ISO 9001:2015 Quality Management System (QMS)

Written and edited by: Md. Anwar Kabir

Date: April 26, 2024

Revision: 1

What is ISO 9001?

ISO 9001 is a globally recognized standard for quality management. It helps organizations of all sizes and sectors to improve their performance, meet customer expectations and demonstrate their commitment to quality. Its requirements define how to establish, implement, maintain, and continually improve a quality management system (QMS).

Implementing ISO 9001 means your organization has put in place effective processes and trained staff to deliver flawless products or services time after time.

Publication date:

The International Organization for Standardization (ISO) published the latest edition of ISO 9001, its quality management systems standard, on September 23, 2015. The publication of the 2015 revision began a three-year transition period during which the previous 2008 version remained valid. By September 2018, all ISO 9001:2008 certifications should have transitioned to ISO 9001:2015.

Why is ISO 9001 important?

With more than one million certificates issued to organizations in 189 countries, ISO 9001 is the most widely used quality management standard in the world. Within the ISO 9000 family, which defines seven quality management principles including a strong customer focus and continual improvement, ISO 9001 is the only standard that can be certified to (though certification is not mandatory).

Business benefits include:

Customer confidence: The standard ensures that organizations have robust quality control processes in place, leading to increased customer trust and satisfaction.

Effective complaint resolution: ISO 9001 offers guidelines for resolving customer complaints efficiently, contributing to timely and satisfactory problem-solving.

Process improvement: The standard helps identify and eliminate inefficiencies, reduce waste, streamline operations, and promote informed decision-making, resulting in cost savings and better outcomes.

Ongoing optimization: Regular audits and reviews encouraged by ISO 9001 enable organizations to continually refine their quality management systems, stay competitive, and achieve long-term success.

Background

ISO 9000 was first published in 1987 by the International Organization for Standardization (ISO). It was based on the BS 5750 series of standards from BSI that were proposed to ISO in 1979. However, its history can be traced back some twenty years before that, to the publication of government procurement standards, such as the United States Department of Defense MIL-Q-9858 standard in 1959, and the United Kingdom’s Def Stan 05–21 and 05–24. Large organizations that supplied government procurement agencies often had to comply with a variety of quality assurance requirements for each contract awarded, which led the defense industry to adopt mutual recognition of NATO AQAP, MIL-Q, and Def Stan standards. Eventually, industries adopted ISO 9000 instead of forcing contractors to adopt multiple—and often similar—requirements.

Reasons for use

The global adoption of ISO 9001 may be attributable to several factors. In the early days, the ISO 9001 (9002 and 9003) requirements were intended to be used by procuring organizations, such as contractors and design activities, as the basis of contractual arrangements with their suppliers. This helped reduce the need for subcontract supplier quality development by establishing basic requirements for a supplier to assure product quality. The ISO 9001 requirements could be tailored to meet specific contractual situations, depending on the complexity of the product, business type (design responsibility, manufacture only, distribution, servicing, etc.), and risk to the procurer. For example, the food industry combined the ISO 9000 series with HACCP as a single management system. [16] [17] If a chosen supplier was weak in the controls of their measurement equipment (calibration), and hence QC/inspection results, that specific requirement would be invoked in the contract. Adopting a single quality assurance requirement also leads to cost savings throughout the supply chain by reducing the administrative burden of maintaining multiple sets of quality manuals and procedures.

A few years later, the UK Government took steps to improve national competitiveness following the publication of cmd 8621, and Third-Party Certification of Quality Management Systems was born under the auspices of the National Accreditation Council of Certification Bodies (NACCB), which has become the United Kingdom Accreditation Service (UKAS).

In addition to many stakeholders’ benefits, several studies have identified significant financial benefits for organizations certified to ISO 9001, with an ISO analysis of 42 studies showing that implementing the standard enhances financial performance. Corbett et al. showed that certified organizations achieved a superior return on assets compared to otherwise similar organizations without certification.

Heras et al. found similarly superior performance and demonstrated that this was statistically significant and not a function of organization size. Naveha and Marcus claimed that implementing ISO 9001 led to superior operational performance in the U.S. automotive industry. Sharma identified similar improvements in operating performance and linked this to superior financial performance. Chow-Chua et al. showed better overall financial performance was achieved for companies in Denmark. Rajan and Tamimi (2003) showed that ISO 9001 certification resulted in superior stock market performance and suggested that shareholders were richly rewarded for the investment in an ISO 9001 system.

While the connection between superior financial performance and ISO 9001 may be seen from the examples cited, there remains no proof of direct causation, though longitudinal studies, such as those of Corbett et al. (2005), may suggest it. Other writers, such as Heras et al. (2002), have indicated that while there is some evidence of this, the improvement is partly driven by the fact that there is a tendency for better-performing companies to seek ISO 9001 certification.

The mechanism for improving results has also been the subject of much research. Lo et al. (2007) identified operational improvements (e.g., cycle time reduction, inventory reductions) as following from certification.[26] Internal process improvements in organizations lead to externally observable improvements. The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment.

ISO 9000 series Quality Management Principles

The ISO 9000 series are based on seven (7) quality management principles (QMP)

The seven (7) quality management principles (QMP) are:

Sl. No.	Principles	Explanation of Principles
QMP 1	Customer focus	:	Statement: The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. Rationale: Sustained success is achieved when an organization attracts and retains the confidence of customers and other interested parties. Every aspect of customer interaction provides an opportunity to create more value for the customer. Understanding current and future needs of customers and other interested parties contributes to sustained success of the organization. Key benefits: Increased customer value Increased customer satisfaction Improved customer loyalty Enhanced repeat business Enhanced reputation of the organization Expanded customer base Increased revenue and market share Actions you can take: Recognize direct and indirect customers as those who receive value from the organization. Understand customers’ current and future needs and expectations. Link the organization’s objectives to customer needs and expectations.Communicate customer needs and expectations throughout the organization. Plan, design, develop, produce, deliver and support goods and services to meet customer needs and expectations. Measure and monitor customer satisfaction and take appropriate actions. Determine and take actions on interested parties’ needs and expectations that can affect customer satisfaction. Actively manage relationships with customers to achieve sustained success.
QMP 2	Leadership	:	Statement Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the organization’s quality objectives. Rationale Creation of unity of purpose and direction and engagement of people enable an organization to align its strategies, policies, processes and resources to achieve its objectives. Key benefits Increased effectiveness and efficiency in meeting the organization’s quality objectives. Better coordination of the organization’s processes. Improved communication between levels and functions of the organization. Development and improvement of the capability of the organization and its people to deliver desired results.
QMP 3	Engagement of people	:	Statement: Competent, empowered and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value. Rationale: To manage an organization effectively and efficiently, it is important to involve all people at all levels and to respect them as individuals. Recognition, empowerment and enhancement of competence facilitate the engagement of people in achieving the organization’s quality objectives. Key benefits: Improved understanding of the organization’s quality objectives by people in the organization and increased motivation to achieve them. Enhanced involvement of people in improvement activities. Enhanced personal development, initiatives and creativity. Enhanced people satisfaction. Enhanced trust and collaboration throughout the organization. Increased attention to shared values and culture throughout the organization. Actions you can take: Communicate with people to promote understanding of the importance of their individual contribution. Promote collaboration throughout the organization. Facilitate open discussion and sharing of knowledge and experience. Empower people to determine constraints to performance and to take initiatives without fear. Recognize and acknowledge people’s contribution, learning and improvement. Enable self-evaluation of performance against personal objectives. Conduct surveys to assess people’s satisfaction, communicate the results, and take appropriate actions.
QMP 4	Process approach	:	Statement: Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system. Rationale: The quality management system consists of interrelated processes. Understanding how results are produced by this system enables an organization to optimize the system and its performance. Key benefits: Enhanced ability to focus effort on key processes and opportunities for improvement Consistent and predictable outcomes through a system of aligned processes Optimized performance through effective process management, efficient use of resources, and reduced cross-functional barriers Enabling the organization to provide confidence to interested parties as to its consistency, effectiveness and efficiency. Actions you can take: Define objectives of the system and processes necessary to achieve them. Establish authority, responsibility and accountability for managing processes.Understand the organization’s capabilities and determine resource constraints prior to action.Determine process interdependencies and analyze the effect of modifications to individual processes on the system as a whole. Manage processes and their interrelations as a system to achieve the organization’s quality objectives effectively and efficiently.Ensure the necessary information is available to operate and improve the processes and to monitor, analyse and evaluate the performance of the overall system.Manage risks that can affect outputs of the processes and overall outcomes of the quality management system.
QMP 5	Improvement	:	Statement: Successful organizations have an ongoing focus on improvement. Rationale: Improvement is essential for an organization to maintain current levels of performance, to react to changes in its internal and external conditions and to create new opportunities. Key benefits: Improved process performance, organizational capabilities and customer satisfaction Enhanced focus on root-cause investigation and determination, followed by prevention and corrective actions Enhanced ability to anticipate and react to internal and external risks and opportunities Enhanced consideration of both incremental and breakthrough improvement Improved use of learning for improvement Enhanced drive for innovation. Actions you can take: Promote establishment of improvement objectives at all levels of the organization. Educate and train people at all levels on how to apply basic tools and methodologies to achieve improvement objectives. Ensure people are competent to successfully promote and complete improvement projects. Develop and deploy processes to implement improvement projects throughout the organization.Track, review and audit the planning, implementation, completion and results of improvement projects. Integrate improvement considerations into the development of new or modified goods, services and processes. Recognize and acknowledge improvement.
QMP 6	Evidence-based decision making	:	Statement: Decisions based on the analysis and evaluation of data and information are more likely to produce desired results. Rationale: Decision making can be a complex process, and it always involves some uncertainty. It often involves multiple types and sources of inputs, as well as their interpretation, which can be subjective. It is important to understand cause-and-effect relationships and potential unintended consequences. Facts, evidence and data analysis lead to greater objectivity and confidence in decision making. Key benefits: Improved decision-making processes Improved assessment of process performance and ability to achieve objectives Improved operational effectiveness and efficiency Increased ability to review, challenge and change opinions and decisions Increased ability to demonstrate the effectiveness of past decisions Actions you can take: Determine, measure and monitor key indicators to demonstrate the organization’s performance. Make all data needed available to the relevant people.Ensure that data and information are sufficiently accurate, reliable and secure.Analyse and evaluate data and information using suitable methods. Ensure people are competent to analyse and evaluate data as needed. Make decisions and take actions based on evidence, balanced with experience and intuition.
QMP 7	Relationship management	:	Statement: For sustained success, an organization manages its relationships with interested parties, such as suppliers. Rationale: Interested parties influence the performance of an organization. Sustained success is more likely to be achieved when the organization manages relationships with all of its interested parties to optimize their impact on its performance. Relationship management with its supplier and partner networks is of particular importance. Key benefits: Enhanced performance of the organization and its interested parties through responding to the opportunities and constraints related to each interested party Common understanding of goals and values among interested parties Increased capability to create value for interested parties by sharing resources and competence and managing quality-related risks A well-managed supply chain that provides a stable flow of goods and services Actions you can take: Determine relevant interested parties (such as suppliers, partners, customers, investors, employees, and society as a whole) and their relationship with the organization.Determine and prioritize interested party relationships that need to be managed. Establish relationships that balance short-term gains with long-term considerations. Pool and share information, expertise and resources with relevant interested parties. Measure performance and provide performance feedback to interested parties, as appropriate, to enhance improvement initiatives. Establish collaborative development and improvement activities with suppliers, partners and other interested parties. Encourage and recognize improvements and achievements by suppliers and partners

Contents or Clause of ISO 9001:2015 Standard:

ISO 9001:2015 Quality management systems — Requirements is a document of approximately 30 pages available from the national standards organization in each country. Only ISO 9001 is directly audited against for third-party assessment purposes.

Contents or Clause of ISO 9001:2015 Standard are as follows:

ISO 9001:2015 is structured into several clauses and sub-clauses, each addressing specific aspects of a quality management system (QMS). The standard is organized as follows:

Clause Number	Clause Name	Sub Clause
CLAUSE 1	1.0 Scope Describes the scope of the standard and outlines the general requirements for a QMS
CLAUSE 2	2.0 Normative References Lists other standards referenced in ISO 9001:2015.
CLAUSE 3	3.0 Terms and Definitions Provides definitions for key terms used in the standard.
CLAUSE 4	4.0 Context of the Organization	4.1 Understanding the Organization and its Context 4.2 Understanding the Needs and Expectations of Interested Parties 4.3 Determining the Scope of the Quality Management System 4.4 Quality Management System and its Processes
CLAUSE 5	5.0 Leadership	5.1 Leadership and Commitment 5.2 Policy 5.3 Organizational Roles, Responsibilities, and Authorities
CLAUSE 6	6.0 Planning	6.1 Actions to Address Risks and Opportunities 6.2 Quality Objectives and Planning to Achieve Them
CLAUSE 7	7.0 Support	7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented Information
CLAUSE 8	8.0 Operation	8.1 Operational Planning and Control 8.2 Requirements for Products and Services 8.3 Design and Development of Products and Services (if applicable) 8.4 Control of Externally Provided Products and Services 8.5 Production and Service Provision 8.6 Release of Products and Services 8.7 Control of Nonconforming Outputs
CLAUSE 9	9.0 Performance Evaluation	9.1 Monitoring, Measurement, Analysis, and Evaluation 9.2 Internal Audit 9.3 Management Review
CLAUSE 10	10.0 Improvement	10.1 General 10.2 Nonconformity and Corrective Action 10.3 Continual Improvement

These clauses and sub-clauses provide a framework for establishing, implementing, maintaining, and continually improving a quality management system. Organizations seeking ISO 9001:2015 certification need to comply with the requirements outlined in each of these sections. Essentially, the layout of the standard is similar to the previous ISO 9001:2008 standard in that it follows the Plan, Do, Check, Act cycle in a process-based approach but is now further encouraging this to have risk-based thinking (section 0.3.3 of the introduction). The purpose of the quality objectives is to determine the conformity of the requirements (customers and organizations), facilitate effective deployment, and improve the quality management system.

Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 10. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organization, their contents must be taken into account.

The standard no longer specifies that the organization shall issue and maintain documented procedures, but ISO 9001:2015 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a quality management system scope, and quality objectives. The standard no longer requires compliant organizations to issue a formal Quality Manual. The standard does require the retention of numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organization to assess risks and opportunities (section 6.1) and to determine internal and external issues relevant to its purpose and strategic direction (section 4.1). The organization must demonstrate how the standard’s requirements are being met, while the external auditor’s role is to determine the quality management system’s effectiveness. More detailed interpretation and implementation examples are often sought by organizations seeking more information in what can be a very technical area.

Certification

The International Organization for Standardization (ISO) does not certify organizations themselves. Numerous certification bodies exist that audit organizations and issue ISO 9001 compliance certificates upon success. Although commonly referred to as “ISO 9000” certification, the actual standard to which an organization’s quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 expired around September 2018). Many countries have formed accreditation bodies to authorize (“accredit”) the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.

An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services, and processes. The auditor presents a list of problems (defined as “nonconformities”, “observations”, or “opportunities for improvement”) to management. If there are no major nonconformities, the certification body issues a certificate. Where major nonconformities are identified, the organization presents an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it issues a certificate. The certificate is limited by a particular scope (e.g., production of golf balls) and displays the addresses to which the certificate refers.

An ISO 9001 certificate is not a once-and-for-all award but must be renewed, in accordance with the requirements of ISO 17021, at regular intervals recommended by the certification body, usually once every three years.^[42] There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.

Evolution of ISO 9000 standards

The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard.

Year	Edition of ISO 9001
1987	1st Edition
1994	2nd Edition
2000	3rd Edition
2008	4th Edition
2015	5th Edition

1987 version

ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three “models” for quality management systems, the selection of which was based on the scope of activities of the organization:

• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organizations whose activities included the creation of new products.
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.

ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (“MIL SPECS”), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management, which was likely the actual intent.

1994 version

ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality management system.

2000 version

ISO 9001:2000 replaced all three former standards of 1994 issues, ISO 9001, ISO 9002, and ISO 9003. Design and development procedures were required only if a company does, in fact, engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing front and center the concept of process management (the monitoring and optimization of a company’s tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by upper executives in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000 Requirements include:

• Approve documents before distribution;
• Provide correct version of documents at points of use;
• Use your records to prove that requirements have been met; and
• Develop a procedure to control your records.

2008 version

ISO 9001:2008 in essence re-narrates ISO 9001:2000. The 2008 version only introduced clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There were no new requirements. For example, in ISO 9001:2008, a quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.

ISO 9001 is supplemented directly by two other standards of the family:

• ISO 9000:2005 “Quality management systems. Fundamentals and vocabulary”
• ISO 9004:2009 “Managing for the sustained success of an organization. A quality management approach”

Other standards, like ISO 19011 and the ISO 10000 series, may also be used for specific parts of the quality system.

2015 version

In 2012, ISO TC 176 – responsible for ISO 9001 development – celebrated 25 years of implementing ISO 9001and concluded that it was necessary to create a new QMS model for the next 25 years. They subsequently commenced the official work on creating a revision of ISO 9001, starting with the new QM principles. This moment was considered by important specialists in the field as the “beginning of a new era in the development of quality management systems.” As a result of the intensive work from this technical committee, the revised standard ISO 9001:2015 was published by ISO on 23 September 2015. The scope of the standard has not changed; however, the structure and core terms were modified to allow the standard to integrate more easily with other international management systems standards.

The new ISO 9001:2015 management system standard helps ensure that consumers get reliable, desired quality goods and services. This further increases benefits for a business.

The 2015 version is also less prescriptive than its predecessors and focuses on performance. This was achieved by combining the process approach with risk-based thinking, and employing the Plan-Do-Check-Act cycle at all levels in the organization.

Some of the key changes include:

• High-Level Structure of 10 clauses is implemented. Now all new management system standards released by ISO will have this high-level structure
• Greater emphasis on building a management system suited to each organization’s particular needs
• A requirement that those at the top of an organization be involved and accountable, aligning quality with wider business strategy
• Risk-based thinking throughout the standard makes the whole management system a preventive tool and encourages continuous improvement
• Less prescriptive requirements for documentation: the organization can now decide, in addition to the mandatory documents and records, what documented information it needs and in what format it should be
• Alignment with other key management system standards through the use of a common structure and core text
• Inclusion of Knowledge Management principles
• Quality Manual & Management representative (MR) are no longer mandatory

Auditing

Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual review and assessment process to verify that the system is working as it is supposed to, find out where it can improve, and correct or prevent identified problems. It is considered healthier for internal auditors to audit outside their usual management line to bring a degree of independence to their judgements. Supporting papers are provided by the ISO 9001 Auditing Practices Group. This is constituted as an informal group of quality management system (QMS) experts, auditors, and practitioners, drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF).

Industry-specific interpretations

The ISO 9001 standard is generic; its parts must be carefully interpreted to make sense within a particular organization. Developing software is not like making cheese or offering counseling services, yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these. Diverse organizations—police departments (United States), professional soccer teams (Mexico), and city councils (UK)—have successfully implemented ISO 9001 systems.

Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to assess them.

• The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
• AS9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. Those major manufacturers include AlliedSignal, Allison Engine, Boeing, General Electric Aircraft Engines, Lockheed-Martin, McDonnell Douglas, Northrop Grumman, Pratt & Whitney, Rockwell-Collins, Sikorsky Aircraft, and Sundstrand. The current version is AS9100D.
• PS 9000 * QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by ISO/TS 16949.
• ISO/TS 16949:2009 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2008. The emphasis on a process approach is stronger than in ISO 9001:2008. ISO/TS 16949:2009 contains the full text of ISO 9001:2008 and automotive industry-specific requirements. After the new edition of ISO 9001:2015 the ISO/TS 16949:2009 was also completely revised and reissued by IATF (International Automotive Task Force). IATF 16949:2016 is now a stand-alone standard that doesn’t include the ISO 9001:2015 requirements but still refers to them and works as an additional automotive-specific requirement to ISO 9001.
• TL 9000 is the Telecom Quality Management and Measurement System Standard, an interpretation developed by the telecom consortium, QuEST Forum. In 1998 QuEST Forum developed the TL 9000 Quality Management System to meet the supply chain quality requirements of the worldwide telecommunications industry. The TL 9000 standard is made up of two handbooks: the QMS Requirements Handbook, and the QMS Measurement Handbook. The current versions of the Requirements and Measurements Handbooks are 6.0. Unlike ISO 9001 or other sector-specific standards, TL 9000 includes standardized product and process measurements that must be reported into a central repository, which allows organizations to benchmark their performance in key process areas against peer organizations. It is important to note that TL 9000 R6.0 contains the full text of ISO 9001:2015.
• ISO 13485:2016 is the medical industry’s equivalent of ISO 9001. ISO 13485:2016 is a stand-alone standard. Because ISO 13485 is relevant to medical device manufacturers (unlike ISO 9001, which is applicable to any industry), and because of the differences between the two standards relating to continual improvement, compliance with ISO 13485 does not necessarily mean compliance with ISO 9001 (and vice versa).
• ISO/IEC 90003:2014 provides guidelines for the application of ISO 9001 to computer software.
• ISO/TS 29001 is quality management system requirements for the design, development, production, installation, and service of products for the petroleum, petrochemical, and natural gas industries. It is equivalent to API Spec Q1 without the Monogram annex.
• ISO 18091 is the guidelines for the application of ISO 9001 in local government.^[49]
• ISO/TS 54001 is the Quality management system with particular requirements for the application of ISO 9001:2015 for electoral organizations at all levels of government.^[50]
• ISO 17025:2017 is the Quality Management System applicable only to Testing and Calibration Laboratories.

How to Get ISO 9001 Certified

Obtaining ISO 9001:2015 certification involves several steps and a structured process. ISO 9001 is an international standard for quality management systems (QMS) that helps organizations demonstrate their commitment to delivering high-quality products and services. Here is an overview of the certification process:

1. Initiation and Commitment:
   • Management Commitment: Top management must commit to implementing and maintaining a QMS.
   • Establish a Quality Policy: Define and communicate the organization’s quality policy.
2. Gap Analysis:
   • Conduct a gap analysis to identify the current state of the organization’s processes compared to the requirements of ISO 9001:2015.
3. Appointment of a Management Representative:
   • Designate a management representative responsible for coordinating and overseeing the certification process.
4. Awareness and Training:
   • Ensure that employees are aware of the QMS and provide necessary training.
5. Documentation:
   • Develop the necessary documentation, including a quality manual, procedures, work instructions, and records, in accordance with ISO 9001:2015 requirements.
6. Implementation:
   • Implement the QMS across all relevant processes and departments within the organization.
7. Internal Audits:
   • Conduct internal audits to assess the effectiveness of the QMS and identify areas for improvement.
8. Management Review:
   • Hold regular management reviews to assess the QMS’s performance, identify opportunities for improvement, and ensure its continuing suitability, adequacy, and effectiveness.
9. Corrective and Preventive Actions:
   • Implement corrective actions to address nonconformities and preventive actions to avoid potential issues.
10. Pre-assessment (Optional):
    • Some organizations opt for a pre-assessment by a third-party certification body to identify any areas that may need improvement before the formal certification audit.
11. Selection of Certification Body:
    • Choose a reputable certification body accredited by an accreditation body.
12. Formal Certification Audit:
    • The certification body conducts a two-stage audit:
      • Stage 1: A review of the organization’s documentation and readiness for the certification process.
      • Stage 2: An on-site audit to evaluate the implementation and effectiveness of the QMS.
13. Certification Decision:
    • The certification body reviews the audit findings and makes a certification decision.
14. Certification Issuance:
    • If the organization meets the requirements, the certification body issues the ISO 9001:2015 certificate.
15. Surveillance Audits:
    • Regular surveillance audits are conducted by the certification body to ensure ongoing compliance.
16. Recertification (Every 3 Years):
    • The organization undergoes a recertification audit to renew its ISO 9001 certification.

Throughout the process, organizations should continuously monitor and improve their QMS to enhance overall efficiency and effectiveness. It’s important to note that obtaining ISO 9001 certification is an ongoing commitment to maintaining and continually improving the quality management system

Documents need for the audit of ISO 9001:2015

1. Legal Documents: All updated/renewed legal Documents like License, permission, Certificate. Membership certificate, contract or agreement,
2. Mandatory procedure:

The six mandatory procedures required by QMS ISO 9001 are: 

• Control of documents
• Control of records
• Internal audit
• Corrective action
• Preventive action
• Control of non-conforming products
• Identified of Context of the Organization (COTO) (Procedures and evidence)
• Identified of Internal and External Issues (SWOT & PEST analysis) (Procedures and evidence)
• Identified of Needs and Expectations of internal and external interested parties (Procedures and evidence).
• Risk Management:
• Documentation of the organization’s approach to identifying, assessing, and managing risks and opportunities that could affect the QMS.
• Quality Manual:
• The quality manual outlines the quality management system (QMS) structure and provides an overview of how the organization meets the requirements of ISO 9001:2015.
• Quality Policy:
• A document that defines the organization’s quality policy, including the commitment to meeting customer requirements and continually improving the QMS.
• Scope of the QMS:
• Describes the boundaries and applicability of the organization’s quality management system.
• Quality Objectives:
• Specifies measurable objectives that demonstrate the organization’s commitment to quality and continual improvement.
• Process Documentation:
• Detailed documentation of key processes within the organization, including process flowcharts, procedures, and work instructions.
• KPI (Procedures and evidence).
• Records of Training and Competence:
• Evidence that employees are trained and competent to perform their assigned tasks.
• Monitoring and Measurement Records:
• Documentation of processes for monitoring and measuring the QMS, including records of monitoring activities and results.
• Internal Audit Records:
• Documentation of internal audits, including audit plans, checklists, findings, and corrective actions.
• Management Review Records:
• Records of top management reviews of the QMS to ensure its continuing suitability, adequacy, and effectiveness.
• Documented Information Control:
• Procedures for controlling documents and records, including version control, approval, and distribution.
• Customer Communication:
• Records of communication with customers regarding product information, orders, feedback, and complaints.
• Supplier Evaluation and Approval Records:
• Documentation of processes for evaluating and approving suppliers, including criteria used and records of assessments.
• Nonconformance and Corrective Action Records:
• Records of nonconformities, corrective actions, and preventive actions taken to address issues and improve the QMS.
• Product or Service Conformity Records:
• Documentation showing that products or services meet specified requirements.
• Documented Information on Outsourced Processes:
• If applicable, documentation related to the control of outsourced processes.
• Each and every departmental/section/process mapping and SOP
• Machine operating and safety SOP
• Identification and traceability of files, documents, section, machineries, etc.
• Quality plan
• Wastage/Recycle or reuse system or management
• Maintenance schedule/plan (Preventive and corrective plan), records.
• Customer feedback (Procedures and evidence)
• Supplier/sub contract evaluation (Procedures and evidence)
• Health and safety of the factory. (Working condition and environment)

It’s important for organizations to maintain these documents in an organized manner and ensure they are regularly updated. Having a robust and well-documented quality management system will help the organization successfully navigate ISO 9001:2015 audits. Additionally, it’s advisable to consult with a certified auditor or consultant to ensure compliance with specific requirements and regulations.

Written and edited by: Md. Anwar Kabir

Date: April 26, 2024

Revision: 1

DISCLAIMER

Above mentioned few information has collected from different reliable websites like Wikipedia and others.