Requirements of ISO 9001 as a Quality Management System – The Road to Continuous Improvement

Requirements of ISO 9001 as a Quality Management System


An ISO 9001 Quality Management System (QMS) certification is essential for any business entity that wants to be taken seriously within its sector. It doesn’t matter how big or small your enterprise is when it comes to establishing trust and providing a stellar service or product. For most potential partners, clients, and consumers, dealing with a business that understands the requirements of ISO 9001 as a Quality Management System is a must in order to do business with your company.

Investing time and energy to create a quality management system recognized by the ISO (International Organization for Standardization) will pay off overall. Luke Desira will help you achieve your goal.

ISO 9001 Explained

ISO is an international NGO that was founded in 1947. Representatives from 25 countries came together to create a method whereby goods and services could be recognized as high-quality, reliable, and safe. Today, ISO has over 160 members -each one a national standards body being a specific country. The ISO 9001, formally referred to as the ISO 9001:2015, refers to the most recent update of the internationally recognized QMS. It outlines all the requirements that must be met to create a QMS that meets the ISO standards.

Quality Management System (QMS)

The QMS refers to the documented records, policies, procedures, and processes that a company uses to define how it manages the production and delivery of a product or service. The requirements of ISO 9001 as a Quality Management System demand that specific requirements must be met within the QMS, but the QMS must also reflect the needs of the company. In other words, the QMS can be customized within limits. This customization capability makes ISO 9001 certification possible for companies of all shapes and sizes. The main aims of the QMS are as follows:

  • Data-led management and decision making: Creating a system to track what is essential and to record information to make informed decisions.
  • Reduce wasted time: Continually review the processes and procedures to find areas for improvement.
  • Improve staff motivation: Involving people in the process makes them feel part of the company. Ensure that they feel that their ideas are heard and that they can implement their solutions to their problems.

Importance of ISO 9001 and Who Needs it

ISO 9001 certification is a seal of approval given to companies by an internationally recognized organization for standardization. If your company holds an ISO 9001 certification, your clients will at once know that your company has created, implemented, and continues to keep an approved quality management system. Due to the ISO 9001 focus on improving customer satisfaction and guaranteeing an elevated level of quality when it comes to goods and services, many companies will only collaborate with companies and suppliers that are ISO certified.

As previously mentioned, an ISO 9001 certification helps any company regardless of size or stature. In fact, if your business is still in its infancy, implementing a quality management system sooner rather than later could save you a lot of headaches (and money) further down the line. The industries that typically require ISO certification are as follows:

  • Manufacturing
  • Freight-Forwarding
  • Wholesalers
  • Construction
  • Software & IT
  • Medical Device importers
  • Professional Services

Requirements of ISO 9001 as a Quality Management System

The total number of requirements of ISO 9001 as a Quality Management System amount to 10 clauses. These clauses supply the structure for your quality management system and the conditions you must fulfill to get your certification. The first three Clauses are simply an introduction to the ISO 9001 standard, briefly explaining the scope of ISO 9001:2015 and outlining terms and definitions., as well as a statement that the ISO 9001:2015 terms and definitions apply. Clauses 4 to 10 provide a detailed outline of the requirements for each section of your QMS.

As noted over my years of experience in ISO 9001 consulting, your organization already has 80% of what is needed to meet the standard. This is because what you are doing works – if you are not following the basic principles mentioned by the standard, you will be bankrupt – it makes logical sense that only the missing 20% is not implemented to reach the level required by this international standard for quality.

Clause 4 – Context

The aim of Clause 4 is to develop a detailed understanding of your organization so that you can create a workable QMS that fosters a culture of continual improvement. Within Clause 4, there are requirements related to such things as internal and external factors that could impact your company; the needs and expectations of interested parties, such as employees, clients, suppliers, and shareholders; the company’s processes in regard to day-to-day management. A SWOT (Strengths, Weaknesses, Opportunities, Threats) and PESTLE (Political, Economic, Social, Technological, Legal, Environmental) analysis can be done at this stage to help you fulfill the requirements.

Clause 5 – Leadership

Clause 5 is designed to ensure that top management is committed to the planning and implementation of your company’s QMS. Top management’s role is to define a quality policy, put it in writing, and then ensure that everyone within the company understands the procedure and follows its guidelines. The various roles and responsibilities within the company must be clearly defined and then communicated using an organizational chart.

Clause 6 – Planning

Clause 6 is designed to ensure that you address and prioritize the risks and opportunities that could have an impact on your organization. At this stage, you will also have to set aims and plan to improve the quality of your product or service. You might also consider adding target objectives relating to the following key processes:

  • Sales
  • Purchasing
  • Operations
  • Design & Development

Clause 7 – Support

Clause 7 is divided into five sections dedicated to supporting requirements in the following areas:


This section ensures that management has supplied the resources needed for the company to function correctly, including human resources, equipment, software and other internal processes used by the company, and any other resources.


This section refers to the level of education, training, and development needed for specific roles.


This section refers to the necessary training and communication related to the QMS.


This section ensures all staff members are kept up to date with QMS objectives.

Documented Information

This section refers to the continuous upkeep of a dynamic document management system.

Clause 8 – Operation

Clause 8 deals with the processes and documentation related to your product or service’s planning and manufacture (or undertaking). Depending on your product or service, you may skip some of this clause’s requirements. The operational areas covered in Clause 8 include plans related to critical processes; provisions related to the production, design, and development of products and services; external service providers; product launch; products or services that don’t perform to expected standards.

Clause 9 – Performance Evaluation

Fact-based evidence is used to make decisions throughout the ISO 9001 standard. The same principle is applied to performance evaluation. Clause 9 ensures that you have an efficient system for checking your QMS to gauge how well it works. This clause has requirements that will ensure you are measuring your success against customer satisfaction and internal audits.

Clause 10 – Improvement

Improvement is at the heart of the ISO 9001 standard, and Clause 10 provides requirements designed to help you continually improve your QMS. It is essential to understand that a QMS must evolve and develop over time; in some cases, you may need to correct mistakes, and in other cases, you may need to adjust your QMS to reflect your company’s growth and success.

Requirements of ISO 9001 as a Quality Management System | Implementation Process

There are five steps in the ISO 9001 implementation process. The first step is to undergo the relevant training, where you’ll learn the requirements of ISO 9001 as a Quality Management System and how those requirements are pertinent to your business.

The second step is to perform a gap analysis. The gap analysis is used to decide the areas within your organization that need improvement. This is done by mapping out the current process in place relating to the following vital functions:

  • Sales
  • Purchasing
  • Operations

The third step is system deployment. At this point, you’ll need to create new systems to implement and then train people to do the actions required for successful implementation.

The fourth step is to review the new system (internal audit). This involves checking that the systems are being followed, supplying further training to relevant staff members, changing operating procedures where necessary, and finding areas that need improvement.

The fifth and last step is the certification audit. An independent certification body will need to be brought in to audit your QMS. The audit is performed in two stages. In the first stage, the auditor will compare all your documentation with the requirements outlined in the clauses. In the second stage, the auditor will check that the documentation is a true reflection of how the company is being run. The certification audit will also include an audit of the internal audit and the management review.

Clause 4: Context of the Organization

Clause 4 is the first workable clause requirement of ISO 9001 as a Quality Management System. Clause 4 features specific requirements that are in place to help you define your organization so that you can tailor a successful QMS (Quality Management System) to suit your needs.

 Clause 4 is divided into four manageable sections:

  • Clause 4.1 – Understanding the organization and its context
  • Clause 4.2 – Understanding the needs and expectations of interested parties
  • Clause 4.3 – Determining the scope of the quality management system
  • Clause 4.4 – QMS and its processes

Clause 4.1 – Understanding the Organization and Its Context

Clause 4.1 asks you to examine the internal and external factors that can affect your organization. Factors that could directly affect the goals or strategic direction of the company and your QMS could be both negative (risks) and positive (opportunities). The best way to find such factors is to perform a SWOT and/or PESTLE analysis.


SWOT is an acronym that refers to strengths, weaknesses, opportunities, and threats that an enterprise might face throughout its lifetime. These can be said to be internal and external factors that are bound to change over time and can work in favor or against the organization itself. Here is a breakdown of the four elements:

  • Strengths – Internal positive aspects of the company
  • Weaknesses – Internal shortcomings that require some form of improvement
  • Opportunities- External factors that can ultimately have a positive impact on the organization
  • Threats – External factors that may hurt the organization in the near or distant future


A PESTLE analysis finds political, economic, social, technological, legal or environmental factors that can have an impact on your business.

You must conduct a SWOT analysis to meet the requirement in Clause 4.1. A template of such SWOT analysis is within the quality manual, which is available to buy from this website.

Clause 4.2 – Understanding the Needs and Expectations of Interested Parties

Clause 4.2 asks you to address the needs of all stakeholders who have an interest in how the company runs. After all, a company does not exist in a bubble; employees, clients, suppliers, and shareholders all have a vested interest. Common stakeholders such as these must receive adequate benefits.

If any interested parties have needs that are not met, the company will suffer. It is important to note that one such interested party is any entity that regulates the statutory and regulatory requirements relating to the products and services offered by your organization.

You must find the requirements of all interested parties to build a well-balanced and efficient QMS. These requirements must be clearly defined and included within Clause 4.2 of the quality manual and must consist of any legal requirements that the company must follow.

Clause 4.3 – Determining the Scope of The Quality Management System

Clause 4.3 asks you to find the activities that fall within the boundaries of your QMS. There might be elements from your business – possibly entire product/service lines – that you might not want to include within the ISO 9001 Certificate.

To decide the scope, you must first define whether you want to include all the products/services that you sell – or a subset of them.

Let’s say, for example, that your company is both an importer and manufacturer. If you import product ‘A’ and manufacture product ‘B’, you have 3 choices on how the scope of the quality management system would be:

  1. Importation of Product A
  2. Manufacturing of Product B
  3. Importation of Product A and Manufacturing of Product B

Let’s say that for this company, the scope of certification was defined as “Manufacturing of Product B”. Therefore, in this case, the activities associated with the importation of product ‘A’ would not be considered when creating the Management System and would not be discussed during external audits.

Naturally, the ISO 9001 Certification will tell the said company “Manufactures of Product B “.

The first step when embarking on the ISO 9001 Implementation journey is to decide on the Scope of the Quality Management System. Therefore, after defining the scope of certification, nothing specific must be done to meet this requirement. However, it is recommended to include the scope of the QMS within Clause 4.3 of the quality manual. The scope of the QMS will be one of the first questions of the certification body.

Requirements of ISO 9001 as a Quality Management System
Certificate of Registration

Clause 4.4 – QMS and its Processes

One of the main aims of ISO 9001 is to cultivate a culture of continual improvement within every organization, and something can only be improved upon if it already exists. Clause 4.4, therefore, asks you to map out the processes of the company and consider how the various processes interact with each other. In other words, you must supply a step-by-step explanation of how work is done. In this way, you set a foundation – something that you can build on to improve how your organization operates.

Creating simple flow charts at this stage will help you map out your processes and understand better the requirements of ISO 9001 as a Quality Management System. These should decide the following:

  • What triggers the process to start? And at the end of the process, what will be the output of this process? How will we know it was completed? What is the deliverable?
  • How do the processes interact, and what sequence do they follow?
  • How is each process measured in terms of key performance indicators?
  • Necessary resources – Is any equipment, or any documents needed to perform the process?
  • Assigned responsibilities – Each job title can have a color that would be represented by a color in each box within the flow chart.

It is imperative that you periodically evaluate these processes to make sure that they are delivering the intended result and to find ways in which they can be improved.

To meet the Clause 4.4 requirements, you must define the key processes that we have in each of the four categories below:

  • Sales
  • Purchasing
  • Operations
  • Design and Development (if applicable)

Clause 5 – Leadership

Clause 5 puts the spotlight on leadership. It defines the role of top management in creating, implementing, and communicating the QMS. It is no longer acceptable for top management to simply delegate the work involved in meeting the requirements of ISO 9001 as a Quality Management System. The ISO 9001:2015 standard insists that an efficient and certifiable QMS can only be achieved if the company is committed to its success. Clause 5 is divided into the following sections:

  • Clause 5.1 – Leadership and Commitment
  • Clause 5.2 – Policy
  • Clause 5.3 – Organizational Roles, Responsibilities, and Authorities

Clause 5.1 – Leadership and Commitment

Clause 5.1 focuses on the leadership and commitment required by the management and employees, respectively, in order to have one main focus, which is the customer. As a result, this Clause is split in two:

  • Clause 5.1.1 – Leadership and Commitment
  • Clause 5.1.2 – Customer Focus

Clause 5.1.1 – Leadership and Commitment

Clause 5.1.1 emphasizes the importance of leadership commitment to implementing an effective QMS. If top management is not committed to the implementation of the QMS, it is a futile effort. It is for this reason that leadership must also be involved in the creation of the QMS.

Active involvement in the creation of the QMS ensures that it becomes a system in which top management believes wholeheartedly. This belief in the system results in management being able to communicate more effectively the importance of the new approach to their teams.

It is crucial to keep in mind that for continual improvement to leave a return, there must be an investment. The investment needed is not just financial. Time, focus, and dedication by leadership and employees are also necessary to ensure quality and improvement.

Management commitment is referenced in multiple points within the QMS. But honestly, there is no actual requirement here to be met for the organization whose management is committed to the management system.

5.1.2 – Customer Focus

Clause 5.1.2 shines a light directly on customer satisfaction. As well as creating and implementing the QMS, leadership must be committed to achieving customer satisfaction by ensuring that all customer requirements are found and met. Leadership must also ensure that all regulatory or statutory requirements are met.

Maintaining customer satisfaction requires a mindset of continual improvement. It is imperative that this mindset is instilled within the culture of the company to achieve long-term success. If customers are not kept in mind, then one of the most fundamental requirements of ISO 9001 as a Quality Management System is not being met.

Provided that the requirements of all other clauses are being met, no further action is needed to meet the requirements in this clause.

Clause 5.2 – Policy

Clause 5.2 focuses on the quality policy. It is divided into two parts:

  • Clause 5.2.1 – Establishing the Quality Policy
  • Clause 5.2.2 – Communicating the Quality Policy

Clause 5.2.1 – Establishing the Quality Policy

Given that this is a quality management system, your organization must have a quality policy. The quality policy is a 1-page explanation of the vision of the company in terms of quality.

To meet this requirement, the quality policy needs to meet the following criteria:

  • It is proper to the context of the organization
  • It supports the company’s strategic direction
  • It acts as a framework for setting quality objectives
  • It includes a commitment to satisfy applicable requirements
  • It consists of a commitment to continual improvement of the QMS

The quality policy template provided on this website mentions all the above points and allows space for you to explain your unique selling points and meet the requirements of ISO 9001 as a Quality Management System.

5.2.2 – Communicating the Quality Policy

Drawing up the best quality policy in the world and stowing it away is not practical. The quality policy needs to be adequately communicated to all staff within the company. Top management must approve and sign off the quality policy, and all employees must be informed about the quality policy.

Typically, the quality policy is signed, laminated, framed, and placed in prominent areas within the company offices. Moreover, it is to be made available to external parties; some companies choose to upload the quality policy on their website; others consider that it has sensitive information and only provide it to stakeholders upon request.

The company must ensure that all employees have read and understood the quality policy to meet this requirement. Keep in mind that during the certification audit, auditors might ask employees to explain the gist of the policy.

Clause 5.3 – Organizational Roles, Responsibilities, and Authorities

Roles, responsibilities, and authorities as a concept can be expanded as required, depending on the size of the company. A 4-person company, for example, has many overlapping roles and responsibilities. However, a much larger organization that employs 50,000 people will have specific roles and chains of command within the organization.

The idea of risk management must be applied. You must examine the organizational structure within your organization. Are there any specific areas that need to clearly show who manages what, and who reports to who? An organization chart can be used to show how responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.

To meet the requirement of this clause, the organization must create an organizational chart to highlight the key personnel within the company. The organization chart can be placed within Clause 5.3 within the quality manual. An organization chart is included in the quality manual template provided on this website.

Clause 6 – Planning

Clause 6 of the set of requirements of ISO 9001 as a Quality Management System is in place to ensure that your company formulates specific plans to deal with the risks and opportunities that were found in Clause 4.1. You will be asked to rank the order in which these risks and opportunities must be addressed, and then put together a plan outlining how you will mitigate the risks and/or capitalize on the options available. Clause 6 also asks you to set quality aims, primarily related to customer satisfaction, and use data to measure the success of the aims.

Clause 6 is divided into three sections:

  • Clause 6.1 – Actions to Address Risk and Opportunities
  • Clause 6.2 – Quality Objectives
  • Clause 6.3 – Planning of Changes

Clause 6.1 – Actions to Address Risks and Opportunities

In Clause 4.1, you had to find the internal and external factors, both positive and negative, that could have an impact on your organization. Based on your findings, Clause 6 now asks you to rank the order in which these factors must be addressed by identifying the high priorities and the low ones.

To find the risk or opportunity that needs immediate attention, you will need to perform a risk priority number evaluation. The risk priority number (RPN) is gleaned by using an FMEA (failure mode and effects analysis). In an FMEA, a numerical value is assigned to the following factors:

  • Occurrence – The probability that the issue will occur
  • Detection – The likelihood that the problem will not be detected
  • Severity – The level of damage or harm caused

Once you’ve assigned numbers to each of these factors associated with a particular risk, you will then need to multiply the numbers to find the RPN. By doing this with each of the risks you’ve identified, you will easily rank your risks in order of importance.

Keep in mind that size matters. Larger companies with multiple departments and thousands of people involved might need to dissect their risks and opportunities in a unique way from a small business.

To meet the requirement for Clause 6.1, a Failure Mode & Effects Analysis must be completed and documented. Moreover, actions must be implemented to mitigate the most important risks and seize the worthiest opportunities. The quality manual template available on this website includes an in-built excel sheet to calculate the RPN.

Clause 6.2 – Quality Objectives

One of the main benefits of ISO 9001 certification is that it promotes a n objective approach to decision-making. With such a system, we do not rely on opinions or hearsay when making a decision; instead, we make decisions based on tangible data. This factual approach is fundamental when it comes to measuring the success or failure of an aim.

Clause 6.2 asks you to set quality aims that are in line with your company’s quality policy. These aims should relate primarily to customer satisfaction, but you can also set aims relating to any other elements of the business that you consider fit. You must then measure the success of those aims based on data gleaned by continual monitoring.

The size of your organization is likely to influence the number of aims that you set. The size of your organization will also dictate the extent to which resources are deployed, and responsibilities are defined when it comes to checking and measuring your aims. To make sure you are checking what counts, you could set aims relating to:

  • Sales
  • Purchasing
  • Operations
  • Design & Development
  • Customer Satisfaction

In short: To meet the requirements of Clause 6.2, you must; a) set aims relating to customer satisfaction, and b) measure the data relating to these aims to make sure that you are on the right track.

Clause 6.3 – Planning of Changes

When it comes to planning any changes to the QMS, a risk-based approach must be taken once again. Depending on the size of the organization, there are a certain number of moving parts. You will need to consider the risks involved in making the change and the necessary resources needed to implement the change. For example, you may need new equipment or bigger premises; you may also need to appoint new employees to fulfill specific tasks. Your plans must also align with your quality policy.

To meet this requirement, when making a change, a company must ensure that the consequences of such change have been considered. Your aim is to ensure that the change happens smoothly and with no negative impact.


Whether you’re after ISO Certification, internal audits, or results-oriented consultancy, Luke has the plan for you. Reach out to him and start your journey today.
ISO Consultant in Malta


Luke has a plan for you whether you want ISO certification, internal audits, or results-oriented consulting. Contact him immediately to begin your adventure.

Clause 7 – Support

To achieve all requirements of ISO 9001 as a Quality Management System, an organization must have adequate support systems. Clause 7 of the set of requirements of ISO 9001 as a Quality Management System is in place to ensure that your company’s support obligations are met in the following areas:

  • Clause 7.1 – Resources
  • Clause 7.2 – Competence
  • Clause 7.3 – Awareness
  • Clause 7.4 – Communication
  • Clause 7.5 – Documented Information

Clause 7.1 – Resources

Clause 7.1 talks about the different resources that an organization generally has in its possession. Organizations should note that these resources vary from company to company and are not identical.

Clause 7.1.1 – General

Clause 7.1.1 is an introduction to the Resources section of Clause 7. It asks that you consider all the resources that support your business. Here, resources can refer to:

  • The people that work for the company
  • The equipment needed to get work done
  • The knowledge base relating to this matter
  • Any suppliers that supply your business with key products and services
  • All documented information.

Given that all the requirements within this clause are covered in detail by other clauses, nothing specific needs to be done for Clause 7.1.1. The quality manual template provided on this website supplies the wording needed to meet this requirement.

Clause 7.1.2 – People

Clause 7.1.2 focuses on the people who staff the organization. For the processes documented in your QMS to run smoothly, you must ensure that the organization employs the correct number of people. Staffing needs (both in terms of internal employees and external providers) must be regularly evaluated, and proper actions must be taken to correct any shortcomings.

The organization chart has already referred to the hierarchy of the organization, and the requirements for the competence of employees are discussed in depth in Clause 7.2. At this stage, therefore, there is no specific requirement to be met for Clause 7.1.2.

The quality manual template on this website supplies the correct layout to follow to meet this requirement and further meet the requirements of ISO 9001 as a Quality Management System.

Clause 7.1.3 – Infrastructure

Clause 7.1.3 puts the spotlight on infrastructure. The organization must find and supply all the infrastructure needed to ensure the best effectiveness of your QMS processes.

Infrastructure is an umbrella term for several things. The premises from where the company runs, such as warehousing or office space, is considered infrastructure. As is all the equipment needed to do the job, including software, machinery, or other IT equipment. Infrastructure also includes transport, which refers to any equipment needed to move goods or people.

Once these infrastructural resources have been found and supplied, they must be meticulously kept. The organization must ensure that these resources are dependable. The focus, therefore, must be on preventive maintenance rather than reactive.

To meet the requirements for this clause, a maintenance plan is needed. The organization must also supply evidence that maintenance has been conducted in an adequate and prompt manner. In this case, records by employees, or invoices by suppliers will suffice.

The maintenance plan should find the equipment. Naturally, a risk-based approach must be taken – if the company has just 1 of a particular item, or if they have 1000, a different labeling system/name has to be added to the maintenance plan – for a car, it can be the number plate.

Clause 7.1.4 – Environment for The Operation of Processes

Clause 7.1.4 talks about the work environment. This is an area often overlooked during external audits by certification bodies, but it is an important consideration in terms of ethical business practices.

In Clause 7.1.4, the standard asks organizations to consider whether the work environment’s social, psychological, and physical features have been tended to. Social and psychological features refer to things like non-discrimination policies, conflict resolution policies, team-building activities, and celebratory events. Physical features include things like the temperature, airflow, noise, and lighting, as well as well-equipped break rooms and clean facilities.

A calm, inviting work environment can improve employee culture and help to increase productivity, so the more features that are implemented, the better. However, ISO 9001 relates to quality; and other standards, such as those within the ISO 45000 family, including ISO 45001 and ISO 45003, go into more detail about this clause.

No documented information is needed within the ISO 9001 standard; therefore, no evidence needs to be provided. It is at the external auditor’s discretion to check the work environment’s conditions.

Clause 7.1.5 – Monitoring and Measuring Resources

Just like in Clause 7.1.3, Clause 7.1.5 also talks about the upkeep of equipment. However, in this case, the equipment being referred to is the equipment that checks or measures data. For example, a weighing scale, or a temperature probe; both of which are used to measure data at a given point in time. Or a piece of equipment that constantly reads and monitors data over a period of time.

Whereas in Clause 7.1.3, the standard refers to equipment maintenance, Clause 7.1.5 refers to it as calibration. Calibration is the activity of using another instrument to double-check that the primary instrument is reading/checking the right data.

Unless a member of staff has the proper training and certifications, calibration is usually done by external providers (suppliers). These suppliers must be on the approved suppliers list – as mentioned in Clause 8.4.

To meet the requirements of this clause, the company must have a calibration plan and supply evidence that calibration has been completed.

A calibration plan template is available on this website. It meets the calibration plan requirements of ISO 9001 as a Quality Management System.

Clause 7.1.6 – Organizational Knowledge

Organizational knowledge refers to any internal or external sources of knowledge gained by a company through the course of its operations. This knowledge can range from intellectual property to insight garnered from a trade show by a sales executive. It can also come from learnings gained from such things as forums, conferences, completed projects, and successful milestones.

A risk-based approach is needed to ensure that essential knowledge is kept within the company, and depending on the size of the company, the knowledge base will need to be adapted. Larger organizations, for example, might have a KBS (knowledge base system) or an internal learning management system. If the company has a higher level of risk of brain-drain, ISO 22301 can be considered. This standard goes into more depth with regard to business continuity. On the other hand, smaller organizations would likely have a basic database.

Clause 7.1.6 requires companies to show that organizational knowledge is captured and recorded; from the smallest insight to the knowledge generated by years of research. The knowledge template provided within this website meets the demands for a simple database as stated by the requirements of ISO 9001 as a Quality Management System.

Clause 7.2 – Competence

People are arguably the most important resource within an organization. In Clause 7.1.2, you were asked to ensure that the proper number of staff is employed within the organization. Clause 7.2 builds on this by requiring organizations to ensure that their employees are competent. In other words, your organization must make sure that people are trained to do the job that is expected of them.

A detailed account of each job within the organization must be provided to meet this requirement. The organization chart will be a helpful reference here. In the organization chart, the hierarchy and job titles of everyone within the company have been found. Now you must give each job title a detailed job description.

The job description must include a list of roles and responsibilities associated with the position. Moreover, the job description must also include a reference to what type of training, knowledge, skills, or experience is required by the jobholder. Evidence of such training must be provided, including course certificates, internal records, and anything in between.

The training plan and record sheet available on this website are a simple and compliant way to meet the requirements of ISO 9001 as a Quality Management System.

Clause 7.3 – Awareness

Clause 7.3 – Awareness is a new addition to the ISO standard. This clause builds on the earlier discussion of communication in Clause 5.2.2 about the quality policy. Once again, the standard emphasizes that leadership and top management ensure that all employees are made aware of the quality policy.

In addition to the quality policy, employees must also be made aware of the company’s strategic goals in terms of quality, and possibly about other elements of the business as deemed fit. Employees must also be made aware of each person’s role within the management system. Each person’s contribution to the management system should be outlined, as should the implications associated with not conducting the work as per the requirements of the QMS.

No evidence is needed to meet the requirements of this clause. It is once again at the discretion of the auditor to check whether employees are familiar with the above.

Clause 7.4 – Communication

In the age of information, communication is critical. In Clause 7.4, the standard requires management to consider the way in which relevant information is communicated to internal and external stakeholders. It also asks that the method of communication is addressed, as well as who should be the designated internal and external communicators.

A risk-based approach is needed to decide the level of detail that a company would need to go through to meet this requirement.

Once again, no evidence is needed to meet the requirements of this clause, therefore it is at the discretion of the auditor to check whether employees are familiar with the above. An auditor might do this by asking random employees.

Clause 7.5 – Documented Information

The term “documented information” is written in multiple clauses within the standard. In clauses other than 7.5, documented information refers to evidence that we must show to the auditors during audits. The templates provided within this website are an example of documented information.

In Clause 7.5, documented information is expanded to include any document, software, or medium we use to communicate and share information about the QMS. A risk-based approach is needed to decide the extent to which documented information is needed.

The concept of having a huge amount of documentation (required by earlier versions of the standard) is now obsolete. With the current standard, less is more. An organization should implement as little documented information as possible to meet the requirements. Should auditors ask for more information, you can duly comply. Keep in mind that you never be asked to reduce paperwork, therefore, the ideal scenario is to start with a small amount and increase it as needed.

Clauses 7.5.2 & 7.5.3

The concepts of Clause 7.5.2 – Creating and Updating and Clause 7.5.3 – Control of Documented Information need to be applied to the size of the company.

Clause 7.5.2 supplies guidelines about document identification, format, and media, as well as how often the document will be updated.

Clause 7.5.3 focuses on controlling our documents to ensure that all members of staff and management are using the right version of all documented information. These documents must be saved in a safe place, and there should be clear instructions on how and when they should be disposed of. The clause also asks that a proper version control system is available.

As previously mentioned, documents of external origin can be used as evidence to meet a requirement, such as external suppliers supplying proof of equipment maintenance, or training entities supplying certification. Therefore, it is important to keep in mind that documented information also relates to documents provided by entities outside the company as part of the requirements of ISO 9001 as a Quality Management System.

To meet the requirements within this standard, attention must be paid to Clauses 7.5.2 and 7.5.3 when creating forms and templates during the first implementation. It is also important to consider Clauses 7.5.2 and 7.5.3 when updating any other forms that will be used during your organization’s operations.

Clause 8 – Operation

Clause 8 is one of the most important and lengthy requirements of ISO 9001 as a Quality Management System. Operation focuses on the key processes that are needed to ensure that the QMS is successful. The clause is split into manageable sections, and you’ll be pleased to note that much of the work has already been done in previous clauses. The main sections are as follows:

  • Clause 8.1 – Operational Planning and Control
  • Clause 8.2 – Requirements for Products and Services
  • Clause 8.3 – Design and Development of Products and Services
  • Clause 8.4 – Control of Externally Supplied Processes, Products, and Services
  • Clause 8.5 – Product and Service Provision
  • Clause 8.6 – release of products and services
  • Clause 8.7 – Control of non-conforming outputs

Clause 8.1 – Operational Planning and Control

In Clause 4.4, we have already discussed the processes needed to run the QMS. Clause 8 goes into more depth about what is needed for the key processes. The key processes are:

  • Sales – Clause 8.2
  • Design And Development – Clause 8.3
  • Buying – Clause 8.4
  • Operation – Clause 8.5

There are no extra requirements set out by Clause 8.1. By meeting the requirements of all the other Clauses within the standard, you would be effectively meeting all the requirements of Clause 8.1.

Clause 8.2 – Requirements for Products and Services

This clause refers to the sales process. The sales process is straightforward. To make a sale, you must first understand the needs of the customer and then offer a solution based on that information. A solution could be as simple as choosing a product off the shelf or as intricate as designing the blueprints for a multi-million-euro project.

When mapping out the key processes within Clause 4.4, it is ideal to note how customer requirements are obtained and the process that the company goes through to issue a quote. For off the shelf products, this is simple, but for other companies, the process is likely to be more complicated.

A risk-based approach should be used to decide the records that will be kept for the following:

  • Customer communication (Clause 8.2.1)
  • Deciding requirements for products and services (clause 8.2.2)
  • Reviewing the requirements for the products and services (clause 8.2.3)
  • Changes to requirements for products and services (clause 8.2.4)

As part of the requirements of ISO 9001 as a Quality Management System, Clause 8.2 states that there should be documented information showing that the company is following the sales processes that were defined in Clause 4.4.

Clause 8.3 – Design and Development of Products and Services

‘Design and Development’ refers to the act of translating customer requirements into product requirements and then into product specifications. Design and development can be excluded from the scope of certification because not all companies engage in design. A wholesaler, for example, only buys and sells products sourced from an external supplier.

Once again, you must use a risk-based approach to decide the level of detail that you will need to include when outlining your design and development processes. The level of detail will depend on the size and complexity of your design.

The design and development process is split into the following steps:

Clause 8.3.2 – Design and Development Planning

Here, the standard asks that you find the process for creating a design. You will need to outline such things as responsibilities, time scale, customer communication, and the levels of controls for internal and external interested parties.

Clause 8.3.3 – Design and Development Inputs

The design process starts with knowing what we need to achieve (customer needs) and knowing our constraints (standards, regulations, codes of practice etc). For example, if a large business needs an air-cooling system, the client’s needs could be a specific temperature or the specific placing of outdoor units. The constraints, in this case, could be regulations relating to gas.

Clause 8.3.4 – Design and Development Control

The aim of the design is to convert a requirement into a product. Sometimes that might be vague and abstract. Other times it might be more straightforward if the design has met the requirements. At the control stage, reviews, verifications, and validation activities are to be conducted as per the needs of the organization. Continuing with the example of the air-cooling system, this could mean splitting the project into sizable phases to complete installation, which helps to control the project from a resource point of view. And checking that the project is still on budget and meeting deadlines.

Clause 8.3.5 – Design and Development Outputs

Superior design meets the input requirements. At this stage, checks must be made to ensure that the design meets the requirements of the client, such as the temperature and the placement of outdoor units. These checks can be done throughout the process.

Clause 8.3.6 – Design and Development Changes

Should there be any changes needed at any point throughout the above steps (the design and development process), these changes must be documented. The documented information should include the result of reviews made to approve the change, who authorized the change, and the actions taken to ensure that no negative side effects result.

To meet the standard’s requirements, read Clause 8.3 in detail and then compare those requirements to the forms, records, and/or emails you are currently using to conduct your design and development process. You will likely need to implement a few more steps within your current system to reach the level required by this international standard.

If you have any questions, please go through the Familiarization Training offered on this website to get more information on dealing with these requirements of ISO 9001 as a Quality Management System.

Clause 8.4 Control Of Externally Provided Processes, Products, and Services

Clause 8.4 deals with suppliers. Externally supplied processes, products, and services refer to any products and services that we buy from suppliers. When thinking about suppliers, it is only necessary to focus on key suppliers.

The term ‘key suppliers’ can refer to those who supply products or services that we directly/indirectly resell to our clients. Or it can refer to suppliers who supply products or services that directly impact the quality and reliability of your organization’s ability to deliver products and services to clients.

Once you have set up a list of key suppliers, you will then need to rate those suppliers on a yearly basis. The results of such ratings do not need to be shared with the supplier; the idea is that you follow the performance of your suppliers year over year to notice trends.

The rating can be done on any criteria that you consider fit. However, considerations for quality must be made, product quality, for example, product quality or level of communication. Once again, you will need to use a risk-based approach to decide the level of depth at which suppliers are evaluated. In certain industries, for example, supplier audits must be made, while for other industries, a yearly evaluation is enough.

In Clause 4.4, you were asked to map out the key processes – one of which is buying. In Clause 8.4.3, you are now given instructions on how to make sure that you communicate clearly about your requirements to suppliers, and in Clause 8.4.2, the standard explains the process of ensuring that you check the quality of products and services supplied by external providers (suppliers).

Therefore, to meet this requirement, you must first start by making a list of approved suppliers. As mentioned, the suppliers must be key for the company. Moreover, you will need to find a way to evaluate your suppliers – either through a yearly evaluation, which can be either a simple evaluation on an excel sheet or a more robust multi-day on-site audit of the supplier.

Clause 8.5 – Product And Service Provision

Clause 8.5.1 – Control of Production and Service Provision relates to the operational process of supplying a product and/or services to clients. These processes have already been mapped out as per Clause 4.4. Therefore, the requirements set within this clause have already been met by activities done in other clauses.

Clause 8.5.2 – Identification and Traceability

This refers to having the ability to trace backward and send the materials and people involved in delivering a particular product or service. Some level of identification and traceability is present in every organization. However, if your organization has a legislative requirement to keep traceability, such as within the food, pharmaceutical, or medical device industries, then this clause is especially important, and evidence must be kept enabling traceability.

Clause 8.5.3 – Property Belonging to Customer or External Providers

Naturally, an organization must ensure that its clients’ assets (or customer property) are protected. Assets can refer to such things as materials, products, equipment, offices, and intellectual property. Here the standard asks you to make sure that you do your utmost to protect customer property. It also says that if customer property is damaged, you must advise the customer and implement a corrective action to rectify the situation – as per Clause 10.2

Clause 8.5.4 – Preservation

This clause refers to how you store, handle, package, and transport your product to ensure that it still is intact. An organization must make sure that its products are kept in the required condition throughout the process. For a manufacturing company, for example, this could relate to storage, handling, and packaging, however; for the service industry, it might relate to having good IT infrastructure to ensure that their data is protected.

Clause 8.5.5 – Post-Delivery Activities

Clause 8.5.5 focuses on post-delivery activities to ensure that products keep a high standard of quality throughout their life cycle. In other words, considerations that you must keep in mind concerning what happens to a product after it is sold.

The point here is to ensure that you are meeting customer requirements (See Clause 8.2), as well as statutory and regulatory requirements. You must also seek customer feedback after a product or service has been delivered to the customer, but this will be tackled in Clause 9.1.2. Therefore, no further actions are needed to meet this clause’s requirements.

Clause 8.5.6 – Control of Changes

Clause 8.5.6 is like Clause 8.3.6 (Design and Development Control) in that the change needs to be controlled whenever there is a change. In this case, the changes refer to the operations of the business. The organization must ensure that any change is well thought out and that the consequences have been evaluated. The right actions must be completed following authorization by the right people. The extent to which the change could affect the company will decide the level of detail that will be associated with the change.

Clause 8.6 – Release of Products and Services

Clause 8.6 focuses on the last step within your direct control when you are delivering a product or service to your customers. At this stage, when your product or service is ready for the customer, you must ensure that proper checks have been completed. These checks are to ensure that the product has met the quality characteristics required by the customer.

A trained person (see Clause 7.2) must have the proper skills or training to confirm that the product meets the customer’s requirements before the product can be released. In a manufacturing line, for example, it might be a supervisor checking that SPC results were good during production, or it might be a supervisor checking that a document created by a junior consultant is correct. Both are doing the same thing; ensuring that the product meets the needs of the customer.

Clause 8.7 – Control of Non-conforming Outputs

This quality management system aims not to be perfect but to learn from our mistakes. We are all human, after all, and mistakes will happen no matter how much we try to avoid them.  The best thing that you can do whenever there is a mistake is to learn from it.

Whenever there is a non-conformity, your organization is given an opportunity to refine and improve its system, and to make sure the same mistake is never repeated. This is one of the most important requirements of ISO 9001 as a Quality Management System.

Clause 8.7 discusses what happens when an output doesn’t match the requirements, when some type of error, mistake, fault, or defect occurs that causes the quality of the product to deteriorate. Depending on the gravity of the non-conformity, proper action must be taken. The mistake is either fixed, the product redone, or a solution is found to ensure customer and statutory or regulatory requirements are met.

But it does not end there because a lesson must be learned to ensure that the mistake does not happen again. By keeping an effective corrective action, which will be discussed in Clause 10.2 (and is one of the templates available on this website), you will meet the demands for this clause.

Clause 9 – Performance Evaluation

Clause 9 supplies the structure for your organization to continually evaluate the performance of your QMS. The clause is divided into 3 main sections:

  • Clause 9.1 – Monitoring, Measurement, Analysis and Evaluation
  • Clause 9.2 – Internal Audits
  • Clause 9.3 – Management Review

Clause 9.1 – Monitoring, Measurement, Analysis and Evaluation

One of the core principles, and main benefits, of ISO 9001 is fact-based decision-making. Throughout the standard, several references exist to this concept of collecting information to make decisions based on data rather than opinions.

Clause 9.1 is another reminder to use such an approach. Therefore, if the requirements of other clauses within the standard have been met, no further action is needed.

Clause 9.1.2 – Customer Satisfaction

Given that ISO 9001 is a quality management system, one of the most important metrics to monitor is customer satisfaction. Quality is the ability to meet both the stated customer requirements and legal requirements relating to the product and/or industry. Throughout ISO 9001, the standard outlines specific best-in-class practices to follow that will ensure customer satisfaction. In other words, the aim is always to ensure that customers are happy with our products and services.

The requirements of ISO 9001 as a Quality Management System also ask you to keep in mind that there is always room for improvement. One of the ways to improve customer satisfaction is by gathering customer feedback and adjusting the product or service accordingly.

Customer feedback refers to any data that we can measure to ensure that the client is happy with our service or product. Therefore, to meet the requirements of this clause, a proper method to decide customer satisfaction must be achieved. The method you use will depend on the size of your organization and the number of your clients.

Whether a company has a handful of clients or thousands of clients makes a difference. For a company with a handful of clients, you can use qualitative research, such as gathering feedback from open-ended questions. For companies with thousands of clients, you can use a quantitative approach, such as surveys with ratings.

Clause 9.1.3 – Analysis and Evaluation

Just like Clause 9.1, here the standard asks you to collect data and to show evidence that such data is being collected.

All the information needed in this clause is mentioned as one of the inputs within the management review meeting (Clause 9.3.2 – management review inputs) therefore, no further action is needed.

Clause 9.2 – Internal Audits

External audits are done by an official certification body to grant the ISO Certificate. The audit is typically done by a trained ISO 9001 lead auditor who is unbiased with regard to the processes being audited. Internal audits, on the other hand, are done by someone within the company or by a consultant such as Luke Desira.

Ideally, all processes within the company should undergo an internal audit once a year, and all actions, as mentioned within the ten clauses of the standard, should be implemented. These internal audits should be seen as an opportunity for improvement. A risk-based approach will decide the number of audits needed to ensure that the information flow within all processes is running as predicted, and that should there be any shortcomings the proper action is taken.

If your findings reveal that what is being done is better than the processes document, then said document should be updated. If, on the other hand, the findings reveal shortcomings, you may need to retrain the person responsible for the process, or you may need to find a way to create a fool-proof system that prevents mistakes.

To meet the requirement for Clause 9.2, your company has an internal audit plan that covers all the requirements of the standard, as well as evidence that an internal audit has been conducted by a competent person.

For guidance on internal auditing, please read more about ISO 19011.

Clause 9.3 – Management Review

Clause 9.3 – Management Review, relates to the discussions your company’s top management has about essential elements of the business. These discussions can be had throughout the year, or they can be reserved for the management review meeting.

The standard doesn’t actually require you to have one specific meeting to discuss all the pertinent topics. Clause 9.3 is to ensure that the key considerations of the QMS are reviewed according to your business’s needs. The Management Review is also needed to ensure that the QMS built during implementation is kept updated with any changes within the company.

Primarily, once a year, the company must have conversations to ensure goals are being met relating to:

  • The quality and efficiency of your business processes
  • Customer feedback
  • The performance of key suppliers
  • Other requirements by interested parties

The company must also ensure that lessons for improvement are implemented, actioned and reviewed. Results from internal audits must be discussed, and nonconformities and corrective actions must be addressed.

To meet the obligations for Clause 9.3 as part of the requirements of ISO 9001 as a Quality Management System, evidence of discussions about the most important topics must be available. The management review meeting template provided on this website covers all the requirements for this clause.

One can find further information regarding meeting the requirements of ISO 9001 as a Quality Management System here.

Clause 10 – Improvement

Continual improvement is a much-espoused theme in meeting the requirements of ISO 9001 as a Quality Management System. Clause 10 is designed to ensure you have the processes in place that will help your QMS evolve and improve at a steady pace. You will need to be ready to correct mistakes, capitalize on your successes, and adjust course where necessary. The clause is divided into three subclauses:

  • Clause 10.1 – General
  • Clause 10.2 – Non-conformity and Corrective Action
  • Clause 10.3 – Continual Improvement

Clause 10.1 – General

Clause 10.1 talks about the concept of continual improvement. Continual improvement can happen over time at a gradual pace; improving a process by a few percentage points, for example. Continual improvement can also happen due to breakthrough changes that improve your processes by a much larger percentage.

The most important thing to keep in mind is that the only constant is change. A static organization is bound to become irrelevant and die. It is important, therefore, to ensure that the QMS helps guide your company’s strategic direction through continual improvements that create change.

There is no specific requirement for this clause. However, it is imperative that all prior requirements of ISO 9001 as a Quality Management System.

Clause 10.2 – Non-conformity and Corrective Action

The concept of learning from our mistakes is arguably one of the most important concepts within the ISO 9001 standard (second only to the quality objectives – Clause 6.2). Clause 10.2 provides the structure with which mistakes can be found and corrected, and the situation checked to prevent the mistake from happening again.

A corrective action process is a systematic approach to problem-solving. By following this step-by-step approach, companies will be working towards fixing the true problems in a company:

  • Description of the issue
  • Solution to solve the current issue
  • Root cause of the issue
  • Permanent solution to ensure the issue never repeats itself
  • Implement the solution
  • Follow-up on actions taken to ensure that the problem does not reoccur

By checking the issues that happen within your organization, you will notice trends, and you will be able to find your organization’s most critical teething problems. Monitoring the frequency with which these issues occur, as well as the severity of the problems, will enable you to use a fact-based approach to decide which issues must be addressed primarily, and which issues can wait.

The template for corrective actions, which is available on this website, meets the requirements of ISO 9001 as a Quality Management System.

Clause 10.3 – Continual Improvement

The IS0 9001 standard has provided your organization with a blueprint for managing a successful business, and Clause 10.3 is a final reminder of the importance of continual improvement. At this final stage, you must review the level to which you have reached your first goals. And you must decide whether the result is satisfactory or whether a change is needed.

To decide whether you need to amend your QMS, you must review the internal and external factors that affect your business, assess the strategic direction that your business is taking, and be sure to find and prioritize all risks and opportunities. Once you have found areas that need to be changed and improved, you must take the necessary action to implement those changes within your QMS.


The process of becoming ISO 9001 certified requires time and dedication on the part of everyone involved in the organization, from top to bottom. It may seem like a daunting endeavor, but the good news is that there is help at hand. Luke DesiraManagement Systems Specialist, will provide you with all the tools you need to successfully create and implement a QMS that will be considered worthy of certification. And, once you’ve put in the work, you’ll find that the benefits outweigh the efforts required to get certified. ISO 9001 certification, which is one of the major standards issued by the International Organization for Standardization (link here), will boost your image and improve your trust rating.

A strong QMS will help you to improve customer satisfaction and encourage repeat business. It will also help you streamline the processes within your organization, which can help you save both time and money. Using fact-based decision-making will give you a solid foundation from which you can grow and improve your products and services. Creating a culture that encourages participation among the entire workforce and that celebrates continuous improvement will help to foster engaged employees who are ultimately working towards one goal – the success of the company.

Interested in learning more?

Make sure to listen to what Luke Desira has to say about Risk Management in ISO 9001 and be sure to know how things can go wrong when implementing any ISO Standard. This will help you understand how to propel your business forward.

Read further about becoming successful with ISO 9001 or any other ISO standards that your organization implements and understand why they should pertain directly to your organization’s goal – have a look to see how your organization fits in these standards. You can also go ahead and learn more about how the implementation process is carried out when working with Luke Desira!

Learn more about Luke Desira’s services and take the leap by contacting Luke Desira now to start your journey in getting certified.

Make sure to also leave a like on our Facebook and LinkedIn profiles, and see to it that you subscribe to our Youtube Channel for more great content.


Book a Free 15 minute discovery call

Select a date and time to schedule a free 15 minute discovery call with Luke Desira.

Message Luke through an email


Give Luke a call

+356 7920 6686

Related Articles

Clause 10 of ISO 9001
ISO 9001

Close Examination | Clause 10 of ISO 9001

Clause 10 of ISO 9001 is the final clause of the standard. Clause 10 of ISO 9001 talks about improvement and the purpose of this blog is to give more information about this particular clause by going through what the standard says in this clause. Here, you can either listen to the video where Luke

Read More »
ISO 9001 Clause 9 - Management Review
ISO 9001

ISO 9001 Clause 9 – Performance Evaluation

Hey there, are you interested in ISO 9001? Well, you’re in the right place. This blog covers ISO 9001 Clause 9, to be exact. This blog is in fact part of a mini-series where the ISO 9001 standard is put under the spotlight and examined really closely. If you haven’t looked at the other blogs

Read More »
ISO 9001 Clause 8
ISO 9001

ISO 9001 Clause 8 Shining a Light on Key Processes

The scope of this blog is to go into great detail about ISO 9001 clause 8. Now given that ISO 9001 clause 8 talks about the key processes of your organization, this blog will cover the sales, purchasing, operations and design processes of your organization. In this blog, an overview will be given about each

Read More »
Scroll to Top