1.

Scope

Why to use the standard?

1. To demonstrate that they have ability to consistently meet customer and applicable legal
requirements

2. To enhance customer satisfaction by implementing the system

Generic Standard

This clause also clarifies that this standard is a generic standard and is applicable to any type
of business, industry or the size of the organization.

Two Notes in this clause:

1. In this International Standard, the terms "product" or "service" only apply to products and
services
intended for, or required by, a customer.

2 Statutory and regulatory requirements = Legal requirements

2 Normative References
ISO 9001:2015 lists the following standard as normative reference.

 ISO 9000:2015, Quality management systems — Fundamentals and vocabulary

What does normative reference mean?

It is a reference standard which is indispensable (or vital, very important or essential) to the
application of ISO 9001:2015.

In simple and plain words, ISO 9000 provides definitions of key words mentioned in ISO
9001.

So if you come across the term "Risk and Opportunity" in ISO 9001:2015 clause 6.1 then you
should look at the definitions of these in ISO 9000.

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 9000:2015 apply.
 4 Context of the organization
4.1 Understanding the organization and its context
The standard requires organizations to determine internal and external issues.

Which issues?
The issues which are

 relevant to its purpose,

 its strategic direction and
 that affect its ability to achieve desired results.

What to do once these are determined?

The organization would need to monitor and review the information about these issues.
4.2 Understanding the Needs and Expectations of Interested Parties
Due to their effect, or potential effect, on the organization's ability to consistently provide
products and services that meet customer and applicable legal requirements, determine:

- Interested parties that are relevant to system

- Requirements of these interested parties

Monitor and review information about these interested parties and their relevant
requirements.
Who are interested parties?
Typically these would include:

 Shareholders
 Owners
 Management
 Employees
 Trade unions
 Suppliers
 Partners
 Client
 Government agencies
 Media
 Society
 any other person or organization interested in the organization

Are all interested parties equally interested in the organization?

No. Once you have identified the interested parties the next step you can take is to analyze
these interested parties on two parameters (the standard does not require this but this
 might help you in understanding your interested parties better).

 Power
 Interest

Depending upon these two factors you can choose the appropriate approach. Stakeholder
analysis is typically used in the project management.

Determining the scope of the quality management system

Determine the boundaries and applicability of the QMS.
It means explaining what is covered under the system and what is not.
For example some companies may want to not include the design in the scope of
certification.
It was open in the previous version of the standard for the organization to decide on what
to include and what not to include (exclusions in ISO 9001:2008 ).

However in this version the scope has to be determined considering the following facts:
a) external and internal issues (see 4.1 )
b) requirements of relevant interested parties (see 4.2 )
c) the products and services of the organization

Unlike previously the organization can not exclude any requirement from the quality
management system. They can only exclude a requirement, if that is not applicable and
does not affect the product quality (conformity to requirements and customer satisfaction).

And yes! the organization would need to document this.

4.4 Quality management system and its processes

Organization is required to establish, implement, maintain, and continually improve a

quality management system, including the processes needed and their interactions, per this
standard.

The organization is required to determine the processes needed for the QMS and their
application in the organization.

Determine:

 Inputs required and outputs expected

 Sequence and interaction of processes
 Criteria and methods needed to ensure effective operation and control (performance
indicators)
 Resources needed and ensure their availability
 Assignment of the responsibilities and authorities
 Address risks and opportunities
 evaluation of processes and, if needed, the changes to processes to ensure that these
achieve intended results
 improve of the processes and the system.

Maintain documented information to support the operation of processes.(Documents)

Retain documented information to the extent necessary to have confidence that the
processes are being carried out as planned. (Records)

5 Leadership

5.1 Leadership and commitment

5.1.1 General
Top management must demonstrate leadership and commitment with respect to the
quality management system by following actions:

 taking accountability of the effectiveness of the QMS;

 ensuring that the quality policy and quality objectives are established for the system
and are compatible with the strategic direction and the context of the organization ;
 ensuring that the quality policy is communicated, understood, and applied within the
organization;
 ensuring that the integration of the system requirements into the organization’s business
processes;
 promoting process approach and risk based thinking ;
 ensuring that the resources needed for the QMS are available;
 communicating the importance of effective quality management and of conforming to
system requirements;
 ensuring that the quality management system achieves its intended results;
 engaging, directing, and supporting persons to contribute to the effectiveness of the
system;
 promoting improvement ;
 supporting other relevant management roles to demonstrate their leadership as it applies to
their areas of responsibility.

The term business here includes public, private, for profit and not for profit organizations.
5.1.2 Customer focus
Top management to demonstrate leadership and commitment with respect to customer
focus by ensuring that:
 customer requirements and applicable legal requirements are determined, understood and
met;
 risks and opportunities that can affect conformity of products and services and the ability
to enhance customer satisfaction are determined and addressed;
 focus on enhancing customer satisfaction is maintained.

5.2 Policy
5.2.1 Developing the quality policy
Top management must establish, implement, and maintain a quality policy that:

 is appropriate to the purpose and context of the organization and supports its strategic
directions
 provides a framework for setting quality objectives
 includes a commitment to satisfy applicable requirements
 includes a commitment to continual improvement of the QMS

5.2.2 Communicating the quality policy

The quality policy must be:

 available and maintained as documented information

 communicated, understood and applied within the organization
 available to relevant interested parties , as appropriate

5.3 Organizational roles, responsibilities and authorities

Top management must ensure that the responsibilities and authorities for relevant roles are
assigned, communicated, and understood within the organization.

Responsibility and authority is defined to:

 ensure that the QMS conforms to the requirements of the standard;

 report on the performance of the QMS and opportunities for improvement
 ensure the promotion of customer focus throughout the organization;
 ensure that integrity of system is maintained when changes to QMS are planned and
implemented.

6 Planning
6.1 Actions to Address Risks and Opportunities
ISO 9001:2015 Requirement

6.1.1
When planning for the quality management system, the organization need to consider
issues referenced in clause 4.1 , and the requirements referenced in clause 4.2 and
determine the risks and opportunities that need to be addressed to:
 give assurance that the quality management system can achieve its intended results
 enhance desired effects
 prevent, or reduce, undesired effects;
 achieve improvement

6.1.2

Plan:

 actions to address these risks and opportunities

 how to:
 integrate and implement the actions into its quality management system processes (see 4.4)

 evaluate the effectiveness of these actions.

Organization to take actions to address risks and opportunities that are proportionate to the
potential impact on the conformity of products and services.

6.2 Quality objectives and planning to achieve them

6.2.1

Organization to establish quality objectives at relevant functions, levels, and processes.

The quality objectives shall be:

 consistent with the quality policy

 measurable
 take into consideration the applicable requirements
 relevant to conformity of products and services and enhancement of customer satisfaction

 monitored
 communicated
 updated as appropriate

Maintain documented information on the quality objectives.

6.2.2

When planning how to achieve the quality objectives, determine:

 what will be done

 what resources will be required
 who will be responsible
 when it will be completed
 how the results will be evaluated

6.3 Planning of changes

Where the organization determines the need for change to the quality management system
(see 4.4 ) the change must be carried out in a planned manner.

The organization needs to consider the following when planning of changes:

 purpose of the change and its potential consequences

 integrity of the quality management system
 availability of resources
 allocation or reallocation of responsibilities and authorities.