Updated ISO 9001 

The 2015 version was released on schedule, so as of September '15, the current version is ISO 9001: 2015.  Note however, that there is always a 3-year phasing in of a new standard. So there is a 3-year window (to September 2018) before any existing certified systems must be upgraded to this version, and that for the next 2 years  you can still be certified to the 2008 version.

There were two main groups of changes brought in:  1. changes in structure and 2. changes to content.

1. Changes to structure

The new structure for ISO 9001 - by far the biggest change. These are the main clauses now: 

1 - Scope

2 - Normative references

3 - Terms and definitions

4 - Context of the organization

5 - Leadership

6 - Planning

7 - Support

8 - Operation

9 - Performance evaluation

10 - Improvement

You'll notice that the first 3 clauses are still the same because they're common to all ISO Standards: Scope, References, Terms & Definitions.  

After that come the specific requirements: there are now 7 clauses of requirements (versus the previous 5). And there has been extensive change to where specified requirements appear, how they are grouped and even what they are called.

Clauses 4, 5 and 6 will be common to all management system standards (such as quality, environmental, information security and safety management) in line with ISO's harmonised and consistent structure for these.

Thinking of Context requires you to consider 'what is the environment we operate in, financial, economic, social, political, etc'? For example, there's a big difference between a system in the oil and gas industry and one operating in a small, relatively stable niche market.  Is it a heavily regulated context, or not? What's the broader background to your organisation?

The former 'management responsibilities' clause is now replaced with Leadership.  And while the requirement to have a specific role of 'management representative' for the system has gone, don't think it has been watered down.  This Standard has strengthened the responsibilities and requirements for "leadership and commitment" by top management and now lists 11 of these. In this clause also are: customer focus, quality policy, as well as roles and responsibilities. There's even greater emphasis on responsibilities at executive/senior management level, including for processes, results, reporting.  

Planning: This section brings together requirements to plan for the system itself, to plan the outcomes wanted (those quality objectives), plan the processes to get them and planning for change.  One major change is that there is now a formal requirement to consider risk ("risk based thinking"). Thinking about risk, and taking it into account throughout your system is a new requirement.  The former requirement for 'preventive action' has now been omitted (a good thing, as many people often found it excessively confusing).

Support: this section draws together all the requirements that are considered to support operations.  Includes resources (human, plant/equipment etc), ensuring people are competent and aware, communications, and 'documented information' - what was formerly called 'documents' and 'records' has now simply become 'documented information'.    

Operation: this is the largest section. It contains all the requirements for services or products (that awkward term 'product realisation' is gone, hooray).  It covers the whole range from determining the requirements, planning the processes and controls, communicating with customers, design and development of services/products (if it applies), handling changes, controlling any outsourcing, identification & traceability (if applicable), and so forth through to delivery, supply or handover. And controlling nonconformity is now included here: ie, making sure that before release or delivery, the service or product meets requirements.

Performance and evaluation brings together formerly separated items into a set of requirements for monitoring, measurement and evaluation, customer satisfaction, internal audit and management review. 

Finally, Improvement  contains some general requirements on improvement, and corrective action.

If you're roughly familiar with the existing structure of the Standard, you will have already noticed how much change there is.

So what else has changed? 

2. Changes to content or terms

Besides the massive changes in structure and organisation, there isn't nearly as much change to content.  The most notable of the changes:

Some other observations