chapter6 - PacoReinaCampo/PU-OR1K GitHub Wiki


Quality Assurance (QA) refers to the systematic processes and procedures implemented within an organization to ensure that the products or services provided meet specified requirements and standards. QA aims to enhance customer satisfaction through consistent delivery of quality products and services, reducing errors and defects, and continuous improvement.

Key aspects of Quality Assurance include:

  1. Process Control: Establishing and maintaining well-defined processes to ensure that products/services are developed consistently.

  2. Documentation: Creating detailed documentation for processes, procedures, and standards to ensure clarity and consistency.

  3. Audits and Inspections: Conducting regular audits and inspections to verify compliance with established standards and identify areas for improvement.

  4. Training: Ensuring that employees are properly trained and knowledgeable about quality standards and procedures.

  5. Corrective and Preventive Actions: Implementing systems to identify and correct non-conformities, and to prevent their recurrence.

  6. Continuous Improvement: Fostering a culture of continuous improvement through regular review and refinement of processes.


ISO 9001:2015 is an international standard for Quality Management Systems (QMS). It provides a framework for organizations to ensure they meet customer and regulatory requirements while striving for continuous improvement. The scope of ISO 9001:2015 encompasses several key areas:

  1. Context of the Organization:

    • Understanding the organization and its context: Recognizing external and internal issues that could impact the QMS.
    • Understanding the needs and expectations of interested parties: Identifying stakeholders and understanding their requirements.
  2. Leadership:

    • Leadership and commitment: Top management must demonstrate leadership and commitment to the QMS.
    • Quality policy: Establishing a quality policy that aligns with the organization’s purpose and strategic direction.
    • Organizational roles, responsibilities, and authorities: Defining roles and responsibilities to ensure effective QMS operation.
  3. Planning:

    • Actions to address risks and opportunities: Identifying and addressing risks and opportunities that could affect the QMS.
    • Quality objectives and planning to achieve them: Setting quality objectives and planning how to achieve them.
    • Planning of changes: Managing changes to ensure the integrity of the QMS.
  4. Support:

    • Resources: Determining and providing necessary resources.
    • Competence: Ensuring personnel are competent based on education, training, skills, and experience.
    • Awareness: Ensuring that employees are aware of the QMS and their role within it.
    • Communication: Establishing processes for internal and external communication.
    • Documented information: Maintaining and controlling documented information.
  5. Operation:

    • Operational planning and control: Planning, implementing, and controlling processes to meet requirements.
    • Requirements for products and services: Determining and reviewing requirements for products and services.
    • Design and development: Controlling design and development processes.
    • Control of externally provided processes, products, and services: Ensuring that external provisions meet requirements.
    • Production and service provision: Controlling production and service delivery.
    • Release of products and services: Ensuring products and services meet criteria before release.
    • Control of nonconforming outputs: Managing nonconforming products/services to prevent unintended use or delivery.
  6. Performance Evaluation:

    • Monitoring, measurement, analysis, and evaluation: Assessing performance and the effectiveness of the QMS.
    • Internal audit: Conducting internal audits to ensure the QMS conforms to planned arrangements.
    • Management review: Reviewing the QMS to ensure its continuing suitability, adequacy, and effectiveness.
  7. Improvement:

    • Nonconformity and corrective action: Addressing nonconformities and implementing corrective actions.
    • Continual improvement: Continuously improving the suitability, adequacy, and effectiveness of the QMS.

The ISO 9001:2015 standard provides a structured approach to managing quality, ensuring organizations can meet customer expectations and regulatory requirements while driving continual improvement in their processes and systems.


In the context of standards such as ISO 9001:2015, a normative reference is a document or a standard that is referred to within the text of the primary standard and is indispensable for its application. Normative references are integral to the understanding and implementation of the standard, providing essential guidance, definitions, or additional requirements that must be followed to comply with the primary standard.

Role and Purpose of Normative References in ISO 9001:2015

  1. Ensuring Consistency and Uniformity:

    • Normative references help maintain consistency and uniformity across various standards by providing common definitions, terms, and methodologies. This ensures that all users of the standard interpret and implement it in a similar manner.
  2. Providing Additional Requirements and Guidance:

    • These references often include additional requirements, guidelines, or detailed explanations that are necessary to understand and implement the primary standard fully. For instance, they might elaborate on specific procedures, methods of measurement, or testing techniques.
  3. Facilitating Compliance and Certification:

    • By referring to normative documents, organizations can ensure that they meet all necessary criteria for compliance and certification. This can simplify the certification process as it provides a clear set of documents that must be adhered to.

Example of Normative References in ISO 9001:2015

ISO 9001:2015 includes the following normative reference:

  • ISO 9000:2015, Quality management systems — Fundamentals and vocabulary:
    • ISO 9000:2015 provides the fundamental concepts, principles, and vocabulary used in the ISO 9001:2015 standard. It is critical for understanding the terminology and principles that underpin the quality management system requirements outlined in ISO 9001:2015.

This normative reference is crucial because:

  • It defines the key terms and concepts used in ISO 9001:2015, ensuring that all users have a common understanding of the language and principles of quality management systems.
  • It lays the foundation for the implementation and interpretation of ISO 9001:2015, offering essential background information that supports the requirements of the standard.

Importance of Normative References

  • Clarity and Precision:

    • Normative references provide clarity and precision, reducing ambiguity in the interpretation of the standard. This is essential for ensuring that all organizations implement the standard consistently.
  • Standardization Across Industries:

    • They help achieve standardization across different industries and sectors, as all entities referring to the primary standard will also refer to the same set of normative documents.
  • Support for Auditors and Assessors:

    • Normative references support auditors and assessors by providing a clear framework and criteria for evaluating compliance with the primary standard.

In summary, normative references in ISO 9001:2015, such as ISO 9000:2015, are essential components that provide necessary definitions, guidelines, and additional requirements. They ensure the proper and uniform application of the standard, facilitating consistency, clarity, and comprehensive understanding for all users.

Ada Language

Quality assurance (QA) in software development, including projects involving the Ada programming language, focuses on ensuring that software products and processes meet defined quality standards and customer requirements. Ada is a high-level programming language known for its strong typing, modular approach, and suitability for developing large, complex, and mission-critical systems, particularly in safety-critical domains such as aerospace, defense, and healthcare.

Here's how quality assurance principles apply to Ada language development:

  1. Requirements Management: QA starts with understanding and documenting customer requirements. In Ada development, QA ensures that requirements are clear, complete, and testable. It involves techniques like requirements traceability matrices to link requirements to design and test artifacts.

  2. Code Quality: Ada's strong typing and compile-time checks contribute to code reliability. QA in Ada development involves code reviews, static code analysis, and adherence to coding standards like MISRA Ada. These practices help identify and fix issues early in the development lifecycle.

  3. Testing: QA encompasses various testing activities to verify and validate software functionality. In Ada, this includes unit testing, integration testing, and system testing. Ada supports unit testing frameworks like AUnit, and QA ensures thorough test coverage to detect defects and ensure software reliability.

  4. Documentation: QA involves creating and maintaining documentation to support software development and maintenance. In Ada projects, this includes requirements documents, design specifications, user manuals, and API documentation. Documentation is reviewed and updated as needed to ensure accuracy and completeness.

  5. Configuration Management: QA ensures that software configuration management (SCM) practices are followed to manage changes to software artifacts systematically. This includes version control, change tracking, and baseline management. In Ada projects, SCM tools like Git and SVN are used to manage source code and other project artifacts.

  6. Process Improvement: QA promotes continuous process improvement to enhance software development efficiency and quality. This involves adopting best practices, conducting process assessments, and implementing corrective actions. In Ada development, organizations may follow industry standards like ISO 9001 or CMMI to establish and improve development processes.

  7. Safety and Security: Ada is often used in safety-critical and security-sensitive applications. QA in Ada projects includes measures to ensure software safety, reliability, and security. This involves techniques like formal verification, static analysis for security vulnerabilities, and compliance with relevant safety and security standards (e.g., DO-178C for avionics software).

In summary, quality assurance in Ada language development involves applying rigorous practices and standards to ensure that software products meet quality, reliability, and safety requirements. By integrating QA into the development process, organizations can deliver high-quality software that meets customer expectations and industry standards.


In the context of ISO 9001:2015, the section on Terms and Definitions is crucial for ensuring a clear and consistent understanding of the terminology used throughout the standard. This section typically references ISO 9000:2015, which provides detailed definitions and explanations of the key concepts and terms relevant to quality management systems (QMS).

Importance of Terms and Definitions

  1. Consistency:

    • Standardized terms ensure that everyone involved in implementing, auditing, and certifying a QMS has a consistent understanding of the key concepts and requirements.
  2. Clarity:

    • Clear definitions help avoid misunderstandings and ambiguities, ensuring that all parties interpret the requirements of the standard in the same way.
  3. Foundation for Implementation:

    • Understanding the specific terms used in the standard is essential for correctly applying the requirements and principles of ISO 9001:2015 within an organization.

Key Terms and Definitions in ISO 9001:2015

While ISO 9001:2015 itself doesn't provide an exhaustive list of terms and definitions within the standard, it heavily relies on ISO 9000:2015 for this purpose. Here are some critical terms defined in ISO 9000:2015 that are essential for ISO 9001:2015:

  1. Quality:

    • The degree to which a set of inherent characteristics of an object fulfills requirements.
  2. Quality Management System (QMS):

    • A management system with regard to quality, encompassing the organizational structure, processes, procedures, and resources needed to implement quality management.
  3. Requirement:

    • A need or expectation that is stated, generally implied, or obligatory.
  4. Customer Satisfaction:

    • The customer’s perception of the degree to which their requirements have been fulfilled.
  5. Process:

    • A set of interrelated or interacting activities that use inputs to deliver an intended result.
  6. Continual Improvement:

    • Recurring activity to enhance performance.
  7. Nonconformity:

    • Non-fulfillment of a requirement.
  8. Corrective Action:

    • Action to eliminate the cause of a detected nonconformity or other undesirable situation.
  9. Preventive Action:

    • Action to eliminate the cause of a potential nonconformity or other potential undesirable situation.
  10. Audit:

  • A systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

Application in ISO 9001:2015

  • Context of the Organization:

    • Understanding the environment in which the organization operates, including internal and external factors that can affect its ability to achieve the intended outcomes of its QMS.
  • Leadership and Commitment:

    • The role of top management in leading and committing to the development and implementation of the QMS.
  • Risk-Based Thinking:

    • Considering risk as a basis for the QMS and applying it throughout the organization to prevent or reduce undesired effects.

Reference to ISO 9000:2015

ISO 9001:2015 explicitly states that for the purposes of this document, the terms and definitions given in ISO 9000:2015 apply. This cross-reference ensures that all users of ISO 9001:2015 have a common understanding of the essential terms, facilitating consistent implementation and assessment of quality management systems.

In summary, the Terms and Definitions section is foundational to the effective application of ISO 9001:2015. By providing clear and standardized definitions, it ensures consistency, clarity, and a shared understanding of the key concepts and requirements across all users of the standard.


The Context of the Organization section in ISO 9001:2015 is about understanding the internal and external factors that can affect an organization's ability to achieve the intended outcomes of its quality management system (QMS). This involves a thorough analysis of the organizational environment, stakeholders, and the scope of the QMS. Here's a breakdown of its key components:

Understanding the Organization and Its Context

Understanding the organization and its context involves identifying and analyzing various factors that can impact the QMS. This includes:

  1. Internal Factors:

    • Values, culture, knowledge, and performance of the organization.
    • Organizational structure and roles.
    • Capabilities in terms of resources and technology.
    • Information systems and decision-making processes.
  2. External Factors:

    • Legal, regulatory, and statutory requirements.
    • Economic and competitive environment.
    • Technological advancements and innovation.
    • Market trends and customer demographics.
    • Sociocultural and environmental factors.

This analysis helps in aligning the QMS with the strategic direction of the organization and ensures it is adaptable to changing circumstances.

Understanding the Needs and Expectations of Interested Parties

Understanding the needs and expectations of interested parties involves identifying stakeholders who can affect or be affected by the organization’s QMS. These stakeholders include:

  1. Customers: Their requirements and satisfaction levels.
  2. Employees: Their needs for training, development, and work environment.
  3. Suppliers and Partners: Their capabilities, reliability, and expectations.
  4. Regulatory Bodies: Compliance with laws, regulations, and industry standards.
  5. Investors and Shareholders: Their expectations regarding returns and corporate governance.
  6. Community and Society: Social responsibility and environmental impact.

By understanding these needs and expectations, the organization can ensure that its QMS is designed to meet or exceed them, thereby improving overall satisfaction and compliance.

Determining the Scope of the Quality Management System

Determining the scope of the quality management system is about defining the boundaries and applicability of the QMS within the organization. This involves:

  1. Consideration of Internal and External Issues: How these issues influence the organization’s strategic direction.
  2. Identification of Products and Services: What the organization offers and the processes involved.
  3. Exclusions: Identifying any requirements of ISO 9001:2015 that are not applicable due to the nature of the organization or its products and services, along with justifications for these exclusions.

The scope should be documented and available to all relevant parties. It should reflect the organization’s activities, products, services, and the interplay with stakeholders.

Quality Management System and Its Processes

Quality management system and its processes involve establishing, implementing, maintaining, and continually improving the QMS and its processes. This includes:

  1. Process Identification: Identifying the key processes needed for the QMS and their interrelations.
  2. Process Approach: Managing processes and their interactions to achieve intended outcomes.
  3. Process Mapping: Visualizing the processes and their flow within the QMS.
  4. Performance Metrics: Establishing key performance indicators (KPIs) to monitor and measure the effectiveness of processes.
  5. Risk-Based Thinking: Incorporating risk assessment and management into the processes to prevent undesired outcomes.
  6. Resource Allocation: Ensuring that necessary resources (human, infrastructure, environment) are available to execute processes effectively.
  7. Documentation and Records: Maintaining documented information to support the operation and control of processes.

By focusing on these elements, the organization ensures that its QMS is aligned with its strategic goals, meets stakeholder expectations, and is capable of delivering consistent and high-quality products or services.

In summary, the Context of the Organization section in ISO 9001:2015 is about understanding the factors that influence the QMS, identifying the needs and expectations of stakeholders, defining the scope of the QMS, and establishing a process-based approach to managing quality. This comprehensive understanding helps organizations design and implement an effective QMS that is aligned with their strategic objectives and responsive to changing internal and external conditions.


The Leadership section of ISO 9001:2015 emphasizes the critical role of top management in establishing and maintaining an effective quality management system (QMS). It underscores the necessity for leadership and commitment to ensure that the QMS achieves its intended outcomes and fosters a culture of continuous improvement.

Leadership and Commitment


In the general context, leadership and commitment require top management to:

  1. Take Accountability: Ensure that the QMS is effective and aligned with the strategic direction of the organization.
  2. Establish Quality Objectives: Set quality objectives that are consistent with the organization's policies and provide the necessary resources to achieve them.
  3. Promote a Customer Focus: Make sure that customer requirements are understood and met.
  4. Engage, Direct, and Support People: Motivate and support employees to contribute to the effectiveness of the QMS.
  5. Continual Improvement: Promote the use of the process approach and risk-based thinking to enhance the QMS continuously.

Customer Focus

Top management must demonstrate a strong commitment to understanding and meeting customer needs and enhancing customer satisfaction. This involves:

  1. Customer Requirements: Ensuring that customer requirements and applicable statutory and regulatory requirements are determined, understood, and consistently met.
  2. Risks and Opportunities: Addressing risks and opportunities that can affect the conformity of products and services and the ability to enhance customer satisfaction.
  3. Customer Satisfaction: Ensuring that the focus on enhancing customer satisfaction is maintained.


Establishing the Quality Policy

The quality policy is a formal statement from top management that outlines the organization's commitment to quality. Establishing the quality policy involves:

  1. Alignment with Strategic Direction: Ensuring the quality policy is appropriate to the purpose and context of the organization and supports its strategic direction.
  2. Commitment to Requirements and Improvement: Including a commitment to satisfy applicable requirements and to continual improvement of the QMS.
  3. Framework for Objectives: Providing a framework for setting quality objectives.

Communicating the Quality Policy

Once established, the quality policy must be communicated effectively. This includes:

  1. Internal Communication: Ensuring that the quality policy is understood, implemented, and maintained at all levels of the organization.
  2. Availability: Making the quality policy available to relevant interested parties as appropriate.
  3. Review and Update: Regularly reviewing and updating the quality policy to reflect any changes in the organization or its context.

Organizational Roles, Responsibilities and Authorities

Top management must ensure that roles, responsibilities, and authorities related to the QMS are clearly defined, communicated, and understood within the organization. This involves:

  1. Assignment of Responsibilities and Authorities:

    • Top Management: Retaining overall responsibility for the QMS and its performance.
    • QMS Roles: Assigning specific roles to individuals or teams for overseeing quality management activities.
    • Communication and Understanding: Ensuring that these roles are understood and communicated throughout the organization.
  2. QMS Implementation and Maintenance:

    • Process Owners: Designating process owners who are responsible for ensuring that processes deliver their intended outputs.
    • Compliance and Improvement: Ensuring those responsible have the authority to maintain compliance with QMS requirements and implement improvements.
  3. Customer Focus Responsibility:

    • Assigning responsibility for ensuring customer requirements are met and customer satisfaction is achieved and maintained.

By defining and communicating organizational roles, responsibilities, and authorities, top management ensures that all employees understand their contributions to the QMS, facilitating effective implementation and ongoing improvement.

In summary, the Leadership section of ISO 9001:2015 emphasizes the pivotal role of top management in fostering a quality-oriented culture, establishing clear policies and objectives, and ensuring that all members of the organization understand their roles in maintaining and improving the QMS. This commitment and clarity drive the successful implementation and continual enhancement of quality management practices.


The Planning section of ISO 9001:2015 focuses on how an organization should approach planning to ensure that its quality management system (QMS) is effective and can achieve its intended outcomes. This involves proactive measures to address risks and opportunities, set and achieve quality objectives, and plan for changes in a controlled manner.

Actions to Address Risks and Opportunities


  • To ensure that the QMS can achieve its intended results.
  • To enhance desirable effects and prevent or reduce undesired effects.
  • To achieve continual improvement.


  1. Identify Risks and Opportunities:

    • Analyze the internal and external context of the organization to identify potential risks and opportunities that could impact the QMS.
    • Consider the needs and expectations of interested parties, including customers, suppliers, and regulatory bodies.
  2. Determine Actions:

    • Plan actions to address these risks and opportunities. Actions should be proportionate to the potential impact on the conformity of products and services and on customer satisfaction.
  3. Integrate Actions into QMS:

    • Integrate and implement these actions into the QMS processes.
    • Ensure that these actions are managed, monitored, and reviewed for effectiveness.


  • Risk Mitigation: Implementing quality control measures to reduce the risk of product defects.
  • Opportunity Exploitation: Investing in new technology to improve product quality and operational efficiency.

Quality Objectives and Planning to Achieve Them


  • To establish measurable and achievable quality objectives that are aligned with the organization's quality policy and strategic direction.


  1. Setting Quality Objectives:

    • Objectives should be specific, measurable, achievable, relevant, and time-bound (SMART).
    • They should reflect the organization's commitment to customer satisfaction, regulatory compliance, and continuous improvement.
  2. Planning to Achieve Objectives:

    • Determine what will be done to achieve these objectives.
    • Identify the necessary resources, including personnel, equipment, and training.
    • Assign responsibility and authority for achieving each objective.
    • Establish timeframes and milestones to monitor progress.


  • Objective: Reduce the defect rate by 10% within the next year.
  • Plan: Implement additional quality checks at key stages of the production process, provide training for quality inspectors, and monitor defect rates monthly.

Planning of Changes


  • To ensure that any changes to the QMS are conducted in a controlled manner and do not negatively impact the system's integrity or the quality of products and services.


  1. Identifying Changes:

    • Recognize the need for changes that may arise from internal or external factors, such as new regulations, technological advancements, or market conditions.
  2. Evaluating Changes:

    • Assess the potential impact of the changes on the QMS, including risks and benefits.
    • Consider how the changes will affect existing processes, resources, and responsibilities.
  3. Planning Changes:

    • Define the steps necessary to implement the changes, including resource allocation and timeline.
    • Communicate the planned changes to all relevant parties to ensure understanding and buy-in.
  4. Implementing Changes:

    • Execute the change plan, ensuring that all actions are documented and monitored.
    • Evaluate the effectiveness of the changes and make adjustments as necessary.


  • Change: Introducing a new software system for managing quality records.
  • Plan: Develop a rollout plan that includes training for users, migrating existing records to the new system, and establishing support procedures.

In summary, the Planning section of ISO 9001:2015 ensures that an organization systematically addresses risks and opportunities, sets and achieves quality objectives, and manages changes in a way that maintains or improves the effectiveness of its QMS. This proactive and structured approach is essential for continual improvement and sustained success in meeting customer and regulatory requirements.


The Support section of ISO 9001:2015 focuses on the resources, competence, awareness, communication, and documented information necessary to implement and maintain an effective Quality Management System (QMS). This section ensures that all the necessary support mechanisms are in place to achieve the intended outcomes of the QMS.



An organization must determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of the QMS. This includes considering the capabilities and constraints on existing internal resources, as well as what needs to be obtained from external providers.


The organization must ensure it has sufficient personnel with the necessary competencies to effectively implement the QMS, operate processes, and achieve conformity of products and services. This involves:

  • Identifying human resource needs.
  • Providing necessary training and development.
  • Ensuring staff have the appropriate skills and qualifications.


Infrastructure refers to the facilities, equipment, and support services necessary for the operation of processes and to achieve conformity of products and services. This includes:

  • Buildings and workspace.
  • Utilities such as electricity and water.
  • Equipment such as machinery and tools.
  • Information and communication technology.

Environment for the Operation of Processes

The organization must provide and manage the environment necessary for the operation of its processes. This includes both physical and non-physical factors, such as:

  • Physical factors: Cleanliness, temperature, humidity, lighting, and noise.
  • Non-physical factors: Workplace culture, morale, and well-being.

Monitoring and Measuring Resources


The organization must determine and provide the necessary resources to ensure valid and reliable monitoring and measurement results. This includes:

  • Identifying what needs to be measured and monitored.
  • Ensuring measurement devices are suitable and properly maintained.
  • Establishing processes for calibration and verification of measurement devices.
Measurement Traceability

Where traceability is a requirement, measurement instruments must be calibrated or verified at specified intervals against standards traceable to international or national measurement standards. If no such standards exist, the basis used for calibration or verification must be recorded. This ensures accuracy and reliability of measurements critical to the QMS.

Organizational Knowledge

Organizational knowledge is the information necessary for the operation of processes and to achieve conformity of products and services. This includes:

  • Capturing and sharing knowledge gained from experience.
  • Learning from lessons learned, both successes and failures.
  • Ensuring the availability of this knowledge to those who need it.


The organization must ensure that employees performing work affecting the quality of products and services are competent based on appropriate education, training, skills, and experience. This involves:

  • Determining the necessary competence for personnel performing work.
  • Providing training or taking other actions to achieve the necessary competence.
  • Evaluating the effectiveness of these actions.
  • Retaining documented information as evidence of competence.


Employees must be aware of:

  • The quality policy.
  • Relevant quality objectives.
  • Their contribution to the effectiveness of the QMS, including the benefits of improved performance.
  • The implications of not conforming to QMS requirements.


The organization must determine the internal and external communications relevant to the QMS, including:

  • What needs to be communicated.
  • When to communicate.
  • With whom to communicate.
  • How to communicate.

Documented Information


Documented information required by the QMS and by ISO 9001:2015 must be controlled to ensure it is available and suitable for use where and when it is needed. This includes:

  • Creating, updating, and maintaining documents and records.

Creating and Updating

When creating and updating documented information, the organization must ensure appropriate:

  • Identification and description (e.g., title, date, author).
  • Format (e.g., language, software version) and media (e.g., paper, electronic).
  • Review and approval for suitability and adequacy.

Control of Documented Information

Documented information must be controlled to ensure it is:

  • Available and suitable for use.
  • Adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).

Control mechanisms must include:

  • Distribution, access, retrieval, and use.
  • Storage and preservation, including preservation of legibility.
  • Control of changes, ensuring that revisions are identified and traceable.
  • Retention and disposition, including disposal of obsolete information.

In summary, the Support section of ISO 9001:2015 ensures that the necessary resources, competencies, awareness, communication, and documented information are in place and effectively managed. This foundation is critical for the successful implementation, maintenance, and continual improvement of the QMS, ensuring it meets organizational and customer requirements.


The Operation section of ISO 9001:2015 outlines the requirements for effectively planning, controlling, and executing various operational processes within an organization to ensure the consistent provision of products and services that meet customer requirements. This section covers operational planning and control, requirements for products and services, design and development, control of externally provided processes, production and service provision, release of products and services, and control of nonconforming outputs.

Operational Planning and Control

Operational planning and control involve defining processes and procedures to ensure that products and services are delivered in accordance with customer requirements and applicable standards. This includes:

  • Establishing processes and procedures for the effective execution of operations.
  • Determining resource requirements, including personnel, infrastructure, and materials.
  • Planning and scheduling activities to meet customer demands and deadlines.
  • Implementing controls to ensure that operations are carried out effectively and efficiently.

Requirements for Products and Services

Customer Communication

The organization must communicate with customers to understand their requirements, preferences, and any specific needs. This includes:

  • Establishing effective channels for communication with customers.
  • Gathering and documenting customer requirements.
  • Clarifying any ambiguities or uncertainties in customer requirements.

Determining the Requirements for Products and Services

The organization must determine the requirements for products and services before acceptance. This involves:

  • Reviewing customer requirements, including specifications, drawings, and contracts.
  • Identifying any legal, regulatory, or contractual requirements.
  • Ensuring that the organization can meet the identified requirements.

Review of the Requirements for Products and Services

Before accepting customer orders or contracts, the organization must review the requirements to ensure they are adequately defined and understood. This review verifies that the organization has the capability to meet the requirements and identifies any potential issues or risks.

Changes to Requirements for Products and Services

The organization must review and agree on any changes to customer requirements, including changes to specifications, schedules, or delivery requirements. This ensures that the organization can accommodate changes without compromising quality or delivery deadlines.

Design and Development of Products and Services


Design and development processes ensure that products and services meet customer requirements and are fit for their intended purpose. This includes:

  • Establishing procedures for designing and developing products and services.
  • Ensuring that design and development activities are conducted by qualified personnel.
  • Documenting design and development processes and outcomes.

Design and Development Planning

The organization must plan the design and development process, including:

  • Defining design and development objectives and criteria for success.
  • Identifying resources needed for design and development activities.
  • Establishing timelines and milestones for design and development projects.

Design and Development Inputs

Inputs to the design and development process include:

  • Customer requirements and specifications.
  • Legal, regulatory, and contractual requirements.
  • Lessons learned from previous design and development projects.

Design and Development Controls

Controls must be implemented to ensure that design and development activities are carried out effectively and produce the desired outcomes. This includes:

  • Reviews and approvals at key stages of the design and development process.
  • Verification and validation activities to ensure that designs meet requirements.
  • Configuration management to control changes to design documents and specifications.

Design and Development Outputs

The outputs of the design and development process include:

  • Detailed design specifications, drawings, and documentation.
  • Prototypes or samples for testing and validation.
  • Plans for production, testing, and implementation.

Control of Externally Provided Processes, Products, and Services


The organization must ensure that externally provided processes, products, and services meet specified requirements. This includes:

  • Establishing criteria for selecting external providers.
  • Evaluating the competence and capability of external providers.
  • Monitoring and controlling externally provided processes, products, and services.

Type and Extent of Control

The organization must determine the type and extent of control needed for externally provided processes, products, and services based on their importance to product conformity and customer satisfaction.

Information for External Providers

The organization must communicate its requirements to external providers, including specifications, delivery schedules, and quality standards. This ensures that external providers understand and can meet the organization's expectations.

Production and Service Provision

Control of Production and Service Provision

The organization must establish controls to ensure that production and service provision processes are carried out effectively and consistently. This includes:

  • Implementing documented procedures for production and service provision.
  • Monitoring and controlling process parameters to ensure product and service quality.
  • Conducting inspections and tests to verify product and service conformity.

Identification and Traceability

The organization must establish procedures for identifying and tracing products and services throughout the production and service provision process. This includes:

  • Assigning unique identifiers to products and services.
  • Maintaining records of product and service status and location.

Property Belonging to Customers or External Providers

The organization must identify, verify, protect, and safeguard property belonging to customers or external providers. This includes:

  • Establishing procedures for handling and storing customer-supplied materials or equipment.
  • Ensuring that customer property is not lost, damaged, or used improperly.


The organization must establish procedures for preserving the conformity of products and services during production and service provision. This includes:

  • Implementing measures to prevent contamination, damage, or deterioration.
  • Storing products and materials in appropriate conditions.

Post-Delivery Activities

The organization must define processes for handling post-delivery activities, such as installation, operation, maintenance, and disposal of products and services. This ensures that products and services continue to meet customer requirements throughout their lifecycle.

Control of Changes

The organization must establish procedures for controlling changes to production processes, products, and services. This includes:

  • Assessing the impact of proposed changes on product conformity and customer requirements.
  • Obtaining authorization before implementing changes.

Release of Products and Services

The organization must establish procedures for the release of products and services to ensure that they meet specified requirements before delivery to customers. This includes:

  • Conducting final inspections and tests to verify product and service conformity.
  • Obtaining customer approval or acceptance before delivering products and services.

Control of Nonconforming Outputs

The organization must establish procedures for identifying, segregating, and controlling nonconforming products and services to prevent their unintended use or delivery. This includes:

  • Documenting nonconformities and initiating corrective actions to address root causes.
  • Obtaining authorization before reworking or disposing of nonconforming products and services.

In summary, the Operation section of ISO 9001:2015 outlines requirements for effectively planning, controlling, and executing operational processes to ensure that products and services meet customer requirements and are delivered consistently with high quality. This includes defining requirements, designing and developing products and services, controlling externally provided processes, production and service provision, release of products and services, and control of nonconforming outputs. These requirements help organizations establish robust processes for delivering products and services that consistently meet customer expectations.


The Performance Evaluation section of ISO 9001:2015 focuses on the methods and processes that an organization uses to monitor, measure, analyze, and evaluate the effectiveness and efficiency of its Quality Management System (QMS). This ensures that the organization can assess its performance, identify areas for improvement, and make informed decisions.

Monitoring, Measurement, Analysis, and Evaluation


The organization must determine:

  1. What needs to be monitored and measured:

    • Identify key performance indicators (KPIs) and other relevant metrics.
    • Determine what aspects of the QMS, processes, and product/service quality will be monitored.
  2. Methods for monitoring, measurement, analysis, and evaluation:

    • Establish appropriate methods for gathering and analyzing data.
    • Ensure methods are reliable and provide accurate results.
  3. When monitoring and measuring will be performed:

    • Define the frequency and timing of monitoring and measurement activities.
    • Ensure that these activities are conducted regularly and at appropriate intervals.
  4. When results from monitoring and measurement will be analyzed and evaluated:

    • Specify how often data will be reviewed and who will conduct the analysis.
    • Ensure timely evaluation to support decision-making and improvements.

Documented information must be retained as evidence of the results of these activities, supporting transparency and accountability.

Customer Satisfaction

Customer satisfaction is a key measure of the QMS’s effectiveness. The organization must monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled. This involves:

  1. Methods for obtaining customer feedback:

    • Use surveys, interviews, and feedback forms.
    • Monitor social media, reviews, and other online platforms.
  2. Analyzing customer satisfaction data:

    • Regularly review feedback to identify trends and areas for improvement.
    • Take corrective actions based on customer complaints and suggestions.

Analysis and Evaluation

The organization must analyze and evaluate data and information arising from monitoring and measurement. This analysis should provide insights into:

  1. QMS performance and effectiveness:

    • Evaluate how well the QMS is achieving its objectives and meeting requirements.
  2. Process performance:

    • Assess the efficiency and effectiveness of processes.
  3. Product/service conformity:

    • Check whether products and services meet specified requirements.
  4. Customer satisfaction trends:

    • Identify changes in customer satisfaction levels and underlying causes.
  5. Opportunities for improvement:

    • Highlight areas where performance can be enhanced and risks mitigated.

Internal Audit

The organization must conduct internal audits at planned intervals to provide information on whether the QMS:

  1. Conforms to the organization’s own requirements for its QMS and to the requirements of ISO 9001:2015.
  2. Is effectively implemented and maintained.

Internal audit process involves:

  1. Planning the audit program:

    • Define the scope, frequency, and methods for audits.
    • Ensure audits cover all aspects of the QMS and are conducted regularly.
  2. Selecting and training auditors:

    • Choose auditors who are impartial and objective.
    • Provide training to ensure they are competent.
  3. Conducting audits and reporting findings:

    • Carry out audits according to the plan, gather evidence, and report nonconformities.
    • Ensure findings are documented and communicated to relevant management.
  4. Taking corrective actions:

    • Address nonconformities and their causes.
    • Verify the effectiveness of corrective actions.

Management Review


Top management must review the organization’s QMS at planned intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization. Management reviews should be conducted regularly and documented.

Management Review Inputs

Inputs to the management review must include:

  1. Status of actions from previous management reviews.

  2. Changes in external and internal issues relevant to the QMS.

  3. Information on QMS performance and effectiveness, including:

    • Trends in customer satisfaction and feedback.
    • Extent of quality objectives achieved.
    • Process performance and product conformity.
    • Nonconformities and corrective actions.
    • Audit results.
    • Performance of external providers.
  4. Adequacy of resources.

  5. Effectiveness of actions taken to address risks and opportunities.

  6. Opportunities for improvement.

Management Review Outputs

Outputs of the management review must include decisions and actions related to:

  1. Opportunities for improvement.
  2. Any need for changes to the QMS.
  3. Resource needs.

Documented information must be retained as evidence of the results of management reviews, including any decisions and actions taken.

In summary, the Performance Evaluation section of ISO 9001:2015 ensures that an organization systematically monitors, measures, analyzes, and evaluates its QMS. Through customer satisfaction analysis, internal audits, and management reviews, the organization can identify areas for improvement, ensure compliance with requirements, and make informed decisions to enhance the effectiveness and efficiency of its QMS.


The Improvement section of ISO 9001:2015 focuses on the processes and practices an organization must implement to enhance its Quality Management System (QMS) continually. This section emphasizes the need to identify and act on opportunities for improvement, address nonconformities, and drive continual improvement efforts.


The organization must determine and select opportunities for improvement and implement necessary actions to meet customer requirements and enhance customer satisfaction. This involves:

  1. Continual Improvement:

    • Actively seeking opportunities for improvement.
    • Making systematic efforts to improve processes, products, and services.
    • Enhancing overall performance and effectiveness of the QMS.
  2. Reactive and Proactive Approaches:

    • Reactive: Addressing nonconformities and implementing corrective actions.
    • Proactive: Identifying potential areas for improvement and implementing preventative actions.
  3. Incorporating Feedback:

    • Using feedback from audits, customer complaints, data analysis, and performance metrics to identify improvement opportunities.

Nonconformity and Corrective Action

Nonconformities are instances where processes or outputs do not meet specified requirements. The organization must address these through a structured approach involving corrective actions.

  1. Handling Nonconformities:

    • Identify: Detect and document nonconformities.
    • Respond: Take action to control and correct the nonconformity, mitigate its impacts, and evaluate the need for actions to eliminate the cause.
    • Corrective Actions: Implement actions to prevent recurrence by addressing the root causes.
  2. Process for Corrective Actions:

    • Root Cause Analysis: Determine the underlying reasons for the nonconformity.
    • Action Plan: Develop and implement a plan to address the root causes.
    • Effectiveness: Verify that the corrective actions taken are effective and prevent recurrence.
    • Documentation: Maintain records of the nature of nonconformities, actions taken, and the results of those actions.
  3. Review and Update:

    • Periodically review nonconformities and corrective actions to identify trends.
    • Update processes and QMS documentation to reflect improvements and changes.

Continual Improvement

Continual improvement is an ongoing effort to enhance the organization’s processes, products, and services. It is a core principle of ISO 9001:2015 and involves systematic activities to achieve higher performance levels.

  1. Plan-Do-Check-Act (PDCA) Cycle:

    • Plan: Identify opportunities for improvement and plan changes.
    • Do: Implement the changes on a small scale to test their impact.
    • Check: Monitor and measure the effectiveness of the changes.
    • Act: If successful, implement the changes on a broader scale and continue to monitor.
  2. Data-Driven Decisions:

    • Use data and analysis to identify improvement opportunities.
    • Base decisions on factual information and performance metrics.
  3. Involvement and Engagement:

    • Encourage employee involvement in identifying improvement opportunities.
    • Foster a culture of continuous improvement throughout the organization.
  4. Regular Review:

    • Conduct regular reviews of the QMS to identify areas for improvement.
    • Use management reviews, audits, and performance evaluations as inputs for continual improvement.
  5. Innovation:

    • Encourage innovative thinking and solutions to enhance quality and performance.
    • Explore new technologies, methods, and approaches to improve processes and products.

In summary, the Improvement section of ISO 9001:2015 is about creating a proactive and systematic approach to enhancing the QMS. By effectively managing nonconformities, implementing corrective actions, and fostering a culture of continual improvement, organizations can achieve sustained improvements in performance, customer satisfaction, and overall effectiveness of their quality management processes.