Total Quality Management & Business Excellence

ISSN: 1478-3363 (Print) 1478-3371 (Online) Journal homepage: http://www.tandfonline.com/loi/ctqm20

Empirical study on status of preparation for ISO

9001:2015

Christoffer Rybski, Roland Jochem & Laura Homma

To cite this article: Christoffer Rybski, Roland Jochem & Laura Homma (2017): Empirical study on
status of preparation for ISO 9001:2015, Total Quality Management & Business Excellence, DOI:
10.1080/14783363.2017.1303886

To link to this article: http://dx.doi.org/10.1080/14783363.2017.1303886

Published online: 21 Mar 2017.

Submit your article to this journal

View related articles

View Crossmark data

Full Terms & Conditions of access and use can be found at

http://www.tandfonline.com/action/journalInformation?journalCode=ctqm20

Download by: [University of Newcastle, Australia] Date: 21 March 2017, At: 15:07
Total Quality Management, 2017
http://dx.doi.org/10.1080/14783363.2017.1303886

Empirical study on status of preparation for ISO 9001:2015

∗
Christoffer Rybski a , Roland Jochem b and Laura Homma a
a
Fraunhofer Institute for Production Systems and Design Technology IPK, Berlin, Germany;
b
Quality Science, Technische Universität Berlin (TU Berlin), Berlin, Germany

Purpose: The ISO 9000 family of standards is the most noted standard concerning
quality management and its realisation. Over one million organisations are certified
according to the requirements of ISO 9001 worldwide. Especially in Europe, this
standard has an outstanding status. An ISO certification creates trust between
customers, partners and suppliers. In addition, it drives the companies to improve
continuously in order to get a recertification.
For September 2015, a revision of the ISO 9001:2008 was published. It shows
many differences compared to the version of 2008. These changes mean various
challenges to companies, which want to get a recertification. A main modification is
the risk-based approach, which requires that the companies plan and realise
measures to treat risks and chances. Particularly in Europe, the ISO 9001 revision is
one of the main topics of discussion in quality management. To investigate the
current status how companies in Germany fulfil the additional requirements, and
especially the challenge of risk consideration, the division for quality management
of the Fraunhofer IPK conducted a study with 1175 participants. The paper will
firstly address the changes mentioned and the associated challenges to give a good
overview and show that the new ISO 9001:2015 offers the chance to improve for
organisations. The main focus of the paper will be to present the results of the study
and thereby to show the status of preparation for the new ISO 9001 of German
companies of all sizes.
Design/methodology/approach: After an introduction to the ISO 9001:2015 and its
changes and challenges, the paper follows the same structure as the survey itself. It
gives an overview of the demography and results of the study and ends with a conclusion.
Findings: Most German companies neither consider themselves well prepared nor do they
claim to possess sufficient knowledge about the new requirements included in the revised
ISO 9001 standard. The need for action is especially great regarding the new requirements
subsumed under the classification of risk-based thinking. The aforementioned applies to
small and medium-sized enterprises as well as to large companies. Most organisations
define risk as the effect of uncertainty with solely negative effects. Therefore, only a
minority evaluates both risks and chances instead of only risks.
Furthermore, enterprises mostly neglect planning of actions to address identified risks.
Only in a few cases, companies do implement trainings to improve their employees’
capabilities regarding risk management. The afore-cited applies even though companies
consider a lack of experience the main challenge related to the analysis and assessment
of risks. Additionally, other newly established requirements of the ISO 9001:2015 are
also only fulfilled by a minority of participants. These new requirements include the
need for measures to determine the expectations of interested parties and the necessity
that modi operandi are implemented which ensure that knowledge is maintained and
made available to the extent necessary.
Originality/value: The paper considers the study results from different angles and shows
the changes and challenges of the ISO 9001:2015.
Keywords: quality management; ISO 9001; risk management; standardisation;
management system

∗
Corresponding author. Email: christoffer.rybski@ipk.fraunhofer.de

# 2017 Informa UK Limited, trading as Taylor & Francis Group

2 C. Rybski et al.

Introduction
The ISO 9000 family of standards is the most noted standard concerning quality manage-
ment and its realisation. More than one million organisations are certified according to the
requirements of ISO 9001 worldwide (ISO Survey, 2014). Especially in Europe, this stan-
dard has an outstanding status. An ISO certification creates trust between customers, part-
ners and suppliers. In addition, it drives the companies to continuously improve in order to
receive the intended certificate.
In September 2015, a revision of the ISO 9001:2008 was published. It shows many
differences compared to the version of 2008. These changes imply various challenges
to companies. They are mostly concerning the standard’s structure, the dealing with exter-
nal and internal parties, the process orientation, the support of the top management, the
knowledge management and the dealing with risks and opportunities. From now on,
there will be a ‘High-Level-Structure’, which is effective for all future ISO-manage-
ment-system-standards to make a standardised handling and a simplified integration of
different management systems possible. Regarding the collaboration, the term ‘interested
parties’ will be introduced, which need to be defined individually by every organisation.
To do so, the external and internal parties’ needs and expectations with influence on the
company’s QMS will be closely examined. Furthermore, processes including input and
output as well as the corresponding process key figures need to be clearly defined.
Also, the top management will be held increasingly responsible regarding the QMS’ effec-
tiveness. Within the knowledge management, there will be an extended demand concern-
ing the employees’ competency development. This way, the knowledge of the employees
will be focalised more strongly and the competency development will be thoroughly docu-
mented. One of the main modifications is the risk-based approach, which requires compa-
nies to plan and realise measures to treat risks and opportunities. This includes the
preventive measures demanded in the 2008 version but still raises a lot of questions for
many enterprises. It mainly concerns the specific implementation of those demands. It
is about using the tools and mechanisms of risk management without necessarily creating
a complete risk management system. The revision’s ISO-commission describes the risk-
based approach in the paper ‘Risk-Based Thinking in ISO 9001:2015’ (ISO TC, 2015).
It is primarily about reflecting and evaluating all possible outcomes and the associated
risks. Decisions should be made based on those evaluations.
The ISO 9001:2015 and its new requirements, which have raised a lot of questions and
discussions, have been the key motivation for the following study. With it, the division for
quality management of the Fraunhofer IPK wants to examine and reveal the current status
of how companies fulfil the additional requirements. Its goal was to research in which
areas, from the company’s point of view, are the biggest gaps and where they feel well
prepared. The focus lies on the risk management. During former discussions concerning
the revision process, this topic seemed to be significantly relevant. A trend was identified
which showed that this was the part where the users of the ISO 9001 had the most ques-
tions. Therefore, the study primarily focusses on answering the following questions:
. Do the companies consider themselves well informed regarding the ISO 9001
revision?
. Where do the companies see the biggest challenges to achieving a recertification?
. To what extent do risk management approaches already exist?

Therefore, a study with 1175 participants was conducted (Jochem, Rybski, & Klünder,
2016). This paper shall outline the results as well as possible implications.
 Total Quality Management 3

Study design and approach

An online questionnaire was used to conduct the study. The participants were able to
access their survey via an individual link sent per mail. The link expired after four
weeks which matches the survey’s overall duration [August/September 2015]. It consisted
of 28 questions to retrieve a wide spectrum of information. The questions can roughly be
divided into three categories. The first one consists of questions about the participants’
demography to make comparison possible, for example, by company size. This category
is made up of five questions. The second category considers the general questions about
quality management and the ISO 9001. It particularly deals with the matter of responsibil-
ities within the company and new requirements due to the revision which do not concern
the risk management. This category is made up of 10 questions. The third category focuses
on the existing structures, methods and the understanding of risk management. Since this is
the main focus of the study, this category makes up the biggest part with 12 questions. It
has shown, as mentioned, during the preparation for this study that this topic is especially
important which is why it became the main focus. The following evaluation works with
said segmentation and is structured analogically.
When dividing the participants into groups according to their industry, two major
sectors lead the poll: service as well as machinery and plant engineering. Sixty-four per
cent of the questioned businesses belong to those industries. Eighteen per cent are part
of the manufacturing sector, whereas mechanical and electrical engineering, which both
count as manufacturing subcategories, will be listed separately according to the segmenta-
tion WZ 2003 by the Federal Office of Statistics (StBA, 2003). Fourteen per cent of the
businesses fall into the industry of electrical engineering/electronics. Almost 7% of the
participants categorise themselves as part of the automotive sector. The producing and
manufacturing enterprises represent a big part of the study. This relatively balanced allo-
cation between service-oriented and producing businesses allows a valid comparison
regarding the fulfilment of the ISO 9001:2015 new requirements (Figure 1).
The size of the participating organisations varies. Based on their number of employees
76% of the companies can be classified as small and medium-sized enterprises [SME ≤

Figure 1. Different industries of the participating companies (multiple answers allowed).

4 C. Rybski et al.

Figure 2. Size of the participating enterprises (by employees).

250 employees]. Twenty-four per cent employ more than 250 people and thus count as
large enterprises. The exact allocation of the companies’ sizes can be seen in Figure 4
(Figure 2).
In total, 30% of the participants offer service-based operations, 26% offer solely pro-
ducts and 44% offer products and associated services. Due to this balanced structure of
producing and service-oriented businesses, the differences between those will be clearly
detectable later on (Figures 3 and 4).
A total of 92% employ less than 10 people for their quality management. The size of
the quality management department is not necessarily proportional to the company’s size.
In 38% of the case of businesses that employ more than 1000 people, there are only one to
five employees working in quality management. Furthermore, it is noted that producing
and manufacturing companies in comparison to service-oriented companies are more

Figure 3. Amount of producing and service-oriented companies.

 Total Quality Management 5

Figure 4. Size of the quality management department.

likely to have a higher number of employees working in quality management. This might
be an indication for the varied differentiations between quality management and quality
assurance. As a result, there are different terms in various companies. So, it might
happen that tasks which are typically assigned to the QM are now part of the product
development, while in another company, the same tasks might be executed by the depart-
ments for production or QM (Figure 5).
Sixty-five per cent of the questioned people defined themselves as quality manager.
Eighteen per cent of the completed questionnaires were filled in by the management of
the participating business. Those, as well as 13% department managers, are ought to
have a good understanding of the organisation. During a segmented evaluation by com-
pany’s size and position, it became clear that CEOs of small businesses are more likely
to complete the questionnaire compared to CEOs of companies with a higher number of
employees. In those cases, mostly quality managers or specialists participated in the study.
Since there are participants from all different kinds of industries and providers of pro-
ducts as well as services, there should be a realistic reflection of the different character-
istics regarding the ISO 9001-certified companies within the study.

Study results
Part 1: ISO 9001 in general
In August/September 2015, 90% of the participants were aware of the fact that by Septem-
ber 2015 a new version of the ISO 9001 will become effective. Out of those who were not

Figure 5. Position of the participating person (multiple answers allowed).

6 C. Rybski et al.

Figure 6. Awareness of the revision in September 2015.

aware of the introduction of a revised version of the ISO 9001, only 22% are certified
according to it. This means that 2% of the certified organisations have no knowledge of
the revision which leads to the conclusion that the currently certified companies were suf-
ficiently informed of the new version of the ISO 9001 (Figure 6).
Although 98% of the certified companies know about the new version of the ISO 9001,
only some are aware of the content of it. This study was conducted in August and Septem-
ber of 2015 before the final version of the updated standard was introduced. However, a
draft of the revised standard has been available since July 2014. This allowed the organ-
isations to get informed about the essential changes and innovations before the final
version was published in September 2015. Nonetheless, only 33% admit to know about
the new requirements. Almost half are familiar with some of the requirements and 19%
know nothing about the content at all. The amount of companies which are currently cer-
tified according to the ISO 9001:2008 and are aware of at least some of the changes lies at
89% (Figure 7).
The 19% uninformed participants exist mostly due to the three-year transition period
which allows the companies to take their time in getting familiar with the new require-
ments. The revised standard includes several fundamental changes, for example, the
risk-based approach or the increased demand regarding the dealing with knowledge.
The less knowledge the company has about risk management, the likelier it is to take
longer to implement the changes (Figure 8).
Even though the revision of the standard brings many changes with it, the so-called
‘risk-based approach’ is, from the Fraunhofer IPK’s point of view, the one mostly

Figure 7. Awareness of the new requirements.

 Total Quality Management 7

Figure 8. Need for action regarding the standard’s revision (top 3) (multiple answers allowed).

discussed. This way, the study underlines the picture given by the specialised press. Sixty
per cent of the participating organisations state, that, looking at the ISO 9001:2015, there is
a big need for action in the area of risk management. Although the standard does not
require a formal risk management, it demands an evaluation and documentation of all rel-
evant risks and chances regarding the QM-System. Concerning this matter, the majority of
the companies do not consider themselves as sufficiently prepared. This opinion is shared
by both SME and big enterprises. With increasing complexity within the organisation, it
gets more difficult to deal with risks, which explains why also big companies see a need for
action in this area.
Service providers do not see a need for action regarding risk management as often as
producing companies. Only 52% of them state that they see the need for improvement.
Within the manufacturing organisations, it is 61%. For providers of both products and ser-
vices, the number is even higher with 65%. This might be due to the high level of complex-
ity when implementing risk management in manufacturing and even stronger in
manufacturing combined with service. Additionally, there are usually bigger liability
risks when offering products than when offering services (Figure 9).
Since the ISO 9001’s revision, conscious handling of knowledge has been taking on an
essential role. The necessary knowhow to run the company’s processes is to be ensured
through securing the employees’ knowledge. Furthermore, the relevant knowledge to
ensure the conformity of products and services has to be secured. However, the new
requirements go beyond knowledge saving such as filing and making recent knowhow
accessible. From now on, companies additionally need to plan ahead which requirements
and developing tendencies are going to be relevant and how to access and distribute the
necessary knowledge within the company (Koubek, 2015).
Nevertheless, most of the enterprises still need to make adjustments to meet those con-
ditions. Twenty-eight per cent of the participants state that, at the moment, there are no
measures taken regarding the protection of knowledge within the organisation. The
majority of the companies which have not taken any steps towards knowledge saving

Figure 9. Enterprises with a need for actions divided according to products.

8 C. Rybski et al.

Figure 10. Knowledge management (multiple answers allowed).

are certified according to ISO 9001:2008. Those 28% will need to act regarding their
knowledge protection for a recertification. It has to be ensured that the company protects
its knowledge and furthers its employee’s skills considering future developments.
Again, it was noticeable how SME’s have more trouble meeting those requirements of
the standard compared to others. Especially bigger companies have already taken measures
to protect their knowhow. One of the reasons might be that the effort is very high for such
measures; another might be that the form of communication in SME’s is much more direct
and simple which could make some of the measures obsolete (Figure 10).

Part 2: ISO 9001, the risk-based approach and risk management

This part specifically focused on the requirements of the revised standard regarding the
risk-based approach. Even though the standard does not demand formal risk management,
the distinction between risk-based approach and risk management is a smooth transition
(DGQ, 2014). Furthermore, specific questions regarding risk management were asked
since organisations which have already integrated risk management into their procedures
were more likely to have already fulfilled the new requirements (Figure 11).
Questions about responsibilities concerning processes dealing with risks were also
asked to find out if those processes exist amongst the participants. Twenty-one per cent
of the participating organisations do not have defined processes regarding risk manage-
ment, although the risk-based approach from the ISO 9001:2015 demands those in
order to identify risks and chances which influence the proper functioning of the quality
management system. Furthermore, both process- and product-specific risks and chances
need to be considered. This is a call for action for those companies to gain a recertification.
The current revision of the ISO 9001 holds the top management accountable for more
actions than before. For example, they have more duties concerning the delegation of
responsibilities and the performance of the quality management system. Moreover, they
are supposed to ensure that the processes deliver the intended results. In 59% of the
case, the management level is responsible for the risk management. This way, they
have already reached the status quo before the new standard was introduced.
Risk management should be considered as a team effort. A team consisting of both pro-
fessionals and executives from different sectors along the value chain can estimate and
evaluate a wide range of potential risks and chances. This is also possible within the

Figure 11. Responsibility for risk management within the company (multiple answers allowed).
 Total Quality Management 9

framework of interdisciplinary projects. However, those teams rarely exist. Only 15% of
the participants show those structures regarding the risk management within their
company.
The ISO 9001 takes its definition of the term risk from the ISO 9000:2014, which states
that risk is the effect of uncertainty on an unexpected event. Furthermore, the ISO 9001
specifies that this effect is a deviation from a target state. Such a deviation can have a posi-
tive or a negative impact. However, the majority of the companies’ representatives have a
different understanding of risk. Thirty-five per cent chose ‘a possible, negative outcome
for an undertaking, resulting in disadvantage, loss or damage’ as the appropriate definition.
For them, the term risk is not a matter of positive or negative deviation, but clearly con-
notes negatively. Also, the answer of 16% of the participants defining risk as the ‘possi-
bility of not or partially not reaching company’s goals’ is a negative statement.
In total, 51% of the participants agreed with risk definitions which have a negative tone
to it. This means that the majority understands risk differently from how the standard
defines it. It is to mention, however, that those different views are already noted in the stan-
dard by mentioning that the term risk is sometimes used when there is only the possibility
of negative consequences (Figure 12).
At the same time, it would be advisable for organisations to analyse the interaction
between risks and chances. Looking at risks regarding the quality management system
and products to tolerate risks can bear new opportunities. An example is the additional
effort and expense saved by tolerating risks with a really low probability of occurrence
but severe consequences, for example, an earthquake in northern Germany. Although
there is a minimal probability of occurrence for such an event, it is common practice to
simply take the risk instead of buying the necessary insurance. This way, there is a
chance of saving insurance costs by tolerating risk. However, there can be reasons not

Figure 12. Definition and understanding of the term risk.

10 C. Rybski et al.

Figure 13. Risk management objectives (multiple answers allowed).

to tolerate certain risks, for example, because of legal regulations. In chapter 0.3.3 of the
revised standard, it is stated that circumstances such as customer acquisition, the develop-
ment of new products and services and the improvement of productivity can result in
potential chances (ISO, 2015).
The question regarding the objectives of an operational risk management shows that
the most common motivation is the fulfilment of legal or normative regulations.
Fifty-eight per cent of the participants stated that this is the reason they practise risk
management. However, many name the reasons cited in the ISO 9001:2015 as their motiv-
ation to have risk management. Forty-six per cent answered that reaching their quality
goals is the reason for implementing risk management. The revised ISO 9001 indirectly
claims that ‘risks and chances must be determined to ensure that the quality management
system can reach its intended results’ (ISO, 2015). One purpose of a quality management
system should always be the fulfilment of quality goals. The approach of continuous
improvement is also stated in the ISO 9001:2015 as a motivation for the demanded
dealing with risks. Forty-seven per cent of the participants share this motivation. As
shown in the paragraph before, the understanding of risk varies. The reasons though
why the questioned German companies deal with risks mostly match the motives listed
in the standard (Figure 13).
Although the ISO 9001:2015 does not explicitly ask for a systematic risk management,
this study examines in which parts of their value chain the participants have already
implemented risk management processes. Only 20% said that they are considering risks
due to external environmental impacts (Figure 14).
The most common answer chosen by the companies was the area ‘production and
service provision’. Almost half of the participants stated that this is where their organis-
ation performs risk management. The second most chosen answer was ‘areas where

Figure 14. Areas with risk management processes within the company (multiple answers allowed).
 Total Quality Management 11

Figure 15. Presence of a systematic evaluation of risks and chances.

risks are relevant for the organisation’s financial goals’. Thirty-three per cent of the com-
panies consider risks within their development department. The ISO 9001:2015 demands
that every development process needs to be defined and documented (ISO, 2015).
However, it does not explicitly ask for considering risks. Only 24% of the organisations
consider risks regarding the obtaining of external products and services (Figure 15).
The ISO 9001:2015 uses the two-sided definition of the term risk. This way, risk can be
the possibility of a deviation from a target state with both a positive and a negative impact.
However, the strongest motivation for an organisation when dealing with risks is the
avoidance of those as stated by 31% of the participants. Twenty-two per cent say that
they weigh the risks and chances and evaluate afterwards. Twenty-eight per cent answered
that they do not systematically analyse risks and chances (Figure 16).
The risk management process is frequently divided into four steps. Those four steps are
the risk analysis (including the risk identification), the risk evaluation, the risk control and
the risk monitoring (Romeike & Finke, 2003). Forty-four per cent of the participants stated
that they perform risk analysis as well as risk evaluation. Almost one-third, 30%, say that
measures are being developed to control and monitor risks. Although the first two steps are
implemented more often than the last two steps, the risk management process should
always be performed completely (Ebert, 2013). The ISO 9001:2015 demands the planning
of measures to deal with the risks listed in the standard. In contrast, only 30% of the par-
ticipants say that they are currently implementing such measures. In 70% of the cases, the
organisations need to improve in this field in order to regain a certification according to the
ISO 9001:2015. The revised ISO 9001 additionally requires that the measures taken be
evaluated by their effectiveness.
Thirty-four per cent of the participating organisations are already doing so, but the
majority needs to act accordingly for a recertification (Figure 17).

Figure 16. Practised parts/phases of risk management (multiple answers possible).

12 C. Rybski et al.

Figure 17. Guarantee of employee qualification for risk management.

Eighteen per cent of the participating organisations train their employees specifically
for their risk management activities to guarantee their qualification. Nineteen per cent
leave it up to the employees to train themselves. Seven per cent answered that they see
no need for a specific risk management training. Out of those, 92% are currently certified
according to the ISO 9001:2008 (Figure 18).
The most commonly used risk management method is brainstorming. Forty-eight per
cent of the participating companies work with it. It should be noted, however, that brain-
storming is a requirement for most of the listed methods, which is why the result does not
come as a surprise. Also, often used is the FMEA [Failure Mode and Effects Analysis].
The automotive sector, for example, partly requires it by law (Kamiske, 2013). It is
used by 38% of the participants.
Other popular risk management methods are the SWOT Analysis and the Ishikawa
Diagram (also cause-and-effect diagram/fishbone diagram). Special methods like
HACCP or HAZOP are only used by a few organisations. This is partially due to the
fact that both methods are industry-specific. HACCP, Hazard Analysis and Critical
Control Points, is a special risk analysis concept designed for the food industry.
HAZOP, Hazard and Operability Study, was intentionally designed for the chemical indus-
try, but is now used by different sectors as well (Romeike & Hager, 2013) (Figure 19).
As described before, most of the participating German companies consider dealing
with risks the biggest challenge regarding the certification according to the new ISO
9001:2015. When asked what exactly it is that complicates the risk identification, analysis
and evaluation the most common answer showed the lack of experience regarding the

Figure 18. Used risk management methods within the company (multiple answers allowed).
 Total Quality Management 13

Figure 19. Challenges faced when analysing and evaluating risks (multiple answers allowed).

Figure 20. Important risks (multiple answers allowed).

assessment of risks and chances. Fifty-two per cent of the participants chose this answer.
Inadequate knowledge on how to use the methods named 42% of the companies as a great
challenge. Thirty-nine per cent say that the effort which comes with methods for analysing
and evaluating risks is one of the biggest challenges. Even though the ISO 9001:2015 does
not specifically require a formal risk management for their QM-System, it does demand
the identification, evaluation, controlling and monitoring of risks. The amount of compa-
nies which see the effort of the methods as a big challenge barely vary in company size.
SMEs as well as big enterprises consider the effort as critical (Figure 20).
When evaluating the biggest risks from the participants’ perspective, it falls into a
typical pattern. Especially, financial and staff-related risks have priority, whereas environ-
mental risks are rated as not crucial. This surely has something to do with the geographic
circumstances given in Germany, which make real environmental disasters improbable.
Staff-related risks as part of the operational risks include threats like the challenge of
recruiting qualified personnel and a high labour turnover rate. Gaps of motivation and
integrity, lack of team culture as well as strikes also count as part of the staff-related
risks (Romeike & Finke, 2003).

Conclusion
The ISO 9001:2015 includes several improvements and innovations. During the revision
process, as well as through questioning the enterprises, these have proven to be essential.
Both necessity and meaningfulness were confirmed by the present study.
However, most of the companies still need to make a significant effort to implement
the increased requirements. Especially in the field of knowledge and risk management
there is a demand for action. The ‘risk-based approach’ and with it its active consideration
of risks and chances is a step in the right direction to meet today’s high demands from both
customer and environment and to reach the associated increased level of quality. It has
been shown that a one-sided understanding of risk exists and that chances are rarely
ever explicitly considered. In the future, companies are asked to include the analysis of
chances alongside risks in their risk management. By taking chances like launching a
new product or entering a new market – while consciously tolerating risk in certain situ-
ations – companies can raise their competitive advantage.
14 C. Rybski et al.

The ISO 9001:2015 manages to place special emphasis on different areas which are
relevant for a sustainable business success. Organisations should view the revised ISO
9001 version as a motivation and trigger for continuous improvement. In addition, the
‘High-Level-Structure’ represents another step towards a simplified integration of differ-
ent management systems. It remains exciting to observe how the transition period of the
ISO 9001:2015 will be used and actually contribute to a higher business success of the
organisations. This aspect motivates the proposition to conduct a similar study during
the next years in order to track the progress made by the various industries and their
businesses.

Disclosure statement
No potential conflict of interest was reported by the authors.

References
DGQ – Deutsche Gesellschaft für Qualität. (2014). Revision ISO 9001:2015. Änderungen und
Schwerpunkte. Frankfurt: DGQ.
Ebert, C. (2013). Risikomanagement kompakt. Risiken und Unsicherheiten bewerten und
beherrschen (2. Auflage). Karlsruhe: Verlag Versicherungswirtschaft.
ISO Survey, International Organization for Standardization. (2014). ISO survey 2014 – survey of
certifications. Geneva: ISO.
ISO TC, ISO’s Technical Committee no. 176 (2015). Risk in ISO 9001:2015 (Document N1222).
Geneva: ISO.
ISO, International Organization for Standardization. (2015). Quality management systems – require-
ments (ISO 9001:2015). Berlin: Beuth Verlag.
Jochem, R., Rybski, C., & Klünder, R. (2016). DIN EN ISO 9001:2015 – Vorbereitung und Stand
der Umsetzung in deutschen Unternehmen. Berlin: Fraunhofer IPK.
Kamiske, G. F. (2013). Handbuch QM-Methoden – Die richtige Methode auswählen und erfolgreich
umsetzen (2. Auflage). München: Hanser Verlag.
Koubek, A. (2015). Praxisbuch ISO 9001:2015 – Die neuen Anforderungen verstehen und umsetzen.
München: Hanser Verlag.
Romeike, F., & Finke, R. B. (2003). Erfolgsfaktor Risiko-Management – Chance für Industrie und
Handel Methoden, Beispiele, Checklisten. Wiesbaden: Gabler Verlag.
Romeike, F., & Hager, P. (2013). Erfolgsfaktor Risiko-Management 3.0 – Methoden, Beispiele,
Checklisten – Praxishandbuch für Industrie und Handel. Wiesbaden: Springer Gabler.
StBA, Statistisches Bundesamt. (2003). Klassifikation der Wirtschaftszweige mit Erläuterungen.
Wiesbaden: Statistisches Bundesamt.