Iso 9001.2015 full module

Quality Management System
ISO 9001:2015
1 | P a g e
Authoredby: Mahedi Hasan
QMS | Technical Auditor.
Quality
Management
System
ISO 9001:2015
Full Module

ISO 9001:2015
2 | P a g e
Module 01| Foundations of Quality
Management System
01.1| Foundations Of Quality Management System - Learning
Outcomes
 Upon completion of this module, you will be able to:
 Discuss the history of ISO 9001 Revisions.
 Discuss the global status of ISO 9001 & changes in revision.
 Explain what companies should do with change.
 Clarify and describe common misconceptions about revision.
 Examine and manage the context of an organization.
 Explain Process Approach.
 List each phase of the Plan, Do, Check and Act Cycle.
 Define Risk Based Thinking.
Foundations of Quality Management System - Learning Outcomes End of
Topic
01.2| History of ISO 9001 Revisions
 The idea behind ISO 9001 can be traced back to the British Standard 5750 in 1979, however the
ISO9000s history is as follows:

o The first version of ISO 9000 was published in 1987 and was based on BS5750 standard. It was also
influenced by Defense Military standards.
o The second version of ISO 9000:1994 was published in 1994. This version stressed quality assurance
through preventative action.
o The third version was published in 2000 as ISO 9001:2000. This version radically changed thinking as it
held the belief that process management should be the core of the standard.
 ISO 9001:2000 made the goals of standard crystal clear i.e. that standard should be ‘a documente d
system’ not just a ‘system of documents’. The idea was to create system efficiency that can be measured
and validated by process performance.

ISO 9001:2015
3 | P a g e
 The fourth version is ISO 9001:2008 standard. This edition on made slight changes to the previous
version. The goal of this revision was to better explain 2000 edition requirements and to increase
compatibility with other management systems, such as ISO 14001.
 The fifth major revision was published in 2015. This version is called ISO 9001:2015. Because the
revision in 2008 was just a minor update of the 2000 version, this revision sought to fill in gaps that have
been formed over the fifteen years since 2000.
Timeline from Committee Draft to Publication of ISO 9001:2015

ISO 9001:2015
4 | P a g e
Global Status of ISO 9001 and Revision
 By 2014, the ISO: 9001 standard was used by more than 1.1 million people and organizations in 180
countries worldwide, which makes it easy to believe that this number will have surely grown as of 2017.
 BSI Group claims to have achieved the first global accreditation for ISO 9001:2015.
 This revision will influence all certification and authorization bodies, training bodies, advisors, implementing
agencies and business clients.
 The standard has helped to build systems for various sectors such as the manufacturing sector,
automotive sector, the medical sector, governments and more.
 ISO 9001 version 2015 is meant for companies who want to:
o Prove that they are capable of delivering high quality products and services, which will then fulfill client
requirements and regulatory needs.
o Enhance customer satisfaction.
Key changesin ISO 9001 version 2015 includethe following key changes:
o Building a quality management system that is well matched to each organization’s particular needs.
o Top management must be involved in the management system in order to make comprehensive enterprise
strategy.
o The prevalence of risk-based thinking across the standard enables the entire management system to be
used as a preventive instrument, which will continually boost improvement.
o Less enforcing requirements for records and documentation. The enterprise can now decide independently
what documented information it requires and what is the appropriate format.
o Integration with other important and widespread management system standards.
FundamentalConcepts in ISO 9001:2015
 Nigel Croft, Chairperson of the ISO subcommittee for revising the standard, emphasizes that the revision is
based on three basic concepts:
o Process approach
o PDCA Model i.e. Plan Do Check & Act
o Risk Based Thinking

ISO 9001:2015
5 | P a g e
 Process Approach PDCA Risk Based Thinking
Misconceptions about Revision
 There are two prevalent misconceptions about revision due to incorporation of risk based thinking:
Substitution of Process Approach by Risk Based Thinking
There are concerns that risk based thinking substitutes the process approach, which is incorrect. It is part of
the process approach itself, because before one begins the process, one must identify any hazards and
opportunities so that they may decide which process best meets the objectives in a given context.
Preventive Action Has Been Removed
When risk based thinking in included, preventive action will become a habit and thus prevention is involved in
every phase of the process.
Currently accredited management systems can be adapted with some minor modifications. In many
situations, organizations should have sufficient documentation and protocols already in place with their
presently certified management system.
As risk is incorporated in many sections of the revision of ISO 9001, companies should focus on establishing
their risk management protocols if they do not currently have a system in place for controlling risks. The
companies must start thinking about how to incorporate risk in their businesses at both a strategic level as
well as an operational level.
The transitional period does not end until 2018, so organizations will have had three years to update their
systems and make sure it comply with the revision.

ISO 9001:2015
6 | P a g e
Certification Process - Phases
 Starting Point: Outline the scope of the certification program.
Pre-Audit (not mandatory): This is a gap analysis phase against standard. This helps companies to identify
what they need to do to prepare for a certification audit.
Certification Audits are actually conducted in 2 stages:
o Stage 1 Audit is a readiness review audit to prove that the organization is prepared for certification.
o Stage 2 Audit is an assessment of implementation, along with the effectiveness, and performance evaluation
of the management system of the organization. This is the stage where certification is awarded. A certificate
is valid for 3 years and is awarded based on the results of stage 2 audit.
 Surveillance Audits are conducted to prove that the management system maintains fulfillment against
requirements of standard and are also conducted to observe the continual improvement of the management
system.
Re-Certification Audits are done after 3 years to endorse the effectiveness of the management system as a
whole. Certificate is then reissued for next 3 years.
Certification Process – Implementation Benefits
o Improved customer retention, satisfaction and acquisition.
o Exhibition of management commitment towards quality of services and products.
o Improving cost control through conserving input materials.
o Reducing defects that result in complaints, therefore reducing compensation costs.
o Increase in efficiency, productivity and profit.
o Creation of knowledge database for effective management of company knowledge.
o Consistent outcomes which are measured and monitored.
o High Level Structure (HLS) to easily integrate with more than one standard.

ISO 9001:2015
7 | P a g e
Benefits of ISO 9001 Certification Program to Customers
Some clients will only purchase or buy services or products from certified companies since it
provides them the assurance that management systems are continuously assessed,improved and
monitored.
Some of the benefits to customers are:
o Reduces repeated mistakes.
o Develops a complaint reporting system and improves performance.
o Improved quality products and services by internal auditing.
o Consistent and robust scheduling of production and delivery.
o Performance will be maintained with the help of external certification body annual assessments program.
What Can't Companies Do?
Companies cannot do following with ISO 9001 certification:
o Companies cannot employ or change ISO’s logo. It is ISO’s brand and intellectual property.
o Companies cannot equate ISO 9001 certification to being ISO certified. Companies which are ISO
9001:2015 certified are not certified by ISO or by ISO 9001 technical committee, but rather by an
Accreditation Body like UKAS.
o ISO 9001:2015 cannot be branded on company products or utilized in literature to denote that product is
certified by ISO 9001. It is not a product certification but a company quality management system
certification.
o Companies must be careful with their scope so to correctly describe their certified activities and geographic
locations. A certification is only awarded on the defined scope. Activities of companies outside the
certification scope cannot be implied to gain benefits of ISO 9001 certification.
History of ISO 9001 Revision End of Topic
01.3| Process Approach and PDCA Cycle
Process Approach and PDCA Cycle
A process is usually defined as reproducible, interacting activities that together convert an input into
an output. The elements in the process approach cycle are discussed below:
o With What means the infrastructure i.e. process equipment, software, hardware, and supporting devices.
o With who means the human resource i.e. personnel, training, and qualification needed to carry out the
process.

ISO 9001:2015
8 | P a g e
 How is the procedure or work instructions that explain how the process will be carried out and describe the
entities responsible entities for the process?
 How many? These are the process monitoring parameters like action plan, trends, and production reports.
This also counts as evidence for PDCA.
 Input is something that starts the process. Input can be workers, event, resources, or supplies. For example,
a maintenance requisition starts the process for maintenance.
 Output is a consequence of the process, or its result. Output should comply with the expectation of a
customer both in-house and external. Normally outputs are goods, services, or the input into other in-house
process.
 Organizational Processes Examples
Some of the examples of organizational processes are shared below:
o Training process
o Information management process
o Maintenance process
o Information management process
o Planning process
o Assembly process
o Marketing process
o Customer communications process
o Purchasing process
o Internal auditing process
 Organizational Processes
 Training process flow is shown as a case study:

ISO 9001:2015
9 | P a g e
 Determinants of a Process
Some of process determinants are following:
 Process Characteristics
Some of the process characteristics are:

ISO 9001:2015
10 | P a g e
o Repeatable
o Predictable
o Quantifiable
o Explainable
o Context Oriented & Dependent
 What is PDCA Cycle?
 Plan-Do-Check-Act (also known as “PDCA”) is a cyclic process that was conceptualized by Walter
Shewhart and widely promoted by Edward Deming – two founders of most of the quality philosophies
that are followed today.
This concept is a cycle for bringing about a change which, when implemented and repeated, would yield
repeated improvements in any process.
A case study we all can recognize will be the process we go through when selecting a wireless carrier:
o We Plan to have no issues like dropped calls, interruption in voice delivery or receiving etc.
o The Do part occurs when we start utilizing the wireless service.
o The Check part occurs when we assess the actual performance and realize that we have had a few
interruptions to calls.
o And the Act part occurs when we make our future course of action based on Check. For example, we could
accept the number of interruptions in calls, or we could complain to the vendor to have the complaint
corrected, or we could change the service provider.
Plan, Do, Check & Act is a cycle that was devised by Walter Shewhart and propagated by Edward Deming.
PDCA is an iterative four-step managing technique utilized in industry for the
continual improvement of processes.
Plan – This step includes the establishment of the objectives and processes
essential to provide outcomes that are in line with needed output.
Planning of the QMS starts with the initial documentation of the Quality Manual,
control of documents and records, Quality Policy and Quality Objectives, plan to
achieve policy & objectives, Additional planning on how to realize the product or service, including what
resources are required and how they will be used, is the last step in the early planning.
Do – This step includes the execution of the plan, performance the process,
and production the product. At this point, companies must gather process
statistics for recording and examination in the next steps of Check and Act.
Raw material or service needs must be specified.

ISO 9001:2015
11 | P a g e
Designs development, the purchasing process, and raw materials must be verified against requirements.
The process of creating the merchandise or service must be implemented. Defects must be incorporated in
non-conformities and be dealt with. The procedure and the instrument to monitor and inspect the product and
processes must be controlled.
All undertakings of creating and delivering the product or service to clients are required to be completed in Do
phase.
Check – Examine the real results of ‘Do’ step, and check it against the
expected results of the plan phase.
It is mandatory to check and measure not merely the product to make sure it
fulfills requirements, but moreover to check and measure the processes as
well. Analysis of data, internal audits, external audits & Management Review
are mandatory in ISO 9001. All these extensive processes are part of ‘check’
phase in PDCA cycle.
Act – If the Check analysis reveals that the Plan that was applied
in Do phase is a progressive improvement to the earlier results, then the
present ‘Do’ should become the new standard for how the organization
should Act going forward.
If the Check analysis reveals that the Plan that was applied in Do phase is not
an improvement, then the prior standard will remain.
In both cases, i.e. improvement or no improvement, more learning is needed
and that will inform next PDCA cycle. Corrective actions and action plans that
resulted from output of management review meetings and internal audits are part of the Act phase in PDCA
cycle.
When to Use Plan–Do–Check–Act
PDCA cycle should be used in following cases:
o When opting for continuous improvement.
o When initiating a new improvement project.
o When making a new or modified design of a process, product or service.
o When defining a repetitive work process.
o When preparing data collection and analysis so as to verify and prioritize problems or root causes.
o When applying any change.
PDCA Cycle and ISO 9001:2015
PDCA is an integral part of ISO 9001:2015 (Quality Management System i.e. QMS). Companies going
for ISO 9001 will automatically integrate PDCAcycle.

ISO 9001:2015
12 | P a g e
Plan and Do in ISO 9001:2015
Plan Do
Planning is one of the vital parts of the QMS and
begins with realizing the context of the
organization and the expectations of interested
parties (Clauses 4.1 & 4.2), which is then utilized
to define the QMS scope and the processes
(Clauses 4.3 & 4.4).
Then commitment of leadership in the
company guides the organization to a customer
focus by outlining organizational roles and
responsibilities and by instituting a quality policy
to focus on QMS (Clauses 5.1, 5.2 & 5.3).
Then planning identifies and addresses the
risks and opportunities of the QMS, including
setting and planning for quality objectives and
changes to support continual improvement
(Clauses 6.1, 6.2 & 6.3).
The final layer of planning is to recognize and
define the support structure to perform plans.
This comprises resources (Clause 7.1),
recognizing competence (Clause 7.2),
awareness (Clause 7.3), communication (Clause
7.4) and to have the system for creation and
control of documented information (Clause 7.5).
Plans are meant to be carried out.
Controls need to be recognized for the
operations, product or service requirements to be
recognized (8.2), designs to be developed (8.3),
controls placed on external providers (8.4).
The course of producing the product or service
needs to be applied with control of product and
service release (8.5 & 8.6), any non-conformity
requires to be addressed (8.7).
Finally the actions of making and supplying
products or services to the clients have to be
done.

ISO 9001:2015
15 | P a g e
Check and Act in ISO 9001:2015
Check Act
There are numerous places in the standard to
check the processes of the QMS to make sure
they are effective as per plan. The ISO
standard requires enterprises to monitor,
measure, analyze and evaluate the products or
services to make sure that the processes
employed are satisfactory and effective, and
that customer satisfaction is achieved (Clause
9.1). Internal Audits (Clause 9.2) are required
as a means of measuring the effectiveness of
the QMS. The Management Review procedure
(Clause 9.3), analyses and evaluates all the
collected information related to QMS and helps
to identify solutions to resolve any issues or
problems.
Action in ISO 9001 includes the actions
required to address any concerns revealed in
the check step. Improvement (Clauses 10.1 &
10.3) is the main purpose for these action
items (Clause 10.1), which occurs when
removing nonconformity and taking Corrective
Actions (Clause 10.2) to eradicate the reasons
of current and foreseeable nonconformities.
After the “Act” phase, some changes are likely
to begin in the initial “Plan” of the QMS which
marks the beginning of the cycle again
 Process Approach and PDCA Cycle End of Topic
01.4| Context of Organization and Risk Based Thinking
Context of Organization and Risk Based Thinking
Clause 4 of ISO 9001:2015 states that the organization to assess itself in
regards to the organizations' context and how this context may affect the
QMS.
Organization need to study:
o Influences of various elements on the organization.
o How elements reflect on the QMS
o Risks and opportunities regarding the business
Internal Context External Context

ISO 9001:2015
16 | P a g e
The company's culture
Objectives and goals
Complexity of the products
Flow of processes
Organization knowledge
Size of the organization
Markets
Customers
Regulatory Bodies & Government
Organization
The standard does not mandate the method for understanding the context of the
organization, however there are few logicalsteps & milestones:
What is an internal context of organization?
An organization’s internal context is the environment in which it aims to achieve its objectives.
Internal context can include:
 Approach to governance
 Contractual relationships with customers
 Interested parties
Things that need to be considered (while analyzing internal context) are:
 Culture, beliefs, values, or principles inside the organization.
 Complexity of processes and organizational structure.
What is an external context of organization?
An organization’s external context is the environment which influences the organization. For example
environmental, social, ethical, legal, political, technological, and economic environment.

ISO 9001:2015
17 | P a g e
External context can include:
 Regulations and modifications in the law.
 Economic drifts in the market where organization operates.
 Competition that the organization faces.
 Technology advancements.
Example Matrix of Interested parties, Issues and Treatment
Context Of Organization And Risk Based Thinking End of Topic
01.5| Foundations of Quality Management System - Lesson
Summary
The main points from this module are as follows:
The idea for ISO 9001 can be traced back to British standard 5750 in 1979, however the first
publication was made in 1987.

ISO 9001:2015
18 | P a g e
The second revision (1994) stresses quality assurance through preventive action. The third revision
(2000) was based on process approach. The forth revision (2008) was based on alignment with other
standards. The current version was published in 2015.
The current revision was presented as committee draft in June 2013, then as draft international
standard in April 2014, then as final draft international standard in July 2015. Finally, the revision was
published in September 2015.
Companies have until September 2018 to upgrade to the recent revision.
The latest revision of ISO 9001:2015 is made based on following concepts:
o Process Approach
o Plan, Do, Check, and Act cycle
o Risk Based Thinking
Risk based thinking does not replace the process approach. Preventive action is built into risk based
decision making.
A certification process of ISO 9001:2015:
o Defining the scope of business i.e. physical boundaries, products etc.
o A gap analysis is performed.
o Stage 1 readiness check audit.
o Stage 2 certification audit.
o After certification, surveillance audits are done annually for three years.
o Then recertification is done after 3 years of certification issuance.
Some of benefits of ISO 9001:2015 to business owners are: customer satisfaction, improved
efficiency, decreased defects, and high level structure for easy integration with other standards.
Some benefits of ISO 9001:2015 to customers are: reduced mistakes, improved complaint
handling system, consistent performance etc.
Companies cannot use ISO logo on products, or cannot change it. Companies cannot say they are
ISO certified, because they are ISO 9001:2015 certified by an accredited body like UKAS.
Processes have elements like: inputs, outputs, with what, with who, how and how many.
Inputs are raw materials and human resources.
With what includes software and process equipment used to execute activities in process.
With Who refers to human resources and their qualification to run processes.
How is the method used to carry out the process?
How Many refers to the process monitoring parameters.
Outputs are the consequence of process.
Walter Shewhart's Plan, Do, Check and Act cycle is the basis of ISO 9001:2015 and is used to
analyze the context of an organization to plan for its optimization.
The planning of processes, the setting of quality objectives, and planning to achieve them are part
of Plan phase in PDCA cycle.

ISO 9001:2015
19 | P a g e
Do involves support activities like human resource allocation, infrastructure, equipment. Do also
involves production and operational activities. Design activities are also included in Do.
Check is the management review, performance evaluation example inspection, internal audits etc.
Act is continual improvement based on internal audits, non-conformities and corrective actions.
Context of Organization is the analysis of organization’s context both internal and external.
Organizations can list their internal and external issues and identify the parties involved and their needs
and expectations.
They can then document context by listing these issues and needs of interested parties.
Then, they can rate each issue and need on a priority ranking scale.
If needed, a treatment method can be provided to optimize the opportunity and to mitigate the risk.
Risk based thinking is a thinking process that we do in our everyday life. Organizations need to adopt
it in their processes and activities.
Risk driven approach from risk based thinking is based on recognizing risks and opportunities,
examining and prioritizing recognized risks and opportunities, planning actions to mitigate risk or
optimize opportunities, implementing a plan, assessing the effectiveness of implemented plan, and
finally, improve continually by learning from experience.
Foundations Of Quality Management System: Lesson Summary End of
Topic
Module 02 | Auditable Clauses in ISO
9001:2015
02.1| Auditable Clauses in ISO 9001:2015 - Learning Outcomes
Upon completion of this module, you will be able to:
o List the auditable clauses of ISO 9001:2015
o Discuss the requirements of standard for the Context of Organization.
o Explain the requirements of standard on Leadership role.
o Clarify the Planning requirements for the Quality Management System (QMS).
o Describe the support functions required for the QMS.
o Explain the requirements of Operation Controls for QMS.
o Discuss the Performance Evaluation requirements related to measurement and monitoring, internal
audits, and management reviews.
o Explain the requirements of Improvement in standard's context.
Auditable Clauses in ISO 9001:2015 - Learning Outcomes End of Topic
02.2| Clauses on Planning of the Quality Management System
 Clause 4 - Context of Organization

ISO 9001:2015
20 | P a g e
Context of Organization is the new requirement of ISO 9001:2015. New requirements related context of
organization are already discussed in the earlier module's last topic. The requirements and guidelines
are expressed here in simple but meaningful terms:
Clause 4.4 - Develop a QMS and Establish Documented Information
This sub-clause is the part of Context of Organization. Organization has to develop a quality
management system and should incorporate documented information to support that. The
requirements of these clause are expressed in two different clauses:
Clause 4.4.1- Develop a QMS That complies with this standard
The organization has to take care of the following requirements under this clause:
• Establish a process-oriented Quality Management System (QMS).
• Identify the processes that organization's QMS needs.
• Identify methods required to manage processes.
• Identify resources required to support processes.
• Determine process responsibilities and authorities.
• Determine risks and opportunities for each process.
• Determine methods needed to evaluate processes.
• Implement your process-based quality management system.
• Implement criteria required to operate and control organization's processes.
• Apply methods needed to operate and control your processes.
• Maintain your process-based quality management system.
• Improve your process-based quality management system.
Clause 4.4.2 –Keep QMS documents And keep QMS Records.
• Keep documents required to help process operations.
• Control documents which help process operations.
• Keep records which exhibit that plans are being followed.
• Control records which show that plans are being followed.
Clause 5 – Leadership
The first sub-clause on Leadership is clause 5.1 which is focused on “Provide leadership by
focusing on quality and customers". Requirements are expressed in two different heads:
Clause 5.1.1 - Offer Leadership by Encouraging a Focus on Quality
Accept responsibility for organization's QMS.

ISO 9001:2015
21 | P a g e
Prove a commitment to organization's QMS.
Make sure that a quality policy is established.
Make sure that quality objectives are established.
Make sure that requirements are built into processes.
Make sure that your QMS achieves all intended results.
Communicate organization's commitment to the QMS.
Explain why quality management is important.
Anticipate managers to be accountable for their QMS.
Encourage organization's personnel to support their QMS.
Promote the utilization of risk-based thinking.
Clause 5.1.2 - Offer Leadership by Encouraging a Focus on Customer .
Anticipate human resources to focus on customers.
Anticipate human resources to manage all related requirements.
Anticipate human resources to manage appropriate risks and opportunities.
Anticipate human resources to emphasize on improving customer satisfaction.
Clause 5.2 - Provide leadership by establishing a suitable quality policy
The second clause is related to offer leadership be establishing an appropriate quality policy.
Clause 5.2.1 - Provide Leadership by Formulating Quality Policy of the Organization
Establish a relevant quality policy.
Ensure that it supports company's purpose.
Ensure that it deals with business context.
Formulate organization's quality policy.
Make a commitment to meet applicable requirements.
Have a commitment to continual improve QMS.
Enforce the developed organization's quality policy.
Maintain and keep company's quality policy.
Clause - 5.2.2 - Provide Leadership by Implementing Quality Policy of the Organization
• Document company's quality policy.
• Communicate organization's quality policy.
• Apply organization's quality policy.
 Clause 5.3 - Offer Leadership by Defining Roles and Responsibilities
The third clause is 5.3, which on the leadership role in defining the roles and responsibilities.
Allocate QMS roles, responsibilities, and authorities.
Communicate those QMS roles, responsibilities, and authorities.
Make sure that everyone understand his/her role, responsibilities and authorities.
Clause 6 - Planning

ISO 9001:2015
22 | P a g e
The first sub-clause is 6.1 which is on defining actions and measures to control risks and
capitalize opportunities.
Clause 6.1.1 - Consider risks and opportunities when you plan your QMS
Under this clause, organization has to comply with following requirements:
• Plan the development of company's QMS.
• Recognize the risks and opportunities that could influence the performance of organization's QMS or
disrupt its operation.
• Consider how the company's context could influence how well its QMS is capable to attain planned
results.
• Consider how the company's interested parties could influence how well its QMS is capable to
achieve planned results.
• Identify what one needs to do to manage the risks and opportunities that could affects the
performance of company's QMS or disrupt its operation.
Clause 6.1.2 - Plan how you’re going to manage risks and opportunities
Under this clause, organization has to comply with following requirements:
• Consider company's risk treatment options.
• Identify measures to address risks and opportunities.
• Identify actions that one can take to address the risks and opportunities that could impact the
performance of company's QMS or halt or deteriorate its operation
 Clause 6.2 - Setting Quality Objectives and Establish plans to attain them
The second clause is about setting quality objectives and developing plans to achieve them.
Clause 6.2.1 - Develop quality objectives for all appropriate areas
o Under this sub-clause, organization has to take care of following:
o Define the criteria for identifying quality objectives.
o Resolve quality objectives in all relevant areas.
o Communicate organization's quality objectives.
o Document organization's quality objectives.
o Monitor organization's quality objectives.
o Update organization's quality objectives.
Clause 6.2.2 - Make Plans to Attain Objectives and Assess Results
Under this sub-clause, organization has to take care of following:
• Establish and develop plans to attain quality objectives.
• Plan how the company is going to assess results.
Clause 6.3 - Plan changes to your quality management system
The third sub-clause is related to planning of changes to organization's quality management system.
This is what we can name it as change management. In this clause, one has to take care of the
following issues:

ISO 9001:2015
23 | P a g e
o Think about the purpose of the changes one plans to make.
o Reflect responsibilities and authorities whenever one make changes.
o Contemplate the outcomes that changes could potentially result in.
o Consider the provision of resources whenever one make changes.
o Reflect the integrity of organization's QMS whenever any change is made.
Clauses on Planning of the Quality Management System End of Topic
02.3| Clauses on the Operation of the Quality Management System
Clause 7 - Support
The first sub-clause 7.1 is about supporting organization's QMS by offering the required resources.
There are six sub-clauses within this clause clause 7.1. The two sub-clauses within this sub-clause are:
Clause 7.1.1 - Offer Internal and External resources for Company's QMS
Organization has to take care of the following issues within this clause:
• Identify the resources that company's QMS requires.
• Provide the resources that company's QMS needs.
Clause 7.1.2 - Provide Relevant People for QMS and its processes
Organization has to take care of the following issues within this clause:
• Provide the people that company's QMS needs to be effective.
• Furnish the people that company's need so as to operate processes.
• Hire the people that company's need so as to control processes.
The other two sub-clause of 7.1 are:
Clause 7.1.3 - Furnish the Infrastructure that Company's processes must have
The organization has to take care of the following issues under this clause:
• Identify and determine the infrastructure that the processes and the organization need.
So as to support process operations and attain conformity of products and services.
• Furnish the infrastructure that organization and its processes need.
Clause 7.1.4 - Furnish the relevant environment for Organization's Processes
The organization has to take care of the following issues under this clause:
• Identify and determine the environment that organization and its processes need.
So as to support process operations and attain conformity of products and services.
• Furnish the environment that the processes need.
The last sub-clause 7.1.5 of clause 7.1 is about providing monitoring, measuring, and trace-
ability resources. It is further described in two different sub-clauses, and the last of clause of
7.1 is also discussed in the given tabs.

ISO 9001:2015
24 | P a g e
Clause 7.1.5.1 - Arrange
Suitable Monitoring and
Measuring resources
Clause 7.1.5.2 -
Organize Suitable
Measurement
Traceability
resources
Clause 7.1.6 - Provide Knowledge to Facilitate
Process Operations
Under this clause,
organization has to
manage following
requirements:
• Identify monitoring and
measuring resource
requirements.
• Determine the monitoring
and measuring resources
that organization need so
as to be certain that one
can offer products and
services that meet
all suitable requirements.
• Offer appropriate
monitoring and measuring
resources.
Under this clause,
organization has to
manage following
requirements:
• Determine
the company's
measurement
traceability
requirements.
• Offer reasonable
measurement
traceability
resources.
Under this clause, organization has to
manage following requirements on
Organization's knowledge:
• Identify the knowledge that one organization
needs to have.
• Attain the knowledge that one organization
needs to have.
• Furnish organizational knowledge available
to the scale needed.
• Monitor suitable trends and modifications in
knowledge and information.
• Keep the organizational knowledge that has
been attained.
This is clause related to Organization
Knowledge. In this course, there is a
separate topic on Organization Knowledge in
which this topic is elaborated in detail.
The other three sub-clauses of clauses 7 are discussed:
Clause 7.2 - Support QMS by ensuring that people are competent
Organization has to make arrangements for the following requirements
Identify those under organization's control who do work that influences quality.
Clarify organization's quality competence requirements.
Attain competence whenever shortcomings are discovered
Document the competence of those whose work influences quality.
Evaluate the effectiveness of actions taken to acquire competence.
Clause 7.3 - Support QMS by explaining how people can help
• Aware personnel about organization's QMS.
• Share information about company's QMS with the people who carry out work that is under
organization's control.
Clause 7.4 - Support organization's QMS by managing communications
 Support organization's QMS by managing QMS communications.
 Resolve how internal communications will be handled.
 Resolve how external communications will be handle.
Clause 7.5 - Support your QMS by Controlling Documented Information
Clause 7.5 is about the control of documented information.
Clause 7.5.1 - Incorporate Documented Information
Under this clause, organization has to manage following requirements:
• Identify how extensive documented QMS information should be.
• Think about activities when one develops documents and records.

ISO 9001:2015
25 | P a g e
• Think about individuals when one develops documents and records.
• Reflect on those processes when one develop documents and records.
• Take into account products when organization establish documents and records.
• Take into account services when organization establish documents and records.
• Consider size of company when organization establish documents and records.
• Incorporate all the documents and records that company's QMS needs.
• Incorporate all internal documents and records that company's QMS needs.
• Incorporate all external documents and records that company's QMS needs.
Clause 7.5.2 - Manage the Creation and Revision of Documented Information
Under this clause, organization has to manage the following:
• Organize and control the creation and update to documented information.
• Ensure that organization’s QMS documents and records are appropriately identified and explained.
• Ensure that organization’s QMS documents and records are appropriately formatted and presented.
• Ensure that organization’s QMS documents and records are appropriately reviewed and approved.
The clause 7.5.3 is related to Control the management and utilization of documented
information. It is further discussed in two sub-clauses:

Clause 7.5.3.1 - Control Organization's QMS documents and records
The organization has to take care of the following requirements:
• Choose and maintain the QMS documents and records that one needs.
• Choose and maintain all the documentation that one needs so as to protect the confidentiality,
integrity, and use of information.
• Choose and maintain all of the documentation that is mandated by ISO 9001.
• Control and maintain the QMS documents and records as per QMS needs.
• Control and maintain all the internal documentation that company's QMS needs.
• Control and maintain all the external documentation that company's QMS needs.
Clause 7.5.3.2 - Control how QMS documents and records are controlled
• Control how company's QMS documents and records are controlled.
• Control how company's QMS documents and records are created.
• Control how company's QMS documents and records are identified
• Control how company's QMS documents and records are distributed.
• Control how company's QMS documents and records are accessed.
• Control how company's QMS documents and records are retrieved.
• Control how company's QMS documents and records are stored.
• Control how company's QMS documents and records are utilized.
• Control how company's QMS documents and records are changed.
• Control how company's QMS documents and records are protected.
• Control how company's QMS documents and records are preserved.
Clause 8 - Operation
The first clause 8.1 is related to development, implementation, and control of QMS operational
processes
o Plan the application and control of operational processes.
o Prepare operational process implementation and control plans.

ISO 9001:2015
26 | P a g e
o Utilize organization's plans to apply and control operational processes.
o Control planned operational process alterations and modifications.
o Keep appropriate operational process documents and record
Clause 8.2 - Determine and Document Product and Service Requirements

Clause 8.2.1 - Communicating with Customers and Managing Customer Property
The clause 8.2.1 is related to communication with customers and management of customer property,
under which an organization is required to do following:
• Communicate with customers.
• Furnish information to customers.
• Attain and get information from customers.
• Manage customer property.
• Control property supplied by customers.
Clause 8.2.2 - Clarify all Product and Service Requirements and Capabilities
Organization has to take care of following issues in this sub-clause:
• Identify requirements for products and services offered to customers.
• Verify that you can actually meet product & service requirements.
Clause 8.2.3 - Review Product and Service requirements and Record Results
This sub-clause is further divided into two clauses;
Clause 8.2.3.1 - Verify requirements before Organization accepts Orders from Customers
• Analyze and assess product & service requirements before accepting order.
• Clarify differences and variations between basic proposal and final order.
• Confirm and verify that one has to meet product and service requirements.
Clause 8.2.3.2 - Document review of Product and Service requirements
• Document and maintain results of product and service requirement reviews.
• Document and maintain new or modified product and service requirements.
Clause 8.2.4 - Modify Documents when Product and Service Requirements Alters
Under this sub-clause organization has to take care of the following:• Amend all appropriate
documented information to exhibit changes in customers' service and products requirements.
• Retain and control documents and records that explain new or changed product and ser vice
requirements.
Clause 8.3 - Develop a Process to Design and Develop Products and Services

ISO 9001:2015
27 | P a g e
 Within this clause, organization has to take care of many issues. As design and development is a critical
part of the Quality management system, since within this phase customer requirements are internalized
in the product design.
Clause 8.3.1 - Make a Suitable Design and Development Process
Within this sub-clause, organization has to take care of the following issues:
• Develop a suitable design and development process.
• Apply an appropriate design and development process.
Clause 8.3.2 - Project planning of Design and Development activities for Products and Services
Under this sub-clause organization has to take care of the following issues:
• Plan organization's design and development stages and controls.
• Consider complexities of design and development process.
• Consider requirements for design and development process.
• Consider expectations design and development process.
• Consider participation of parties for design and development process
• Consider interfaces of design and development process.
• Consider responsibilities of design and development process.
• Consider documentation design and development process.
• Consider resources of a design and development process.
Clause 8.3.3 - Identify Inputs of Design and Development for Product and Services
Organization has to take care of the following issues under this sub-clause:
• Clarify your product and service design and development inputs.
• Define the resource needs of product and service design and development needs.
• Control organization's design and development input documents and records.
Continued...
The other sub-clauses of Design and Development are discussed here:
Clause 8.3.4 -Specify how Design and Development process will be Controlled
Under this sub-clause, organization has to take care of the following issues:
• Control product and service design and development activities.
• Control how design and development results are identified.
• Control how design and development reviews are performed.
• Control how design and development validations are carried out
• Control how design and development verification are completed
• Document product and service design and development activities.
Clause 8.3.5 - Clarify how Design and Development Outputs will be produced
• Control product and service design and development outputs.
• Make sure that outputs can be compared against input requirements.
• Make sure that outputs are capable of supporting product provision.
• Make sure that outputs include or refer to acceptance criteria.
• Make sure that outputs can be used to validate proposals.
• Control design and development output documents and records.
Clause 8.3.6 - Review and Control all Design and Development Changes

ISO 9001:2015
28 | P a g e
• Identify changes during or subsequent to design and development.
• Review changes and modifications during or subsequent to design and development.
• Control changes and modifications during or subsequent to design and development.
Clause 8.4 - Monitor and Control External Processes, Products, and
Services
This clauses is further divided into following sub-clauses:
Clause 8.4.1 -
Verify External
Products &
Services Fulfills
Requirements
Under this clause,organization has to take care of following issues:
• Establish controls for external processes, products,and services.
• Control organization's externallyprovided processes,products,and services.
• Determine criteria to select,evaluate, and monitor external providers.
• Utilize developed criteria to selectexternal process,product,and providers.
• Utilize developed criteria to monitor the performance ofexternal providers.
• Utilize developed criteria to assess organization's external providers.
Clause 8.4.2 -
Establish
Controls for
Externally
Supplied
Services and
Products
• Examine controls for external providers,processes,products,and services.
• Examine the potential impactthatexternally provided processes,products,and services
could have on your organization's abilityto consistentlymeetexternal requirements.
• Examine the controls thatexternal process,product,and service providers have
implemented and think abouthow effective their controls actuallyare.
• Establish controls for external providers, processes,products,and services.
• Apply controls for external providers,processes,products,and services.
Clause 8.4.3 -
Explicate
Requirements
to External
Suppliers
• Elucidate whatyou expect from external providers.
• Elucidate organization's process requirements.
• Elucidate organization's productrequirements.
• Elucidate organization’s service requirements.
• Elucidate organization's equipmentrequirements.
• Elucidate organization's interaction requirements.
• Elucidate organization's competence requirements.
• Elucidate organization's methodological requirements for supplies.
• Elucidate organization's monitoring and control requirements.
• Elucidate organization's verification or validation requirements.
• Discuss organization's requirements with external providers.
 Clause 8.5 -Manage and control production and service provision
activities
 This clause is further divided into three sub-clauses:

Clause 8.5.1 - Develop controls for production and service provision
• Apply controlled conditions.
• Apply controlled conditions for production.
• Apply controlled conditions for service provision.
• Apply controlled conditions for delivery process.
• Apply controlled conditions for post-delivery process.
Clause 8.5.2 - Point Out outputs and Control their Unique Identity
• Utilize suitable means to identify outputs.
• Identify outputs throughout production.

ISO 9001:2015
29 | P a g e
• Identify outputs throughout service provision.
• Control the unique identify of your outputs.
• Control output identity if traceability is required.
Clause 8.5.3 - Protect Property belonging by Customers and External Providers
• Point out property owned by customers and external providers.
• Verify property owned by customers and external providers.
• Protect and safeguard property owned by customers and external providers.
• Monitor property owned by customers and external providers.
• Document property owned by customers and external providers.
Continued...
 The other sub-clauses under this clause 8.5 are as under:
Clause 8.5.4 -Preserve Outputs through Production and Service Delivery
Under this clause, organization has to take care of the following issues:
• Preserve and protect outputs during production and service provision.
• Take into consideration for utilizing identification methods to preserve outputs.
• Take into consideration for utilizing packaging methods to preserve outputs.
• Take into consideration for utilizing handling methods to preserve outputs.
• Take into consideration for utilizing storage methods to preserve outputs.
• Take into consideration for utilizing transmission methods to preserve outputs.
• Take into consideration for utilizing transportation methods to preserve outputs.
Clause 8.5.5 - Elucidate and Meet all Post-Delivery Requirements
• Explain organization's post-delivery requirements.
• Identify activities that must be performed after product delivery.
• Identify activities that must be performed after service delivery.
• Meet with organization's post-delivery requirements.
Clause 8.5.6 - Control changes for production and service Delivery
• Review and assess modifications in production and service provision.
• Document review results, actions taken, and authorizations.
• Control modifications in production and service provision.
Clause 8.6 - Implement Plans to Control Product and Service Release
• Develop planned arrangements to confirm products at each stage.
• Confirm that product requirements were fulfilled at appropriate stages.
• Develop planned arrangements to verify services at each stage.
• Confirm that service requirements were fulfilled at suitable stages.
Clause 8.7 - Control nonconforming outputs and Actions taken to be Documented
Under this clause, there are two sub-clauses:
Clause 8.7.1 - Identify and Control Nonconforming Output to Avoid Unintended Application

ISO 9001:2015
30 | P a g e
• Identify outputs that do not conform to their requirements.
• Assess nonconforming outputs and examine their impact.
• Take appropriate action to control nonconforming outputs.
• Verify conformity when nonconforming outputs are corrected.
Clause 8.7.2- Document Nonconforming Outputs and the Actions Taken
• Document organization's nonconforming products and outputs.
• Document the actions and decisions taken to avoid the unintended use or supply of nonconforming
outputs.
Clauses on the Operation of the Quality Management System End of Topic
02.4|Clauses on the Check & Act of the Quality Management
System
Clause 9 - Evaluation
The first clause is related to monitoring, measurement, analysis and evaluation. The Clause 9.1 is
further divided into different sub-clauses discussed below:
Clause 9.1.1- Plan how to Monitor, Measure, Analyze, and Evaluate
In this sub-clause organization has to take care of the following:
• Plan how the company is going to monitor, measure, analyze, and evaluate organization's QMS.
• Monitor, measure, analyze, and evaluate QMS performance and effectiveness.
Clause 9.1.2 -Find out how well Customer Needs and Expectations are being fulfilled
• Develop methods that can be utilized to monitor perceptions.
• Monitor how well customer needs and expectations are fulfilled.
Clause 9.1.3 -Evaluate and Assess Performance, Effectiveness, Conformity, and Satisfaction
• Analyze organization's monitoring and measurement results.
• Analyze and asses suitable data and information.
• Utilize analytical results to assess performance.
• Utilize analytical results to assess effectiveness.
• Utilize analytical results to assess conformity.
• Utilize analytical results to assess satisfaction.
Clause 9.2 - Utilize Internal Audits to Evaluate Conformance and
Performance

Clause 9.2.1 - Audit Organization's Quality Management System at Planned Intervals
In this sub-clause, organization has to take care of the following issues:
• Conduct and perform internal conformance audits at pre-determined planned intervals.
• Determine if the organization's QMS fulfill requirements.
• Examine and evaluate the effectiveness of organization's QMS.

ISO 9001:2015
31 | P a g e
Clause 9.2.2 - Establish an Internal Audit program for the Organization
In this sub-clause, organization has to take care of the following issues:
• Plan the development of your internal audit program (programme).
• Establish a program that can find out if QMS meets requirements.
• Establish a program that can determine if QMS is effective.
• Establish organization's internal audit program.
• Develop internal audit planning requirements.
• Develop internal audit reporting requirements.
• Develop internal audit responsibilities.
• Develop internal audit schedules.
• Develop internal audit methods.
Clause 9.3 - Carry out Management Reviews and Document the Results
There is a separate topic on management review in this course, which covers the different aspects
of management review in detail. The guidelines and requirements of standard are discussed here:
Clause 9.3.1 - Review
Suitability, Adequacy,
Effectiveness, and
Direction
In this sub-clause following issues should be taken care of:
• Review organization's QMS at regular intervals.
• Review the suitability of organization's QMS.
• Review the adequacy of organization's QMS.
• Review the effectiveness of organization's QMS.
• Review the direction of organization's QMS.
Clause 9.3.2 - Plan and
Conduct Management
Reviews at
Predetermined Planned
Intervals
• Plan organization's management review activities
• Schedule organization's reviews at predetermined planned intervals.
• Review organization's quality management system.
Clause 9.3.3 - Generate
Management Review
Outputs and Maintain
Documented Results
• Generate suitable and appropriate management review outputs.
• Document the results of organization's management reviews.
 Clause 10 - Improvement
The first clause on improvement is related to the determination of improvement opportunities and making
improvements. The first clause 10.1 says to take into consideration means of improving customer
satisfaction. In which following should be done:
 Take into consideration opportunities to support innovation.
 Take into consideration opportunities to take corrective action.
 Take into consideration opportunities to transform organization's operations.
 Take into consideration opportunities to make incremental changes.
 Then the clause says to determine and choose opportunities for improvement.
 Determine opportunities to fulfill customer requirements.
 Take into consideration opportunities to enhance customer satisfaction.
 Then the clause concludes on fulfilling customer requirements and improving satisfaction.

ISO 9001:2015
32 | P a g e
Clause 10.2 - Control Nonconformities and Take Appropriate Measures
and Corrective action
The second clause on improvement is related to control of non-conformity and taking measures and
corrective actions to address that.
Clause 10.2.1 - Correct Nonconformities and Address Causes and Consequences
Under this sub-clause, one needs to address following:
• React and respond to organization's nonconformities.
• Control and correct organization's nonconformities.
• Evaluate and assess the need to eliminate causes.
• Develop and establish corrective actions to address causes.
• Implement and apply corrective actions to eradicate the causes.
• Review and assess the effectiveness of corrective actions taken.
Clause 10.2.2 - Document Organization's Nonconformities and the Actions that are Taken
Under this sub-clause, one needs to address following:
• Document the nonconformities as these are reported.
• Document the actions which are made to resolve nonconformities.
• Document the organization's corrective action results.
Clause 10.3 - Enhance and Improve the Suitability, Adequacy, and
Effectiveness of Company's QMS
The last clause on improvement is related to the enhancement of the Quality Management System for
its suitability, adequacy and effectiveness. The requirements of these clauses under the pretext of
enhancing the Suitability, Adequacy, and Effectiveness of Company's QMS are:
o Consider and take into account evaluation, analytical, and outputs of management reviews.
o Utilize results to verify that unfulfilled QMS requirements; which must be addressed.
o Improve and enhance the adequacy, suitability, and effectiveness of company's QMS
Clauses on the Check & Act of the Quality Management System End of
Topic
02.5| Auditable Clauses in ISO 9001:2015 - Lesson Summary
The main points from this module are as follows:
Clause 4 - Context of Organization
o Clause 4.1 - Comprehend Organization and its Unique Context
o Clause 4.2 - Clarify the Needs and Expectations of Interested Parties related to Organization
o Clause 4.3 - Define the Scope of Organization's Quality Management System
o Clause 4.4 - Develop a QMS and Establish Documented Information
o Clause 4.4.1 - Develop a QMS that complies with this standard
o Clause 4.4.2 - Keep QMS Documents and Keep QMS records
Clause 5 - Leadership

ISO 9001:2015
33 | P a g e
Clause 5.1 - Offering leadership by focusing on quality and customers
• Clause 5.1.1 - Offer Leadership by Encouraging a Focus on Quality
• Clause 5.1.2 - Offer Leadership by Encouraging a Focus on Customers
Clause 5.2 - Provide leadership by establishing a suitable quality policy
• Clause 5.2.1 - Provide Leadership by Formulating Quality Policy of the Organization
• Clause - 5.2.2 - Provide Leadership by Implementing Quality Policy of the Organization
• Clause 5.3 - Offer Leadership by Defining Roles and Responsibilities
Clause 6 - Planning
Clause 6.1 - Defining Actions and Measures to control risks and capitalize opportunities
• Clause 6.1.1 - Consider risks and opportunities when you plan your QMS
• Clause 6.1.2 - Plan how you’re going to manage risks and opportunities
Clause 6.2 - Setting Quality Objectives and Establish plans to attain them
• Clause 6.2.1 - Develop Quality Objectives for all appropriate areas
• Clause 6.2.2 - Make plans to attain objectives and assess results
Clause 6.3 - Plan changes to your quality management system
Clause 7 - Support
Clause 7.1 - Supporting Organization's QMS by Offering the Required Resources
• Clause 7.1.1 - Offer Internal and External resources for Company's QMS
• Clause 7.1.2 - Provide Relevant People for QMS and its processes
• Clause 7.1.3 - Furnish the Infrastructure that Company's processes must have
• Clause 7.1.4 - Furnish the relevant environment for Organization's Processes
• Clause 7.1.5 - Provide monitoring, measuring, and trace-ability resources
• Clause 7.1.5.1 - Arrange suitable monitoring and measuring resources
• Clause 7.1.5.2 - Organize suitable measurement traceability resources
• Clause 7.1.6 - Provide knowledge to facilitate process operations
Clause 7.2 - Support QMS by ensuring that people are competent
• Clause 7.3 - Support QMS by explaining how people can help
• Clause 7.4 - Support organization's QMS by managing communications
• Clause 7.5 - Support QMS by controlling documented information
• Clause 7.5.1 - Incorporate Documented Information
• Clause 7.5.2 - Manage the Creation and Revision of Documented Information
• Clause 7.5.3 - Control the management and utilization of documented information
• Clause 7.5.3.1 - Control Organization's QMS documents and records
• Clause 7.5.3.2 - Control how QMS documents and records are controlled
Clause 8 - Operation
Clause 8.1 - Development, Implementation, and Control of QMS Operational Processes
• Clause 8.2 - Determine and Document Product and Service Requirements
• Clause 8.2.1 - Communicating with Customers and Managing Customer Property
• Clause 8.2.2 - Clarify all Product and Service Requirements and Capabilities
• Clause 8.2.3 - Review Product and Service requirements and Record Results
• Clause 8.2.4 - Modify Documents when Product and Service Requirements Alters

ISO 9001:2015
34 | P a g e
Clause 8.3 - Develop a Process to Design and Develop Products and Services
• Clause 8.3.1 - Make a Suitable Design and Development Process
• Clause 8.3.2 - Project planning of Design and Development activities for Products and Services
• Clause 8.3.3 - Identify Inputs of Design and Development for Product and Services
• Clause 8.3.4 - Specify how design and development process will be controlled
• Clause 8.3.5 - Clarify how design and development outputs will be produced
• Clause 8.3.6 - Review and control all design and development changes
Clause 8.4 - Monitor and Control External Processes,Products, and Services
• Clause 8.4.1 - Verify External Products & Services Fulfills Requirements
• Clause 8.4.2 - Establish Controls for Externally Supplied Services and Products
• Clause 8.4.3 - Explicate Requirements to External Suppliers
Clause 8.5 - Manage and control production and service provision activities
• Clause 8.5.1 - Develop controls for production and service provision
• Clause 8.5.2 - Point Out and identify outputs and Control their Unique Identity
• Clause 8.5.3 - Protect Property belonging by Customers and External Providers
Clause 9 - Evaluation
Under this clause, organization has to take of the following sub-clauses:
Clause 9.1 - Measurement, Monitoring, Analysis and Evaluation
Clause 9.1.1- Plan how to Monitor, Measure, Analyze, and Evaluate
Clause 9.1.2 -Find out how well Customer Needs and Expectations are being fulfilled
Clause 9.1.3 -Evaluate and Assess Performance, Effectiveness, Conformity, and Satisfaction
Clause 9.2 - Utilize Internal Audits to Evaluate Conformance and Performance
Clause 9.2.1 - Audit Organization's Quality Management System at Planned Intervals
Clause 9.2.2 - Establish an Internal Audit program for the Organization
Clause 9.3 - Carry out Management Reviews and Document the Results
Clause 9.3.1 - Review Suitability, Adequacy, Effectiveness, and Direction
Clause 9.3.2 - Plan and Conduct Management Reviews at Predetermined Planned Intervals
Clause 9.3.3 - Generate Management Review Outputs and Maintain Documented Results
Clause 10 - Improvement
Under this clause, organization has to take of the following sub-clauses:
Clause 10.1 - Take into consideration means of improving customer satisfaction
Clause 10.2 - Control Nonconformities and Take Appropriate Measures and Corrective action
Clause 10.2.1 - Correct Nonconformities and Address Causes and Consequences
Clause 10.2.2 - Document Organization's Nonconformities and the Actions that are Taken
Clause 10.3 - Enhance and Improve the Suitability, Adequacy, and Effectiveness of Company's
QMS
 Auditable Clauses in ISO 9001:2015 - Lesson Summary End of Topic

ISO 9001:2015
35 | P a g e
Module 03| Essential Elements of
03.1| Essential Elements Of Quality Management System -
Learning Outcomes
Upon completion of this module, you will be able to:
o Recognize the importance of managing organizational knowledge
o Explain how organizational knowledge can be preserved
o Discuss how companies check their management system through internal audits
o Explain how internal auditors can audit the new requirements of the ISO 9001:2015
o Discuss how top management should be involved in Management System through Management
reviews
o List the new inputs of management reviews
o Explain how management reviews can be made effective in an organization
o Compare what has changed from previous version i.e. ISO 9001:2008 to new version ISO 9001:2015
regarding management reviews
Essential Elements Of Quality Management System - Learning Outcomes
End of Topic
03.2| Organization Knowledge
Organization Knowledge
The latest ISO 9001:2015 standard institutes the concept of “knowledge.”
As knowledge was not required by the former ISO 9001 standard, the concept of this topic and the
method to it are newly introduced in the standard. ISO 9001:2015 explicates obligations for managing
organizational knowledge in the following four phases, which are similar to the PDCA cycle:
o Identify the knowledge which is mandatory for the implementation of processes and for acquiring
conformity of products and services
o Keep knowledge and make it accessible to the level needed.
o Be thoughtful of the present organizational knowledge and measure it against contemporary
requirements and trends.
o Gain the required knowledge.
 Knowledge Triangle: How data, information and analysis contributes to knowledge. And finally
knowledge converts to wisdom.

ISO 9001:2015
36 | P a g e
 Data
Data can be understood as “unordered facts and figures."
The fundamental part of information in an enterprise is in the shape of data. Organizations gather,
assesses and analyses this data to recognize patterns and trends. Majority data thus gathered is linked
with the main processes of the organization.
Data are particulars and statistics which reinforce something particular about a process, but data is not
structured in any terms and it gives no further vision concerning trend, forecast and context, etc.
 Information
Each data unit is a fragment of a process transaction and does not give any information until these
fragments are structured and ordered in concurrence with other data units. The collection of data into a
meaningful context gives information. For data to be transformed to information, it must be connected
with its background, grouped, formulated and compressed where necessary. Information therefore
provides a larger picture; it is data with applicability and objective. It may transfer a behavior in the
environment, or can refer a trend of sales for a timeline. Basically, information is revealed in responses
to questions that start with words like what, who, when, where and how much.
 Analysis
The information collected in the earlier phase provides much depth. Analysis provides more value by
disconnecting or reorganizing this information. Simulations with systematic and logical processing give
practitioners the capability to evaluate information and define process, trend, etc.
 Knowledge
Knowledge is not identical to data, information or analysis. It is because knowledge can be generated
from any source, or it can be founded on previous knowledge utilizing logical inferences.
Knowledge is related to performance and relates how to do and comprehension of a reality. The
knowledge owned by each person is an output of one’s experience, and relies on the scale by which a
person examines new inputs from his environment.
Knowledge can be determined as “an abstract mix of perceived experience, principles, socio-economic
and political context, professional awareness, and the emotional elements."
All these elements give a surrounding and mechanism for assessing and adding new information and
experiences. It initiates and is developed in the intellect of the one who knows. In companies,
knowledge is frequently built within organizational culture, norms, routine activities along with its
documentation.

ISO 9001:2015
37 | P a g e
 Wisdom
Wisdom is the use of gathered knowledge to build an increased comprehension of the
reality and to optimize business functions.
How can you record the knowledge of your organization?
Every organization has significant knowledge that makes them gain a lead in the competition, but how
is this recorded within your organization? When this knowledge resides with some employees and is
not recorded, it is usually known as “tribal knowledge,” and if this can be a strength, it can be at risk of
being forgotten when these personals leave the company.
So, how can you simply record the knowledge of your organization? Here are some ideas:
Work Instructions
Obviously, the best way to record this knowledge is with the help of instructions. If you have a process
that needs to be done in a particular way in order to avoid problems, do so, and then this can be
drafted easily for comprehension of new recruits.
Checklists
Obviously, the best way to record this knowledge is with the help of instructions. If you have a process
that needs to be done in a particular way in order to avoid problems, do so, and then this can be
drafted easily for comprehension of new recruits.
Training Packages
At times, key points of the process needs to be recorded, and having this in a type of training package
can be an excellent idea for capturing the knowledge.
On-the-Job Training
When the knowledge just can’t be explained in black and white, it can be helpful to employ on-the-job
training where a professional and experienced person will convey the undocumented knowledge in an
organization to others.
Knowledge Database
Some concepts or things are learned during a project. This experience can be captured by creating a
report that discusses the successes and failures of a project, which can then be logged in a knowledge
database. Such records will help in completing such projects effectively.
 Taking Advantage of the Recorded Organizational Knowledge
When organizational knowledge is recorded, one should take advantage of this resource, particularly
when bringing any changes.
Implementing quality checklists and work instructions can be met with resistance, but if all concerned
personnel know how important this documentation is, implementation will be easier.

ISO 9001:2015
38 | P a g e
Similarly, the training requirements should be implemented as soon as they have been produced.
Systems should be upgraded to incorporate the training for the implementation of work instructions and
quality checklists. This incorporation will ensure that when a new person is recruited to the team,
he/she will be provided with the most up-to-date training to start the job.
The knowledge database is an exclusive idea in that it is a input mechanism into the design job, so one
needs to update the system of design process to make sure that design engineers are able to take
advantage from the lessons which have been incorporated into knowledge database to ensure that no
one bypasses learning or improvement that has been recognized and recorded. Personnel should learn
to utilize this system so that they may gradually progress in their jobs.
"Where is the knowledge we have lost in information?” - T. S. Eliot
Knowledge is often lost in information, especially when the given information is not analyzed and
applied during work.
Some organizations make use of data by ordering and converting such data forms into information.
Information provides insight about a process and the relation of data structures. But when this
information is only utilized for reports without taking appropriate actions on processes based on this
information, then a potential knowledge resource is lost.
Therefore knowledge is something beyond information that is applied to some process, machinery,
procedure, and gives a comprehensive understanding of a process subject.
An Important Resource!
Considering organizational knowledge as a powerful resource can speed an organization into continual
improvement, which can be crucial to the long-term success of an organization.
Frequently, organizations don’t understand what crucial knowledge they had until one key employee
moves out and systems do not work properly anymore.
This can be a costly method for learning the lesson that it is important to record and regulate
organizational knowledge. To avoid this, enterprises should take advantage of the ISO 9001:2015
requirements and opt for organizational knowledge recording by making it a strategic theme. The
organization will receive the benefits of doing so.
Types of Knowledge
There are different types of organizational knowledge and these can be explained as:
o Tacit knowledge - Knowledge that cannot be expressed and communicated
o Implicit knowledge - Knowledge that can be expressed and communicated but it has never been
o Explicit knowledge - Knowledge that is expressed and communicated, mostly recorded in the
structure of tables, text, relationship etc.
o Procedural knowledge - Knowledge expresses itself in the form of doing some process.
o Declarative knowledge - Knowledge that comprises of methods, descriptions and things, and written
procedures (declared and followed).
o Strategic knowledge - Knowing the time of doing something with the reason of doing it.

ISO 9001:2015
39 | P a g e
Business Knowledge and Resources
Business knowledge can be found on various different platforms, some are listed below:
Personal
 This is a type of knowledge found within an individual, it is mostly tacit knowledge. It can also be both
implicit and explicit, but it must be personal in nature.
Community
 This knowledge is found within communities but is not conveyed to the remaining organization.
Companies normally comprise of different groups (normally casually formed) which are associated with
each other by usual practice. These groups may have some common values, semantics, ways of doing
work etc. These communities are also a bank of learning and a source for implicit, tacit, explicit,
procedural knowledge.
Structural
 This knowledge is present in practices and culture of an organization. This knowledge might be
understood by most of the members of the company or only by some.
For instance the knowledge of the army schedules may not be acknowledged by the soldiers who carry
out these schedules. Sometimes, structural knowledge may be the remainder of organizational history,
else dis-remembered lessons, where the value of this knowledge exists solely in the process itself.
Organizational Memory
Traditional memory is related to a person’s capability to obtain, retain, and retrieve knowledge.
Within organizations, this concept is stretched beyond the personal traditional memory, and
organizational memory thus relates to the organization’s capability to obtain, retain and retrieve
knowledge through information, analysis and proceedings.
What is Organizational Memory?
It is defined as the memory in which all the types of repositories are set in, where a company may
collect information.
This memory is comprised of the various official records, along with tacit and available knowledge in
people, companies’ culture, and processes.
Stage for Processing Knowledge through Organizational Memory
Knowledge Addition: Organizational memory comprises of the obtained information concerning
historic judgment. This information is not mainly warehoused in a central place, but instead it is divided
across various storage units.
Each time a judgment is taken and the concerns are assessed, new information is supplemented to the
memory of the organization.
Knowledge Retention: Knowledge in an organization is retained in five different knowledge storage
areas:
o Personal: The memories of the person who remember organizational events, decisions, and issues faced in the
past.
o Shared Valuesof an Organization: The mode of communication and structures that are present in an
organization and form the shared values of an organization.

ISO 9001:2015
40 | P a g e
o Developed Systems: The developed standard procedures and official methods that the organization uses. These
official methods imitate the company’s past experiences and are repositories for embedded knowledge.
The Role of Leadership
The role of a leader can never be underestimated in the development and effective management of
organizational knowledge. Usually three leadership roles are identified as being important for the
effective management of organizational knowledge.
These are explained as below:
 Lead Designer
 This type of leader can be described as the designer of a ship rather than just being a captain.
The key roles played by this leader include:
 To create a shared vision with the team having common values and purpose.
 To define the high level policy, plans, and business structures that transform ideas into effective
decisions.
 To create beneficial learning methods; this will encourage the continual improvement of the policies,
plans, and business structures.
 Lead Teacher
 The attributes of this type of leader include playing the role of trainer, a couch and a counselor for
competing with old ideas in an organization, and correcting those old shared perceptions that resist
positive change and act as a barrier for organizational success. This type of leader convinces the
organization to change and breaks the shackles of superficial hindrances.
 Lead Steward
 This quality relates to the personality of a leader. The attitude the lead steward is one that does not
benefit oneself but rather sees to the overall well-being of the organization, business, and the long term
good of the people.
All of these three attributes will help leaders to build the foundations of a system where organizational
knowledge is used in the most effective manner for the overall well-being of the organization.
Organization Knowledge End of Topic

ISO 9001:2015
41 | P a g e
03.3| Internal Auditing
What is Internal Auditing?
Internal auditing is an internal process for facilitating organizations to meet their objectives. It is
concerned with checking and improving the effectiveness of different management systems in an
organization.
What is auditing? Auditing is defined in international standard ISO 19011:2011—Guidelines for
auditing management systems as a “systematic, independent and documented process for obtaining
audit evidence [records, statements of fact or other information which are relevant and verifiable] and
evaluating it objectively to determine the extent to which the audit criteria [set of policies, procedures or
requirements] are fulfilled.”
 The Concept Behind Internal Auditing
An audit can be termed as a type of inspection and testing, except that in this case the product being
inspected is the management system itself.
Similar to a product or process inspection, an audit compares “how things really are” to “how they are
supposed to be”.
Audits attempt to reveal areas that should be given attention and areas that are veiled during routine
activities; audits look at the whole process with fresh eyes, which can detect such shortcomings.
Although it is such a constructive tool in the management system, audits often evoke a level of stress
that is equivalent to the stress of completing an exam.
An positive external audit carries a lot of weight, so it is natural that there is some concern and worry
from the audited. However, a robust internal audit cycle can minimize the stress, as an audit might
reveal the problems within department and perhaps even solve them before an external audit ever
begins.
 Comparing the Old and New ISO 9001 Standard
All types of management standards need audits to observe and present findings on the efficiency of the
management system.
A comparison of the internal audit between the old ISO 9001:2008 and the new ISO 9001:2015 is
shared below:
ISO 9001:2008 ISO 9001:2015
This internal audit process is required in one of
the documented procedures mandated by ISO
9001:2008, which explicates that companies will
implement a documented procedure with defined
tasks owners. The procedure should also state
how internal audits will be planned, conducted
and results reported. The records should also be
kept.
ISO 9001:2015 does not mandate a procedure
for Internal Audit which is supposed to be
documented. However organizations should
keep an audit program and keep documented
information of the audits held, their findings and
closure records.
 Phases of an Audit
There are four phases of an audit program. Click on the following tabs to learn more:
Audit Preparation

ISO 9001:2015
42 | P a g e
Audit preparation contains all steps that are made in advance by concerned parties ( such as the lead
auditor, the auditee, and the audit program manager) to make sure that the audit acts in accordance
with the client’s objective. The preparation part of an audit starts with the decision to perform the audit.
Preparation finishes when the audit starts.
Audit Proceedings
This is the actual implementation phase of an audit and it is frequently known as the evidence
collection. This phase comprises of the time period when the auditor appears at the audit location to
the last closing meeting.
It comprises of audit proceedings which comprises of on-site audit organization, discussion with the
auditee, comprehending the procedures and system controls and confirming that these controls are
effective, collaborating with team members, and interacting with the auditee till closing meeting.
Audit Reporting
The objective of the audit report is to discuss the findings of the audit proceedings. The report should
contain evidence of findings that will be operative in solving imperative organizational matters. The
audit activities are completed when the report is presented by the lead auditor or when follow-up
actions are done.
Audit Follow-Up and Closure
The final phase of an Audit is verification of follow-up actions. Once the follow-up actions are verified,
the audit is considered closed.
First, Second and Third Party Audits
First Party Audit
A first party audit is also known as internal auditing.
It is conducted within an organization to gauge strengths and flaws for an organizations own
procedures, work instruction, or external standards like ISO 9001, which are voluntarily adopted or
mandated by a regulatory body.
A first party audit is performed by auditors who are part of the organization being reviewed but who
have no interest in the falsification of audit results.
Second Party Audit
A second party audit is an external audit that is conducted on a supplier by a client or by a third party
organization in lieu of a customer. Second party audits usually focus on the rules of contract law.
Second-party audits tend to be more official than first party audits as the audit results could affect the
customer’s buying conditions.
Third Party Audit
A third party audit is conducted by an audit organization free from the purchaser-provider association
and is free from any conflict of interest. Impartiality of the audit organization is an important element of
a third-party audit. Third party audits may end in recognition, award, registration, certification, license
endorsement, a reference, or a penalty given by the third party organization.
ISO 9001:2015 certification is also awarded based upon a third party audit, but this audit verifies a
system of first party audit i.e. internal audit for certification.

ISO 9001:2015
43 | P a g e
Types of Audit
Product Audit
This type of audit is carried out on a particular product or service to observe whether or not these
products and services conform to specifications and customer requirements.
Process Audit
This type of audit is carried out on a process to check whether process parameters are maintained
within defined limits. This audit assesses an operation or technique in comparison to guidelines or
criterion. This audit may comprise of following:
Verify conformance to prescribed requirements such as instance pressure, time, temperature,
composition, voltage, and blend.
Observe the resources (i.e. machinery, materials, and human resource) allocated to convert the inputs
into outputs, the surroundings, the standard procedures, and instructions followed, and the methods
identified to control process performance.
Verify the capability and efficiency of the process controls formed by procedures, flowcharts, work
instructions, awareness sessions, and process specifications.
System Audit
A system audit is performed on a management system.
This type of audit is an evidence finding activity that is conducted to confirm, assess and verify that the
appropriate elements of the system are present and effective. Furthermore, this audit ensures that
elements have been aligned, recorded, and applied with stated requirements.
ISO 9001:2015 is a quality management system. Internal audits and third party external audits are also
system audits against the requirements of ISO 9001:2015.
Internal Audit Planning
Internal audit planning is one of the most important activity of internal audit process:
o Internal Audits should be planned at scheduled intervals to verify that the management system fulfills
requirements and that the effectiveness of the system is maintained. 'Requirements' comprise of the
standard itself, along with the organizational requirements (such as the organization’s procedures and
policies).
o One does not need to audit an entire organization at any given time. The external audit (third party
audit) can cover the complete scope of organization, but internal audits can be done by flexible means
with different departments audited at different point of times.
o The standard does not mandate a mandatory audit frequency. Instead, it endorses making your plan on
the basis of importance of the processes, their associated risks, their former past issues, and the
associated quality objectives. One can set different audit frequencies for different processes.
o If an organization is applying a new management system (such as ISO 9001:2015), then all processes
and departments covered under the management system scope should be internally audited at least
one time before third party external audit.

ISO 9001:2015
44 | P a g e
Who Will Perform Internal Audit?
There are a number of things that should be considered before selecting an internal auditor.
Moreover, there are different approaches to perform internal audit. Some things that should be
considered before selecting internal auditors for a process include:
o An auditor should be unbiased and independent. One cannot audit processes that he/she organize or
has any stakes involved in it.
o Auditors should be competent with the auditing process itself.
o Internal auditors should be aware of the requirements of ISO 9001:2015 and organizational
procedures.
Approaches to internal auditing used by organizations include:
o Organizations can use consultants to carry out internal audits to implement a management system.
o Some organizations employ full-time, permanent, internal auditors.
o Big organizations may utilize a team of internal auditors.
o Cross-function internal audits are also popular. These internal auditors are trained by various
departments and are allocated to audit other departments as per designated plan.
Requirements for Each Audit
Audit requirements should be well studied by internal auditors before going into the audit
process. Some methodologies include:
 The internal audit plan should have previously recognized the region that one will audit. Now the
auditor needs to recognize what criteria he/she will audit. At times this will be done with a formal
checklist that has a list of relevant questions. One can also consider the procedure and identify
check points. Internal auditors will check those records to verify.
 Findings from previous internal audits, or external audits can also help internal auditors to identify
weak areas and thus can re-audit those point to check whether follow-up actions were effective or
not.
 The criteria for internal audits should be communicated to the auditee before audit. It is a good
practice to communicate to the auditee to arrange required documents before the audit to save
time.
 Last but not the least, the use of observation and listening skills during the questioning of the audit
helps to identify gaps within the systems.

ISO 9001:2015
45 | P a g e
Perform the Internal Audit
Performing an internal audit should follow a series of steps that are based on international protocols.
These steps should be followed while conducting an internal audit:
Step 01 An audit normally begins with an opening meeting where the auditor
interacts the auditee(s), states the projected schedule, and informs the
auditee about how the audit will be performed.
Step 02 Throughout the audit, the internal auditor will work logically from the
checklist or procedure, observing evidence that the process fulfills the
required criteria. It is usual for internal auditor to write a finding summary and
a finding result, which can be defined below:
-conformance or non-fulfillment of a procedural or standard
requirement
Step 03 When reporting the audit, it is vital to note what evidence was observed to
institute the finding - irrespective of the finding.
For example, while auditing the management review process, the auditor
writes, "management review conducted on 21st June 2017, an important
agenda item was missed during the review i.e. analyzing context of
organization."
Step 04 Commonly, the internal auditor will inform the auditee of the finding result
before reporting the results. This is to make sure that the auditee
comprehends the results and to ensure that there truly is a problem.
Step 05 The internal audit will end with a closing meeting where the lead internal
auditor will provide a complete summary of the internal audit and information
about each audit finding to make sure that they are agreed upon and
understood.
Audit Findings Keptas Documented Information
Audit findings should be maintained as documented information. An external third party auditor
will give an official written report on the external audit to management a few days after the audit
and some companies do the same internal audits. However, there is no obligation in the ISO
9001:2015 standard for an official internal audit report. Internal auditors should make sure that
the findings are documented and communicated to top management.
Auditor can just record the findings and their particulars in an organization’s non-conformance form
and the associated register.
Auditors should keep records of the audit which will normally be available in following forms:
o Filled-in internal audit checklists
o Observations against procedures
o Minutes on objective evidence observed, and employees cross-examined
o Audit findings which can be referenced to your non-conformance report and register
o A formal audit report
o Non-conformance report on a software managed through the cloud or the organization's
local server
Process Improvement Through Internal Audits
Internal audits can serve as a vital tool to maintain the effectiveness of the system and can act as the
“Check” part of the PDCA cycle. Through internal audits, organizations highlight the failures within
management system that develops over time of the implementation and thus can address such gaps.
Through internal audits process owners can also see underlying gaps in their processes which are

ISO 9001:2015
46 | P a g e
camouflaged as part of the process. This provides them the opportunity to fill those gaps which they
are not able to perceive due to routine work cycles.
Organizations can make a culture of process improvement by internal audits by carrying out the
following steps:
 Step 1
 Awareness by process owners that internal audits help them to improve their processes and that audits
add value to the process. They should value the cycle of internal audits.
 Step 2
 Maintaining compliance of standard is not a big deal for organizations. However, making use of internal
audits to ensure that the processes are effective and to add value in process streams, this is the real
challenge that organizations face.
Through internal audits non-value streams in a process can be removed, saving unnecessary cost of
over processing through those non-value streams. Internal audit processes can also identify a vital
process that can increase customer satisfaction which can yield more business which means more
profitability.
 Step 3
 Internal audits can help organizations to identify barriers to some processes that would help them to
meet their quality objectives. Through this process top management can be made aware of such
barriers, which can then be removed to improve the processes.
Internal Audits for Risk Management System
ISO 9001:2015 focuses on risk management of organizational processes. The organization is required
to identify risks and opportunities for its business processes as well as for internal processes.
An internal auditor will have to check following:
o Has the process owner identified its associated risks and opportunities?
o Has the process owner has identified the acceptable risks and opportunities which require no further
action?
o Have they identified significant risks and opportunities for which a plan must be made to mitigate the
negative impact of the risk and maximize the positive impact of the opportunity?
o Are the plans for risk mitigation or opportunity optimized to ensure they are achieved?
o Are the plans implemented and residual risk is acceptable?
o Does the process owner reassess the process risk if there is a change in workforce, machinery,
material, or the process after a shutdown activity begins?
o Has the internal auditor verified that the process of risk management is being implemented?
Internal Audit for the Context of an Organization
ISO 9001:2015 requires organizations to identify its context. The organization should highlight internal
and external issues. The organizations should identify a list of interested parties.
The organizations should also identify needs and expectations of the interested parties. When an
internal auditor audits management representatives or top management for clauses related to top
management responsibilities, all requirements can be audited there.

ISO 9001:2015
47 | P a g e
However when auditing a process owner, following the requirements of context of organization
can be addressed:
o Process owner should understand howhis/her process is linked with the organization’s goals and the
context in which it operates.
o What are the external issues that influence that process (such as the material supply of that process)?
o What are the internal issues that influence the process (such as the work force, support activities from
other departments, machinery, internal software applications, etc.)
o How are the issues related to the processes managed?
o How the need and expectations of interested parties are fulfilled. For example, the employee running
the process is an internal party and they expect to be rewarded for their hard work. Annual appraisal
programs in their organization provides incentives for their hard work.
Internal Audits for Organization Knowledge
ISO 9001:2015 also requires organization to manage knowledge. Each process owner has an
adequate amount of knowledge regarding their processes.
During an internal audit, the auditor can examine whether the knowledge possessed within that
process are documented in checklists, work instructions, or some documents related knowledge
management. Internal audit can provide a continual way for organizations to document knowledge
within those processes which are not yet documented.
Thus, the reliance of organizations on old employees possessing the knowledge about processes is
reduced to a level manageable by the organization. Therefore, internal audits can serve as a tool for
improving the organizational knowledge by documenting it and reduces the dependency of an
organization on just a few individuals.
Therefore, the risk of organizational knowledge being lost when the old employees leave the company
is taken care of. Internal audit will act as the "check phase" of the whole knowledge management
cycle.
Internal Auditing End of Topic

Iso 9001.2015 full module

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Iso 9001.2015 full module

Similar to Iso 9001.2015 full module (20)

Recently uploaded

Recently uploaded (16)

Iso 9001.2015 full module