For those planning training sessions or candidates intending to take an online exam during this period, we will be offering online exam sessions on December 27 and 29, as well as January 5, 2024. You can check the link to online exam events here.
  2. / Resources
  3. / Whitepapers

ISO 9001:2008 Quality Management System - Requirements

Quality Management System 2014-12-09

Introduction 

ISO 9001:2008 is a quality management system standard, first published in 1987 by ISO (International Organization for Standardization). This standard is designed to help organizations ensure that they meet all requirements of customers and stakeholders.

It is neither an industry nor product specific standard. Organizations of all sizes and types can be certified against ISO 9001. This standard can be used by manufacturing or service providing companies. This standard assures quality for all interested parties involved in businesses that are certified.

ISO 9001 is considered as a key factor for doing business in global markets and for improving competitiveness.

The top three countries for the total number of certificates issued are China, Italy and Germany, while the top three for growth in the number of certificates in 2013 are Italy, India and the USA.

It is the most popular standard worldwide and up to the end of December 2013, at least 1, 129, 446 certificates had been issued in 187 countries and economies, three more than in the previous year. The 2013 total represents an increase of 3 % (+32 459) over 2012.

The table below summarizes the statistics of the ISO 9001 certifications around the world.

 
Table with statistics of the ISO 9001 certifications around the world.
 
Recent surveys show that 85% of certified organizations have experienced external benefits, while 95% of them have experienced internal benefits. They also have reported increased customer demand, employee awareness, operational efficiency and higher quality.

An overview of ISO 9001:2008 

ISO 9001 specifies requirements for a quality management system where an organization needs to demonstrate its ability to consistently provide products that meet customer and applicable statutory and regulatory requirements; in addition to enhancing customer satisfaction through the effective application of the system, including processes for continual improvement of the system and assurance of conformity to customer and applicable statutory and regulatory requirements.

All requirements of ISO 9001 are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.

Quality standardization evolves with ISO 9001 by adding: 

  • Greater emphasis on setting the objectives, monitoring performance and metrics;
  • Clearer expectations on management; and
  • More careful planning for and preparing the resources needed for ensuring quality.

What is Quality Management System?

Quality management system is defined as a set of interrelated or interacting elements to establish policy and objectives for an organization and to achieve those objectives with regard to quality.

ISO 9001 applies to all types and sizes of organizations that wish to: 

  • Establish, implement, maintain and improve an QMS;
  • Assure conformity with the organization’s stated quality policy;
  • Demonstrate conformity to others;
  • Seek certification/registration of its QMS by an accredited third party certification body; and
  • Make a self-determination and self-declaration of conformity with this International Standard.

Key clauses of ISO 9001:2008 

Clause 4: Quality management system

Clause 5: Management responsibility

Clause6: Resource management

Clause 7: Product realization

Clause 8: Measurement, analysis and improvement

Each of these key activities is listed below.

Clause 4: Quality management system 

The organization shall establish, document, implement and maintain a QMS and continually improve   its effectiveness in accordance with the requirements of ISO 9001 by:

  • Determining the processes needed for the QMS and their application throughout the organization;
  • Determining the sequence and interaction of these processes;
  • Determining criteria and methods needed to ensure that both the operation and control of these processes are effective;
  • Providing resources and information necessary to support the operation and monitoring of these processes;
  • Monitoring, measuring and analyzing these processes; and
  • Implementing actions necessary to achieve planned results and continual improvement of these processes.

This clause also includes requirements related to the QMS documentation that includes: the quality policy and objectives, the quality manual, procedures, records, documents to ensure effective planning, operation and control of processes and other documentation specified by national or regional regulations. It also provides requirements on how to control these documents and records.

Clause 5: Management responsibility 

Top management shall demonstrate an ongoing commitment to the development and implementation of the QMS and continually improving its effectiveness by:

  • Communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements;
  • Establishing the quality policy;
  • Ensuring that quality objectives are established;
  • Conducting management reviews; and
  • Ensuring the availability of resources.

Clause 6: Resouce management 

The day-to-day management of an effective quality management system relies on using the appropriate resources for each task. These include competent staff with relevant (and demonstrable) training and supporting services, awareness and communication.

To achieve conformity to product requirements it is important to provide and maintain an appropriate infrastructure.

This clause also includes the managing of the work environment, which must be managed by the organization in order to achieve conformity to product requirements.

Clause 7: Product realization 

This clause describes all processes related to product realization, starting from planning of product realization, customer related processes, design and development to the end product and after sales services. In detail this clause includes:
  • Planning of product realization: During this stage the organization must plan and develop all processes necessary for product realization;
  • Customer-related processes: It is important to manage processes related to customers in order to make sure the organization is determining and meeting their requirements;
  • Design and development: The design and development process must include design and development planning,     inputs, outputs, review, verification, validation and control of design and development changes;
  • Purchasing: It is important to establish documented procedures to ensure that purchased product conforms to specified purchase requirements;
  • Production and service provision: This sub-clause includes the control and validation of production and service provision. The identification and traceability, customer property and preservation of product are also part of this sub-clause.
  • Control of monitoring and measuring devices: The requirements for what needs to be measured and the acceptance criteria may come from the customer, regulatory, industry or the organization itself. Monitoring and measurement must be carried out in consistency with the requirements. 

Clause 8: Measurement, analysis and improvement 

Once the quality management system is implemented, permanent monitoring, measurement, analysis and improvement is required, to:

  • Demonstrate conformity to the product;
  • Ensure conformity of the QMS; and
  • Continually improve the effectiveness of the QMS.

An organization can continually improve the effectiveness of its management system through the use of the quality policy, objectives, audit results, analysis of data, corrective and preventive actions.

Continual improvement can be defined as all the actions taken throughout the organization to increase effectiveness (reaching objectives) and efficiency (an optimal cost/benefit ration) of quality processes to bring increased benefits to the organization and its stakeholders.

Link with other quality management methods and techniques 

Besides ISO 9001, there are many other methods and techniques related to quality management that are used to enhance quality and productivity in organizations, such as:

 
Quality Management Methods and Techniques
  • Quality Circle;
  • Total Quality Management (TQM);
  • Six Sigma;
  • Lean;
  • Kaizen;
  • Toyota Way;
  • Eight Disciplines Problem Solving (8D);
  • Just-in-Time (JiT);
  • Total Productive Maintenance; and
  • Balanced Scorecard (BSC).

Link with ISO 9004 

ISO 9001 and ISO 9004 are both quality management standards designed to complement each other; nonetheless, may be used independently.

ISO 90001 specifies requirements for a QMS that can be used for internal application by organizations, for certification, or for contractual purposes. It focuses on the effectiveness of the QMS in meeting customer requirements.

Whereas, ISO 9004 provides guidance for achieving sustained success for any organization and it provides a wider focus on quality management than ISO 9001. However, it is not intended for certification, regulatory or contractual use.

Integration with other management systems 

The general requirements are ordinarily identified in every management system. These requirements assist in:
  • determining and applying objectives according to the organization’s habits and needs;
  • upholding the objectives based on strong management commitment by monitoring and reviewing;
  • documenting pertinent management system processes;
  • regular ‘health-checks’ via internal or external audits; and
  • gaining benefits through continual improvement as achieved by a regular management review.

In addition, the table below presents the general requirements of several standards, which also serves as a comparing tool between QMS and other management systems. This will authorize the organization to envision “combined audits” in order to achieve their compliance goals with adequate effort and budget.

General Requirements of several standards.
 

Quality management - the business benefits 

As with all the major undertakings within an organization, it is essential to gain the backing and sponsorship of the executive management. By far, the best way to achieve this is to illustrate the positive gains of having an effective information security management process in place, rather than highlight the negative aspects of the contrary.

Today an effective information security management is not about being forced into taking action to address external pressures, but its importance relies on recognizing the positive value of information security when good practice is embedded throughout your organization.

The adaption of an effective quality management process within an organization will receive many benefits in a number of areas:

  1. Increase Efficiency
  2. Increased Revenue
  3. Employee Morale
  4. International Recognition
  5. Factual approach to Decision Making
  6. Supplier Relationships
  7. Documentation
  8. Consistency
  9. Customer Satisfaction
  10. Improvement Processes

Quality management principles 

ISO 9001 is based on eight quality management principles that can be used by the top management to lead the organization towards improved performance.

Quality Management Principles
 

Customer focus: Organizations depend on their customers and therefore should understand current and future customer needs, meet customer requirements and strive to exceed customer expectations.

Leadership: Leaders establish the unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives.

Involvement of people: People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.

Process approach: A desired result is achieved more efficiently when activities and related resources

are managed as a process.

System approach to management: Identifying, understanding and managing interrelated processes as

a system contributes to the organization's effectiveness and efficiency in achieving its objectives.

Continual improvement: Continual improvement of the organization's overall performance should be a permanent objective of the organization.

Factual approach to decision making: Effective decisions are based on the analysis of data and information.

Mutually beneficial supplier relationships: An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.

Implementation of QMS with IMS2 methodology 

Considering the well documented benefits of implementing a Quality Management System based on ISO 9001, makes the proposal easier to decide on.Most companies now realize that it is not sufficient to implement a generic, “one size fits all” quality plan. For an effective response, with respect to maintaining the quality management system, such a plan must be customized to fit to a company. A more difficult task is the compilation of an implementation plan that balances the requirements of the standard, the business needs and the certification deadline.

There is no single blueprint for implementing ISO 9001 that will work for every company, but there are some common steps that will allow you to balance the frequent conflicting requirements and prepare you for a successful certification audit.

PECB has developed a methodology (please see example below) for implementing a management system; the “Integrated Implementation Methodology for Management Systems and Standards (IMS2)”, and it is based on applicable best practices. This methodology is based on the guidelines of ISO standards and also meets the requirements of ISO 9001.

 
PLAN, DO, CHECK, ACT Cycle
 

IMS2 is based on the PDCA cycle divided into four phases: Plan, Do, Check and Act. Each phase has between 2 and 8 steps for a total of 18 steps. In turn, these steps are divided into 101 activities and tasks. This ‘Practical Guide’ considers the key phases in your implementation project from start to finish and suggests the appropriate ‘best practice’ for each one, while directing your to further helpful resources as you embark on your ISO 9001 journey.

The sequence of steps can be changed (inversion, merge). For example, the implementation of the management procedure for documented information can be done before the understanding of the organization. Many processes are iterative because of the need for progressive development throughout the implementation project; for example, communication and training.

By following a structured and effective methodology, an organization can be sure it covers all minimum requirements for the implementation of a management system. Whatever methodology used, the organization must adapt it to its particular context (requirements, size of the organization, scope, objectives, etc...) and not apply it like a cookbook.

 
QMS projects phases, steps, activities and undefined tasks

Certification of organizations 

The following common processes for an organization that wishes to be certified against ISO 9001 are:

1 Implementation of the management system: Before being audited, a management system must be  inoperation for some time. Usually, the minimum time required by the certification bodies is 3 months.

2. Internal audit and review by top management: Before a management system can be certified, it   musthave had at least one internal audit report and one management review.

3. Selection of the certification body (registrar): Each organization can select the certification body (registrar) of its choice.

4. Pre-assessment audit (optional): An organization can choose to perform a pre-audit to identify any possible gap between its current management system and the requirements of the standard.

5. Stage 1 audit: A conformity review of the design of the management system. The main objective is     to verify that the management system is designed to meet the requirements of the standard(s) and the objectives of the organization. It is recommended that at least some portion of the Stage 1 audit should be performed on-site at the organization’s premises.

6. Stage 2 audit (On-site visit): The Stage 2 audit objective is to evaluate whether the declared management system conforms to all requirements of the standard is actually being implemented in the organization and can support the organization in achieving its objectives. Stage 2 takes place at the site(s) of the organization’s sites(s) where the management system is implemented.

7. Follow-up audit (optional): If the auditee has non-conformities that require additional audit before being certified, the auditor will perform a follow-up visit to validate only the action plans linked to the non- conformities (usually one day).

8. Confirmation of registration: If the organization is compliant with the conditions of the standard, the Registrar confirms the registration and publishes the certificate.

9. Continual improvement and surveillance audits: Once an organization is registered, surveillance activities are conducted by the Certification Body to ensure that the management system still complies with the standard. The surveillance activities must include on-site visits (at least 1/year) that allow verifying the conformity of the certified client’s management system and can also include: investigations following a complaint, review of a website, a written request for follow-up, etc.

Training and certification of professionals 

PECB has created a training roadmap and personnel certification schemes which is strongly recommended for implementers and auditors of an organization that wish to get certified against ISO 9001. Whereas certification of organizations is a vital component of the quality management field as it provides evidence that organizations have developed standardized processes based on best practices. Certifications of individuals serve as documented evidence of professional competencies and experience for/of those individuals that have attended one of the related courses and exams.

It serves to demonstrate that a certified professional holds defined competencies based on best practices. It also allows organizations to make intelligent choices of employee selection or services based on the competencies that are represented by the certification designation. Finally, it provides incentives to the professional to constantly improve his/her skills and knowledge and serves as a tool for employers to ensure that training and awareness have been effective.

PECB training courses are offered globally through a network of authorized training providers. They are available in several languages and include introduction, foundation, implementer and auditor courses.

Although a specified set of courses or curriculum of study is not required as part of the certification process, the completion of a recognized PECB course or program of study will significantly enhance your chance of passing a PECB certification examination. The list of approved organizations that offer PECB official training sessions is found on our website: http://pecb.com/partnerEvent/event_schedule_list.

Choosing the right certification: 

The ISO 9001 Foundation certification is a professional certification for professionals needing to have an overall understanding of the ISO 9001 standard and its requirements.

The ISO 9001 Implementer certifications are professional certifications for professionals needing to implement a QMS and, in case of the ISO 9001 Lead Implementer Certification, needing to manage an implementation project.

The ISO 9001 Auditor certifications are credentials for professional needing to audit a QMS and, in case of the ISO 9001 Lead Auditor Certification, needing to manage a team of auditors.

Based on your overall professional experience and your acquired qualifications, you will get granted on or more of these certifications based on projects or audits activities you have been performing by the pas or which you are currently working on.

Table with criteria's for different certifications

Principal Authors:

Eric LACHAPELLE, PECB
Besnik HUNDOZI, PECB 

 

SUBSCRIBE TO OUR NEWSLETTER

Subscribe
Help Center

Training & Certification

Resources

Network

Examination

Certification

Company

Terms, Conditions, and Policies | Privacy Statement | Cookie Preferences

© 2024 Professional Evaluation and Certification Board. All rights reserved.

Scroll to Top