Below we’ll list the four main reasons you should consider implementing ISO for your organisation.

Why pick us as your ISO 9001 consultant?

Get an ISO 9001 Quotation

What is ISO 9001

ISO 9001 is an international standard for Quality Management Systems.  This standard can be used to demonstrate that your organisation can consistently deliver its products and services in line with customer and other requirements.  ISO 9001 is not industry specific and is suitable for organisations of all sizes regardless of the services or products they provide.

What does ISO 9001 cover?

ISO 9001 is built on a common framework for ISO management standards known as ISO Annex SL (also known as Annex L from the 2019 edition) which sets out the common headings for ISO standards to follow.  The main headings contained in this and other ISO standards are:

Sections 4 to 10 contain the main provisions for organisations to implement when setting up, maintaining and continually improving their Quality Management System.  Here’s a breakdown of sections 4 to 10 and what is required:

What are ISO 9001 requirements?

From the 10 sections within ISO 9001, Sections 4 to 10 contain the requirements for a quality management system to fulfil for certification.  The requirements of sections 4 to 10 include:

4. Context of the organisation

The organisation must identify internal issues and external issues that affect its ability to achieve the quality management objectives.  The organisation must also identify the various stakeholders and the relevant requirements of these stakeholders.  The standard refers to stakeholders as “interested parties”.

5. Leadership

Top Management must demonstrate their leadership and commitment to the Quality Management System by developing a quality policy and quality objectives, providing the necessary resources, integrating the quality management system into the organisation’s business processes, identifying customer and applicable regulatory requirements, maintaining focus on customer satisfaction, and assigning and communicating responsibilities and authorities for relevant roles.  Top Management is defined in ISO 9000 (ISO 9000:2015 Quality management systems — Fundamentals and vocabulary) as the “person or group of people who directs and controls an organization at the highest level”.

6. Planning

Planning the Quality Management System requires consideration of internal and external issues and stakeholder requirements identified under section 4, and determining risks and opportunities to be addressed to ensure the quality management system achieves its objectives. The organisation must define its specific and measurable quality objectives, and control any changes it deems necessary for its management system.

7. Support

Organisations must provide the necessary resources for the establishment, implementation, maintenance and continual improvement of the Quality Management System, including people, infrastructure, environment for operation of the processes, resources for monitoring and measuring, and ensuring organisational knowledge is maintained and made available.

Organisations must also determine the necessary competence of persons working under their control that affect the performance and effectiveness of the Quality Management System.  Evidence of competence or actions taken to achieve it must be retained.

The necessary competence of persons working for the organisation must be determined, and these persons must be competent on the basis of their education, training or experience.

Persons working under the control of the organisation must be made aware of the quality policy, relevant quality objectives, their contribution to the effectiveness of the quality management system and the implications of not conforming to requirements.  Additionally, organisations must determine what will be communicated, when (under what circumstances and within what time constraints), to whom, who will do the communicating and the process for such communications.

When creating and updating documentation, the processes must provide for appropriate identification, description, format, media, and review and approval for suitability and adequacy.  Document control must address additional points such as: distribution, access, retrieval and use, storage and preservation, control of changes, and retention and disposition.  Document control processes must also address documentation of external origin.

8. Operation

Section 8 of ISO 9001 contains significantly more detail than other standards such as ISO 45001 or ISO 14001.  The sub-sections from 8.1 to 8.7 will be dealt with individually below.

8.1 Operational planning and control

The processes must be planned, implemented and controlled.  In addition, criteria for the processes and for the acceptance of products and services must be determined.  To the extent necessary, records must be kept to have confidence that the processes have been carried out properly and that products and services meet requirements.

8.2 Requirements for products and services

The organisation must determine the communications it is to have with customers, including information relating to products and services, enquiries and order handling etc.

Requirements for products and services must be defined and the organisation must ensure it can meet any claims made.

The organisation must retain records of reviews conducted to establish it can meet requirements for products and services.  Customer requirements must be confirmed prior to acceptance and must retain records of reviews and any new requirements for products and services.  Changes to requirements for products and services are to be documented and communicated to relevant persons.

8.3 Design and development

The organisation must establish, implement and maintain a process for design and development.  There must be proper and controlled planning of design and development.  Inputs must be determined and documented.  Controls must be applied to ensure design outputs meet requirements.  Outputs must meet input requirements, be adequate for the provision of products and services and be documented.  Changes to design and development must be identified, reviewed and controlled.  Records of changes and their review must be retained.

8.4 Control of externally provided processes, products and services

The organisation must ensure outsourced or procured services, products and processes conform to requirements.  The controls to be applied must be determined and applied, including determining criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers.  There must be suitable and adequate communication with external providers regarding the products, services and processes to be provided, approval methods to be applied, competence requirements, interactions with the organisation, control and monitoring of the providers performance to be applied by the organisation, and verification or validation activities that the organisation (or its customers) intended to perform at the external provider’s premises.

8.5 Production and service provision

This section requires the organisation to carry out the provision of its services and production in a controlled manner, including through the provision of documented information which outlines the products, services or processes to be provided to the customer and the results to be achieved, the availability and use of suitable monitoring and measuring resources, implementation of monitoring and measuring, appointment of competent persons, and implementation of release, delivery and post-delivery activities.

The organisation must identify the outputs as necessary, and identify the status of outputs throughout production and service provision.  Where required, the organisation must also control the unique identification of the outputs when traceability is a requirement – and must retain records of such traceability.

Property belonging to customers and external providers must be minded, and any damage or loss of their property must be reported to them without delay.  Property belonging to the customer or external provider can include materials, equipment, tools, premises, intellectual property and data.

The organisation must determine and meet requirements for post-delivery activities, including any required by statutory and regulatory requirements, potential undesired consequences associated with its products and services, the nature, use and intended lifespan of its products and services, and customer requirements or their feedback.

Changes to products and services must be carried out in a controlled manner.  Changes must be reviewed and evidence of this review must be retained.

8.6 Release of products and services

ISO 9001 requires organisations to carry out, at planned intervals throughout the provision of products and services, the necessary arrangements to ensure they meet requirements at all stages.  Products and services must not be released to the customer until the organisation is satisfied that all requirements have been met.  This section of the standard requires the organisation to retain evidence that the requirements have been met and who authorised release of the products and services to the customer.

8.7 Control of nonconforming outputs

Where outputs do not conform to requirements, the organisation must ensure that these are identified and controlled whether by correction, segregation and containment, informing the customer, or obtaining authorisation from the customer for acceptance under concession.

Records must be retained in respect of the nonconformity, actions taken, and the identity of the authority deciding the action to be taken.

9. Performance evaluation

ISO 9001 requires organisations to determine what needs to be monitored and measured, the methods for monitoring and measuring, the timing of such monitoring and measuring, and when the results of monitoring and measuring will be analysed and evaluated.

The organisation decides what it is that will be monitored, measured, analysed and evaluated, but will be required to keep documented information of the results of monitoring and measuring.  The organisation is required to evaluate the performance of the quality management system and retain records of any such evaluation.

Organisations must audit their quality management system, and must plan, establish, implement and maintain an internal audit programme based on the importance of the processes and the results of previous audits.

Management must hold an annual review of the quality management system to ensure its ongoing suitability and effectiveness.  Topics to considered and reviewed include: changes in issues identified under section 4, trends in non-conformities, customer satisfaction and feedback of interested parties, process performance and conformity of products and services, nonconformities and corrective action,, results of monitoring and measuring, audit results, performance of external providers, adequacy of resources, effectiveness of actions taken to address risks and opportunities, and opportunities for continual improvement.

10. Continual improvement

Arrangements must be developed and implemented to deal with non-conformities as they arise, including determining their causes, implementing the necessary actions needed, reviewing the effectiveness of corrective actions, and making changes to the quality management system where required.  These steps are commonly managed through a nonconformity and corrective action process.

Organisations must continually improve the suitability, adequacy and effectiveness of their quality management system.

ISO 9001 FAQ’s