What Are The ISO 9001 Requirements?

How Many ISO 9001 Requirements Are There?

Businesses should adopt and integrate 305 individual ISO 9001 requirements into their processes and culture when implementing an ISO 9001 quality management system.  These can be seen in our Internal Audit Checklist. Each audit question phrases a single ISO 9001 'shall' requirement as a question with a drop-down menu to select and capture the audit finding.

The audit results charts quantify and visualize the conformity of your quality management system to the ISO 9001 requirements. It offers a practical and versatile solution for evaluating process performance, analyzing data, and generating actionable insights. It enables you to easily input audit findings data to generate interactive trend charts and to develop improvement plans based on the collected data.

The internal audit checklist offers exceptional value with comprehensive coverage and sophisticated analytics and reporting capabilities, with 85% of commercial software functionality at less than 2% of the cost.

How Do The ISO 9001 Requirements And PDCA Relate?

ISO 9001 is structured around ten clauses. Seven of those ten clauses contain the requirements that define the framework for a quality management system.

All of the auditable ISO 9001 requirements are part of the PDCA cycle, and in combination with the quality management principles, the ISO 9001 requirements can be introduced and maintained in a controlled manner.

The following diagram represents the structure of ISO 9001 requirements in the PDCA cycle:

The primary goal is to achieve a set of consistent processes that provide a route for enhancing customer satisfaction, mitigating uncertainty, and providing meaningful data for continuous improvement activities.

Are There Any Non-applicable ISO 9001 Requirements?

The scope of registration and certification will need to reflect precisely and clearly the activities covered by your organization's quality management system; any exclusion to non-applicable ISO 9001 requirements should be documented and justified in the quality manual, and discussed with your external auditor.

No single business-related activity should exist outside of the quality management system’s scope. It is likely that only the ISO 9001 requirements from Section 8 can be excluded, e.g., 8.3 design and development would not apply to organizations that do not have design responsibility, for example.

What Are The ISO 9001 Requirements For Documentation?

In order to comply with ISO 9001 requirements for documentation, it is essential that all personnel understand what type of documents should be controlled and, more importantly, how this control should be exercised.

The type and extent of documented information that your organization should retain and maintain, in order to be compliant with ISO 9001:2015, clearly depend on the nature of your organization’s products and processes.

You will be required to have a control system in place for your documentation that shows records of approval, updates, and revisions of documents. Only the most current version of any document should be available for your employees to access, giving them only the information they need.

To be certified and compliant with the ISO 9001 requirements, documented information must be controlled and maintained by your organization. Your management system documentation should be updated as needed based on any system improvements you put in place, but keep your quality management system documentation simple!

ISO 9001 requires businesses to maintain the following data as documented information:

• The scope of the quality management system 4.3
• Information necessary to support the operation of processes 4.4
• Quality policy 5.2
• Quality objectives 6.2
• The documented information required by ISO 9001:2015 is shown in the section below.

All of your documentation should be specific to your organization and entirely relevant. It should also be written clearly, easy to navigate, and understandable. Documents should be accessible to everyone within the company, should they need them.

What Are The ISO 9001 Requirements For Records?

As per ISO 9001 requirements, records provide evidence that the processes that make up your QMS are being implemented as described. Start by identifying what QMS records are required. Look at your other procedures and work instructions to determine what evidence is needed to demonstrate conformity to ISO 9001 requirements. Also, records that are required by various legal requirements should be considered. Focus on records that add value, and avoid bureaucracy.

You may need to generate certain forms to implement your management system. When these forms are filled out, they become records. Forms should be simple and understandable for the users. Master forms should be signed by the initiator and dated to evidence their authority.

ISO 9001 requires businesses to retain the following data as ‘documented information’:

1. 1. Documented information to the extent necessary to have confidence that the processes are being carried out as planned 4.4
2. Evidence of the fitness for the purpose of monitoring and measuring resources 7.1.5.1
3. Evidence of the basis used for calibration of the monitoring and measurement resources (when no international or national standards exist) 7.1.5.2
4. Evidence of the competence of people doing work under the control of the organization that affects the performance and effectiveness of the QMS 7.2
5. Evidence of communications to external parties and interested parties 7.4.1
6. Documented information required by the QMS 7.5.1b
7. Results of the review and new requirements for the products and services 8.2.3
8. Records to demonstrate compliance with design and development requirements 8.3.2
9. Records of design and development inputs 8.3.3
10. Records of the activities of design and development controls 8.3.4
11. Records of design and development outputs 8.3.5
12. Design and development changes, including the results of the review, the authorization of the changes, and the necessary actions 8.3.6
13. Records of the evaluation, selection, monitoring of performance, and re-evaluation of external providers, and any actions arising from them 8.4.1
14. Evidence of the unique identification of outputs when traceability is a requirement 8.5.2
15. Records of property of the customer or external provider that is lost, damaged, or nonconforming, and of its communication to the owner 8.5.3
16. Results of the review of changes for production or service provision, the persons authorizing the change, and the necessary actions taken 8.5.6
17. Records of authorized release of products for delivery to the customer, including acceptance criteria and traceability to the authorizing person(s) 8.6
18. Records of nonconformities, actions taken, concessions, and the identity of the authority deciding the action in respect of the nonconformity 8.7
19. Evidence of the evaluation of the performance and the effectiveness of the QMS 9.1.1
20. Evidence of compliance evaluations 9.1.2
21. Evidence of the implementation of the internal audit programme 9.2.2
22. Evidence of internal audit results 9.2.2
23. Evidence of the results of management reviews 9.3.3
24. Evidence of the nature of the nonconformities 10.2.2
25. Evidence of any subsequent actions taken to correct nonconformities 10.2.2
26. Results of any corrective actions 10.2.2

The ISO 9001 requirements for record management are straightforward: decide what records you will keep, how you will keep them, and for how long. You should also think about how you will dispose of records once you no longer need them. Forms should be controlled via their unique number and revision status, and pre-printed material should be referenced by the appropriate procedures and work instructions.

The 7 Key Principles Of Quality

There are 7 key principles of quality management that form the foundation of ISO 9001:2015 and are relevant to the entire organization.

1. Customer focus - is about how you meet customer and regulatory requirements, assessing customer satisfaction and exceeding their expectations by the quality of your products and services
2. Leadership - is about establishing strategic direction and operational purpose
3. Engagement of people - is about providing sufficient training, knowledge, competence, and empowerment to improve quality
4. Process approach - is about the Plan, Do, Check, Act (PDCA) cycle and the sequence and interaction of inputs, activities and outputs
5. Continual improvement - is about innovation, identifying customer needs, opportunities, root cause analysis, and ability to react to change to ensure continuous improvement
6. Evidence‐based decision making - is about analyzing process data, levels of customer satisfaction, process performance assessment, and risk-based thinking
7. Relationship management - is about maintaining relationships with relevant interested parties and providers in the supply chain

Who Is Responsible For Quality?

Top management are responsible for the quality management system, whilst all employees are responsible for delivering quality to their individual aspects of work.

Top management should decide on one person in your organization who will be the lead during the entire certification process. This person is generally a quality manager or leader already familiar with your organization's functions. They should have the appropriate authority to change operations and a firm grasp of the ISO 9001 requirements and how they must be deployed in your business.

If your company has more than one physical location, a Management Representative should be appointed for each one. One leading Management Representative should oversee the progress of the other local Management Representatives.

Should I Use a Consultant to Implement the Requirements?

If you are considering asking an external consultant to help implement the ISO 9001 requirements, you must provide the consultant with a clear brief as part of the written contractual agreement. There may be cases where you need specialist advice and assistance, particularly in compliance, risks, handling corrective action, and auditing.

The consultant will review your company’s existing practices, processes, controls, and documentation using the ISO 9001:2015 requirements as the assessment criteria. An organization that assists in developing and implementing the management system requirements cannot also provide its services as a third-party certification body.

A consultant’s familiarity with the management system, the ISO 9001 requirements, and other applicable standards can save you time and money. It will ensure you achieve effective quality practices and successful management system certification. Although this will cost money, it may save you time and allow you to benefit from the consultant’s experience.

When seeking outside help, ensure potential consultants have the necessary technical or industrial experience and qualifications. Choose a management system specialist who is familiar with your business sector's particular issues and regulatory requirements and understands staff training needs.

Certification Audit

The certification audit represents the final stage of the certification process by ensuring the ISO 9001 requirements have been addressed.

The certification body will request a site visit, which will require desk space for their personnel. This visit will confirm that the written procedures are actually used in practice and that the ISO 9001 requirements are met.