ISO 9001:2015 Requirements – Quality Management System Clause 1.

0 –
Scope
This clause defines the set of requirements that form the scope or purpose of the
ISO 9001 standard. This clause does not define the scope of your quality
management system (QMS) which is discussed under clause 4.3.
It defines a set of ISO 9001 requirements that has been used to develop a quality
management system (QMS). The scope of control requirements needed for a
“Quality” management system (QMS), will obviously differ from other management
standards such as environmental or health and safety systems. The requirements
defined in ISO 9001 are designed to achieve several objectives:
 To demonstrate your ability to consistently provide quality products and
services that meet customer and applicable regulatory requirements.
 Help you to enhance customer satisfaction by:
 Effectively implementing your QMS;
 Setting up processes for improvement;
 Providing assurance of conformity to customer and regulatory requirements.
Ability refers to the capability of your organization to – determine your customer
needs and requirements; design and develop product and services; know-how and
capacity to manufacture, package and deliver on time product and services; and
provide service and support; etc;
Consistency is being able to repeat your capability within specified parameters
for quality as defined by customers, your own organization or regulatory bodies.
Can you consistently provide conforming product and services or service, day in
day out?
This standard provides generic requirements to effectively plan, develop,
implement, operate, control and improve your quality management system (QMS)
processes. The focus of all ISO 9001 generic control requirements is to help you
develop a QMS that will achieve the two objectives stated at the start of this
section.
Because this standard is generic, ISO provides you with flexibility in applying its
requirements as opposed to prescribing specific controls that may not apply to all
businesses. So not only can you pick which controls apply to your business, you
can also tailor each requirement to fit the particular needs of your business.
Effective controls come from selecting and implementing applicable requirements
from the ISO 9001 standard and customizing these controls to suit the specific
needs, activities and risks related to each of your QMS processes.
To achieve and demonstrate your capabilities, you must effectively plan, operate
and control the various processes within your QMS that provide them.
The scope of your QMS and determination of what processes to include in it will
be covered in clause 4.3
The effective application of your QMS can be determined by how well QMS
activities and results measure up to planned performance indicators.
Improvement of the quality management system (QMS) is achieved by increasing
the ability of the QMS to meet requirements through raising and achieving higher
performance targets and making more efficient use of resources.
By effectively controlling and continually improving your QMS processes, there will
obviously be a positive impact on product and service quality and conformity to
customer requirements. These requirements focus on prevention (through the
application of risk-based controls) and to a lesser extent detection of problems, as
well as continual improvement of your QMS.
Assurance of conformity to requirements may be achieved by providing confidence
that requirements will be fulfilled. This confidence may be achieved through –
implementing prevention based controls using risk evaluation and PDCA (to be
discussed later); conducting internal/external audits; 3rd party certification of your
QMS; etc.
It is important to note that the ISO 9001 standard does not specify requirements
for product or service. Requirements for products and services come from
customers, end-users, regulatory bodies and other interested parties. The
standard sets generic systemic control requirements on how these customer and
relevant interested party requirements, needs and expectations are consistently
and effectively met to drive sustained improvement, business growth and enhance
customer satisfaction.
Organizations implementing an ISO 9001 based QMS must conform to all
applicable requirements that the standard specifies. This provides internal and
external parties (customers, registrars and regulatory bodies), the basis (i.e. a
benchmark) against which to assess the organizations ability to meet customer,
regulatory and internal requirements. It is now a common practice to use ISO 9001
certification as a requirement for making contractual decisions.
QMS design and implementation will vary from organization to organization. ISO
9001 allows this flexibility because organizations may have differing – goals and
objectives; business risks; range and complexity of product and services;
processes and resources; organizational size and structure; workforce
competence and stability; etc. This flexibility may relate to QMS scope
You must ensure that the scope of your QMS addresses all customer
requirements. Customer requirements may show up in contracts, blueprints, their
supplier quality manuals, or referenced to applicable industry and regulatory
standards and codes, etc. QMS scope will be covered in more detail under clause
1.0 and 4.3.
Don’t overlook statutory and regulatory requirements (often referred to as legal
requirements) applicable to your organization. These requirements may come
from your customer; the industry you are in; from within your own organization; or
state or federal organizations or even from the countries you do business in as a
seller or purchaser. These requirements may relate to your products or services;
the technology and processes used to make them; the terms and conditions of
doing business. You may need to apply regulatory requirements to your suppliers,
subcontractors and external service providers.
Your ultimate objective is to enhance customer satisfaction . You achieve this by
planning, operating and improving your QMS (PDCA) to effectively meet customer
and regulatory (stakeholder) requirements.