Correspondence between ISO 9001:2015 and ISO 9001:2008
Correspondence between ISO 9001:2015 and ISO
9001:2008
Clauses
9001:2015
|
|
(Give some examples)
|
Documented Information
Required
|
Impact on auditing
|
4
Context of the organization
|
||||
4.1 Understanding organization and
its context
|
This is a completely new requirement; the organization will need to
determine the external and internal context that affects the organization.
|
No
|
This new concept relates to the factors and conditions affecting
organizational operation e.g. regulation, governance and stakeholders.
|
|
4.2 Understanding needs and
expectations of interested parties
|
Interested parties are introduced in the new version of the standard.
The previous version was focused on the organization.
|
No
|
Consider who the interested parties might be and what their relevant
interests might be, e.g. customers, shareholders, board members, competitors,
regulators.
|
|
4.3 Determining the scope of the
quality management system
|
4.2.2 Quality manual
|
This requirement was related to the Quality Manual in the previous
version. The Quality Manual is not mandatory anymore, but the requirement for
determining and documenting the scope remains.
|
Documented information stating the scope of quality management system
|
Reference to “exclusions” has been removed. Elements which do not
apply can and should be justified under Clause 4.3 of 9001:2015.
|
4.4 Quality management system and
its processes
|
4.1 General requirements
|
The requirements from the previous version remain; the new requirements
are related to determining the risks and opportunities, as well as assigning
responsibilities and authorities for the processes.
|
Documented information to extent necessary to support operation of
processes, Documented information to extent necessary to have confidence that
processes
are being carried out as planned
|
An elevated focus on processes. Adoption of the process approach is
now mandatory and will be audited accordingly.
|
5 Leadership
|
5.1 Management commitment
5.4.2 Quality management system Planning
|
No
|
Enhances 5.1, Management commitment, from the 2008 standard. The 2015
Standard repositions some requirements to “leadership”, not management. The
emphasis has shifted from ensuring to “engaging”.
.
|
|
5.1.1 Leadership and commitment for
the quality management system
|
||||
5.1.2 Customer focus
|
5.2 Customer focus
|
The old requirements remain the same. Determination of the risks
and opportunities regarding conformity of products and services is a
new requirement, as well as the consideration of the statutory and regulatory
requirements.
|
No
|
|
5.2 Quality policy
|
5.3 Quality Policy
|
The requirements remain the same.
|
Documented information available for quality policy
|
Enhanced requirements from the 2008 version: more attention to be paid
to the application of the policy across the organization. There is a need for
“documented information”, as opposed to a documented statement.
|
5.3 Organizational roles,
responsibilities and authorities
|
5.5.1 Responsibility and authority
|
The main difference is that the new standard does not require
appointing a management representative; however, the new clause describes in
more detail the roles, responsibilities and authorities within the QMS,
implying that they can be allocated to different persons.
|
No
|
The role of the Management Representative has disappeared; however the
requirements of the 2008 clause 5.5.2 still need to be met. There is a new
requirement that someone is tasked with preserving the integrity of the QMS
while it is in the process of change.
|
6 Planning for the quality
management system
|
||||
6.1 Actions to address risks and
opportunities
|
This is a completely new requirement. When planning the QMS, the
organization will need to determine the risks and opportunities affecting the
organization.
|
No
|
Organizations must determine its context, and the arising risks and
opportunities. Actions to address risk must be proportional to the potential
impact.
|
|
6.2 Quality objectives and planning
to
achieve them
|
5.4.1 Quality objectives
|
The requirements remain the same, but are further elaborated in
the new version.
|
Documented information on the quality objectives
|
Extension of 2008 clauses, 5.4.1, and 5.4.2. Stronger emphasis on the
importance of objectives, which should be set for processes. The organization
must retain documented information on quality objectives.
|
6.3 Planning of changes
|
5.4.2
Quality management planning
|
The new clause has the same requirements, and includes some new ones
|
No
|
An extension of the existing requirement: organizations must identify
the purpose and likely consequences of change, and the necessary resources
and responsibilities.
|
7 Support
|
No
|
|||
7.1 Resources
|
6.1 Provision of resources
|
The old requirements remain, but new version emphasizes consideration
of capabilities and constraints of the organization, as well as resources
obtained from external providers.
|
No
|
|
7.1.1 General
|
No
|
Need to evidence external as well as internal resource requirements.
|
||
7.1.2 People
|
6.2.1 General
|
The requirements of both clauses are pretty much the same.
|
No
|
No significant change
|
7.1.3 Infrastructure
|
6.3 Infrastructure
|
The requirements of both clauses are pretty much the same.
|
No
|
Enhanced reference to examples, e.g. hardware, software,
transportation
|
7.1.4 Environment for the operation
of process
|
6.4 Working environment
|
The requirements of both clauses are pretty much the same.
|
No
|
More prescriptive than before with a requirement to determine, provide
and maintain a suitable environment. There is a note in the new clause that
examples of “environment for the operation of processes” include social,
psychological and environmental
|
7.1.5 Monitoring and measuring
resources
|
7.6 Control of monitoring and
measuring equipment
|
The new version of the standard emphasizes the provision of resources
for monitoring and measurement. The organization must retain the documented
information as evidence of fitness for purpose of monitoring and measurement
resources. The old standard only focuses on the measuring equipment.
|
Documented information as evidence of fitness for purpose of
monitoring and
measurement resources
|
Measuring “equipment” becomes measuring “resource”, acknowledging that
professional judgement and human senses may also be a measuring resource,
e.g. tea tasting.
|
7.1.6 Organizational knowledge
|
This is a completely new requirement, which acknowledges the
organizational knowledge as an important resource. The organization will need
to determine the knowledge necessary to run its processes and achieve
conformity of products and services.
|
No
|
Examples of such knowledge could be intellectual e.g. design or
software and external sources of knowledge e.g. academia or conferences
|
|
7.2 Competence
|
6.2.2 Competence, training and
awareness
|
Competence and awareness are split into different clauses to emphasize
their importance and provide more detailed requirements.
|
Documented information as evidence of competence
|
The requirement has been extended to include people performing work
under the organization’s control, i.e. outsourced resource such as agencies.
|
7.3 Awareness
|
This is more expansive and now applies to all persons doing work under
the organization’s control. People must be aware of policy, objectives, how
they contribute and the implications of not conforming to the QMS.
|
|||
7.4 Communication
|
5.5.3 Internal communication
|
The new clause includes both external and internal communication and
requires definition of responsibility and methods of communication.
|
No
|
This is now much more prescriptive and includes external
communications. Organizations must now determine what, when, with whom and
how communications should take place.
|
7.5 Documented information
|
4.2.3 Control of documents
4.2.4 Control of records
|
Documents and records now belong to the same category – documented
information. The requirements of both versions are equivalent.
|
No
|
The Standard does not mention manual, procedures or records.
Documented information must be controlled but there is no longer a
requirement to have a documented procedure for this process. Requirements now
extend to access and usage, recognizing that electronic information can be
accessed as read only, without authority to change.
|
7.5.1 General
|
Documented information required by this International Standard,
Documented information determined by the organization as being necessary for
the effectiveness of the quality management system
|
|||
7.5.2 Creating and updating
|
No
|
|||
No
|
||||
7.5.3 Control of documented
information
|
Documented information of external origin determined by the
organization to be
necessary for the planning and operation of the quality management
system
|
|||
8 Operation
|
7 Product realization
|
|||
8.1 Operational planning and control
|
7.1 Planning product realization
|
The requirements of both clauses are equivalent
|
Documented information to the extent necessary to demonstrate
conformity of
products and services to requirements
|
This is a reworking and reorganizing of the 2008 Clause 7.1
requirements. The requirement to plan and develop processes is not new, but
has been extended to include implementation and control.
|
8.2 Determination of requirements for
products and services
|
7.2 Customer-related processes
|
The requirements are almost the same, but the new version emphasizes
communication about treatment of customer property.
|
No
|
A subtle change in the supplier customer relationship: the DIS starts
from the position that the organization has already determined the products
and services it intends to offer, reflecting a more common business
environment
for certification customers. Requirements should include those from
interested parties and also include statutory and regulatory requirements
relating to the product.
|
8.2.1 Customer communication
|
7.2.3 Customer communication
|
The requirements are almost the same, but the new version emphasizes
communication about treatment of customer property.
|
No
|
|
8.2.2 Determination of requirements
related to products and services
|
7.2.1 Determination of requirements
related to the product
|
The requirements of both clauses are pretty much the same.
|
No
|
|
8.2.3 Review of requirements related
to products and services
|
7.2.2 Review of requirements related
to
the product
|
The requirements of both clauses are pretty much the same.
|
Documented statement of customer requirements (or confirmation),
Documented information on results of requirements review, Documented
information to confirm that design and development requirements
have been met
|
|
8.3 Design and development of
products and services
|
7.3 Design and development
|
The requirements of both clauses are pretty much the same.
|
No
|
|
8.3.1 General
|
This clause defines when the design and development process is
necessary.
|
No
|
This new clause mandates the introduction of a design and development
process where this activity is required.
|
|
8.3.2 Design and development
planning
|
7.3.1 Design and development planning
|
The requirements of both clauses are pretty much the same
|
No
|
Builds on existing 2008 clauses 7.3.1 - 7.3.6. Design and development
needs to be approached as a process.
|
8.3.3 Design and development inputs
|
7.3.2 Design and development inputs
|
The requirements of both clauses are pretty much the same.
|
No
|
|
8.3.4 Design and development
controls
|
7.3.4 Design and development review
7.3.5 Design and development
verification
7.3.6 Design and development
validation
|
The new clause sublimates the requirements of the three old
clauses, keeping the old requirements and emphasizing the
consideration of nature, duration, and complexity of design and development
activities.
|
No
|
|
8.3.5 Design and development
outputs
|
7.3.3 Design and development outputs
|
The requirements of both clauses are pretty much the same.
|
Documented information resulting from the design and development
process
|
|
8.3.6 Design and development
changes
|
7.3.7 Control of design and
development changes
|
The requirements of both clauses are pretty much the same.
|
Documented information on design and development changes
|
|
8.4 Control of externally provided
products and services
|
7.4.1 Purchasing process
|
Although the name of the clause has changed, the requirements are
pretty much the same
|
No
|
Enhanced emphasis on external providers and the extent of employment
of contractors in current commercial practice. Extent of controls needs to
take account of the potential impact on the organization’s ability to
consistently meet requirements. Risk assessment will be applicable here.
|
8.4.1 General
|
Documented information on the results of the evaluations, monitoring
of the
performance, and re-evaluations of the external providers
|
|||
8.4.2 Type and extent of control of
external provision
|
7.4.3 Verification of purchased
product
|
The requirements of both clauses are pretty much the same.
|
No
|
|
8.4.3 Information for external
providers
|
7.4.2 Purchasing information
|
The requirements of both clauses are pretty much the same. The
new version emphasizes the monitoring and control of external
providers’ performance.
|
No
|
|
8.5 Production and service provision
|
7.5 Production and service provision
|
The requirements are almost the same, but the new standard points out
that the implemented controlled conditions are for delivery and post-delivery
activities.
|
No
|
|
8.5.1 Control of production and
service provision
|
7.5.1 Control of production and
service
provision
7.5.2 Validation of processes for
production and service provision
|
Documented information that defines the characteristics of the
products and
Services, Documented information that defines the activities to be
performed and the
results to be achieved
|
||
8.5.2 Identification and traceability
|
7.5.3 Identification and traceability
|
The requirements of both clauses are pretty much the same.
|
Documented information necessary to maintain traceability
|
|
8.5.3 Property belonging to customers
or external providers
|
7.5.4 Customer property
|
The requirements of both clauses are the same, but in the new standard
the requirements are extended to property belonging to external providers as
well.
|
No
|
|
8.5.4 Preservation
|
7.5.5 Preservation of product
|
The requirements of both clauses are the same
|
No
|
|
8.5.5 Post-delivery activities
|
The post-delivery activities are mentioned in several places in the
old version, but in the new standards they are set apart as a separate sub
clause.
|
No
|
||
8.5.6 Control of changes
|
The control of changes is mentioned in several places in the old
version; however, the importance of controlling changes is stressed in
the new standard by defining a separate sub clause.
|
Documented information describing the results of the review of changes,
the personnel authorizing the change, and any necessary actions
|
||
8.6 Release of products and services
|
8.2.4 Monitoring and measurement
of product
|
This is a new requirement, dealing with verification of product and
ensuring that product or service meets requirements.
|
Documented information to provide traceability to the person(s)
authorizing
release of products and services for delivery to the customer
|
|
8.7 Control of nonconforming process
outputs, products and services
|
8.3 Control of nonconforming product
|
The requirements are equivalent.
|
Documented information of actions taken on nonconforming process
outputs,
products and services, including on any concessions obtained and on
the person
or authority that made the decision regarding dealing with the
nonconformity
|
There is no longer a requirement for a documented procedure, but there
is a requirement to maintain documented information on actions taken,
including concessions and authorizations.
|
9 Performance evaluation
|
No
|
|||
9.1 Monitoring, measurement,
analysis and evaluation
|
8.2.3 Monitoring and measurement of
processes
|
The new clause sublimates all requirements for processes and products
or services monitoring and measurement.
|
No
|
An enhanced emphasis on evaluation of results, in addition to measurement
and analysis. Monitoring should be based on risk. Customer perception now
includes soliciting perceptions about the organization and its products and
services. Preventive action and statistical techniques are no longer
referenced.
|
9.1.1 General
|
8.2.4 Monitoring and measurement of
product
|
The new clause sublimates all requirements for processes and products
or services monitoring and measurement.
|
Documented information as evidence of the results of monitoring and
measurement activities
|
|
9.1.2 Customer satisfaction
|
8.2.1 Customer satisfaction
|
The requirements are the same
|
No
|
|
9.1.3 Analysis and evaluation
|
8.4 Analysis of data
|
The requirements are equivalent.
|
No
|
|
9.2 Internal audit
|
8.2.2 Internal audit
|
The requirements are equivalent. The main difference is that the new
standard does not require a documented procedure.
|
Documented information as evidence of the implementation of the audit
program and the audit results
|
There is no longer a need for a documented procedure. Internal audit
must cover customer feedback, organizational changes and quality objectives.
|
9.3 Management review
|
5.6 Management review
|
The requirements are equivalent.
|
Documented information as evidence of the results of management
reviews
|
Overall purpose remains the same, however inputs should now include
strategic items relating to context, risk and opportunities. Trends and
indicators should be used to monitor quality performance.
|
10 Improvement
|
8.5 Improvement
|
No
|
||
10.1 General
|
The requirements in the new standard explain what should be considered
in the process of improvement.
|
No
|
Proactive improvement must be sought, and this may be as a result of
corrective action, innovation or reorganization. The requirement for a
documented preventive action procedure has gone
|
|
10.2 Nonconformity and corrective
action
|
8.5.2 Corrective action
|
The requirements are equivalent.
|
Documented information as evidence of the nature of the
nonconformities and
any subsequent actions taken, Documented information as evidence of
the results of any corrective action
|
When corrective action has been completed, the organization can move
on to consider whether any further action is required to prevent a similar
nonconformity occurring in future. This requires the organization to
determine what caused the nonconformities and then to consider whether the
potential for a similar problem remains. The organization is then required to
implement any actions identified as needed, review their effectiveness and
make changes to the quality management system if necessary
|
10.3 Continual improvement
|
8.5.1 Continual improvement
|
The new standard points out the need to use all available information
for continually improving the QMS.
|
No
|
Organizations will now need to demonstrate that they are using the
outputs from their analysis and evaluation processes to identify areas of
underperformance and opportunities for improvement.
Appropriate tools and methodologies should be employed by the
organization to support this activity.
|
Comments
Post a Comment