QUALITY MANAGEMENT SYSTEM

1
 ISO
ISO ( International Organization for standardization) is an independent, non-governmental
international organization with a membership of 162 national standards bodies.

ISO has published more than 20500 International Standards and related documents, covering almost every
industry, from technology, to food safety, to agriculture and healthcare. ISO International Standards impact
everyone, everywhere.

International Standards make things work. They give world-class specifications for products,
services & systems, to ensure quality, safety and efficiency.

POPULAR STANDARDS
ISO 9000 Quality Management -ISO/TC 176
ISO 14001 Environmental management- ISO/TC 207
ISO 50001 Energy management- ISO/TC 242
ISO 31000 Risk management- ISO/TC 262
IS0 22000 Food Safety management- ISO/TC 34

2
ISO 9000 - Quality management

The ISO 9000 family addresses various aspects of quality management and contains
some of ISO’s best known standards.

Standards in the ISO 9000 family include:

ISO 9001:2015 - sets out the requirements of a quality management system
ISO 9000:2015 - covers the basic concepts and language
ISO 9004:2009 - focuses on how to make a quality management system more efficient
and effective
ISO 19011:2011 - sets out guidance on internal and external audits of quality
management systems

3
ISO 9001
ISO 9001 is a standard that sets out the requirements for a quality management system. It helps
business and organizations to be more efficient and improve customer satisfaction.

ISO 9001 builds on seven quality management principles. Following these principles will ensure
our organization or business is set up to consistently create value for its customers.

5
6
7
QUALITY MANAGEMENT PRINCIPLES
1. Customer focus
2. Leadership
3. Engagement of people
4. Process approach
5. Improvement
6. Evidence- based decision
making
7. Relationship management

8
 COMPARISON
IS0 9001: 2008 Principles IS0 9001: 2015 Principles
1. Customer Focus 1. Customer Focus
2. Leadership 2. Leadership
3. Involvement of people 3. Engagement and competence of people
4. Process approach
5. System approach to management 4. Process approach

6. Continual improvement 5. Improvement

7. Factual approach to decision making 6. Informed decision making
8. Mutually beneficial supplier relationships 7. Relationship management

9
 1 Customer Focus
To meet & exceed customer’s needs, to attract &retain their confidence, and thereby to contribute to the long term
success of our enterprise.

2 Leadership
Having a unified direction or mission that comes from strong leadership is essential to ensure that everyone in the
organization understands what we are trying to achieve.

3 Engagement of people
Creating value for our customers will be easier if we have competent, empowered and engaged people at all levels of
our business or organization.

4 Process approach
Understanding activities as processes that link together, and function as a system, helps achieve more consistent and
predictable results.

10
 5 Improvement
Successful organizations have an ongoing focus on improvement. Reacting to changes in the internal and external
environment is necessary if we want to continue deliver “VALUE” for your customers.

6 ‘Evidence’ based decision making

Making decisions is never easy and naturally involves a degree of uncertainty, but ensuring your decisions are based on
the analysis and evaluation of data is more likely to produce the desired result.

7 Relationship management
Identifying the important relationships you have with interested parties such as your suppliers, and setting out a plan
to manage them, will drive sustained success.

11
Why ISO
9001:2015

12
 ISO 9001: 2015
As per the policy of ISO all standards needs to be reviewed and revised in every 5 years and to
incorporate the new “ High level Structure” as defined in the “Annex SL” of ISO 17021 .

ISO new version main objective is to provide confidence in the organizations ability to consistently
provide customers with confirming goods and services and to enhance customer satisfaction.

New ISO 9001:2015 standard characterize a technical revision compared to 2008 edition. It also
adopts clause sequence, quality management principles and addition of new concepts.

13
ANNEX SL - HIGH LEVEL STRUCTURE
A new high level Structure has been introduced to enable the organizations to adopt several
Management system standards and integrate them smoothly. The HLS will be incorporated in all
the Management system standards that will be issued by the ISO organization. E.g. Environmental,
Information security, food safety etc.

In future all management system will have these elements.

14
SOME CONCEPTS INTRODUCED IN NEW STANDARDS ARE:
• Integration of Risk management
• Resource management
• Systematic problem solving and learning
• Voice of the customer
• Knowledge management
• Measures ( examples are performance, satisfaction and ROI)

15
 ISO 9000: 2015
Quality management systems fundamentals and vocabulary

16
 Terms and definitions
Organization
Person or group of people that has its own functions with responsibilities, authorities and relationships to achieve
its objectives

Context of the organization

Combination of internal and external issues that can have an effect on an organization’s approach to develop and
achieve its objectives

Management
Coordinated activities to direct and control an organization
(management can include establishing policies and objectives and processes to achieve these objectives)

Quality management
Management with regard to quality.
Quality management can include establishing quality policies and quality objectives, and processes to achieve these
quality objectives through quality planning, quality assurance quality control ,and quality improvement.

17
Contd..
Quality planning
Part of quality management focused on setting quality objectives and specifying necessary operational processes,
and related resources to achieve the quality objectives

Quality assurance
Part of quality management focused on providing confidence that quality requirements will be fulfilled

Quality control
part of quality management focused on fulfilling quality requirements

Quality improvement
Part of quality management focused on increasing the ability to fulfil quality requirements
The quality requirements can be related to any aspect such as effectiveness , efficiency or traceability.

NOTE: Improvement - activity to enhance performance

18
Contd..

Activity - smallest identified object of work in a project

19
Contd..
System
Set of interrelated or interacting elements

Management system
Set of interrelated or interacting elements of an organization to establish policies and objectives , and processes
to achieve those objectives

Quality management system

Part of a management system with regard to quality

Policy
Intentions and direction of an organization as formally expressed by its top management

20
 Contd..
Quality policy
policy related to quality

Note :
 Generally the quality policy is consistent with the overall policy of the organization, can be aligned with
the organization’s vision and mission and provides a framework for the setting of quality objectives.

 Quality management principles presented in this International Standard can form a basis for the
establishment of a quality policy.

Requirement
need or expectation that is stated, generally implied or obligatory

Nonconformity
non-fulfilment of a requirement

21
Contd..
Defect
Nonconformity related to an intended or specified use
NOTE: The distinction between the concepts defect and nonconformity is important as it has legal
implications, particularly those associated with product and service liability issues.

Objective
Result to be achieved

Quality objective
Objective related to quality
NOTE: Quality objectives are generally based on the organization’s quality policy.

22
Contd..
Performance
Measurable result
NOTE:
 Performance can relate either to quantitative or qualitative findings.
 Performance can relate to the management of activities, processes ,products, services, systems or organizations.

Efficiency
Relationship between the result achieved and the resources used

Effectiveness
extent to which planned activities are realized and planned results are achieved

23
Contd..
Document
information and the medium on which it is contained

EXAMPLE : Record, specification, procedure document, drawing, report, standard.

NOTE:
 The medium can be paper, magnetic, electronic or optical computer disc, photograph or master
sample, or combination thereof.
 A set of documents, for example specifications and records, is frequently called “documentation”.
 Some requirements (e.g. the requirement to be readable) relate to all types of documents.
However there can be different requirements for specifications (e.g. the requirement to be
revision controlled) and for records (e.g. the requirement to be retrievable).

24
Contd..
Documented information
Information required to be controlled and maintained by an organization and the medium on which
it is contained
1. Documented information can be in any format and media and from any source.
2. Documented information can refer to:
 the management system, including related processes
 information created in order for the organization to operate (documentation)
 evidence of results achieved (records)

25
Contd..
Specification
Document stating requirements
EXAMPLE : Quality manual, quality plan, technical drawing, procedure document, work instruction.

Quality manual
Specification for the quality management system of an organization
NOTE: Quality manuals can vary in detail and format to suit the size and complexity of an individual organization.

Quality plan
Specification of the procedures and associated resources to be applied when and by whom to a specific object
NOTES:
 These procedures generally include those referring to quality management processes and to product and
service realization processes.
 A quality plan often makes reference to parts of the quality manual or to procedure documents .
 A quality plan is generally one of the results of quality planning

26
Contd..
Record
Document stating results achieved or providing evidence of activities performed
 Records can be used, for example, to formalize traceability and to provide evidence of verification, preventive
action and corrective action.

Verification
Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled
 The objective evidence needed for a verification can be the result of an inspection or of other forms of
determination such as performing alternative calculations or reviewing documents

Validation
Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or
application have been fulfilled.
 The objective evidence needed for a validation is the result of a test or other form of determination such as
performing alternative calculations or reviewing documents.

27
 Contd..

Audit - Systematic, independent and documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are fulfilled

Audit Criteria – Set of policies, procedures or requirements

Audit Evidence – Records, statements of fact or other information which are relevant to the audit criteria
and verifiable

Audit Findings – Results of the evaluation of the collected audit evidence against audit criteria

28
 Process approach
ISO 9001:2015 promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a
quality management system to meet customer requirements.
Understanding activities as processes that link together and function as a system helps achieve more consistent and predictable
results. This approach enables the organizations to control the interrelationships and interdependencies among the process of the
system, so that the overall performance of the organization can be enhanced.
Management of process and system as a whole can be achieved using PDCA cycle with an overall focus on risk based thinking
aimed at taking advantage of opportunities and preventing undesirable results.

PROCESS MODEL

29
 Schematic representation of any process and shows the interaction of its elements

NOTE: The monitoring and measuring checkpoints, which are necessary for control, are specific to each process and will
vary depending on the related risks.

30
 PDCA CYCLE
PDCA cycle enables an organization to ensure that its processes are adequately resourced
and managed, and that opportunities for improvement are determined and acted on.
Establish the objectives of the
system and its processes, and the
resources needed to deliver results
in accordance with customers
requirements & the organizations
policies, and identify and address Implement what was
risks and opportunities planned

Monitor and measure

Take actions to improve
performance, as necessary
processes and the resulting
products and services against
policies, objectives,
requirements and planned
activities, and report the
results. 31
 PDCA CYCLE
Plan phase
e.g. review of business context, interested parties, system objectives and consider
integration with other management systems.
Do phase
e.g. establish policies, create new procedures, allocate roles & responsibilities,
communicate
Check phase
e.g. review system performance, check alignment of system objectives against strategic
business objectives
Act phase
e.g. actions arising from improvement activity

32
RISK BASED THINKING
Risk based thinking enables an organization to determine the factors that could cause its processes and its quality
management system to deviate from the planned results, to put in place preventive controls to minimize negative effects
and to make maximum use of opportunities as they arise.

Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects. A positive deviation
arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities.

e.g: Opportunities can arise as a result of a situation favorable to achieving an intended result, a set of
circumstances that allow the organization to attract customers, develop new products and services, reduce waste or
improve productivity can be considered as opportunity.

33
PDCA APPROACH IN RISK MANAGEMENT

34
 ISO 9001: 2015
QUALITY MANAGEMENT SYSTEM
REQUIREMENTS

35
ISO 9001:2015

36
COMPARISON

37
NEW MODEL OF A PROCESS- BASED QUALITY MANAGEMENT SYSTEM

38
PDCA CYCLE ( ISO 9001: 2015)

39
PDCA IN NEW ISO 9001:2015 STRUCTURE

40
 1 Scope
This ISO specifies requirements for a quality management system when an organization:
 Needs to demonstrate its ability to consistently provide products and services that meet
customer and applicable statutory and regulatory requirements, and
 Aims to enhance customer satisfaction through the effective application of the system, including
process for improvement of the system and assurance of conformity to customer and applicable
statutory and regulatory requirements.

NOTE: All the requirements of this organization are generic and are intended to be applicable to any
organization, regardless of its type or size, or the products and services its provides.

41
 2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any amendments)
applies.
ISO 9000:2015, Quality management systems — Fundamentals and vocabulary

42
 3 Terms and definitions

For the purpose of this document, the terms and definitions given in ISO
9000 apply.

43
 4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of the interested parties
4.3 Determine the scope of the QMS
4.4 Quality management system and its processes

44
4.1 Understanding the organization and its context
ISO 9001:2015 requires organizations to identify monitor and review internal and external
issues that are relevant to its purpose and strategic direction, and that have the ability to
impact the quality management systems intended results.

NOTE: Issues are likely to change over time, some slowly than others. Hence the requirement is to monitor and
review internal and external issues.

45
 Internal issues example:
 Structure of the organization — limited  Staff competency levels– high(positive)
flexibility when dealing with varying demands
 Contractual arrangements with customer-
 Roles within the organization — Rigid,
personnel willing to adopt to demands. beneficial
 Availability of reliable qualified and competent  Payment terms from customers- high credit
work force — very good (positive)
 Overall strength of business to support
 Stability of workforce – Wage benchmarking is
not consistent with competitors funding needs.

 Staff retention — very high (positive)  Relationship with investors .

 Impact of unionization – Uncordial  Service level agreements with customers.
 Culture within the organization.

46
 External issues example:
 Political, economic, social, technological, legal and
regulatory — Laws changing ,affecting product
conformity, minimum wage changing, evolutions in more
efficient machinery affecting price
 Overall economic performance in the country —
above EU norm (positive)
 Competitive environment — overall low-cost of
entry in to the market
 Economic plans for future
 General levels of consumer confidence
 Customer expectation
 Standardization and certification within
the industry
 Trade associations and lobbying powers
 The nature and impact of economy on
market
47
4.2 Understanding the needs and expectations of interested parties
ISO 9001:2015 requires organizations to go through a process initially to identify interested parties and then to
identify their requirements that are relevant to the organizations quality management systems.
Interested parties: Groups or individuals who have the ability to impact (or potentially impact or be impacted by)
the organizations ability to supply consistently products and services that meet customer and applicable statutory
and regulatory requirements.

NOTE: The organization shall monitor and review information about these interested parties and their relevant
requirements.
48
Illustrates the interaction between clause 4.1 & clause 4.2

49
4.3 Determining the scope of the quality management system
ISO 9001: 2015 requires the organization shall determine the boundaries and applicability of the quality
management system to establish its scope. When determining this scope, the organization shall consider
a. The external and internal issues referred in 4.1;
b. The requirements of relevant interested parties referred to 4.2;
c. The products and services of the organization.

The scope of the management system will need to include activities, processes etc that are of relevance to the
organization but performed by other organizations, including other parts of the same organization that do not come
under the control of top management. e.g. Central procurement function

Exclusion – When a requirement cannot be applied justification has to be provided.

NOTE: the scope of the organizations quality management system shall be available and be maintained as documented
information.

50
 4.4 Quality management system and requirements.
4.4.1

The organization must establish, implement, maintain and continually improve its quality management system as per the
requirement of this standards by determining the process needed and its application through out the organization .
While determining the processes,

1 The organization shall define the inputs required and the outputs expected from these processes

2 The organization shall determine the sequence and interaction of these processes

3 The organization shall establish the criteria and methods which include monitoring, measurements and
other related performance indicators to ensure the effective operation and control of these processes.

4 The organization shall determine and ensure the availability of the resources needed for effective operation of
these processes.

5 The organization shall assign the responsibilities and authorities for the processes .

51
 contd..
As per clause 6.1, the organization must determine risk and opportunities, analyse them and must take
6
appropriate action to address them.

7 The organization must make changes in its process if it fails to achieve intended result.

8 The organization must look for opportunities to improve these process and for Quality management system as
a whole.

4.4.2 The organization shall maintain documented information to the extent necessary to support the operation of
processes and retain documented information to the extent necessary to have confidence that the processes
are being carried out as planned

52
Illustrates interaction between the subclasses of clause 4 ( i.e; 4.1,4.2,4.3,4.4)

53
SINGLE PROCESS WITHIN THE SYSTEM

54
 EXCERCISE- 1
APPLYING THE PROCESS APPROACH – CASE STUDY

55
EXERCISE-1

56
PROCESS MODEL TEMPLATE

EXERCISE-1 57
 SOLUTION
Chocolate roulade Recipe

* A roulade is a dish of filled rolled meat or pastry

58
5 LEADERSHIP

5.1 Leadership and commitment

5.2 Quality policy
5.3 Organizational roles, responsibilities and authorities

NOTE:
Clause 5, previously “ Management Responsibility “ in ISO 9001: 2008 now becomes “ Leadership” , with
greater emphasis on the involvement and role of top management.
59
 5.1.1 LEADERSHIP AND COMMITMENT FOR THE QUALITY
MANAGEMENT SYSTEM
Top management shall demonstrate leadership and commitment with respect to the quality management
system by:

1 Taking accountability for the effectiveness of the quality management system.

2 Ensuring that the quality policy and quality objectives are established for the quality management system
and are compactible with the context and strategic direction of the organization

3 Ensuring the integration of the quality management system requirements into the organizations business
processes.

4 Promoting the use of process approach and risk based thinking.

5 Ensuring the resources needed for the quality management system are available.

60
 contd..
6 Ensuring that the quality management system achieves its intended results.

7 Engaging, directing and supporting persons to contribute to the effectiveness of the quality management
system.

8
Promoting improvement.

9 Supporting other relevant management system roles to demonstrate their leadership as its applies to their
areas of responsibility.

IMPORTANT NOTE: It’s that important for top management to understand which quality management activities they can
assign and which they cannot.
e.g. Words used in sub-cluase 5.1.1 “ensuring”, “promoting”, “taking”, “engaging” or “supporting” etc has to be
understand clearly.

61
5.1.2 Customer focus
ISO 9001: 2015 requires top management to take lead in demonstrating the organizations
commitment to its customers.

 Ensure that customer and applicable statutory and regulatory requirements are identified and met.

 Identify and address risks that can affect conformity of products and services and customer
satisfaction.

62
 5.2 Quality policy
ISO 9001: 2015 requires top management to establish, review and maintain a quality policy; rather
than simply ensure the policy addresses ISO requirements.

5.2.1 Quality policy shall be

 Compatible with purpose and context of the organization and supports its strategic ( planned )direction.

 provide a frame work for setting and review quality objectives.

 Includes commitment to satisfy requirements and improve the QMS.

5.2.2 Quality policy shall be available and be maintained as documented information and must be communicated
within the organization and available to interested parties.

63
 5.3 Organizational roles, responsibilities and authorities
The top management of the organization need to ensure assignment of the necessary
responsibilities and authorities to individuals within the organization to carry out quality related
activities.

Top management shall assign the responsibility and authority for:

1 Ensure that processes deliver their intended outputs.

Reporting on the performance of the quality system and on opportunities for improvement ( 10.1 clause), in
2
particular to top management.

3 Ensuring the promotion of customer focus throughout the organization.

To ensure that someone is tasked with ensuring that the integrity of the quality management system is
4 maintained when changes to the quality management system are planned and implemented.

64
65
ISO 9001:2015 processes
66
6 PLANNING

67
ISO 9001:2015 uses risk-based thinking to achieve this in the following way:

Clause 4 (Context) the organization is required to determine the issues and requirements which may affect
achieving conformity and customer satisfaction.

Clause 6 (Planning) the organization is required to take action to identify risks and opportunities.

Clause 8 ( Operation) the organization is required to implement actions to address risks and opportunities
and integrate the actions into the QMS processes.

Clause 9 ( Performance evaluation) the organization is required to evaluate the effectiveness of actions taken
to address the risks and opportunities.

Clause 10 ( Improvement) the organization is required to improve by responding to any underperformance

and changes in risk.

68
Diagram shows “how the risk based thinking is embedded within the ISO 9001: 2015
QMS requirements”

69
 6.1 Actions to address risks and opportunities
When planning for a quality management system, the organization shall consider the issues referred to in 4.1
clause and the requirements of interested parties referred to in 4.2 clause and determine the risks and
opportunities that need to be addressed.

Identification of risk related to QMS :

1 Give assurance that the quality management system can achieve its intended results

2 Enhance desirable effects

3 Prevent, or reduce, undesired effects ( Nonconformities)

4 Achieve improvement

70
71
Risks and opportunities

Risk is often expressed in terms of a combination of consequences of an event( including changes in

circumstances) and associated “ Likelihood”.
While identifying and addressing negative threats, it is equally important to seek and maximize
opportunities, in order to optimize the achievement of objectives.

Example: Removing the threats that come from being dependent upon a sole supplier could, through increased
supplier competition, create opportunity for reducing the cost of bought in items.

72
RISK BASED APPROACH

73
RISK BASED APPROACH
ISO 9001: 2015 makes risk – based thinking more explicit and incorporates it in requirements for
establishment, implementation, maintenance and continual improvement of the quality
management system.

High risk processes need more rigorous and formal control than low risk processes.

NOTE: One of the key purposes of a quality management system is to act as a preventive tool. Consequently ISO
9001:2015 does not have a separate clause or sub-clause titled “ Preventive action”. The concept of preventive action
is expressed through risk-based approach to formulating quality management system requirements.

74
 APPLYING THE RISK BASED APPROACH

NOTE: Actions taken to address risk and opportunities shall be proportional to the potential impact on the conformity
of products and services.
75
EVALUATING RISKS AND OPPORTUNITIES

Using this type of approach the high priority areas of risk and opportunity can be established.

76
Although ISO 9001:2015 specifies that the organization shall plan actions to
address risks, there is no requirement for formal methods for risk
management or a documented risk management, but it states that “Actions
taken to address risk and opportunities shall be proportional to the potential
impact on the conformity of products and services”.

77
 RISK LOG

OPPORTUNITY LOG

78
 EXCERCISE- 2
RISKS AND OPPORTUNITIES – CASE STUDY

79
EXERCISE- 2

80
SOLUTION : RISKS:

81
SOLUTION : OPPORTUNITIES

NOTE: The above are just a few examples of risks and opportunities arising from
consideration of external and internal issues and needs of interested parties. 82
 6.2 Quality Objectives and planning to achieve them
6.2.1
The organization shall establish quality objectives at relevant functions, levels and processes needed
for the quality management system.

The quality objectives shall:

1 be consistent with the quality policy.

2 be measurable

3 take in to account applicable requirements

4 be relevant to conformity of products and services and to enhancement of customer satisfaction.

5 be monitored

6 be communicated
NOTE: The Organization shall maintain documented information on
the quality objectives. 83
6.2.2
When planning how to achieve its quality objectives, the organization shall determine.

What should be done.

What resource will be required.

Who will be responsible.

When it will be completed.

How the results will be evaluated.

84
 Examples of quality objectives:

 Product – reduction in defect rates, PPM’s (defective parts per million), scrap rates,
rework; improvement in on time delivery.
 Process – objectives generally focus on improving process productivity through the
elimination or reduction of variation and waste in process – inputs, outputs, conversion
activity and related use of resources.
 Monitor and improve process – productivity, reduction of cycle time, errors, omissions
and failures; etc. Examples could include objectives for – set-up time, run rates, process
cycle time, etc.

85
 Examples of quality objectives:

• Customers – reduction in no of complaints, improvement in customer satisfaction rating,

on time delivery, service, support, etc,.
• Suppliers – material defects, on time delivery, no of complaints with supplier.
• Resources includes facility, equipment, labor, etc.- objectives could be established based
on availability, capability, maintenance, personnel competency, absenteeism, production
rates; efficiency; safety; etc.
• For the QMS – customer satisfaction feedback, internal audit results, no of improvement
opportunities; etc.

86
 6.3 Planning of changes

When the organization determines the need for changes to the quality management system, the
changes shall be carried out in a planned and systematic manner by considering:

1 Potential consequences of change.

2 Integrity of the QMS.

3 Availability of resources.

4 Allocation or reallocation of responsibilities and authorities.

87
ISO 9001: 2015
Vertical alignment

88
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information

89
90
 7.1 RESOURCES
7.1.1 General

The organization shall determine and provide the resources needed for the establishment,
implementation, maintenance and continual improvement of the quality management system by
considering

1 The capabilities of, and constraints on, existing internal resources

2 What needs to be obtained from external providers

91
7.1.2 People

The organization shall determine and provide the persons necessary for the effective
implementation of its quality management system and for the operation and control of its
processes.

7.1.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure necessary for the operation of its
processes and to achieve conformity of products and services.

Eg: Building and associated utilities

Equipment, including hardware and software
Transport resources
Information and communication technology

92
7.1.4 Environment for the operation of process
The organization shall determine, provide and maintain the environment necessary for the operation of its
processes and to achieve conformity of products and services.

NOTE: A suitable environment can be a combination of human and physical factors, such as:
Social (e.g. non- discriminatory, calm, non- confrontational)
Psychological ( e.g. stress-reducing, burnout prevention, emotional protective)
Physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise)

93
 7.1.5 Monitoring and measuring resources
7.1.5.1 General

The organization shall determine and provide the resources needed to ensure valid and reliable results when
monitoring or measuring is used to verify the conformity of products and services to requirements.

The organization shall ensure that the resources provided:

1 are suitable for the specific type of monitoring and measurement activities being undertaken.

2 are maintained to ensure their continuing fitness for their purpose.

NOTE: The Organization shall retain appropriate documented information as evidence of fitness for purpose of the
monitoring and measurement resources

94
 7.1.5.2 Measurement traceability
When measurement traceability is a requirement, or is considered by the organization to be an
essential part of providing confidence in the validity of measurement results, measuring equipment
shall be:

1 Calibrated or verified, or both, at specified intervals, or prior use, against measurement standards traceable to
international or national standards; when no such standards exist, the basis used for calibration or verification
shall be retained as documented information.

2 Identified in order to determine their status

Safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and
3
subsequent measurement results.

NOTE: The Organization shall determine if the validity of previous measurement results has been adversely
affected when measuring equipment is found to be unfit for its intended purpose, shall take appropriate action
as necessary.

95
7.1.6 Organizational Knowledge

The organization shall determine the knowledge necessary for the operation of QMS and its processes.

This Knowledge shall be maintained and made available to the extend necessary.

NOTE : Organizational knowledge can be based on:

a) Internal sources: e.g. Intellectual property, knowledge gained from experience; lessons
learned from failures and successful projects; capturing and sharing undocumented
knowledge and experience; the results of improvements in processes, products and
services.

a) External sources: e.g. standards, academia; conferences; gathering knowledge from

customers or external providers.

96
Resource Classification

97
 7.2 Competence
The organization shall:
1 Determine the necessary competence of persons doing work under its control that affects the
performance and effectiveness of the quality management system.
2 Ensure that these persons are competent on the basis of appropriate education, training, or experience.

3 Where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of
the actions taken.
4 Retain appropriate documented information as evidence of competence.

Suggested actions to ensure competent personnel:

1 Provision of training

2 Mentoring

3 Re-assignment of currently employed persons

4 Hiring or contracting of competent persons.

98
 7.3 Awareness

The organizations shall ensure that persons doing work under the organizations control are aware of:

1 the quality policy

2 relevant quality objectives

3 their contribution to the effectiveness of the QMS

4 the implications of not confirming with QMS requirements

99
 7.4 Communication
Organizations shall determine :
1 internal and external communication needs

2 on what it will communicate

3 when to communicate
4 with whom to communicate

5 How to communicate

100
101
 TERMINOLOGY

 Documentation Information is the information required to be controlled and maintained by an

organization and the medium on which it is contained.

 The terms “documented procedure” and “record” and have been replaced with “document
information”. In use, this means that “documented procedures” are replaced by the requirement to
maintain documented information and “records” are replaced by the requirement to retain
documented information.

 The nature and type of documented information that an organization needs to maintain or retain is
dependent on the context and its operating environment.

IMPORTANT NOTE: The way documented information is defined in ISO 9001:2015 provides more scope for an
organization to determine what is appropriate for its unique set of circumstances, rather than just following a
prescriptive format.

102
CHANGES IN ISO 9001: 2015

ISO 9001:2015 is less prescriptive than ISO 9001:2008:

There is no mandatory requirement for documented procedures and no requirement for a
quality manual.

ISO 9001:2015 states that:

The organization shall maintain documented information to the extent necessary to support the
operation of processes and retain documented information to the extent necessary to have
confidence that the processes are being carried out as planned.

103
 7.5 Documented information
7.5.1 General
The organization’s quality management system shall include:
1 documented information required by ISO 9001: 2015
documented information determined by the organization as being necessary for the effectiveness of
2 the quality management system.

NOTE:
The extent of documented information for a quality management system can differ from one
organization to another due to:
• the size of organization and its type of activities, processes, products and services
• the complexity of processes and their interactions
• the competence of persons
104
 7.5.2 Creating and updating
When creating and updating documented information, the organization shall ensure appropriate:
1 identification and description (e.g. a title, date, author, or reference number);

2 review and approval for suitability and adequacy.

3 format must be appropriate to the purpose and users(e.g. language, software version, graphics) and
media must be accessible and understandable(e.g. paper, electronic);

105
 7.5.3 Control of documented information
7.5.3.1
Documented information required by the quality management system and ISO 9001: 2015 shall be
controlled to ensure:
1 it is available and suitable for use, where and when it is needed.

2 it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity.

106
 contd..
7.5.3.2
For the control of documented information, the organization shall address the following
activities, as applicable:

1 distribution, access, retrieval and use

2 storage and preservation, including preservation of legibility

3 control of changes (e.g. version control);

4 retention and disposition.

NOTE: ISO 9001:2015 concerns retained documented information that provides evidence of
conformity. In other words, records that prove you met requirements. The organization must ensure
that people can’t make unauthorized changes to records.

107
 contd..
ISO 9001:2015 addresses external documents and preventing unintended alterations of retained
information. An external document is published outside the organization and used within the scope of
the management system.

Examples of external documents possibly requiring control include:

 Troubleshooting and/or calibration manuals published by equipment manufacturers
 Test procedures, specifications, and/or engineering drawings published by customers or other bodies
 Instructions, specifications, and/or procedures published by suppliers
 Standards published by industrial organizations applicable to the organization

NOTE: Once external documents have been determined, they must be identified, and they must be controlled. Like
internal documents.

108
8 OPERATION

8.1 Operational planning and control

8.2 Determination of requirements for products and services.
8.3 Design and development of products and services
8.4 Control of externally provided products and services
8.5 Product and service provision
8.6 Release of products and services
8.7 Control of nonconforming process

109
110
 8.1 Operational planning and control
The Organization shall plan, implement and control:
1 processes needed to meet requirements
2 implement actions to address risks and opportunities

3 includes outsourced processes

By:

1 determining the requirements for the products and services

2 establishing criteria for:

 the processes
 the acceptance of products and services

3 determining the resources needed to achieve conformity to the product and service requirements

4 implementing control of the processes in accordance with the criteria

111
 Contd..
5 determining, maintaining and retaining documented information to the extent necessary:
 to have confidence that the processes have been carried out as planned
 to demonstrate the conformity of products and services to their requirements.

NOTE:
The output of this planning shall be suitable for the organization’s operations.
The organization shall control planned changes and review the consequences of unintended changes, taking
action to mitigate any adverse effects, as necessary.

112
8.2 Requirements for products and services

8.2.1 Customer communication

Communication with customers shall include:
 providing information relating to products and services;
 handling enquiries, contracts or orders, including changes;
 obtaining customer feedback relating to products and services, including customer complaints;
 handling or controlling customer property;
 establishing specific requirements for contingency actions, when relevant.

113
 8.2.2 Determining the requirements for products and services
When determining the requirements for the products and services to be offered to customers, the
organization shall ensure that:
1 the requirements for the products and services are defined, including:
• any applicable statutory and regulatory requirements;
• those considered necessary by the organization;
2 the organization can meet the claims for the products and services it offers.

114
 8.2.3 Review of the requirements for products and services
8.2.3.1 The organization shall ensure that it has the ability to meet the requirements for products and services to be
offered to customers.
The organization shall conduct a review before committing to supply products and services to a
customer, to include:
1 Requirements specified by the customer, including the requirements for delivery and post-delivery
activities
2 Requirements not stated by the customer, but necessary for the specified or intended use, when known
3 Requirements specified by the organization

4 Statutory and regulatory requirements applicable to the products and services

5 Contract or order requirements differing from those previously expressed.

NOTE: The organization shall ensure that contract or order requirements differing from those previously
defined are resolved.
The customer’s requirements shall be confirmed by the organization before acceptance, when the
customer does not provide a documented statement of their requirements.

115
8.2.3.2 The organization shall retain documented information, as applicable:
1 on the results of the review
2 on any new requirements for the products and services.

8.2.4 Changes to requirements for products and services

1 The organization shall ensure that relevant documented information is amended, and that relevant
persons are made aware of the changed requirements, when the requirements for products and
services are changed

NOTE: In some situations, such as internet sales, a formal review is impractical for each order. Instead,
the review can cover relevant product information, such as catalogues.

116
 8.3 Design and development of products and services
8.3.1 The organization shall establish, implement and maintain a design and development process that is
appropriate to ensure the subsequent provision of products and services.

8.3.2 8.3.2 Design and development planning

In determining the stages and controls for design and development, the organization shall consider:
1
The nature, duration and complexity of the design and development activities
2
The required process stages, including applicable design and development reviews
3 The required design and development verification and validation activities
4 The responsibilities and authorities involved in the design and development process
5 The internal and external resource needs for the design and development of products and services

117
 Contd..
6 The need to control interfaces between persons involved in the design and development process
7 The need for involvement of customers and users in the design and development process
8 The requirements for subsequent provision of products and services

9 The level of control expected for the design and development process by customers and other
relevant interested parties

10 The documented information needed to demonstrate that design and development requirements
have been met.

118
 8.3.2 Design and development inputs
The organization shall determine the requirements essential for the specific types of products and
services to be designed and developed.
The organization shall consider:
1 Functional and performance requirements
2 Information derived from previous similar design and development activities
3 Statutory and regulatory requirements

4 Standards or codes of practice that the organization has committed to implement

potential consequences of failure due to the nature of the products and services

NOTES:
 Inputs shall be adequate for design and development purposes, complete and unambiguous.
 The organization shall retain documented information on design and development inputs.

119
 8.3.4 Design and development controls
The organization shall apply controls to the design and development process to ensure that:
1 The results to be achieved are defined.

2 Reviews are conducted to evaluate the ability of the results of design and development to meet requirements.
Verification activities are conducted to ensure that the design and development outputs meet the input
3
requirements.

4 Validation activities are conducted to ensure that the resulting products and services meet the requirements for the
specified application or intended use.
5 Any necessary actions are taken on problems determined during the reviews, or verification and validation activities.
6 Documented information of these activities is retained.

NOTE: Design and development reviews, verification and validation have distinct purposes. They can be
conducted separately or in any combination, as is suitable for the products and services of the organization.

120
 8.3.5 Design and development outputs
The organization shall ensure that design and development outputs:
1 Meet the input requirements

2 Are adequate for the subsequent processes for the provision of products and services
Include or reference monitoring and measuring requirements, as appropriate, and acceptance
3
criteria
Specify the characteristics of the products and services that are essential for their intended purpose
4
and their safe and proper provision

NOTE: The organization shall retain documented information on design and development outputs.

121
8.3.6 Design and development changes
The organization shall identify, review and control changes made during, or subsequent to, the
design and development of products and services, to the extent necessary to ensure that there is no
adverse impact on conformity to requirements.
The organization shall retain documented information on:
 design and development changes
 the results of reviews
 the authorization of the changes
 the actions taken to prevent adverse impacts

122
 8.4 Control of externally provided processes, products and services
8.4.1 General
The organization shall ensure that externally provided processes, products and services conform to requirements.
The organization shall determine the controls to be applied to externally provided processes, products and services
when:

1 Products and services from external providers are intended for incorporation into the organization’s own products
and services

2 Products and services are provided directly to the customer(s) by external providers on behalf of
the organization
3 A process, or part of a process, is provided by an external provider as a result of a decision by the organization.

123
Contd..

NOTE:
 The organization shall determine and apply criteria for the evaluation, selection, monitoring of
performance, and re-evaluation of external providers, based on their ability to provide processes
or products and services in accordance with requirements.
 The organization shall retain documented information of these activities and any necessary actions
arising from the evaluations.

124
 8.4.2 Type and extent of control
The organization shall ensure that externally provided processes, products and services do not adversely affect
the organization’s ability to consistently deliver conforming products and services to its customers.
The organization shall:
1 ensure that externally provided processes remain within the control of its quality management system.
define both the controls that it intends to apply to an external provider and those it intends to apply to the
2 resulting output.
3 take into consideration:
 the potential impact of the externally provided processes, products and services on the organization’s ability
to consistently meet customer and applicable statutory and regulatory requirements;
 the effectiveness of the controls applied by the external provider
4 determine the verification, or other activities, necessary to ensure that the externally provided
processes, products and services meet requirements.

125
 8.4.3 Information for external providers
The organization shall ensure the adequacy of requirements prior to their communication to the external provider.
The organization shall communicate to external providers its requirements for:
1 The processes, products and services to be provided

2 The approval of:

 products and services
 methods, processes and equipment
 the release of products and services

3 Competence, including any required qualification of persons

4 The external providers’ interactions with the organization

5 Control and monitoring of the external providers’ performance to be applied by the organization

6 Verification or validation activities that the organization, or its customer, intends to perform at the external providers’
premises.

126
 8.5 Production and service provision
8.5.1 Control of production and service provision
The organization shall implement production and service provision under controlled conditions as applicable by
including:
1 The availability of documented information that defines:
 the characteristics of the products to be produced, the services to be provided, or the activities
to be performed
 the results to be achieved
2 The availability and use of suitable monitoring and measuring resources

3 The implementation of monitoring and measurement activities at appropriate stages to verify that criteria for
control of processes or outputs, and acceptance criteria for products and services, have been met
4 The use of suitable infrastructure and environment for the operation of processes

127
 Contd..
5 The appointment of competent persons, including any required qualification.

6 The validation, and periodic revalidation, of the ability to achieve planned results of the processes for production
and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement.
7 The implementation of actions to prevent human error.

8 The implementation of release, delivery and post-delivery activities.

128
 8.5.2 Identification and traceability

1 The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of
products and services.

2 The organization shall identify the status of outputs with respect to monitoring and measurement
requirements throughout production and service provision.
3 The organization shall control the unique identification of the outputs when traceability is a requirement, and
shall retain the documented information necessary to enable traceability.

129
 8.5.3 Property belonging to customers or external providers
1 The organization shall exercise care with property belonging to customers or external providers while it is
under the organization’s control or being used by the organization.
2 The organization shall identify, verify, protect and safeguard customers’ or external providers’ property
provided for use or incorporation into the products and services.
3 When the property of a customer or external provider is lost, damaged or otherwise found to be
unsuitable for use, the organization shall report this to the customer or external provider and retain
documented information on what has occurred.

NOTE: A customer’s or external provider’s property can include materials, components, tools and equipment,
premises, intellectual property and personal data.

130
8.5.4 Preservation
The organization shall preserve the outputs during production and service provision, to the extent
necessary to ensure conformity to requirements.

NOTE : Preservation can include identification, handling, contamination control, packaging, storage,
transmission or transportation, and protection.

131
 8.5.5 Post-delivery activities
The organization shall meet requirements for post-delivery activities associated with the products and
services.
In determining the extent of post-delivery activities that are required, the organization shall consider:
1 Statutory and regulatory requirements
2 The risks associated with products and services
3 The nature, use and intended lifetime of its products and services
4 Customer requirements
5 Customer feedback

NOTE: Post-delivery activities can include actions under warranty provisions, contractual obligations such as
maintenance services, and supplementary services such as recycling or final disposal.

132
8.5.6 Control of changes

• The organization shall review and control changes for production or service provision, to the extent
necessary to ensure continuing conformity with requirements.
• The organization shall retain documented information describing the results of the review of changes, the
person(s) authorizing the change, and any necessary actions arising from the review.

133
 8.6 Release of products and services
The organization shall implement planned arrangements, at appropriate stages, to verify that the product and
1
service requirements have been met.
The release of products and services to the customer shall not proceed until the planned arrangements have been
2 satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.
The organization shall retain documented information on the release of products and services. The documented
information shall include:
3
 evidence of conformity with the acceptance criteria
 traceability to the person(s) authorizing the release

134
 8.7 Control of nonconforming outputs
8.7.1

1 The organization shall ensure that outputs that do not conform to their requirements are identified and controlled
to prevent their unintended use or delivery.
2 The organization shall take appropriate action based on the nature of the nonconformity and its effect on the
conformity of products and services.
This shall also apply to nonconforming products and services detected after delivery of products, during or after
the provision of services.

135
Contd..
8.7.1

The organization shall deal with nonconforming outputs in one or more of the following ways:
a) Correction
b) Segregation, containment, return or suspension of provision of products and services
c) Informing the customer
d) Obtaining authorization for acceptance under concession.
Conformity to the requirements shall be verified when nonconforming outputs are corrected

8.7.2

The organization shall retain documented information that:

a) describes the nonconformity
b) describes the actions taken
c) describes any concessions obtained
d) identifies the authority deciding the action in respect of the nonconformity

136
CONTROL OF NONCONFIRMING OUTPUTS

137
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Design and development of products and services

138
139
 9.1 Monitoring, measurement, analysis and evaluation
9.1.1 GENERAL
The organization shall determine:
1 what needs to be monitored and measured
2 the methods for monitoring, measurement, analysis and evaluation needed to ensure valid
results
3 when the monitoring and measuring shall be performed
4 when the results from monitoring and measurement shall be analyzed and evaluated

NOTE:
 The organization shall evaluate the quality performance and the effectiveness of the QMS.
 The organization shall retain appropriate documented information as evidence of the results.

140
9.1.2 Customer satisfaction
The organization shall monitor customers’ views and opinions of the degree to which their needs and
expectations have been fulfilled.
The organization shall determine the methods for obtaining, monitoring and reviewing this
information.

NOTE :Examples of monitoring customer perceptions can include customer surveys, customer feedback
on delivered products and services, meetings with customers, market-share analysis, compliments,
warranty claims and dealer reports.

141
 9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from
monitoring and measurement.
The results of analysis shall be used to evaluate:
1
conformity of products and services
2 the degree of customer satisfaction
3 the performance and effectiveness of the quality management system
4 if planning has been implemented effectively
5 the effectiveness of actions taken to address risks and opportunities

6 the performance of external providers

7 the need for improvements to the quality management system

NOTE : Methods to analyse data can include statistical techniques.

142
 9.2 Internal audit
An audit is a systematic, independent, and documented process for obtaining audit evidence and
evaluating it objectively to determine the extent to which audit criteria are fulfilled.

9.2.1
The organization shall conduct internal audits at planned intervals to provide information on whether the QMS:

1 conforms to:
 the organization’s own requirements for its quality management system
 the requirements of this International Standard
2 is effectively implemented and maintained.

143
 9.2.2
The organization shall:

1 plan, establish, implement, and maintain an audit program, which must include frequency, methods,
and responsibilities, planning requirements and reporting.

2 While making an audit program, consideration must be given to the importance of concerned
processes, changes impacting the organization and the results of previous audits.
3 define the audit criteria and scope for each audit.
4 select auditors and conduct audits to ensure objectivity and the impartiality of the audit process.
5 ensure that the results of the audits are reported to relevant management.
6 take appropriate correction and corrective actions without undue delay.

7 retain documented information as evidence of the implementation of the audit program and the audit
results.

144
9.3 Management review
9.3.1 General

Top management shall review the organization’s quality management system, at planned intervals, to
ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of
the organization.

145
9.3 Management review inputs
The management review shall be planned and carried out taking into consideration:
1 The status of actions from previous management reviews

2 Changes in external and internal issues that are relevant to the quality management system;

3 Information on the performance and effectiveness of the QMS, including trends and indicators for:

 customer satisfaction and feedback from relevant interested parties

 the extent to which quality objectives have been met

 process performance and conformity of products and services

 nonconformities and corrective actions

146
 Contd..

 monitoring and measurement results

 audit results
 the performance of external providers
 the adequacy of resources
4 Effectiveness of actions taken to address risks and opportunities

5 Opportunities for improvement.

147
9.3 Management review outputs

The outputs of the management review shall include decisions and actions related to:
1 Opportunities for improvement
2 Any need for changes to the quality management system
3 Resource needs

NOTE: The organization shall retain documented information as evidence of the results of management
reviews.
148
149
10 Improvement
10.1 General
The organization shall determine and select opportunities for improvement & implement any necessary actions to
meet customer requirements and enhance customer satisfaction.
These shall include:
 improving products and services to meet requirements as well as to address future needs and expectations
 correcting, preventing or reducing undesired effects
 improving the performance and effectiveness of the quality management system.

NOTE : Improvement can be effected:

Reactively - (e.g. corrective action)

Incrementally - (e.g. continual improvement)
By step change - (breakthrough)
Creatively - (e.g. innovation )
By re-organization - ( transformation)

150
 10.2 Nonconformity and corrective action
10.2.1
When a nonconformity occurs, including any arising from complaints, the organization shall:
a) React to the nonconformity and, as applicable:
 take action to control and correct it
 deal with the consequences
b) Evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or
occur elsewhere, by:
 reviewing and analysing the nonconformity
 determining the causes of the nonconformity
 determining if similar nonconformities exist, or could potentially occur
c) Implement any action needed
d) Review the effectiveness of any corrective action taken
e) Update risks and opportunities determined during planning, if necessary
f) Make changes to the quality management system, if necessary

151
 Contd..

10.2.2

The organization shall retain documented information as evidence of:

a) the nature of the nonconformities and any subsequent actions taken
b) the results of any corrective action.

NOTE: Corrective actions shall be appropriate to the effects of the nonconformities encountered.

152
10.3 Continual Improvement
The organization shall continually improve:
 Suitability
 Adequacy
 Effectiveness of the quality management system

IMPORTANT NOTE: ISO 9001:2015 requires organizations to use the outputs from analysis and evaluation (sub-
clause 9.1.3) and from management review (see clause 9.3) to determine areas of underperformance and to
identify any opportunities for improvement.

153
Actions to address nonconformity

154
PDCA CYCLE ( ISO 9001: 2015)

155
 LOOP/ FEED BACK SYSTEM

This a loop/feedback system that starts with leadership – who

set objectives and targets that impact context and ends with a
review that leads to proposals for new objectives and targets.

156
PROCESS APPROACH - IMPLEMENTATION

157
ISO 9001: 2015 PROCESS + RISK + PDCA MODEL

158
 PROCESS APPROACH - TEMPLATE
( PART 1)

NOTE: This template is a tool; it’s just one way of meeting the requirements. It is not an ISO requirement
organizations document processes in this way.
159
 PROCESS APPROACH – TEMPLATE
( PART 2)
Business Process Map

160
 PROCESS APPROACH – IMPLEMENTATION
EXAMPLE - Business Process - Tendering & Contracts

161
162