How many clauses are in ISO 9001?

 In the most recent 2015 version of ISO

9001, there are 10 separate, top-level clause headings. Below those
headings are 56 sub-clauses that each define over 300 individual
requirements.

The adoption and compliance of these common requirements allows businesses

of any type to implement and maintain their own quality management system in
order to better achieve customer satisfaction and attain recognized certification.

Contents
 What Are The ISO 9001 Clause Headings?
 1. Scope 2. References 3.Terms and Definition
 4. Context of the Organization
 5. Leadership
 6. Planning
 7. Support
 8. Operation
 9. Performance Evaluation
 10. Improvement
 Are The ISO 9001 Clauses Also Requirements?
 The Seven Mandatory Clauses
 Are There Any Exceptions?
 How Have The ISO 9001 Clauses Changed Over The Years?

Unlike the previous version of ISO 9001, the current 2015 revision
contains a total of 10 headings or clauses, with 7 of them containing the
'mandatory' requirements (Clauses 4 to 10). The first three clauses
provide general information but they are no less important.

Each of these sub-clauses contain individual requirements and processes that

must be followed in order for the business to successfully attain certification, as
well as benefit from everything that comes from a properly executed quality
management system.

What Are The ISO 9001 Clause Headings?

Take a look at the list down below to learn the specific names of each ISO 9001
clause, and keep reading  to get an idea of what each one is all about.

1. Scope
2. Normative References
3. Terms and Definitions
4. Context of the Organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement
Let’s take a look at each one of these clauses, starting from number one all the
way to ten. The lists throughout the rest of this section will give you a general
idea of what is included within each sub-clause.

1. 2. & 3. Scope, References, Terms and Definitions

 1 Scope of the standard
 2 Normative references
 3 Terms and definitions
The first three clauses in ISO 9001:2015 are scope, references, and terms and
definitions. These are informational clauses, rather than clauses that outline any
kind of actions or requirements. This is something we will get into in a later
sections.

1 Scope of the standard

The scope of the standard highlights the two basic tenets of what quality
management is intended to achieve.

The standard encourages businesses to implement processes and systems to

ensure consistent product and service output, while ensuring that customer
satisfaction is enhanced through conformity and improvement.

2 Normative references

Normative references provide a better understanding of the terms used in

ISO 9001:2015 through relatable comparisons to the vocabulary that are used
in the ISO 9000:2015 standard.

3 Terms and definitions

References for better understanding of basic terms by highlighting vocabulary

and definitions from ISO 9000:2015. Refer to ISO 9000:2015 Quality
Management Systems Fundamentals and Vocabulary.

Other related and applicable standards that you could refer to might include,
among others:

 ISO 9004-2018 Quality management — Quality of an organization —

Guidance to achieve sustained success
 ISO 19011-2018 Guidelines for auditing management systems
 ISO 10004-2018 Quality management — Customer satisfaction —
Guidelines for monitoring and measuring
These were the informational clauses, rather than clauses that outline any kind
of actions or requirements. The following section will now focus on discussing the
requirements in more detail.
4. Context of the Organization
 4.1 Understanding organizational context
 4.2 Understanding the needs and expectations of relevant stakeholders
 4.3 Determining the scope of the management system
 4.4 The quality management system and its processes
The fourth clause in ISO 9001 outlines the general requirements for the entire
quality management system as a whole.

4.1 Understanding organizational context

Collate evidence to provide assurance that your organization is regularly, or as

necessary, reviewing and updating information relating to its external and
internal issues.

Although there is no requirement for documented information to define the

context of the organization, your organization will find it helpful to retain the
types of documented information listed below to help demonstrate compliance:

 Business plans and strategy reviews

 Competitor analysis
 SWOT analysis for internal issues
 PESTLE analysis for external issues
 A list of external and internal quality issues and conditions
 QMS action plans and objectives
 Annual reports
 Minutes of meetings (e.g. management review, design review minutes,
etc.)
 Process maps, tables, spreadsheets, and turtle diagrams, etc.
Reviewing your organization’s context should include interviews with senior
management, questionnaires, surveys and research. Cross-functional input is
essential for gaining the expertise to identify the full range of issues, such as
finance, training, human resources, commercial, engineering and design, etc.

4.2 Understanding the needs and expectations of relevant stakeholders

Similar to the context review discussed above, cross functional input is vital, as
certain functions will identify with particular stakeholders, for example
procurement with suppliers, and sales with customers.

A workshop approach should be encouraged which can be undertaken

independent to, or in conjunction with the context review workshop.

Once stakeholders and their requirements are identified, the next step is to
consider which stakeholder requirements generate compliance obligations. Legal
requirements should be identified before other requirements.
This process of adopting requirements will allow you to focus and coordinate on
what’s important.

4.3 Determining the scope of the management system

You will need to verify that your organization’s scope exists as documented
information (which may be contained in the quality manual) in accordance with
Clause 7.5.1a.

Verify that the organization’s scope has been established in consideration of

organization’s boundaries and applicability of the quality management system.

Look for confirmation that your organization has determined the boundaries and
applicability of the quality management system to establish its scope with
reference to any external and internal issues referred to in 4.1 and the
requirements of relevant interested parties referred to in 4.2.

The scope of your quality management system may include the whole of the
organization, specific and identified functions within the organization, specific
sections of the organization, or one or more functions across a group of
organizations.

4.4 The quality management system and its processes

ISO 9001:2015 include specific requirements necessary for the adoption of

processes when developing, implementing and improving a quality management
system.

This requires your organization to systematically define and manage processes

and their interactions so as to achieve the intended results in accordance with
both the policy and strategic direction.

 How well is the ‘process approach’ understood in the organization?

 Is the quality management system in line with the organization’s context,
and requirements of interested parties?
 Is it likely the established quality management system will achieve its
intended outcomes and enhance quality performance?
 Does it include the enhancement of quality management system
performance?
 Does it include the desire to fulfill of compliance obligations and
objectives?
Existing operational procedures, work instructions and flow charts are valid
examples of documented information and can be used to evidence the
requirement for ‘documented information to support the operation of processes
is being met’.

When an outsourced process is controlled through purchasing, there must be

documented information to ensure that the processes are being controlled -
using techniques like:
  Auditing and inspections
 Contractual agreements
 Trend monitoring
 Quality and commercial reviews
 Process performance data review on an on-going basis

5. Leadership
 5.1 Demonstrating leadership and commitment, and customer focus
 5.2 Establishing and communicating the quality policy
 5.3 Establishing roles of authority and responsibility in the workplace
Management responsibility has to do, mainly, with customer commitment
requirements. This is basically the company’s commitment to serving the
customer and building a more loyal following.

5.1 Demonstrating leadership and commitment, and customer focus

This section also establishes a general focus of the company, in terms of the
customer. In other words, the company is pledging to always keep the customer
happy, and do what they can to improve their products, services, and
procedures accordingly.

Without solid management commitment, you will not have a successful quality
management system. This is not a commitment in words; it is the continuous
and active demonstration to everyone in the organization that the need to meet
customers' expectations is vital.

The actions required of Top management include:

 Supporting the quality management system and actively promoting the

agenda
 Encouraging the goal of meeting, customer, regulatory and statutory
requirements
Develop and support the quality management system by:

 Defining and communicating the quality policy

 Establishing organizational quality objectives
 Ensuring appropriate resources are available
Implement and improve the quality management system by:

 Encouraging employees to achieve requirements

 Reviewing QMS performance
 Ensuring resources are available to improve the QMS
Customer focus involves determining customer requirements and ensuring that
processes exist to meet the requirements and achieve customer satisfaction.
Enhance customer satisfaction by ensuring that customer requirements are
identified and cascaded.

5.2 Establishing and communicating the quality policy

Management responsibility also helps a company define a quality policy and
objective guidelines, and provides help with QMS planning as a whole.

ISO 9001:2015 requires an organization’s policies to be appropriate to both its

purpose and context. This means that once your organization has determined its
context and the relevant requirements of its interested parties, Top management
must review the policies in light of that information.

ISO 9001:2015 also requires that the policies are maintained as documented
information, refer to Clause 7.5.1a. You should check whether the policies have
been established communicated and understood throughout your organization.
The policies must also be available to any relevant interested parties.

A quick and convenient way to promote and communicate the policy might be to
create a shortened version of main policy; try condensing it to five key words or
even a couple of short sentences.

This can be posted on bulletin boards in each department. You could even add it
to the reverse side of staff security passes or ID badges.

5.3 Establishing roles of authority and responsibility in the workplace

The definition of authority and responsibility in the workplace is another vital

aspect of ISO 9001.

Each employee needs to know who is responsible for the various elements of the
quality management system to ensure successful implementation, operation and
maintenance.

You should develop and make available to all employees a list of personnel and
their job descriptions, competence requirements, responsibilities, along with an
organizational chart of employees as they relate to the QMS.

6. Planning
 6.1 Actions to address risks and opportunities
 6.2 Management system objectives and plans to achieve them
 6.3 Planning for change/change management
Risks and opportunities flow directly from clause 4.1 and 4.2. Determine,
consider, and where necessary, take action to address any risks or opportunities
that might impact the quality management system’s ability to deliver
conformance.

Addressing the risks and opportunities will ensure the quality management
system is able to achieve its planned objectives!

6.1 Actions to address risks and opportunities

The risks and opportunities should be relevant to the context of your
organization (Clause 4.1), as well as, any interested parties (Clause 4.2). You
should ensure that your organization has applied this risk identification
methodology consistently and effectively.

Understanding the risks and managing them appropriately will enhance your
organization’s ability to make better decisions, safeguard assets, and enhance
your ability to provide products and services and to achieve your mission and
goals.

Although developing and implementing a formal risk management process is not

a requirement, it is encouraged that the identification and management of risks
and opportunities are formally undertaken and documented. Consequence and
likelihood tables should be used in conjunction with a risk level matrix.

6.2 Management system objectives and plans to achieve them

An effectively implemented quality management system aligns the policies with

strategic and management system objectives and provides the framework upon
which to translate these objectives into functional targets and measures.

Establish and maintain documented quality objectives and indicators, at each

relevant function and level within the organization. The objectives and indicators
help establish an important link between the quality policy and the management
programme.

The objectives and targets must be consistent with the quality policy. It is also
important to ensure that the quality objectives and associated key performance
indicators (KPIs) are mutually consistent.

It is important to ensure KPIs are meaningful to all key stakeholders including

the customer(s), top management, supervisors and the staff who actually
produce the products and services.

Properly designed and implemented, management programme should achieve

the objectives and, consequently, improve your organization’s performance. The
management programme must:

 Address each objective and target

 Designate personnel responsible for achieving targets at each
function/level of the organization
 Provide an action plan describing how each target will be achieved
 Establish a time-frame or a schedule for achieving each target
Establishing an action plan for each objective may require considerable effort on
the part of the personnel at relevant levels within your organization.

To ensure the progress of the action plan and a coordinated effort, a target
leader should be selected for each target who will be responsible for ensuring a
target is achieved within the specified time-frame
6.3 Planning for change/change management

Changes are intended to be beneficial but they need to be carried out when
determined by your organization as relevant and achievable. In addition,
consideration of newly introduced risks and opportunities should also be taken
into account.

To achieve the benefits associated with changes, your organization should

consider all types of change that may occur. These changes may be generated,
for example by:

 Processes and procedures

 Documented information
 Infrastructure
 Tooling
 Process equipment
 Employee training
 Supplier evaluation
 Stakeholder management
 Interested party requirements

7. Support
 7.1 Resources
 7.2 Competence
 7.3 Awareness
 7.4 Communication
 7.5 Documented information
It is really important that a business has the proper resources for everyone who
is involved, no matter if they make purchases with the company or go to work
there every day. An organized and professional workplace is paramount to the
successful implementation of a quality management system!

7.1 Resources

There are six sub-clauses in clause 7.1, and include general (7.1.1), people
(7.1.2), infrastructure (7.1.3), work environment (7.1.4), monitoring and
measuring resources (7.1.5), and organizational knowledge (7.1.6).

Ensure that your organization has determined and provided the resources
needed for the establishment, implementation, maintenance and continual
improvement of the QMS. Resources will often include raw materials,
infrastructure, finance, personnel and IT, all of which can be either internally or
externally provided.

Check that your organization has identified which resources and the staff
necessary for the effective implementation of the QMS and for the operation and
control of its processes.

Most organizations determine resource requirements during management review

meetings; you should review the management review minutes for evidence of
resource allocation.

Provide and maintain infrastructure necessary to achieve product conformance:

 Buildings and workspaces

 Tools and process equipment, e.g. hardware or software
 Supporting services, e.g. transport, I.T. and communication
Ensure that documented information is maintained in order to demonstrate
suitability of monitoring and measuring equipment. While this is not required, all
equipment requiring calibration must be identified

Sources of internal knowledge often include the organization’s intellectual

property; knowledge gained from experience; lessons learned from failures and
successes; capturing and sharing undocumented knowledge and experience; the
results of improvements in processes, products and services.

Sources of external knowledge often include other ISO standards; research

papers; conferences; or knowledge gathered from customers or external parties.

7.2 Competence

Identification of employee training needs is typically the first step in developing

a competency-based training programme. In addition to existing workers, new
hires, temporary workers and outside contractors must be included when
identifying training needs.

After developing a list of these employees, the management representative or

human resources manager should establish the appropriate training programme
for each person based on the type of employee interaction with each significant
impact, hazard or risk.

Even though some personnel may have the same job, the type or level of
training may vary according to each person’s past education, training, and
experience.

Training options may be as simple as on-the-job training, administered by

senior/experienced members; formal training, including classroom instruction;
training provided by external consultants. For some situations, commercially
available training courses may be another alternative.

7.3 Awareness

The awareness training does not need to follow the format of classroom
sessions, techniques can include short training segments supplemented with
videos and hands-on demonstrations that address key elements of the QMS.

Other methods to promote and reinforce the quality awareness training sessions
include communication via electronic bulletin boards, posters, newsletters and
informational meetings.

Awareness training is intended to provide an overview of your organization’s

policy, objectives and targets, and overall QMS.

All well as briefing employees during introductory presentations, try using a

combination of other methods to promote awareness, such as posters placed on
notice boards and leaflets with pay-slips, etc. Use training sessions to inform
employees of the plan, how they will be expected to contribute.

7.4 Communication

Communications may relate to your organization’s ongoing compliance to

various obligations, milestone achievements, or sustainable resourcing.

Communication is the key; communicate goals, plans, progress and milestones.

Listen first then ask for feedback. Lack of communication seems to be one of the
main root causes for errors in business.

Keep people informed of the progress of the project; e.g. what’s been done,
what’s to be done next and how the project is progressing against the plan.

Internally, your organization needs to communicate information relevant to the

QMS amongst all levels and functions, including information on any change, as
appropriate, and have to establish a mechanism to enable all persons performing
work under the organization’s control to contribute to continual improvement.

7.5 Documented information

A robust document control process invariably lies at the heart of any compliant
management system; almost every aspect of auditing and compliance
verification is determined through the scrutiny of documented information.

With this in mind, it becomes apparent that the on-going maintenance of an

efficient document management system must not be overlooked!

Departmental managers should always be responsible for promoting good

documented information practices in their area whilst supporting overall
compliance to the requirements.

Individuals and their line managers should be responsible for the information
that they create, as well as being responsible for their retention and disposal in
line with legislative requirements and organizational needs.

The terms ‘documented procedure’ and ‘record’ used ISO 9001:2015 have both
been replaced by the term ‘documented information’, which is defined as
information required to be controlled and maintained by an organization, as well
as the medium on which it is contained.

Operational procedures, work instructions, flow charts, process maps, signs,

placards, container markings, labels etc. are all examples of ‘documented
information’. Documented information can be in any format and media, and from
any source.

Organizations should determine the level of documented information necessary

to control their QMS. ‘Access’ can imply a decision regarding the permission to
view the documented information only, or the permission and authority to view
and change the documented information.
8. Operation
 8.1 Operational planning and control
 8.2 Determining requirements for products
 8.3 Design and development of products and services
 8.4 Control of external processes, such as suppliers and contractors
 8.5 Production and service provision
 8.6 Release of products and services
 8.7 Nonconforming products or services
Clause 8 is comparable to the requirements from ISO 9001:2008 Clause 7.1 –
Product Realization Planning, but it has been extended to include implementation
and control, as well planning, evidence of controls, acceptance criteria and
resources to address risks and opportunities.

8.1 Operational planning and control

For those risks and opportunities that your organization has identified, you
should seek evidence that these actions have been integrated into the quality
management system.

These actions should be verifiable at process level – for example, evidence of

controls, acceptance criteria and resources to address the risks and
opportunities, as such this clause links to the following clauses: 4.4, 6 and 8.4.

8.2 Determining requirements for products

Meeting customer identified needs is a key objective. Establish effective

arrangements for providing the customer with product information, a means of
handling inquiries and orders and a method for handling customer comments
that includes both compliments and complaints, as such this clause links to the
following clauses: 5.1, 7.4 and 8.4.

Establish processes for communicating with your customers:

 Develop a process to control communications with customers

 Implement your customer communications process
 Communicate with your customers
 Maintain records
Identification of any applicable statutory and regulatory requirements in terms of
the products and services being offered is crucial.

The sub-clause mandates that your organization should not issue a quotation or
accept an order until it has been reviewed to ensure requirements are defined,
and that the organization has the capability to meet the defined requirements.

It goes on to require that records of the review and any subsequent actions be
maintained.

Where changes in requirements occur, ensure that all relevant documented

information that relates to the changed product or service requirements, is
amended and those relevant personnel are made aware of the changed
requirements.

If the customer’s requirements have changed, all related documents must be

amended and the relevant personnel must be informed.

8.3 Design and development of products and services

This clause focuses on the need to develop, implement and maintain a design
and development process that is appropriate to the requirements for the
provision of products and services.

Many companies perform some enhancements or minor reconfigurations to

existing, mature designs; such organizations may have to introduce a
comprehensive design system and related or processes.

Design plans must specify the design and development stages, activities and
tasks; responsibilities; time-line and resources; specific tests, validations and
reviews; and outcomes.

You should also ensure that your organization has retained documented
information to confirm the identified design and development requirements were
met and that design reviews were undertaken.

Define which inputs are required to carry out the design and development
process. The inputs should be determined according to the design and
development activities. For example, which employees are required, or what
information is required for every step of the development.

The verification could consist of calculations, simulations, prototype evaluation,

tests or comparison against samples.

You must maintain records of design verification as these records will indicate
the results of verifications and determine any necessary corrective actions.

Validation is similar to verification, except this time you should check the
designed product under conditions of actual use.

The design and development output is the result of design and development
process. The output is a clear description of the product, containing detailed
information for production. Design and development outputs must reconcile with
design and development inputs.

It is as important to control design changes throughout the design and

development process and it should be clear how these changes are handled and
what effects they have on the product.

Ensure control over design and development changes, design changes must be
identified, recorded, reviewed, verified, validated, and approved.
8.4 Control of external processes, such as suppliers and contractors

Organizations need to identify which materials and services that they buy can
affect the quality of their products. Then they need to establish criteria for
selection of suppliers that can provide these materials and services.

Purchased product is any product procured by an organization from another

source that is incorporated or used in the production of the final product. Note
that products need not be procured from an 'independent source', in some cases
sister companies supply each other and are not totally independent.

You could consider dividing your suppliers into groups based on the product or
service they provide and what effect it has on the quality of your products or
processes, e.g. level I/II/III/etc.

Based on those categories, you can define the criteria for supplier evaluation and
approval. You are free to define your supplier levels and approval parameters
accordingly, but, whatever rationale is opted for, it should be properly
documented.

There is no ‘right way’ for vetting suppliers. To meet the intent of the clause you
simply need to establish a process with properly documented criteria which are
based upon customer requirements. ISO 9001 requires that the purchasing
documentation contains the correct information before it is issued to a supplier.

8.5 Production and service provision

You should seek and record evidence that your organization has controlled the
conditions by which products or services are provided, for example by ensuring
that monitoring and measurement take place at appropriate points in the
production process to ensure that both the processes themselves and the
process outputs meet the organization’s acceptance criteria.

There are several ways of identifying products. The most obvious is using tags or
stickers with part numbers, bar codes, job numbers, etc. The identification may
be engraved in the product itself, or the product may simply be marked by a
color.

Where traceability is a requirement, you should expect to see that your

organization is controlling and recording the unique identification of the product.

Check that your organization communicates with its customers in regard to the
handling and treatment of their property. You should also check that contingency
plans and, where relevant, actions are undertaken when non-conformities occur
with customer property.

Preserve the product during internal processing and delivery to the intended
destination. Preservation, packaging and other product specific handling
methods are likely to an output of the product design process.
Post-delivery activities can include actions under warranty provisions,
contractual obligations such as maintenance services, and supplementary
services such as recycling or final disposal.

Organizations need to make changes in a thoughtful manner and to consider the

potential impact to other process, products and possibly the customer.

Respond to unplanned changes that are considered essential in order to ensure

that products or services continue to meet their specified requirements, in such
a way that conformity with requirements is maintained.

8.6 Release of products and services

The release of product or delivery of service must not be completed until the
planned requirements have been met. ‘Release’ of product may include,
according to product planning and the verification stages, release to the next
operation, release to an internal customer, release to final customer, etc.

8.7 Nonconforming products or services

Every once in a while, there will be some product or service produced by the
company that is not up to the standard protocol that is defined by the ISO
9001:2015 standard. This is also known as a non-conforming product/service, or
a non-conformity.

If you have manufactured a product, inspected it and found it to be out of

specification, it is most likely to be deemed nonconforming product. In some
instances, you will have to scrap the defective product but in other situations
you may be able to do some remedial work and bring it back into specification.

Capture data on nonconformities and feedback information at the appropriate

management level, for the effective definition and implementation of corrective
actions.
9. Performance Evaluation
 9.1 Monitoring, measurement, analysis and evaluation
 9.2 Internal auditing
 9.3 Management review
The measurement, analysis, and improvement clause allows the company
personnel to step back after executing their product or service, and see how the
customer has reacted to these positive changes.

9.1 Monitoring, measurement, analysis and evaluation

Monitoring and measuring QMS operations and activities will establish a

mechanism to ensure that your organization is meeting its policies, objectives
and targets. In order to meet this requirement, your organization must perform
six steps:

1. Identify the activities that can have a significant risk

2. Determine key characteristics of the activity to be monitored
3. Select the best way to measure the key characteristics
4. Record data on performance, controls and conformance with objectives
and targets
5. Determine the frequency with which to measure the key characteristics
6. Establish management review and reporting
Establish the monitoring and tracking criteria for each activity that has a
significant risk and review the action plan. You should incorporate any
monitoring and measurement information to cover these same activities.
Implemented a consistent and systematic approach to dealing with customer
feedback and is obtaining information on customer perception.

Just collecting data on customer perceptions is not sufficient, you should seek
and record evidence that your organization has analyzed and evaluated
customer data and that conclusions have been made with regard to the
effectiveness of the QMS.

 Are there any trends?

 Is the situation stable, improving, or deteriorating?
 Are customer needs and expectations changing?
Ensure there are defined responsibilities for logging and tracking customer
complaints, clearing issues, determining the root-causes of problems, and
actions to address them.

Analyze and evaluate data from both internal and external sources such as
quality records, monitoring and measuring results, process performance results,
objectives, internal audit findings, customer surveys and feedback, 2nd or 3rd-
party audit results, competitor and benchmarking information, product test
results, complaints, supplier performance information, etc.

9.2 Internal auditing

These sub-clauses provide a clear framework for planning and conducting

internal audits. The internal audit process is a primary tool ensure the QMS is
operating effectively.

During the early stages of implementing ISO 9001:2015, or any other

management system standard, the internal audit programme often focuses on
ensuring that any compliance issues or non-conformities are discovered and
rectified prior to the Certification Body assessment.

However, once your organization becomes certified, the audit programme must
evolve. The focus of the internal audit programme should be re-directed, away
from 'elemental' compliance with ISO 9001:2015, to an audit strategy that
considers the 'status and importance' of each process comprising the quality
management system.

If your current internal audit programme been developed on an annual calendar

that merely forecasts which aspects of your quality management system are
going to be audited, you should stop!

Begin programming your internal audits by basing the audit frequency upon
current process performance data, feedback from customers, etc.

9.3 Management review

Here's what ISO 9001:2015 is really all about: defining a policy, creating a plan
devising with relevant objectives. Implement the QMS according to the plan,
begin auditing, monitoring and measuring performance against the plan and
reacting to your findings.

Bi-annual management reviews are insufficient in frequency to be able react to

any issues effectively. Performance metrics should be monitored with varying
frequencies, some hourly, some daily, some weekly and some monthly.

Management cannot wait for six months to respond, if they do, it will be too late.
Every time management convenes to review and react to performance, it is
considered as a management review.

Whether they are reviewing an individual's performance, departmental

programmes and projects, etc., this should be considered as valid management
review.

Some companies have multiple review levels, whereby, each review may require
multiple subjects and rely upon multiple metrics as inputs. Sometimes subjects
are reviewed at more than one level, e.g. production numbers might be
reviewed by the production teams during daily production meetings and then by
senior management, possibly weekly.

Top management might conduct weekly meetings in which they review metrics
and objectives to determine if any corrective action is required. The process
owner is then responsible for reporting close out progress in the meeting a week
later.

Management review meeting minutes should be retained as documented

information!
10. Improvement
 10.1 Improvement
 10.2 Nonconformity and corrective action
 10.3 Continual improvement
The final clause in the ISO 9001:2015 standard focuses mainly on improvement
of the company. While it is true that you can go through the entire process of
ISO certification to get the final stamp of approval from the organization, you
won’t be able to keep it for long if you ignore the guidelines in this clause.

10.1 Improvement

Improvement often does not take place on a ‘continual’ basis. Sometimes

improvement can be affected reactively through corrective actions, incrementally
overtime.

Look out for objective evidence that improvement is taking place. However,
while improvement does not need to be continuous, it does need to be
evidenced as occurring.

10.2 Nonconformity and corrective action

Your organization is required to take whatever action is necessary to control and

correct the non-conformity, and to deal with any resulting impact by determining
what caused the non-conformity and considering whether the potential for a
similar problem remains.
This is done by considering whether any further action is required to prevent a
similar non-conformity arising at the same place or occurring somewhere else, at
some point in the future and by determining if similar non-conformities have
occurred elsewhere; and consequently, whether it needs to take similar
corrective action.

Taking appropriate action to address the effects of the problem may require a
simple correction by the process owner or operator where it was discovered, or,
if a major failure or defect exists, more significant levels of resource would be
needed for problem solving and corrective action.

10.3 Continual improvement

Determine whether your organization identifies improvement opportunities and

QMS under-performance using the data output from its processes, such as from
analysis and evaluation, internal auditing, management review, and the use of
appropriate tools and methodologies to support validate findings.

Improving your business will include assessing everything that is going on,
deciding how you can make it better, and implementing those positive changes.
This does not necessarily mean that anything is wrong with what you are doing,
only that you want to get better every day.

The PDCA cycle is a perfect way of introducing continual improvement to your

organization’s activities. Each step to improvement can be defined by four sub
steps, Plan, Do, Check and Act:

1. Plan: Establish a timetable for internal audits and management

reviews. Establish the objectives and processes necessary to deliver
results in accordance with your customer’s requirements and your
organization’s policies.
2. Do: Implement changes designed to solve the problems on a small
scale first to see the effect. This minimizes disruption to routine activity
while testing whether the changes will work or not.
3. Check: Monitor and measure processes and product against policies,
objectives and requirements and report the results. Also check on key
activities to ensure that the quality of the output is conforming and not
influenced by the changes.
4. Act: Take actions to continually improve process performance.
Implement the changes on a larger scale, if the experimental changes
have proven to be successful. This means making the changes a
routine part of the activity.
ISO 9001 Clauses - PLAN
 1 Scope
 2 Normative references
 3 Terms and Definitions
 4 Context of the organization
 4.1 Understanding the organization and its context
 4.2 Understanding the needs and expectations of interested
parties
 4.3 Determining the scope of the quality management system
 4.4 Quality management system and its processes
 5 Leadership
 5.1 Leadership and commitment
 5.1.1 Leadership And Commitment For The Quality
Management System
 5.1.2 Customer Focus
 5.2 Policy
 5.2.1 Establishing the quality policy
 5.2.2 Communicating the quality policy
 5.3 Organizational roles, responsibilities and authorities
 6 Planning
 6.1 Actions to address risks and opportunities
 How to address risk in ISO 90001
 6.2 Quality objectives and planning to achieve them
 6.3 Planning of changes
ISO 9001 Clauses - DO
 7 Support
 7.1 Resources
 7.1.1 General
 7.1.2 People
 7.1.3 Infrastructure
 7.1.4 Environment for the operation of processes
  7.1.5 Monitoring and measuring resources
 7.1.6 Organizational knowledge
 7.2 Competence
 7.3 Awareness
 7.4 Communication
 7.5 Documented information
 7.5.1 General
 7.5.2 Creating and updating documented information
 7.5.3 Control of documented information
 8 Operation
 8.1 Operational planning and control
 8.2 Requirements for products and services
 8.3 Design and development of products and services
 8.4 Control of externally provided processes, products and services
 8.5 Product and service provision
 8.6 Release of products and services
 8.7 Control of nonconforming outputs
ISO 9001 Clauses - CHECK
 9 Performance evaluation
 9.1 Monitoring, measurement, analysis and evaluation
 9.1.2 Customer Satisfaction
 9.2 Internal Audit
 9.3 Management Review
ISO 9001 Clauses - ACT
 10 Improvement
 10.1 General
 10.2 Nonconformity in ISO 9001
 10.2 What is Non-conformance?
 10.2 Corrective Action
 10.3 Continual Improvement
Are The ISO 9001 Clauses Also Requirements?
So, now that you have read through the names of all 10 ISO 9001 clauses, as
well as a brief explanation of what each one entails, you might be wondering if
the clauses are also requirements.

If you know anything about ISO 9001, then you probably understand how
specific it can get.

When a business wants to become certified with ISO 9001, they are required to
abide by a long list of very detailed processes that include defining the scope,
performing surveillance and analysis, and going through internal audits before
they can be considered ISO 9001 accredited.

With that being said, it is justified to assume that you must follow all of these
standards line by line as a business owner, in order to gain and hold onto your
ISO 9001 certification.

To clear this up, take a look at the list down below to find out the answer to the
questions of whether or not all ISO 9001 clauses are requirements, and which
ones are mandatory, if not.

ISO 9001 Clause Requirements

 Not all 10 clauses are required

 Clauses 4-10 are considered requirements
 Clauses 1-3 provide general information/terminology
First of all, not all 10 clauses of ISO 9001 are requirements for the
business. The only mandatory clauses are everything between 4-10.
Clauses 1, 2, and 3 are not requirements.

At this point, you might be wondering why the first three clauses are excluded
from the certification requirements. If they are not required for certification,
then what is the point of even reading them, right?

Clauses 1-3 are not requirements, only due to the fact that their purpose is to
provide general information and terminology that will be used throughout the
remainder of the standard.

In other words, clauses 1,2, and 3 of ISO 9001 do not outline any actionable
requirements at all, making them non-mandatory for company personnel.

To recap on what was discussed in the previous section and provide a more clear
distinction between the clauses, the list down below will highlight the mandatory
clauses of ISO 9001.

The Seven ISO 9001 Mandatory Clauses

 Context of the Organization
 Leadership
 Planning
 Support
 Operation
 Performance Evaluation
 Improvement
Are There Any Exceptions To Required ISO 9001 Clauses?
After discussing the ISO 9001 clauses that are mandatory requirements, there is
still the question of what a requirement necessarily means.

For all of the required clauses, must a business owner and company personnel
follow everything line by line? Generally, the answer to this question is yes, but
there is one small exception, which is contained in Clause number 7.

Let’s take a closer look at this clause, in particular. Refer to the list down below
to get a detailed outline on the Product Realization section of the ISO 9001:2015
standard.

Clause 8 - Operation

 Design and development

The design and development clause consists of a six-step process, beginning
with planning. This is when the company personnel decides on what their
product or service output will consist of.

During this time, the requirements for the product will be defined. This includes
what it is supposed to do and how it will be executed. The same process goes for
services as well, but in a slightly different manner.

Then, the product will be designed and developed before the products are
purchased and everything is produced and supplied to customers.

Following these standard procedures, the company personnel must maintain

control of the equipment, by measuring inventory and resources, along with
closely monitoring everything else.

How Have The ISO 9001 Clauses Changed Over The Years?
As you might have caught already, there are several different versions of the
ISO 9001 standard, with two in particular.

This is due to the fact that the ISO 9001 quality management system is
constantly changing and evolving to be more beneficial to everyone who is
involved in a business, from the owner and employees to the regular customers.

While the years are steadily progressing, so is the ISO 9001

standard. Let’s take a look at what the two most recent versions of ISO 9001
are, before we get deeper into each one.

These are the two most recent versions of ISO 9001

1. ISO 9001:2008
2. ISO 9001:2015
The two most recent versions of the ISO 9001 standard include ISO 9001:2008
and ISO 9001:2015. The older one was updated in the year 2008, while the
most up to date came out in 2015.
With these changes going on, there were a lot of alterations in the amount of
clauses between the two, as well as which clauses are considered to be
requirements. Let’s start with ISO 9001:2008.

ISO 9001:2008

 8 clauses in total
 Clauses 4-8 were requirements
The 2008 version of ISO 9001 contained 8 total clauses, instead of the 10 that
are contained in ISO 9001:2015.

Out of the total 8 clauses in ISO 9001:2008, there were only 5 required clauses,
which were 4-8.

ISO 9001:2015

 10 clauses in total
 Clauses 4-10 are requirements
 More clauses and more requirements in the updated version
The 2015 version of ISO 9001, on the other hand, has 10 total clauses -
meaning that two of them were recently added on to the standard in order to
improve the system further.

Out of all 10, there are a total of 7 requirements, also meaning that the
additional clauses became mandatory to ISO 9001 users.
ISO 9001:2015 has more individual clauses as well as more requirements than
the older version from 2008.

So, now that you have learned everything there is to know about all 10 ISO
9001:2015 clauses, as well as which ones are required and how they have
changed over the years, you might be wondering how you can benefit from
gaining certification.

There are a multitude of benefits that come with ISO 9001 certification, for you
as the business owner, as well as your employees and customers.

When a solid quality management system is in place and working exactly how it
is supposed to, you will notice rewards coming from almost every avenue.

Whether you are most excited about gaining a loyal customer base and growing
your following or establishing long-term employees who are enthusiastic about
their positions, there is no doubt that both your business and revenue numbers
will increase exponentially when you do it right.

With a good grasp on what the ISO 9001 clauses consist of, as well as what is
expected from you within each section, you will be on your way to gaining an
ISO 9001 certification and using the world-renowned quality management
system in the favor of your growing business as you excel toward a more quality
future.

vvv