Management system guidance

ISO 9001:2008 versus ISO 9001:2015 comparison

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.

Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.

How do ISO 9001:2008 and ISO 9001:2015 correlate?

Comparing quality management system requirements

Many of the requirements from ISO 9001:2008 are present with in ISO 9001:2015. The matrix below correlates the requirements of ISO 9001:2008 to the new requirements of ISO 9001:2015 and should be used to determine where the new and amended clauses are located.

The degree of change necessary will be dependent upon the maturity and effectiveness of your current management system, organizational structure and operational practices.

Therefore, a gap analysis of the new requirements is strongly recommended in order to identify realistic resource and time implications. We recommend that you:

1. Train internal auditors and other key personnel on new standard;
   
2. Using this document, undertake a gap analysis of the new requirements against the current management system;
   
3. Develop an implementation plan to fill the gaps that you identified;
   
4. Align your documentation and processes with ISO 9001:2015 requirements;
   
5. Update your quality policy, quality objectives, targets and KPIs;
   
6. Carry out minimal updates to the manual and procedures to include new terminology and key phrases;
   
7. Ensure that any new competence needs are met and records retained;
   
8. Create awareness for all parties that have an impact on the effectiveness of the quality management system;
   
9. Verify the effectiveness of the changes to the management system through internal auditing, observation and inspection;
   
10. As necessary, liaise with your Certification Body during the transition.
    

ISO 9001:2008 and ISO 9001:2015 comparison matrix

ISO 9001:2008 Requirement	Equivalent ISO 9001:2015 Requirement
4.1 General Requirements	4.4 Quality Management System and its Processes
4.2 Documentation Requirements	7.5 Documented Information
4.2.1 General	7.5.1 General
4.2.2 Quality Manual	4.3 Determining the Scope of the QMS
4.2.3 Control of Documents	7.5.2 Creating and Updating
4.2.4 Control of Records	7.5.3 Control of Documented Information
5.1 Management Commitment	5.1 Leadership and Commitment
5.2 Customer Focus	5.1.2 Customer Focus
5.3 Quality Policy	5.2 Quality Policy
5.4 Planning	6.1 Actions To Address Risks And Opportunities
5.4.1 Quality Objectives	6.2 Quality Objectives and Planning to Achieve Them
5.4.2 Quality Management System Planning	6.3 Planning Of Changes
5.5 Responsibility, Authority and Communication	5.3 Organizational Roles, Responsibilities and Authorities
5.5.1 Responsibility and Authority	5.3 Organizational Roles, Responsibilities and Authorities
5.5.2 Management Representative	5.3 Organizational Roles, Responsibilities and Authorities
5.5.3 Internal Communication	7.4 Communication
5.6 Management Review	9.3 Management Review
5.6.1 General	9.3.1 Management Review
5.6.2 Management Review Input	9.3.2 Management Review
5.6.3 Management Review Output	9.3.3 Management Review
6.1 Provision of Resources	7.1.1 General
6.2 Human Resources	7.1.2 People
6.3 Infrastructure	7.1.3 Infrastructure
6.4 Work Environment	7.1.4 Environment for the Operation of Processes
7.1 Planning of Product Realization	8.1 Operational Planning and Control
7.2 Customer-Related Processes	8.2 Determination of Requirements for Products and Services
7.2.1 Determination of Requirements Related to the Product	8.2.2 Determination of Requirements Related to Products and Services
7.2.2 Review of Requirements Related to the Product	8.2.3 Review of Requirements Related to the Products and Services
7.2.3 Customer Communication	8.2.1 Customer Communication
7.3 Design and Development	8.3 Design and Development of Products and Services
7.3.1 Design and Development Planning	8.3.2 Design and Development Planning
7.3.2 Design and Development Inputs	8.3.3 Design and Development Inputs
7.3.3 Design and Development Outputs	8.3.5 Design and Development Outputs
7.3.4 Design and Development Review	8.3.4 Design and Development Controls
7.3.5 Design and Development Verification	8.3.4 Design and Development Controls
7.3.6 Design and Development Validation	8.3.4 Design and Development Controls
7.3.7 Design and Development Changes	8.3.6 Design and Development Changes
7.4 Purchasing	8.4 Externally Provided Products and Services
7.4.1 Purchasing Process	8.4.1 General
7.4.2 Purchasing Information	8.4.3 Information for External Providers
7.4.3 Verification of Purchased Product	8.4.2 Type and Extent of Control of External Provision
7.5 Production and Service Provision	8.5 Production and Service Provision
7.5.1 Control of Production and Service Provision	8.5.1 Control of Production and Service Provision
7.5.2 Validation of Processes from Production and Service Provision	8.5.1 Control of Production and Service Provision
7.5.3 Identification and Traceability	8.5.2 Identification and Traceability
7.5.4 Customer Property	8.5.3 Property Belonging to Customers or External Providers
7.5.5 Preservation of Product	8.5.4 Preservation
7.6 Control of Monitoring and Measuring Equipment	7.1.5 Monitoring and Measuring Resources
8.1 General	9.1 Monitoring, Measurement, Analysis and Evaluation
8.2 Monitoring and Measurement	9.1.1 General
8.2.1 Customer Satisfaction	9.1.2 Customer Satisfaction
8.2.2 Internal Audit	9.2 Internal Audit
8.2.3 Monitoring and Measurement of Processes	9.1.1 General
8.2.4 Monitoring and Measurement of Product	8.6 Release of Products and Services
8.3 Control of Nonconforming Product	8.7 Control of Nonconforming Process Outputs, Products and Services
8.4 Analysis of Data	9.1.3 Analysis and Evaluation
8.5 Improvement	10.1 General
8.5.1 Continual Improvement	10.3 Continual Improvement
8.5.2 Corrective Action	10.2 Nonconformity and Corrective Action
8.5.3 Preventive Action	6.1 Actions to Address Risks and Opportunities

Existing ISO 9001:2008 documents

In ISO 9001:2008, the quality manual helped to establish and document the framework of your organization's quality management system while articulating those aspects of the QMS to any interested parties.

While there is no requirement for a quality manual or documented procedures in ISO 9001:2015, it is suggested that if they add value, then they should not simply be binned. You will be expected to maintain the integrity of the QMS during the transition process.

You do not need to renumber your existing documentation to correspond to the new clauses. It is down to each organization to determine whether the benefits gained from renumbering will exceed the effort involved.

Neither do you need to restructure your management system to follow the sequence of and titles of the requirements. Providing all of the requirements contained in ISO 9001:2015 are met, your organization’s quality management system will be compliant.

1. If your quality manual fits your business and your customers require it, keep it!
2. If your procedures are effective and define how your key processes operate, keep them!
3. If the quality policy and related objectives align with business strategy, and they are communicated and adding value, keep those too!

The type and extent of documented information that your organization should retain and maintain, in order to be compliant with ISO 9001:2015, clearly depends on the nature of your organization’s products and processes.

The following criteria can be used to assess the different types of ISO 9001:2008 documents and information that your organization should retain and maintain as documented information by determining whether the information:

1. Communicates a message internally or externally;
2. Provides evidence of process and product conformity;
3. Provides evidence that planned outputs were achieved;
4. Provides knowledge sharing.

If any of the above criteria apply to any type of document or information within your organization's domain, then it should be retained and maintained as a form of 'documented information' as per Clause 7.5 of ISO 9001:2015.

More information on PDCA

Planning

Context

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
4.1 Organizational Context	4.1 Organizational Context	4.1 Organizational Context
4.2 Relevant Interested Parties	4.2 Relevant Interested Parties	4.2 Relevant Interested Parties
4.3 Management System Scope	4.3 Management System Scope	4.3 Management System Scope
4.4 QMS Processes	4.4 EMS Processes	4.4 OH&S Management System

Planning

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
5.1 Leadership & Commitment	5.1 Leadership & Commitment	5.1 Leadership & Commitment
5.2 Quality Policy	5.2 Environmental Policy	5.2 OH&S Policy
5.3 Roles, Responsibilities & Authorities	5.3 Roles, Responsibilities & Authorities	5.3 Roles, Responsibilities & Authorities
		5.4 Consultation & Participation

Support

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
6.1 Address Risks & Opportunities	6.1.1 Address Risks & Opportunities	6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives	6.1.2 Environmental Aspects	6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives	6.1.3 Compliance Obligations	6.1.3 Legal & Other Requirements
6.3 Planning for Change	6.1.4 Planning Action	6.1.4 Planning Action
	6.2.1 Environmental Objectives	6.2.1 OH&S Objectives
	6.2.2 Planning to Achieve Objectives	6.2.2 Planning to Achieve Objectives

Doing

Support

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
7.1 Resources	7.1 Resources	7.1 Resources
7.2 Competence	7.2 Competence	7.2 Competence
7.3 Awareness	7.3 Awareness	7.3 Awareness
7.4 Communcation	7.4.1 Communcation - General	7.4.1 Communcation - General
7.5 Documented Information	7.4.2 Internal Communcation	7.4.2 Internal Communcation
	7.4.3 External Communcation	7.4.3 External Communcation
	7.5 Documented Information	7.5 Documented Information

Operations

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
8.1 Operational Planning & Control	8.1 Operational Planning & Control	8.1.1 General
8.2 Customer Requirements	8.2 Emergency Preparedness	8.1.2 Eliminating Hazards
8.3 Design & Development		8.1.3 Management of Change
8.4 Purchasing		8.1.4 Outsourcing
8.5 Product & Service Provision		8.2 Emergency Preparedness
8.6 Release of Products & Services
8.7 Nonconforming Outputs

Checking

Monitoring, measurement, analysis and evaluation

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
9.1 Monitoring & Measurement	9.1.1 Performance Evaluation	9.1.1 Performance Evaluation
9.2 Internal Audit	9.1.2 Evaluation of Compliance	9.1.2 Evaluation of Compliance
9.3 Management Review	9.2 Internal Audit	9.2 Internal Audit
	9.3 Management Review	9.3 Management Review

Acting

Improvement

ISO 9001:2015	ISO 14001:2015	ISO 45001:2018
10.1 Improvement - General	10.1 Improvement - General	10.1 Improvement - General
10.2 Nonconformity & Corrective Action	10.2 Nonconformity & Corrective Action	10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement	10.3 Continual Improvement	10.3 Continual Improvement

How to apply the latest quality management principles

The latest and current quality management principles (QMPs), stated in ISO 9000:2015, are intended to provide the foundation by which any organization can continually improve its performance.

You can learn to apply the latest quality management principles in the context of your business's own particular operations by reviewing and documenting its activities in the context of each quality management principle.

Want to know more?

• Read our customer's feedback
• Client list - who's using our templates?
  
• How the templates are formatted and download examples
  
• Why we use turtle diagrams and process maps
• What's the difference between a process and a procedure?
  
• About documented information

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.