Important differences between ISO 9001:2015 and ISO 9001:2008

29 Nov 2019
Pauwels Consulting assists companies in Belgium and abroad in setting up and monitoring quality systems and continuously improving business processes. We have a number of experienced ISO 9001 consultants on board to achieve this. Luc Marivoet is one of our quality experts. We interviewed Luc about the publication of the new ISO 9001:2015 standard and the main differences between ISO 9001:2015 and ISO 9001:2008.
What is ISO 9001 ?

Luc: ISO 9001 is the world’s most popular and most commonly used standard for quality management systems.

A standard is not a law, but an agreement or best practice that an organization can apply voluntarily. A standard reflects a good level of professionalism. A quality management system is a tool with which an organization can determine how it can meet the requirements of its customers and the other interested parties that are involved in its activities.

What are the benefits of ISO 9001?

Luc: An ISO 9001 quality management system:

  • shows that you provide products and services of consistent quality;
  • shows that you provide products and services that meet the customer’s requirements, comply with the law and legislation, and meet the organisation’s own requirements;
  • can help you streamline your business processes and continuously improve them.

There are two additional benefits:

  • ISO 9001 helps you increase customer satisfaction;
  • ISO 9001 is positive for your image: you show that you comply with internationally recognised quality standards. This is often a requirement for customers and suppliers to do business with you.
What does the ISO 9001 standard specify?

The most recent ISO 9001:2015 standard is constructed around seven quality management principles:

  1. customer focus;
  2. leadership;
  3. engagement of people;
  4. process approach;
  5. improvement;
  6. evidence-based decision making;
  7. relationship management.

ISO 9001:2015 describes for each part which requirements your products, services and organisation have to meet in order to enjoy the above benefits.

Who determines, checks and manages ISO 9001?

ISO 9001 is managed by the International Organisation for Standardisation (ISO) in Geneva, Switzerland. ISO is an independent membership organisation and the world’s largest developer of voluntary international standards. ISO 9001:2015 was developed by the ISO / TC 176 / SC 2 – Quality Systems Technical Committee.

However, ISO does not provide certification or conformity assessment. This is performed by accredited certification bodies. These are establishments that evaluate an organisation’s management system and certify them with respect to the published standards.

Are you interested in an ISO 9001 workshop by our Quality expert Luc?

I understand that the previous version of ISO 9001 dates from 2008 and that there is now a new version?

That’s right. A new version of ISO 9001 appears about every seven years. It was first issued in 1987: at that time, you had to describe in detail what your business did. What applied in the 1994 version, was ‘say what you do and do what you say’. In the 2000 version, you had to focus on proper processes in order to continually improve and thereby increase your customer satisfaction. There was nothing added in 2008, but it was more precise about the interpretation of the standard. ISO 9001:2015 was published on 23 September 2015.

Do organisations have to move over from ISO 9001:2008 to ISO 9001:2015 immediately?

No. There is a transitional period of three years after the publication of each new version of ISO 9001, during which organisations can adapt their quality management to match the latest version. Organisations must therefore implement the new ISO 9001:2015 standard before 23 September 2018 in order to continue complying with ISO 9001.

What are the main differences between ISO 9001:2008 and ISO 9001:2015?


ISO 9001:2015 has ten clauses instead of eight. The following table shows the relationship of the ISO 9001:2008 clauses to those in the new ISO 9001:2015.

The first three clauses in ISO 9001:2015 are largely the same as those in ISO 9001:2008, but there are considerable differences between ISO 9001:2008 and ISO 9001:2015 from the fourth clause onwards. The last seven clauses are now arranged according to the PDCA cycle (Plan, Do, Check, Act). The following figure shows this.

ISO 9001 2015 plan do check act


Clauses 4, 5, 6 and 7 of ISO 9001:2015 come under PLAN, clause 8 comes under DO, clause 9 comes under CHECK and clause 10 is covered by ACT. With this new arrangement, the new ISO 9001:2015 strives to give additional momentum to the continuous and systematic improvement of processes within organisations.


As a result of the new arrangement in ten clauses, ISO 9001:2015 now has the same unambiguous structure as all standardised management systems, known as a ‘High Level Structure’ (HLS). The core elements of ISO 9001, ISO 14001, ISO 22000, OHSAS 18001, etc. are therefore all the same from now on. This has made the integration of various management systems much simpler. If, for example, an organisation wishes to implement ISO 14001 in addition to ISO 9001, the parts that cover the same topic can easily be seen in the standards.

core elements iso 9001:2015


The ISO 9001:2015 norm puts more emphasis on measuring and properly assessing the input and output of processes. According to ISO 9001:2015, you must closely monitor which articles, information and specifications are involved in the production process. You must also clearly check whether good articles come out of the production process.


ISO 9001:2015 focus


Risk-based thinking has a very important place in ISO 9001:2015. You are now strongly encouraged as an organisation to use risk analysis in order to decide for yourself which challenges you see in the management of your business processes.

Formal risk analysis, familiar to many organisations via FMEA or HACCP techniques, is now standard for everyone. To emphasise their dominance, the concept of ’risk’ occurs forty-eight times in ISO 9001:2015, compared with only three times in ISO 9001:2008.

The addition of risk-based thinking has made the ‘preventive measures’ of ISO 9001:2008 redundant. These preventive measures no longer appear in ISO 9001:2015.


ISO 9001:2015 requires an organisation to construct its quality management system from now on from the specific context within which it is active. This means, among other things, that, as an organisation, you have to take into account the needs and expectations of interested parties and that you evaluate and deal with internal and external strategic questions. You have to show that, as an organisation, you understand and respond to the expectations of all the parties concerned.


In ISO 9001:2008, customers were often named as being the only interested party. This concept has been extended in ISO 9001:2015. Suppliers, personnel, shareholders, legislative bodies, society, internal customers, etc. are now included as interested parties, in addition to customers.

As an organisation, you have to be aware of the importance of these interested parties’ (changing) requirements and standards, and anticipate them in the features of your products and services.

This has always been part of the standard in another form, however. Therefore, it is not expected that organisations will have to implement major changes in this respect. You cannot make or deliver a good product without knowing the requirements and expectations of customers and interested parties in any case. This is the basis of a quality management system.


Are you a Quality or ISO expert looking for a new project?

Then we would love to hear from you!


ISO 9001:2015 also places more emphasis on leadership and management commitment. It requires greater involvement by top managers and business leaders in controlling the quality management system. This way, ISO 9001:2015 is intended to encourage integration and harmonisation with business processes and business strategies. The top management now has to take more responsibility for the effectiveness of the quality management system.

Because ISO 9001:2015 pays more attention to risk management, interested parties and the context of the organisation, the quality management system also fits in better with the needs of the top management. The quality management system is now more than ever a means for being strategically successful by addressing the needs of interested parties and by managing opportunities and threats.

The ‘management representative’ of ISO 9001:2008 was a member of the management committee who had the responsibility and authority for steering the quality management system along the right lines. ISO 9001:2015 does not mention this aspect anymore. The idea behind the change is that quality is a matter for everyone and for all levels within the organisation.


ISO 9001:2015 no longer requires obligatory documented procedures or a quality manual. This is noteworthy. This is now referred to as ‘documented information’ in practically all clauses of ISO 9001:2015. The definition states that it concerns ‘information that the organisation has to control and maintain’. The information can be in any format and come from various sources and media. Diverse forms of evidence or documentation are therefore possible. There is no longer any mention of ‘records’ neither, but of ‘retaining documented information’.


The following table is a brief summary of a number of important changes to the terminology compared with ISO 9001:2008.


ISO 9001:2008 ISO 9001:2015
Products Products and services
Documentation, quality manual, documented procedures, records, instructions Documented information
Work environment Environment for the operation of processes
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product Externally provided products and services
Supplier External provider

This is not an exhaustive list of the differences between ISO 9001:2008 and ISO 9001:2015, but it does show the main points.

How can companies transition from ISO 9001:2008 to ISO 9001:2015?

Assuming that a company is already ISO 9001 certified, I recommend taking the following steps in order to comply with ISO 9001:2015:

iso 9001:2015 7 steps to comply

1. Baseline measurement

Perform a baseline measurement in your organisation. Make a complete overview of the current status of your quality management system and your organisation’s conduct of business.

2. Plan of approach

Draw up a plan based on the baseline measurement. Thanks to this plan, you can take the time to make changes and to implement improvements step by step.

3. Implementation

Implement the changes in accordance with the plan of approach. Incorporate measurement points and milestones.

4. Auditing and process analysis

Measure whether the changes have had the desired effect. Measure the input and output of the processes you consider to be important because they are critical or risky, for example.

5. Certification

Have your organisation certified according to ISO 9001:2015.

6. Communication with interested parties

Show your interested parties not just the certificate, but also show them the results with pride. Let them see how well your organisation manages its processes and continuously improves them.

Is there anything else companies need to know before they get going with ISO 9001 or the new version ISO 9001:2015?

The requirement for formal procedures and a quality manual have been scrapped in ISO 9001:2015, as was stated above. Only relevant information has to be available now.

Organisations that already have an ISO 9001 quality management system do not have to discard their existing procedures and documentation, of course. A good system remains a good system and you will still need a proper structure for your crucial documentation.If something is no longer obligatory, it doesn’t mean that you have to scrap it right away, of course. It’s better to hang on to what you are happy with and what helps your organisation to progress.

Who is Luc Marivoet, our quality expert?

Luc Marivoet is Prevention Counselor & Quality Officer at Pauwels Consulting. He has over 25 years of experience in quality management positions. In these positions, he provided support and supervision in an international context (Europe and Asia). Luc now uses his experience to set up, implement, monitor and follow up certified ISO 9001 quality management systems and Supplier Quality Assurance activities. Luc is currently working at a Belgian engineering office specialized in rail infrastructure and technology for the implementation of an integrated management system (ISO 9001 & ISO 45001). He also teaches QHS Management Systems (ISO 9001 and ISO 45001).
Do you have a question or comment for Luc? Contact Luc here.

Contact us

Do you have any questions for us? Let’s get in touch!

"(Required)" indicates required fields

Maxime van Belle Content Marketeer