1900 Pico Blvd, Santa Monica, CA 90405, United States

ISO 9001: 2015 Draft

ISO 9001 is being revised

This Review is based upon the 2014 Draft International Standard release and it is likely that there will be Further revisions. Planned standard release date is September 2015 with full implementation required by September 2018.

Organisations may wish to consider these changes and plan accordingly.

Why is the standard being revised?

  • To improve organisations’ ability to satisfy their clients
  • To allow for standards to easily integrate with other standards – new format throughout
  • To ensure relevance of standards is maintained, as Business and industry has changed
  • To Reflect the needs of all user groups and current operating environments/technology developments
  • To Set a consistent foundation for next 10 years

What is new in ISO 9001: 2015?

There are 3 main changes identified:

1. Risk management

  • Reference to risk has been included
  • There is a focus on risk-based thinking
  • A requirement for the Identification of risk
  • A requirement for risk control

2. Standardisation

  • Main ISO standard clauses are being numerically aligned
  • There is core text
  • A definite structure (referred to as “annex sl”)
  • Allows organisations with multiple management systems to achieve improved integration and implementation

3. No Exclusions

  • The 2008 version allowed exclusions within clause 7
  • There is no reference to permissible exclusions within the 2015 version
  • An organisation may decide if a requirement is not applicable, providing that it does not result in nonconformity of products or services or failure to meet the aim of enhancing customer satisfaction
  • There needs to be evidence in clause 4 if an organisation cannot apply a requirement

What is happening to clauses?

Context of Organization – includes needs and expectations of interested parties, scope
Leadership – includes management commitment, policy, roles, responsibility and authority
Planning – includes risks, opportunities, objectives and plans to achieve them, the planning of changes
Support – includes resources, competence, awareness, communication, documented information
Operation – includes planning & control, determining market needs, interaction with customers, planning process, control of external provisions of goods/services, production of goods, provision of services, release of goods/services, non-conforming goods/services
Performance Evaluation – includes monitoring, measurement, analysis and evaluation, internal audits, management review
Improvement – includes non-conformity & corrective action, improvement


What can we do now?

  • Do not panic
  • Too early in the 2015 revision process to make any significant changes to an existing system
  • May still be further changes or omissions in upcoming drafts or with the final version
  • Documented management systems of existing ISO 9001:2008 registered organisations should already conform to 2015 version - with some small adjustments

Consider risk

  • Risk is documented in most sections of the revised standard
  • Consider starting your risk management plan, if you don’t already have one
  • Begin thinking how to address risk in your business
  • Consider typical risk processes, such as risk determination, risk control, risk mitigation, acceptable level of risk

The four phases of risk


Where does it refer to risk?

The new standard appears to reference risk in a number clauses:

Clause 3.09 - terms and Definitions

  • Here The standard Defines Risk as the “effect of uncertainty on an expected result”
  • Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” of occurrence

Clause 4.4 - Quality management system and its processes

  • the organization shall determine risks and opportunities and plan and implement appropriate actions to address them

Clause 5.1.2 - Customer focus

  • Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed

Clause 6.1 - Actions to address risks and opportunities

  • the organization shall determine the risks and opportunities that need to be addressed to:

a) give assurance that the quality management system can achieve its intended result(s)
b) prevent, or reduce, undesired effects
c) achieve continual improvement

  • The organization shall plan actions to address these risks and opportunities
  • Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services

Options to address risks and opportunities can include:

  • avoiding risk
  • taking risk in order to pursue an opportunity
  • eliminating the risk source
  • changing the likelihood or consequences
  • sharing the risk
  • or retaining risk by informed decision

Clause 8.5.5 - Post delivery activities

  • In determining the extent of post-delivery activities that are required, the organisation shall consider the risks associated with the products and services;

Clause 9.3 - Management review

  • The management review shall take into consideration the effectiveness of actions taken to address risks and opportunities