What is ISO 9001:2015?

is the standard that helps an organization to and improve its business processes. This ISO is the international standard for quality systems. NEN-EN-ISO 9001 specifies requirements for a quality management system of an organization that:

  1. demonstrate its ability to consistently provide and services that meet customer requirements and applicable laws and , and
  2. aims to increase customer by applying the system effectively,

ISO 9001 is the international standard for quality management systems. The organization ISO (Geneva) is responsible for drawing up and managing thousands of different standards. Of these, the ISO:9001 is the most well-known. All requirements in this International Standard are general and intended to be applicable to any organisation, regardless of its type or size or the products and services it provides.

ISO 9001 2015

Content ISO:9001

The ISO 9001 is made up of several chapters. Every ISO standard issued from 2017 onwards will have the same format:


This chapter explains several principles of the standard:

  1. reasons for introducing a ,
  2. the seven quality management principles from ISO 9000 on which this standard also relies,
  3. the process approach
  4. risk-based thinking.

Subject matter and scope

The standard contains requirements that concern the quality assurance of products and services and help increase customer satisfaction.

Normative references

Reference is made to ISO 9000, in which the quality management principles already mentioned are elaborated, and the of several quality terms are given.

Terms and definitions

For the definition of terms used, please refer to ISO 9000

Context of the organization

Insight into the organization and its context

How does the organization know which important topics are involved internally and externally? 'Important' are those subjects that influence the results of the quality system.

Understanding the needs and expectations of stakeholders

Which stakeholders are relevant to the organization's quality system? What requirements do they have?

Defining the scope of the quality management system

To which products/services and organizational components does the quality system apply? The answer to this question must also be inspired by the answers to the questions from the previous paragraphs. Within the scope, the organization must meet all the standard requirements relevant to the products/services.

Quality management system and its processes

What processes are there in the organization, and how do they relate? What is needed to support production or services? And what information must be kept to demonstrate the correct execution?


Leadership and commitment

How does the board show its leadership and commitment to implementing and improving the quality system? And when the organization is customer-oriented?


What is the quality of the organization? How does the management ensure that it has a relationship with chapter 4? And is continuous improvement part of it? How does it ensure that the quality policy is implemented?

Roles, responsibilities and powers within the organization

Are the and powers assigned and known? Does this also apply to tasks and roles that concern the quality system?


Actions to address risks and opportunities

How are the topics from 4.1 and the requirements from 4.2 translated into risks and opportunities for the organization? What agreements and plans have these risks and opportunities led to? How are (the effects of) these agreements and plans monitored?

Quality objectives and the planning to achieve them

What concrete and measurable objectives have the organization set for different organizational units?

Planning of changes

How does the organization ensure that to the quality system are carefully implemented?



How does the organization ensure the right resources on time? Which people are needed? How does the ensure the suitable facilities (such as workspace, equipment, software) on time? And how does the company ensure the right human (think of working atmosphere, for ) and physical aspects of the working environment? How is it ensured that the means used in inspections are suitable for their purpose? What knowledge is needed within the organization, and how is it maintained? How is it ensured that changes in the required knowledge are identified and implemented?


What competence does own and hire people need to carry out their work? How does the organization ensure that these people have these competencies?


How does the organization ensure that its own and hired people are familiar with (the goals of) the quality system and how they contribute to it?


What internal and external communication should take place about the quality system?

Documented information

How are procedures, work regulations, policy documents, etc., clearly identified and approved? Are paper and digital documents that need to be kept stored so that they can be found and readable? Is it clear how long they should be kept?


Operational planning and control

Has the organization organized everything to deliver the products and services following customer requirements? This includes own requirements for the products and services to be delivered, process control, and the right resources.

Requirements for products and services

Is there communication with the customers about the possible products and services to be delivered, the contracting, complaints, and how the customers' property is handled? How does the organization ensure that it lives up to its claims about product or service and complies with laws and regulations? How does the organization ensure that it understands the customer's question correctly and completely? How is it assessed whether this question can be realized?

Design and development of products and services

Is the design process planned? How is it determined which requirements a new product or service must meet? How is it tested whether the design always meets these requirements at different design stages?

Control of externally delivered processes, products and services

How does the company ensure that it receives what it wants? Consider both (process) assurance and controls. Even if the subcontractor delivers directly to the customer, there must be clarity on this question.

Production and provision of services

How is the actual production or service process controlled?

For example: In what way should work be done and, where necessary, is this recorded? Are the necessary people and resources available? Are the products uniquely identifiable and handled with care? Is the (intellectual) property of customers handled with care? How are the necessary aftercare activities carried out?

Release of products and services

How is it checked that the products and services meet the set requirements before they are delivered to the customer?

Control of deviating outputs

Are products that do not meet the requirements recognizable so that unintended use is prevented? How are the errors handled?

Performance evaluation

Monitor, measure, analyze and improve.

Which measurements take place to keep an eye on customer (dis)satisfaction? Which data and measurements are used to monitor, among other things: the operation of processes, the quality of the products and services, the achievement of , the performance of external partners, and the need for improvement?

Internal audit

Are internal audits carried out and reported on a planned basis to assess the effectiveness of the quality system? Are these reasons for smooth structural improvements?

Management review

How is the operation of the quality system assessed? If necessary, are the quality policy and system adjusted?



Are opportunities for improvement in products, services, processes and quality systems identified and converted into (simple or far-reaching) measures?

Deviations and corrective actions

How are errors (in the process or the product or service) handled, so repetition of the same error is unlikely?

Continuous improvement

How is it ensured that the quality system is continuously improved?

Audit protocol

Certification means that an external, independent party *certifying body determines whether the organization's quality management system meets all standard requirements. To determine this, a certification body (CI) performs an audit. This first (certification audit) consists of two phases.

The first stage serves;

  •  to review the
  • evaluate the location and site-specific conditions and have conversations with employees to determine if the organization is prepared for phase two
  • to assess the extent to which the organization complies with the requirements of the standard and understands the requirements of the standard, in particular about the identification of essential performance and aspects, processes and operation of the management system
  • collect necessary information regarding the scope of the management system, the processes and locations and relevant statutory and legal aspects
  • to see what resources are available for the second phase and to reach an agreement with the organization on the elaboration of the second phase audit
  • to gain a good understanding of the organizations' management system, activities and significant aspects relevant to it

The purpose of the phase two audit is to assess the implementation and effectiveness of the management system. The phase two audit takes place at the location(s) of the organization. The phase two audit shall include at least the following:

  • information and evidence of conformity for all requirements of the standard
  • performance assessment, measurement, reporting and assessments made to determine the extent to which goals and objectives have been achieved
  • the management system of the organization and how the organization complies with legal requirements
  • the control of the processes of the organization on
  • internal audits and management review (board review)
  • involvement of the management in the quality policy
  • the connection and coherence between the standard requirements, the organization's policy on, goals and objectives, legal requirements, responsibilities, the competence of employees, the implementation, procedures, information about performance and findings from internal audits.

Subsequentlorganizationsons are tested two years after (semi)annually to assess whether they continuously meet the standard's requirements. Recertification again consists of 2 phases, and the first certification takes place in the third year. This cycle is maintained.


These are registered in the audit report if a non-conformity is noticed during an audit. The name may vary from one certification body to another, but it boils down to the following:

  1. Major non-conformity (Category 1 deviation):

- The lack of an effective implementation with regards to one or more system requirements of the standard, or a situation where it is not or not sufficiently guaranteed that the product or service will meet requirements;

- Multiple category two non-conformities with .b a standard requirement that has been determined to lack effective implementation within the management system

- A category two non-conformity where the required corrective measures have not led to effective implementation will be upgraded to a category one finding

The correction, the root cause and a corrective action plan, together with sufficient evidence of their implementation, must be submitted within 90 days of the last audit day. Assessment of deviations takes place using desk research. However, depending on the severity of the findings, the auditor may conduct a follow-up visit to confirm that the measures have been taken, evaluate their effectiveness, and determine whether nomination for certification or continuation of the certificate can occur.

  1. Minor non-conformity (Category 2 derogation):

A lack of discipline or control in the implementation of the system or procedural requirements does not affect the functioning of the system and the fulfilment of the requirements regarding the product/service.

The lead auditor should approve the correction, root cause analysis and corrective action plan, and the of the implementation and assessment of the effectiveness of the corrective actions should take place at the next visit.


An observation is not a shortcoming in itself but can indicate a possible future shortcoming if the situation receives too little attention; an observation may also relate to a situation where no appropriate evidence is found to support the finding of a deficiency.

Recommendations for improvement

Recommendations for improvement relate to areas or processes where - minimum-standard requirements may be met, but improvement is possible.


Source: NEN


ISO Norms

ISO 22301 Logo

ISO:23301 information

ISO 22301 is a standard in the field of business continuity, contains at a high level the requirements related to the establishment, implementation of BCMS.
Read More
MVO Prestatieladder

CSR Performance Ladder

The CSR (corporate ) Performance Ladder allows for 33 CSR indicators through a Management System and in consultation with stakeholders.
Read More
ISO 9001 2015

ISO:9001 Information

The ISO 9001 is the standard that helps to control and improve business processes. This ISO 9001 is the international standard for quality management systems.
Read More
ISO 14001:2015

ISO:14001 information

The ISO:14001 (2015) focuses on controlling and improving an organization's environmental performance within the organization and throughout the supply chain.
Read More
ISO 27001 logo

ISO:27001 Information

The ISO 27001 is the international standard to manage information security. 27001 proves that the organization has taken necessary information precautions.
Read More
TwitterFacebookLinkedInPin It

Related articles to ISO:9001 Information

Many customers and visitors to this page 'ISO:9001 Information' also viewed the articles and manuals listed below: