ISO 9001:2015 applies to any organization, regardless of its type or size, its products or services.
The implementation and certification of a quality management system in accordance with ISO 9001:2015 demonstrate the ability of the organization to consistently provide products and/or services that meet customer and applicable statutory and regulatory requirements, demonstrate the commitment of the organization to enhance customer satisfaction taking into consideration the risks and opportunities associated with its context and objectives in order to improve its long-term overall performance and to achieve the sustainable development goals.
ISO 9001:2015 specifies requirements for a quality management system in order to understand the context of the organization and to determine risks as a basis for planning. The identification of risks and opportunities, but mostly the actions taken to address these risks and opportunities determine the organization performance improvement and the undesired effects prevention.
ISO 9001:2015 is built around the quality management seven principles described in ISO 9000:2015:
- Customer focus;
- Engagement of people;
- Process approach;
- Evidence-based decision making;
- Relationship management.
ISO 9001:2015, structured acordingly to PDCA Cycle („Plan-Do-Check-Act”), promotes the adoption of a process approach to effectively develop, implement and improve a quality management system. The process approach implies a systematic definition and management of processes, and their interactions to achieve the organization objectives in accordance with its quality policy.
ISO 9001:2015 also promotes the adoption of a risk-based thinking that enables the reduction of the prescriptive requirements and their replacement by performance-based requirements, a greater flexibility of these requirements for the processes, documented information and the responsibilities of the organization. One of the main purposes of a quality management system that includes the risk-based thinking is to act as a preventive tool.
The organizations can choose to develop a more extensive risk management methodology than is required by ISO 9001:2015 and for this purpose it can use the standard ISO 31000:2018 “Risk management – Guidelines”.
ISO 9001:2015 has been adopted for the following reasons:
- Update for changes of business environment (sustainable development, globalization, regionalization, customers’ needs and requirements change, informational revolution);
- More applicability for service organizations;
- Integration with other management system standards (environmental, information security management systems etc.);
- Adoption of the new Annex SL (High Level Structure) and its terminology;
- Introduction of new management and quality concepts;
- Use of the revised quality management principles.
ISO 9001:2015 standard has brought important changes to the previous edition, its structure and terminology being in accordance with Annex SL of the ISO/IEC Directives part 1 issued by JTCG (Joint Technical Coordination Group); the annex SL:
- aligns the format, text, terms and definitions used by all management system standards including IWA (International Workshop Agreement) documents;
- allows more specific requirements to be added to each standard.