ISO 9001:2015 – What You Need to Know

Why a new ISO 9001?

All ISO standards are reviewed every five years to establish if a revision is required to keep it current and relevant for the marketplace. The future ISO 9001:2015 will respond to the latest trends and be compatible with other management systems such as ISO 14001.

Although medical device manufacturers now follow ISO 13485, it’s important to remember that, when ISO 13485 was initially written, it was based on ISO 9000 and adopted many elements from it; consequently, when the latest revisions to ISO 9000 are published, medical device companies should take notice, since corresponding changes to ISO 13485 are likely to follow.

ISO 9001:2015 will represent the most significant change since 2000, when the standard moved from a checklist approach for inspecting the final product, to a process management approach that took into account all the critical areas of an organization and its interactions.

ISO 9001 is about to reach the Final Draft International Stage (FDIS ballot expected by July), the fifth stage of a six stage process, where the ISO subcommittee revising the standard will go through all the comments received in order to produce a final draft, which will then be put forward to all ISO members for voting. The final version is due to be published by the end of 2015.


While the scope will not change significantly, the structure will. At the very least, ISO 9001:2015 will give medical device companies a preview of some forthcoming revisions to ISO 13485 and a head start on implementing the necessary changes to ensure compliance. Let’s see below the main changes.

Context of the organization

This section asks organizations to consider — from a risk-management perspective — all the different internal and external factors that are critical to fulfil the needs of the customer. Those factors could include anything that might affect the organization’s ability to achieve its intended results, whether it’s infrastructure, people, regulations, or even raw materials.

Objectives and plans to achieve them

The current version of the standard requires organizations to define objectives and conduct reviews to check in on their status relative to the objectives. The new draft is more prescriptive about what needs to be done: not just defining the objectives, but defining who will be assigned to them, what actions will be taken to reach them, how progress will be monitored, and how results will be evaluated.

Risk Management

The term “preventive action” has completely been removed from the new ISO 9001:2015. In its place is “risk management” a concept that is addressed in detail in Section 6.1, “Actions to address risks and opportunities.”

The concept of risk management has been included to force organizations to think in a preventive mind-set. Organizations have to examine all of the internal and external factors that impact it, and determine those which could have major consequences.

What to do?

One of the main things medical device manufacturers can start working on now is aligning their documentation systems with the new ISO 9001 clause formatting. Eventually, ISO 13485 will have to align with ISO 9001. It might not occur with the first release of ISO 13485, but it will happen.

I am certified to ISO 9001:2008. What does this mean for me?

Organisations are granted a three-year transition period after the revision has been published to migrate their quality management system to the new edition of the standard.

For more information, contact us!

Get in touch

Share This

Copy Link to Clipboard