ISO9001 2015 ISO14001 AS9100 Rev D Dorset Consultant

ISO 9001 2015

Home | ISO 9001 2015 Changes | ISO 9001 | ISO 14001 | ISO Internal Audits | ISO 9001 QMS / ISO 14001 EMS Review | Clients | Testimonials | Training | Contact Us

ISO 9001:2015 changes, update and transition

Last updated:  14th August 2016
ISO9001:2015 was published and released 23rd September 2015 effectively ending the Standard's development cycle and commencing the certification transitioning phase from ISO 9001:2008 to ISO 9001:2015. There have been relatively few changes since the DIS publication and none that fundamentally change the direction or requirements of ISO 9001:2015. Main changes from the DIS were;
  • Introduction section simplified. 
  • Terms and Definitions section contents have been taken out. This section now refers to ISO 9000:2015 Terms & Definitions.
  • Leadership section now requires top management to promote awareness of the process approach AND risk based thinking.
  • Operation section now includes requirements to prevent human error.
  • Operation section now uses the term "keeping" documented information and has an explanatory note explaining this term.
  • Operation section has included "customer requirements" as a consideration when determining post delivery activities.
  • Operation section now includes requirements to prevent human error.   


Main Changes

The changes are far more significant than the last revision from ISO 9001:2000 to ISO 9001:2008 and are on a par with, if not greater than, the changes made to ISO 9001:2000.  The main changes (as currently understood) are outlined below.  However, it should be borne in mind that other changes may occur prior to publication.

Structural Change:  The structure of the new Standard has aligned itself with Annex SL. Annex SL is an ISO document prescribing the high level structure for all ISO management system standards e.g. ISO 14001; ISO 27001, ISO 9001 and also AS9100.  As ISO management system standards are updated they will all follow the same structure and use the same high level language.  The new and current structures are shown below;

ISO 9001:2015 (DIS)

ISO 9001:2008

0.   Introduction

1.   Scope

2.   Normative references

3.   Terms and definitions

4.   Context of the organization

5.   Leadership

6.   Planning

7.   Support

8.   Operation

9.   Performance evaluation

10. Improvement

0.   Introduction

1.   Scope

2.   Normative references

3.   Terms and definitions

4.   Quality management system

5.   Management Responsibility

6.   Resource Management

7.   Product Realization

8.   Measurement, analysis and improvement




Context of the Organization:  This is a new requirement, requiring organizations to consider both the internal and external issues that can impact on the quality management system’s ability to deliver products and services whilst achieving planned results.  In addition, organizations must now understand and monitor the needs and expectations of relevant interested parties (people, organizations etc) who affect, or are affected by or are perceived to be affected by the organization’s quality management system and associated activities.  

Risk based approachThere is more emphasis on risk based thinking when setting up and maintaining the quality management system (QMS). It will be a requirement to identify and understand risks and opportunities from external as well as internal factors and take these into account when setting up the management system. However, although there is no requirement to have a formal risk assessment process in place it is becoming evident that Certification Bodies (rightly or wrongly) are expecting to see risks documented in some fashion.  Personally, I would recommend documenting risks as it does help management / employees understand what risks there are and how these are being controlled by the QMS. It also helps cross check existing QMS's to verify that all risks have in fact been considered.    

Leadership: Leadership is now an explicit requirement. Top management should expect to have to demonstrate accountability in ensuring the quality management system is and will remain effective e.g. establishing a quality policy and quality objectives and ensuring these are compatible with the strategic direction of the organization and aligned with the organizational context; ensuring the process approach is promoted; ensuring personnel at all levels are engaged with the quality management system and understand their roles and responsibilities; explaining what risks and opportunities have been identified and how they are addressed.

Terminology: There are changes to terminology throughout the Standard to facilitate interpretation and/or to recognise that the way business is conducted and managed has changed over the last decade e.g. IT, communications, storage and access of information and acquisition of materials and services.  The main terminology changes are;

ISO 9001:2015 (DIS)

ISO 9001:2008

Products and services

Documented information

Environment for the operation of processes

Externally provided products and services

External provider


Documentation and Records

Work environment

Purchased product


Management Representative: There is no longer a specified requirement for a management representative to be nominated. Instead, there will be an increased demand on top management to demonstrate organisational leadership.

Exclusions: There will no longer be a requirement to specify and justify Exclusions. Currently a statement has to be prepared stating and justifying the clauses that do not apply to the QMS e.g. businesses who do not perform design activities exclude ISO 9001 clause 7.3 Design and Development.

Only 7 Quality Management Principles: The existing eight quality management principles are being reduced to seven and are set out in Annex B of the Standard. The principle of "A systems approach to management" has been dropped (probably because it was considered answered by having the QMS in the first place). The last principle "Relationship Management" replaces the previously titled "Mutually beneficial supplier relationships" and broadens its scope to encompass relationships with all interested parties, not just suppliers.

Documentation requirements: There is no specified requirement for a "Quality Manual". This reflects the fact that nowadays many businesses manage their documentation (policies, procedures, instructions, forms, records etc) electronically e.g. shared drives, public folders, intranet etc.

There is no longer a set of specified mandatory procedures. The requirement to have "documents" (in whatever medium is appropriate) is specified throughout the standard. Where there is a requirement, it will be stated along the lines of "retain documented information" or in the case where evidence (records) are required "maintain documented information". ISO 9001:2015 clause 4.4 Quality management system and its processes currently states "organizations shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned". The nature of those documents will be in context to the type of business, its approach to its QMS and the need to demonstrate compliance with the Standard, statutory, regulatory and contractual requirements.

Process approach: The requirements for applying the process approach have become a key emphasis in ISO 9001:2015. A whole sub-section within the Introduction section is dedicated to explaining the Process Approach and it has its own clause, 4.4. It requires businesses to systematically define and manage not just their processes, but also the interaction between them.  Companies who currently have simply written procedures for each clause of the Standard will have some work to do.

Planning: This now has its own section (6) and requires risks and opportunities to be taken into account when planning the QMS. Other requirements for planning i.e. planning to achieve quality objectives and changing the QMS in a planned manner have been carried forward from ISO 9001:2008.

Preventive action: This requirement has been removed. It is considered to be suitably covered by taking the risk based approach to quality management which will be one of the primary objectives of the QMS.  Annex A of the Standard currently states that "one of the key purposes of the QMS is to act as a preventive tool".

Purchasing: This now refers to the "external provider" as opposed to the "supplier" to help clarify that activities (products and services) which are outsourced e.g. subcontract treatments, services and hire are included and must be controlled as appropriate.  Previously the emphasis was on controlling purchased product.

Compliance: There is a general requirement throughout the Standard for businesses to know and understand what statutory and regulatory requirements (and any requirements from interested parties e.g. customer contractual requirements etc) it must comply with and ensure supplied products and services comply accordingly.  

Transition Planning

For companies already ISO 9001:2008 certified, the current standard will be recognized and can be audited against until the end of the three year transition period, likely to be September 2018. For companies seeking new certification, ISO 9001:2008 certificates can be issued up to the Standard's expiry date but Certificates must not exceed the expiry date of the Standard.  After this date all new certifications will be to ISO 9001:2015. Companies currently certified to ISO 9001:2008 do not need to panic or do anything yet (the Standard has not been finalised) other than perhaps think about existing systems and how they may have to change. However, don't leave everything to the last minute either and risk last minute fixes and re-visits resulting in additional Certification costs and poorly designed systems.

Due to the quality management system model developed and currently being used by SHA it is not envisaged that the transition will be a major upheaval or difficult task as a number of the changes are already adopted e.g. SHA's model has never included a Preventive Action procedure per se. SHA's new model for ISO 9001:2015 and ISO 14001:2015 has been successfully implemented, assessed and passed by UKAS accredited Certification Bodies at the first attempt for over 25 clients. The new model remains a simple, hassle free management system that supports the business. SHA will be happy to discuss and support transition with any client either through site visits or remotely. Please contact SHA for further information and/or to discuss your requirements.

ISO9001:2015, ISO13485, AS9100, ISO14001, OHSAS18001, certification, assessment, quality management consultant, QMS, iso auditor training, dorset, devon, somerset, hants, cornwall.

Steve Hill Associates LLP, 16 Mount Pleasant Avenue North, Weymouth, Dorset DT3 5HW, United Kingdom
Phone: +44 (0)1305 773092; Email:
Steve Hill Associates LLP is a limited liability partnership formed in England and Wales.  Partnership No. OC301889