ISO 9001 in a Nutshell
This is a summary for the current version: ISO 9001:2015 for quality management systems.
To get certified to ISO 9001 you must meet all the applicable requirements (things you must do or have).
ISO 9001 in a Nutshell
4. Requirements for the Organisational Context
- your company ‘environment’ and any relevant issues for your management system; this includes any legislation applying to your products/services, statutory requirements, etc.
- any parties with a relevant interest: clients/customers, of course, but there may also be others; know what they require and expect
- the products and/or services the management system will apply to.
Decide on the scope of your system and write it down, taking the results of thinking about these things into account. Identify the processes and documented information you need for the quality system. Operate, maintain and improve your system.
5. Requirements for Top Management
Top management must lead the way, and demonstrate their leadership and commitment. They must be fully accountable for their QMS, its effectiveness and for achieving the results wanted. They must ensure the system and its processes are fully integrated into the business (not a thing apart). They must ensure all applicable requirements are consistently met, and maintain the focus on enhancing customer satisfaction. They must have a suitable written quality policy, and ensure it is understood and used. They must ensure responsibilities and authorities are assigned and understood. This includes those for making sure processes achieve the results planned, the system is maintained (even when things change), suitable reporting on performance is done (see clause 10) and that the system itself meets the requirements of ISO 9001.
6. Requirements for Planning
Do it! Do suitable planning, including risks and opportunities. Taking context, interested parties and scope into account (clause 4), identify the risks and opportunities to address, so as to to achieve the outcomes you want, for the business, and its processes, services or products. Plan how to manage these, depending on their nature, importance and risk,
Write a set of quality objectives, aligned to what you said in your quality policy. Make sure they’re measurable and relevant, and that they suit your business and what it does. Plan how to achieve them: who will do what when, and how the results will be evaluated. Use them (see clause 10). Note: planning for your services / products is required in clause 8.
7. Requirements for Support
Decide what resources and support you need for the QMS to operate and for services/products to meet all applicable requirements and provide it.
This includes having:
- competent people, and ensuring they know what your QMS requires
- the necessary infrastructure and environment.
If your system includes monitoring/measuring to get valid results, provide the necessary resources (equipment, devices, tools, etc.). If measurement traceability is required, calibrate your measuring equipment. Keep evidence that shows you do this.
Documented information: decide what you need, create it, have it available as needed, and manage it. Control the written information that you need to operate, both internal and external information. Maintain the knowledge in your business and make it available.
8. Requirements for Operations
Plan and use the processes you need to achieve your objectives and make sure your services /products meet all the applicable requirements. Have suitable ways to communicate with your customers, so they get accurate information from you, and you respond to their enquiries, orders or feedback. Make sure you have requirements clear (whether customers, yours, any legislative/statutory ones, etc), and can fulfil the order, before you agree to supply. If things change, manage that. If design applies: have a process to ensure it is done under suitably controlled conditions and the required result is produced. Have suitable documentation for and of the process, including planning, inputs, outputs, as well as controlling any changes that may occur.
9. Requirements for Evaluating Performance
Evaluate how your QMS performs and whether it is effective, with evidence showing you do it. Includes decide what to monitor and measure, the data needed for that, analysis and evaluation of the data, and monitoring the perceptions of your customers.
Have a program of internal audit that informs management whether you’re meeting requirements (yours and 9001’s), and if your QMS is effective and maintained. Have evidence to show this.
Top management must review all aspects of their QMS at suitable planned intervals, to make sure it remains suitable and aligns with the strategy. Includes review of various mandatory inputs and having information to demonstrate this and records of decisions and improvement opportunities.
10. Requirements for Improvement
Continually improve. Pick things to improve (products/services/processes/the QMS) and improve them, to meet the requirements of your customer s and ‘enhance’ their satisfaction. Manage nonconformity. Take corrective action that is suitable and appropriate for the type of NC and its impact. Do this by analysing the NC, determining the cause/s, taking action if required, including changes to QMS if needed, and reviewing the outcome to see if it was effective.
- the numbers in the headings are the clause numbers of the Standard. They start at 4 because the requirements are in sections 4 to 10 of the Standard. 1-3 is the Introduction, Scope and References.
- sections 4,5 and 6 are now common to all ISO standards for management systems.
Disclaimer: This is a deliberately simplified summary for the current (2015) version. No representation or warranty is made for the accuracy or the completeness of the contents. We specifically disclaim any implied warranties or fitness for any particular purpose and will not be liable for any loss of profit or any other commercial damage as a result of your acting or relying upon any of this information.
Author: Jane Bennett