Work in Progress

by Sandford Liebesman

ISO 9001:20081 and ISO 14001:20042 are scheduled for major revisions by the end of 2015. Many of the revisions being considered are controversial. In this column, I will only discuss the changes to ISO 9001, but note that changes to ISO 14001 are similar.

The first step in developing a revised ISO 9001 standard is to create a committee draft (CD). The ISO 9001:2015 CD consists of 10 clauses:

  1. Scope.
  2. Normative references.
  3. Terms and definitions.
  4. Context of the organization.
  5. Leadership.
  6. Planning.
  7. Support.
  8. Operational planning and control.
  9. Performance evaluation.
  10. Continual improvement.

Clauses 1 to 3 are similar to the ones in ISO 9001:2008, although the wording has changed. But, new clauses 4 to 10, which replace current clauses 4 to 8, are quite different.

The revised structure in the CD is based on a document developed by the International Organization for Standardization (ISO)3 that sets out a high-level structure, core text and common terms for ISO management systems standards. The goal is to provide common structures for organizations that comply with multiple standards.

Proposed requirements

The following requirements were included in the CD for the 2015 revision:

  1. The process approach is described in clause 4.2. The revised requirements are more extensive than the ones in ISO 9001:2008 and include an identification of:
    • All needed processes, inputs and outputs of each, and their sequence and interaction.
    • Risks to conformity of goods and services.
    • Performance indicators.
    • Resources needed by each process.
    • Responsibilities for each process.

    The requirements also include implementation of actions needed, monitoring of operations and continual improvement of each process.

  2. Risk is teamed with opportunities in Clause 6.1—Actions to address risks and opportunities, to provide preventive action. See the online-only sidebar "Risk and Preventive Action" for more details.
  3. Corrective action is covered in clause 10.1.

Major changes

The revision changes the structure of ISO 9001 from clauses 8 to 10. This is a major structural change, which means organizations will need to modify their documentation, training and understanding of the goals of the standard. To illustrate the problem, Table 1 is a comparison of clauses 4 through 6 in the CD with the original wording in ISO 9001:2008. Note the loss of coherence of the topics covered.

Table 1

A more complete comparison of the ISO 9001:2008 and the CD can be found in Online Table 1.

Online Table 1

What stands out is that many requirements that were together in ISO 9001:2008 were moved to separate parts of ISO CD 9001:2015. A prime example of this change is the following three requirements in ISO 9001:2008:

  • Objectives must be measurable (clause 5.4.1).
  • Organizations must build a quality management system plan (clause 5.4.2).
  • Responsibility and authority must be defined (clause 5.5.1).

They are together in the 2008 version, but in the 2015 version, have been rearranged to:

  • Objectives must be measurable (clause 6.2).
  • Organizations must conduct operational planning and control (clause 8.1).
  • Organizational roles, responsibilities and authorities must be defined (clause 5.3).

Table 1 shows how the requirements in clauses 4 to 6 of ISO 9001:2008 compare to the same requirements in ISO CD 9001:2015. The requirements are scattered in clauses 5 to 9, and in Annex SL of ISO CD 9001:2015. This could confuse the organization’s personnel and its auditors.

Items left out

In addition to these changes, a review of the proposed 2015 revision indicates the following key provisions were left out of the CD:

  1. Clause 4.2.2—Quality manual and Clause 5.5.2—Management representative in ISO 9001:2008.
  2. ISO CD 9001:2015 Clause 4.2.3—Control of documents contains less detailed requirements than ISO 9001:2008. Missing are requirements to ensure that documents are updated and to prevent use of obsolete documents. In addition, there are no requirements for records control.
  3. The only reference to control of records is in Clause 3.11, note 2—Evidence of results achieved (records). Notes are not requirements.
  4. ISO CD 9001:2015 Clause 7.1.4—Monitoring and measuring devices is incomplete. The details covered in ISO 9001:2008 Clause 7.6—Control of monitoring and measuring equipment are not included in the CD.
  5. Clause 8.5.3 in ISO 9001:2008 requires a process to accomplish preventive action. This has been eliminated in ISO CD 9001:2015. Read the online-only sidebar "Risk and Preventive Action" for more details.

What now?

The U.S. Technical Advisory Group (TAG) working on ISO 9001 was asked to vote on whether to advance the CD to a draft international standard. We voted not to advance the CD because it does not resolve a number of important technical issues. Also, the significant number of reviewer comments indicates the draft generally lacks maturity.

Unfortunately, the U.S. TAG is only one of 65 voting members of Technical Committee (TC) 176 and the CD was approved by a vote of 50 to 12 with three abstentions. Of the 50 approvals, 35 included comments. The comments will be reviewed at the next meeting of TC 176 in November and a draft international standard will be developed and voted on. Approval of the final draft international standard will require a two-thirds approval with less than one-quarter of final votes negative.4

The revisions will also be compared in more detail to ensure ISO 9001 and ISO 14001 will be compatible. The next U.S. TAG meetings occur the week of March 17 in Orlando.

Some concerns

Chief among my concerns about the ISO CD 9001:2015 is its scrambled nature. Many of the requirements that are together in ISO 9001:2008 are scattered throughout the 2015 CD. This will cause confusion in the development of quality management systems after its publication in 2015.

My second concern is the key requirements left out of the CD. Examples include eliminating the requirements for a quality manual and a management representative, and the incomplete requirements for monitoring and measurement devices. In addition, preventive action is presented in a way that requires assumptions that many organizations may not make. It should be clearly presented as preventive action, as described in ISO 9001:2008.

My third concern is the fact that the U.S. TAG is only one of more 65 voting members. At the August meeting, the U.S. TAG developed many comments about changes to the CD. I hope they will be incorporated in the final draft.

The CD of ISO 9001:2015 is certainly a work in progress. There are many issues and concerns that should be addressed before the draft is ready to move forward and be released. Further, there are many experts and stakeholders who want to weigh in to make the standard the best it can be.

The fact is, no one can say with certainty what the final draft standard will include or eliminate. Continuing the discussion can improve the standard and will help organizations around the world prepare for its release.

Risk and Preventive Action

Annex SL, Appendix 2 high-level structure and core text does not include a clause giving specific requirements for preventive action because one of the key purposes of a formal management system is to act as a preventive tool.

Consequently, the high-level structure and identical text require an assessment of the organization’s "external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) in clause 4.1, and to determine the risks and opportunities that need to be addressed to: assure the quality management system can achieve its intended outcome(s); prevent or reduce undesired effects; and achieve improvement" in clause 6.1.

These two sets of requirements are thought to cover the concept of preventive action and to take a wider view that looks at risks and opportunities. This approach is continued in the discipline-specific text added to the Annex SL core text to require risk-based thinking and a risk-driven approach to preventive action throughout also has facilitated some reduction in prescriptive requirements and their replacement by performance-based requirements. Although risks have to be identified and acted on, there is no requirement for formal risk management.

In my opinion, removing a specific preventive action requirement from the standard has eliminated one of the most effective tools for improving a QMS. —S.L.


  1. International Organization for Standardization, ISO 9001:2008—Quality management systems—Requirements.
  2. International Organization for Standardization, ISO 14001:2004—Environmental management systems—Requirements with guidance for use.
  3. International Organization for Standardization, ISO/IEC Directives, Part 1, Consolidated ISO Supplement, Annex SL, 2013.
  4. International Organization for Standardization, Stages of Development of International Standards, ISO Standards Development, Resource Area, Stages, May 5, 2008.

Sandford Liebesman, president of Sandford Quality Consulting in Morristown, NJ, had more than 30 years of experience in quality at Bell Laboratories, Lucent Technologies and Bellcore (Telcordia). He is an ASQ fellow and past chair of the Electronics and Communications Division. Liebesman has been a member of the U.S. Technical Advisory Group to ISO Technical Committee 176 from 1984 to the present. He has participated in the development of all versions of the standard during that period.

Average Rating


Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers