DIS (DRAFT INTERNATIONAL STANDARD) EN ISO 9001:2015
Committee name: Quality management and quality assurance procedures
Review published:14 May 2014
Review end date:31 Aug 2014
Quality management systems - Requirements
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC2, Quality systems.
This 5th edition of ISO 9001 cancels and replaces the 4th edition (ISO 9001:2008). This new edition represents a technical revision compared to the earlier edition, through the adoption of a revised clause sequence, the adaptation of the revised "quality management principles" and of new concepts.
NOTE TO THIS TEXT (which will not be included in the published International Standard):
This text has been prepared using the “high-level structure” (i.e. clause sequence, common text and terminology) provided in Annex SL, Appendix 2 of the ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2013. This is intended to enhance alignment among ISO’s management system standards, and to facilitate their implementation for organizations that need to meet the requirements of two or more such standards simultaneously.
The clause sequence of ISO 9001:2008 has been changed to be consistent with “Annex SL”. The text of Annex SL is highlighted in the main body of the text (clauses 1 to 10) by the use of blue font. This is only to facilitate analysis and will not be incorporated in the final version of ISO 9001.
This new harmonized approach allows for the addition of discipline-specific (in this case quality-specific) text which has been applied by including the following:
a) specific quality management system requirements considered essential to meet the scope of the ISO 9001 standard;
b) text to reflect the use of the Quality Management Principles that form the basis for ISO’s quality management system standards;
c) requirements and notes to clarify and ensure consistent interpretation and implementation of the common text in the context of a quality management system.
The adoption of a quality management system ought to be a strategic decision for an organization. A robust quality management system can help an organization to improve its overall performance and forms an integral component of sustainable development initiatives. The design and implementation of an organization's quality management system is influenced by the context of the organisation and the changes in that context, particularly with respect to:
a) its specific objectives;
b) the risks associated with its context and objectives;
c) the needs and expectations of its customers and other relevant interested parties;
d) the products and services it provides;
e) the complexity of processes it employs and their interactions;
f) the competence of persons within or working on behalf of the organization;
g) its size and organizational structure.
The context of an organization can include internal factors such as organizational culture, and external factors such as the socio-economic conditions under which it operates; consequently all the requirements of this International Standard are generic but the ways in which they are applied can differ from one organization to another. Accordingly, it is not the intent of this International Standard to imply the need for uniformity in the structure of different quality management systems, or uniformity of documentation to align to the clause structure of this International Standard, or to impose specific terminology to be used within the organization.
The quality management system requirements specified in this International Standard are complementary to requirements for products and services.
Information marked “NOTE” is for guidance in understanding or clarifying the associated requirement.
This International Standard can be used by internal and external parties, to assess the organization's ability to consistently meet customer, statutory and regulatory requirements applicable to the products and services it provides, the organization's own requirements and its aim to enhance customer satisfaction.
0.2 The ISO standards for quality management
This International Standard is one of the three core standards in the ISO portfolio of quality management system standards.
- ISO 9000 Quality management systems — Fundamentals and vocabulary provides an essential background for the proper understanding and implementation of this International Standard. The quality management principles described in detail in ISO 9000 were developed by ISO/TC 176, and have been taken into consideration during the development of this International Standard. These principles are not requirements in themselves, but they form the foundation of the requirements specified by this International Standard. An outline of the quality management principles is included in an Annex B to this International Standard.
- ISO 9001 (this International Standard) specifies requirements aimed primarily at giving confidence in the products and services provided by an organization and thereby improving customer satisfaction (see clause 1 Scope). Its proper implementation can also be expected to bring other organizational benefits such as improved internal communication, better understanding and control of the organization’s processes, and reduction in defects and waste.
- ISO 9004 Managing for the sustained success of an organization - A quality management approach provides guidance for organizations that choose to progress beyond the requirements of this International Standard to address a broader range of topics that can lead to continual improvement of the organization's overall performance. ISO 9004 includes guidance on a self-assessment methodology for an organization to be able to evaluate the level of maturity of its quality management system.
Other standards that have been developed to support the implementation of a quality management system include those in the ISO 10000 number range. These include guidelines on customer satisfaction, quality plans, quality management in projects, configuration management, measurement processes and measuring equipment, documentation, financial and economic benefits of quality management, training, statistical
techniques, the involvement and competence of people, selection of quality management system consultants and auditing of management systems. These standards are described further in Annex C of this International Standard.
0.3 Process approach
Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system. This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. Clause 4.4 of this International Standard includes specific requirements considered essential to the adoption of a process approach.
The process approach applies systematic definition and management of processes and their interactions so as to achieve the intended results in accordance with the quality policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using a “Plan-Do-Check-Act” (PDCA) methodology (see 0.4) with an overall focus on “Risk-based thinking" aimed at preventing undesirable outcomes (see 0.5).
When used within a quality management system, the process approach ensures:
a) understanding and consistently meeting requirements;
b) consideration of processes in terms of added value;
c) the achievement of effective process performance;
d) improvement of processes based on evaluation of data and information.
Figure 1 illustrates the process linkages between clauses 4 to 10 of this International Standard. This shows that customers play a significant role in defining the input requirements that the organization needs to meet at all stages of its quality management system. In addition, the needs and expectations of other relevant interested parties can also play a role in defining those requirements. Monitoring of customer satisfaction requires the evaluation of information relating to customer perceptions as to whether the organization has met these requirements.
The schematic model shown in Figure 1 covers all the requirements of this International Standard, but does not show the individual processes at a detailed level. Each of these processes, and the system as a whole, can be managed using the PDCA methodology described in clause 0.4 of this International Standard.
Figure 1 - Model of a process-base d quality management system, showing the links to the clauses of this International Standard
0.4 Plan-Do-Check-Act cycle
The methodology known as “Plan-D o-Check-Act” (PDCA) can be applied to all processes and to the quality management system as a whole. Th e clauses of this International Standard broadly follow the PDCA cycle which can be briefly described as follows:
— Plan: establish the objectives of the system and its component processes, and the resources needed to deliver results in accordance wit h customers’ requirements and the organization’s policies.
— Do: implement what was plan ned.
— Check: monitor and (where applicable) measure processes and the resulting pr oducts and services against policies, objectives and requ irements, and report the results.
— Act: take actions to improve p rocess performance, as necessary.
Figure 2 shows schematically how a single process within the quality management system can be managed using the PDCA cycle.
Figure 2 - Schematic representation of a single process within the system
0.5 “Risk-based thinking”
Risk is the effect of uncertainty on a n expected result and the concept of risk-based thinking has always been implicit in ISO 9001. This International Standard makes risk-based thinking more explicit and incorporates it in requirements for the establishment, implementation, maintenance and continual improvement of the quality manage ment system. Organizations can choose to develop a more extensive risk-based approach than is required by this International Standard, and ISO 31000 provides guidelines on formal risk management which can be appropriate in certain organizational contexts.
Not all the processes of the quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives, and the consequences of process, prod uct, service or system nonconformities are not the same for all organizations. For some organizations, the consequences of delivering nonconforming products and services can result in minor inconvenience to the customer; for others, the consequences can be far-reaching and fatal. “Risk-based thinking” therefore means considering risk qualitatively (and, depending o n the organization’s context, quantitatively) when defining the rigour and degree of formality needed to plan and control the quality management system , as well as its component processes and activities.
0.6 Compatibility with other mana gement system standards
This International Standard has adopted the “high-level structure” (i.e. clause sequence, common text and common terminology) developed by ISO to improve alignment among its International Standards for
management systems. An explanation of some of the key elements of the “high level structure” and some of the key changes introduced in this International Standard is provided in Annex A.
This International Standard defines the requirements in an order that is consistent with organizational planning and process management, i.e.:
— Understanding the context of the organization, its quality management system and processes (Clause 4)
— Leadership, policy and responsibilities (Clause 5)
— Processes for planning and consideration of risks and opportunities (Clause 6)
— Processes for support, including resources, people and information (Clause 7)
— Operational processes related to customers and products and services (Clause 8)
— Processes for performance evaluation (Clause 9)
— Processes for improvement (Clause 10).
It is important to emphasize, however, that organizations are not required to follow an identical clause-by-clause sequence when defining their quality management system, and they are encouraged to use the Process Approach as described in clauses 0.3 to 0.5 of this International Standard.
This International Standard does not include requirements specific to other management systems, such as those for environmental management, occupational health and safety management, or financial management. However, this International Standard enables an organization to use the process approach, coupled with the PDCA methodology and risk-based thinking to align or integrate its quality management system with the requirements of other management system standards as it sees fit. It is possible for an organization to adapt its existing management system in order to address the requirements of this International Standard.
A matrix showing the correlation between the clauses of this International Standard and ISO 9001:2008 can be found on the ISO/TC 176/SC2 open access web site at: www.iso.org/tc176/sc02/public.
[Note to this DIS: The matrix will only be available after the June meeting of ISO/TC 176/SC2/WG23]
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 9001 was prepared by Technical Committee ISO/TC 176, Quality management and Quality Assurance, Subcommittee SC 2, Quality Systems.
This second/third/... edition cancels and replaces the first/second/... edition (), [clause(s) / subclause(s) / table(s) / figure(s) / annex(es)] of which [has / have] been technically revised.
This International Standard specifies requirements for a quality management system where an organization:
a) needs to demonstrate its ability to consistently provide product or service that meets customer and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All requirements of this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.
NOTE 1 In this International Standard, the terms “product” or “service” only apply to products and services intended for, or required by, a customer.
NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements.
2 Normative references
There are no normative references. This clause is included to maintain clause numbering alignment with other ISO management system standards,
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
person or group of people that has its own functions (3.25) with responsibilities, authorities and relationships to achieve its objectives (3.08)
Note 1 to entry: The concept of organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, association, charity or institution, or part or combination thereof, whether incorporated or not, public or private.
[SOURCE: ISO DIS 9000:2014, 3.2.1]
3.02 interested party
person or organization (3.01) that can affect, be affected by, or perceive themselves to be affected by a decision or activity
EXAMPLE Customers (3.26), owners, people in an organization (3.01), suppliers (3.27), bankers, unions, partners or society that may include competitors or opposing pressure groups.
[SOURCE: ISO DIS 9000:2014, 3.2.4]
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.01) and interested parties (3.02) that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, for example in documented information (3.11).
Note 3 to entry: A qualifier can be used to denote a specific type of requirement e.g. product (3.47) requirement, quality management (3.30) requirement, customer (3.26) requirement, quality requirement.
Note 4 to entry: Requirements can be generated by different interested parties (3.02).
Note 5 to entry: It can be necessary for achieving high customer satisfaction (3.57) to fulfil an expectation of a customer (3.26) even if it is neither stated nor generally implied or obligatory.
[SOURCE: ISO DIS 9000:2014, 3.5.4]
3.04 management system
set of interrelated or interacting elements of an organization (3.01) to establish policies (3.07) and objectives (3.08) and processes (3.12) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines e.g. quality management (3.30), financial management (3.29) or environmental management.
Note 2 to entry: The management system elements establish the organization’s (3.01) structure, roles and responsibilities, planning, operation, policies (3.07), practices, rules, beliefs, objectives (3.08) and processes (3.12) to achieve those objectives.
Note 3 to entry: The scope of a management system may include the whole of the organization (3.01), specific and identified functions (3.25) of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
[SOURCE: ISO DIS 9000:2014, 184.108.40.206]
3.05 top management
person or group of people who directs and controls an organization (3.01) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization (3.01).
Note 2 to entry: If the scope of the management system (3.04) covers only part of an organization (3.01), then top management refers to those who direct and control that part of the organization.
[SOURCE: ISO DIS 9000:2014, 3.1.1]
extent to which planned activities are realized and planned results achieved
[SOURCE: ISO DIS 9000:2014, 3.7.7]
intentions and direction of an organization (3.01), as formally expressed by its top management (3.05)
[SOURCE: ISO DIS 9000:2014, 3.4.5]
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product (3.47), service (3.48), and process(3.12)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a quality (3.37) objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).
Note 4 to entry: In the context of quality management systems (3.33), quality objectives are set by the organization (3.01), consistent with the quality policy (3.34), to achieve specific results.
[SOURCE: ISO DIS 9000:2014, 3.7.1]
effect of uncertainty on an expected result
Note 1 to entry: An effect is a deviation from the expected — positive or negative
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information (3.50) related to, understanding or knowledge (3.53) of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:209, 220.127.116.11) and “consequences” (as defined in ISO Guide 73:2009, 18.104.22.168), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, 22.214.171.124) of occurrence.
Note 5 to entry: The term “risk” is sometimes used when there is only the possibility of negative consequences
[SOURCE: ISO DIS 9000:2014, 3.7.4]
ability to apply knowledge (3.53) and skills to achieve intended results
Note 1 to entry: Demonstrated competence is sometimes referred to as qualification.
[SOURCE: ISO DIS 9000:2014, 3.6.6]
3.11 documented information
information (3.50) required to be controlled and maintained by an organization (3.01) and the medium on which it is contained
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to:
- the quality management system (3.33), including related processes (3.12);
- information (3.50) created in order for the organization (3.01) to operate (documentation);
- evidence of results achieved (records).
[SOURCE: ISO DIS 9000:2014, 126.96.36.199.1]
set of interrelated or interacting activities which transforms inputs into outputs (3.46) Note 1 to entry: Inputs to a process are generally outputs (3.46) of other processes.
Note 2 to entry: In some processes, some inputs become outputs (3.46) without any transformation e.g. a blueprint used in a manufacturing process or a catalyst in a chemical process.
Note 3 to entry: Processes in an organization (3.01) are generally planned and carried out under controlled conditions to add value.
Note 4 to entry: A process where the conformity (3.18) of the resulting output (3.46) cannot be readily or economically validated is frequently referred to as a “special process”.
[SOURCE: ISO DIS 9000:2014, 3.6.1]
3.13 performance measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to the management (3.29) of activities, processes (3.12), products (3.47), services (3.48), systems (3.31) or organizations (3.01).
[SOURCE: ISO DIS 9000:2014, 3.7.5]
3.14 outsource (verb)
make an arrangement where an external organization (3.01) performs part of an organization’s function (3.25) or process (3.12)
Note 1 to entry: An external organization (3.01) is outside the scope of the management system (3.04), although the outsourced function (3.25), or process (3.12), is within the scope.
[SOURCE: ISO DIS 9000:2014, 3.6.3]
determining (3.67) the status of a system (3.31), a process (3.12) or an activity
Note 1 to entry: To determine the status, there may be a need to check, supervise or critically observe.
Note 2 to entry: Monitoring is generally a determination (3.67) of the object (3.36) being monitored, carried out at different stages or at different times.
[SOURCE: ISO DIS 9000:2014, 188.8.131.52]
process (3.12) to determine (3.67) a value
Note 1 to entry: According to ISO 3534-2:2006 the value determined is generally the value of a quantity.
[SOURCE: ISO DIS 9000:2014, 3.13.3]
systematic and independent process (3.12) for obtaining objective evidence (3.61) and evaluating it objectively to determine the extent to which the audit criteria (3.60) are fulfilled
Note 1 to entry: An audit can be an internal audit (first party), or an external audit (second party or third party), and it can be a combined audit or a joint audit.
Note 2 to entry: Internal audits, sometimes called first-party audits are conducted by, or on behalf of, the organization (3.01) itself for management (3.29) review (3.68) and other internal purposes, and may form the basis for an organization’s declaration of conformity (3.18). In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
Note 3 to entry: External audits include those generally called second and third-party audits. Second party audits are conducted by parties having an interest in the organization (3.01), such as customers (3.26), or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations such as those providing certification/registration of conformity (3.18) to ISO 9001 or ISO 14001.
[SOURCE: ISO DIS 9000:2014, 3.10.1, modified – the definition has been modified and the original Note 1 to entry has been deleted]
fulfilment of a requirement (3.03)
Note 1 to term: In English the word 'conformance' is synonymous but deprecated. In French the word 'compliance' is synonymous but deprecated.
[SOURCE: ISO DIS 9000:2014, 3.5.6]
non-fulfilment of a requirement (3.03)
[SOURCE: ISO DIS 9000:2014, 3.5.5]
3.20 corrective action
action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence
Note 1 to definition: There can be more than one cause for a nonconformity (3.19).
Note 2 to entry: Corrective action is taken to prevent recurrence whereas preventive action is taken to prevent occurrence.
[SOURCE: ISO DIS 9000:2014, 3.11.2]
3.21 continual improvement
recurring activity to enhance performance (3.13)
Note 1 to entry: The process (3.12) of establishing objectives (3.08) and finding opportunities for improvement (3.28) is a continual process through the use of audit findings (3.62) and audit conclusions, analysis of data (3.49), management (3.29) reviews (3.68) or other means and generally leads to corrective action (3.21) or preventive action.
action to eliminate a detected nonconformity (3.19)
Note 1 to entry: A correction can be made in conjunction with a corrective action (3.21).
Note 2 to entry: A correction can be, for example, rework or regrade.
[SOURCE: ISO DIS 9000:2014, 3.11.3]
engagement in, and contribution to, shared objectives (3.08)
[SOURCE: ISO 10018:2012, 3.5]
3.24 context of the organization business environment
combination of internal and external factors and conditions that can have an effect on an organization's (3.01) approach to its products (3.47), services (3.48) and investments and interested parties (3.02)
Note 1 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service (3.48) organizations (3.01) as it is to those seeking profits.
Note 2 to entry: In English this concept is often referred to by other phrases such as business environment, organizational environment or ecosystem of an organization (3.01).
[SOURCE: ISO DIS 9000:2014, 3.2.3]
role to be carried out by a designated unit of the organization (3.01)
[SOURCE: ISO DIS 9000:2014, 3.2.5]
person or organization (3.01) that could or does not receive a product (3.47) or a service (3.48) is intended for or required by this person or organization
EXAMPLES Consumer, client, end-user, retailer, input to internal process (3.12), beneficiary and purchaser.
Note to entry: A customer can be internal or external to the organization (3.01). Customers outside of the organization are external customers. The output (3.46) of each internal process (3.12) is the input of the next process. The next process is the internal customer of the preceding process.
[SOURCE: ISO DIS 9000:2014, 3.2.6]
3.27 supplier provider
person or organization (3.01) that provides a product (3.47) or a service (3.48)
EXAMPLE Producer, distributor, retailer or vendor of a product (3.47) or a service (3.48) or information (350).
Note 1 to entry: A provider can be internal or external to the organization (3.01).
Note 2 to entry: In a contractual situation, a supplier is sometimes called a “contractor”.
[SOURCE: ISO DIS 9000:2014, 3.2.7]
activity to enhance performance (3.13)
Note to entry: Improvement can be achieved by a recurring or by a singular activity.
[SOURCE: ISO DIS 9000:2014, 3.3.1]
coordinated activities to direct and control an organization (3.01)
Note 1 to entry: Management can include establishing policies (3.07) and objectives (3.08) and processes (3.12) to achieve these objectives.
Note 2 to entry: The term “management” sometimes refers to people, i.e. a person or group of people with authority and responsibility for the conduct and control of an organization (3.01). When “management” is used in this sense, it should always be used with some form of qualifier to avoid confusion with the concept of “management” as a set of activities defined above. For example, “management shall…” is deprecated whereas “top management (3.05) shall…” is acceptable. Otherwise different words should be adopted to convey the concept when related to people e.g. managerial or managers.
[SOURCE: ISO DIS 9000:2014, 3.3.2]
3.30 quality management
management (3.29) with regard to quality (3.37)
Note to entry: Quality management generally includes establishment of the quality policy (3.34) and quality objectives (3.45), quality planning, quality control, quality assurance and quality improvement.
[SOURCE: ISO DIS 9000:2014, 184.108.40.206]
set of interrelated or interacting elements [SOURCE: ISO DIS 9000:2014, 3.4.1]
system (3.31) of facilities, equipment and services (3.48) needed for the operation of an organization (3.01)
3.33 quality management system
management system (3.04) with regard to quality (3.5.2) [SOURCE: ISO DIS 9000:2014, 220.127.116.11.1]
3.34 quality policy
policy (3.07) related to quality (3.37)
Note 1 to entry: Generally the quality policy is consistent with the overall policy (3.07) of the organization (3.01), can be aligned with the organization’s vision and mission and provides a framework for the setting of quality objectives (3.45).
Note 2 to entry: Quality management (3.30) principles presented in this International Standard can form a basis for the establishment of a quality policy (3.34)
[SOURCE: ISO DIS 9000:2014, 18.104.22.168]
planned activities to achieve an objective (3.08). [SOURCE: ISO DIS 9000:2014, 3.4.8]
anything perceivable or conceivable [ISO 1087-1:2000]
EXAMPLES Product (3.47), service (3.48), process (3.12), person, organization (3.01), system (3.31), resource.
Note 1 to entry: Objects may be material (e.g. an engine, a sheet of paper, a diamond), immaterial (e.g. conversion ratio, a project plan) or imagined (e.g. a unicorn).
[SOURCE: ISO DIS 9000:2014, 3.5.1]
degree to which a set of inherent characteristics (3.65) of an object (3.36) fulfils requirements (3.03)
Note 1 to entry: The term “quality” can be used with adjectives such as poor, good or excellent.
Note 2 to entry: “Inherent”, as opposed to “assigned”, means existing in the object (3.36).
[SOURCE: ISO DIS 9000:2014, 3.5.2]
3.38 statutory requirement
obligatory requirement (3.03) specified by a legislative body
[SOURCE: ISO DIS 9000:2014, 22.214.171.124]
3.39 regulatory requirement
obligatory requirement (3.03) specified by an authority mandated by a legislative body
[SOURCE: ISO DIS 9000:2014, 126.96.36.199]
nonconformity (3.19) related to an intended or specified use
Note 1 to entry: The distinction between the concepts defect and nonconformity (3.19) is important as it has legal connotations, particularly those associated with product (3.47) and service (3.48) liability issues.
Note 2 to entry: The intended use as intended by the customer (3.26) can be affected by the nature of the information (3.50), such as operating or maintenance instructions, provided by the supplier (3.27).
[SOURCE: ISO DIS 9000:2014, 188.8.131.52]
ability to trace the history, application or location of an object (3.36)
Note 1 to entry: When considering a product (3.47) or a service (3.48), traceability can relate to:
- the origin of materials and parts;
- the processing history; and
- the distribution and location of the product (3.47) or service (3.48) after delivery.
Note 2 to entry: In the field of metrology the definition in ISO/IEC GUIDE 99: 2007, is the accepted definition.
[SOURCE: ISO DIS 9000:2014, 3.5.8]
process (3.12) resulting in a new or substantially changed object (3.36)
Note 1 to entry: The object (3.36) for the purpose of innovation can be e.g. a management system (3.04), a process (3.12),a product (3.47), a service (3.48) or technology.
[SOURCE: ISO DIS 9000:2014, 184.108.40.206]
[SOURCE: ISO DIS 9000:2014, 3.6.4]
3.44 design and development
set of processes (3.12) that transforms requirements (3.03) for an object (3.36) into more detailed requirements
Note 1 to entry: The requirements (3.03) forming input to design and development can be expressed in a broader, more general sense than the requirements forming the output (3.46) of design and development. In a project there can be several design and development stages.
Note 2 to entry: In English the words “design” and “development” and the term “design and development” are sometimes used synonymously and sometimes used to define different stages of the overall design and development. In French the words “conception” and “development” and the term “conception et development” are sometimes used synonymously and sometimes used to define different stages of the overall design and development.
Note 3 to entry: A qualifier can be applied to indicate the nature of what is being designed and developed, e.g. product (3.47) design and development, or process (3.12) design and development.
[SOURCE: ISO DIS 9000:2014, 3.6.5]
3.45 quality objective
objective (3.08) related to quality (3.37)
Note 1 to entry: Quality objectives are generally based on the organization's (3.01) quality policy (3.34).
Note 2 to entry: Quality objectives are generally specified for relevant functions (3.25) and levels in the organization (3.01).
[SOURCE: ISO DIS 9000:2014, 220.127.116.11]
result of a process (312)
Note 1 to entry “output”: There are four generic output categories, as follows:
— services (e.g. transport);
— software (e.g. computer program, dictionary);
— hardware (e.g. engine mechanical part);
— processed materials (e.g. lubricant).
Many outputs comprise elements belonging to different generic output categories. Whether the output is then called service, product, software, hardware or processed material depends on the dominant element. For example, a car consists of hardware (e.g. tires), processed materials (e.g. fuel, cooling liquid), software (e.g. engine control software, driver's manual), and service (e.g. operating explanations given by the salesman).
Note 2 to entry “output”: The ownership of a product can usually be transferred. This is not necessarily the case for a service.
[SOURCE: ISO DIS 9000:2014, 3.7.3]
output (3.46) that is a result of activities where none of them necessarily is performed at the interface between the provider (3.27) and the customer (3.26)
Note 1 to entry “product”: Hardware is generally tangible and its amount is a countable characteristic. Processed materials are generally tangible and their amount is a continuous characteristic. Hardware and
processed materials often are referred to as goods. Software consists of information and is generally intangible and can be in the form of approaches, transactions or documented information (3.11).
[SOURCE: ISO DIS 9000:2014, 18.104.22.168, modified – Note 1 to entry has been modified]
intangible output (3.46) that is the result of at least one activity necessarily performed at the interface between the provider and the customer
Note 1 to entry “service”: Provision of a service can involve, for example, the following:
— an activity performed on a customer-supplied tangible product (e.g. a car to be repaired);
— an activity performed on a customer-supplied intangible product (e.g. the income statement needed to prepare a tax return);
— the delivery of an intangible product (e.g. the delivery of information in the context of knowledge transmission);
— the creation of ambience for the customer (e.g. in hotels and restaurants);
A service is usually experienced by the customer.
[SOURCE: ISO DIS 9000:2014, 22.214.171.124]
facts about an object (3.36)
[SOURCE: ISO DIS 9000:2014, 3.8.1]
meaningful data (3.49)
[SOURCE: ISO DIS 9000:2014, 126.96.36.199]
3.51 objective evidence
data (3.49) supporting the existence or verity of something
Note 1 to entry: Objective evidence may be obtained through observation, measurement (3.16), test, or other means.
Note 2 to entry: Objective evidence for the purpose of audit (3.17) generally consists of records, statements of fact or other information (3.50) which are relevant to the audit criteria (3.60) and verifiable
[SOURCE: ISO DIS 9000:2014, 188.8.131.52]
3.52 information system
<QMS> network of communication channels used within an organization (3.01) [SOURCE: ISO DIS 9000:2014, 3.8.2]
available collection of information (3.50) being a justified belief and having a high certainty to be true
[SOURCE: ISO DIS 9000:2014, 3.8.3]
confirmation, through the provision of objective evidence (3.51), that specified requirements (3.03) have been fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other forms of determination (3.67) such as performing alternative calculations or reviewing documented information (3.11).
Note 2 to entry: The activities carried out for verification are sometimes called a qualification process (3.12)
Note 3 to entry: The word “verified” is used to designate the corresponding status.
[SOURCE: ISO DIS 9000:2014, 3.8.5, modified – Note 1 to entry has been modified]
confirmation, through the provision of objective evidence, that the requirements (3.03) for a specific intended use or application have been fulfilled
Note 1 to entry: The objective evidence (3.51) needed for a validation is the result of a test or other form of determination (3.67) such as performing alternative calculations or reviewing documented information (3.11).
Note 2 to entry: The word “validated” is used to designate the corresponding status.
Note 3 to entry: The use conditions for validation can be real or simulated.
[SOURCE: ISO DIS 9000:2014, 3.8.6, modified – Note 1 to entry has been modified]
opinions, comments and expressions of interest in a product, a service or a complaints-handling process [SOURCE: ISO DIS 9000:2014, 3.9.2]
3.57 customer satisfaction
customer’s (3.26) perception of the degree to which the customer’s expectations have been fulfilled
Note 1 to entry: It can be that the customer’s (3.26) expectation is not known to the organization (3.01), or even to himself/herself until the product (3.47) or service (3.48) is delivered. It can be necessary for
achieving high customer satisfaction to fulfil an expectation of a customer even if it is neither stated nor generally implied or obligatory.
Note 2 to entry: Complaints (3.58) are a common indicator of low customer satisfaction but their absence does not necessarily imply high customer satisfaction.
Note 3 to entry: Even when customer (3.26) requirements (3.03) have been agreed with the customer and fulfilled, this does not necessarily ensure high customer satisfaction.
Note 4 to entry: See ISO 10004, Quality Management — Customer satisfaction — Guidelines for monitoring and measuring.
[SOURCE: ISO DIS 9000:2014, 3.9.3]
<customer satisfaction> expression of dissatisfaction made to an organization (3.01), related to its product (3.47) or service (3.48), or the complaints-handling process (3.12) itself, where a response or resolution is explicitly or implicitly expected
[SOURCE: ISO DIS 9000:2014, 3.9.4]
3.59 audit programme
set of one or more audits (3.17) planned for a specific time frame and directed towards a specific purpose [SOURCE: ISO DIS 9000:2014, 3.10.9]
3.60 audit criteria
set of policies (3.07), documented information (3.11) or requirements (3.03) used as a reference against which audit evidence (3.61) is compared
[SOURCE: ISO DIS 9000:2014, 3.10.12, modified]
3.61 objective / audit evidence
records, statements of fact or other information (3.50), which are relevant to the audit criteria (3.60) and verifiable
[SOURCE: ISO DIS 9000:2014, 3.10.13]
3.62 audit findings
results of the evaluation of the collected audit evidence (3.61) against audit criteria (3.60) Note 1 to entry: Audit findings indicate conformity (3.18) or nonconformity (3.19).
Note 2 to entry: Audit findings can lead to the identification of opportunities for improvement (3.28) or recording good practices.
Note 3 to entry: In English, if the audit criteria (3.60) are selected from statutory requirements (3.38) or regulatory requirements (3.39), the audit finding can be called compliance or non-compliance.
[SOURCE: ISO DIS 9000:2014, 3.10.14]
permission to use or release (3.64) a product (3.47) or service (3.48) that does not conform to specified requirements (3.03)
Note to entry: A concession is generally limited to the delivery of products (3.47) and services (3.48) that have nonconforming (3.19) characteristics (3.65) within specified limits and is generally given for a limited quantity of products and services, for a period of time, and for a specific use.
[SOURCE: ISO DIS 9000:2014, 3.11.5]
permission to proceed to the next stage of a process (3.12)
Note to entry: In English, in the context of software and documented information (3.11), the word “release” is frequently used to refer to a version of the software or the documented information itself.
[SOURCE: ISO DIS 9000:2014, 3.11.7, modified – The Note to entry has been modified]
Note 1 to entry: A characteristic can be inherent or assigned. Note 2 to entry: A characteristic can be qualitative or quantitative.
Note 3 to entry: There are various classes of characteristic, such as the following:
a) physical (e.g. mechanical, electrical, chemical or biological characteristics);
b) sensory (e.g. related to smell, touch, taste, sight, hearing);
c) behavioural (e.g. courtesy, honesty, veracity);
d) temporal (e.g. punctuality, reliability, availability).
e) ergonomic (e.g. physiological characteristic, or related to human safety);
f) functional (e.g. maximum speed of an aircraft).
[SOURCE: ISO DIS 9000:2014, 3.12.1]
3.66 performance indicator performance metric
characteristic (3.65) having significant impact on realization of the output (3.46) and customer satisfaction (3.57)
EXAMPLES Nonconformities (3.19) per million opportunities, first time capability, nonconformities per unit.
Note to entry: The characteristic (3.65) can be quantitative or qualitative
[SOURCE: ISO DIS 9000:2014, 184.108.40.206]
activity to find out one or more characteristics (3.65) and their characteristic values [SOURCE: ISO DIS 9000:2014, 3.13.1]
determination (3.67) of the suitability, adequacy or effectiveness (3.06) of an object (3.36) to achieve established objectives (3.08)
EXAMPLES Management (3.29) review, design and development review, review of customer (3.26) requirements (3.03), nonconformity (3.19) review and peer review.
Note to entry: Review can also include the determination (3.67) of efficiency.
[SOURCE: ISO DIS 9000:2014, 220.127.116.11]
3.69 measuring equipment
measuring instrument, software, measurement standard, reference material or auxiliary apparatus or combination thereof necessary to realize a measurement (3.16) process (3.12)
[SOURCE: ISO DIS 9000:2014, 3.13.5]
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.
The organization shall monitor and review the information about these external and internal issues.
NOTE 1 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional or local.
NOTE 2 Understanding the internal context can be facilitated by considering issues related to values, culture knowledge and performance of the organization.
Προσδιορισμός εξωτερικών και εσωτερικών θεμάτων¹ σημαντικών για τους στόχους και τη στρατηγική του οργανισμού και συνεχής παρακολούθηση αυτών. Σκοπός είναι να προσδιοριστούν τα θέματα και να αξιολογηθεί ποια επηρεάζουν την ικανότητα ενός Οργανισμού να επιτύχει τα επιδιωκόμενα αποτελέσματα του Συστήματος Διαχείρισης της Ποιότητας. 1) Εξωτερικά θέματα μπορεί να σχετίζονται με το θεσμικό και τεχνολογικό περιβάλλον, τον ανταγωνισμό, την αγορά, το πολιτιστικό, κοινωνικό και οικονομικό περιβάλλον, σε διεθνές, εθνικό, περιφερειακό ή τοπικό επίπεδο. 2) Εσωτερικά θέματα σχετίζονται με τις αξίες, την κουλτούρα, τις γνώσεις και τις επιδόσεις του Οργανισμού
Ο Οργανισμός θα πρέπει να προσδιορίσει πως το Εξωτερικό και Εσωτερικό Περιβάλλον μπορεί να επηρεάσει τη λειτουργία της αναλύοντας τους εξής παράγοντες: - Πολιτικούς (Political) - Οικονομικούς (Economical) - Κοινωνικούς (Social) - Τεχνολογικούς (Technological) Ανάλυση των θεμάτων που επηρεάζουν τη λειτουργία του οργανισμού. Συγκεκριμένα: - Εξωτερικά θέματα: • Νομικές και Κανονιστικές Απαιτήσεις • Τεχνολογικές εξελίξεις • Αναλύσεις Αγοράς • Οικονομικές Αναλύσεις • Στρατηγικός Σχεδιασμός - Εσωτερικά θέματα: • Μοντέλο Διοίκησης • Προσδιορισμός Θεμάτων Κουλτούρας ⧉ Συνοπτική Περιγραφή σε Εγχειρίδιο Οργανισμού ή Πλαίσιο Λειτουργίας Οργανισμού με θεματικές ενότητες: - Προφίλ Οργανισμού - Οργανωτική Δομή - Πεδίο Εφαρμογής / Εξαιρέσεις Αιτιολόγηση - Περιγραφή Πλαισίου Λειτουργίας - Περιγραφή Ενδιαφερομένων Μερών - Περιγραφή Μοντέλου Διεργασιών
4.2 Understanding the needs and expectations of interested parties
Due to their impact or potential impact on the organisation’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine:
a) the interested parties that are relevant to the quality management system;
b) the requirements of these interested parties that are relevant to the quality management system.
The organization shall monitor and review the information about these interested parties and their relevant requirements.
Προσδιορισμός • των ενδιαφερομένων μερών σχετικών με το Σύστημα Διαχείρισης Ποιότητας και • των απαιτήσεων και των προσδοκιών των ενδιαφερομένων μερών σχετικών με το Σύστημα Διαχείρισης Ποιότητας Σκοπός είναι η παρακολούθηση και ο έλεγχος των πληροφοριών που παρέχονται στα ενδιαφερόμενα μέρη καθώς και των απαιτήσεων και των προσδοκιών των ενδιαφερομένων μερών. Με τον τρόπο αυτό προσδιορίζεται η ικανότητα του Οργανισμού να παρέχει με συνέπεια προϊόντα και υπηρεσίες που ικανοποιούν τις απαιτήσεις του πελάτη και τις εφαρμοστέες νομικές και κανονιστικές απαιτήσεις
Ο Οργανισμός θα πρέπει να προσδιορίσει τα ενδιαφερόμενα μέρη που επηρεάζουν τη λειτουργία τους και τις απαιτήσεις τους: • πελάτες • ιδιοκτήτες • προμηθευτές • τράπεζες • συνεργάτες • επίσημοι φορείς/αρχές • πανεπιστήμια • ενώσεις, ομοσπονδίες • αναπτυξιακά κέντρα
4.3 Determining the scope of the quality management system
The organization shall determine the boundaries and applicability of the quality management system to establish its scope.
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organization.
Where a requirement of this International Standard within the determined scope can be applied, then it shall be applied by the organization.
If any requirement(s) of this International Standard cannot be applied, this shall not affect the organization’s ability or responsibility to ensure conformity of products and services.
The scope shall be available and be maintained as documented information stating the:
— products and services covered by the quality management system;
— justification for any instance where a requirement of this International Standard cannot be applied.
Προσδιορισμός των ορίων και του πεδίου εφαρμογής του Συστήματος Διαχείρισης Ποιότητας. Προσδιορισμός του πεδίου εφαρμογής, λαμβάνοντας υπόψη τα εσωτερικά και εξωτερικά θέματα, καθώς και τις απαιτήσεις των ενδιαφερομένων μερών. Τεκμηριωμένο πεδίο εφαρμογής, που αναφέρει με σαφήνεια τα προϊόντα και τις υπηρεσίες που εμπίπτουν στο Σύστημα Διαχείρισης Ποιότητας
⧉ Τεκμηρίωση του Πεδίου Εφαρμογής ⧉ Τεκμηριωμένη αιτιολόγηση της εξαίρεσης απαιτήσεων από το πεδίο εφαρμογής του Συστήματος Διαχείρισης Ποιότητας Περιγραφή των διεργασιών εντός του πεδίου εφαρμογής, συμπεριλαμβανομένων των διεργασιών που αναλαμβάνονται από εξωτερικούς συνεργάτες • Προσδιορισμός των γεωγραφικών ορίων αλλά και του τεχνικού αντικειμένου ⧉ Συνοπτική Περιγραφή σε Εγχειρίδιο Οργανισμού ή Πλαίσιο Λειτουργίας Οργανισμού με θεματικές ενότητες: - Προφίλ Οργανισμού - Οργανωτική Δομή - Πεδίο Εφαρμογής / Εξαιρέσεις Αιτιολόγηση - Περιγραφή Πλαισίου Λειτουργίας - Περιγραφή Ενδιαφερομένων Μερών - Περιγραφή Μοντέλου Διεργασιών
4.4 Quality management system and its processes
The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.
The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine:
a) the inputs required and the outputs expected from these processes;
b) the sequence and interaction of these processes;
c) the criteria, methods, including measurements and related performance indicators needed to ensure the effective operation, and control of these processes;
d) the resources needed and ensure their availability;
e) the assignment of the responsibilities and authorities for these processes;
f) the risks and opportunities in accordance with the requirements of 6.1, and plan and implement the appropriate actions to address them;
g) the methods for monitoring, measuring, as appropriate, and evaluation of processes and, if needed, the changes to processes to ensure that they achieve intended results;
h) opportunities for improvement of the processes and the quality management system.
The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.
Σκοπός είναι ο προσδιορισμός, η παρακολούθηση, η αξιολόγηση και η βελτίωση των διεργασιών του Συστήματος Διαχείρισης Ποιότητας που απαιτούνται για την επίτευξη των επιδιωκόμενων αποτελεσμάτων. Τα κάτωθι θα πρέπει να λαμβάνονται υπόψη: • τα εισερχόμενα και αναμενόμενα αποτελέσματα διεργασιών • η ακολουθία και αλληλεπίδραση των διεργασιών • τα κριτήρια, οι μέθοδοι, η μέτρηση δεικτών απόδοσης για τη διασφάλιση του αποτελεσματικού ελέγχου των διεργασιών • οι απαιτούμενοι και διαθέσιμοι πόροι • οι ευθύνες και αρμοδιότητες για τις διεργασίες • οι απειλές και οι ευκαιρίες • οι απαραίτητες αλλαγές • οι ευκαιρίες βελτίωσης Τεκμηριωμένες πληροφορίες απαιτούνται για την υποστήριξη των διεργασιών και την υλοποίηση αυτών όπως έχουν σχεδιαστεί
⧉Περιγραφή της αλληλεπίδρασης των διεργασιών π.χ. χρήση μοντέλου διεργασιοκεντρικής προσέγγισης ⧉Κατάλογος κατόχων των διεργασιών ⧉Περιγραφές Θέσεων Εργασίας για τους κατόχους των διεργασιών ⧉Σύνδεση των διεργασιών με περαιτέρω έγγραφα (τεκμηριωμένες διαδικασίες, οδηγίες εργασιών κτλ) ⧉Ανάλυση των διεργασιών ως προς τις απειλές και τις ευκαιρίες και προσδιορισμός αντίστοιχων ενεργειών ⧉Δείκτες απόδοσης για τη μέτρηση της αποτελεσματικότητας των διεργασιών ⧉Διάθεση Πόρων ⧉Κατάλογος τεκμηριωμένων πληροφοριών για την υλοποίηση των διεργασιών ⧉ Συνοπτική Περιγραφή σε Εγχειρίδιο Οργανισμού ή Πλαίσιο Λειτουργίας Οργανισμού με θεματικές ενότητες: - Προφίλ Οργανισμού - Οργανωτική Δομή - Πεδίο Εφαρμογής / Εξαιρέσεις Αιτιολόγηση - Περιγραφή Πλαισίου Λειτουργίας - Περιγραφή Ενδιαφερόμενων Μερών - Περιγραφή Μοντέλου Διεργασιών
• Δείκτες ικανοποίησης πελατών • Δείκτες απόδοσης διεργασιών (βλ παρακάτω) • Δείκτες επίτευξης στόχων • Δείκτες αξιολόγησης κόστους διεργασιών • Δείκτες παρακολούθησης διάθεσης πόρων
5.1 Leadership and commitment
5.1.1 Leadership and commitment for the quality management system
Top management shall demonstrate leadership and commitment with respect to the quality management system by:
a) taking accountability of the effectiveness of the quality management system;
b) ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the strategic direction and the context of the organization;
c) ensuring that the quality policy is communicated, understood and applied within the organization;
d) ensuring the integration of the quality management system requirements into the organization’s business processes;
e) promoting awareness of the process approach;
f) ensuring that the resources needed for the quality management system are available;
g) communicating the importance of effective quality management and of conforming to the quality management system requirements;
h) ensuring that the quality management system achieves its intended results;
i) engaging, directing and supporting persons to contribute to the effectiveness of the quality management system;
j) promoting continual improvement;
k) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence; whether the organization is public, private, for profit or not for profit.
Τα στελέχη της ανώτατης διοίκησης οφείλουν να επιδεικνύουν ηγετικό ρόλο και δέσμευση, αναλαμβάνοντας ευθύνη για την: • εφαρμογή και την αποτελεσματικότητα του Συστήματος Διαχείρισης Ποιότητας • χάραξη της πολιτικής ποιότητας και τον καθορισμό στόχων κατάλληλων για τη στρατηγική και το πλαίσιο του οργανισμού • επικοινωνία της πολιτικής και διασφάλιση ότι είναι κατανοητή και υλοποιείται στο πλαίσιο του οργανισμού • διασφάλιση της ενσωμάτωσης των απαιτήσεων του Συστήματος Διαχείρισης Ποιότητας στις επιχειρησιακές διεργασίες του Οργανισμού • προώθηση της διεργασιακής προσέγγισης (process approach) και της προσέγγισης διακινδύνευσης (risk-based thinking) • διασφάλιση της απαραίτητης διαθεσιμότητας πόρων • διασφάλιση ότι επιτυγχάνονται τα επιθυμητά αποτελέσματα του Συστήματος Διαχείρισης Ποιότητας • υποστήριξη του προσωπικού και άλλων, προκειμένου να διασφαλιστεί η αποτελεσματικότητα του Συστήματος Διαχείρισης Ποιότητας
Γραπτή Δήλωση Πολιτικής Ποιότητας και στόχοι ⧉ Άλλες εταιρικές πολιτικές (εάν υπάρχουν) ⧉ Αποδεικτικά στοιχεία εκπαίδευσης του προσωπικού στις πολιτικές της εταιρείας ⧉ Αναρτήσεις Πολιτικών στο διαδίκτυο ⧉ Αποτελέσματα περιοδικών ανασκοπήσεων του Συστήματος Διαχείρισης Ποιότητας ⧉ Ανασκόπηση από τη Διοίκηση ⧉ Ενέργειες εάν δεν επιτευχθούν τα αποτελέσματα / στόχοι ⧉ Εσωτερική Επικοινωνία (γνωστοποιήσεις, υπηρεσιακά σημειώματα, memo κτλ) ⧉ Επενδυτικά σχέδια (business plan) ⧉ Παροχή πόρων για εκπαίδευση προσωπικού, εκσυγχρονισμό κτλ ⧉ Έργα συνεχούς βελτίωσης
Ποσοστό εκπλήρωσης στόχων σε συγκεκριμένο χρονικό διάστημα • Δείκτης ικανοποίησης πελατών • Δείκτης παραπόνων (σε σχέση με όγκο πωλήσεων ή παραγόμενου προϊόντος ή τζίρου) • Δείκτης κατάρτισης προσωπικού • Απόδοση επενδύσεων (RoI) • Περιθώριο κέρδους • Ποσοστό υλοποίησης επενδύσεων • Ποσοστό διακύμανσης προσωπικού • Δείκτες ικανοποίησης προσωπικού
5.1.2 Customer focus
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
a) customer requirements and applicable statutory and regulatory requirements are determined and met;
b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed;
c) the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements is maintained;
d) the focus on enhancing customer satisfaction is maintained.
Ηγεσία και δέσμευση για την ικανοποίηση του πελάτη μέσω: • της επικοινωνίας, της κατανόησης και της εκπλήρωσης των απαιτήσεων του πελάτη καθώς και νομικών και κανονιστικών απαιτήσεων • προσδιορισμού των απειλών και των ευκαιριών σχετικά με τη συμμόρφωση των προϊόντων και των υπηρεσιών • εστίασης στη βελτίωση της ικανοποίησης του πελάτη
⧉ Καθορισμένες απαιτήσεις πελάτη μέσα από έγγραφα συμφωνιών, συμβάσεων, προδιαγραφών προϊόντων ή / και υπηρεσιών, παραγγελιών κτλ • Κατάλογος νομικών και κανονιστικών απαιτήσεων σε σχέση με το προϊόν ή την παρεχόμενη υπηρεσία • Αξιολόγηση εκπλήρωσης των απαιτήσεων του πελάτη • Έρευνες Ικανοποίησης Πελατών • Έρευνες Αγοράς • Καταγραφή, αξιολόγηση και ανάλυση παραπόνων πελατών
Δείκτης ικανοποίησης πελατών • Δείκτης παραπόνων • Ανάλυση πωλήσεων (τζίρος, επαναληψιμότητα παραγγελιών, σταθερότητα πελατών κτλ) • Κύκλος ζωής προϊόντων • Δείκτες παράδοσης προϊόντων • Μη συμμορφούμενα προϊόντα / ανά όγκο πωλήσεων
5.2 Quality policy
5.2.1 Top management shall establish, review and maintain a quality policy that:
a) is appropriate to the purpose and context of the organization;
b) provides a framework for setting and reviewing quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality management system.
Τα στελέχη της ανώτατης διοίκησης οφείλουν να ορίζουν και να επικαιροποιούν την πολιτική ποιότητας. Η πολιτική ποιότητας πρέπει: • να είναι κατάλληλη για τους στόχους και το πεδίο εφαρμογής του οργανισμού • να δημιουργεί ένα πλαίσιο για τον ορισμό και την ανασκόπηση των στόχων ποιότητας • να περιλαμβάνει τη δέσμευση για την ικανοποίηση των εφαρμοστέων απαιτήσεων • να περιλαμβάνει τη δέσμευση για συνεχή βελτίωση
⧉ Γραπτή Δήλωση Πολιτικής Ποιότητας • Άλλες εταιρικές πολιτικές • Ανασκόπηση καταλληλότητας της πολιτικής ποιότητας μέσα από την ανασκόπηση από τη διοίκηση
5.2.2 The quality policy shall:
a) be available as documented information;
b) be communicated, understood and applied within the organization;
c) be available to relevant interested parties, as appropriate.
Η πολιτική ποιότητας πρέπει: • να είναι διαθέσιμη ως τεκμηριωμένη πληροφορία • να κοινοποιείται, να είναι κατανοητή και να εφαρμόζεται εντός του οργανισμού • να είναι διαθέσιμη στα σχετικά ενδιαφερόμενα μέρη, όπως κρίνεται απαραίτητο
⧉ Γραπτή Δήλωση Πολιτικής Ποιότητας • Άλλες εταιρικές πολιτικές • Αποδεικτικά στοιχεία εκπαίδευσης του προσωπικού στην πολιτική ποιότητας • Αναρτήσεις Πολιτικής στο διαδίκτυο • Έντυπες εκδόσεις για τα ενδιαφερόμενα μέρη
5.3 Organizational roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.
Top management shall assign the responsibility and authority for:
a) ensuring that the quality management system conforms to the requirements of this International Standard;
b) ensuring that the processes are delivering their intended outputs;
c) reporting on the performance of the quality management system, on opportunities for improvement and on the need for change or innovation, and especially for reporting to top management;
d) ensuring the promotion of customer focus throughout the organization;
e) ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.
Ανάθεση, επικοινωνία και κατανόηση των ευθυνών, των αρμοδιοτήτων και των σχετι- κών ρόλων εντός του οργανισμού, προκειμένου να διασφαλιστεί ότι: • το Σύστημα Διαχείρισης Ποιότητας πληροί τις προϋποθέσεις του προτύπου ISO 9001:2015 • οι διεργασίες παρέχουν το επιδιωκόμενο αποτέλεσμα • τα ανώτερα διοικητικά στελέχη ενημερώνονται για την απόδοση του Συστήματος Διαχείρισης Ποιότητας και της προοπτικής βελτίωσής του • προωθείται η εστίαση στον πελάτη • τηρείται η ακεραιότητα του Συστήματος Διαχείρισης Ποιότητας, ακόμη και στην περίπτωση αλλαγών
• Οργανογράμματα • Περιγραφές θέσεων εργασίας • Καθορισμός προφίλ θέσεων εργασίας • Ορισμός διοικητικών στελεχών και ανώτερων διοικητικών στελεχών • Ορισμός κατόχων διεργασιών • Συμβάσεις τρίτων μερών • Σχεδιασμός έργων και αλλαγές • Αναφορές Εσωτερικών Επιθεωρήσεων • Ανασκόπηση από τη Διοίκηση
Δείκτες Αξιολόγησης Εργαζομένων • Ποσοστό διακύμανσης προσωπικού
6 Planning for the quality management system
6.1 Actions to address risks and opportunities
6.1.1 When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects; c) achieve continual improvement.
Ο στόχος είναι ο σχεδιασμός του Συστήματος Διαχείρισης Ποιότητας κατά τρόπο που, λαμβάνοντας υπόψη τα εσωτερικά και εξωτερικά θέματα, τις απαιτήσεις των ενδιαφερομένων μερών, να εντοπίζει τις απειλές και τις ευκαιρίες που πρέπει να αντιμετωπίζονται ή να αξιοποιούνται ώστε: • το Σύστημα Διαχείρισης Ποιότητας να επιτυγχάνει τα επιδιωκόμενα αποτελέσματα • να αποτρέπονται ή να μειώνονται μη επιθυμητά αποτελέσματα • να ενδυναμώνονται τα επιθυμητά (θετικά) αποτελέσματα • να επιτυγχάνεται συνεχής βελτίωση
⧉ Κατάλογος απειλών ⧉ Κατάλογος ευκαιριών ⧉ Επενδυτικά σχέδια ⧉ Στρατηγικά σχέδια • Σχέδια Αλλαγών
• Δείκτες Υλοποίησης Επενδυτικών Σχεδίων • Δείκτες Αστοχιών • Ποσοστό υλοποίησης ενεργειών
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.
NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
6.2 Quality objectives and planning to achieve them
6.2.1 The organization shall establish quality objectives at relevant functions, levels and processes.
The quality objectives shall:
a) be consistent with the quality policy,
b) be measurable;
c) take into account applicable requirements;
d) be relevant to conformity of products and services and the enhancement of customer satisfaction;
e) be monitored;
f) be communicated;
g) be updated as appropriate.
The organization shall retain documented information on the quality objectives.
6.2.2 When planning how to achieve its quality objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.
6.3 Planning of changes
Where the organization determines the need for change to the quality management system (see 4.4) the change shall be carried out in a planned and systematic manner.
The organization shall consider:
a) the purpose of the change and any of its potential consequences;
b) the integrity of the quality management system;
c) the availability of resources;
d) the allocation or reallocation of responsibilities and authorities.
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system.
The organization shall consider:
a) the capabilities of, and constraints on, existing internal resources;
b) what needs to be obtained from external providers.
7.1.2 People (at the moment blank clause)
7.1.3 (at the moment blank clause)
The organization shall determine, provide and maintain the infrastructure for the operation of its processes to achieve conformity of products and services.
NOTE Infrastructure can include:
a) buildings and associated utilities;
b) equipment including hardware and software;
d) information and communication technology.
7.1.5 Environment for the operation of processes
The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services.
NOTE Environment for the operation of processes can include physical, social, psychological, environmental
and other factors (such as temperature, humidity, ergonomics and cleanliness).
7.1.6 Monitoring and measuring resources
Where monitoring or measuring is used for evidence of conformity of products and services to specified requirements the organization shall determine the resources needed to ensure valid and reliable monitoring and measuring results.
The organization shall ensure that the resources provided:
a) are suitable for the specific type of monitoring and measurement activities being undertaken;
b) are maintained to ensure their continued fitness for their purpose.
The organization shall retain appropriate documented information as evidence of fitness for purpose of monitoring and measurement resources.
Where measurement traceability is: a statutory or regulatory requirement; a customer or relevant interested party expectation; or considered by the organization to be an essential part of providing confidence in the validity of measurement results; measuring instruments shall be:
— verified or calibrated at specified intervals or prior to use against measurement standards traceable to international or national measurement standards. Where no such standards exist, the basis used for calibration or verification shall be retained as documented information;
— identified in order to determine their calibration status;
— safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results.
The organization shall determine if the validity of previous measurement results has been adversely affected when an instrument is found to be defective during its planned verification or calibration, or during its use, and take appropriate corrective action as necessary.
7.1.7 Organizational knowledge
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.
This knowledge shall be maintained, and made available to the extent necessary.
When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access the necessary additional knowledge.
NOTE 1 Organizational knowledge can include information such as intellectual property and lessons learned.
NOTE 2 To obtain the knowledge required, the organization can consider:
a) internal sources (e.g. learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the organization);
b) external sources (e.g. standards, academia, conferences, gathering knowledge with customers or providers).
The organization shall:
a) determine the necessary competence of person(s) doing work under its control that affects its quality performance;
b) ensure that these persons are competent on the basis of appropriate education, training, or experience;
c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;
d) retain appropriate documented information as evidence of competence.
NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re-assignment of currently employed persons; or the hiring or contracting of competent persons.
Persons doing work under the organization’s control shall be aware of:
a) the quality policy;
b) relevant quality objectives;
c) their contribution to the effectiveness of the quality management system, including the benefits of improved quality performance;
d) the implications of not conforming with the quality management system requirements.
The organization shall determine the internal and external communications relevant to the quality management system including:
a) on what it will communicate;
b) when to communicate;
c) with whom to communicate;
d) how to communicate.
7.5 Documented information
The organization’s quality management system shall include
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.
NOTE The extent of documented information for a quality management system can differ from one organization to another due to:
a) the size of organization and its type of activities, processes, products and services;
b) the complexity of processes and their interactions;
c) the competence of persons.
7.5.2 Creating and updating
When creating and updating documented information the organization shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
c) review and approval for suitability and adequacy.
7.5.3 Control of documented Information
18.104.22.168 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
22.214.171.124 For the control of documented information, the organization shall address the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility; c) control of changes (e.g. version control);
d) retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and controlled.
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
8.1 Operational planning and control
The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1, by:
a) determining requirements for the product and services;
b) establishing criteria for the processes and for the acceptance of products and services;
c) determining the resources needed to achieve conformity to product and service requirements;
d) implementing control of the processes in accordance with the criteria;
e) retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements.
The output of this planning shall be suitable for the organization's operations.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
The organization shall ensure that outsourced processes are controlled in accordance with 8.4.
8.2 Determination of requirements for products and services
8.2.1 Customer communication
The organization shall establish the processes for communicating with customers in relation to:
a) information relating to products and services;
b) enquiries, contracts or order handling, including changes;
c) obtaining customer views and perceptions, including customer complaints;
d) the handling or treatment of customer property, if applicable;
e) specific requirements for contingency actions, when relevant.
8.2.2 Determination of requirements related to products and services
The organization shall establish, implement and maintain a process to determine the requirements for the products and services to be offered to potential customers.
The organization shall ensure that:
a) product and service requirements (including those considered necessary by the organisation), and applicable statutory and regulatory requirements, are defined;
b) it has the ability to meet the defined requirements and substantiate the claims for the products and services it offers.
8.2.3 Review of requirements related to products and services
The organization shall review, as applicable:
a) requirements specified by the customer, including the requirements for delivery and post-delivery activities;
b) requirements not stated by the customer, but necessary for the customers' specified or intended use, when known;
c) additional statutory and regulatory requirements applicable to the products and services;
d) contract or order requirements differing from those previously expressed.
NOTE Requirements can also include those arising from relevant interested parties.
This review shall be conducted prior to the organization’s commitment to supply products and services to the customer and shall ensure contract or order requirements differing from those previously defined are resolved.
Where the customer does not provide a documented statement of their requirements, the customer requirements shall be confirmed by the organization before acceptance.
Documented information describing the results of the review, including any new or changed requirements for the products and services, shall be retained.
Where requirements for products and services are changed, the organization shall ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements.
8.3 Design and development of products and services
Where the detailed requirements of the organization’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organization shall establish, implement and maintain a design and development process.
NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes for production and services provision
NOTE 2 For services, design and development planning can address the whole service delivery process. The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 together.
8.3.2 Design and development planning
In determining the stages and controls for design and development, the organization shall consider:
a) the nature, duration and complexity of the design and development activities;
b) requirements that specify particular process stages, including applicable design and development reviews;
c) the required design and development verification and validation;
d) the responsibilities and authorities involved in the design and development process;
e) the need to control interfaces between individuals and parties involved in the design and development process;
f) the need for involvement of customer and user groups in the design and development process;
g) the necessary documented information to confirm that design and development requirements have been met.
8.3.3 Design and development Inputs
The organization shall determine:
a) requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements;
b) applicable statutory and regulatory requirements;
c) standards or codes of practice that the organization has committed to implement;
d) internal and external resource needs for the design and development of products and services;
e) the potential consequences of failure due to the nature of the products and services;
f) the level of control expected of the design and development process by customers and other relevant interested parties.
Inputs shall be adequate for design and development purposes, complete, and unambiguous. Conflicts among inputs shall be resolved.
8.3.4 Design and development controls
The controls applied to the design and development process shall ensure that:
a) the results to be achieved by the design and development activities are clearly defined;
b) design and development reviews are conducted as planned;
c) verification is conducted to ensure that the design and development outputs have met the design and development input requirements;
d) validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known).
8.3.5 Design and development outputs
The organization shall ensure that design and development outputs:
a) meet the input requirements for design and development;
b) are adequate for the subsequent processes for the provision of products and services;
c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable;
d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use.
The organization shall retain the documented information resulting from the design and development process.
8.3.6 Design and development changes
The organization shall review, control and identify changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements.
Documented information on design and development changes shall be retained.
8.4 Control of externally provided products and services
The organization shall ensure that externally provided processes, products, and services conform to specified requirements.
The organization shall apply the specified requirements for the control of externally provided products and services when:
a) products and services are provided by external providers for incorporation into the organization’s own products and services;
b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;
c) a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function.
The organization shall establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements.
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.
8.4.2 Type and extent of control of external provision
In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organisation shall take into consideration:
a) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements;
b) the perceived effectiveness of the controls applied by the external provider.
The organization shall establish and implement verification or other activities necessary to ensure the externally provided processes, products and services do not adversely affect the organisation's ability to consistently deliver conforming products and services to its customers.
Processes or functions of the organization which have been outsourced to an external provider remain within the scope of the organization’s quality management system; accordingly, the organization shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resulting process output.
8.4.3 Information for external providers
The organization shall communicate to external providers applicable requirements for the following:
a) the products and services to be provided or the processes to be performed on behalf of the organization;
b) approval or release of products and services, methods, processes or equipment;
c) competence of personnel, including necessary qualification;
d) their interactions with the organization's quality management system;
e) the control and monitoring of the external provider’s performance to be applied by the organization;
f) verification activities that the organization, or its customer, intends to perform at the external provider’s premises.
The organization shall ensure the adequacy of specified requirements prior to their communication to the external provider.
8.5 Production and service provision
8.5.1 Control of production and service provision
The organization shall implement controlled conditions for production and service provision, including delivery and post-delivery activities.
Controlled conditions shall include, as applicable:
a) the availability of documented information that defines the characteristics of the products and services;
b) the availability of documented information that defines the activities to be performed and the results to be achieved;
c) monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met.
d) the use, and control of suitable infrastructure and process environment;
e) the availability and use of suitable monitoring and measuring resources;
f) the competence and, where applicable, required qualification of persons;
g) the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement;
h) the implementation of products and services release, delivery and post-delivery activities.
8.5.2 Identification and traceability
Where necessary to ensure conformity of products and services, the organization shall use suitable means to identify process outputs.
The organization shall identify the status of process outputs with respect to monitoring and measurement requirements throughout production and service provision.
Where traceability is a requirement, the organization shall control the unique identification of the process outputs, and retain any documented information necessary to maintain traceability.
NOTE Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc.
8.5.3 Property belonging to customers or external providers
The organization shall exercise care with property belonging to the customer or external providers while it is under the organization's control or being used by the organization. The organization shall identify, verify, protect and safeguard the customer’s or external provider’s property provided for use or incorporation into the products and services.
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider.
NOTE Customer property can include material, components, tools and equipment, customer premises, intellectual property and personal data.
The organization shall ensure preservation of process outputs during production and service provision, to the extent necessary to maintain conformity to requirements.
NOTE Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.
8.5.5 Post-delivery activities
As applicable, the organization shall meet requirements for post-delivery activities associated with the products and services.
In determining the extent of post-delivery activities that are required, the organisation shall consider:
a) the risks associated with the products and services;
b) the nature, use and intended lifetime of the products and services;
c) customer feedback;
d) statutory and regulatory requirements.
NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
8.5.6 Control of changes
The organization shall review and control unplanned changes essential for production or service provision to the extent necessary to ensure continuing conformity with specified requirements.
The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.
8.6 Release of products and services
The organization shall implement the planned arrangements at appropriate stages to verify that product and service requirements have been met. Evidence of conformity with the acceptance criteria shall be retained.
The release of products and services to the customer shall not proceed until the planned arrangements for verification of conformity have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. Documented information shall provide traceability to the person(s) authorizing release of products and services for delivery to the customer.
8.7 Control of nonconforming process outputs, products and services
The organization shall ensure process outputs, products and services that do not conform to requirements are identified and controlled to prevent their unintended use or delivery.
The organization shall take appropriate corrective action based on the nature of the nonconformity and its impact on the conformity of products and services. This applies also to nonconforming products and services detected after delivery of the products or during the provision of the service.
As applicable, the organization shall deal with nonconforming process outputs, products and services in one or more of the following ways:
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for:
— use “as-is’;
— release, continuation or re-provision of the products and services;
— acceptance under concession.
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be verified.
The organization shall retain documented information of actions taken on nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformity.
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
The organization shall determine:
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;
c) when the monitoring and measuring shall be performed;
d) when the results from monitoring and measurement shall be analysed and evaluated.
The organization shall ensure that monitoring and measurement activities are implemented in accordance with the determined requirements and shall retain appropriate documented information as evidence of the results.
The organization shall evaluate the quality performance and the effectiveness of the quality management system.
9.1.2 Customer satisfaction
The organization shall monitor customer perceptions of the degree to which requirements have been met.
The organization shall obtain information relating to customer views and opinions of the organisation and its products and services.
The methods for obtaining and using this information shall be determined.
NOTE Information related to customer views can include customer satisfaction or opinion surveys, customer data on delivered products or services quality, market-share analysis, compliments, warranty claims and dealer reports.
9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from monitoring, measurement and other sources.
The output of analysis and evaluation shall be used to:
a) demonstrate conformity of products and services to requirements;
b) assess and enhance customer satisfaction;
c) ensure conformity and effectiveness of the quality management system;
d) demonstrate that planning has been successfully implemented;
e) assess the performance of processes;
f) assess the performance of external provider(s);
g) determine the need or opportunities for improvements within the quality management system. The results of analysis and evaluation shall also be used to provide inputs to management review.
9.2 Internal audit
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system;
a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.
9.2.2 The organization shall:
a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the quality objectives, the importance of the processes concerned, customer feedback, changes impacting on the organisation, and the results of previous audits;
b) define the audit criteria and scope for each audit;
c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
d) ensure that the results of the audits are reported to relevant management;
e) take necessary correction and corrective actions without undue delay;
f) retain documented information as evidence of the implementation of the audit programme and the audit results.
NOTE See ISO 19011 for guidance.
9.3 Management review
9.3.1 Top management shall review the organization's quality management system, at planned intervals, to ensure its continuing suitability, adequacy, and effectiveness.
The management review shall be planned and carried out taking into consideration:
a) the status of actions from previous management reviews;
b) changes in external and internal issues that are relevant to the quality management system including its strategic direction;
c) information on the quality performance, including trends and indicators for:
1) nonconformities and corrective actions;
2) monitoring and measurement results;
3) audit results;
4) customer satisfaction;
5) issues concerning external providers and other relevant interested parties;
6) adequacy of resources required for maintaining an effective quality management system;
7) process performance and conformity of products and services;
d) the effectiveness of actions taken to address risks and opportunities (see clause 6.1);
e) new potential opportunities for continual improvement.
9.3.2 The outputs of the management review shall include decisions and actions related to:
a) continual improvement opportunities;
b) any need for changes to the quality management system, including resource needs.
The organization shall retain documented information as evidence of the results of management reviews.
The organization shall determine and select opportunities for improvement and implement necessary actions to meet customer requirements and enhance customer satisfaction.
This shall include, as appropriate:
a) improving processes to prevent nonconformities;
b) improving products and services to meet known and predicted requirements;
c) improving quality management system results.
NOTE Improvement can be effected reactively (e.g. corrective action), incrementally (e.g. continual improvement), by step change (e.g. breakthrough), creatively (e.g. innovation) or by re-organisation (e.g. transformation).
10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including those arising from complaints, the organization shall:
a) react to the nonconformity, and as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
1) reviewing the nonconformity;
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) make changes to the quality management system, if necessary.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
NOTE 1 In some instances, it can be impossible to eliminate the cause of a nonconformity.
NOTE 2 Corrective action can reduce the likelihood of recurrence to an acceptable level.
10.2.2 The organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.
10.3 Continual improvement
The organization shall continually improve the suitability, adequacy, and effectiveness of the quality management system.
The organization shall consider the outputs of analysis and evaluation, and the outputs from management review, to confirm if there are areas of underperformance or opportunities that shall be addressed as part of continual improvement.
Where applicable, the organization shall select and utilise applicable tools and methodologies for investigation of the causes of underperformance and for supporting continual improvement.
Annex A (informative)
Clarification of new structure, terminology and concepts
A.1 Structure and terminology
The clause structure and some of the terminology of this International Standard, in comparison with ISO 9001:2008, have been changed to improve alignment with other management systems standards.
The consequent changes in the structure and terminology do not need to be reflected in the documentation of an organization’s quality management system.
The structure of clauses is intended to provide a coherent presentation of requirements rather than a model for documenting an organization’s policies, objectives and processes. There is no requirement for the structure of an organization's quality management system documentation to mirror that of this International Standard.
There is no requirement for the terms used by an organization to be replaced by the terms used in this International Standard to specify quality management system requirements. Organizations can choose to use terms which suit their operations (for example: using 'records’, 'documentation’, 'protocols’, etc. rather than “documented information’; or 'supplier’, 'partner’, vendor etc. rather than 'external provider’ ).
Table B.1 — Major differences in terminology between ISO 9001:2008 and ISO 9001:2015
A.2 Products and services
ISO 9001:2008 used the term “product’ to include all output categories. This International Standard uses “products and services”. The term “products and services” includes all output categories (hardware, services, software and processed materials).
The specific inclusion of “services” is intended to highlight the differences between products and services in the application of some requirements. The characteristic of services is that at least part of the output is realised at the interface with the customer. This means, for example, that conformity to requirements cannot necessarily be confirmed before service delivery.
In most cases, the terms “products” and “services” are used together. Most outputs that organizations provide to customers, or are supplied to them by external providers, include both products and services. The organization needs to take into account where, for example, a tangible product has some associated intangible service or an intangible service has some associated tangible product.
A.3 Context of the organization
There are two new clauses relating to the context of the organization, 4.1 Understanding the organization and its context and 4.2 Understanding the needs and expectations of interested parties. Together these clauses require the organization to determine the issues and requirements that can impact on the planning of the quality management system.
The titles of clauses 4.1 and 4.2 provide for alignment with other management system standards. They do not imply extension of quality management system requirements beyond the Scope (Clause 1) of this International Standard.
The Scope states, in part, that this International Standard is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and aims to enhance customer satisfaction. No requirement of this International Standard can be interpreted as extending that applicability without the agreement of the organization.
There is no requirement in this International Standard for the organization to consider interested parties which have been determined by the organization not to be relevant to its quality management system. Similarly, there is no requirement to address a particular requirement of a relevant interested party if the organization considers that the requirement is not relevant. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction.
The organization can decide to determine additional needs and expectations that will assist it to meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this International Standard.
A.4 Risk-based approach
This International Standard requires the organization to understand its context (see clause 4.1) and determine the risks and opportunities that need to be addressed (see clause 6.1).
One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this International Standard does not have a separate clause or sub-clause titled 'Preventive action’. The concept of preventive action is expressed through a risk-based approach to formulating quality management system requirements.
The risk-based approach to drafting this International Standard has facilitated some reduction in prescriptive requirements and their replacement by performance-based requirements.
Although risks and opportunities have to be determined and addressed, there is no requirement for formal risk management or a documented risk management process.
This International Standard no longer makes specific reference to 'exclusions' when determining the applicability of its requirements to the organization’s quality management system. However, it is
recognised that an organization might need to review the applicability of requirements due to the size of the organization, the management model it adopts, the range of the organization’s activities, and the nature of the risks and opportunities it encounters.
Where a requirement can be applied within the scope of its quality management system, the organization cannot decide that it is not applicable. Where a requirement cannot be applied (for example where the relevant process is not carried out) the organization can determine that the requirement is not applicable. However, this non-applicability cannot be allowed to result in failure to achieve conformity of products and services or to meet the organization’s aim to enhance customer satisfaction.
A.6 Documented information
As part of the alignment with other management system standards a common clause on 'Documented Information' has been adopted without significant change or addition (see 7.5). Where appropriate, text elsewhere in this International Standard has been aligned with its requirements. Consequently, the terms “documented procedure” and “record” have both been replaced throughout the requirements text by “documented information”.
Where ISO 9001:2008 would have referred to documented procedures (e.g. to define, control or support a process) this is now expressed as a requirement to maintain documented information.
Where ISO 9001:2008 would have referred to records this is now expressed as a requirement to retain documented information.
A.7 Organisational knowledge
Clause 7.1.5 Organisational knowledge addresses the need to determine and maintain the knowledge obtained by the organization, including by its personnel, to ensure that it can achieve conformity of products and services.
The process for considering and controlling past, existing and additional knowledge needs to take account of the organization’s context, including its size and complexity, the risks and opportunities it needs to address, and the need for accessibility of knowledge. The balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organization, provided that conformity of products and services can be achieved.
A.8 Control of externally provided products and services
Clause 8.4 Control of externally provided products and services addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organization or by any other means.
The organization is required to take a risk-based approach to determine the type and extent of controls appropriate to particular external providers and externally provided products and services.
Annex B (informative) Quality management principles
This document introduces the seven quality management principles on which the ISO portfolio of quality management system standards are based.
The principles were developed and updated by international experts of ISO/TC 176.
This annex provides a “statement” describing each principle and a “rationale” explaining why an organization should address the principle.
B.2 QMP 1 – Customer Focus
The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations.
Sustained success is achieved when an organization attracts and retains the confidence of customers and other interested parties on whom it depends. Every aspect of customer interaction provides an opportunity to create more value for the customer. Understanding current and future needs of customers and other interested parties contributes to sustained success of an organization.
B.3 QMP 2 – Leadership
Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the quality objectives of the organization.
Creation of unity of purpose, direction and engagement enable an organization to align its strategies, policies, processes and resources to achieve its objectives.
B.4 QMP 3 – Engagement of People
It is essential for the organization that all people are competent, empowered and engaged in delivering value.
Competent, empowered and engaged people throughout the organization enhance its capability to create value.
To manage an organization effectively and efficiently, it is important to involve all people at all levels and to respect them as individuals. Recognition, empowerment and enhancement of skills and knowledge facilitate the engagement of people in achieving the objectives of the organization.
B.5 QMP 4 – Process Approach
Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system.
The quality management system is composed of interrelated processes. Understanding how results are produced by this system, including all its processes, resources, controls and interactions, allows the organization to optimize its performance.
B.6 QMP 5 – Improvement
Successful organizations have an ongoing focus on improvement.
Improvement is essential for an organization to maintain current levels of performance, to react to changes in its internal and external conditions and to create new opportunities.
B.7 QMP 6 – Evidence-based Decision Making
Decisions based on the analysis and evaluation of data and information are more likely to produce desired results.
Decision-making can be a complex process, and it always involves some uncertainty. It often involves multiple types and sources of inputs, as well as their interpretation, which can be subjective. It is important to understand cause and effect relationships and potential unintended consequences. Facts, evidence and data analysis lead to greater objectivity and confidence in decisions made.
B.8 QMP 7 – Relationship Management
For sustained success, organizations manage their relationships with interested parties, such as suppliers.
Interested parties influence the performance of an organization. Sustained success is more likely to be achieved when an organization manages relationships with its interested parties to optimize their impact on its performance. Relationship management with its supplier and partner network is often of particular importance.
Annex C (informative)
The ISO 10000 portfolio of quality management standards
The International Standards (and other ISO deliverables) described in this annex have been produced as part of the ISO 10000 portfolio of quality management standards by ISO's Technical Committee ISO/TC 176. These International Standards can provide assistance to organizations when they are establishing or seeking to improve their quality management systems, their processes or their activities.
Table C.1 shows the relationship between these standards and the pertinent clauses of this International Standard.
ISO 10001 Customer satisfaction – Guidelines for codes of conduct provides guidance to an organization in determining that its customer satisfaction provisions meet customer needs and expectations. Its use can enhance customer confidence in an organization and improve customer understanding of what to expect from an organization, thereby reducing the likelihood of misunderstandings and complaints.
ISO 10002 Customer satisfaction – Guidelines for handling complaints provides guidance on the process of handling complaints by recognizing and addressing the needs and expectations of complainants and resolving any complaints received. It provides an open, effective and easy-to-use complaints process including personnel training. It also provides guidance for small businesses.
ISO 10003 Customer satisfaction – Guidelines for external dispute resolution provides guidance for effective and efficient external dispute resolution for product-related complaints. Dispute resolution gives an avenue of redress when organizations do not remedy a complaint internally. Most complaints can be resolved successfully within the organization, without adversarial procedures.
ISO 10004 Guidelines for monitoring and measuring customer satisfaction provides guidelines for actions to enhance customer satisfaction and to identify opportunities for improvement of products, processes and attributes that are valued by customers. Such actions can strengthen customer loyalty and help retain customers.
ISO 10005 Guidelines for quality plans provides guidance on establishing and using quality plans as a means of relating requirements of the process, product, project or contract, to work methods and practices that support product realization. Benefits of establishing a quality plan are increased confidence that requirements will be met, that processes are in control, and the motivation that this can give to those involved.
ISO 10006 Guidelines for quality management in projects are applicable to projects from the small to large, from simple to complex, from an individual project to being part of a portfolio of projects. They are to be used by personnel managing projects and who need to ensure that their organization is applying the practices contained in the ISO portfolio of quality management system standards.
ISO 10007 Guidelines for configuration management is to assist organizations applying configuration management for the technical and administrative direction over the life cycle of a product. Configuration management can be used to meet the product identification and traceability requirements specified in ISO 9001.
ISO 10008 Customer satisfaction — Guidelines for business-to-consumer electronic commerce transactions gives guidance on how organizations can implement an effective and efficient business-to-consumer electronic commerce transaction (B2C ECT) system and thereby provide a basis for consumers to have increased confidence in B2C ECTs; enhance the ability of organizations to satisfy consumers; and help reduce complaints and disputes.
ISO 10012 Guidance for the management of measurement processes provides guidance for the management of measurement processes and metrological confirmation of measuring equipment used to support and demonstrate compliance with metrological requirements. It specifies quality management requirements of a measurement management system to ensure metrological requirements are met.
ISO/TR 10013 Guidelines for quality management system documentation provides guidelines for the development and maintenance of the documentation necessary for a quality management system. This Technical Report may be used to document management systems other than that of ISO portfolio of quality management system standards, for example environmental management systems and safety management systems.
ISO 10014 Guidelines for realizing financial and economic benefits is addressed to top management. It provides guidelines for realizing financial and economic benefits through the application of quality management principles. It facilitates application of management principles and selection of methods and tools that enable the sustainable success of an organization.
ISO 10015 Guidelines for training provides guidelines to assist organizations and addressing issues related to training. It may be applied whenever guidance is required to interpret references to "education" and "training" within the ISO portfolio of quality management system standards. Any reference to "training" includes all types of education and training.
ISO 10017 Guidance on statistical techniques explains statistical techniques which follow from the variability that can be observed in the behaviour and outcome of processes, even under conditions of apparent stability. Statistical techniques allow better use of available data to assist in decision making, and thereby help to continually improve the quality of products and processes to achieve customer satisfaction.
ISO 10018 Guidelines on people involvement and competence provides guidelines which influence people involvement and competence. A quality management system depends on the involvement of competent people and that they are introduced and integrated into the organization. It is critical to identify, develop and evaluate the knowledge, skills, behaviour and work environment required.
ISO 10019 Guidelines for the selection of quality management system consultants provides guidance for the selection of quality management system consultants and the use of their services. It gives guidance on the process for evaluating the competence of a quality management system consultant and provides confidence that the organization's needs and expectations for the consultant's services will be met.
ISO 19011 Guidelines for auditing management systems provides guidance on the management of an audit programme, on the planning and conducting of an audit of the management system, as well as on the competence and evaluation of an auditor and an audit team. It is intended to apply to auditors, organizations implementing management systems, and organizations needing to conduct audits of management systems.
Table C.1 – The relationship of other ISO quality management and quality management system standards (and other deliverables) to the clauses of ISO 9001
NOTE Where specific sub-clauses have not been cited, and instead "All" has been shown, then this indicates that all the sub-clauses to that particular ISO 9001 clause are related to the cross referenced standard.
 ISO 9000, Quality management systems - Fundamentals and vocabulary
 ISO 9004, Managing for the sustained success of an organization - A quality management approach
 ISO 10001, Quality management - Customer satisfaction - Guidelines for codes of conduct for organizations
 ISO 10002, Quality management - Customer satisfaction - Guidelines for complaints handling in organizations
 ISO 10003, Quality management - Customer satisfaction - Guidelines for dispute resolution external to organizations
 ISO 10004, Quality management - Customer satisfaction - Guidelines for monitoring and measuring
 ISO 10005, Quality management systems - Guidelines for quality plans
 ISO 10006, Quality management systems - Guidelines for quality management in projects
 ISO 10007, Quality management systems - Guidelines for configuration management
 ISO 10008 Quality management - Customer satisfaction - Guidelines for business-to-consumer electronic commerce transactions
 ISO 10012, Measurement management systems - Requirements for measurement processes and measuring equipment
 ISO/TR 10013, Guidelines for quality management system documentation
 ISO 10014, Quality management - Guidelines for realizing financial and economic benefits
 ISO 10015, Quality management - Guidelines for training
 ISO/TR 10017, Guidance on statistical techniques for ISO 9001:2000
 ISO 10018, Quality management - Guidelines on people involvement and competence
 ISO 10019, Guidelines for the selection of quality management system consultants and use of their services
 ISO 14001, Environmental management systems - Requirements with guidance for use
 ISO 19011, Guidelines for auditing management systems
 ISO/DIS 37500, Guidance on outsourcing
 IEC 60300-1, Dependability management - Part 1: Dependability management systems
 IEC 61160, Design review ISO/IEC 90003, Software engineering - Guidelines for the application of ISO 9001:2000 to computer software
 Quality management principles, ISO
 Selection and use of the ISO 9000 family of standards , ISO
 ISO 9001 for Small Businesses - What to do, ISO