What is ISO 9001:2015?
ISO 9001 is the standard that helps an organization to control and improve its business processes. This ISO is the international standard for quality management systems. NEN-EN-ISO 9001 specifies requirements for a quality management system of an organization that:
- demonstrate its ability to consistently provide products and services that meet customer requirements and applicable laws and regulations, and
- aims to increase customer satisfaction by applying the system effectively,
ISO 9001 is the international standard for quality management systems. The organization ISO (Geneva) is responsible for drawing up and managing thousands of different standards. Of these, the ISO:9001 is the most well-known. All requirements in this International Standard are general and intended to be applicable to any organisation, regardless of its type or size or the products and services it provides.
The ISO 9001 is made up of several chapters. Every ISO standard issued from 2017 onwards will have the same format:
This chapter explains several principles of the standard:
- reasons for introducing a quality system,
- the seven quality management principles from ISO 9000 on which this standard also relies,
- the process approach
- risk-based thinking.
Subject matter and scope
The standard contains requirements that concern the quality assurance of products and services and help increase customer satisfaction.
Reference is made to ISO 9000, in which the quality management principles already mentioned are elaborated, and the definitions of several quality terms are given.
Terms and definitions
For the definition of terms used, please refer to ISO 9000
Context of the organization
Insight into the organization and its context
How does the organization know which important topics are involved internally and externally? 'Important' are those subjects that influence the results of the quality system.
Understanding the needs and expectations of stakeholders
Which stakeholders are relevant to the organization's quality system? What requirements do they have?
Defining the scope of the quality management system
To which products/services and organizational components does the quality system apply? The answer to this question must also be inspired by the answers to the questions from the previous paragraphs. Within the scope, the organization must meet all the standard requirements relevant to the products/services.
Quality management system and its processes
What processes are there in the organization, and how do they relate? What information is needed to support production or services? And what information must be kept to demonstrate the correct execution?
Leadership and commitment
How does the board show its leadership and commitment to implementing and improving the quality system? And when the organization is customer-oriented?
What is the quality policy of the organization? How does the management ensure that it has a relationship with chapter 4? And is continuous improvement part of it? How does it ensure that the quality policy is implemented?
Roles, responsibilities and powers within the organization
Are the responsibilities and powers assigned and known? Does this also apply to tasks and roles that concern the quality system?
Actions to address risks and opportunities
How are the topics from 4.1 and the requirements from 4.2 translated into risks and opportunities for the organization? What agreements and plans have these risks and opportunities led to? How are (the effects of) these agreements and plans monitored?
Quality objectives and the planning to achieve them
What concrete and measurable objectives have the organization set for different organizational units?
Planning of changes
How does the organization ensure that changes to the quality system are carefully implemented?
How does the organization ensure the right resources on time? Which people are needed? How does the company ensure the suitable facilities (such as workspace, equipment, software) on time? And how does the company ensure the right human (think of working atmosphere, for example) and physical aspects of the working environment? How is it ensured that the means used in inspections are suitable for their purpose? What knowledge is needed within the organization, and how is it maintained? How is it ensured that changes in the required knowledge are identified and implemented?
What competence does own and hire people need to carry out their work? How does the organization ensure that these people have these competencies?
How does the organization ensure that its own and hired people are familiar with (the goals of) the quality system and how they contribute to it?
What internal and external communication should take place about the quality system?
How are procedures, work regulations, policy documents, etc., clearly identified and approved? Are paper and digital documents that need to be kept stored so that they can be found and readable? Is it clear how long they should be kept?
Operational planning and control
Has the organization organized everything to deliver the products and services following customer requirements? This includes own requirements for the products and services to be delivered, process control, and the right resources.
Requirements for products and services
Is there communication with the customers about the possible products and services to be delivered, the contracting, complaints, and how the customers' property is handled? How does the organization ensure that it lives up to its claims about product or service and complies with laws and regulations? How does the organization ensure that it understands the customer's question correctly and completely? How is it assessed whether this question can be realized?
Design and development of products and services
Is the design process planned? How is it determined which requirements a new product or service must meet? How is it tested whether the design always meets these requirements at different design stages?
Control of externally delivered processes, products and services
How does the company ensure that it receives what it wants? Consider both (process) assurance and controls. Even if the subcontractor delivers directly to the customer, there must be clarity on this question.
Production and provision of services
How is the actual production or service process controlled?
For example: In what way should work be done and, where necessary, is this recorded? Are the necessary people and resources available? Are the products uniquely identifiable and handled with care? Is the (intellectual) property of customers handled with care? How are the necessary aftercare activities carried out?
Release of products and services
How is it checked that the products and services meet the set requirements before they are delivered to the customer?
Control of deviating outputs
Are products that do not meet the requirements recognizable so that unintended use is prevented? How are the errors handled?
Monitor, measure, analyze and improve.
Which measurements take place to keep an eye on customer (dis)satisfaction? Which data and measurements are used to monitor, among other things: the operation of processes, the quality of the products and services, the achievement of quality objectives, the performance of external partners, and the need for improvement?
Are internal audits carried out and reported on a planned basis to assess the effectiveness of the quality system? Are these reasons for smooth structural improvements?
How is the operation of the quality system assessed? If necessary, are the quality policy and system adjusted?
Are opportunities for improvement in products, services, processes and quality systems identified and converted into (simple or far-reaching) measures?
Deviations and corrective actions
How are errors (in the process or the product or service) handled, so repetition of the same error is unlikely?
How is it ensured that the quality system is continuously improved?
Certification means that an external, independent party *certifying body determines whether the organization's quality management system meets all standard requirements. To determine this, a certification body (CI) performs an audit. This first (certification audit) consists of two phases.
The first stage serves;
- to review the documentation
- evaluate the location and site-specific conditions and have conversations with employees to determine if the organization is prepared for phase two
- to assess the extent to which the organization complies with the requirements of the standard and understands the requirements of the standard, in particular about the identification of essential performance and aspects, processes and operation of the management system
- collect necessary information regarding the scope of the management system, the processes and locations and relevant statutory and legal aspects
- to see what resources are available for the second phase and to reach an agreement with the organization on the elaboration of the second phase audit
- to gain a good understanding of the organizations' management system, activities and significant aspects relevant to it
The purpose of the phase two audit is to assess the implementation and effectiveness of the management system. The phase two audit takes place at the location(s) of the organization. The phase two audit shall include at least the following:
- information and evidence of conformity for all requirements of the standard
- performance assessment, measurement, reporting and assessments made to determine the extent to which goals and objectives have been achieved
- the management system of the organization and how the organization complies with legal requirements
- the control of the processes of the organization on
- internal audits and management review (board review)
- involvement of the management in the quality policy
- the connection and coherence between the standard requirements, the organization's policy on, goals and objectives, legal requirements, responsibilities, the competence of employees, the implementation, procedures, information about performance and findings from internal audits.
Subsequentlorganizationsons are tested two years after (semi)annually to assess whether they continuously meet the standard's requirements. Recertification again consists of 2 phases, and the first certification takes place in the third year. This cycle is maintained.
These are registered in the audit report if a non-conformity is noticed during an audit. The name may vary from one certification body to another, but it boils down to the following:
- Major non-conformity (Category 1 deviation):
- The lack of an effective implementation with regards to one or more system requirements of the standard, or a situation where it is not or not sufficiently guaranteed that the product or service will meet requirements;
- Multiple category two non-conformities with .b a standard requirement that has been determined to lack effective implementation within the management system
- A category two non-conformity where the required corrective measures have not led to effective implementation will be upgraded to a category one finding
The correction, the root cause analysis and a corrective action plan, together with sufficient evidence of their implementation, must be submitted within 90 days of the last audit day. Assessment of deviations takes place using desk research. However, depending on the severity of the findings, the auditor may conduct a follow-up visit to confirm that the measures have been taken, evaluate their effectiveness, and determine whether nomination for certification or continuation of the certificate can occur.
- Minor non-conformity (Category 2 derogation):
A lack of discipline or control in the implementation of the system or procedural requirements does not affect the functioning of the system and the fulfilment of the requirements regarding the product/service.
The lead auditor should approve the correction, root cause analysis and corrective action plan, and the verification of the implementation and assessment of the effectiveness of the corrective actions should take place at the next visit.
An observation is not a shortcoming in itself but can indicate a possible future shortcoming if the situation receives too little attention; an observation may also relate to a situation where no appropriate evidence is found to support the finding of a deficiency.
Recommendations for improvement
Recommendations for improvement relate to areas or processes where - minimum-standard requirements may be met, but improvement is possible.
Related articles to ISO:9001 Information
Many customers and visitors to this page 'ISO:9001 Information' also viewed the articles and manuals listed below: