejandro Soto Zevallos 14
15. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Differences in the Terminology between ISO 9001:2008 and ISO
9001:2015
The following is a list of the differences in terminology between the 2008 and 2015 versions of
ISO 9001:
ISO 9001:2008 ISO 9001:2015
Product Products and services
Exclusions Term not used
Management representative Term not used
Documentation, Quality Manual,
documents, records, etc. ...
Documented information
Work environment Environment for the operation of processes
Monitoring and measurement equipment Monitoring and measurement resources
Product purchased Products and services provided externally
Supplier External supplier
José Alejandro Soto Zevallos 15
16. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Conclusions
Based on the details in the previous paragraphs, we can conclude that the main changes that
are between the ISO 9001:2008 and the ISO 9001:2015, are the following:
✓ Restructuring of the standard by acquiring the structure marked by the annex SL.
✓ Better integration of the standard with the strategic direction of the organization as well as
the activity of the organization.
✓ The involvement of management in the management of the system is reinforced with the
new leadership clause.
✓ New requirements have been introduced for the determination of risks and opportunities
(risk-based thinking) to support and improve the understanding of process management.
✓ Introduction of a new requirement based on understanding the context of the organization,
as well as the expectations of interested parties.
✓ Greater flexibility in relation to the documentation of the management system.
✓ The limits of the quality management system must be clearly defined.
✓ Greater emphasis on achieving the expected results of each of the processes, in order to
improve customer satisfaction.
✓ A new requirement is established in relation to the management of organizational
knowledge.
“After climbing a very high mountain, we discovered that there
are many other mountains to climb” - Nelson Mandela
José Alejandro Soto Zevallos 16
17. Understanding changes of ISO 9001:2008 to ISO 9001:2015
Bibliography
ISO 9001:2015, Quality Management Systems - Requirements
ISO 9000:2015, Quality Management Systems - Fundamentals and Vocabulary
ISO 9001:2015: Decoding a common framework, the future of ISO Standards - DNV GL - Ing.
Roxana Ruscitti
Guide to planning the transition to ISO 9001:2015 - IAF, Inc.
José Alejandro Soto Zevallos 17
18. Understanding changes of ISO 9001:2008 to ISO 9001:2015
About the autor
José Alejandro Soto Zevallos
Statistic and IT, with 20 years of successful
experience in implementation, continuous
improvement, audit, certification and
reporting in management systems, process
optimization and IT frameworks. Experience,
advanced knowledge and certification in ISO
9001, ISO 14001, ISO 18001, ISO 27001,
NCh2728, SA8000, Corporate Social
Responsibility and COBIT, ITIL, PMBOK and
SCRUM frameworks.
Extensive professional career occupying management positions of high responsibility in areas
of IT management, consulting, operations, projects, processes, services and in the definition,
evaluation and implementation of Digital Transformation projects; Process optimization under
BPM philosophy; Management Systems, Information Security and Corporate Social
Responsibility in multinational companies with a solid profile.
✓ E-mail: josea_sotoz@hotmail.com
✓ Twitter: @josea_sotoz
If you liked this article and want to continue learning about Management Systems or simply
keep up to date with all the news and changes, I invite you to join my community through
LinkedIn, Twitter or send me an e-mail.
José Alejandro Soto Zevallos 18