ISO 9001 requirements explained

The ISO 9000 family of QMS (quality management systems) is a set of standards that help organisations meet their contractual arrangements with customers regarding products and services.

At the forefront of this is ISO 9001, which contains the requirements that organisations must meet if they are to achieve certification.

In this blog, we will look at the key compliance requirements of ISO 9001 – but to understand how it works, we must first explain the principles of a QMS.

What is a QMS?

A QMS is a collection of business processes that address customer requirements and satisfaction.

The system should be aligned with the organisation’s purpose and strategic direction, and is defined by its organisational goals, policies, processes, documentation and resources.

ISO 9001 provides a framework for a QMS. It’s comprised of 7 clauses, which outline the principles of effective quality management.

In the next section, we look at each clause of ISO 9001 and explain how you can meet its requirements.

Clauses 1–3: Introduction

The opening few clauses of ISO 9001 defines the scope of the Standard and explains the terms and definition it uses.

 ISO 9001 also contains a Clause 0, which outlines the benefits of implementing a QMS. It describes the framework’s process approach, the Plan–Do–Check–Act cycle and risk-based thinking.

There are no requirements in these clauses, but they are essential reading as they establish the context you need to understand the later sections.

Clause 4: Context of the organisation

A crucial aspect of ISO 9001 is to recognise the internal and external issues that can influence your organisation.

You must therefore begin by determining what those issues are. Internal issues include the strategies you use to comply with your policies and to meet objectives, as well as your resources, assets and risk appetite.

Meanwhile, external issues include political, economic and social concerns, along with your regulatory requirements.

Clause 5: Management responsibility

ISO 9001 recognises that an effective QMS is only possible if the organisation receives the backing of senior management. That’s why you must outline their responsibilities early on in the implementation project.

Their tasks include:

  • Developing and maintaining a quality policy;
  • Communicating these policies to relevant employees;
  • Delegating responsibilities to make is clear who has the power to make certain decisions
  • Establishing the expectations of each function in the system;

Clause 6: Planning for the QMS

An effective QMS operates on a risk-based approach, with the organisation implementing measures to balance hazards with opportunities.

Clause 6 therefore requires organisations to document risks, including the damage they could cause and the likelihood of them occurring. They must then use this information to develop a plan to mitigate those risks and to maximise opportunities.

Clause 7: Resource management

This is the most wide-ranging clause in the Standard, containing requirements for management to provide:

  • Robust infrastructure, including equipment, hardware, software and building facilities;
  • An efficient working environment; and
  • Human resource support

Some of the issues you are expected to address in this clause include ensuring that the premises on which people work is comfortable and secure. You might need to consider, for example, room temperature, dust control and general cleanliness.

Similarly, you also need to review the equipment staff need and how that can be provided in a safe, effective manner.

Clause 8: Operational planning and control

This section describes the processes you must implement to ensure that you develop and deliver goods or services to your customers. The complete list of requirements covers:

  • The review of product specifications;
  • Design and development;
  • Purchasing;
  • Manufacturing and supply; and
  • Quality control and nonconformities

Notably, this is the only clause in ISO 9001 where you can exclude sections of the requirements based on their relevance to your organisation. For example, if you don’t design the product or service, you don’t need to address this part of the process.

Clause 9: Performance evaluation

Like almost all ISO standards, ISO 9001 requires organisations to evaluate the effectiveness of their processes on a regular basis.

Regular monitoring and an internal audit can help address your strengths and weaknesses, as can customer satisfaction surveys.

You must document your results to demonstrate that your QMS conforms to the requirements of ISO 9001 and to support the continual improvement process – which is covered in more detail in the final clause.

Clause 10: Improvement actions

This section explains how and why organisations should regularly review and improve their QMS. It states that measures must be implemented to:

  • Strengthen services and products;
  • Gain a better understanding of customer needs; and
  • Identify when and where processes fail to meet their goals.

ISO 9001 compliance with IT Governance

Ready to get started with ISO 9001 implementation? You can simplify the process with our ISO 9001 Documentation Toolkit.

With more than 90 policies, procedures, work instructions and records written by our experts, this toolkit contains everything you need to certify to the Standard.

You can also ensure full coverage of ISO 9001 with our gap analysis and conversion tools, roles and responsibilities matrix and project plan template.