ISO 9001: Quality Management System

1. The International Organization for Standardization 

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). ISO technical body prepares the International Standards. It collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

ISO 9000 series was released in 1987 (1^st edition). It had 4 variants:

ISO 9000: Vocabulary

ISO 9001: Model Quality Assurance with Design and Development and Production

ISO 9002: Model for Quality Assurance in Production, Installation and Servicing, and

ISO 9003: Model for Quality Assurance in final Inspection and Test.

1.1 Revisions of ISO 9000 Series

The ISO 9000 series standards were revised in 1994 (2^nd edition) retaining the similar structure i.e. ISO 9001:1994 – Manufacturing with Design & Development; ISO 9002:1994 – Production and Installation (No Design) and ISO 9003: 1994 – Final inspection and test.

However the 3^rd revision i.e. ISO 9001: 2000, “Quality Management Systems – Requirements”, prepared by Technical Committee ISO/TC 176 ’Quality Management and Quality Assurance, Subcommittee SC 2, Quality Systems’ saw a major change. This replaced the three standard into one (ISO 9001: 2000) along with change in title. In this standard, the term ‘quality assurance’ is no longer used. The revision allowed exceptions to design and development procedures if a company does in fact not engage in the creation of new products, as well as introducing a few concepts. This version of the standard adopted:

a)     Process Approach replacing an inspection mentality.

b)    A focus on Management Commitment instead of only relying upon quality personnel.

c)    Performance metrics

d)    Continual Improvement 

e)    Customer Satisfaction

The fourth edition is ISO 9001: 2008. The clause wise there is no change between ISO 2000 and 2008. ISO 9001 is made applicable to any industry including software companies.

No new requirement included and some requirements were clarified or improved for clarity. It also made better alignment with ISO 14001:2004.

The fifth edition in 2015 cancels and replaces the fourth edition (ISO 9001:2008), which has been technically revised, through the adoption of a revised clause sequence and the adaptation of the revised quality management principles and of new concepts. It also cancels and replaces the Technical Corrigendum ISO 9001:2008/Cor.1:2009 issued on 29.07.2009 (which replaces the correlation between ISO 9001: 2000 and ISO 14001: 1996 by correlation matrix between ISO 9001: 2008 and ISO 14001:2004)

2. ISO 9001 Standards

ISO 9001 is the world’s most popular and commonly used standard for quality management systems across all industry. A standard is not a law, but an agreement or best practice that an organisation can apply voluntarily. A standard reflects a good level of professionalism. A quality management system is a tool with which an organisation can determine how it can meet the requirements of its customers and the other interested parties that are involved in its activities.

By conforming to ISO 9001 quality management system, a company can show that:

a)    The organization provides products and services of consistent quality;

b)    The organization provides products and services that meet the customer’s requirements, comply with the law and legislation, and meet the organisation’s own requirements

c)   The organization can streamline its business processes and continuously improve them.

Further, ISO 9001 helps the organization to increase customer satisfaction and improve its image by showing that the organization complies with internationally recognized quality standards. This is often a requirement for customers and suppliers to do business in many national and international domain.

2.1  Quality Management Principles of ISO 9001

ISO 9001:2000 as well as 9001:2008 are based on 8 quality management principles as shown below. ISO 9000 describes each principles as:

a)    Principle 1: Customer Focus – Organisations depend on their customers, therefore it should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.

b)    Principle 2: Leadership – Leaders must establish unity of purpose and set direction the organisation should take.

c)    Principle 3: Involvement of people – Full involvement of people at all levels.

d)    Principle 4: Process approach – Process approach to manage activities and related resources. 

e)    Principle 5: System approach to management – Interrelated processes make a system. Organisation must use a system approach to manage interrelated processes.

f)     Principle 6: Continual improvement – Organisations must make a permanent commitment to continually improve their overall performance.

g)    Principle 7: Factual approach to decision making – Organisations must base decisions on the analysis of factual information and data.  

h)   Principle 8: Mutually beneficial supplier relationships – Organisations and its suppliers are independent and a mutually beneficial relationship between both will enhance their values.

Only a fully responsive QMS will include the totality of the eight principles and offer the organization the maximum return against these principles. However, this potential for enhanced marketability, productivity, and profitability is dependent upon the supplier’s desire to fully comply with the Standard, write the documented system in a user-friendly manner for a very wide range of readers, make a total management commitment to this effort, and establish a QMS that can be maintained in a cost effective manner.

The goal is to improve organizational effectiveness, not just get certified. Most importantly, a unified, strategic, business-and-quality policy signals to all employees that the main purpose of the ISO 9000 certification is to improve the effectiveness of the operation, not just achieve certification.

2.1.1 Quality Management Principles of ISO 9001:2015

The most recent ISO 9001:2015 standard is constructed around seven quality management principles:

1. Customer focus;

2. Leadership;

3. Engagement of people;

4. Process approach;

5. Improvement;

6. Evidence-based decision making;

7. Relationship management.

ISO 9001:2015 describes for each part which requirements your products, services and organisation have to meet in order to enjoy the above benefits.

2.2 Process Approach

The ISO 9001 adopts a process approach the effectiveness of a quality management system to enhance customer satisfaction by meeting customer requirements. A process is defined as any interrelated activity or activities through which a given set of inputs can be converted to a useful output of product or service. The output of one process can be input to a subsequent process.

The application of process approach in a quality management system enables:

a)    Understanding and consistency in meeting requirements;

b)    The consideration of processes in terms of added value;

c)    The achievement of effective process performance;

d)    Improvement of processes based on evaluation of data and information.

A functional representation of any process approach is shown in figure -1.

Figure 1 — Schematic representation of the elements of a single process

For an organisation to function effectively, it has to determine and manage numerous linked activities interrelated processes and their management to produce the desired results could be referred to as ‘process approach’.

2.3 PDCA Cycle

The process approach involves the systematic definition and management of processes, and their interactions, so as to achieve the intended results in accordance with the quality policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle (Deming Circle) with an overall focus on risk-based thinking aimed at taking advantage of opportunities and preventing undesirable results.

The PDCA cycle or Deming's circle has four stages as

1.    Plan – Establish the objectives of the system and its processes, and the resources needed to deliver results in accordance with customer’s requirements and the organisations policies and identify and address risks and opportunities.

2.    Do – Try the plan on a test basis

    3. Check – Evaluate the plan to see if it works.

    4.  Act – Permanently implement the plan.

The PDCA Cycle of ISO 9001:2015 is shown in figure -2.  

  (Figures in the bracket indicates the applicable clause numbers as per ISO 9001:2015)

Fig. - 2: PDCA Cycle as Per ISO 9001: 2015

2.4 Risk Based Approach

The concept of risk-based thinking has been implicit in ISO 9001:2008 through requirements for planning, review and improvement. ISO 9001:2015 on the other hand specifies the organization to understand its context (clause 4.1) and determine associated risks and opportunities and make these as the basis for planning (see clause 6.1). This represents the application of risk-based thinking to planning and implementing the QMS processes (see clause 4.4). This will also assist in determining the extent of documented information. 

The risk-based thinking applied in this version has enabled some reduction in prescriptive requirements and their replacement by performance-based requirements. There is greater flexibility than in ISO 9001:2008 in the requirements for processes, documented information and organizational responsibilities.

One of the key purposes of a QMS is to act as a preventive tool. Consequently, the 2015 version does not have a separate clause or sub-clause on preventive action. The concept of preventive action is expressed through the use of risk-based thinking in formulating QMS requirements.

Although clause 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards.

3.          ISO 9001:2015 CLAUSES

3.1 Clause 1: Scope

3.2 Clause 2: Normative References

     ISO 9000:2015: QMS – Fundamentals and Vocabulary.

3.3 Clause 3: Terms and Definitions

     The terms and Definition given in ISO 9000:2015 apply.

3.4. Clause 4: Context of the Organisation

1)    Understand your organization and its unique context.

2)    Clarify the needs and expectations of interested parties (Customers, supplier and competitors).

3)    Define the scope of your quality management system – Scope and Boundaries may be defined in Quality Manual. Also define other documentations.

4)    Develop a QMS and establish documented information – Establish processes required, documentation and records.

3.5. Clause 5: Leadership

1)  Provide leadership – main focus on quality and customers. Top management shall provide leadership by focusing on Quality and Customer.

2)  Provide leadership by establishing appropriate Quality Policy & implementing it.

3)  Provide leadership by defining and assign QMS roles and responsibilities and authorities and communicate.

3.6. Clause 6: Planning

1)  Define actions to manage risks and address opportunities – Consider risk and opportunities while developing QMS. Plan how to address risks and opportunities.

2)  Set quality objectives and develop plans to achieve them – Establish quality objectives for all relevant areas and develop plans to achieve objectives and evaluate results.

3)  Plan the procedure for changes (when required) to QMS and evaluate the impact of change.

3.7 Clause 7: Support

1)  Provide Resources - Support your QMS by providing necessary resources (internal/ external, people, infrastructure, environment and monitoring & measuring resources). Necessary traceability records for M&M to be provided. Organization shall determine and provide knowledge to facilitate process operation. 

2)  Competence - Support your QMS by ensuring that people are competent. Determine competency requirement, evaluate and train if necessary. Keep records.

3)  Awareness - Support your QMS by explaining people quality policy, quality objectives and requirement of QMS and how people can help the QMS.

4)  Communication - Support your QMS by managing your communications (how to handle internal/external communication).

5)  Documented Information - Support your QMS by controlling documented information. Determine the documented information that your QMS needs. Manage the creation and revision of documented information. Control how retained documented information (records) be protected from unintended alterations.

3.8 Clause 8: Operations

1)  Operational Planning and Control - Develop, implement, and control your operational processes (internal as well as external/outsourced).

2)  Requirements for Product and Services - Determine and document product and service requirements.

3)  Design and Development - Establish a process to design and develop products and services. This will include D&D planning, determination of inputs, Control of D&D process, D&D outputs are adequate for subsequent process. The organization shall review and control of D&D Changes and retain documented information for D&D outputs.  .

4)  Monitor and control external processes, products, and services (Purchase) - Confirm that external products and services meet requirements. For this develop controls for externally provided products and services. Discuss your organization’s requirements with external providers.

5)  Production and Service - Manage and control production and service provision activities. Establish controls for production and service provision, identify your outputs and control their unique identity (traceability). Protect property owned by customers and external providers. Preserve outputs during production and service provision. Clarify and comply with all post-delivery requirements. Control changes for production and service provision.

6)  Release of Product & Services - Implement arrangements to control product through verification at appropriate stages. Release of product and services to customer to be done only after all planned arrangements have appropriately been met.

7)  Control nonconforming outputs and document actions taken - Identify outputs that do not conform to their requirements. Take actions so that nonconforming product does not reach customer. If rectified, check that rectification meets requirements. Retain documented information.

3.9. Clause 9: Performance Evaluation

1) Monitor, measure, analyze, and evaluate QMS performance – Plan how and what to monitor. Find out how well customer needs and expectations are being met. Evaluate QMS performance, effectiveness, conformity, and satisfaction.

2) Internal Audit - Use internal audits to examine conformance and performance. Audit your quality management system at planned intervals.

3) Management Review - Carry out management reviews and document your results. Management review input to be so decided that the review output brings opportunities for improvements, resources needed and if any change in QMS is desirable.

3.10. Clause 10: Improvement

1) Determine improvement opportunities and make improvements – The improvements can include correction, corrective action, continual improvement, breakthrough change, innovation and reorganization.

2) Nonconformities and corrective Actions - Control nonconformities and address causes and consequences. Document your nonconformities and the actions that are taken. Update risk and opportunities determined during planning if necessary.

3) Continual Improvements - Enhance the suitability, adequacy, and effectiveness of your QMS.