Analysis of the new edition ISO 9001:2015

David de Pablo and Armaan Hussain Farshori

Masters Mechanical Engineering, Halmstad University.

Abstract
International Standard Organization also known as the ISO plays an important role in the quality
management for organizations. In this paper we have compared two editions of the ISO 9001 that are
9001:2008 and 9001:2015 which is the latest edition using many references from some scientific articles,
the official standards and the internet as well. The aim is to identify and extrude the differences between
the two editions and show how and where one is having additions or similarities. The study mainly
focuses on the chapters and its topics which gives an overview of the ISO 9001:2015, while
simultaneously comparing them with the ISO 9001:2008. The study also shows the importance of the ISO
9001:2015 standard on how it needs to demonstrate its ability to provide products and services that meets
interested party requirements, applicable requirements and regulatory requirements and its aim to enhance
customer satisfaction through effective application of the system. All requirements are generic and are
intended to be applicable to all organizations, regardless of type, size and product provided.
Keywords
ISO 9001:2008, ISO 9001:2015, management, quality, edition, product, service, requirement.

1 Introduction
Quality exists since trade does. Quality was a way of avoiding poor product manufacturing in order
to prevent bad reputation as in the medieval age where apprentices were examined by their masters to
work at the guild. Industrial revolution began the production of interchangeable parts and machine tools.
Manual labour was much more efficient, simplified and standardized for work tasks. Proposal of
separation of functions was made for workforce, owners and consumers between execution, controlled
sharing and productivity gains respectively. Quality kept on playing a major role in industrial growth.
After the World War II in Japan for the first time W. Edwards Deming introduced quality management,
which soon reached America.
In today’s world, the importance for quality systems for organizational excellence is becoming more
and more essential because it ensures a consistent and desired product quality. In 1946 an organization for
standardization composed by representatives from 91 nations was launched and it was called International
Organization for Standardization. Then they changed the name to ISO, which is a scientific term for
equal. The standards became especially important when the Treaty on European Union was signed at
Maastricht, the Netherlands in 1992.
ISO 9000 series was launched and the quality standards written in 1987 and it became a worldwide
quality management base for organizations, regardless of their size and what they produce. ISO 9001 first
in the series made a huge footprint on global economy, there are more than one million firms certified
against the standard. It has been globally adopted as well as in most industrial sectors. The numbers of
firms adopting the standard are increasing day by day and many companies still encourage their supply
chain partners to seek certification.

17
 Research and study has revealed that effective implementation of ISO 9001 can benefit organizations
in improving management control, efficiency, productivity and customer services. Not proceeding by the
standards can make you lose customers, given the intensification of the competitive environment in global
and national trade with the aim of attracting new customers and retaining the existing customers. It also
helps in continuously monitoring and managing quality across all operations. As the world´s most widely
recognized quality management standard, it outlines ways to achieve as well as benchmark consistent
performance and services. With ISO 9001 you can put in place processes that allow you to improve the
way you operate at all levels.
ISO 9001 was revised in 1994, 2000, 2008 and 2015. ISO 9001:1994 consisted on twenty
fundamental elements of basic quality system. ISO 9001:2000 reflected a completely new structure based
on eight quality management principles. ISO 9001:2008, which was the one in effect previously, provides
a structure for basic quality assurance system of four major areas: management responsibility resource
management, product realisation and measurement, analysis and improvement.
This month a new review is out, the ISO 9001:2015 and to get it setup in companies it´s got a three
year time period. This review started on 2012 and is going to be a huge change in the standards. What is
being looking for is making the certificated companies more competitive by the year 2020.
In the previous paragraphs it is shown that the standards have been changed and revised as the world
changes. This article is going to be a comparison between the new ISO 9001:2015 versus the old one
from the year 2008, what its changes are and how to fulfil them. The complete picture will be given
through the draft that are out in the previous months and there may be some minute changes to come
when finally the standards are released.

2 ISO 9001:2015
In Mid 2014 the first draft of the committee TC 176 on ISO 9001:2015 was published. The
international draft ISO 9001 was issued in the month of May, 2015, known as DIS. And now the final
edition is out. The new ISO structure is divided into ten chapters. As given in the previous standards,
some have general information about the document and some are about requirements.
First three chapters have general information about the standards whereas in some definitions there
are a few changes, for example, the word “product” in ISO 9001:2008 includes all output categories,
whereas in this edition it uses the term “product and services” for all output categories (hardware,
services, software and processed materials). For considering a service, at least a part of the output has to
be realized at the interface with the customer.
Once these new meanings are clarified we can keep on understanding all the chapters one by one in
the new edition of the ISO. Chapter four onwards the requirements begin, which all will be explained
further in this article.
4 – Context of the organization.
4.1 – Understanding the organizational and its context.
This is the first requirement of the new ISO 9001:2015. Apparently this is completely new but
actually it is in section 0.1 of ISO 9001:2008 in an implicit way.
What this requirement is about is that now the organization has to identify all the relevant internal
and external issues for its strategic direction. Something important to note is that these issues are limited

18
only to those that have a real impact on the results of the quality management system. It is not necessary
to identify issues that affect the conformity of the product or service.
The topic of the organizational context is similar to when analysing environment is made in a
strategic planning process, where all the technological, cultural issues, market, social, economic, etc.
come into account that may affect the strategies of the organization, with a difference that this particular
case is focused on the product of service.
This requirement is a common requirement for other management systems such as ISO
14001:2015, ISO 45001:2016, ISO 22000, etc.
4.2 – Understanding the needs and expectations of interested parties.
In this new edition of the standard customers alone are not the priority, it also speaks about the
stakeholders, this means identifying all organizations, institutions, individuals etc. relevant to the quality
management system and to determine their requirements, monitor them and review them as well.
4.3 – Determining the scope of the quality management system.
This requirement is not new as in 2008 edition it is necessary to have range, but it does have some
changes.
First, the scope must establish taking into account the organizational context and stakeholders.
This requires a certain way, an organization does not simply implement a system. It does it in order to
provide value to its strategic direction and its stakeholders. For example, organizations usually include
only one area in the range of the system, simply because it’s easier. However, in the 2015 edition it will
be necessary to consider all external and internal aspects and requirements of stakeholders to determine
whether to include that area alone. In other words the scope must be justified.
The other point about this section is that the standard does not define what requirements can be
excluded like in the 2008 edition. Rather the rule simply tells you that “if the requirements determined as
not being applicable do not affect the organization’s ability or responsible to ensure the conformity of its
product and services and the enhancement of the customer satisfaction.” (International Standards, final
draft. ISO/FDIS 9001:2015). In other words, the rule ends the possibility whether to apply any
requirements, provided it is justified.
The edition of ISO 9001:2015 does not use the word exclusion, instead obligatory is used. The
organization can review the applicability of requirements depending on the model, management,
organization size, range of activities etc.
4.4 – Quality management system and its processes.
In this section are the requirements same as in the 4.1 of the ISO 9001:2008, but with some
modifications, they are stronger in the process approach, which is demanding the identification of the
inputs and outputs of the identified processes. There is also the requirement relating to the identification
of risks and opportunities that will be discussed in detail in chapter six.

5 – Leadership. This section was previously known as management commitment. It is almost the same
but with slight modifications.
5.1 – Leadership and commitment.

19
 The responsibilities of senior management are almost the same, except that now the emphasis is
on management to promote the process approach, integration management system, the quality of business
processes. In other words the system is not a separate element of the organization, but part of the core that
generates value for the company. Finally, supporting and directing people and positions relevant to
management so that they can contribute to the effectiveness of the quality system.
This section also establishes a new requirement that is the responsibility of management to ensure
risks and opportunities that may affect the conformation of products and services are identified.
5.2 – Policy.
There are no big changes in this section from the requirements of ISO 9001:2008. The only thing
worthy of mention is that this policy in addition to being appropriate to the organization must also be
appropriate to the organizational context.
5.3 – Organizational roles, responsibilities and authorities.
The main difference in this topic between ISO 9001:2008 and 2015 is only that there is more
flexibility to choose who is going to be in charge of these responsibilities. In the 2015 edition it is not
compulsory that a representative of the senior management should take this role, instead they must assign
these responsibilities to one or more person or they can assign it to themselves.

6 – Planning. This is a completely new section that addresses purely about planning. However, we can see
that there were some requirements that were shifted in here, such as Quality objectives.
6.1 – Actions to address risks and opportunities.
This is a new topic added in the ISO 9001. However, it is important to note that the ISO
9001:2015 does not require risk management system. But rather an organization to identify risks that may
affect the quality system and the conformity of the product or service, so that the system can plan based
on this information. In other words, what the standard requires thinking is an approach based on risks and
not a system for managing risks. The most important thing about it is that the rule talks about
opportunities. That is, when we talk about risks we usually associate it with something negative that we
mitigate, eliminate, reduce their impact, etc. But we also have opportunities for which we want to increase
the impact and likes of occurrence and these opportunities must also be identified in this planning.
With the inclusion of this requirement, it is observed that the standard is oriented and
implemented by a much more proactive and better planned system.
6.2 – Quality objectives and planning to achieve them.
This section contains essentially the same requirements as of ISO 9001:2008 related to quality
objectives. The only difference is that now the emphasis is on planning the achievement objectives. That
means, it is now necessary to define what it is going to do, what is required, who is responsible, when it
will be completed and then the results will be evaluated.
6.3 – Planning of changes.
This topic might seem new, but it is kind of an extension of the requirement 5.4.2b of the ISO
9001:2008. Now the need to plan the changes that occur in an organization is more explicit, taking into

20
account the consequences of these changes, the integrity of the quality management system, the
availability of resources and the allocation of responsibilities.
This is an important requirement for systems that fail simply because the changes are not planned.

7 – Support. This section corresponds to the chapter 6 of the ISO 9001:2008 named Resource
Management.
7.1– Resources.
This topic is very similar to the standard from 2008 6.1 – Provision of resources. A difference
between the edition of ISO 9001:2015 and the 2008 edition is now emphasized that the resources needed
to determine the organization should consider the capacity constraints of the current resources and needs
that must be obtained from external providers. This section of the edition regulation also includes a
requirement that calls for the organization to provide the necessary staff for the quality management
system to operate effectively on its processes. This process goes a bit beyond the competence of staff,
because this also means that the number of people assigned to a process is adequate to meet the
requirements.
On the other hand, the issue of calibration is transferred to this section, unlike the draft the
committee published a few months before the ISO 9001 makes 2015. This was an international draft
which had flexible theme calibrations. DIS amendment introduced this draft so that the requirements
associated with the calibration remains almost identical to the previous edition of ISO 9001:2008.
Finally, a new requirement that was introduced in this section is organizational knowledge, which
states that the organization determined the necessary knowledge to achieve conformity of products or
services.
Compared to the ISO DIS 9001:2015, It introduces a couple of explanatory notes on this
requirement stating that the knowledge can include lessons learned and intellectual property, and that
some forms of purchase are through learning successful or unsuccessful projects, standards, conferences,
academia, etc.
7.2– Competition.
In this topic there was no change and the requirements remain the same as laid down in the ISO
9001:2008 edition.
7.3– Awareness.
Although this topic is new, the requirements are actually an extension of the existing ISO
9001:2008. This topic states that people should be aware of the quality policy, the objectives of the
relevant quality and contribution to the effectiveness of the quality management system and the
implications of not confirming the requirements of QMS. It is similar to the requirement of 6.2.2d of ISO
9001:2008.
7.4– Communication.
This topic is very similar to 5.5.3 of ISO 9001:2008. The main change regarding this requirement
is now that it is also considered external communication. Moreover, the requirement is much more
explicit about what needs are required in the issue of communication.

21
 The ISO 9001:2015 identifies what to communicate, when to communicate, with whom to
communicate, who to communicate and how to communicate.
7.5 – Documented information.
This is the counterpart of the document control paragraph 4.2.3 and 4.2.4 which records control of
the edition of 2008. While these requirements are maintained in essence, there are some interesting
changes that are worth commenting. One of the main changes in relation to the control of documentation
is the fact that the rule does not ask documented procedures, but rather documented information. This
means that in some way the standard gives greater flexibility to the company to decide what kind of
document would be operating and controlling processes. In the DIS version of this standard some
important level of terminology is highlighted. Where the 2008 version of the standard says “documented
procedure”, the 2015 version says “updating documented information” and the ISO 9001:2008 tells of
“records” whereas ISO 9001:2015 states “control of documented information”. As we see, there is a
difference between updating and updating the standard, where maintaining means having a document that
describes how to do a process or activity, while hold means leaving support information, this does
generate some confusion and complicates the study of the requirements of this standard especially for
those who are not technical in this language standardization. The new version also demands a Quality
manual, unlike previous versions. This means that the organization decides whether or not to have a
quality manual. In this sense the rule is placed at the same level of other management system standards
such as ISO 14001, OHSAS 18001, ISO 22000, etc. which does not require manual system.

8 – Operation.
This section is equivalent to section 7 – Product realization of the existing standard. This section was
virtually identical in relation to the edition of 2008, introducing slight changes and a reorganization of the
requirements. The main changes are as follows:
Reorganization of “Design and development”. The essence of these requirements does not change,
but the way they have been organized facilitates the understanding.
The theme of providers is unified by the theme of external processes as in the current version both
subjects are in different sections. For example, the standard states about controlling external processes in
the 4.1 and 7.4, but in the new version both subjects are part of the Section 8. Something that stands out in
the new version is that external processes are part of the scope of quality management system, which is
not explicitly stated in ISO 9001: 2008.
The requirement for post-delivery activities, which is not new in ISO 9001, is extended. What is new
in this edition is that standard is now made explicit and the need to consider the risks through nature and
life of the product or service as well as customer feedback and legal requirements are to be defined and
met for all the activities post-delivery.
There is a new control related to the product and service requirements, and change of control is not
new to the ISO 9001:2015, since in 2008 edition there is a requirement 5.4.2b which states precise
planning changes, this requirement is in 2015 edition 6.3. However, this section primarily refers to those
that could affect the quality management system, while controlling changes discussed in section 8.5.6 and
in the new standard are those that are unplanned and can affect the provision of the product or service. In
short, the rule states planned and unplanned changes in control.

22
9 – Performance evaluation. Although this section is new, much of the content is not. This section is
basically equivalent to the section 8 of the standard ISO 9001:2008, which states the issues of monitoring,
measurements and internal audits.
9.1 – Monitoring, measurements, analysis and evaluation.
Planning for monitoring and measuring customer satisfaction and data analysis are the topics
covered here.
Planning for monitoring and measurement is not new, it is similar to section 8.1 of the 2008
version. However, the added modifications are the highlight with a much clear requirement and a greater
emphasis on planning for monitoring and measurement. The rules state that one needs to determine what
is to be measured and monitored as well as when this measurement was performed and when should the
results be analysed. ISO 9001:2015 is now mandatory information documented as evidence of results
obtained from these segments. This is not explicitly mentioned in ISO 9001:2008, but in the end it is a
common practice to leave evidence measurements.
With regard to customer satisfaction, this requirement remains virtually unchanged. As for data
analysis, which is now referred as analysis and evaluation highlights some important changes. In the
section 8.4 of standard ISO 9001:2008, states to perform data analysis and as a result of this analysis
information should be obtained on customer satisfaction, conformity to product requirements, processes
and trends, products and suppliers.
In 2015 edition results of analysis and evaluation must include all the above and also to show that
the planning has been effectively implemented as well as there is a determined need on opportunities for
improvements. This is very important as in many organizations, as the data is used just to show whether
they are compliant or not. The compliance should be ensured of a quality management system.
9.2 – Internal audit.
This topic has a very important change. In the 2008 edition, the rule states that the internal audits
should be planned taking into accounts the results from the audits as well as the status and importance of
the processes. Whereas in the new edition other criteria should also be considered for planning the audits,
such as the quality objectives, customer feedback and changes that involve the organization.
9.3 – Management review.
The aim of the management review remains the same, with the only difference of the inputs that
are introduced such as issues related to external suppliers and stakeholders, effective actions taken for
risks and opportunities and suitability and the resources required to maintain a system of effective quality
management.
10 – Improved.
10.1 – General.
Compared to 8.5.1 of ISO 9001:2008, which will have an equivalent clause to 10.1 of the new
edition, there is a change for the requirement of writing but the essence remains the same. Now the
standard stresses that some actions should be improved as the processes prevent non-conformities, the
products and services available to meet known requirements as predicted, the results of the quality
management system.

23
10.2 – Nonconformity and corrective action.
The main change in this topic is that there is no longer the concept of preventive action. Although
it appears that the standard has eliminated this type of action, but what actually has been done is to change
it to something better like risk management. The intention is that the organizations analyse the potential
risks and take action to prevent or mitigate the risks identified. As for corrective actions, there was no big
change, only stresses which now includes a couple of explanatory notes, which states that there may be
occasions when it will be impossible to eliminate that root cause of a non-conformity, so that the
corrective action may be intended to reduce the possibility of occurrence. The focus mainly remains on
eliminating the root causes as for some cases it is impossible or expensive to eliminate, so the focus turns
towards the probability of occurrence.

3 Conclusion
This study contributes showing the standards helping to handle common topics on improvements in
an organization and integrate them easily. This edition is completely compatible with other quality
systems such as lean manufacturing, six sigma, etc. The organization only needs to learn how to
implement. The new edition ISO 9001:2015 has ten points, and they are based on Plan-Do-Check-Act.
The norm here shows quiet an explicit intention with continuous improvement while adapting changes in
quality management taking risk based thinking to support, improve and understand the application of
process approach and customer feedback. The study shows that the previous edition of the ISO 9001:2008
was only limited, when compared to the latest edition of the ISO 9001:2015 which is defined with more
precision in products and services as well as customer needs as it tries to involve more. It provides a
major emphasis on achieving desired outcomes to improve stakeholder’s satisfaction, and necessary
knowledge to achieve conformity of products and services determined by the organization. There is also a
major change in the issue of communication, as the requirements is much more explicit about what needs
are required. This new edition reaches a wide range of organizations.
The ISO 9001:2015 is not the last edition, as the standards are in a continuous process of
improvement. Organizations have been provided with a three year period for adapting the new edition and
in 2017 all the approved licenses will be extended through this new edition of ISO 9001.

“ISO 9001 offers more than quality benefits. The standard should be thought of as a
business management tool an organization can use to drive value, improve its operations and
reduce its risks.” - Oscar Combs, Standard Wise.

4 References

4.1 Standards
International Standards, final draft. ISO/FDIS 9001:2015
International Standards, ISO 9001:2008

24
4.2 Books
James R. Evans and William M. Lindsey. Managing for Quality and Performance Excellence,
international edition.
Bjame Bergquist, Kevin Foley, Rickard Garvare, Peter Johansson. Chapter twenty, Reframing
Quality Management.

4.3 Scientific articles

Hugo Gonzalez. New ISO 9001 2015 version.
Carlos A. De Gracia Núñez. The structure of the future standard of management systems and their
impact in standards ISO 9001:2015 and ISO 14001:2015
Roberto Diaz Genes. Comparison between ISO 9001 from 2008 and the new 2015.
José Antonio Gómez expert in ISO/TC 176 SC 2/WG 24 Technical Guidance
Rafael J. Mateo. Analysis of the international draft DIS ISO 9001:2015.
Borut Rusjan. Capitalising on ISO 9001 beneficts for strategic results.
Certification AENOR. International Accreditation Forum, Inc. IAF Informative Document.
Transition Planning Guidance for ISO 9001:2015

4.4 Online sources

ISOTools. ISO 9001. www.isotools.org
Anderser Ingeniería. ISO 9001:2015, Principal changes in the new ISO 9001:2015.
www.iso90012015.com.ar
DNV GL – Business assurance. ISO 9001:2015 quality management. www.dnvba.com

25