ISO 9001:2015—What’s Vital

Go beyond the requirements to ensure operational effectiveness

by John E. "Jack" West and Charles A. Cianfrani

Somewhat lost in the chatter about ISO 9001:2015, the most recent revision to the quality management standard, is the fact that it continues to be—by its initial design in 1987 and its 2015 revision—a set of minimum requirements for an effective quality management system (QMS).

If you read recent magazine articles and social media forums about the 2015 revision, you may get the impression there is little consideration of ISO 9001:2015’s requirements as they relate to an organization’s strategic and tactical plans. Another troubling trend is that there’s not much conversation about what is needed for short and long-term organizational sustainability. There also seems to be a lack of intensity in exploring and pursuing what is needed beyond meeting the minimum requirements of ISO 9001 for a QMS.

People appear to be misguided about what they’re choosing to emphasize—focusing on achieving conformity to the standard’s requirements and not organizational excellence and sustainability.

Many external and internal forces, however, such as competitive pressure and changes in technology and customer expectations, are pressing organizations to go beyond conforming to minimum requirements to remain relevant.

Compliance just not enough?

From the viewpoint of sustainability and organizational excellence as meaningful objectives—and using the ISO 9000 model as a foundation—we suggest expanding the breadth and depth of the following processes beyond the minimum required to claim compliance with ISO 9001:

  • Quality management input to the strategic-planning process.
  • Self assessments.
  • Correction, corrective action, risk assessment and improvement.
  • Innovation efforts.
  • Quality cost method.
  • Structure and deployment of QMSs to address globalization challenges.
  • Applying specific quality tools and methods—such as Six Sigma, lean, total quality management (TQM) or statistical process control (SPC)—as appropriate.

Consider these examples of going beyond minimum compliance to enhance QMS’s effectiveness:

Quality management input to the strategic-planning process—ISO 9001:2015’s clauses 4 and 6 include requirements that hint at, without actually stating, the need for strategic planning.1, 2

A robust process that considers external and internal threats, and systematically explores strengths and weaknesses—such as a formal strengths, weaknesses, opportunities and threats analysis—would address the requirements. This also could form the foundation of strategic and tactical planning processes. While not easy to develop and deploy, such processes are essential ingredients to achieving organizational sustainability.

Self-assessment—ISO 9001:2015 requires an internal audit: the determination of conformity with requirements. This is a binary, yes-or-no determination. Richer data can be derived from a self-assessment process that considers the degree of maturity of process deployment.

Much has been written about self-assessments,3 and a self-assessment process goes well beyond an internal audit process in terms of providing an organization with information to drive process improvement projects.

A self-assessment must consider not only the processes and elements of the QMS, but also the interactions between QMS processes and other processes of the organization.

Processes for correction, corrective action, risk assessment and improvement—Most organizations have corrective action processes in place. Some even distinguish between correction and corrective action. In our experience, few organizations ensure all personnel understand the difference between correction and corrective action, and not many seem to have processes that routinely require a formal root cause analysis as an element of corrective action.

Attention to correction, corrective action and improvement processes, and ensuring effective implementation throughout an organization can be a powerful engine for driving improvement. The effective implementation and adequacy of existing processes can be probed by asking simple questions:

  • Are corrective action processes deployed?
  • Are they consistently implemented?
  • Are the processes performed by a competent staff?
  • Is training needed?

Also ask yourself, would a documented process for conducting improvement projects increase effectiveness? Consistency and effectiveness of project implementation would be a likely result of following a defined process that staff has been trained to use.

Innovation efforts—Innovation processes are not required by ISO 9001:2015, which is a major shortcoming of the standard because innovation is of high interest to top management. We strongly recommend that organizations have processes defined and deployed to consider innovation in its products and processes. Without innovation, an organization can wither and die.

Furthermore, without formal processes that provide a framework in which innovation can occur, its deployment will be less effective and sporadic. The formal QMS should incorporate that framework so that consideration of innovation is encouraged by the process and not by chance.

Quality cost method—This method is not required by ISO 9001:2015, but if money is the language of management, processes will be required to put operational information into that language. A cost of quality process can be an effective tool to communicate operational information to management in a way that elicits action to improve.

Structure and deployment of a QMS to address globalization challenges—A major concern to CEOs and COOs is the trend toward globalizing organizational activities. Even smaller organizations find themselves engaged in international competition or in international supply chain concerns.

These pressures can exist throughout the life cycle of an organization’s activities—from purchased materials or contracted services on the front end of product or service production to postdelivery services. Although it’s not addressed in these terms in ISO 9001:2015, consider including processes in your QMS to address unique requirements, concerns or conditions that arise in the global marketplace.

Applying quality tools and methods such as Six Sigma, lean, TQM or SPC as appropriate—ISO 9001:2015 does not address specific methods to be used in process deployment. It does require that processes be planned and carried out under controlled conditions, and it requires continual improvement.

Process control and improvement are all enhanced by the availability and analysis of information. While it’s not required by ISO 9001:2015, you can enhance internal process effectiveness and customer satisfaction by providing staff training on the use of data collection and analysis tools.

Review the foundation

Before considering areas to expand your QMS, it is a good practice to review its foundations. This should include a review of the quality management principles4 and their applications, as well as your organization’s vision and mission statements. You also should ensure your current objectives are still adequate.

After your management team and entire workforce have an aligned understanding of the QMS’s foundation, a quality professional and a management team can evaluate where value can be obtained by expanding the breadth and depth of your QMS.

Our suggestions about going beyond minimum requirements are intended only to give you an incentive to consider what could be included in your organization’s QMS. They are not intended to provide details about what to include or how processes should be structured. Organizations’ activities will be different and optimized for the unique needs of each process.

Your QMS should not be structured to meet the requirements of a standard but instead should exist to ensure processes are operating under controlled conditions, internal operating effectiveness is achieved and customer satisfaction is attained.

References and notes

  1. International Organization for Standardization (ISO), ISO 9001:2015—Quality management systems—Requirements, clause 4—context of the organization.
  2. ISO, ISO 9001:2015—Quality management systems—Requirements, clause 5—leadership.
  3. For more information on self-assessments, read ASQ Z1 TR1–2012: Guidelines for performing a self-assessment of a quality management system (ASQ, 2012).
  4. For more information on quality management principles related to ISO 9001, read Quality Management Principles (ISO, 2015) at http://tinyurl.com/iso-qmp-2015.

John E. "Jack" West is a member of Silver Fox Advisors in Houston. He is past chair of the U.S. Technical Advisory Group to the International Organization for Standardization Technical Committee 176 and former lead delegate of the committee responsible for the ISO 9000 family of quality management system standards. He is an ASQ fellow and has co-authored several ASQ Quality Press books.

Charles A. Cianfrani is a principal consultant for Green Lane Quality Management Services in Green Lane, PA. An ASQ fellow, Cianfrani is a U.S. expert representative to ISO/TC 176 and has co-authored several ASQ Quality Press books. He holds an MBA from Drexel University in Philadelphia and a master’s degree in applied statistics from Villanova University in Pennsylvania.

Recognizing the 2015 version of the standard as the starting point for a QMS can open numerous management mentalities to go beyond.
--herb stevens, 03-02-2017

good assessment information
for continual improvement
would it be a better, a smarter idea;
a vital element in iso standards: to STRICTLY CONTROL / PREVENT / STRICTLY secure the use of "data", "documented information", etc. (in an incomplete, inaccurate, or even in an incorrect form) against the concerns of "alteration", "manipulation", "mis-use" "mis-authorisation", etc. "false copy" etc. prior to beginning to use it correctly beyond or below the minimum requirements.

Aylin N.M.


--Aylin N. M., 10-14-2016

This article makes a great point that ISO 9001 is a “a set of minimum requirements for an effective quality management system (QMS)” and organizations should consider to beyond meeting the minimum requirements and focus on short and long-term organizational sustainability. Also they provide list of process to expand the breadth and depth and go beyond compliance with ISO 9001. Among the suggest processes, Quality management input to the strategic-planning process and Structure and deployment of QMSs to address globalization challenge caught my attention. These are generally weak in many organizations and not effectively integrated with overall business processes. They are operated in silos. I would add more to the seven process areas suggested by the authors. Definitely these are good starting point to go beyond minimum requirements. Industry standards like IATF 16949, TL 9000, AS 9100 are additional resources to explore process areas to go beyond minimum requirements.

--Govind Ramu, 10-13-2016

Bravo! Jack and Chuck are not only leaders on ISO 9001 but reading their frank criticism of the standard (lack of innovation requirement) is truly refreshing. Many quality professionals take the standards as gospel and miss the point that standards also should be subject to continual improvement. Also like the point made on standard compliance versus organizational excellence and sustainability.
--Binseng Wang, ScD, 09-12-2016

Average Rating


Out of 2 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers