8/19/2019 Change in ISO9001-2008.pdf

1/17

 

ISO 9001:2008 Changes

ISO 9001:2008 - the main changes from the 2000 version

Introduction:

This document outlines the main changes from the 2000 version of ISO 9001 to the 2008 FDIS (Final Draft

International Standard) version. There are some very minor typographical changes that have not been

mentioned. As stated in previous communications, overall the changes are minor.

Key:

o  Words marked in Yellow are the changes from the 2000 version.o  Red text denotes a change worthy of note.

Clause Number 2000 version 2008 version Comments

Forward  All reference to ‘Quality

 Assurance’ has now been

removed.

The final links with ‘Quality

 Assurance’ have now been

removed making ISO 9001 a

true management standard.

Forward Details of the changesbetween the third edition and

this fourth edition are given

in Annex B.

0.1 Introduction

General

The adoption of a quality

management system should

be a strategic decision of an

organization. The design

and implementation of an

organization's quality

management system isinfluenced by varying

needs, particular objectives,

the products provided, the

processes employed and

the size and structure of the

organization. It is not the

The adoption of a quality

management system should

be a strategic decision of an

organization. The design

and implementation of an

organization's qualitymanagement system is

influenced by

 — its business environment,

changes in that environment,

or risks associated with that

There is more to this change

than is immediately apparent.

For the first time the word ‘risk’

appears in ISO 9001. Also

‘business environment’ is used.

This I believe is sowing the

seeds for the next revision ofISO 9001 (possibly around

2013) and also moving towards

the new ISO 9004 and

‘sustainable management

systems.

8/19/2019 Change in ISO9001-2008.pdf

2/17

 

Page 2 :

intent of this International

Standard to imply uniformityin the structure of quality

management systems or

uniformity of documentation.

 

environment,

 — its varying needs,

 — its particular objectives,

 — the products it provides,

 — the processes it employs,

 — its size and organizational

structure. 

0.1 Introduction

General

…meet customer,

regulatory and the

organization's own

requirements.

…meet customer, statutory

and regulatory requirements

applicable to the product,

and the organization‘s own

requirements.

Changes made for consistency

with other statements

concerning ‘statutory and

regulatory requirements.

0.2 Process approach For an organization to

function effectively, it has to

identify and managenumerous linked activities.

 An activity using resources,

and managed in order to

enable….

For an organization to

function effectively, it has to

determine and managenumerous linked activities.

 An activity or set of activities

using resources, and

managed in order to

enable….

 Additional clarity.

0.2 Process approach and their management can

be referred to as the

“process approach”.

…and their management to

produce the desired

outcome,

Clarity on what the process

approach is.

0.3 Relationship withISO 9004

The present editions of ISO9001 and ISO 9004 have

been developed as a

consistent pair of quality

management system

standards which have been

designed to complement

each other, but can also be

ISO 9001 and ISO 9004 arequality management system

standards which have been

designed to complement

each other, but can also be

used independently.

Change made to reflect theposition that ISO 9001 and

9004 were a consistent pair that

should be used together; to

being standards that have now

had those connections

removed.

ISO 9004 is planned to be

8/19/2019 Change in ISO9001-2008.pdf

3/17

 

Page 3 :

used independently.

 Although the two

International Standards

have different scopes, they

have similar structures in

order to assist their

application as a consistent

pair.

ISO 9001 specifies

requirements for a quality

management system that

can be used for internal

application by

organizations, or for

certification, or for

contractual purposes. It

focuses on the

effectiveness of the quality

management system in

meeting customer

requirements.

ISO 9004 gives guidance ona wider range of objectives

of a quality management

system than does ISO

9001, particularly for the

continual improvement of an

organization's overall

performance and efficiency,

as well as its effectiveness.

ISO 9004 is recommended

as a guide for organizations

whose top managementwishes to move beyond the

requirements of ISO 9001,

in pursuit of continual

improvement of

performance. However, it is

not intended for certification

or for contractual purposes.

ISO 9001 specifies

requirements for a qualitymanagement system that

can be used for internal

application by organizations,

for certification, or for

contractual purposes. It

focuses on the effectiveness

of the quality

management system in

meeting customer

requirements.

ISO 9004 gives guidance on

a wider range of objectives

of a quality management

system than does ISO 9001,

particularly for the continual

improvement of an

organizations overall

performance and efficiency,

as well as its

effectiveness. ISO 9004 is

recommended as a guide for

organizations whose top

management wishes to

move

beyond the requirements of

ISO 9001, in pursuit of

continual improvement of

performance. However, it is

not intended for certification

or for contractual purposes.

NOTE At the time of publication

of this International Standard,

published in 2009.

8/19/2019 Change in ISO9001-2008.pdf

4/17

 

Page 4 :

ISO 9004 is under revision. 

0.4 Compatibility with

other management

systems

This International Standard

has been aligned with ISO

14001:1996 in order to

enhance the compatibility of

the two standards for the

benefit of the user

community.

During the development of

this International Standard,

due consideration was given

to the provisions of ISO

14001:2004 to enhance the

compatibility of the two

standards for the benefit of

the user community. Annex

 A shows the correspondence

between ISO 9001:2008 and

ISO 14001:2004

Update to the latest version of

ISO 14001.

Various Where ever the term ‘and

applicable regulatory

requirements’ is mentioned

the addition of the word

‘statutory’ has been added to

read ‘and applicable

statutory and regulatory

requirements’.

Self explanatory.

1 Scope NOTE In this International

Standard, the term “product”

applies only to the product

intended for, or required by,

a customer.

NOTE 1 In thisInternational Standard, theterm "product" only appliesto:

 ⎯   product intended for orrequired by a customer

 ⎯   any intended outputresulting from the

product realisationprocesses

 ⎯   NOTE 2 Statutory andregulatory requirements

can be expressed as legal

requirements.

Clarification as to what is a

product. This is not only the end

product but can be the product

of any process especially the

‘product realization process.

2 Normative The following normative The following referenced An interesting change

8/19/2019 Change in ISO9001-2008.pdf

5/17

 

Page 5 :

references document contains

provisions which, throughreference in this text,

constitute provisions of this

International Standard. For

dated references,

subsequent amendments

to, or revisions of, any of

these publications do not

apply. However, parties to

agreements based on this

International Standard are

encouraged to investigate

the possibility of applying

the most recent edition of

the normative document

indicated below. For

undated references, the

latest edition of the

normative document

referred to applies.

Members of ISO and IEC

maintain registers ofcurrently valid International

Standards.

ISO 9000:2000, Quality

management systems —

Fundamentals and

vocabulary.

documents are

indispensable for theapplication of this document.

For dated references, only

the edition cited applies. For

undated references, the

latest edition of the

referenced document

(including any amendments)

applies.

ISO 9000:2005, Quality

management systems —

Fundamentals and

vocabulary

emphasising the connection

between ISO 9000 and ISO9001.

3 Terms anddefinitions

Reference to the ‘supplychain’ terms have been

removed; ‘supplier,

organisation and customer’.

Obsolete terms removed.

4.1 General

requirements a)

e)

The word ‘identify’ has been

replaced by ‘determine’

The words ‘(where

applicable)’ have been

The word ‘determine’ is slightly

stronger than ‘identify’.

Some clarity provided as to the

applicability of monitoring and

8/19/2019 Change in ISO9001-2008.pdf

6/17

 

Page 6 :

Outsourcing

Where an organization

chooses to outsource any

process that affects product

conformity with

requirements, the

organization shall ensure

control over such

processes. Control of such

outsourced processes shall

be identified within the

quality management

system.

NOTE Processes needed

for the quality management

system referred to above

should include processes

for management activities,

provision of resources,

product realization and

measurement.

added between ‘measure’

and ‘and’.Where an organization

chooses to outsource any

process that affects product

conformity to requirements,

the organization shall ensure

control over such processes.

The type and extent of

control to be applied to these

outsourced processes shall

be defined within the quality

management system.

NOTE 1 Processes needed

for the quality management

system referred to above

include processes for

management activities,

provision of resources,

product realization and

measurement, analysis and

improvement.

NOTE 2

 An outsourced process is

identified as one being

needed for the organization’s

quality management system

but chosen to be performed

by a party external to the

organization.

NOTE 3

Ensuring control over

outsourced processes does

not absolve the organization

of the responsibility of

conformity to all customer,

statutory and regulatory

requirements. The type and

measuring

Some clarity provided on what

controls are required.

Notes added to provide some

guidance as to what is required

for outsourcing.

8/19/2019 Change in ISO9001-2008.pdf

7/17

 

Page 7 :

extent of control to be

applied to the outsourcedprocess may be influenced

by factors such as:

a) the potential impact of theoutsourced process onthe organization’scapability to provideproduct that conforms torequirements;

b) the degree to which the

control for the process isshared;

c) the capability of achievingthe necessary controlthrough the applicationof clause 7.4.

4.2 Documentation

requirements c) and

d).

Note 1 

c) documented procedures

required by this

International Standard,

d) documents needed bythe organization to ensure

the effective planning,

operation and control of its

processes,

and

e) records required by this

International Standard (see

4.2.4).

NOTE 1 Where the term

“documented procedure”

appears within this

International Standard, this

means that the procedure is

established, documented,

implemented and

c) documented procedures

and records required by this

International Standard, and

d) documents, includingrecords, determined by the

organization to be necessary

to ensure the effective

planning, operation and

control of its processes.

NOTE 1 Where the term

“documented procedure“

appears within this

International Standard, this

means that the procedure is

established, documented,

implemented and

Clarity given that a ‘record’ is a

document and comes under

document control.

8/19/2019 Change in ISO9001-2008.pdf

8/17

 

Page 8 :

maintained maintained. A single

document may address therequirements for one or

more procedures. A

requirement for a

documented procedure may

be covered by more than

one document.

4.2.3 Control of

documents f)

to ensure that documents of

external origin are identified

and their distribution

controlled, and

to ensure that documents of

external origin determined by

the organization to be

necessary for the planning

and operation of the quality

management system are

identified and their

distribution….

Clarity on external documents

given.

4.2.4 Control of

records

Records shall be

established and maintained

to provide evidence of

conformity to requirements

and of the effectiveoperation of the quality

management system.

Records shall remain

legible, readily identifiable

and retrievable. A

documented procedure

shall be established to

define the controls needed

for the identification,

storage, protection,

retrieval, retention time anddisposition of records.

Records established to

provide evidence of

conformity to requirements

and of the effective operation

of the quality managementsystem shall be controlled.

The organization shall

establish a documented

procedure to define the

controls needed for the

identification, storage,

protection, retrieval,

retention and disposition of

records.

Records shall remain legible,

readily identifiable and

retrievable.

This clause has been reworded

for clarity but essentially

remains the same.

5.5.2 Management

representative

Top management shall

appoint a member of

management who,

irrespective of other

Top management shall

appoint a member of the

organization’s management

who, irrespective of other

The management

representative must be a

member of the organization’s

management team. This may

8/19/2019 Change in ISO9001-2008.pdf

9/17

 

Page 9 :

responsibilities, shall have

responsibility and authority

that includes

responsibilities, shall have

responsibility and authoritythat includes.

preclude the use of external

parties such as consultantscarrying out this role.

6.2.1 General Personnel performing work

affecting product quality

shall be competent on the

basis of appropriate

education, training, skills

and experience

Personnel performing work

affecting conformity to

product requirements shall

be competent on the basis of

appropriate education,

training, skills and

experience.

NOTE Conformity to product

requirements may be

affected directly or indirectly

by personnel performing any

task within the quality

management system

This now throws a wider net

over ‘conformity to product

requirements’ not just product

quality.

6.2.2 Competence

training and

awareness

a) determine the necessary

competence for personnel

performing work affecting

product quality,

b) provide training or take

other actions to satisfy

these needs,

c) evaluate the

effectiveness of the actions

taken,

a) determine the necessary

competence for personnel

performing work affecting

conformity to product

requirements,

b) where applicable, provide

training or take other actions

to achieve the necessary

competence,

 Again competency now covers

all product requirements.

The words ‘where applicable’

have been added to provide

some flexibility.

6.3 Infrastructure c) supporting services (such

as transport or

communication).

c) supporting services (such

as transport, communication

or information systems).

Information systems added to

provide clarity.

6.4 Work environment There was no note in this

version.

NOTE The term "work

environment" relates to

conditions under which work

is performed including

Note added to provide guidance

in this area.

8/19/2019 Change in ISO9001-2008.pdf

10/17

 

Page 10 :

physical, environmental and

other factors (such as noise,temperature, humidity,

lighting, or weather).

7.1 Planning of

product realization c)

c) required verification,

validation, monitoring,

inspection and test activities

specific to the product and

the criteria for product

acceptance;

c) required verification,

validation, monitoring,

measurement, inspection

and test activities specific to

the product and the criteria

for product acceptance;

Measurement added to

strengthen this clause.

7.2.1 Customer

related processes

statutory and regulatory

requirements related to the

product, and

d) any additional

requirements determined by

the organization.

New note added. 

c) statutory and regulatory

requirements applicable to

the product, and

d) any additional

requirements considered

necessary by the

organization.

NOTE Post delivery activities

include, for example, actions

under warranty provisions,

contractual obligations such

as maintenance services,

and supplementary services

such as recycling or final

disposal.

Clarity on the applicability of the

use of statutory and regulatory

requirements.

Clarity on whether additional

requirement may be necessary.

Note added to assist with this

clause.

7.3.1 Design and

development planning

New note added. NOTE Design and

development review,

verification and validation

have distinct purposes. Theymay be conducted and

recorded separately or in

any combination as suitable

for the product and the

organization.

Note added to assist with this

clause.

7.3.3 Design and

development outputs

The outputs of design and

development shall be

provided in a form that

The outputs of design and

development shall be in a

form suitable for verification

Minor change made for clarity.

8/19/2019 Change in ISO9001-2008.pdf

11/17

 

Page 11 :

enables verification against

the design and developmentinput and shall be approved

prior to release.

New note added

against the design and

development input and shallbe approved prior to release.

NOTE Information for

production and service

provision can include details

for the preservation of

product.

Note added to assist with this

clause.

7.5.1 Control of

production and

service provision

d) the availability and use of

monitoring and measuring

devices,

f) the implementation of

release, delivery and post-

delivery activities.

d) the availability and use of

monitoring and measuring

equipment,

f) the implementation of

product release, delivery and

post-delivery activities.

‘Devices’ has now changed to

‘equipment’ for clarity.

Clarity given that the clause is

dealing with ‘product’ release.

7.5.2 Validation of

processes for

production and

services provision

The organization shall

validate any processes for

production and service

provision where the

resulting output cannot be

verified by subsequent

monitoring or measurement.

This includes any processes

where deficiencies become

apparent only after the

product is in use or the

service has been delivered.

Notes 1 and 2 have been

removed

The organization shall

validate any processes for

production and service

provision where the resulting

output cannot be verified by

subsequent monitoring or

measurement and as a

consequence, deficiencies

become apparent only after

the product is in use or the

service has been delivered.

This clause has been made

more succinct in that it clarifies

that the necessity for the

validation of the process may

only become apparent after the

product or service is delivered.

7.5.3 Identification The organization shall The organization shall Clarification provided as to the

8/19/2019 Change in ISO9001-2008.pdf

12/17

 

Page 12 :

and traceability identify the product status

with respect to monitoringand measurement

requirements.

Where traceability is a

requirement, the

organization shall control

and record the unique

identification of the product

(see 4.2.4).

identify the product status

with respect to monitoringand measurement

requirements throughout

product realization.

Where traceability is a

requirement, the

organization shall control the

unique identification of the

product and maintain

records (see 4.2.4).

requirement that identification

should provided ‘throughout’the whole product realization

process.

Slight changes to the words to

emphasise the maintenance of

records.

7.5.4 Customer

property

…..otherwise found to be

unsuitable for

use, this shall be reported to

the customer and records

maintained (see 4.2.4).

NOTE Customer property

can include intellectual

property.

….otherwise found to be

unsuitable for use, the

organization shall report this

to the customer and maintain

records (see 4.2.4).

NOTE Customer property

can include intellectual

property and personal data.

Small clarification to this clause.

7.5.5 Preservation of

product

The organization shall

preserve the conformity of

product during internal

processing and delivery to

the intended destination.

This preservation shall

include identification,

handling, packaging,

storage and protection.

Preservation shall also

apply to the constituent

parts of a product.

The organization shall

preserve the product during

internal processing and

delivery to the intended

destination in order to

maintain conformity to

requirements. As applicable,

preservation shall include

identification, handling,

packaging, storage and

protection. Preservation shall

also apply to the constituent

parts of a product.

Slight change to the wording for

clarity.

7.6 Control of The organization shall The organization shall ‘Devices’ changed to

8/19/2019 Change in ISO9001-2008.pdf

13/17

 

Page 13 :

monitoring and

measuring equipment

determine the monitoring

and measurement to beundertaken and the

monitoring and measuring

devices needed to provide

evidence of conformity of

product to determined

requirements (see 7.2.1).

a) be calibrated or verified

at specified intervals, or

prior to use, against

measurement standards

traceable to

international or national

measurement standards;

where no such standards

exist, the basis used for

calibration or verification

shall be recorded;

c) be identified to enable

the calibration status to be

determined;

Notes 1 and 2 have been

removed. 

determine the monitoring

and measurement to beundertaken and the

monitoring and measuring

equipment needed to

provide evidence of

conformity of product to

determined requirements.

a) be calibrated or verified,

or both, at specified

intervals, or prior to use,

against measurement

standards traceable to

international or national

measurement standards;

where no such standards

exist, the basis used for

calibration or verification

shall be recorded (see

4.2.4);

c) have identification inorder to determine its

calibration status;

NOTE Confirmation of the

ability of computer software

to satisfy the intended

application would typically

include its verification and

configuration managementto maintain its suitability for

use.

‘equipment’.

Small change made for clarity.

Small change made for clarity.

New note added.

8.1 General a) to demonstrate

conformity of the product,

a) to demonstrate

conformity to product

requirements,

‘Requirements’ added to clarify it

is to the actual requirements of

the product.

8/19/2019 Change in ISO9001-2008.pdf

14/17

 

Page 14 :

8.2.1 Customer

satisfaction

New note added NOTE Monitoring customer

perception can includeobtaining input from

sources such as customer

satisfaction surveys,

customer data on delivered

product quality, user opinion

surveys, lost business

analysis, compliments,

warranty claims, dealer

reports.

Note added to assist with this

clause.

8.2.2 Internal Audits The responsibilities and

requirements for planning

and conducting audits, and

for reporting results and

maintaining records (see

4.2.4) shall be defined in a

documented procedure.

The management

responsible for the area

being audited shall ensure

that actions are taken

without undue delay to

eliminate detected

nonconformities and their

causes.

NOTE See ISO 10011-1,

ISO 10011-2 and ISO

10011-3 for guidance.

 A documented procedure

shall be established to

define the responsibilities

and requirements for

planning and conducting

audits, establishing records

and reporting results.

Records of the audits and

their results shall be

maintained (see 4.2.4).

The management

responsible for the area

being audited shall ensure

that any necessary

corrections and corrective

actions are taken without

undue delay to eliminate

detected nonconformities

and their causes.

NOTE See ISO 19011 forguidance.

More emphasis placed on

‘documented procedure’

The requirement for records has

been separated out to

emphasise their importance.

What actions need to be taken

has been clarified.

8.2.3 Monitoring and

measurement of

When planned results are

not achieved, correction and

When planned results are

not achieved, correction

It is read that any actions taken

are to ensure conformity to

8/19/2019 Change in ISO9001-2008.pdf

15/17

 

Page 15 :

processes corrective action shall be

taken, as appropriate, toensure conformity of the

product.

New note added 

and corrective action shall

be taken, as appropriate.

NOTE When determining

suitable methods, the

organization should

consider the type and

extent of monitoring or

measurement appropriate

to each of its processes in

relation to their impact on

the conformity to product

requirements and on the

effectiveness of the quality

management system.

product.

8.2.4 Monitoring and

measurement of

product

This shall be carried out at

appropriate stages of the

product realization process

in accordance with the

planned arrangements (see

7.1).

Evidence of conformity with

the acceptance criteria shall

be maintained. Records

shall indicate the person(s)

authorizing release of

product (see 4.2.4).

Product release and service

delivery shall not proceed

until the planned

arrangements (see 7.1)have been satisfactorily

completed, unless otherwise

approved by a relevant

authority and, where

applicable, by the customer.

Note has been deleted 

This shall be carried out at

appropriate stages of the

product realization process

in accordance with the

planned arrangements (see

7.1). Evidence of conformity

with the acceptance criteriashall be maintained.

Records shall indicate the

person(s) authorizing

release of product for

delivery to the customer

(see 4.2.4).

The release of product and

delivery of service to thecustomer shall not proceed

until the planned

arrangements (see 7.1)

have been satisfactorily

completed, unless

otherwise approved by a

relevant authority and,

where applicable, by the

Paragraphs slightly re-arranged

for clarity and emphasis of

records.

Wording adjusted for clarity.

8/19/2019 Change in ISO9001-2008.pdf

16/17

 

Page 16 :

customer.

8.3 Control of non

conforming product

The controls and related

responsibilities and

authorities for dealing with

nonconforming product shall

be defined in a documented

procedure.

This paragraph has been

removed:

When nonconforming

product is detected after

delivery or use has started,

the organization shall take

action appropriate to the

effects, or potential effects,of the nonconformity.

 A documented procedure

shall be established to

define the controls and

related responsibilities and

authorities for dealing with

nonconforming product.

Where applicable, the

organization shall deal with

nonconforming product by

one or more of the following

ways:

d) by taking action

appropriate to the effects, or

potential effects, of the

nonconformity when

nonconforming product is

detected after delivery or

use has started.

Documented procedure given

more emphasis and brought to

the beginning of the clause.

Some flexibility introduced

through the words ‘where

applicable’.

Clauses have been re-arranged

so that ‘records’ is last.

8.4 Analysis of data. a) customer satisfaction

(see 8.2.1),

b) conformity to product

requirements (see 7.2.1),

c)characteristics and trends

of processes and products

including opportunities for

preventive action, and

d) suppliers.

a) customer satisfaction(see 8.2.1),

b) conformity to productrequirements (see8.2.4),

c) characteristics andtrends of processes andproducts includingopportunities forpreventive action (see8.2.3 and 8.2.4), and

d) suppliers (see 7.4).

New clause references addedfor guidance.

8.5.2 Corrective

action

f) reviewing corrective action

taken.

e) reviewing the

effectiveness of the

corrective action taken.

The word ‘effectiveness’ has

been added to this sub-clause

which strengthens the purpose

of this requirement. 

8/19/2019 Change in ISO9001-2008.pdf

17/17

 

Page 17 :

8.5.3 Preventive

action

e) reviewing preventive

action taken.

f) reviewing the

effectiveness of thepreventive action taken.

The word ‘effectiveness’ has

been added to this sub-clausewhich strengthens the purpose

of this requirement. 

 Annex A Updated to reflect ISO

9001:2008 versus ISO

14001:2004

 Annex B Updated to reflect ISO

9001:2008 versus ISO

9001:2000