ISO 9001:2008 vs ISO 9001:2015

What are the differences between ISO 9001:2008 and ISO 9001:2015?


ISO 9001:2015

ISO 9001:2015 was released 23 September 2015.

Following are the key changes in this standard from ISO 9001:2008:

1. New Structure

The new standard has 10 clauses(external link).

ISO is in process of harmonizing all management system standards. For this a harmonized structure (Annex SL) has been developed. Some standards such as ISO 30301:2011 (Information and documentation – Management systems for records), ISO 22301:2012 (Societal security – Business continuity management systems), ISO 20121:2012 (Event sustainability management systems) have already been changed to this new structure and some other are in process of being revised to this new structure.

2. Process Approach

ISO 9001:2015 promotes the process approach beyond the existing requirements of ISO 9001:2008. Clause 4.4 (Quality management system and its processes)(external link) provides specific requirements for adopting a process approach.


3. Preventive Action vs Risk Management

One of the key purpose of implementing a quality management system is to act as a preventive tool. As a result the formal requirement related to preventive action is no more existing in the revised standard. This is being replaced with risk based thinking.

Although it is required by the organization to determine and address risks, there is no requirement for implementing a formal risk management process.

4. Context of the Organization

Two new clauses have been added to the standard.

5. Quality Management Principles

So far the standard was based on eight quality management principles. In this standard the earlier existing eight principles have been reduced to seven quality management principles(external link). These are listed in the clause 0.2 of the standard.


6. Products and Services:

In 2008 version of the standard the term "product" was used. This term also included services. In the Committee Draft issued in June 2013, this term was proposed to be changed to "Goods and Services(external link)". In the final standard the term used is "Products and Services".

7. Documented Information:

2008 version of the standard had two separate terms: "documents" and "records". In the revised standard it was combined together and called "documented information(external link)".

Annex A of the standard clarifies that where ISO 9001:2008 would have referred to documented procedures, it is now expressed as a requirement to maintain documented information.

Documented procedures in ISO 9001:2008 = Maintain documented information in ISO 9001:2015

And where ISO 9001:2008 would have referred to records this is now expressed as a requirement to retain documented information.

Records in ISO 9001:2008 = Retain documented information in ISO 9001:2015

8. No Exclusions:

ISO 9001:2008 version allows organizations to exclude the standard requirements under the following conditions:
  • Exclusions are allowed for the requirements which can not be applied due to the nature of the business.
  • Exclusions are limited to clause 7 (Product Realization)of the standard.
  • Such exclusions do not affect the organization's ability to provide products which meet the customer requirements and also the applicable legal requirements.

The new standard does not make any reference to exclusions. However in Annex A, the standard clarifies that the organization can not decide a requirement to be not applicable if it falls under the scope of its QMS. Also non-applicability is not allowed if that could lead to failure to achieve the conformity or to enhance customer satisfaction.

9. Work Environment:

The term "work environment" used in ISO 9001:2008 has been replaced with "Environment for the operation of processes(external link)".

10. Purchased Product:

The term "purchased product" has been replaced with "externally provided products and services(external link)".

11. Supplier

The term "supplier" has been replaced with "External provider".

This does not meet that organizations would need to change this term in their QMS as well. Organizations can still maintain the term "supplier", "vendor", "contractor", "consultant" etc. as per their own need.


Comparison between ISO 9001:2008 and ISO 9001:2015

ISO 9001:2008 ISO 9001:2015 Remarks
0. Introduction 0. Introduction
1.1 General 1 Scope
1.2 Application 4.3 Determining the scope of the quality management system
2. Normative references 2 Normative references
3. Terms and definitions 3 Terms and definitions
4. Quality Management System 4 Context of the organization
4.1 General Requirements 4.4 Quality management system and its processes
4.2 Documentation Requirements 7.5 Documented information Reduced requirements for documentation
4.2.1 General 7.5.1 General
4.2.2 Quality Manual - Quality Manual not required(external link)
4.2.3 Control of Documents 7.5 Documented Information Records and Documents are now "Documented Information(external link)"
4.2.4 Control of Records 7.5 Documented Information Records and Documents are now "Documented Information(external link)"
5. Management Responsibility 5 Leadership
5.1 Management Commitment 5.1 Leadership and commitment
5.2 Customer Focus 5.1.2 Customer focus
5.3 Quality Policy 5.2 Policy
5.4 Planning 6 Planning
5.4.1 Quality Objectives 6.2 Quality objectives and planning to achieve them
5.4.2 Quality Management System Planning 6.3 Planning of changes
5.5 Responsibility, Authority, and Communication 5.3 Organizational roles, responsibilities and authorities
5.5.1 Responsibility and Authority 5.3 Organizational roles, responsibilities and authorities
5.5.2 Management Representative - MR not required(external link)
5.5.3 Internal Communications 7.4 Communication
5.6 Management Review 9.3 Management Review
5.6.1 General 9.3.1 General
5.6.2 Review Input 9.3.2 Management Review Inputs
5.6.3 Review Output 9.3.3 Management Review Outputs
6. Resource Management 7.1 Resources
6.1 Provision of Resources 7.1 Resources
6.2 Human Resources 7.1.2 People
6.2.1 General 7.2 Competence
6.2.2 Competence, Training, and Awareness 7.2 Competence and 7.3 Awareness
6.3 Infrastructure 7.1.3 Infrastructure
6.4 Work Environment 7.1.4 Environment for the operation of processes
7. Product Realization 8 Operation
7.1 Planning of Product Realization 8.1 Operational planning and control
7.2 Customer-Related Processes 8.2 Requirements for products and services
7.2.1 Determination of Requirements Related to the Product 8.2.2 Determining of requirements related to products and services
7.2.2 Review of Requirements Related to the Product 8.2.3 Review of requirements related to products and services
7.2.3 Customer Communication 8.2.1 Customer communication
7.3 Design and Development 8.3 Design and development of products and services
7.3.1 Design and Development Planning 8.3.2 Design and development planning
7.3.2 Design and Development Inputs 8.3.3 Design and development inputs
7.3.3 Design and Development Outputs 8.3.5 Design and development outputs
7.3.4 Design and Development Review 8.3.4 Design and development controls
7.3.5 Design and Development Verification 8.3.4 Design and development controls
7.3.6 Design and Development Validation 8.3.4 Design and development controls
7.3.7 Control of Design and Development Changes 8.3.6 Design and development changes
7.4 Purchasing 8.4 Control of externally provided processes, products and services
7.4.1 Purchasing Process 8.4.1 General
7.4.2 Purchasing Information 8.4.3 Information for external providers
7.4.3 Verification of Purchased Product 8.4.2 Type and extent of control and 8.6 Release of products and services
7.5 Production and Service Provision 8.5 Production and service provision
7.5.1 Control of Production and Service Provision 8.5.1 Control of production and service provision
7.5.2 Validation of Processes for Production and Service Provision 8.5.1 Control of production and service provision
7.5.3 Identification and Traceability 8.5.2 Identification and traceability
7.5.4 Customer Property 8.5.3 Property belonging to customers or external providers
7.5.5 Preservation of Product 8.5.4 Preservation
7.6 Control of Monitoring and Measuring Equipment 8.5.1 Control of production and service provision
8. Measurement, Analysis, and Improvement 9.1 Monitoring, measurement, analysis and evaluation
8.1 General 9.1.1 General
8.2 Monitoring and Measurement 9.1.1 General
8.2.1 Customer Satisfaction 9.1.2 Customer satisfaction
8.2.2 Internal Audit 9.2 Internal Audit
8.2.3 Monitoring and Measurement of Processes 9.1.3 Analysis and evaluation
8.2.4 Monitoring and Measurement of Product 8.6 Release of products and services
8.3 Control of Nonconforming Product 8.7 Control of nonconforming outputs
8.4 Analysis of Data 9.1.3 Analysis and evaluation
8.5 Improvement 10 Improvement
8.5.1 Continual Improvement 10.3 Continual improvement Continual deleted in CD, but is back in the revised standard(external link)
8.5.2 Corrective Action 10.2 Nonconformity and corrective action
8.5.3 Preventive Action 6.1 Actions to address risks and opportunities PA is being replaced with risk based thinking(external link)