ISO 9001:2015 is designed to make the standard more generic and more easily applicable by service industries. Therefore, the term “product“ has been replaced by “products and services“ when specifically referring to the deliverables for the customer
The high-level structure and the core text established in Annex SL, Appendix 2, have introduced two new clauses related to the context of the organization:
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
These two clauses require the organization to determine the issues and requirements that can impact the planning of the quality management system (QMS) and can be used as input for the development of the QMS.
The stakeholder approach, considered one of the most modern corporate governance principles, is new. This approach is based on the assumption that long-term business success can only be ensured by considering the requirements of company stakeholders.
The approach has been described for many years in ISO 9004:2009, Section 4.4 “Interested parties, needs and expectations“, and has been introduced in the new standard. In comparison to “Customer Relationship Management“ (CRM), which only addresses the relationship between an organization and its customers, the principle of Stakeholder Relationship Management (SRM) goes significantly further. It tries to balance the relationship of the organization with all, or with the most important, stakeholders/interested parties. These could include direct consumers, suppliers and retailers and other parties along the supply chain, authorities and other relevant interested parties. As a new feature, the term “interested parties“ now also includes owners, people in an organization, bankers and even competitors.
Although ISO 9001:2015 now points out that organizations must determine the requirements of the relevant interested parties, there is no new requirement to ensure goods and services meet the needs and expectations of these parties (with the exception of customers and authorities). Such a requirement would necessitate a change to the scope of the standard that is not permitted by the design specification of the standard.
The ISO 9001:2008 standard promoted the adoption of a process approach when developing, implementing and improving QMS effectiveness. The new standard does so even more explicitly in Section 4.4 Quality management system and its processes. This sub-chapter lists the essential requirements of a process-focused management approach. Inputs and outputs of each process must be defined. In the future, the standard will require the measurement of performance indicators and the assignment of responsibilities.
The high-level structure and core texts specified in Annex SL, Appendix 2, does not include a clause stating specific requirements for “preventive action“. The reason is because acting as a “preventive tool“ is one of the key purposes of a formal management system. The emphasis on a risk-based approach is referenced in many places in the standard, from risk assessment in sub-clause 4.4 “Quality management system and its processes“, leadership issues in sub-clause 5.1.1 and a separate sub-clause in Section 6.1.2 “Actions to address risks and opportunities“ to risk-based approaches in “Operational planning and control“ (clause 8.1) and “Management review“ (clause 9.3). While ISO 9001:2015 demands that risks are identified and acted upon, there is no requirement for standardized risk management.
The term “documented information“ replaces the previous terms “document“ and “record“. The intention was to give users more flexibility. This also applies to process descriptions. The organisation determines the extent of documented information on processes, depending on factors such as process complexity or employee competence. Documented procedures previously required by the standard are no longer necessary.
ISO 9001:2015 increases “management responsibilities“. The responsibilities of a Quality Management Representative now rest with top management but can still be delegated.
The scope of the management review is extended by the addition of the aspects “strategic direction of the organization“, consideration of the “relevant interested parties“ and “assessment of risks and opportunities“ at a strategic level.