ISO 9001:2015 – Quality

Management System
Demonstrating strategic commitment
to continuous improvement

White paper

Abstract
ISO 9001 is the world’s most widely adopted quality management system (QMS) standard. It is also the only
standard in the 9000 family of standards, published by the International Organization for Standardization (ISO),
which can be used for the purpose of conformity assessment.

ISO 9001 also serves as the basis for many other sector-specific standards, including ISO 13485 (medical
devices), ISO/TS 16949 (automotive) and AS/EN 9100 (aerospace), as well as widely used management
system standards such as OHSAS 18001 and ISO 14001.

To ensure that they remain relevant and reflect the changing needs of the global marketplace, ISO standards
are reviewed every five years. The ISO therefore published a major revision of ISO 9001 on 15th September
2015. This whitepaper outlines the key updates, giving an overview of the various changes that will impact an
organisation’s quality management approach, as well as the additional organisational benefits it delivers.

TÜV SÜD
Contents
1 INTRODUCTION 3

2 OVERVIEW OF ISO 9001:2015 3

3 MEETING ISO 9001:2015 REQUIREMENTS 5

4 WORKING WITH TÜV SÜD 6

5 BENEFITS TO YOUR BUSINESS 7

6 CONCLUSION 7

7 APPENDIX 8

About the TÜV SÜD expert

Sami Gatz
Product Compliance Manager ISO 9001, TÜV SÜD Management Service
As Product Compliance Manager for ISO 9001, Sami Gatz is responsible for assuring that
the standard’s requirements are understood and complied with. Prior to joining TÜV SÜD,
he worked in various organisations, including NGOs, across diverse industries, covering
automotive, elevators, furniture, and insurance. Trained as an auditor, he has conducted
management system audits for a broad range of companies, and as a recognised industry
expert he has also been actively involved in the creation and establishment of a certification
body. His auditing experience with ISO 9001 was complemented by the management of both
internal and supplier audits for automotive OEMs. He obtained his work experience while
living and studying in different countries, including Germany, Mexico and the USA.

2 Navigating ISO 9001:2015 | TÜV SÜD

Introduction
ISO 9001 was first introduced in 1987 installation and service, while the processes and the importance of
and is the world’s most popular quality third focused on final inspection and tracking customer satisfaction.
improvement standard, with over one testing.
million1 certified organisations in 180 In 2008, updates to ISO 9001 clarified
countries. The origins of ISO 9001 The second edition (ISO 9001:1994) the specifications of the 2000 edition,
are embedded in the global defence emphasised product assurance using making it more consistent with
industry’s need for standards that preventive actions, instead of solely ISO 14001:2004, the environmental
govern quality assurance, and it is checking the final product. Focusing management system standard.
based upon two military standards: on managing quality by control,
the UK’s BS 5750 series of standards, rather than assurance, the standard Why is ISO 9001 important?
driven by the Ministry of Defence; required organisations to comply with To ensure success, businesses must
and the MIL-Q-9858, the US Military documented procedures. offer products and services that
manufacturing standard. surpass customer expectations,
The introduction of ISO 9001:2000 while meeting ongoing competitive
The first edition of ISO 9001 presented a radical change, pressures to increase efficiency
introduced three QMS models, by placing quality and process and cut costs. The ISO 9001 QMS
with several variants of each QMS management at its core. Focusing was developed as a way for all
making an allowance for the working on quality management instead organisations, regardless of size,
practices of different industry sectors. of quality control, the standard industry or location, to take a
The first was concerned with quality first analysed the organisation’s structured and comprehensive
assurance in design, development, requirements before designing approach to quality management,
production, installation and service processes to deliver them. This which resolves the joint challenges of
for manufacturing new products. The third edition also focused on improved quality, increased efficiency
second model covered production, the continuous improvement of and lower costs.

Overview of ISO 9001:2015

A major revision of the ISO 9001 Revised structure Risk-based approach
standard was published on September One of the key changes to the new Another major modification to ISO 9001
15, 2015, the final result of a multi-year ISO 9001 standard is the adoption of is the new emphasis on risk-based
process involving representatives from the High-Level Structure, common thinking. This helps you to examine
ISO member countries and stakeholders to many other standards such as the context of your organisation
from around the world. The new version ISO 14001 and ISO 45001, making it and to choose the most appropriate
is now more applicable to service, as easy to integrate into any existing ISO risk management technique. This
well as manufacturing industries, as the management system. This means that systematic approach to risk-based
term “product” has been replaced with in the future, ISO member countries thinking can save significant amounts
“product and services” throughout the and stakeholders, who are responsible of management time, and must be
standard. for the development of management embedded within the organisation as
system standards, will use a consistent a continuously evolving process that
The main changes since the 2008 fourth structure that shares the same common optimises knowledge development and
edition include: section headings and core texts. preparedness.

TÜV SÜD | Navigating ISO 9001:2015 3

A risk-based approach requires an Correct context These new clauses require
understanding of risk assessment, The standard assumes that long- organisations to determine the issues
which can be found in Section 4.4 term business success is most likely and requirements that can impact
“Quality Management System and its when stakeholder requirements the planning of the QMS, which are
processes”; as well as the leadership are considered. It therefore adopts used as inputs when developing the
issues outlined in Section 5.1.1; a a stakeholder approach to quality system. Although new to ISO 9001,
separate sub-clause in Section management and focuses on this approach is addressed in detail in
6.1.2 “Actions to Address Risks Stakeholder Relationship Management Section 4.4 of ISO 9004:2009.
and Opportunities”; and risk-based (SRM), which goes much further
approaches, which can be found in than the Customer Relationship To align with this new requirement,
Chapters 8.1 “Operational Planning Management (CRM) approach outlined the term “interested parties”
and Control” and 9.3 “Management in previous editions of ISO 9001. now also includes owners, the
Review”. While the CRM only addresses the organisation’s staff, bankers and
relationship between an organisation even competitors. One noteworthy
While organisations are required and its customers, SRM balances the feature of the new edition of ISO
to identify and act on these risks, relationship of the organisation with 9001 is that it does not require
there is no statement within the all stakeholders, including customers, the products and services to fulfil
standard which outlines how the risk suppliers, partners, authorities, etc. the needs and expectations of all
management should be conducted. In external parties, but only those
addition, there is no clause containing Two additional clauses therefore interested parties that are relevant to
specific requirements for preventive include: the QMS.
measures in the High-Level Structure n 4.1 Understanding the organisation
or core texts. This is because it is and its context. Process definition
already considered one of the main n 4.2 Understanding the needs and While ISO 9001:2008 adopted
purposes of QMS. expectations of interested parties. a process approach in the

4 Navigating ISO 9001:2015 | TÜV SÜD

development, implementation described, so that an organisation is demonstrate QMS performance.
and improvement of QMS now able to determine the amount of However, while responsibilities of a
effectiveness, ISO 9001:2015 does information related to processes that Quality Management Representative
this more explicitly in Section 4.4. are documented, based on factors now rest with top management,
Consequently, organisations such as process complexity and they can still be delegated, with the
must now address the risks and employees’ competence. In addition, standard simply requiring the more
opportunities within the QMS documented procedures and precise assignment of roles and
processes. The measurement of management handbooks, required by responsibilities.
performance indicators and the the previous version of the standard,
assignment of responsibilities of are no longer mandatory and will be Extended scope
these processes are also required. at the discretion of the organisation. The scope of management review has
also been expanded with the addition
Documentation flexibility Increased responsibility of the aspect “strategic direction of
ISO 9001:2015 replaces the The new standard expands what the organisation”. This means that
previously used terms “documents” encompasses the term “management an organisation’s management team
and “records” with “documented responsibilities”. Consequently, must now consider the interest of
information”. This offers greater leaders at all levels within the “relevant interested parties” and
flexibility on how processes are organisation are now required to assess risks at a strategic level.

Meeting ISO 9001:2015 requirements

From 15th September 2015, DELTΔ audits Advantages of the DELTΔ audit include:
organisations that are currently certified If your organisation already n Supporting a systematic approach

to ISO 9001:2008 have three years holds ISO 9001 certification, our in the transition process.
to make the transition to the revised DELTΔ audit provides a systematic n Avoiding misinterpretations of the new

standard. After 15th of September 2018, approach in the transition to the requirements and strengthening the
ISO 9001:2008 certificates will no longer new ISO 14001:2015 standard. position of employees responsible for
be valid. As the differences between Experienced TÜV SÜD auditors the transition within the organisation.
the two versions of the standard analyse your existing QMS to identify n Development of actions needed to adjust
are substantial, you are strongly any gaps, and the potential need for your quality management system.
encouraged to begin the process of action, ensuring a smooth path to n Faster readiness for certification

reviewing your current QMS, quality re-certification. according to the new standard.
processes and documentation as soon
as possible.

TÜV SÜD | Navigating ISO 9001:2015 5

For organisations seeking ISO 9001
certification for the first time, SIX STEPS TO CERTIFICATION
TÜV SÜD offers IRCA certified
auditor and lead auditor training Complete a simple profiling form and we customise a quote
courses to better equip your detailing the cost, planning and time required.
company for the challenges of
implementation, certification and
continuous improvement. Our pre-audit team determines if your organisation already fulfils
ISO 9001 requirements and identifies areas for improvement.
TÜV SÜD identifies six steps in
determining a company’s readiness
towards achieving ISO 9001 TÜV SÜD auditors visit your site to verify the profile submitted
certification. during your application and determine your readiness for Stage 2.

On-site audit by TÜV SÜD auditors.

Propose and implement corrective actions, if any.

Receive your audit report and certificate after approval from the committee
with annual surveillance audits conducted thereafter.

Working with TÜV SÜD

As an internationally accredited TÜV SÜD is accredited by DAkkS and Our international network of
Certification Body for various other European Accreditation Bodies subsidiaries on every continent
management systems, TÜV SÜD’s under the European co-operation for enables us to serve organisations
certificates are accepted and Accreditation Multilateral Agreement worldwide and certify their
recognised globally. Having (EA MLA), by ANAB (U.S.) and JAS- compliance to ISO 9001 on a global
TÜV SÜD as your certification ANZ (Australia and New Zealand) scale. In addition, our auditors are
partner not only allows your under the International Accreditation required to follow a strict code of
company to lean on our experience, Forum Multilateral Agreement (IAF- conduct through Auditor Codex as
but also lends your brand the MLA) among many others. This well as our corporate compliance
distinction of the TÜV SÜD ensures that ISO 9001 certification is guidelines that assures both you
certification mark - a powerful conducted with the highest degree of and your customers of our complete
demonstration of your commitment professionalism and conformance to independence and professionalism.
to quality management. international guidelines and standards.

6 Navigating ISO 9001:2015 | TÜV SÜD

Benefits to your business
While ISO 9001:2015 maintains the Improve efficiency and reduce costs - Minimise management time - the
benefits inherent from using the previous the quality management practices High-Level Structure, simplified
standard, it also introduces more. inherent in ISO 9001 increase your language and common terms
organisational efficiency, productivity reduce complexity. ISO 9001:2015’s
Increase competitiveness - and profitability. consistency with other ISO
ISO 9001:2015 is a globally accepted management system standards,
quality management system, which is Minimise risk - increase your ability makes it particularly easy to
applicable to all industries. TÜV SÜD’s to mitigate strategic and operational implement and maintain, as well as
certification mark ensures that your risks by addressing both risks integrate with multiple management
systems are reliable and robust, and opportunities in a structured systems, such as those for the
resulting in improved customer manner. environment, health & safety, or
satisfaction and lower trade barriers. business continuity.
Engage top management -
Improve marketability and sales - emphasise leadership engagement
significantly improve your bargaining through active participation.
position for public and private
procurement tenders.

Conclusion
While accredited certification to a strategic commitment to standard, gives a strong signal
ISO 9001 is not a mandatory continuous improvement. to your buyers, customers,
requirement, organisations can Certification may also significantly suppliers and other stakeholders
reap many benefits by adopting and minimise costs, improve staff morale that you have implemented the
implementing the system. and boost brand reputation. standard accurately. It also helps
organisations to demonstrate
With organisations under increasing Third-party certification, where that their system complies with
scrutiny from stakeholders to an independent certification regulatory and contractual
optimise business efficiency, body audits your practices requirements.
ISO 9001 certification demonstrates against the requirements of the

TÜV SÜD | Navigating ISO 9001:2015 7

Appendix
STRUCTURE COMPARISON OF ISO 9001:2015 AND ISO 9001:2008

ISO 9001:2015 ISO 9001:2008

1. Scope 1. Scope

2. Normative references 2. Normative references

3. Terms and definitions 3. Terms and definitions

4. Context of the organization 4. Quality management system

4.1 Understanding the organization and its context 4. Quality management system
5.6 Management review

4.2 Understanding the needs and expectations of interested 4. Quality management system
parties 5.6 Management review

4.3 Determining the scope of the quality management system 1.2 Application
4.2.2 Quality manual

4.4 Quality management system and its processes 4. Quality management system
4.1 General requirements
5. Leadership 5. Management responsibility

5.1 Leadership and commitment 5.1 Management commitment

5.1.1 General 5.1 Management commitment

5.1.2 Customer focus 5.2 Customer focus

5.2 Policy 5.3 Quality policy

5.2.1 Establishing the Quality Policy 5.3 Quality policy

5.2.2 Communicating the Quality Policy 5.3 Quality policy

5.3 Organizational roles, responsibilities and authorities 5.5.1 Responsibility and authority
5.5.2 Management representative
5.4.2 Quality management system planning

6. Planning 5.4.2 Quality management system planning

6.1 Actions to address risks and opportunities 5.4.2 Quality management system planning
8.5.3 Preventive action

6.2 Quality objectives and planning to achieve them 5.4.1 Quality objectives

6.3 Planning of changes 5.4.2 Quality management system planning

7 Support 6. Resource management

7.1 Resources 6. Resource management

7.1.1 General 6.1 Provision of resources

7.1.2 People 6.1 Provision of resources

8 Navigating ISO 9001:2015 | TÜV SÜD

ISO 9001:2015 ISO 9001:2008
7.1.3 Infrastructure 6.3 Infrastructure

7.1.4 Environment for the operation of processes 6.4 Work environment

7.1.5 Monitoring and measuring resources 7.6 Control of monitoring and measuring equipment

7.1.5.1 General 7.6 Control of monitoring and measuring equipment

7.1.5.2 Measurement traceability 7.6 Control of monitoring and measuring equipment

7.1.6 Organizational knowledge Equivalent clause

7.2 Competence 6.2.1 General

6.2.2 Competence, training and awareness
7.3 Awareness 6.2.2 Competence, training and awareness

7.4 Communication 5.5.3 Internal communication

7.5 Documented information 4.2 Documentation requirements

7.5.1 General 4.2.1 General

7.5.2 Creating and updating 4.2.3 Control of documents
4.2.4 Control of records

7.5.3 Control of documented Information 4.2.3 Control of documents

4.2.4 Control of records

8. Operation 7. Product realization

8.1 Operational planning and control 7.1 Planning of product realization

8.2 Requirements for products and services 7.2 Customer-related processes

8.2.1 Customer communication 7.2.3 Customer communication

8.2.2 Determination of requirements for products and services 7.2.1 Determination of requirements related to the product

8.2.3 Review of the requirements for products and services 7.2.2 Review of requirements related to the product

8.2.4 Changes to requirements for products and services 7.2.2 Review of requirements related to the product

8.3 Design and development of products and services 7.3 Design and development

8.3.1 General 7.3.1 Design and development planning

8.3.2 Design and development planning 7.3.1 Design and development planning

8.3.3 Design and development inputs 7.3.2 Design and development inputs

8.3.4 Design and development controls 7.3.4 Design and development review
7.3.5 Design and development verification
7.3.6 Design and development validation

8.3.5 Design and development outputs 7.3.3 Design and development outputs

8.3.6 Design and development changes 7.3.7 Control of design and development changes

8.4 Control of externally provided processes, products and services 7.4.1 Purchasing process

TÜV SÜD | Navigating ISO 9001:2015 9

ISO 9001:2015 ISO 9001:2008
8.4.1 General 4.1 General requirements
7.4.1 Purchasing process

8.4.2 Type and extent of control 7.4.1 Purchasing process

7.4.3 Verification of purchased product

8.4.3 Information for external providers 7.4.2 Purchasing information

7.4.3 Verification of purchased product

8.5 Production and service provision 7.5 Production and service provision

8.5.1 Control of production and service provision 7.5.1 Control of production and service provision
7.5.2 Validation of processes for production and service
provision

8.5.2 Identification and traceability 7.5.3 Identification and traceability

8.5.3 Property belonging to customers or external providers 7.5.4 Customer property

8.5.4 Preservation 7.5.5 Preservation of product

8.5.5 Post-delivery activities 7.5.1 Control of production and service provision

8.5.6 Control of changes 7.3.7 Control of design and development changes

8.6 Release of products and services 7.4.3 Verification of purchased product

8.2.4 Monitoring and measurement of product

8.7 Control of nonconforming outputs 8.3 Control of nonconforming product

9. Performance evaluation 8. Measurement, analysis and improvement

9.1 Monitoring, measurement, analysis and evaluation 8. Measurement, analysis and improvement

9.1.1 General 8.1 General

8.2.3 Monitoring and Measurement Processes

9.1.2 Customer satisfaction 8.2.1 Customer satisfaction

9.1.3 Analysis and evaluation 8.4 Analysis of data

9.2 Internal audit 8.2.2 Internal audit

9.3 Management review 5.6 Management review

9.3.1 General 5.6.1 General

9.3.2 Management review input 5.6.2 Review input

9.3.3 Management review output 5.6.3 Review output

10. Improvement 8.5 Improvement

10.1 General 8.5.1 Continual improvement

10.2 Nonconformity and corrective action 8.3 Control of nonconforming product

8.5.2 Corrective action

10.3 Continual Improvement 8.5.1 Continual improvement

8.5.3 Preventive action

10 Navigating ISO 9001:2015 | TÜV SÜD

GLOSSARY OF ACRONYMS
CRM – customer relationship management
QMS – quality management system
SRM – stakeholder relationship management

FOOTNOTES
¹ http://www.iso.org/iso/iso-survey

COPYRIGHT NOTICE
The information contained in this document represents the current view of TÜV SÜD on the issues discussed as of the date of publication. Because TÜV SÜD must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of TÜV SÜD, and TÜV SÜD cannot guarantee the accuracy of any information presented after the date of
publication. This White Paper is for informational purposes only. TÜV SÜD makes no warranties, express, implied or statutory, as to the information in this document. Complying with all
applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of
TÜV SÜD. TÜV SÜD may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from TÜV SÜD, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual
property. ANY REPRODUCTION, ADAPTATION OR TRANSLATION OF THIS DOCUMENT WITHOUT PRIOR WRITTEN PERMISSION IS PROHIBITED, EXCEPT AS ALLOWED UNDER THE
COPYRIGHT LAWS. © TÜV SÜD Group – 2016 – All rights reserved - TÜV SÜD is a registered trademark of TÜV SÜD Group.

DISCLAIMER
All reasonable measures have been taken to ensure the quality, reliability, and accuracy of the information in the content. However, TÜV SÜD is not responsible for the third-party content
contained in this newsletter. TÜV SÜD makes no warranties or representations, expressed or implied, as to the accuracy or completeness of information contained in this newsletter.
This newsletter is intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). Accordingly, the information in this
newsletter is not intended to constitute consulting or professional advice or services. If you are seeking advice on any matters relating to information in this newsletter, you should –
where appropriate – contact us directly with your specific query or seek advice from qualified professional people. The information contained in this newsletter may not be copied, quoted,
or referred to in any other publication or materials without the prior written consent of TÜV SÜD. All rights reserved © 2016 TÜV SÜD.

TÜV SÜD | Navigating ISO 9001:2015 11

ISO 9001:2015 – Quality Management System
www.tuv-sud.com/iso9001
systemcertification@tuv-sud.com

Choose certainty. Add value.

TÜV SÜD is a premium quality, safety and sustainability solutions provider that specialises in testing, inspection,
auditing, certification, training and knowledge services. Represented in over 850 locations worldwide, we hold
accreditations in Europe, the Americas, the Middle East and Asia. By delivering objective service solutions to our
customers, we add tangible value to businesses, consumers and the environment.

2016 © TÜV SÜD AG | V-M/MS/27.2/en/SG

TÜV SÜD AG
Westendstr. 199,
80686 Munich, Germany
+49 89 5791-0
www.tuv-sud.com