ISO/FDIS 9001

ISO/DISFDIS 9001
ISO/TC 176/SC 2
Secretariat: BSI
Date: 2026-04-2030
Quality management systems — Requirements
Systèmes de management de la qualité — Exigences
DISFDIS stage
TThhiiss d drraftaft i iss s suubbmmiitttteded t too a pa pararallel vallel vootte e iinn I ISSOO,, C CEENN.
VVototiinngg b beeggiinnss on on:: 22002255--0088--2277
VVootintingg te termrmiinnaatetess o onn:: 2 2002255--1111--1199

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
E-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents
Foreword . iv
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 6
4.1 Understanding the organization and its context . 6
4.2 Understanding the needs and expectations of interested parties . 6
4.3 Determining the scope of the quality management system . 6
4.4 Quality management system . 7
5 Leadership . 7
5.1 Leadership and commitment . 7
5.2 Quality policy . 8
5.3 Roles, responsibilities and authorities . 9
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.2 Quality objectives and planning to achieve them . 10
6.3 Planning of changes . 11
7 Support . 11
7.1 Resources . 11
7.2 Competence . 13
7.3 Awareness . 13
7.4 Communication . 14
7.5 Documented information . 14
8 Operation . 15
8.1 Operational planning and control . 15
8.2 Requirements for products and services . 15
8.3 Design and development of products and services . 17
8.4 Control of externally provided processes, products and services . 19
8.5 Production and service provision . 20
8.6 Release of products and services . 22
8.7 Control of nonconforming outputs . 22
9 Performance evaluation . 23
9.1 Monitoring, measurement, analysis and evaluation . 23
9.2 Internal audit . 24
9.3 Management review. 24
10 Improvement . 25
10.1 Continual improvement . 25
10.2 Nonconformity and corrective action. 25
Annex A (informative) Clarification of structure, terminology and clauses . 27
Bibliography . 39

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights
in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s)
which may be required to implement this document. However, implementers are cautioned that this may not
represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance,
Subcommittee SC 2, Quality systems, in collaboration with the European Committee for Standardization (CEN),
in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna Agreement).
This sixth edition cancels and replaces the fifth edition (ISO 9001:2015), which has been technically revised.
It also incorporates the Amendment ISO 9001:2015/Amd 1:2024.
The main changes are as follows:
— Inclusion of core ISO management system terms and definitions: Clause 3 of the document now includes a
limited number of terms and definitions. ISO 9000 remains the normative reference for all quality
management terms and definitions.
— Introduction of quality culture and ethical behaviour: Quality culture and ethical behaviour are now
addressed within the requirements, particularly in relation to leadership, awareness and the environment
for the operation of processes.
— Separation of risks and opportunities: Risks and opportunities are more clearly distinguished, with
separate consideration of actions to address each.
— Strengthened management of change: Requirements related to changes to the quality management system
have been reinforced to support the achievement of intended results.
— Enhanced explanatory content in Annex A: Annex AIt has been revised to provide enhanced clarification
of the structure, terminology and intent of the requirements as informative text, without introducing
additional requirements.
iv
— Removal of Annex B: Annex BIt previously provided information on other ISO/TC 176 standards.
References to these standards are now included in Annex A and on the ISO/TC 176 website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
0.1 General
Establishing and implementing a quality management system is a strategic decision for an organization that
supports improved performance, enhances customer satisfaction, and provides a foundation for sustained
success and sustainable development initiatives.
The potential benefits to an organization of implementing a quality management system based on the
requirements in this document are:
a) the ability to consistently provide products and services that meet customer and applicable statutory and
regulatory requirements;
b) facilitating opportunities to enhance customer satisfaction;
c) addressing risks and opportunities associated with its context and objectives;
d) the ability to demonstrate conformity to quality management system requirements.
This document can be used by internal and external parties.
This document does not imply the need for:
— uniformity in the structure of different quality management systems;
— alignment of documentation to the clause structure of this document;
— the use of the specific terminology of this document within the organization.
The quality management system requirements in this document are complementary to requirements for
products and services.
Consistently meeting requirements and addressing future needs and expectations of customers and other
relevant interested parties poses a challenge for organizations in an increasingly dynamic and complex
environment. To achieve this objective, the organization can pursue continual improvement in various ways,
such as incremental or breakthrough change, innovation or reorganization initiatives.
Annex A provides information and clarifications that can support understanding of the structure, terms and
clauses of this document. It does not contain any additional requirements.
For guidance on the application of all clauses in this document, see ISO/TSDIS 9002.
Field Code Changed
0.2 Quality management principles
This document is based on the quality management principles described in ISO 9000 . The descriptions include
a statement of each principle, a rationale of why the principle is important for the organization, some examples
of benefits associated with the principle and examples of actions to improve the organization'sorganization’s
performance when applying the principle.
The quality management principles are:
— customer focus;
— leadership;
vi
— engagement of people;
— process approach;
— improvement;
— evidence-based decision-making;
— relationship management.
0.3 Process approach
0.3.1 General
This document promotes the adoption of a process approach when establishing, implementing and improving
the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer
requirements. Specific requirements considered essential to the application of a process approach are
included in 4.4.
Understanding and managing interrelated processes as a system contributes to the
organization'sorganization’s effectiveness and efficiency in achieving its intended results. This approach
enables the organization to control the interrelationships and interdependencies among the processes of the
system, so that the overall performance of the organization can be enhanced.
The process approach involves the systematic determination and management of processes, and their
interactions, so as to achieve the intended results in accordance with the quality policy and strategic direction
of the organization. Management of the processes and the system as a whole can be achieved using the Plan-
Do-Check-Act (PDCA) cycle (see 0.3.2) with an overall focus on risk-based thinking (see A.6.1.2) aimed at
preventing undesired results, and opportunity-based thinking (see A.6.1.3) aimed at pursuing desired results
by taking advantage of opportunities.
The application of the process approach in a quality management system enables:
a) understanding and consistency in meeting requirements;
b) the consideration of processes in terms of risk, opportunity and added value;
c) the achievement of effective process performance;
d) improvement of processes based on the results of evaluation of data and information.
Figure 1 gives a schematic representation of any single process and shows the interaction of its elements. The
monitoring and measuring check points, which are necessary for control, are specific to each process and will
vary depending on the process steps and related risks.
vii
Figure 1— Schematic representation of the elements of a single process
0.3.2 Plan-Do-Check-Act cycle
The PDCA cycle can be briefly described as follows:
— Plan: establishEstablish the objectives of the system and its processes, and the resources needed to deliver
results in accordance with customer and other relevant interested party requirements and the
organization'sorganization’s policies, and determine and address risks and opportunities;.
— Do: implementImplement what was planned;.
— Check: monitorMonitor and (as applicable) measure processes and the resulting products and services
against policies, objectives, requirements and planned activities, and report the results;.
— Act: takeTake actions to improve the performance of the quality management system.
The PDCA cycle can be applied to all processes and to the quality management system as a whole. Figure 2
illustrates how Clause 4 to Clause 10 of this document can be grouped in relation to the PDCA cycle.
viii
NOTE Numbers in brackets refer to the clauses in this document.
ix
Figure 2— Representation of the structure of this document in the PDCA cycle
0.4 Relationship with other management system standards
This document applies the harmonized approach as published in the ISO/IEC Directives related to the
development of management system standards (MSS). The intention is to support alignment and facilitate the
integration of the requirements and recommendations of one or more MSS into an organization’s management
system.
For more information, see https://www.iso.org/management-system-standards.html.
This document provides a basis for an organization to apply the process approach, coupled with the PDCA
cycle, risk-based thinking and opportunity-based thinking, in order to align or integrate its quality
management system with the requirements of other management system standards.
This document relates to the following standards:
— ISO 9000 - provides the fundamental concepts and vocabulary essential for understanding the
requirements of this document;
— ISO/DIS 9002- provides guidelinesguidance on the application of the requirements of this document.;
— ISO 9004 - provides guidance on enhancing the quality of an organization and its ability to achieve
sustained success.
This document does not include requirements specific to other management systems, such as those for
environmental management, occupational health and safety management, or asset management.
Sector-specific ISO quality management system standards based on the requirements of this document have
been developed. Some of these standards specify additional quality management system requirements, while
others are limited to providing guidance to the application of this document within the particular sector.
NOTE See for a list of all management system standards.
x
Quality management systems — Requirements
1 Scope
This document specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and
applicable statutory and regulatory requirements;
b) aims to enhance customer satisfaction through the effective application of the system, including processes
for improvement of the system and the assurance of conformity to customer and applicable statutory and
regulatory requirements.
All the requirements of this document are generic.
This document is applicable to any organization, regardless of its type or size, or the products and services it
provides.
NOTE 1 In this document, the terms “product” or “service” only apply to products and services intended for, or
required by, a customer.
NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/DIS 9000, Quality management — Fundamentals and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/DIS 9000 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to
achieve its objectives (3.6)
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not,
public or private.
Note 2 to entry: If the organization is part of a larger entity, the term “organization” refers only to the part of the larger
entity that is within the scope of the quality management system (3.4.1).
3.2
interested party
stakeholder
person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or
activity
EXAMPLE Customers, owners, people in an organization, providers, bankers, regulatory authorities, unions,
partners or society that can include competitors or opposing pressure groups.
3.3
top management
person or group of people who directs and controls an organization (3.1) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization, then top management
refers to those who direct and control that part of the organization.
3.4
management system
set of interrelated or interacting elements of an organization (3.1) to establish policies (3.5) and objectives
(3.6), as well as processes (3.8) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The management system elements include the organization’s structure, roles and responsibilities,
planning and operation.
Note 3 to entry: The management system elements can include the organization’s policies, practices, rules and beliefs.
Note 4 to entry: An organization manages its interrelated elements in an orderly manner to achieve its objectives.
Note 5 to entry: The scope of a management system can include the whole of the organization, specific and identified
functions of the organization, specific and identified sections of the organization, or one or more functions across a group
of organizations.
3.4.1
quality management system
part of the overall management system (3.4) of an organization (3.1) related to quality
3.5
policy
intentions and direction of an organization (3.1) as formally expressed by its top management (3.3)
3.5.1
quality policy
policy (3.5) related to quality
Note 1 to entry: The quality policy:
— is generally consistent with the overall policy of the organization (3.1;);
— can be aligned with the organization'sorganization’s vision and mission;
— provides a framework for the setting of quality objectives.
Note 2 to entry: The quality management principles presented in ISO 9000 can form a basis for the establishment of a
quality policy.
3.6
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
Note 2 to entry: Objectives can relate to different disciplines (such ase.g. finance, health and safety, and environment).
They can be, for example, organization-wide or specific to a project, product, service or process (3.8).
Note 3 to entry: An objective can be expressed in other ways, e.g.such as an intended result, as a purpose, as an
operational criterion, as a quality objective (3.6.1) or by the use of other words with similar meaning (e.g. aim, goal, or
target).
Note 4 to entry: In the context of quality management systems (3.4.1), quality objectives (3.6.1) are set by the organization
(3.1), consistent with the quality policy (3.5.1), to achieve specific results.
3.6.1
quality objective
objective (3.6) related to quality
Note 1 to entry: Quality objectives are generally based on the organization'sorganization’s (3.1)quality policy (3.5.1).
Note 2 to entry: Quality objectives are generally specified for relevant functions, levels and processes (3.8) in the
organization.
3.7
risk
effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge
of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in
circumstances) and the associated likelihood of occurrence.
Note 5 to entry: The word “risk” is sometimes used when there is the possibility of only negative consequences.
3.8
process
set of interrelated or interacting activities that uses or transforms inputs to deliver a result
Note 1 to entry: Whether the result of a process is called an output, a product or a service depends on the context of the
reference.
Note 2 to entry: Inputs to a process are generally the outputs of other processes and outputs of a process are generally
the inputs to other processes.
Note 3 to entry: Two or more interrelated and interacting processes in series can also be referred to as a “process”.
Note 4 to entry: Processes in an organization (3.1) are generally planned and carried out under controlled conditions to
ensure that intended results can be achieved.
Note 5 to entry: A process where the conformity (3.15) of the resulting output cannot be readily or economically validated
is frequently referred to as a “special process”.
3.9
competence
ability to apply knowledge and skills to achieve intended results
3.10
documented information
information required to be controlled and maintained by an organization (3.1) and the medium on which it is
contained
Note 1 to entry: Documented information can be in any format and media and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.4), including related processes (3.8);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
3.11
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to managing activities, processes (3.8), products, services, systems or
organizations (3.1).
3.12
continual improvement
recurring activity to enhance performance (3.11)
3.13
effectiveness
extent to which planned activities are realized and planned results are achieved
3.14
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.1) and interested
parties (3.2) that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, e.g. in documented information (3.10).
Note 3 to entry: A qualifier can be used to denote a specific type of requirement, e.g. product requirement, service
requirement, quality management requirement, customer requirement, quality requirement.
Note 4 to entry: Requirements can be generated by different interested parties or by the organization itself.
Note 5 to entry: It can be necessary for achieving high customer satisfaction to fulfil an expectation of a customer even if
it is neither stated nor generally implied or obligatory.
3.15
conformity
DEPRECATED: conformance
fulfilment of a requirement (3.14)
Note 1 to entry: The term “conformance” is synonymous but deprecated.
3.16
nonconformity
non-fulfilment of a requirement (3.14)
3.17
corrective action
action to eliminate the cause(s) of a nonconformity (3.16) and to prevent recurrence
Note 1 to entry: Corrective action is taken to prevent recurrence whereas preventive action is taken to prevent
occurrence.
3.18
audit
systematic and independent process (3.8) for obtaining evidence and evaluating it objectively to determine
the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), and it
can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.1) itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011 .
Note 4 to entry: The fundamental elements of an audit include the determination of the conformity (3.15) of an object
according to a procedure carried out by people selected to ensure impartiality and objectivity of the audit process.
Note 5 to entry: Internal audits are conducted for management review and other internal purposes and can form the
basis for an organization’s declaration of conformity. Independence can be demonstrated by the freedom from
responsibility for the activity being audited.
Note 6 to entry: Second-party audits are conducted by parties having an interest in the organization, such as customers,
or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations
such as those providing certification or registration of conformity or governmental agencies.
Note 7 to entry: An audit can also be a joint audit conducted by two or more auditing organizations.
3.19
measurement
process (3.8) to determine a value
Note 1 to entry: According to ISO 3534-2:2006 ,, the value determined is generally the value of a quantity.
3.20
monitoring
determining the status of a system, a process (3.8) or an activity
Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.
Note 2 to entry: Monitoring can also determine the status of a product or a service.
Note 3 to entry: Monitoring is generally a determination of the status of an object, carried out at different stages or at
different times.
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and its strategic
direction and that affect its ability to achieve the intended result(s) of its quality management system.
The organization shall determine whether climate change is a relevant issue.
The organization shall monitor and review information about these external and internal issues.
NOTE 1 Issues can include positive and negative factors or conditions for consideration.
NOTE 2 Understanding the external context can be facilitated by considering legal, technological, competitive, market,
cultural, political, social, economic and environmental issues at the international, national, regional or local level.
NOTE 3 Understanding the internal context can be facilitated by considering issues related to the
organization'sorganization’s strategic direction, values, culture, resources, knowledge and performance.
4.2 Understanding the needs and expectations of interested parties
The organization shall determine:
a) the interested parties that are relevant to the quality management system;
b) the relevant requirements of these interested parties;
c) which of these requirements will be addressed through the quality management system.
The organization shall monitor and review information about these interested parties and their relevant
requirements.
NOTE Relevant interested parties can have requirements related to climate change.
4.3 Determining the scope of the quality management system
The organization shall determine the boundaries and applicability of the quality management system to
establish its scope.
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements referred to in 4.2;
c) the products and services of the organization.
The organization shall apply all the requirements of this document if they are applicable within the
determined scope of its quality management system.
The scope shall state the types of products and services covered.
The scope shall include justification for any requirement of this document that the organization determines is
not applicable to its quality management system.
The scope shall be available as documented information.
Conformity to this document can only be claimed if the requirements determined as not being applicable do
not affect the organization’s ability or responsibility to ensure the conformity of its products and services and
the enhancement of customer satisfaction.
4.4 Quality management system
4.4.1 The organization shall establish, implement, maintain and continually improve a quality management
system, including the processes needed and their interactions, in accordance with the requirements of this
document.
The organization shall:
a) determine the processes needed for the quality management system and their application throughout the
organization;
b) determine the inputs required and the outputs expected from these processes;
c) determine the sequence and interaction of these processes;
d) determine and apply the criteria and methods needed (including monitoring, measurements and related
performance indicators) to ensure the effective operation and control of these processes;
e) determine the resources needed for these processes and ensure their availability;
f) assign the responsibilities and authorities for these processes;
g) address the risks and opportunities as determined in accordance with the requirements of 6.1;
h) evaluate these processes and implement any changes needed to ensure that these processes achieve their
intended results;
i) improve the processes and the quality management system.
4.4.2 Documented information shall be available to the extent necessary:
a) to support the operation of the organization'sorganization’s processes;
b) as evidence that the processes are being carried out as planned.
5 Leadership
5.1 Leadership and commitment
5.1.1 General
Top management shall demonstrate leadership and commitment with respect to the quality management
system by:
a) ensuring that the quality policy and quality objectives are established and are compatible with the
strategic direction of the organization;
b) ensuring the integration of the quality management system requirements into the organization’s business
processes;
c) ensuring that the resources needed for the quality management system are available;
d) communicating the importance of effective quality management and of conforming to the quality
management system requirements;
e) ensuring that the quality management system achieves its intended result(s);
f) directing and supporting persons to contribute to the effectiveness of the quality management system;
g) promoting continual improvement;
h) supporting other relevant roles to demonstrate their leadership, as it applies to their areas of
responsibility;
i) promoting quality culture and ethical behaviour;
j) promoting the use of the process approach;
k) promoting risk-based thinking and opportunity-based thinking;
l) taking accountability for the effectiveness of the quality management system.
NOTE 1 Reference to “business” in this document can be interpreted broadly to mean those activities that are core to
the purposes of the organization’s existence.
NOTE 2 An organization'sorganization’s quality culture and ethical behaviour are reflected in its shared values,
attitudes, practices and actions.
5.1.2 Customer focus
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring
that:
a) customer and applicable statutory and regulatory requirements are determined, understood and
consistently met;
b) the risks and opportunities that can affect conformity of products and services and the ability to enhance
customer satisfaction are determined and addressed;
c) the focus on enhancing customer satisfaction is maintained.
5.2 Quality policy
5.2.1 Top management shall establish a quality policy that:
a) is appropriate to the purpose of the organization;
b) provides a framework for setting quality objectives;
c) includes a commitment to meet applicable requirements;
d) includes a commitment to continual improvement of the quality management system;
e) takes into account the context of the organization and supports its strategic direction.
5.2.2 The quality policy shall:
a) be available as documented information;
b) be communicated within the organization;
c) be available to interested parties, as appropriate;
d) be implemented, understood and applied within the organization.
5.3 Roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and
communicated within the organization.
Top management shall assign the responsibility and authority for:
a) ensuring that the quality management system conforms to the requirements of this document;
b) reporting on the performance of the quality management system to top management;
c) ensuring that the processes are delivering their intended results;
d) ensuring the promotion of customer focus throughout the organization;
e) reporting on opportunities for improvement to top management;
f) ensuring that the integrity of the quality management system is maintained, including when changes to
the quality management system are planned and implemented.
6 Planning
6.1 Actions to address risks and opportunities
6.1.1 Determining risks and opportunities
When planning for the quality management system, the organization shall consider the issues referred to in
4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be
addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement;
d) enhance desired effects.
6.1.2 Actions to address risks
The organization shall determine, analyse, and evaluate risks that can have an undesired effect on its ability
to continually and consistently provide conforming products and services and enhance customer satisfaction.
The organization shall plan:
a) actions to address these risks;
b) how to:
1) integrate and implement the actions into its quality management system processes;
2) evaluate the effectiveness of these actions.
Actions taken shall be proportionate to the potential impact of the risks on the intended results of the quality
management system.
NOTE 1 Determined risks can include risks related to the ability to provide conforming products and services during
and after a disruption.
NOTE 2 Actions to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating
the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
6.1.3 Actions to address opportunities
The organization shall determine, analyse, and evaluate opportunities that can have a desired effect on its
ability to continually and consistently provide conforming products and services and enhance customer
satisfaction.
The organization shall plan:
a) actions to address these opportunities;
b) how to:
1) integrate and implement the actions into its quality management system processes;
2) evaluate the effectiveness of these actions.
Actions taken to address opportunities shall be appropriate to the organization’s context and support the
achievement of desired results.
NOTE Actions to address opportunities can include adopting new practices, launching new products or services,
creating new partnerships, leveraging emerging technologies, implementing initiatives, and other actions to address the
current and changing needs and expectations of an organization’s customers and other relevant interested parties.
6.2 Quality objectives and planning to achieve them
6.2.1 The organization shall establish quality objectives at relevant functions, levels and processes.
The quality objectives shall:
a) be consistent with the quality policy;
b) be measurable;
c) take into account applicable requirements;
d) be monitored;
e) be communicated;
f) be updated as appropriate;
g) be available as documented information;
h) be relevant to the conformity of products and services and the ability to enhance customer satisfaction.
6.2.2 When planning how to achieve its quality objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.
6.3 Planning of changes
When the organization determines the need for changes to the quality management system, the changes shall
be carried out in a planned manner.
To ensure changes are implemented effectively to achieve intended results, the organization shall consider:
a) the purpose of the changes and their potential consequences;
b) the potential impact on the integrity of the quality management system;
c) the availability of resources and information;
d) the allocation or reallocation of responsibilities and authorities;
e) the communication of the changes;
f) how the effectiveness of the changes will be monitored and evaluated;
g) how the results of the changes will be reviewed.
7 Support
7.1 Resources
7.1.1 General
The organization shall determine and provide the resources needed for the establishment, implementation,
maintenance and continual improvement of the quality management system.
The organization shall consider:
a) the
...