What can we expect in the new ISO 9001:2015 standard?

As explained by Koos Gouws 

Quality practitioners the world over are waiting with bated breath for the final publication of the new ISO 9001 standard. We have all heard that the changes are significant, and we want to know how these changes will impact on the business. Quality auditors are especially worried about how the new system will be audited.

One of the reasons for the introduction of the new standard is to align it with the other major management system standards, namely ISO 14001 (environmental management) and OHSAS 18001 (health and safety management). These 2 standards are also undergoing major change, with OHSAS 18001 being replaced by a brand new standard, namely ISO 45001.

Although we have only studies the draft international standard (DIS) at this stage, we have reason to believe that when the final draft international standard (FDIS) appears (about February 2015), there will not be any significant changes. 

Changes that some will find daunting is a new structure, and new terminology being introduced. There is a new concept 'the context of the organization', which replaces the old 'scope'. It now looks much wider at the internal and external context of the organization's quality management system (QMS).

The use of the newly adopted Annex SL by ISO for all standards (SHEQ) means that the standard will no longer present us with a simple template for the elements of the QMS.

Structural changes

The structure is radically changed, from the current 8 main clauses to 10 main clauses. 

The high level view looks as follows:

· Scope
 · Normative references
 · Terms and definitions
 · Context of the organization
 · Leadership
 · Planning
 · Support
 · Operation
 · Performance evaluation
 · Improvement

While we have new clauses added, the essence of the old standard has not disappeared. But it has been enhanced and in some cases radically changed.

If we look at the structure in the broader context, the following provides a good summary of the standard:
· Understanding the organization context
 · Leadership
 · Policy and responsibilities
 · Process for planning and consideration of business risks
 · Process for support, including resources, people and information
 · Operational procedures related to customer, product and services
 · Process for performance evaluation
 · Process for improvement
The new structure still fits neatly into the Deming Cycle (Plan, Do, Check, Act).

Terminology changes

In the DIS version, the following terminology is used:
· Products and services (previously 'products')
 · Documented information (previously 'documents' and 'records')
 · Environment for the operational processes (previously 'work environment')
 · Externally provided products and services (previously 'purchased product')
 · External provider (previously 'supplier')

What does the new standard mean for my company?

Companies will have to establish a QMS to determine the relevant internal and external issues. There is a move away from an inwardly focused approach to one where the external factors are equally important.
The main buzz is about the adoption of a business risk based approach when developing the QMS.
What is in and what is out?
For starters, the confusing requirement for a preventive action process is no longer there. It has been replaced by the requirement to use the risk based approach. This is already the case in many industries, such as food, cosmetics, pharmaceuticals, etc.
In reality we are automatically dealing with business risks on an ongoing basis. The need is to formalize the process, which should have significant benefits for the organization.
The exclusion clause in the old standard is no longer there. In other words, we do not formally exclude anything. The reason for this is the different way in which the requirements are now stated in the standard.
The term 'continual improvement' is now replaced by 'improvement'. This is the results of the new standard making more explicit the use of the quality management principles.

The process approach is still there. But it is clearer:as can be seen in the following diagram:

Another change is, wait for it, no more mandatory procedures! There is also no more quality manual, and no more requirement for an appointed management representative.

'Leadership' replaces 'management responsibility'. It means that top management will have a much more active role to play in the design, implementation and maintenance of the system. This is also evident in the fact that a business risk based approach has to be used.

Monitoring and measuring resources' replaces 'control of monitoring and measuring equipment. 
The title of the old clause 'planning for product realization' is reworded to 'operation planning and control'.

'Human resources' is replaced by 'organization knowledge'.

What about the 8 quality management principles?

Thankfully a few positive changes have been made to clarify the principles. We now have only 7 principles:
· Customer focus
· Leadership
 · Engagement of people
 · Process approach
 · Improvement
 · Evidence based decision making
 · Relationship management


Existing certification will have until 2018 to be converted to the new standard. It is expected that the new standard will be published in September 2015.

It would be wise not to wait until the last minute to align current systems with the new requirements. The new standard is much more complex.


While the changes are in general good, it will be a challenge for auditors to make the transition from the current standard to the new standard. They will have to become much more business orientated (almost like obtaining a mini-MBA!).

Everybody will have to understand the concept of business risk, as well as the tools that can be used (SWOT, PESTLE, etc).

Top management will have to be much more involved, and auditors will schedule more time with them during audits. 

I believe that the new ISO 9001:2015 is a step forward, not least because of the integration possibilities with the other main standards, as well as the risk based approach.

Feel free to contact us for more information.

"Trying the Impossible,
Using the Remarkable
Obtain the Unobtainable"


Thanks for filling out form!

Somerset West
Cape Town. South Africa

Email: Koos
Phone: +27 (0) 83 306 1757

Thanks for filling out form!