Featured Product
This Week in Quality Digest Live
Standards Features
Using the CASCO Toolbox to repair and restore
Todd Hawkins
Good documentation is worth the effort you put into it
Rupa Mahanti
With data as the fuel of the digital economy, data governance is the much needed brake
Bryan Christiansen
Workplace policies that reduce accidents and enhance safety
Chip Reavley
Well-designed solutions lower costs and increase revenue

More Features

Standards News
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Yotrio and SunVilla to provide interactive, 3D-enabled assembly via BILT app
KCP25C grade with KENGold coating sets new standard for wear and productivity in steel turning
Takes action to mitigate risk of medical devices shortage
Standards, testing help autonomous vehicles drive safely
Offering production versatility and throughput with increased detection sensitivity and low energy consumption
New lines improve software capability and analysis
Automotive cybersecurity on Feb. 9, and AS9145 on Feb. 28

More News

Timothy Lozier


Meeting the Requirements of ISO 9001:2015

Automated systems can help

Published: Thursday, March 19, 2015 - 00:00

The ISO 9001:2015 standard may still be in draft form, not quite set to replace the existing standard until the end of 2015, but it’s important to keep apprised of these changes and what they will mean for you when complying with the new standard. So what changes lie ahead? In this article we’ll look into how the new version of ISO 9001 represents not necessarily a change in the actual requirements, rather, the difference in the approach. In other words, it’s the mind-set that’s changing.

Quality is everyone’s responsibility

That mindset has become one in which no single person has the primary responsibility for an organization’s quality. Instead, we get a broad look in which everyone is committed to quality, to customers, and beyond. So, if there isn’t one core person who “owns” quality, where does quality live, and how does the entire company become engaged?

The broader approach provides a much more flexible interpretation of ISO 9001, which enables companies to focus on consistency, customer focus, leadership, and improvement, among other things. This interpretation brings ISO 9001 to a new level of attention, and also recognizes the changes in technology that now yield best practices for quality. This allows people to implement technology to help them automate and build flexibility into their quality management system (QMS) solutions.

So what are we seeing with the new standard?

Where technology fits

Let’s look into several of the key components of the initial draft as we map the technology considerations relating to the new standard.

Clause 4—“Context of the Organization”: This is essentially the planning for how your organization will manage quality. A lot of it becomes a strategic decision, but where technology fits is in subclause 4.4, which centers on establishing a “... process-based quality management system.”

Technology considerations: You want a solution that will be able to focus on the process as it relates to your organization. The QMS provides you with a centralized, common, and collaborative environment to maintain all of your policies and procedures. This is where flexibility becomes an important component:

• Flexibility to adapt to the various processes, and match what you’ve outlined for your commitments to quality and your customers
• Builds in the functionality that will support your needs and the needs/requirements of the standard

Clause 5—“Building Leadership”: There’s no longer a single representative for quality, no single “quality police.” Companies as a whole must establish a focus on quality, customers, and companywide commitment. At the same time, you must look to establishing a quality “policy”—as opposed to a manual— which will more broadly assess and help improve organizational quality.

Technology considerations: How are you effectively collaborating on a commitment to quality? You need a solution that will give the entire company visibility into and control over the quality effort by ensuring that all data related to processes and procedures is kept in a centralized location accessible by all necessary parties:

• A centralized system, one holistic place for quality policy that provides transparency of information
• Document and communicate your policy—control and disseminate information in a consistent manner

Clause 6—“Planning”: The biggest change here involves risk management. The standard is shifting from a preventive action approach to a risk-based approach, not just in the identification of risks, but also in controlling and mitigating them. At the same time, you’re benchmarking those risks against your overall quality objectives, taking actions to ensure you’re meeting them, and instituting methods for management of change.

Technology considerations: Building risk into a system is critical; you need a system that is objective, repeatable, and systematic. This takes several elements. First is assessing hazards and identifying and measuring risks (e.g., severity and frequency). Having a way to not only define the measurement of risks, but also to align them with your quality objective and then assess them from an operational perspective, is critical. This is done through a risk matrix, which enables you to calculate risk by quantifying your hazards by plotting them on a graph. The resulting calculation of severity and frequency becomes your risk factor. Once the risk matrix has been vetted by your organization through real-world scenarios to ensure its effectiveness, your organization can apply this tool to the risk management process.

• Risk matrixes, built into the operational processes, not only calculate risk but enable immediate remediation of high-risk events.
• A solution should have the ability to set up a risk assessment calculation, benchmarked against your requirements/objectives, and provide a way for you to take action on high-risk events.

Clause 7—“Supporting your QMS”: This is where you focus not only on the people who support your quality initiatives, but also on the infrastructure to support your QMS. You’re looking at the infrastructure of how you’re going to deliver quality, and by whom. This relies on ensuring that your people are trained and given the right documentation to operate efficiently and effectively.

Technology Considerations:

• The concept of document control is not just about document repositories; it’s about establishing a process by which documentation is created, reviewed, approved, consumed, trained, audited, and ultimately, revised. It’s far more than just a simple documentation tool—it’s how you have a central location for communicating processes and information to the company. A technology solution will build in functionality around the process of review and approval, integrated with training, change and revision control processes, and periodic reviews. Collaboration on documentation improvement is key to this element.
• Employee training isn’t just about a training tool; it’s more integrated, collaborative, and based on the idea that one process blends into the next. So, from a technology standpoint, you want an integrated document control and training system. The process includes the training of people and communication, by which new information is disseminated and consumed. Being able to automate much of this is key, especially when you’re  looking to create a more seamless, collaborative, and companywide perspective on quality.

Clause 8—“Operational Processes”: This section provides the framework for how you design, source, produce, and monitor your operations, with respect to products and services. It covers the processes by which you evaluate the design, the “external parties” (a term which replaces “suppliers”), and plans for your product and measurement of controls within your operations.

Technology considerations: The processes are the biggest component, and whether you’re building a design plan, a supplier evaluation, or establishing nonconforming material criteria, it’s important to ensure that information is transferred from one process to the next. A technology solution that will take design information, such as a bill of materials, and communicate to production and suppliers, and include potential nonconforming criteria to be assessed, rests in the ability of the system to provide traceability, visibility, and control.

Clause 9—“Evaluation”: The concept of evaluation sits on its own in ISO 9001:2015, which certainly highlights the importance of feedback and regular assessment. The key point to take away is, “How do you build a constant feedback loop from your operations to ensure that you are saying what you do, and doing what you say?” This not only includes regular auditing and feedback measures from customers, but also how you’re consuming this information as a management team.

One of the key areas is establishing a method for consuming customer feedback. You need to have an established way to build a data set from all customers, and categorize and analyze the type of feedback you’re getting. You also need to build both an internal and an external auditing program. This isn’t different than previous requirements. Finally, you still need to take the QMS data and conduct management reviews, and produce outputs against your core objectives.

Technology considerations: It’s important to “close the loop” on your QMS with your most important asset—your customer. A solution that can collect customer data via post-market feedback such as complaints and adverse events, and allow you to take action on that data, is vitally important to understanding if you’re meeting your quality commitment to your customer. Having a centralized and aggregated way to organize the feedback data is essential, and an automated QMS will provide:

• Auditing solutions: Most organizations are very familiar with building an auditing plan, but as a company grows more complex, it becomes more difficult to manage how much auditing needs to take place, when to audit, and what to audit. It’s important to have a solution that not only manages and standardizes the auditing process, but also the scheduling process. Centralization and harmonization are key in keeping things straight; technology helps to achieve this by providing you with a centralized repository where all your data is kept.
• Measuring effectiveness with collaborative reporting: Management review is an important step to evaluation. However, without a way to organize and filter the data, it’s very difficult to make informed and strategic decisions. You really not only need a strong reporting tool to gather all this information, you also need to ensure that you are integrating the whole process into the data collection. This is where having a closed-loop QMS solution is most valuable; it provides data from design, production, documentation, training, feedback, audits, and beyond. This provides a larger and more valuable view into the data, and lets management act or react or improve more efficiently.

Clause 10—“Improvement”: The key concept and the chief focus of ISO 9001:2015 is around a commitment to customers, to improvement, and to companywide involvement. So when we look at this section, the emphasis must be on fostering overall improvement.

You’re building a process by which you’re able to quickly react to nonconformities and take action on correcting these nonconformities. You’re also looking to see if you need to eliminate the cause of these problems. So, you are first looking to correct and control, and then determine if a corrective action is needed.

If there’s a systematic cause of a nonconformance, then you need to build a corrective action. Again, this is how you take an adverse event and create steps to reduce the likelihood of recurrence. Finally, you also want to look for ways to improve your overall QMS, find trends, and identify opportunities for improvement.

Technology considerations:

• Nonconformance management: Being able to record information in a single location is critical. You want to eliminate as much double entry and data as possible, so importing data from other areas (e.g., production, suppliers, customers, etc.) is key. They next key point is that, if you’re going to issue a corrective action, it should be traceable back to the nonconformance. This is where integration comes into play—linking a nonconformity to a corrective and preventive action, and being able to create a seamless closed loop on the process, will ensure that data is not lost or entered incorrectly.
• Lastly, you want to build reporting and data collection to look for improvement areas. Having a robust reporting system on the entire QMS is critically important to make informed decisions.


The revisions coming forth in ISO 9001:2015 bring a fresh perspective to the standard. Taking full advantage of the opportunities presented by the new standard lies in having a centralized, common, and collaborative environment that not only gives you the visibility into where you are in your QMS, but also makes you active participants and champions of quality. This is where technology, automation, and an integrated QMS take over.

ISO 9001:2015 was built with the acknowledgement of technology today, and the standard embraces concepts that can only be achieved with this in mind.

For more on this topic, be sure to join Quality Digest editor in chief Dirk Dusharme and myself for the webinar, “ISO 9001:2015 Compliance—How Automation Can Help,” on March 24 at 2 p.m. Eastern, 11 a.m. Pacific. Click here to register.

For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”


About The Author

Timothy Lozier’s picture

Timothy Lozier

Timothy Lozier is the director of product strategy for Verse Solutions, a quality and compliance management software provider that incorporates key quality processes, such as document control, corrective action, audits, and training in a dedicated cloud environment. Lozier has been involved in the quality and compliance industry for more than a decade and has an extensive background in quality and compliance management systems. At Verse Solutions he is responsible for driving the innovation and strategy of leading cloud-based compliance and quality management software solutions.



Hello Mr. Timothy,

I am in the aerospace industry for almost 30 years since this AS9100 stated I seen a lot of obstacles and problems about leadership, your comments and observations are all correct but one this as of my point of view it is important one that most of the companies they don’t believing to the system all they want is certification on the wall, that’s all there is no leader ship or “Let’s work together for better Industry” another word Leader ship exists but no action from Leaders, most of the time I am hearing, “YOU CAN NOT TEACH AN OLD DOG NEW TRICKS”


Victor Khosrowian


NADCAP & AS9100 Lead

Meeting Process-approach requirements in ISO 9001:2015

Hi Timothy,

The intent of ISO DIS 9001:2014 and we expect the final standard in September was and is as you wrote, to estbalis a “... process-based quality management system".

That word 'system' can mean any manual, soft or computer 'system' that suits the organization's "context" as the Standard requires. So it does require an electronic document management system per se, albeit, it certainly helps and affords many benefits as you and other contend.

The 'process-approach' is for some organizations, conflicting as they have documented their Quality and unfortunately, other ISO management systems by copying the headings of the clauses into their policy manual headings.  The new Standard requires under 0.6 "organizations are not required to follow an identical clause-by-clause sequence when defining their QMS and are encouraged to use the process Approach as described in 0.3 to 0.5".

There are many process frameworks available for organizations to utilise and re-engineer their clause based QMS's to a process-based one like APQC PCF, IDEFO, and industry ones like ITIL III and IDEFO and so on.  ERP and BPM's require that process modelling (BPMN) as does TQM CI, BPR, Lean and Six Sigma programs - they are based upon processes as we know.

What better place to source processes for improvement and then sustaining their project and process improvements reposited into these stabilised, controled and capable processes within a process-based QMS and Integrated MS.

Having process transparency and process layered audits will provide organizations and their customers and other stakeholders / interested parties, greater confidence and assurance of compliance if they can see (hard or soft copies) these processes and how they are better controlled, and meet the various Standard requirements of the clauses, that are overlaid onto their processes. 

We all look forward to ISO 9001:2015 release that such process management principles and documentation, hard or soft, provides a profitable process to deliver their goods and services to their customers, with confidence.

As we move into a more distributed and mobile 'App' workplaces and access, electronic document systems are crucial as you say but hard or manual systems will for many, suffice.