What is ISO 9001?

ISO 9001 is the international standard for creating a Quality Management Systems (QMS), published by the International Organization for Standardization (ISO). The standard was updated in 2015, and it is referred to as ISO 9001:2015.

What is a quality management system?

The Quality Management System, which is often referred to as a QMS, is a collection of policies, processes, documented procedures, and records. This collection of documentation defines the set of internal rules that will govern how your company creates and delivers your product or service to your customers. The QMS must be tailored to the needs of your company and the product or service you provide, but the ISO 9001 standard provides a set of guidelines to help make sure that you do not miss any important elements that a QMS needs to be successful.

Why is ISO 9001 important?

ISO 9001:2015 is a standard for creating, implementing, and maintaining of a QMS for a company. As an international standard, it is recognized as the basis for any company to create a system to ensure customer satisfaction and improvement and, as such, many corporations require this certification from their suppliers.

ISO 9001 certification provides your customers reassurance that you have established a QMS based on the quality management principles of ISO 9001. In fact, ISO 9001 is such an essential and influential standard that it is used as the basis when industry groups want to create their own industry standards; this includes AS9100 for the aerospace industry, ISO 13485 for the medical devices industry, and IATF 16949 for the automotive industry.

What are the ISO 9001 requirements?

The structure of the ISO 9001:2015 standard is split into 10 sections (clauses). The first three are introductory, while the last seven contain the requirements for the QMS, against which a company can be certified. Here is what the seven main clauses are about:

Clause 4: Context of the organization – it includes requirements for

  • understanding your organization in order to implement a QMS
  • identifying internal and external issues,
  • identifying interested parties and their expectations,
  • defining the scope of the QMS,
  • identifying your processes and how they interact
  • regulatory requirements

Clause 5: Leadership – The leadership requirements cover the need for top management to

  • be instrumental in the implementation of the QMS
  • demonstrate commitment to the QMS by ensuring customer focus,
  • defining and communicating the quality policy,
  • assigning roles and responsibilities throughout the organization

Clause 6: Planning – Top management must also plan for the ongoing function of the QMS.

  • Risks and opportunities of the QMS in the organization need to be assessed,
  • quality objectives for improvement need to be identified
  • plans made to accomplish these objectives

Clause 7: Support – The support section deals with the management of all resources for the QMS, covering the necessity to control all resources, including

  • human resources, buildings and infrastructure, the working environment,
  • monitoring and measurement resources,
  • organizational knowledge,
  • requirements around competence, awareness, communication, and controlling documented information (the documents and records required for your processes).

Clause 8: Operation – The operation requirements deal with all aspects of the planning and creation of the product or service. This section includes requirements on

  • planning,
  • product requirements review,
  • design,
  • controlling external providers,
  • creating and releasing the product or service,
  • controlling nonconforming process outputs

Clause 9: Performance evaluation – This section includes the requirements needed to make sure that you can monitor whether your QMS is functioning well. It includes

  • monitoring and measuring your processes,
  • assessing customer satisfaction,
  • internal audits,
  • ongoing management review of the QMS

Clause 10: Improvement – includes the requirements needed to make your QMS better over time. This includes

  • the need to assess process nonconformity
  • taking corrective actions for processes

These sections are based on the Plan-Do-Check-Act (PDCA) cycle, which uses these elements to implement change within the processes of the organization in order to drive and maintain improvements within the processes.

How is ISO 9001 implemented?

  1. management support and identifying the customer requirements for the QMS,
  2. defining your quality policy and quality objectives,
  3. create the mandatory and additional processes and procedures necessary for your organization to properly create and deliver your product or service.

There are some mandatory documents that need to be included, and others to be added as the company finds them necessary. This creation of documents can be done internally by your employees, or you can get help through hiring a consultant. Once all of the processes and procedures are in place, you will need to operate the QMS for a period of time. By doing this, you will be able to collect the records necessary to go to the next steps: to audit and review your system and get certified.

Steps for a company to get ISO 9001 certified

For the company QMS to be certified, you need to first finish the implementation. After finishing all your documentation and implementing your processes, your organization also needs to perform these steps to ensure a successful certification:

Internal audit – The internal audit is in place for you to check your QMS processes. The goal is to ensure that records are in place to confirm compliance of the processes and to find problems and weaknesses that would otherwise stay hidden.

Management review – A formal review by your management to evaluate the relevant facts about the management system processes in order to make appropriate decisions and assign resources.

Corrective actions – Following the internal audit and management review, you need to correct the root cause of any identified problems and document how they were resolved.

The company certification process is divided into two stages:

Stage One (documentation review) – The auditors from your chosen certification body will check to ensure your documentation meets the requirements of ISO 9001.

Stage Two (main audit) – Here, the certification body auditors will check whether your actual activities are compliant with both ISO 9001 and your own documentation by reviewing documents, records, and company practices.