Featured Product
This Week in Quality Digest Live
Management Features
Gleb Tsipursky
Belief that innovation is geographically bound to office spaces is challenged by empirical evidence
Andy J. Yap
When organizations merge, people must come together
Gene Russell
Resources to help increase your financial literacy
Michael King
Augmenting and empowering life-science professionals
Meg Sinclair
100% real, 100% anonymized, 100% scary

More Features

Management News
For companies using TLS 1.3 while performing required audits on incoming internet traffic
Accelerates service and drives manufacturing profitability
New video in the NIST ‘Heroes’ series
A tool to help detect sinister email
Developing tools to measure and improve trustworthiness
Manufacturers embrace quality management to improve operations, minimize risk
How well are women supported after landing technical positions?

More News

Paula Oddy


ISO 9001:2015 Revision Refresher

The latest ISO 9001:2015 revision encompasses substantial updates

Published: Friday, November 4, 2016 - 13:32

Changes to the global economy during the last two decades have dramatically altered the landscape of business and industry. Globalization has enabled an ever-lengthening supply chain, which confers greater complexity and risk to every step of the process, whether for material goods or for services. Manufacturers are long familiar with this equation, but companies in the service and transactional sectors must now be mindful of the increased risk that comes from outsourcing and offshoring.

The recently released ISO 9001:2015 quality management system (QMS) standard will provide better insight into the nature of risk and how it can best be ameliorated, as well as moving preventive tools upstream to better manage risk.

The ISO 9001 standard is revised over time to maintain relevance to changing industry requirements in a rapidly changing global landscape; however, not all revisions have contained substantive updates. The 2008 version of the standard contained comparatively minimal changes and improvements to clarity compared to the 2000 version. Documentation requirements were the main focus of the 2008 version, particularly regarding the mandatory documentation of procedures. The latest ISO 9001:2015 revision encompasses substantial updates across several categories of the standard, and the accompanying webinar is intended to summarize some of these changes. They extend to several areas of note, including:

• Shifts in concepts and philosophies
• A reinforced process approach
• Focus on risk-based thinking
• Flexibility in management system documentation
• Enhanced stakeholder perspective
• Business metrics suited to key processes

These changes are intended to address changes across the industry in today’s global businesses.

ISO 9001:2015 has reduced its recommended eight management principles to these seven, with changes to each (and removing the previous category of Continual Improvement):

Principle 1—Primary customer focus and expected outcomes
The primary focus of a quality management system is to meet customer requirements and to exceed customer expectations where there is an opportunity to do so.

Principle 2—Leadership
Leaders at all levels should establish a unity of purpose and direction, and create conditions in which every employee is engaged in achieving the objectives of their organization. Leaders must take accountability for the effectiveness of their management systems.

Principle 3—Engagement of people
It is essential for an organization that its people are competent, empowered, and engaged in contributing toward the intended vision. Empowering and engaging a talented workforce throughout the organization enhances an organization’s ability to create and deliver value.

Principle 4—Process approach
Consistent and predictable results are best achieved when the activities of an organization are managed as interrelated processes that function as part of a coherent system. Establishing, implementing, controlling, and maintaining the processes are required to meet the new management system requirements.

Principle 5—Improvement
Successful organizations have an ongoing focus on improvement, as well as metrics to measure improvement in a substantive and actionable way.

Principle 6Evidence-based decision making
Decisions based on the analysis and evaluations of data are more likely to produce the desired results than qualitative estimates.

Principle 7Mutually beneficial supplier relations
For sustained success, organizations manage their relationships with interested parties, such as customers, suppliers, regulatory agencies, and communities.


ISO 9001:2015 makes several changes to existing terms, with the goal of clarifying or updating the previous vocabulary. As of the new release, “product” is replaced by “goods and services,” which recognizes the growth of the service industry and allows users in those sectors to better adapt the standard to their unique requirements. “Purchasing” and “outsourcing” are now referred to as “externally provided products and services.” Terms such as “document” and “records” are now considered “documented information,” which allows organizations to determine the issues, requirements, and expectations of stakeholders that might affect the QMS. “Mutually beneficial supplier relationships” are simplified to “relationship management.” The redundant “continual improvement” has been replaced with, simply, “improvement.” These changes and others are meant to simplify communication and increase applicability in diverse contexts.

Other changes to the standard’s language are equally important. ISO 9001:2015 addresses global and technological changes in the market, reinforcing a new sensitivity to the management of risk. Further, it departs from the traditional notion of command-and-control from a small group engaged in top-down management. Instead, risk management, change management, and knowledge management are each given a sharper focus. The revision allows organizations greater flexibility and recognizes the need for businesses to integrate their QMS into the overall business strategy. Last but not least, the use of “simple” phrasing allows for a thorough understanding of the requirements and consistency when addressing them.

These changes are of interest not only to management at registered organizations, but also to the auditors who certify and recertify users. Simplifications to the language make the standard more approachable, but the overall intent of the revision is to address the methods used to deploy ISO 9001:2015 in order to improve a user’s business through audits and compliance.

The role of “management representative” is no longer explicitly delineated. Top management is now required to take a more active involvement in the quality management system, and stronger emphasis is placed on the overall accountability of top management for the effectiveness of the management system. In the absence of specifically outlined requirements for the role of “management representative,” the organization may structure itself as appropriate to ensure relevant responsibilities and authorities are assigned.

The standard’s structure has changed and now encapsulates 10 general divisions:
• Scope
• Normative references
• Terms and definitions
• Support
• Performance evaluation
• Performance improvement
• Context of the organization
• Leadership
• Planning
• Operation

Practical changes will greatly improve its ability to provide a framework for quality management to registered users. For example, there are three new clauses that users may note in ISO 9001:2015:

Clause 4.1—Understanding the organization and its context: Registered organizations shall determine external and internal issues that are relevant to their purpose and that affect their ability to achieve the intended outcomes of their quality management systems.

Clause 4.2—Understanding the needs and expectations of interested parties: Relevant interested parties can include direct customers, end users, suppliers, distributors, retailers, and partners.

Clause 4.4.2—Process approach: More explicit requirements for the QMS will be built around processes where products or services are the output. A key primary objective is to meet customer requirements.

ISO 9001:2015 removes mention of and no longer specifies requirements for “preventive actions.” Instead there is a larger focus on risk management and prevention, as the standards themselves have become risk-based preventive tools. ISO 9001:2015 requires a systematic approach to risk. When selecting methodology, the organization should consider the effects of failures and the appropriate mitigation measures to take. All risks managed adequately through their quality management system represent an overall opportunity for the organization. Key risks are identified throughout the standard, and actions must be taken to mitigate risks and continually improve.

One of the fundamental concepts in developing the language of ISO 9001:2015 involves a more explicit definition of the “process approach.” An organization’s QMS must be built around processes, where products or services are the output. The primary objective, and in fact the reason these processes exist, is to meet customer requirements. The process approach as described in the 2008 version of ISO 9001 left many registrants confused about this requirement. The 2015 version improves clarity and provides better guidance.


Although ISO 9001:2015 contains numerous updates that advance the standard, organizations need not abandon existing protocols that were removed from the 2015 revision. Organizations may continue to find great use in their management representatives. While there is no explicit role in ISO 9001:2015 for a management representative, this does not prevent organizations from choosing to retain this role if they so wish. Be aware, however, that some of the duties traditionally assigned to the management representative by top management will need to be assumed directly by top management.

While ISO 9001:2015 sets out no requirement for organizations to hold either a quality manual or documented procedures, organizations can of course continue to leverage value from their existing quality manuals and documented procedures. If this documentation is already in place, and working well, there is no need for it to be discarded.

Additionally, organizations do not need to refresh existing documentation to use the new terms and definitions contained within the current ISO standards. Once again, organizations are free to make the judgment as to whether this effort would be worthwhile. If organizations are more comfortable using their own terminology, e.g. “records” instead of “documented information,” or “supplier” rather than “external provider” then this is perfectly acceptable.

The changes and tools outlined in ISO 9001:2015 are intended to provide guidance for companies and auditors worldwide, to drive positive advancement of the industry and greater alignment with risk management and other processes moving forward.

Be sure to attend the webinar, “ISO 9001:2015 Revision Refresher” on Nov. 17, 2016, at 11 a.m. Pacific, 2 p.m. Eastern.


About The Author

Paula Oddy’s picture

Paula Oddy

Paula Oddy is the technical and quality management system manager at Intertek’s business assurance group. She has more than 25 years’ experience in the auditing and certification industry, with extensive quality management system experience with Entela and Intertek. Oddy is responsible for overseeing the technical review of audit files, qualification of auditors, and ongoing training. She holds a bachelor’s degree in industrial technology from Grand Valley State University with a concentration in quality science from Grand Rapids Community College.