The ambition with this post is to provide a, hopefully, quick and easy to grasp understanding of
ISO 9001:2015 and its purpose
In its core, ISO 9001:2015 is about consistency and predictability aiming for customer satisfaction and loyalty via conformity to customer requirements and applicable legal and statutory requirements. It does not provide any measure of quality-level / maturity (as is the case with e.g., the CMMI model) – it “only” addresses consistency of the “quality”.
To achieve this, ISO 9001:2015 prescribes a set of requirements to Quality Management Systems [QMS].
Context and where ISO 9001:2015 makes sense
To keep focus we’ll here assume the context of a high-tech product company innovating, producing and selling its own multidisciplinary (electronics, hardware, mechanics, embedded software, application software, Cloud services …) products. The company has three core product process areas (A), (B) and (C).
It makes perfect sense to aim for consistency / predictability in (A)
- Serial production of products with the aim of delivering a consistent product quality level
- Customer delivery projects with the aim of conforming to the classic “project iron triangle”
In contrast, trying to enforce strict process prescription in (C) or (B) will be highly counter productive defying what we want to optimize for – adaptability.
Just to be clear – as mentioned in numerus earlier posts like here, the areas (C) and (B) will benefit significantly by having a rich pick & use buffet of processes and good practices. The difference to (A) is that we here aim for a minimum viable process prescription.
The rest of this post will thus assume that we’re in process-area (A).
How ISO 9001:2015 is structured
A number of ISO’s international standards, including ISO 9001:2015, share the same structure called HLS (High Level Structure) or annex SL containing 10 clauses:
- Normative references
- Terms and definitions
- Clauses 4-10 below being the ones subject to formal audit
Examples of other ISO standards based on HLS
- ISO/IEC 27001: Information security
- ISO 45001:2018: Occupational Health and Safety
- ISO 14001:2015: Management of Environmental risks