ISO 9001 is an international quality management system (QMS) Standard. It presents fundamental management and quality assurance practices that can be applied by any organisation. Without a QMS, organizations have little chance of sustaining any improvements or innovations they might realize.We at PSQC believe that ISO 9001 is a basic model for managing any enterprise.It goes beyond what many people traditionally consider "quality."ISO 9001 is also quite flexible. In few places does it specify exactly what an organization must do.In most cases, the standard leaves a great deal of discretion to the organization in terms of how it will design its processes and procedures. This enables organizations to customize it to ensure individual success, instead of just blindly following a standard.The organization must figure out the best way to meet the requirements, and this is both liberating and challenging.

"Shall" is the operative word in ISO 9001. This word indicates a requirement wherever it appears.This can take a variety of forms, depending on the specificity of the requirement and the needs of the company. A "shall" can often be satisfied by communicating a requirement, developing a process, documenting a procedure, keeping a record, training personnel, inspecting a product, or any number of other controls. In many cases, ISO 9001 leaves it to the organisation to decide exactly how it will address each requirement.


The present version of ISO 9001 — ISO 9001:2015—is the fifth iteration of the standard. Here is a brief history of ISO 9001 through the years:

  • ISO 9001:1987 The first publication of ISO 9001. Truly a manufacturing standard and very heavily focused on documentation. The requirements were based on U.S. military standards used by government contractors since World War II
  • ISO 9001:1994 A minor revision to the standard. Still very prescriptive and focused on manufacturing. Difficult for services providers to interpret and apply.
  • ISO 9001:2000 A significant revision of the standard with a focus on continual improvement, customer satisfaction, leadership, and process management. An attempt to make the standard more applicable to service providers, and to make it more flexible in general.
  • ISO 9001:2008 A very minor revision with only slight changes in wording. No actual requirements were added, removed, or changed.
  • ISO 9001:2015 A significant revision to the standard and another step away from its manufacturing origins. Much more of a model for managing and improving an organization, with risk lying at the heart of the standard. An excellent framework for long-term success and customer satisfaction.

Until ISO 9001:2015, the standard has simply been a set of requirements. Organizations did their best to understand and implement them. The approach was similar to trying on clothes labeled one-size-fits-all. You might get lucky with a good fit, but more likely there would be a number of places where ISO 9001 simply didn't feel right. ISO 9001:2015 is now a risk-based standard. The risks and opportunities that an organization identifies are drawn from each company's unique circumstances.

There's nothing one-size-fits-all about this approach. You determine what's most important to your success and build your QMS around these unique issues. The result is a management system that you can truly say is built for your business. Is the identification of risks and opportunities an important step in implementing ISO 9001:2015? Yes, possibly the most important step.

Planning is another key theme of ISO 9001:2015. This theme is embodied through a number of different sections and clauses in the standard. Clause 4.1 asks you to examine the internal and external issues that are key to your success. ISO 9001:2015 refers to these as the context of the organization. This is fundamental environmental scanning intended to answer the question, "Who are we and what does our competitive environment look like?" This is followed by clause 4.2, which asks you to identify your interested parties. You not only identify these entities, but you also attempt to determine what their needs and expectations are. Clauses 4.1 and 4.2 constitute the raw material that is fed into your process for determining risks and opportunities.

ISO 9001:2015 emphasizes change management. Expected change must be carefully and deliberately planned, with all pieces in place ahead of time. For production changes that happen more in real time, the organization is required to evaluate the effect of the changes. These requirements are embodied in two different clauses of the standard: 6.3 and 8.5.6.

Organizational knowledge is an interesting new requirement. It asks the question, "What are we learning from our experiences?" Successful organizations seize every experience, whether good or bad, as an opportunity to build a storehouse of learning and knowledge. They must learn and build their knowledge or they won't survive. ISO 9001:2015 asks you to establish a process for capturing this organizational knowledge. Once you capture it, you must maintain it and make it available to your personnel.

The role of top management has been expanded significantly. ISO 9001:2015 asks top management to demonstrate leadership on a number of important topics. These include taking accountability for the effectiveness of the QMS, promoting the process approach and risk-based thinking, and promoting improvement. These requirements serve to raise the stakes significantly for top management's involvement within the scope of the QMS. The leader of the QMS is no longer a quality manager or quality director. The leader of the QMS is top management.