Pauwels Consulting assists companies in Belgium and abroad in setting up and monitoring quality systems and continuously improving business processes. We have a number of experienced ISO 9001 consultants on board to achieve this.

Luc Marivoet is one of our quality experts. We interviewed Luc about the publication of the new ISO 9001:2015 standard and the main differences between ISO 9001:2015 and ISO 9001:2008.

Important differences between ISO 9001:2015 and ISO 9001:2008

Luc, can you tell us a little bit about yourself?

Luc: I’m Luc Marivoet, Senior Engineering Consultant. I’ve been working at Pauwels Consulting since January 2013 and I have twenty-five years’ experience of applying quality management systems.

After my studies as a technical engineer, I worked successively as a Quality Test Engineer, Quality Control Manager, Quality Auditor and Quality Manager in various sectors.

At the moment, I am working as an ISO Quality Manager for the service Signalling Projects at Infrabel, the organisation that manages the Belgian rail network’s infrastructure. I am responsible for setting up, implementing, monitoring and maintaining the ISO 9001 certified quality management system.

What is ISO 9001 again?

Luc: ISO 9001 is the world’s most popular and most commonly used standard for quality management systems.

A standard is not a law, but an agreement or best practice that an organisation can apply voluntarily. A standard reflects a good level of professionalism. A quality management system is a tool with which an organisation can determine how it can meet the requirements of its customers and the other interested parties that are involved in its activities.

What are the benefits of ISO 9001?

Luc: An ISO 9001 quality management system:

  • shows that you provide products and services of consistent quality;
  • shows that you provide products and services that meet the customer’s requirements, comply with the law and legislation, and meet the organisation’s own requirements;
  • can help you streamline your business processes and continuously improve them.

There are two additional benefits:

  • ISO 9001 helps you increase customer satisfaction;
  • ISO 9001 is positive for your image: you show that you comply with internationally recognised quality standards. This is often a requirement for customers and suppliers to do business with you.
What does the ISO 9001 standard specify?

The most recent ISO 9001:2015 standard is constructed around seven quality management principles:

  1. customer focus;
  2. leadership;
  3. engagement of people;
  4. process approach;
  5. improvement;
  6. evidence-based decision making;
  7. relationship management.

ISO 9001:2015 describes for each part which requirements your products, services and organisation have to meet in order to enjoy the above benefits.

Who determines, checks and manages ISO 9001?

ISO 9001 is managed by the International Organisation for Standardisation (ISO) in Geneva, Switzerland. ISO is an independent membership organisation and the world’s largest developer of voluntary international standards. ISO 9001:2015 was developed by the ISO / TC 176 / SC 2 – Quality Systems Technical Committee.

However, ISO does not provide certification or conformity assessment. This is performed by accredited certification bodies. These are establishments that evaluate an organisation’s management system and certify them with respect to the published standards.

I understand that the previous version of ISO 9001 dates from 2008 and that there is now a new version?

That’s right. A new version of ISO 9001 appears about every seven years.

It was first issued in 1987: at that time, you had to describe in detail what your business did. What applied in the 1994 version, was ‘say what you do and do what you say’. In the 2000 version, you had to focus on proper processes in order to continually improve and thereby increase your customer satisfaction. There was nothing added in 2008, but it was more precise about the interpretation of the standard. ISO 9001:2015 was published on 23 September 2015.

Do organisations have to move over from ISO 9001:2008 to ISO 9001:2015 immediately?

No. There is a transitional period of three years after the publication of each new version of ISO 9001, during which organisations can adapt their quality management to match the latest version. Organisations must therefore implement the new ISO 9001:2015 standard before 23 September 2018 in order to continue complying with ISO 9001.

What are the main differences between ISO 9001:2008 and ISO 9001:2015?

ISO 9001:2015 HAS TEN CLAUSES INSTEAD OF EIGHT

ISO 9001:2015 has ten clauses instead of eight. The following table shows the relationship of the ISO 9001:2008 clauses to those in the new ISO 9001:2015.

ISO 9001:2008 ISO 9001:2015
0. Introduction 0. Introduction
1. Scope 1. Scope
2. Normative reference 2. Normative reference
3. Terms and definitions 3. Terms and definitions
4. Quality management system 4. Context of the organisation
5. Management responsibility 5. Leadership
6. Planning
6. Resource management 7. Support
7. Product realisation 8. Operation
8. Measurement, analysis and improvement 9. Performance evaluation
10. Improvement

The first three clauses in ISO 9001:2015 are largely the same as those in ISO 9001:2008, but there are considerable differences between ISO 9001:2008 and ISO 9001:2015 from the fourth clause onwards. The last seven clauses are now arranged according to the PDCA cycle (Plan, Do, Check, Act). The following figure shows this.

Plan Do Check Act - Pauwels Consulting

Clauses 4, 5, 6 and 7 of ISO 9001:2015 come under PLAN, clause 8 comes under DO, clause 9 comes under CHECK and clause 10 is covered by ACT.

With this new arrangement, the new ISO 9001:2015 strives to give additional momentum to the continuous and systematic improvement of processes within organisations.

ISO 9001:2015 HAS A HIGH LEVEL STRUCTURE (HLS)

As a result of the new arrangement in ten clauses, ISO 9001:2015 now has the same unambiguous structure as all standardised management systems, known as a ‘High Level Structure’ (HLS).

The core elements of ISO 9001, ISO 14001, ISO 22000, OHSAS 18001, etc. are therefore all the same from now on. This has made the integration of various management systems much simpler. If, for example, an organisation wishes to implement ISO 14001 in addition to ISO 9001, the parts that cover the same topic can easily be seen in the standards.

ISO 9001 2015 Core Elements - Pauwels Consulting

ISO 9001:2015 PUTS MORE FOCUS ON INPUT AND OUTPUT

There is more emphasis in ISO 9001:2015 on measuring and properly assessing the input and output of processes. According to ISO 9001:2015, you must closely monitor which articles, information and specifications are involved in the production process. You must also clearly check whether good articles come out of the production process.

ISO 9001 2015 puts more focus on input and output - Pauwels Consulting

RISK-BASED THINKING IS AT THE CORE OF ISO 9001:2015

Risk-based thinking has a very important place in ISO 9001:2015. You are now strongly encouraged as an organisation to use risk analysis in order to decide for yourself which challenges you see in the management of your business processes.

Formal risk analysis, familiar to many organisations via FMEA or HACCP techniques, is now standard for everyone. To emphasise their dominance, the concept of ’risk’ occurs forty-eight times in ISO 9001:2015, compared with only three times in ISO 9001:2008.

The addition of risk-based thinking has made the ‘preventive measures’ of ISO 9001:2008 redundant. These preventive measures no longer appear in ISO 9001:2015.

CONTEXT OF THE ORGANISATION IMPORTANT IN ISO 9001:2015

ISO 9001:2015 requires an organisation to construct its quality management system from now on from the specific context within which it is active. This means, among other things, that, as an organisation, you have to take into account the needs and expectations of interested parties and that you evaluate and deal with internal and external strategic questions. You have to show that, as an organisation, you understand and respond to the expectations of all the parties concerned.

ISO 9001:2015 AND THE ENGAGEMENT OF INTERESTED PARTIES

In ISO 9001:2008, customers were often named as being the only interested party. This concept has been extended in ISO 9001:2015. Suppliers, personnel, shareholders, legislative bodies, society, internal customers, etc. are now included as interested parties, in addition to customers.

As an organisation, you have to be aware of the importance of these interested parties’ (changing) requirements and standards, and anticipate them in the features of your products and services.

This has always been part of the standard in another form, however. Therefore, it is not expected that organisations will have to implement major changes in this respect. You cannot make or deliver a good product without knowing the requirements and expectations of customers and interested parties in any case. This is the basis of a quality management system.

LEADERSHIP AND COMMITMENT IN ISO 9001:2015

ISO 9001:2015 also places more emphasis on leadership and management commitment. It requires greater involvement by top managers and business leaders in controlling the quality management system.

This way, ISO 9001:2015 is intended to encourage integration and harmonisation with business processes and business strategies. The top management now has to take more responsibility for the effectiveness of the quality management system.

Because ISO 9001:2015 pays more attention to risk management, interested parties and the context of the organisation, the quality management system also fits in better with the needs of the top management.

The quality management system is now more than ever a means for being strategically successful by addressing the needs of interested parties and by managing opportunities and threats.

The ‘management representative’ of ISO 9001:2008 was a member of the management committee who had the responsibility and authority for steering the quality management system along the right lines. ISO 9001:2015 does not mention this aspect any more. The idea behind the change is that quality is a matter for everyone and for all levels within the organisation.

DOCUMENTED INFORMATION

ISO 9001:2015 no longer requires obligatory documented procedures or a quality manual. This is noteworthy. This is now referred to as ‘documented information’ in practically all clauses of ISO 9001:2015.

The definition states that it concerns ‘information that the organisation has to control and maintain’. The information can be in any format and come from various sources and media. Diverse forms of evidence or documentation are therefore possible.

There is no longer any mention of ‘records’ neither, but of ‘retaining documented information’.

DIFFERENT TERMINOLOGY IN ISO 9001:2008 AND ISO 9001:2015

The following table is a brief summary of a number of important changes to the terminology compared with ISO 9001:2008.

ISO 9001:2008 ISO 9001:2015
Products Products and services
Documentation, quality manual, documented procedures, records, instructions Documented information
Work environment Environment for the operation of processes
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product Externally provided products and services
Supplier External provider

This is not an exhaustive list of the differences between ISO 9001:2008 and ISO 9001:2015, but it does show the main points.

How can companies transition from ISO 9001:2008 to ISO 9001:2015?

Assuming that a company is already ISO 9001 certified, I recommend taking the following steps in order to comply with ISO 9001:2015:

6 steps to comply with ISO 9001 2015

1. Baseline measurement

Perform a baseline measurement in your organisation. Make a complete overview of the current status of your quality management system and your organisation’s conduct of business.

2. Plan of approach

Draw up a plan based on the baseline measurement. Thanks to this plan, you can take the time to make changes and to implement improvements step by step.

3. Implementation

Implement the changes in accordance with the plan of approach. Incorporate measurement points and milestones.

4. Auditing and process analysis

Measure whether the changes have had the desired effect. Measure the input and output of the processes you consider to be important because they are critical or risky, for example.

5. Certification

Have your organisation certified according to ISO 9001:2015.

6. Communication with interested parties

Show your interested parties not just the certificate, but also show them the results with pride. Let them see how well your organisation manages its processes and continuously improves them.

Is there anything else companies need to know before they get going with ISO 9001 or the new version ISO 9001:2015?

Luc MarivoetThe requirement for formal procedures and a quality manual have been scrapped in ISO 9001:2015, as was stated above. Only relevant information has to be available now.

Organisations that already have an ISO 9001 quality management system do not have to discard their existing procedures and documentation, of course. A good system remains a good system and you will still need a proper structure for your crucial documentation.

If something is no longer obligatory, it doesn’t mean that you have to scrap it right away, of course. It’s better to hang on to what you are happy with and what helps your organisation to progress.

Thank you for this interesting conversation, Luc.

Questions or more information?

Do you have any questions about quality systems, ISO 9001, ISO 9001:2015 or the transition from ISO 9001:2008? Then contact us without obligation on +32 9 324 70 80 or at contact@pauwelsconsulting.com. We will be pleased to help you!

Stay up to date

Did you find this interview interesting? Thank you for sharing it with your network. Would you like to read more of this sort of articles? Then subscribe below to our free newsletter.

82 replies
  1. abraham beckers says:

    Hi Luc,

    Your article is extensive and complete and very clear. Thanks a lot for the update about what to do next.

    Q
    Do you think ISO is become too prescriptive/technical in the sense that SIPOC which we know from Six Sigma is more or less a must?
    I do agree that it makes life a lot easier when one can identify the red line e.g. focus on the added value-

    Reply
    • Pauwels Consulting says:

      Hi Abraham,

      I personally find that the ISO 9001: 2015 has become more pragmatic and more in line with contemporary business practices.

      Unlike the ISO/TS 16949 (automotive) or ISO 9100 (space), the ISO 9001:2015 does not impose any process management methodologies. But thinking in terms of processes and systems, it is raised to a higher level in the ISO 9001:2015. So process management methodologies like SIPOC or Turtle Diagram are definitely the right tools in defining and documenting processes.

      Kind regards, Luc.

      Reply
  2. S.K Roy says:

    I learned a lot from this blog post. Thanks for sharing valuable difference between ISO 9001:2015 and ISO 9001:2008 with all the visitors.

    Reply
  3. Santosh Bhosale says:

    Hi
    Good article.. But many of the questions about the transition are unanswered.. E.g. we have talked of only SIPOC.. as a tool for process based approach.

    There are many other tools which one need to deploy like for risk management tools like SWOT, FMEA, Fault tree analysis, PESTEL analysis etc.. are must..
    If the organisation is not measuring the critical processes, deployment of Balanced score card as a tool is must..
    For process improvement organisations need to deploy lean , six sigma, toc , methods, tools and techniques..
    So ISO needs to be more prescriptive in the sense so that the standard can be audit-able and add more value for the organisations..

    Reply
    • Luc Marivoet says:

      Dear Santosh,

      Thank you for your comment.

      You are absolutely right. There are indeed more risk management tools than the ones mentioned in the article. I only mentioned ‘FMEA’, ‘HACCP’ or ‘SIPOC’ techniques as general examples.

      I also agree that the ISO 9001:2015 should be more prescriptive. This would make audits a lot easier. However, not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives.

      And the effects of uncertainty are not the same for all organizations. That is why the ISO 9001:2015 give no requirements for formal risk management methods or documented risk management processes.

      Organizations can decide whether or not to develop a more extensive risk management methodology than is required by the ISO 9001:2015.

      Kind regards, Luc Marivoet

      Reply
  4. VITTHAL JAGTAP says:

    THANKS,

    Good article..Thanks and appreciate your genuine effort.
    Regards
    VITTHAL JAGTAP
    Reply

    Reply
  5. RR Iyer says:

    Even though 9001-2015 version says less document it is same as before. Instead of saying documents like manual, procedure, work instruction, the new version says documented information.
    Planning and risk based thinking are given more importance rightly so

    Reply
    • Luc Marivoet says:

      Dear,

      Thank you for your comment.

      In my opinion it does not mean, the same documentation as before. The ISO 9001:2015 requires you to maintain documentation, but actually, these are limited and can be in any format and can come from various sources and media. Its flexibility means that you will be able to find a way of using it that fits your organization without requiring unnecessary paperwork.

      But as I have already mentioned in the article, organizations that already have an ISO 9001 quality management system do not have to discard their existing procedures and documentation, of course. A good system remains a good system and you will still need a proper structure for your crucial documentation.

      Kind regards, Luc Marivoet

      Reply
      • RR Iyer says:

        Thank you very much for your reply.
        It took quite some time (years) in developing current system. Organisations will improve when they add the additional requirement to the existing system, for example when measurable out put is introduces to the process

        Reply
  6. Sandy says:

    Good morning:

    May I get a clarification please? Is a Supplier Survey required if the supplier is ISO and/or AS certified? Specifically, the Industrial Specific Key Control section regarding FOD, ESD and counterfeit part prevention?

    Any information on this would be most appreciated.

    Thank you!!!

    Reply
    • Luc Marivoet says:

      Hello Sandy,

      thank you for your reaction.

      To come back to your question … That you must decide by yourself.

      I quote ISO 9001:2015 “The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements.” So, the ISO 9001 standard sets the parameters, but it leaves the details open for each individual organization to set their criteria. Because you decide who, what and how a supplier directly affects the conformance and the quality of your products and services.

      ISO 9001:2015 does not prescribe also why you should evaluate and assess your suppliers, but there are several common sense reasons why you should: a new product or service, cost, compliance, financial stability, quality history, on-time delivery, ESD and counterfeit part prevention (your examples), etc. You as an organization are going to determine what characteristics a supplier needs to have, demonstrate, or maintain to become a supplier for your company.

      Important to know: If a supplier is ISO 9001 certified it means that the supplier has established a systematic approach to quality management to ensure that your needs are clearly understood, agreed and fulfilled. However an ISO 9001 certification is NOT a declaration or statement of product or service conformity!

      Kind regards, Luc Marivoet

      Reply
  7. ghanshyam pandey says:

    Dear Sir,

    Thanks
    Your understanding of QMS is fantastic and I am a novice. I have an ISO 9001 certification in my company but need to upgrade to AS 9100. Since the latter has IS 9001- 2008 enshrined within, do I have to now incorporate IS 9001-2015 in our new manual? Could you kindly guide me as to how I can handle this transition smoothly.

    With deep regards

    Reply
    • Luc Marivoet says:

      Hello Ghanshyam,

      Thank you for your reaction.

      The AS 9100 includes ISO 9001 Quality Management Systems requirements and specifies additional requirements for the Quality Management Systems for Aviation, Space and Defense Organizations. However, currently the AS 9100 includes the ISO 9001:2008 Quality Management Systems requirements.

      It is expected that a revised version of AS 9100, based on ISO 9001:2015, will be published at the end of this year.

      Therefore, companies are urged to refrain from upgrading their Quality Management System until after the AS 9100 revision is released. The ISO 9001:2015 have eliminate some of the requirements of the current version of AS 9100. So if your company upgrade to ISO 9001:2015 before the AS 9100:2016 is released, your company’s Quality Management System likely would not comply with AS 9100’s requirements!

      All organizations currently certified to AS 9100 will need to transition to the new version of the standard by 14th September 2018.

      Kind regards, Luc Marivoet

      Reply
  8. Kelly Sisson says:

    From studying myself standards and having done internships are different organizations, I have come to the conclusion that ISO is a must to comply with quality in every aspect today. Without ISO implementation organizations can barely ensure quality for anybody.

    Reply
    • Luc Marivoet says:

      Hi Kelly,

      Thank you for your reaction.

      You do not need to convince me, I am fully agreed with you. But the basic rule to implement an ISO Quality Management System into an organization remains the same: you should not only implement it to meet the requirements of customers, but because the whole organization is convinced of the benefit … otherwise it makes no sense.

      Kind regards, Luc Marivoet

      Reply
  9. James Anderson says:

    I work for a finisher that services the automotive industry and with the upcoming changes to 16949 we are considering switching to ISO 9001-2015 for at least a year to prepare for the IATF 16949-2016. It is difficult however to find online the differences between TS 16949 and ISO 9001-2015, your article was the most in depth description of 2015 in comparison to previous versions that I have found thus far. Do you know of any significant difficulties we would have in transitioning from TS 16959 to ISO 9001-2015? Also, for a company that is a Tier 2 to 3 automotive supplier but purely a finisher, would it be recommended to remain TS or change to ISO?

    Reply
    • Luc Marivoet says:

      Hi James,

      Thank you for your reaction.

      Previously, the technical requirements to implement a uniform Quality Management System in the automotive sector were defined in the ISO/TS 16949:2009 standard (jointly developed by the ISO and the International Automotive Task Force “IATF”).
      However the ISO/TS 16949:2009 is now replaced by a new standard: IATF 16949:2016 (since October 2016).
      The IATF 16949:2016 is no longer an international (ISO) standard or “stand-alone” standard for Quality Management Systems, but must be implemented as a supplement to, and in conjunction with ISO 9001:2015. So you need to implement an ISO 9001 Quality Management System!
      The IATF 16949:2016 will directly link to ISO 9001:2015, however the contents of ISO 9001 is not visible anymore in the text but it contains only the additional requirements for a Quality Management System in the automotive sector.
      Key changes are:
      • Risk-based thinking
      • Integration of customer-specific requirements
      • First and second party auditor competency
      • Product safety
      • Manufacturing feasibility
      • Warranty Management
      • Development of products with embedded software

      Kind regards, Luc Marivoet

      Reply
  10. Jayashantha Perera says:

    Thanks Luc ,for your very clear presentation of changes from 2008 to 2015 version ..Let me ask you a question ..i.e on HR aspects …how about performance appraisal of key categories of employees .I think it was included in 2008 version..but not in the new version

    Reply
    • Luc Marivoet says:

      Hi Jayashantha,

      Thank you for your reaction.

      There was or there is no specific reference to the words “performance appraisal” (of key categories of employees) in ISO 9001:2008 or ISO 9001:2015.

      However, you need to “determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the quality management system” and “ensure that these persons are competent on the basis of appropriate education, training, or experience”. And “where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken”, in accordance with §7.2 “Competence” of the ISO 9001:2015.

      This will be met in the recruitment process: by creation the job specifications that indicate clearly the skills and qualifications required for the job and thereafter, the recruitment of a competent person. But once recruited, it is necessary to ensure that the person is actually demonstrating those skills. And if it is necessary, actions are taken by providing education and/or training.

      Kind regards, Luc Marivoet

      Reply
    • Luc Marivoet says:

      Dear Wagih,

      Thank for your reaction.

      First of all, there are no direct requirements for a Quality Manager or Quality Management Team in ISO 9001:2015.

      However there are many required activities that fit well with the traditional role, e.g. managing the risks and opportunities for product quality, monitoring the quality objectives and report this to Top management, verification of the products and services according to customer requirements, planning and execution of internal audits, managing the nonconformities and validation of the corrective actions ….

      But to appoint a Quality Manager or a Quality Management Team depends on the size of the company. You cannot expect that a small company of 20 people have a Quality Management Team. In contrast, big companies will have the advantage to work with a Quality Management Team, managed by the Quality Manager.

      Kind regards, Luc Marivoet

      Reply
  11. H.L.A.Wanigasekera says:

    Hi Luc,
    This article by you is very descriptive and easily understandable.Thanks for the good work.
    Wanigasekera
    SriLanka

    Reply
  12. HACKLY F. CHIKATHINA says:

    If the company have the certificate of ISO 9001:2008 and they receive the mail that the Auditors will come next month and that Audit will be conducted to ISO 9001:2015 but that company will not yet change the system for ISO 9001:2008 to ISO 9001:2015. How can the company reply that mail.

    Reply
    • Luc Marivoet says:

      Dear Hackly,

      Thanks for your question.

      This can be your answer: Our current ISO 9001:2008 certificate is valid until [see validity date on your certificate], so our quality management system can only be audited in accordance with the requirements of ISO 9001:2008. There is no requirement to switch immediately to an ISO 9001:2015 quality management system. We just need to take into account the transition period of 3 years (September 2018) or the expiry date of our current certificate.
      So you are welcome to execute an audit, but you cannot identify deviations according to the ISO 9001:2015 standard, because that is in contradiction with the standard of our current quality management system.

      Kind regards, Luc Marivoet

      Reply
  13. S.Venkatesh says:

    Hi Luc,

    Hope you are doing good.

    Having following queries to clarify, kindly help me

    1) Our company is already certified to ISO 9001:2008 by TUV India but the certificate expired on Dec 2016.

    2) So do we actually need to switch to ISO 9001:2015 certification & implementing them now or can we wait untill Sep 2018.

    3) Otherwise should we continue re-certification of ISO 9001:2008 currently.

    Thanks in advance.

    Regards
    Venkatesh

    Reply
    • Luc Marivoet says:

      Dear Venkatesh,

      Thanks for your question.

      The International Accreditation Organization (IAF) in cooperation with ISO/TC 176/SC 2/WG 23 prepared a guidance for the transition from ISO 9001:2008 to ISO 9001:2015. Here is a summary of the major points:

      • The IAF and the ISO Committee on Conformity Assessment (CASCO) have agreed to a 3 year transition period from the publication date of ISO 9001:2015.
      • The transition period will start in September 2015 (publication of ISO 9001:2015), so from this date the certification according to ISO 9001:2015 is already possible.
      • The transition period will ends in September 2018, so from this date the certificates based on ISO 9001:2008 are no longer valid.
      • 18 months after publication of the ISO 9001:2015, which is March 2017, it is not possible anymore to do certification according to ISO 9001:2008.
      • From March 2017 you can do only a certification based on ISO 9001: 2015.

      As your certificate is already expired from December 2016, you can only start a new certification according to ISO 9001:2015.

      Kind regards, Luc Marivoet

      Reply
  14. M.V. Krithivasan says:

    ISO 9001:2015 Clause 8.1 Operational planning and control – what is the appropriate title for this term “provision of products and services” for construction industry that can be used in the Quality manual of a Building Contracting Company?

    Reply
    • Luc Marivoet says:

      Dear Krithivasan,

      Thanks for your question.

      Whether an output of the organization (company) is a product or a service depends on the preponderance of the characteristics involved, e.g. a building for sale is a product whereas receiving an order and the delivery or handover of a building is part of a service.

      So according to §8.1 of ISO 9001:2015, the organization shall plan, implement and control the processes needed to meet the requirements for the provision of products (requirements for the building) and services (requirements for the order or handover of the building).

      I hope this is an answer to your question.

      Kind regards, Luc Marivoet

      Reply
  15. Jean Daniel says:

    Hi Luc,

    Thank you for this great information. Just need a clarification – you mentioned of a “transitional period of 3 years after the publication of each new version of ISO 9001” and that “Organizations must therefore implement the new ISO 9001:2015 before 23 Sept 2018 in order to comply with ISO 9001.”

    A company has ISO 9001:2008 certificate which will expire on Sept 14, 2018. Does this mean that the company needs to transition to ISO 9001:2015 before Sept 23, 2018? Or can the company remain and renew its ISO 9001:2008 before it expires on Sept 2018?

    If you could reply soonest, that will be much appreciated. Thank you.

    Reply
    • Luc Marivoet says:

      Dear Jean,

      Thanks for your question.

      If the ISO 9001:2008 certificate expire on September 14th 2018, it is impossible to renew it. They can only start a new certification according to ISO 9001:2015. See point d) and e) of the summary below.

      The International Accreditation Organization (IAF) in cooperation with ISO/TC 176/SC 2/WG 23 prepared a guidance for the transition from ISO 9001:2008 to ISO 9001:2015. Here is a summary of the major points:

      a) The IAF and the ISO Committee on Conformity Assessment (CASCO) have agreed to a 3 year transition period from the publication date of ISO 9001:2015.
      b) The transition period will start in September 2015 (publication of ISO 9001:2015), so from this date the certification according to ISO 9001:2015 is already possible.
      c) The transition period will ends in September 2018, so from this date the certificates based on ISO 9001:2008 are no longer valid.
      d) 18 months after publication of the ISO 9001:2015, which is March 2017, it is not possible anymore to do certification according to ISO 9001:2008.
      e) From March 2017 you can do only a certification based on ISO 9001: 2015.

      Kind regards, Luc Marivoet

      Reply
    • Luc Marivoet says:

      Dear Raj,

      Thanks for your comment.

      I do not fully agree with you. The new ISO 9001:2015 is really a powerful Management tool. Where previously there was quite often criticism that the ISO 9001 leads to many procedures and a lot of administration as means of securing, the ISO 9001:2015 has now evolved into a powerful tool that helps management in establishing frameworks and helps in the strategy of the company. A good example is the context analysis: [1] an organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and [2] an analysis of the needs and expectations of their stakeholders.

      But unfortunately you have fraudsters everywhere and every system is as strong as its weakest link. So check first if those certification bodies are accredited. Accreditation is not compulsory, but it does provide independent confirmation of competence. In case they are, you can inform the national accreditation body in your country of the fraud.

      Kind regards, Luc Marivoet

      Reply
  16. Reuben says:

    Hi Luc!

    Enjoyed perusing your informative post. It is definitely a good primer. A small question to you.

    What period of implementing ISO 9001:2015 standard would ideally be okay for a certification audit to that standard.

    Thanks,
    Reuben

    Reply
    • Luc Marivoet says:

      Dear Reuben,

      Thank you for your comment.

      To come back to your question … The period of implementing an ISO 9001:2015 quality management system for a certification audit depends on the current state of affairs of your quality management system and the complexity of your organization. For example: do you have already a certified ISO 9001:2008 quality management system? Then it will take less time than when the quality management system has to be built from zero.

      Therefore it is very important to execute first a gap analysis assessment in order to compare the current status of your quality management system to what ISO 9001:2015 requires, and identifies the gaps between what is there already and what is not.

      Pauwels Consulting can execute quickly and efficiently a gap analysis assessment in your organization. Based on the results of the gap analysis a realistic planning and resources will be proposed for the implementation, verification and validation of your quality management system in accordance with the ISO 9001:2015 requirements. Important: a verification and validation period should not be overlooked, because your organization must comply with a three-month period of proof before you can start with certification!

      Would you like more information? Then do not hesitate to contact us, without obligation. Our ISO 9001 team at Pauwels Consulting will be pleased to help you.

      Kind regards, Luc Marivoet

      Reply
  17. Jaganath Harihar says:

    Hello Luc,

    Great Article. It gives a clear insight into differences between ISO 9001-2008 and ISO 9001-2015. I had following queries:
    1) The ISO Certification from Non-accredited bodies is much cheaper compared to certification from Accredited bodies. Is it only cost factor ? Your reccommendation please.
    2) UKAS, Australia AS- How different they are ?

    Thanks,

    Reply
    • Luc Marivoet says:

      Dear Jaganath Harihar,

      Thank you for your comment. To come back to your questions:

      1) Is the price important? Of course, but price is not everything. You must consider also the following: How many / which companies in your sector they have certified? ; What is their reputation? ; What is the experience of the auditors (sector experience, years of experience as auditor, language)?

      Accreditation, on the other hand, is the formal recognition by an authoritative body of the competence to work to specified standards. It provides independent confirmation of expertise (competence), impartiality, independence and improvement culture of certification bodies. I recommend cooperating with accredited certification bodies.

      2) UKAS (The United Kingdom Accreditation Service) is the national accreditation body for the UK. Its role is to assess organizations that are providing testing, inspection, calibration and certification services (certification bodies) against internationally recognized standards. They are not a certification body.

      Australia AS, on the other hand, is the Australian Bureau for Standardization. Their expertise and main responsibility is the development and adoption of standards in Australia. They also facilitate Australian participation in international standards development. They are not an accreditation body or certification body.

      Kind regards, Luc Marivoet

      Reply
  18. Rama Chandra Rao Padi says:

    Hi Luc Marivoet

    Thank you for your Clear and informative article on how to transform ISO 9001:2008 to ISO 9001:2015. It was very helpful.

    Thanks & Regards,
    Rama Chandra Padi

    Reply
  19. Fırat Köricekli says:

    Hi Luc Marivoet

    Thank you for your Clear and informative article on how to transform ISO 9001:2008 to ISO 9001:2015. It was very helpful.
    I have a simple question,in new standards clause 6.3,do we have to prepare procedure? Actually i did not understand what does the clause 6.3 mean.Would you be kind of you giving small explanation about that clause?

    Reply
    • Pauwels Consulting says:

      Dear Firat,

      Thank you for your comment. To come back to your question:

      There is no any requirement to prepare a procedure. The intent of §6.3 is to determine the need for changes to your QMS in order to adapt to changes in your business environment, as well as to ensure that any proposed changes are planned, introduced and implemented in a controlled manner.

      The need for changes can be determined in different ways: from audit results, reviews of nonconformities, changing of process methods, using new ICT for a service or process…

      The purpose of planning the change is to maintain the integrity of the QMS and the organization’s ability to continue to provide conforming products and services during the change. Therefore you should consider actions that could reduce the potential for negative impacts of the change, for example: plan performance tests and validation before full implementation. The level of planning and action required will vary depending on the potential consequence(s) of the change.

      Kind regards, Luc Marivoet

      Reply
  20. Umer Qadeer says:

    Dear Luc,

    I hope you are doing good..!!

    This is a comprehensive and a good article by you. I want to know that being certified of ISO 9001:2008, what practical steps we need to take for transition from ISO 9001:2008 to ISO 9001:2015. From where to start the process..!!

    Reply
    • Luc Marivoet says:

      Dear Umer Qadeer,

      Thank you for your comment.

      To come back to your question … It is very important to execute first a gap analysis assessment in order to compare the current status of your quality management system to what ISO 9001:2015 requires, and identifies the gaps between what is there already and what is not.

      Pauwels Consulting can execute quickly and efficiently a gap analysis assessment in your organization. Based on the results of the gap analysis a realistic planning and resources will be proposed for the implementation, verification and validation of your quality management system in accordance with the ISO 9001:2015 requirements. Important: a verification and validation period should not be overlooked, because your organization must comply with a three-month period of proof before you can start with certification!

      Would you like more information? Then do not hesitate to contact us, without obligation. Our ISO 9001 team at Pauwels Consulting will be pleased to help you: contact@pauwelsconsulting.com

      Kind regards, Luc Marivoet

      Reply
  21. Vijay Kadadi says:

    Right now we have the Certification ISO:9001:2008 . I want to know what would be the changes/ updates for System Admin , Purchase & Local Vendor Management department in ISO 9001:2015 .

    Reply
    • Luc Marivoet says:

      Dear Vijay Kadadi,

      Thanks for your question.

      System Admin.: ISO 9001:2015 no longer requires mandatory documented procedures or a quality manual. You decide which documented procedures or work instructions are necessary, because it is depending on the size of your organization, type of activities, competence of persons, complexity of processes, products and services. Of course organizations that already have an ISO 9001 quality management system do not have to discard their existing procedures and documentation, of course. A good system remains a good system and you will still need a proper structure for your crucial documentation. However the documented information must be controlled to ensure that is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity) and the documented information retained as evidence of conformity must be protected from unintended alterations.

      Purchase & Local Vendor Management: Your organization must determine the controls to be applied when products and services are provided directly to the customers by external providers on behalf of your organization. Your organization need to take care concerning the communication to the external provider, e.g. requirements for the products and services, the requirements for the approval and release of products and services, the requirements for competency and required qualification of persons, the requirements of the external provider’s interactions with your organization, the requirements for the control and monitoring of the external provider’s performance to be applied by your organization.

      Kind regards, Luc Marivoet

      Reply
  22. ahmed maaty says:

    thank you for your clarification the difference ,and how the company transition from iso 9001/2008 to iso 9001/2015 hope you provide us with more information about the improvement and the required measurements .

    Reply
  23. bayan ghannam says:

    Hi

    i am really interested in learning iso 9001
    how should i start ? which courses i should take first !?

    Reply
    • Luc Marivoet says:

      Dear Bayan Ghannam,

      First go to a basic training course about ISO 9001:2015. There you will learn the scope and the requirements of the ISO 9001 standard, and the consequences for your organization. Later you can follow a course for internal auditor ISO 9001:2015. The rest is practical experience, for example by working in a company that is ISO 9001 certified. That is how I built up my experience.

      Kind regards, Luc Marivoet

      Reply
  24. Md. Yusuf Ali says:

    This is really helpful blog ever.I have learned something easy explanation way. Thanks
    Can you give me a PDF link to ISO 9001:2015.

    Reply
    • Luc Marivoet says:

      Dear Yusuf Ali,

      Thanks for your comment.

      ISO standards are protected by copyright, and they are licensed by the Belgian Bureau for Standardization to me or Pauwels Consulting. We cannot reproduce or publish its contents either wholly or partly, nor make it available either temporarily or permanently to third parties.

      Pauwels Consulting is an integer and reliable company and we respect copyright, so we cannot give you a copy of the ISO 9001:2015 standard. You can purchase this standard via ISO or your local Bureau for Standardization.

      Kind regards, Luc Marivoet

      Reply
    • Luc Marivoet says:

      Dear,

      Thanks for your comment.

      For the time being, there are no plans to start a blog for Energy Management Systems – ISO 50001. However it does not mean that the focus on energy is not important for Pauwels Consulting.

      With kind regards, Luc Marivoet

      Reply
  25. Srinivasan K says:

    Dear Luc,

    My organisation is certified for both ISO 9001:2008 and ISO 27001:2013. My understanding is, most of the ISO 9001:2015 requirements are covered in ISO 27001:2013 as well. So, I am of the view that there is not a need to renew our ISO 9001 certification for 2015 standard.

    Appreciate your feedback.

    Regards

    Reply
    • Luc Marivoet says:

      Dear Srinivasan,

      If you not renew your ISO 9001 certification, you will not be certified anymore for your organization’s Quality Management System. The ISO 27001 certification covers only the requirements of your Information Security Management System (ISMS).

      Both are of course management systems, but the scope is different:

      • The ISO 9001 requires that you need to demonstrate yours ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
      • While ISO 27001 requires that you systematically examine your organization’s information security risks, taking account of the threats, vulnerabilities, and impacts. And that you design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment to address those risks that are deemed unacceptable; and adopt an overarching management process to ensure that the information security controls continue to meet your organization’s information security needs on an ongoing basis.

      I propose to go for an Integrated Management System (IMS), because both standards have the High Level Structure (HLS). The core elements of ISO 9001 and ISO 27001 are the same and it will integrates all of your organization’s systems and processes into one complete framework. So you will have one management system with unified objectives.

      Whatever you decide to do, success with it!

      Kind regards, Luc Marivoet

      Reply
  26. dipak jha says:

    Dear LUC
    i am a lead auditor in QMS EMS and OHSAS
    because of my basic qualification being i generally confine my
    auditing to mining industry in india
    is their any guide line for audit of mines and services

    Reply
  27. Pauwels Consulting says:

    Dear Dipak Jha,

    I have no experience with the mining industry. However I know two principles or guidelines that can be used for auditing / certification in the mining industry (source: SGS).

    (1) WRAP-audits: The Worldwide Responsible Accredited Production (WRAP) principles are core standards for the production facilities participating in the WRAP Certification Program. The WRAP principles include 12 elements: Compliance with Laws and Workplace Regulations, Freedom of Association and Collective Bargaining, Prohibition of Harassment or Abuse, Prohibition of Discrimination, Prohibition of Forced Labor, Prohibition of Child Labor, Compensation and Benefits, Hours of Work, Health and Safety, Customs Compliance, Environment & Security. The objective is to independently monitor compliance with these socially responsible global standards for manufacturing and ensure that manufactured products are produced under lawful, humane and ethical conditions.

    (2) SMETA-audits: It is an audit procedure which is a compilation of good practice in ethical audit technique. It is not a code of conduct, a new methodology, or a certification process. The SMETA documents are designed to be used by experienced auditors in line with current established practices. SMETA methodology uses the ETI code and local law as the measurement tool. It includes 4 modules: Health and safety, Labour standards, Environment (optional) & Business ethics (optional).

    Kind regards, Luc Marivoet

    Reply
  28. Bernie Gillespie says:

    Great read Luc,
    Informative !
    Question,
    I have just taken on the role of QM for a small company here in Canada, their previous QM left the organization suddenly. We have our 9001:2015 audit coming up in less then 2 months. I have never taken on this task before , though I have much experience from a user point of view regarding ISO Operations standards. We make tiny metal pieces for various mechanical applications. I don’t know a lot about the ins and outs of the fabricating processes involved.
    Is there something I can focus on to help us pass our audit ? Is there anything specific I do help us get ready for our audit ?
    The books are not current ,though they do pass every 6 month audit. Are we in serious trouble? If we do not pass , what happens next ?
    Thank you for your time

    Reply
    • Pauwels Consulting says:

      Thanks for your comment.

      To come back to your question … That you pass every 6 months an audit, does not give you any guarantee, because those audits are only based on the ISO 9001:2008. Even the ISO 9001:2015 is not a revolution, but more an evolution of the standard, without experience or professional support it will be not easy for you company to get the new certification in two months.

      Keep in mind that you must concentrate on the context and stakeholder analysis. The top management of your company must show leadership. Risk management and knowledge management must be implemented in your organization and before certification you must have performed internal audits and a management review according to ISO 9001:2015. But no worries, we can help you with this if you want.

      Pauwels Consulting can execute quickly and efficiently a gap analysis assessment in your organization. Based on the results we can support you with the implementation, verification and validation of your quality management system in accordance with the ISO 9001:2015 requirements. Would you like more information? Do not hesitate to contact us, without obligation. Our ISO 9001 team at Pauwels Consulting will be pleased to help you: contact@pauwelsconsulting.com

      Kind regards, Luc Marivoet

      Reply
  29. Jamosah Verave says:

    Dear Luc,

    I have recently been appointed as QA Manager and we have the audit coming up recertification audit for ISO9001:2008 coming up ( mentioned as June). I have gone through with what was done. We have a GAP analysis documented but not executed. . Quality Manual still reflects ISO 9001:2008 structure which I am updating now. Is the audit going to be focused on the transition to ISO9001:2015? for our GAP documentation and implementation verification – what will I be expecting from the auditors. please assist on what I can expect from the audit to prepare.
    your prompt response will be much appreciated,

    regards,
    Jamosah

    Reply
    • Pauwels Consulting says:

      Dear Jamosah,

      A recertification audit for ISO 9001:2008 can no longer be performed, because 18 months after publication of the ISO 9001:2015, it is no longer possible to refer to ISO 9001:2008. From March 2017, you can only do a (re)certification according to the requirements of ISO 9001:2015.

      To comply with ISO 9001:2015, you must concentrate on the context and stakeholder analysis. The top management of your company must show leadership. Risk management (risk-based thinking) is essential for achieving an effective Quality Management System. Also, knowledge management must be implemented in your organization. And, before (re)certification, you must have performed internal audits and a management review according to ISO 9001:2015.

      Kind regards,

      Luc Marivoet

      Reply

Trackbacks & Pingbacks

  1. […] in a nutshell, the significant changes brought about by the 2015 revision of the ISO are as […]

  2. […] ‘What are the main differences between ISO 9001:2008 and ISO 9001:2015?’ not only tabulates the 10 clauses of the revised standard in comparison to the previous version, but also has visually presented the arrangement of clauses 4 through 10 according to PDCA cycle: […]

  3. […] in a team of four, I am responsible for setting up, implementing, monitoring and maintaining the ISO 9001 certified quality management system in the Signalling Projects department. I am also responsible for Supplier Quality Assurance (SQA) […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *