1. Introduction to ISO 9001:2015
Quality Management System (QMS)
NURI CONSULTING & SERVICES, Malaysia
www.iso9001consultant.org
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
2. ISO 9001 HISTORY
First published in
1987
First revision in
1994
Second revision
in 2000
Third revision in
2008
Fourth revision in
September 2015
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Validity of certifications to ISO 9001:2008
One year after the publication of ISO 9001:2015 all accredited certifications
issued (new certifications or re-certifications) shall be to ISO 9001:2015.
Three years after publication by ISO of ISO 9001:2015, any existing
certification issued to ISO 9001:2008 shall not be valid.
3. WHY WAS ISO 9001:2008 REVISED?
⢠All ISO standards must undergo review and possible amendments by the assigned
technical committee every 5 years
⢠To comply with ISO Directive 2012 Annex SL
⢠To adapt to a changing world
⢠To enhance an organization's ability to satisfy its customers
⢠To provide a consistent foundation for the future
⢠To reflect the increasingly complex environments in which organizations operate
⢠To ensure the new standard reflects the needs of all relevant interested parties
⢠To align with other management systems
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
4. Structure
ISO 9001:2008 versus ISO 9001:2015
ISO 9001:2008
1. Scope
2. Normative references
3. Terms and definitions
4. Quality management system
5. Management responsibility
6. Resource management
7. Product realization
8. Measurement, analysis and
improvement
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
ISO 9001:2015
1. Scope
2. Normative references
3. Terms and definitions
4. The organization and its context
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
5. ISO 9001:2015 MODEL
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
6. ISO 9001:2008 MODEL
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
7. NURI CONSULTING & SERVICES
www.iso9001consultant.org ismail@iso9001consultant.org
ISO 9001:2015 is based on these principles:
1. Customer focus
2. Leadership
3. Engagement of people
4. Process approach
5. improvement
6. Evidence-based decision making
7. Relationship management
8. Important concepts in ISO 9001:2015
1. ISO 9001:2015 employs the process approach, which incorporates the
Plan-Do-Check-Act (PDCA] cycle and risk-based thinking. It involves
the systematic definition and management of processes, and their
interactions, so as to achieve the intended results.
2. PDCA cycle is employed with an overall focus on risk-based thinking
aimed at taking advantage of opportunities and preventing
undesirable results
3. Risk-based thinking is essential for achieving an effective quality
management system
4. The concept of risk-based thinking has been implicit in previous
editions of ISO 9001. For example, carrying out preventive and
corrective actions.
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
9. Benefits of implementing ISO 9001:2015
⢠Your organization will be able to:
1. Consistently provide products and services that meet customer
and applicable statutory and regulatory requirements
2. Facilitate opportunities to enhance customer satisfaction
3. Address risks and opportunities associated with your
organizationâs context and objectives
4. Demonstrate conformity to specified quality management system
requirements
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
10. Purpose of ISO 9001:2015
The ISO 9001:2015 provides a framework for any organization to achieve the
following goals:
1. Be able to demonstrate its ability to consistently provide products and
services that meet customer and applicable statutory and regulatory
requirements, and
2. Be able to enhance customer satisfaction through the effective application
of the system, including processes for improvement of the system and the
assurance of conformity to customer and applicable statutory and
regulatory requirements.
⢠NOTE: The terms "product" or "service" only apply to products and services
intended for, or required by the customers
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
11. TERMS AND DEFINITIONS
⢠Quality is defined as the degree to which a set of inherent
characteristics fulfills requirements
⢠Management is a set of coordinated activities to direct and control an
organization
⢠A system is a set of interrelated or interacting elements
⢠A process is a set of interrelated or interacting activities which
transforms inputs into outputs
⢠Risk is the effect of uncertainty
⢠Nonconformity is the failure to fulfill a requirement
⢠Objective is the result to be achieved
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
12. ⢠Correction is the action taken to eliminate a detected nonconformity
⢠Corrective action is the action taken to eliminate the cause of a detected
nonconformity
⢠Audit is a systematic, independent and documented process for
obtaining audit evidence and evaluating it objectively to determine the
extent to which audit criteria are fulfilled
⢠Objective evidence is the data supporting the existence or verity of
something
⢠Interested party is the person or organization that can affect, be affected
by, or perceive themselves to be affected by a decision or activity
⢠Requirement is the need or expectation that is stated, generally implied
or obligatory
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
13. 1. "shall" indicates a requirement which must be implemented
2. "should" indicates a recommendation
3. "may" indicates a permission
4. "can" indicates a possibility or a capability
5. information marked as "NOTE" is for guidance in understanding or
clarifying the associated requirement
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
ISO 9001:2015 Lingo
14. ISO 9001:2015
Quality Management System (QMS)
Requirements
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
15. External and internal risks and
opportunities
⢠Relevant and significant risks and opportunities associated with the
external and internal environments of the QMS must be continually
determined, monitored and reviewed by the organization
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
16. Needs and expectations of interested
parties
⢠The organization shall continually determine, monitor and review:
1. Interested parties that are relevant to the QMS
2. Relevant requirements of these interested parties
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
17. Scope of the QMS
⢠The boundaries of the QMS must be defined in terms of the
following:
1. Relevant external and internal issues
2. Relevant interested parties and their requirements
3. Products and services of the organization
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
18. Quality management system and its processes
⢠The organization shall determine the processes needed for the QMS and their
application throughout the organization, and shall:
1. determine the required inputs and the outputs
2. determine the sequence and interaction of these processes
3. determine and apply performance and monitoring criteria and methods
4. determine and provide the resources needed for these processes
5. assign the responsibilities and authorities for these processes
6. address risks and opportunities
7. evaluate these processes and implement any necessary changes
8. improve the processes and the quality management system
⢠The QMS must be supported by documented information (documents and
records) such as the Quality Manual and SOPâs
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
19. Leadership and its commitment
1. Take accountability for QMS
2. Establish and communicate the
quality policy and QMS objectives
3. Integrate QMS requirements into
existing business processes
4. Promote the use of process
approach, risk-based thinking and
improvement
5. Communicate the importance of
conforming to QMS requirements
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
6. Ensure that the QMS achieves its
intended results
7. Engage, direct and support
persons to contribute to the
effectiveness of the quality
management system
8. Support other management roles
to demonstrate their leadership
within their areas of responsibility
9. Provide adequate resources
20. Customer focus
⢠Top management shall ensure that:
1. Customer and applicable statutory and regulatory
requirements are determined, understood and consistently
met
2. Risks and opportunities that can affect conformity of products
and services and the ability to enhance customer satisfaction
are determined and addressed
3. Focus on enhancing customer satisfaction is maintained
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
21. Quality policy
Top management shall establish a policy that:
1. Is appropriate to the purpose and context of the organization and
supports its strategic direction
2. Provides a framework for setting quality objectives
3. Includes a commitment to satisfy applicable requirements
4. Includes a commitment to the continual improvement of the QMS
5. is available to interested parties as appropriate
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
22. Organizational roles, responsibilities and authorities
⢠Top management assign responsibilities and authorities for:
1. Ensuring that the quality management system conforms to the
requirements of this International Standard
2. Ensuring that the processes are delivering their intended outputs;
3. Reporting on the performance of the quality management system and on
opportunities for improvement, in particular to top management
4. Ensuring the promotion of customer focus throughout the organization
5. Ensuring that the integrity of the quality management system is
maintained when changes to the quality management system are
planned and implemented
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
23. Addressing risks and opportunities
⢠The organization shall plan actions to address risks and opportunities
and how to integrate and implement the actions into its quality
management system processes and evaluate the effectiveness of these
actions in order to:
1. give assurance that the quality management system can achieve its
intended results
2. enhance desirable effects
3. prevent, or reduce, undesired effects
4. achieve improvement
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
24. Quality objectives
⢠The organization shall shall establish objectives and associated action
plans at relevant functions, levels and processes
⢠When planning how to achieve its quality objectives, the organization
shall determine:
1. What will be done
2. What resources will be required
3. Who will be responsible
4. When it will be completed
5. How the results will be evaluated
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
25. Quality objectives shall:
1. Be consistent with the quality policy
2. Be measurable
3. Take into account applicable requirements
4. Be relevant to conformity of products and services and to the enhancement
of customer satisfaction
5. Be monitored
6. Be communicated
7. Be updated as appropriate
8. Be defined in terms of what will be done, what resources will be required,
who will be responsible, when ii will be completed and how the results will be
evaluated
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
26. Change management
⢠Changes to the QMS shall be planned by considering the following:
1. Purpose of the changes and their potential consequences;
2. Integrity of the quality management system
3. Availability of resources
4. Allocation or reallocation of responsibilities and authorities
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
27. Supporting the QMS
The organization shall:
1. Determine and provide necessary resources such as people, infrastructure,
conducive work environment, monitoring and measuring equipment and
organizational knowledge (from internal and external sources)
2. Take actions to ensure that the workforce is competent on the basis of
appropriate education, training or experience (Appraisals, Training needs
3. Ensure that everyone is aware of the quality policy and objectives, how they
contribute towards the QMS and consequences of deviating from the quality
plan (Induction)
4. Determine what information needs to be communicated with internal and
external parties (what to communicate, when, to whom, how, who is
responsible)
5. Implement effective control of documented information used within the QMS
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
28. Control of documented information
The organization shall ensure the following:
1. All documents shall have a title, date of issue, version number, distribution list
and the authorâs name; Reference numbers may be assigned
2. All new and amended documents shall be reviewed and approved for
adequacy and suitability prior to distribution and use
3. Approved documents shall be made available at their points of use and
protected from loss of confidentiality, improper use or loss of integrity
4. Obsolete documents shall be removed from circulation
5. Records shall be labeled adequately and their legibility preserved
6. Recordsâ retention periods shall be defined and prior approval shall be
obtained before any disposal can take place
7. Records shall be safely stored and protected from any tampering
8. External documents shall be identified and updated as necessary
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
29. The organization shall:
1. Determine the requirements for the products and services
2. Establish criteria for the processes and the acceptance of products and
services
3. Determine the resources needed to achieve conformity to the product
and service requirements
4. Implement control of the processes in accordance with the criteria
5. Determine and keep documented information in order to have confidence
that the processes have been carried out as planned and demonstrate the
conformity of products and services to their requirements
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Operational control
30. The organization shall:
1. Provide information relating to products and services
2. Handle enquiries, contracts or orders, and changes
3. Obtain customer feedback relating to products and services, including
customer complaints
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Customer communication processes
31. The organization shall define:
1. Customer requirements
2. Any applicable statutory and regulatory requirements
3. Other requirements considered as necessary
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Requirements related to products and
services
32. The organization shall:
1. Review all requirements specified by the customer, including the requirements
for delivery and post-delivery activities
2. Review all requirements not stated by the customer, but necessary for the
specified or intended use, when known
3. Review all internal requirements specified by the organization
4. Review all statutory and regulatory requirements applicable to the products
and services
5. Resolve all differences
6. Get confirmation on all requirements when the customer does not provide a
documented statement of their requirements
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Review of requirements related to products
and services
33. The organization shall:
⢠Plan and control the design and development process, including the
interfaces between the various parties
⢠Define necessary inputs (functional, performance, previous designs,
standards, codes, failure analysis)
⢠Control the inputs and outputs via reviews, verification and validation
⢠Ensure that outputs meet input requirements
⢠Review and control all design and development changes
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Design and development of products and
services
34. 1. Establishing processes for the evaluation, selection, monitoring and
re-evaluation of external providers based on their ability to fulfill
purchase requirements
2. Determining the type and extent of control to be applied to external
providers
3. Providing adequate and accurate purchase and control information to
external providers
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Control the purchasing process by
35. The organization shall:
1. Make available documented information that defines the characteristics
of the products to be produced, the services to be provided, the
activities to be performed and the results to be achieved
2. Use suitable monitoring and measuring resources
3. Implement monitoring and measurement activities at appropriate
stages to verify that criteria for control of processes or outputs and
acceptance criteria for products and services have been met
4. Use suitable infrastructure and environment for the operation of
processes
5. Appoint competent persons, including any required qualification
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
Control of production and service provisions
36. 6. Validate and revalidate the ability to achieve planned results of the
processes for production and service provision, where the resulting
output cannot be verified by subsequent monitoring or measurement
7. Implement actions to prevent human error
8. Ensure identification and traceability of products and services
9. Safeguard property belonging to customers and external providers
10. Preserve outputs to ensure conformity of products and services
11. Implement necessary post-delivery activities
12. Control all changes within the production and service provisions
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
37. Release of products and services
The organization shall:
⢠Implement planned arrangements, at appropriate stages, to verify that
the product and service requirements have been met.
⢠Release of products and services to the customer shall not proceed until
the planned arrangements have been satisfactorily completed, unless
otherwise approved by a relevant authority and, as applicable, by the
customer.
⢠Retain documented information on the release of products and services
such as evidence of conformity with the acceptance criteria and
traceability to the person(s) authorizing the release.
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
38. Control of nonconforming outputs
The organization shall:
⢠Ensure that outputs that do not conform to their requirements are
identified and controlled to prevent their unintended use or delivery
⢠Deal with nonconforming outputs in one or more of the following ways:
1. Correction
2. Segregation, containment, return or suspension of provision of
products and services
3. Informing the customer
4. Obtaining authorization for acceptance under concession
⢠Retain documented information that describes the nonconformity,
describes the actions taken, describes any concessions obtained, identifies
the authority deciding the action in respect of the nonconformity.
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
39. Performance evaluation
The organization shall:
1. Monitor and measure key performance indicators
2. Monitor and measure customer satisfaction levels
3. Analyse and evaluate all KPI data
4. Implement annual internal audits
5. Annually review the QMS performance and make decisions with regards
to opportunities for improvement, changes to the QMS and resource
needs
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
40. Improvement
The organization shall:
1. Improve products and services via innovation and meeting future
customer expectations
2. Improve the QMS by addressing risks and opportunities, and
controlling nonconformities
3. Improve the QMS by taking actions on the results of data analysis and
management review
NURI CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org