QMS Certification Blog
6 requirements that generate frequently asked questions ISO 9001:2015

6 requirements that generate frequently asked questions ISO 9001:2015

If you've read ISO 9001 and wondered: "how do I apply this in my organization? What happens if I don't apply it?". We raised the requirements that generate more doubts in ISO 9001 based on the audits we carried out.

ISO 9001 is the world’s best known standard. It has already gone through some updates and is currently in the 2015 version. Despite its fame, there are many frequently asked questions ISO 9001 about some of its requirements.

Our biggest tip is to maintain a continuous learning of the Quality Management System. It is essential to consult the standard frequently. In addition to studying and learning the segment of each client to be able to audition with excellence.

Today, we are going to clarify some requirements that generate more questions in ISO 9001:2015.

1. For a service provider company, is it necessary to apply requirement 8.3 – Design and development of products and services?

Depending on the scope and branch of activity, a service provider company can develop projects to provide this work, in which case it applies.

Some examples that can be cited:

  • Civil engineering company that makes projects;
  • School that develops pedagogical projects;
  • Laboratory that develops methods.

One of the QMS auditors said that when carrying out an audit visit to a service provider company – which did not need to apply Requirement 8.3 –, he found that it was not just a common service provision. That’s because there was an engineering department within the company. This one, was effectively applying Requirement 8.3 and in the right way, without even knowing it.

It is important to keep in mind that there is no standard for the applicability of requirements. Each case is unique and, therefore, must be analyzed with great care. Everything has to make sense in line with the scope of the Management System and from which the company is being audited.

Therefore, we cannot generalize and say that Requirement 8.3 is applicable for all organizations, as there are exceptions. It is necessary to evaluate the context of each company, the scenario of each organization. That was the fisrt frequently asked question ISO 9001.

2. How to treat Requirement 6.3 (Change Planning) together with Requirement 8.3 (Design and development of products and services) in organizations?

As Requirement 6.3 is in “Plan” within the PDCA cycle (Plan, Do, Check and Act), it is understood that these are changes that can affect the Management System in a more macro way.

With a practical example, our auditor mentions a case in which a company changed its address, which had an impact on the Management System as a whole. That’s because, she had to change layout, location, structure, among other things.

This can happen because the dispositions of employees and machinery affect the time and quality of the product or service.

Service example:

In a fast-food restaurant, it was defined that first the employees should assemble the sandwish in the following order: meat first, then the other ingredients.

However, now the meat grill is too far away, so it makes more sense to change the rule and put the meat after the other ingredients, so the snack won’t get cold for the customer.

Product example:

A factory changed its address from the center of the urban city to a coastal city. Will the machinery no longer be affected due to humidity and will need to be revised less often? Will all employees be able to make this shift change? If not, was the time allocated for training planned?

In these cases, we only exemplify displacement and layout changes, but small changes should also be considered, such as: suppliers, products, staff, etc. Furthermore, if the company currently wants to incorporate a product within the scope of the Management System, this can also be considered as Change Planning (6.3).

This is because there is a whole mapping within the Management System, defining processes, changing procedures, training people, among other things. Let’s go to the next frequently asked question ISO 9001.

3. How to monitor and analyze external and internal issues (4.1), if the company is not required to document this information?

In 4.1: “The organization shall monitor and review information on these external and internal matters”), there is no requirement for this information to be documented. In these situations, the organization can decide whether or not it is necessary or appropriate to keep documented information.

This is one of the frequently asked questions ISO 9001. Even though it does not demand documented information, the standard advises that it is a duty to monitor external and internal issues.

Thus, the role of the auditor is to understand how the company actually monitors these issues. It is up to each company to define how it will do it, as there are numerous possibilities, such as Power Point, Excel, Minutes of Critical Analysis, Company Manual, among others.

Therefore, there is no rule, right or wrong way to document this information, as each company is different from the other, so it is a unique decision.

In this case, the role of the auditor is to see throughout the audits what these issues were, how the organization identified and how it monitors.

4. Should government and union be considered applicable as Stakeholders in Requirement 4.2?

Among the auditor’s activities, it is not his role to consider whether or not it is applicable who is in the Stakeholders.

In a nutshell, the auditor is there to assess the Management System and then check if it really has an impact on quality management. If an organization of a metallurgist, for example, perhaps the union was more latent, it could be considered a more active union.

Government, in theory, is applicable to all organizations. However, you must assess how critical you are as an Interested Party to the quality management system.

The standard says: “Determine the interested parties that are relevant to the quality management system”

SOURCE: ISO 9001:2015

That is, quality management would focus on the customer, the final product and service. Therefore, this consideration will depend on the context of each organization. Therefore, there will be productive companies that will be applicable and others that will not. There is no recipe to define this.

A customized audit is carried out for each organization, where we understand Requirement 4.1 – Understanding the Organization and its context, and then assess the Stakeholders.

5. How to deal with an organization that did not keep indicators of process results?

“The organization shall determine:

  • What needs to be monitored and measured;
  • The monitoring, measurement, analysis and evaluation methods necessary to ensure valid results;
  • When monitoring and measurement should be carried out;
  • When monitoring and measurement results should be analyzed and evaluated.

The organization shall evaluate the performance and effectiveness of the quality management system. The organization shall retain appropriate documented information as evidence of results”.

SOURCE: ISO 9001:2015

It is important to note that the standard does not ask for indicators. In item 9.1 – Monitoring, measurement, analysis and evaluation, the organization is asked to determine what needs to be monitored and measured. Indicators can sometimes be used, but it is not necessarily the only way.

If the organization does not have any process KPIs, the auditor needs to go back to item 4.4 and check which were the processes that this company determined, if it has defined objectives and, therefore, understand how it defined the monitoring and measurements.

Therefore, the auditor should look for monitoring and compliance, not exactly indicators.

6. How to put into practice and insert the requirements of the rules into the day-to-day culture of the company?

The objective of the auditors is not to insert the norm within the company, but to understand the company in order to adapt these processes to the norm.

Then, it is indicated that the person responsible for taking care of quality in the organization holds meetings with a certain frequency to verify that the requirements are being put into practice.

Therefore, it is interesting for the quality manager to show the value of the standards, how much they add to the organization, exemplify with KPIs (performance indicators), objectives, among other issues.

The results impact the way employees see the norm and consequently change their culture, but it is always important to start with Top Management, it is inevitable that employees are a mirror of what the board preaches in the organization.

The standard itself sees this point, when describing in Requirement 5.1.1 General (Leadership and commitment):

“Senior management must demonstrate leadership and commitment to the quality management system”

SOURCE: ISO 9001:2015

Frequently asked questions ISO 9001:2015 with QMS America

Still have questions about ISO 9001:2015? We are available to help whenever needed. Contact us!

Be sure to follow us on social media and keep reading the blog.

QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

Compliance in the Third Sector Understand Its Importance

Compliance in the Third Sector Understand Its Importance

The third sector is a sphere of economic activity that encompasses non-governmental organizations (NGOs), associations, foundations, and other entities that operate for social, environmental, cultural, or community development purposes, but which are often used for fraudulent activities, hence the relevance of compliance in the third sector.

Become an ISO Certification Auditor

Become an ISO Certification Auditor

Everything you need to know about becoming an ISO certification auditor (ISO 9001, 14001, 45001, and other standards) and achieving professional success!

Scroll to Top