Home » ISO 9001:2008-Quality Management System

ISO 9001:2008-Quality Management System

ISO 9001:2008-Quality Management System

1.0 Introduction:

ISO 9000 is a series of standards, developed and published by the International Organization for Standardization , that define, establish, and maintain a quality assurance system for manufacturing and service industries. The standards are available through national standards bodies. ISO 9000 deals with the fundamentals of quality management systems,including the eight management principles upon which the family of standards is based.ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill.
Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over a million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today.
Thousands of organizations in over 100 countries have adopted it, and many more are in the process of doing so. Why? Because it controls quality. It saves money. Customers expect it. And competitors use it.
ISO 9001 applies to all types of organizations. It doesn’t matter what size they are or what they do. It can help both product and service oriented organizations achieve standards of quality that are recognized and respected throughout the world.
ISO is the International Organization for Standardization. It is located in Switzerland and was established in 1947 to develop common international standards in many areas.
Its members come from over 150 national standards bodies. ISO’s purpose is to facilitate international trade by providing a single set of standards that people everywhere would recognize and respect.
These standardized requirements define controls that focus on improving an organization’s ability to deliver products or services that:

  • Consistently meet customer’s quality requirements
  • Meet applicable regulatory requirements
  • Enhance customer satisfaction
  • Achieve continual improvement of its performance in pursuit of these objectives.

The ISO 9001 standard focuses on improving an organization’s management sytem and processes. It does not specify any requirements for product or service quality. Customers typically set product and service quality requirements. However, the expectation is that an organization with an effective ISO 9001 based QMS will indeed improve it’s ability to meet customer and regulatory requirements.
ISO 9001 requirements are complementary to contractual and applicable regulatory requirements. Those implementing a QMS conforming to ISO 9001 must ensure that the specific requirements of their customers and regulatory agencies are met.

2.0 ISO 9000 family of standards

The ISO 9000 QMS series comprise the following Standards:
ISO 9000:2005 Quality management systems – Fundamentals and vocabulary:
This is a guidance document that defines the concepts, principles, terms, definitions and relationships that form the basis for quality management.

ISO 9001:2008 Quality management systems – Requirements:

This document is the standard that defines a generic set of requirements for organizations wishing to develop a quality management system.This is the only standard to which an organization may obtain certification. Because requirements are generic and not specific, organizations have flexibility in tailoring their quality management systems to fit their business, culture and risks.

ISO 9004:2009 Quality management systems:

Guidelines for performance improvements. As the title indicates, this is a guidance document for organizations wishing to move beyond the requirements of ISO 9001, in pursuit of continual improvement of overall business performance. Its use is not intended for certification or contractual purposes.

ISO 19011:2012

Provides guidance on auditing quality and environmental management systems

3.0 ISO 9001 Requirements:

The standard covers five clauses, each of which include several sub-clauses. The five clauses are:

Quality Management System – sets requirements to identify, plan, document, operate and control an organization’s QMS processes and to continually improve QMS effectiveness.
Management Responsibility – sets requirements for top management to demonstrate its leadership and commitment to develop, implement and continually improve the QMS.

Resource Management – sets requirements to determine, provide and control the various resources needed to operate and manage QMS processes; to continually improve QMS effectiveness; and to enhance customer satisfaction by meeting customer requirements

Product Realization – sets requirements to plan, operate and control the specific QMS processes that determine, design, produce and deliver an organization’s product and services.

Measurement, Analysis and Improvement – sets requirements to plan, measure, analyze and improve processes that demonstrate product and QMS conformity and continually improve QMS effectiveness.

4.0 Summary of ISO 9001:2008 in informal language

  • The quality policy is a formal statement from management, closely linked to the business and marketing plan and to customer needs.The quality policy is understood and followed at all levels and by all employees. Each employee works towards measurable objectives.
  • The business makes decisions about the quality system based on recorded data.
  • The quality system is regularly audited and evaluated for conformance and effectiveness.
  • Records show how and where raw materials and products were processed to allow products and problems to be traced to the source.
  • The business determines customer requirements.
  • The business has created systems for communicating with customers about product information, inquiries, contracts, orders, feedback, and complaints.
  • When developing new products, the business plans the stages of development, with appropriate testing at each stage. It tests and documents whether the product meets design requirements, regulatory requirements, and user needs.
  • The business regularly reviews performance through internal audits and meetings. The business determines whether the quality system is working and what improvements can be made. It has a documented procedure for internal audits.
  • The business deals with past problems and potential problems. It keeps records of these activities and the resulting decisions, and monitors their effectiveness.
  • The business has documented procedures for dealing with actual and potential nonconformances (problems involving suppliers, customers, or internal problems).
  • The business:
  1. Makes sure no one uses a bad product;
  2. Determines what to do with a bad product;
  3. Deals with the root cause of problems; and
  4. Keeps records to use as a tool to improve the system.

5.0 What is ISO 9001 Certification?

ISO 9001:2008, “certification” refers to the issuing of written assurance (the certificate) by an independent, external body (the Certification Body) that has audited an organization’s QMS and verified that it conforms to the requirements specified in the standard. “Registration” means that the auditing body then records the certification in its client register. The organization’s QMS has therefore been both certified and registered. For practical purposes, the difference between the two terms is not significant and both are acceptable for general use. “Certification” is the term most widely used worldwide, although registration (from which “registrar” as an alternative to certification body) is more commonly used in North America, and the two are also used interchangeably.

6.0 What is Accreditation?

Accreditation refers to the formal recognition by a specialized body – an accreditation body (AB)- that a certification body (CB) is competent to perform ISO 9001:2008 certification in specified business sectors. In simple terms, accreditation is certification of the CB. Certificates issued by accredited CB’s, known as “accredited certificates”, may be perceived on the market as having increased credibility. Therefore, it is okay to state that your organization has been “certified” or “registered”, but inaccurate to state that it has been “accredited” (unless your organization is a certification/registration body).

 7.0 What is the ISO 9001 certification process for an organization?

Most Certification Bodies (CB’s) use the following process with slight variations:

1. Pre-assessment

Before the actual certification audit, a CB auditor makes a preliminary visit of your facilities, briefly reviews your QMS documentation and conduct an informal check of the QMS implementation. In essence, this preliminary audit intended to uncover areas in your QMS that might need special attention. During the initial visit the audit scope and audit program is agreed upon, as well.A Pre-assessment is an optional activity. It adds value in that it provides an organization with a clear view of the gaps in its state of readiness, a few months prior to the formal certification audit. More and more organizations now prefer experienced consultant auditors to do the Pre-assessments as they not just identify the gaps, but also provide solutions to correcting them. CB auditors may only report on the gaps, but are not allowed to provide solutions.

2. Documentation review

The CB audit team evaluates your QMS manual to determine the adequacy of its scope and conformity to the requirements of the standard. The documentation review report summarizes any findings from this process. The report indicates if your organization is ready to proceed with the certification audit.

3. Certification audit

During the certification audit, the CB audit team conduct interviews, examinations and observations of the system in operation. It provides the team essential information required for the certification process and assesses the degree of conformity of the QMS with the requirements of the standard. When found conforming, the CB issue the certificate of conformity to ISO 9001:2008.

4. Surveillance audits

Each issued certificate has a three-year life period. Upon certification, the CB create a periodic audit schedule for surveillance audits over the three-year period. These audits confirm the on-going compliance of the QMS with specified requirements of the standard. At least one periodic audit per year is required.

5. Re-certification audit

After the three years are up, your certification will be extended through a re-certification audit.

8.0 Is ISO 9001 Certification compulsory?

ISO 9001:2008 is a voluntary standard. Your organization can implement it solely for the internal benefits it brings in increased effectiveness and efficiency of your operations, without incurring the investment required in a certification programme.
Getting certification is a business decision that may be based on:
A contractual requirement from a customer as a condition for doing business
Your organization’s overall risk management strategy
Recognition of an organization’s efforts in developing an effective QMS
A marketing tool for gaining a competitive edge in the marketplace
Also review the benefits of having an effective QMS earlier on in this FAQ.

9.0 Who is authorized to carry out certification of organizations to ISO 9001?

The ISO organization is responsible for developing, maintaining and publishing the ISO 9000 and other families of standards. The ISO organization does not audit or issue certificates for conformity to any ISO standard.The auditing and certification of QMS’s is carried out (independently of the ISO organization) by hundreds of certification bodies (CB’s) around the world. These CB’s issue ISO 9001:2008 certificates under their own responsibility and ISO does not control the activities of CB’s. CB’s may in turn be accredited by Accreditation Bodies (AB’s). AB’s may in some countries, be the national standards institutes that make up ISO’s membership. AB’s carry out accreditation assessments, either on behalf of their respective governments, or as a business operation. The ISO organization has no authority to control such accreditation activities.
Note: Not all CB’s are accredited.

However, ISO’s Committee on conformity assessment, ISO/CASCO, develops standards and guidelines covering various aspects of accreditation/ certification/ conformity assessment activities for AB’s and CB’s. The voluntary criteria contained in these standards and guides represent an international consensus on what constitutes good practice. Their use contributes to the consistency and coherence of conformity assessment worldwide and so facilitates trade across borders.

10.0 Why is ISO 9001 Important?

It is a powerful business tool for organizations to significantly improve the effectiveness and efficiency of their operation leading to enhanced customer satisfaction and profitability. However, to reap the benefits of ISO 9001, an organizations top management must adapt it as a strategic initiative in achieving its business goals.
This means providing the leadership, commitment, resources, structure, policies, decision-making, culture and environment for QMS deployment and maintenance. Additionally, the standard was designed to be used as a tool for continual improvement in conjunction with technology and other business improvement tools.
Benefits include:

  • Improves customer confidence and satisfaction in an organization’s QMS capability and consistency in meeting requirements.
  • Improves conformity to quality requirements
  • Increases competitive edge and market share
  • Increasingly recognized as a requirement for contractual relationships in the global arena.


  • Improves business efficiency and productivity
  • Reduces organizational waste, inefficiencies, and defects
  • Facilitates continual improvement in business processes and customer satisfaction
  • Improves process consistency and stability
  • Facilitates employee competence and consistency of performance
  • Improves employee motivation and empowerment through improved participation  communication  and interaction
  • Generates objective evidence to support the assessment of QMS conformity and effectiveness
  • Improves supplier performance by developing relationships that foster cooperative interaction in understanding and fulfilling customer requirements.

11.0 What is Quality?

Quality has many meanings. Many of them are subjective, such as the term “excellent” or “outstanding” quality. In the quality management field, quality has a more specific meaning.

According to ISO 9000, quality is defined as the degree to which a set of inherent characteristics fulfills requirements”.
Requirements that need to be fulfilled in a contractual situation typically relate to the provision of a specific product, service or intangible item such as intellectual property. Requirements may be stated or implied. In a contractual situation, stated needs are specified in contract requirements and translated into specific product or service features, functions and characteristics with specified acceptance criteria.
Implied needs on the other hand are basic features and characteristics that are identified and defined by the manufacturer, based on knowledge of the marketplace expectations. For example, the implied characteristic of a watch is its basic ability to provide accurate time. Stated characteristics may be “options” stated by the marketplace, such as being waterproof, serving as a stopwatch, and having light, alarm, month and day features.
The ISO definition goes further in that it may include related characteristics beyond product or service such as delivery, packaging, labeling, billing, as well as, processes and systems within the supplier’s organization. A customer may specify some or all these characteristics.
A problem or nonconformity in any of these areas may lead to customer dissatisfaction. An organization must ensure that it has systems and controls to assure that it can consistently fulfill all these requirements and enhance customer satisfaction.
The needs of customers vary and change over time. Therefore, companies should review quality requirements periodically. Requirements may also come from regulatory, statutory, industry and other sources. An organization must be aware of and ensure that all these diverse requirements are defined and met.
It could therefore be stated that ‘quality’ includes all of the characteristics of an organization’s products, services, processes, support and management system that contribute to meeting requirements and enhancing customer satisfaction.
An organization applying this broader definition would then have to consider the following four facets of quality due to:
• Defining marketplace requirements and opportunities
• Designing the product to meet marketplace requirements
• Consistently conforming to product design
• Providing product support throughout the product’s life cycle.
An effective ISO 9001 quality management system must address all four facets of quality.

12.0 What is Quality Management?

The principal objective of any business is to make money and stay in business. It accomplishes this by providing a product or service that meets the demands and requirements of the marketplace. In order to ensure its share of marketplace demand, a company must ensure its ability to retain repeat business.
Customers provide repeat business to those companies that can consistently meet its quality expectations: delivery of the right product and quantity; in the right packaging; at the right time and place; at the right price; that meets requirements and satisfies the customer. Customers demand assurance that its suppliers can measure up to this expectation for consistency and will take active measures to provide this assurance.
Senior management must ensure that its management of quality – organizational structure, responsibilities, processes, documentation of processes, controls, training and resources are determined and available to the organization in order to achieve quality assurance in the manner described above.
Having established what is meant by quality, some consideration must be given to the various quality management tools that are available for implementing an effective quality management system.
The definition of Quality Management is “coordinated activities to direct and control an organization with regard to quality”. A management system developed and implemented based on the ISO 9001:2008 quality management system standard provides assurance through applying the following four tools:
• Planning activities (Quality Planning)
• Prevention activities (Quality Assurance)
• Conformity activities (Quality Control)
• Continual improvement activities (Quality Improvement)
In order to meet the definition of quality, an organization must control the processes it uses to meet (customer and other stakeholder) requirements.
To apply the four tools, an organization may use the controls (requirements) of the ISO 9001 standard and the eight quality management principles. Managing the organization’s processes in this way significantly improves customer confidence and assurance of the organization’s ability to consistently meet requirements. It also provides the objective evidence that customers seek for an effective quality management system.
12.1 Quality Planning – is defined as the part of quality management focused on setting quality objectives and specifying necessary operational processes and resources to fulfill quality objectives. An organization must identify the processes, resources and controls needed to meet defined quality objectives (customer and organization). Specific requirements from the ISO 9001 standard, coupled with the customers’ and organization’s requirements, are used to plan for meeting quality planning requirements. Quality planning will also include planning for the quality assurance, quality control and quality improvement activities.
12.2 Quality Assurance – is defined as the part of quality management focused on providing confidence that quality requirements will be fulfilled. It includes all the proactive controls to prevent problems, associated cost and customer dissatisfaction. The intent of prevention is to look at requirements, design, processes, activities, etc, and define controls at the source (the design and planning stages). Controls should address structure, organization and resources to prevent or minimize the occurrence of problems in product, processes and activities. Examples of preventive controls include employee training, supplier qualification, preventive maintenance on equipment, process capability studies, etc.
12.3 Quality Control – is defined as the part of quality management focused on fulfilling quality requirements. Ideally, prevention based controls should prevent problems from occurring, but in reality, no system is foolproof and problems do occur. Accordingly, controls to detect quality problems must be established so that customers receive only products that meet their requirements. Detection based controls are reactive – the problem and cost have already occurred and the company is resorting to damage control. The intent of detection is to evaluate output from processes and activities by implementing controls to catch problems when they do occur. For example, final inspection to catch defective product before it gets shipped.
12.4 Quality Improvement – is defined as the part of quality management focused on increasing the ability to fulfill requirements. Continual improvement results from ongoing actions taken to enhance product characteristics or increase process effectiveness and efficiency. This is one of the key characteristics that differentiate a quality management system from a quality assurance system, i.e., being able to improve the effectiveness and efficiency and of a process or activity by setting measurable objectives and using performance data to manage the achievement of these objectives.
Effectiveness is defined as the extent to which planned activities are realized and planned results are achieved. In determining the effectiveness of quality assurance and quality improvement activities, the following questions should be asked:
– To what extent have problems in product or processes been prevented?
– To what extent have planned objectives for quality been met?
Efficiency is defined as the relationship between result achieved and resources used. The measure of efficiency is determined by asking the following:
– Can we get the same output using fewer resources?
– Can we get more output without adding resources?
These questions may be applied to the output of any activity within the quality management system of an organization.
It should be noted that ISO 9001 requires organizations to achieve QMS effectiveness through quality assurance and continual improvement activities. QMS efficiency is desirable, but not currently required by ISO 9001. ISO 9004 provides guidelines that consider both the effectiveness and efficiency of the QMS.
Quality improvement actions may include:
• Measuring and analyzing situations
• Establishing improvement objectives
• Searching for possible solutions
• Evaluating these solutions
• Implementing the selected solution
• Measuring, verifying, and analyzing results
• Formalizing the changes

Next-ISO 9001 Requirements

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at:  or call at +971569882663. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.



  1. Thanks 4 ur provide good knowledge
    But something’s are missed.example QS QA QC these symbol’s required (sorry for my English)

Leave a comment

Your email address will not be published. Required fields are marked *


Pretesh Biswas

Pretesh Biswas