ISO 9001(2008 to 2015 changes)

Structure and terminology

The clause structure in comparison with the previous edition (ISO 9001:2008), has been changed

There is no requirement in new Standard for its structure and terminology to be applied to the documented information of an organization’s quality management system.

The structure of clauses is intended to provide a coherent presentation of requirements, rather than a model for documenting an organization’s policies, objectives and processes.

Organizations can choose to use terms which suit their operations (e.g. using “records”, “documentation” or “protocols” rather than “documented information”; or “supplier”, “partner” or “vendor” rather than “external provider”)

Major differences in terminology between this edition of this Standard and the previous edition


2008 version

2015 version


Products and services


Not used

Management representative

Not used Similar responsibilities and authorities are assigned but no requirement for a single management representative

Documentation, quality manual, documented procedures, records

Documented information

Work environment

Environment for the operation of processes

Monitoring and measuring equipment

Monitoring and measuring resources

Purchased product

Externally provided products and services


External provider


Products and services

ISO 9001:2008 used the term “product” to include all output categories. This edition Standard uses “products and services”. “Products and services” include all output categories (hardware,

services, software and processed materials).

The specific inclusion of “services” is intended to highlight the differences between products and

services in the application of some requirements. The characteristic of services is that at least part of the output is realized at the interface with the customer. This means, for example, that conformity to requirements cannot necessarily be confirmed before service delivery.

In most cases, products and services are used together. Most outputs that organizations provide to customers, or are supplied to them by external providers, include both products and services. For example, a tangible or intangible product can have some associated service or a service can have some associated tangible or intangible product.


Understanding the needs and expectations of interested parties

Subclause 4.2 specifies requirements for the organization to determine the interested parties that

are relevant to the quality management system and the requirements of those interested parties.

However, 4.2 does not imply extension of quality management system requirements beyond the scope of this Standard. As stated in the scope, in new version, this Standard is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction.

There is no requirement in new Standard for the organization to consider interested parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system.


Risk-based thinking

The concept of risk-based thinking has been implicit in previous editions of this Standard, through requirements for planning, review and improvement. This new version specifies requirements for the organization to understand its context (see 4.1) and determine risks as a basis for planning (see 6.1). This represents the application of risk-based thinking to planning and implementing quality management system processes (see 4.4) and will assist in determining the extent of documented information.

One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this version does not have a separate clause or sub-clause on preventive action. The concept of preventive action is expressed through the use of risk-based thinking in formulating quality management system requirements.

The risk-based thinking applied in this version has enabled some reduction in prescriptive requirements and their replacement by performance-based requirements. There is greater flexibility than in 2008 version in the requirements for processes, documented information an organizational responsibility.

Although 6.1 specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organizations can decide whether or not to develop a more extensive risk management methodology than is required by this standard, through the application of other guidance or standards.

Not all the processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives, and the effects of uncertainty are not the same for all organizations. Under the requirements of 6.1, the organization is responsible for its application of risk based thinking and the actions it takes to address risk,



ISO 14001(2004 to 2015 changes)

Increased accountability of leadership, Top management has been more closely defined, to make the EMS more strategic and integrated into the organisation’s decision-making. Environmental, sustainability and CSR managers will be expected to have more interaction with top management

Life cycle approach, There is a requirement to consider environmental impacts throughout the value chain and consideration of life cycle issues (although no requirement for formal Life Cycle Analysis)

 Rethinking impact, the revision introduces the term ‘environmental condition’, which it defines as ‘long-term environmental changes that can affect the organisation’s activities, products and services, requiring adaptation’. This aim is to getting organisations thinking about the environment’s impact on them, rather than the impact they have on the environment, which is considered a significant weakness of the current version of ISO 14001

Risks and opportunities, there is a specific requirement to demonstrate how significant environmental risks and opportunities are managed within the supply chain. The organisation will need to show that it has made the link between environmentally driven issues and how they relate to the business, and how the interfaces with the business are managed

 Pro-active reporting the revision will require the organisation to more pro-actively consider the need for external reporting on environmental issues and to demonstrate much greater control on how it uses and manages environmental data

 Strengthened compliance, the clause on evaluation of compliance has been strengthened – previously there was a requirement to evaluate compliance, but in the proposed new standard, the requirement is to specify exactly how compliance is evaluated and recorded.

 Continual improvement, There is a stronger emphasis on the requirement for continual improvement, with a specific clause in place, in line with the policy set by top management, so there should be less room for misinterpretation