ISO 9001 Quality Management System evolution to a quality future

BY Rebecca Randles ON 4th April 2015.


White Paper on proposed changes and implications to ISO 9001 Quality Management System (based on available information March 2015).


ISO 9001 sets out the criteria for a quality management system. It can be used by any organisation, large or small, regardless of its field of activity. ISO 9001 has been implemented by over one million companies and organisations in over 170 countries.

This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. These key management principles helps ensure customers get consistent, good quality products and services, which in turn brings many business benefits.

Quality does not stand still!

ISO 9001:2008 proposed changes by standard developers have been reviewed as significant and similar to the step change; experienced with the evolution from the 1994 to 2000 standard revisions. Noticeable changes include changes to the standard structure and clause content.

Annex SL is based on the Plan-Do-Check-Act methodology comprising of ten clauses instead of the previous eight used in the ISO 9001:2008:

Clause 0: Introduction

Clause 1: Scope

Clause 2: Normative References

Clause 3: Terms and Definitions

Clause 4:  Context of the Organisation

Clause 5:     Leadership

Clause 6:    Planning

Clause 7:    Support

Clause 8:    Operation

Clause 9:    Performance Evaluation

Clause 10:    Improvement

What is Annex SL?

Due to a recent proliferation, many organisations seek to implement and certify multiple management system standards (MSSs). This has led to the need to easily combine or integrate them in an effective and efficient manner. The reality is that the various ISO MSSs all have many apparently common requirements, terms and definitions that are subtly or substantially different. In the past, this has caused confusion and inconsistent understanding and implementation. All ISO technical work, including the development of standards, is carried out under the overall management of the Technical Management Board (TMB). ISO/TMB has produced this annex with the objective of delivering consistent and compatible MSSs.

Annex SL describes the framework for a generic management system. However, it will require the addition of discipline-specific requirements to make fully functional standards for systems such as quality, environmental, service management, food safety, business continuity, information security and energy management.

Annex SL, addresses the requirements for proposals for ISO MSS. It consists of eight clauses and four appendices. Appendix three is in three parts: high-level structure, identical core text and common terms and core definitions.

In future, all new MSSs will have the same overall ‘look and feel’ thanks to Annex SL. Current MSSs will migrate during their next revision. This should be completed within the next few years.

 Chair of the CQI standards panel Colin MacNee

Anticipated changes will focus on aspects where ISO 9001:2008 Quality Management System standard has specifications and requirements that have been misunderstood when applied. The revised standard will offer organisations assistance in delivering clarity of these requirements to the benefit of all.

The revised standard content will have additional control in specific areas, such as the introduction of risk evaluation and risk based thinking in the design and development of management systems to achieve Annex SL’s requirements. The standard has a specific clause to address changes to the management system as changes will need to take a planned proactive systemic approach to gain total organisational buy in.

A successful and smooth transition implementation to the 2015 standard from 2008 version, can be further supported through team members responsible for the management systems, together with internal audit team members within the businesses attending revision training sessions.

Structure & terminology; the clause structure and some of the terminology of the International Standard, in comparison with ISO 9001:2008, have been revised to improve alignment with other management systems standards.

Context of the organisation

A requirement to understand the organisation and its context, the determination of its internal and external issues and the needs and expectations of its interested parties (listed) that result in the determination of the scope.

  • Refers to goods and services therefore clearly embracing the service sector deliverables and their applicability to ISO 9001
  • Links to business strategy are present
  • Exclusions continue to be permitted, but this may change as the standard development continues
  • The process approach now sits very firmly within the system design requirements in this section of the standard and no longer in the introduction.

Leadership and commitment

Emphasises the role of senior management and what is expected of them, including the focus on addressing risks, meeting statutory and regulatory requirements and maintaining customer satisfaction.


Introduces risk thinking to the evaluation of the quality management system. By using risk, the requirements of what was previously required as preventive action is addressed.

  • Does not automatically require full and formal risk assessment or maintain a risk register but adopts risk based thinking
  • Risk based thinking approach addresses
  • Identification of risks and opportunities within the organisation relevant to the context
  • Review, analyze and prioritize these
  • Develop action plans to address them, implement and verify effectiveness
  • Learn from the process and improve (Plan, Do, Check, Act, cycle)


Competence and awareness is emphasized and knowledge is introduced. Knowledge; once determined, needs to be maintained, protected and made available.


Includes an addition of control of external provision of goods and services – includes outsourcing. The requirements for control to be placed on outsourced processes were previously included in ISO 9001: 2008 and now have clear requirements.

Performance evaluation

The need for the service provision to be measured and feedback into the QMS improvement mechanism completes the PDCA cycle.


Includes detail on nonconformity and corrective action.

For more information regarding the forthcoming ISO 9001:2015 revision update please contact: