0 introduction

0.1 General
In this International Standard, the following verbal forms are used: shall
indicates a requirement; should indicates a recommendation; may indicates a
permission; can indicates a possibility or a capability.
0.2 Quality management principles
Described in ISO 9000: customer focus, leadership, engagement of people,
process approach, improvement, evidence-based decision making, relationship management.
0.3 Process approach
0.3.1 General -- Elements of a process
0.3.2 P-D-C-A cycle -- Structure of the standard in the PDCA cycle
0.3.3 Risk-based thinking
0.3.4 Relationship with other management system standards

1 scope

2 normative references
ISO 9000:2015 - fundamentals and vocabulary

3 terms and definitions

refered to ISO 9000:2015

4 Context of the organization (4)

4.1 Understanding the organization and its context
Monitor & review --> internal & external issues -- relevant to purpose and
strategic direction -- can affect intended output of QMS
4.2 Understanding the needs and expectations of interested parties
Monitor & review --> relevant interested parties to QMS - relevant
requirements to QMS

4.3 Determining the scope of the quality management system

Determine & document scope & justify non applicable ISO 9001 requirements-> 4.1 + 4.2 + products & services of the organization
4.4 Quality management system and its processes (2)
4.4.1 Establish, implement, maintain, continually improve a QMS, including
processes and their interactions.
4.4.2 Maintain and retain documented information to the extent necessary.

5 Leadership (3)
5.1 Leadership and commitment (2)
5.1.1 general
How demonstrate: taking accountability for QMS effectiveness,
ensuring establishment of QMS policy and objectives, ensuring integration QMS into business
processes, promoting Process + Risk-based thinking Approach, ensuring needed resources,
communicating the importance, ensuring QMS achieves intended outputs, managing people,
promoting improvement, supporting other management roles to demonstrate their leadership
5.1.2 customer focus
How demonstrate: ensuring requirements are determined, understood
and met; risk & opportunities are determined and adressed, focus on enhancing satisfaction is
maintained.
5.2 Policy (2)
5.2.1 establishing the quality policy
How: appropriate to purpose, context and strategic direction,
framework for objectives, includes commitment to satisfy requirements and continual
improvement.
5.2.2 communicating the quality policy
How:documented information, communicated, understood, applied
within the organization and available to relevant interested parties.
5.3 Organizational roles, responsibilities and authorities
Assure that are assigned, communicated & understood. Specific role for QMS
responsibilities and authorities.

6 Planning (3)
6.1. Actions to address risks and opportunities (2)
6.1.1 Consider 4.1 + 4.2 --> Determine risk and opportunities to be addressed
(achieve intended result, enhance desiderable effects, prevent+reduce undesired effects,
achieve improvement)
6.1.2 Plan actions, proportionate to the potential impact, integrated in QMS &
evaluate effectivenes
6.2. Quality objectives and planning to achieve them (2)
6.2.1 Establish and maintained as documented information, at relevant
functions, levels and processes: consistent with Policy, measurable, considering applicable
requirements, relevant, monitored, communicated, updated as appropriate
6.2.2 Determine what will be done, resources needed, responsible, when
should be completed, how will be results evaluated
6.3. Planning of changes
Carry out changes in a planned manner, considering purpose, integration of
QMS, availability of resources, allocation or reallocation of responsibilities and authorities.

7 Support (5)
7.1.Resorces (6)
7.1.1 General
Determine and provide what is needed to achieve conformity of
products and services, considering internal capabilities & constraints and what need to be
obtained from external providers.
7.1.2 People
Determine and provide the persons needed
7.1.3 Infraestructure
Determine, provide and maintain the infraestructure needed:
buildings, equipment, transportation, IT
7.1.4 Environment for the operation of processes
Determine, provide and maintain the environment needed: human and
physical factors.
7.1.5 Monitoring and measurement equipments

7.1.5.1 General -- Determine, provide and maintain suitable resources,

and retain documented information, to ensure valid and reliable monitoring and measuring
activities.
7.1.5.2 Measurement traceability -- When mandatory or needed,
calibrate, verify, identify & safeguard measuring equipments, and in case of unfit equipment,
determine validity of previous measures and take appropriate actions.
7.1.6 Organizational Knowledge
Determine, maintain and make available the knowledge needed. In
case of changes, determine how to acquire needed knowledge.
7.2 Competence
Determine the necessary one, ensure it and provide it when needed,
evaluating effectiveness and retaining documented information as evidence.
7.3 Awareness
People working under organizations's control must be aware of policy, relevant
objectives, their contributions and implications of nonconformity.
7.4 Communication
Determine relevant internal and external communication, including: what,
when, with whomm, how and who communicate
7.5 Documented information (3)
7.5.1 General
Required and determined as necessary documented information.
7.5.2 Creating and updating
Consider identification and description; format and media; review and
approval activities.
7.5.3 Control of documented information
7.5.3.1 Availability and protection
7.5.3.2 Internal and external documentation: distribution, access,
retrieval, use, storage, preservation, control of changes, retention and disposition activities.
Protect records from unintended alterations.

8 Operation (7)
8.1 Operational planning and control

Plan, implement, control and document processes to meet product & services
requirements
Present a suitable output; control planned changes; ensure outsourced
processes
8.2 Requirements for products and services (4)
8.2.1 Costumer communication
Include: information, enquiries, contracts, orders, changes, feedback,
complaints, customer property, requirements for contingency actions
8.2.2 Determining the requirements for products and services
Include: applicable legal requirements, necessary considered by the
organization, can meet claims
8.2.3 Review of the requirements for products and services (2)
8.2.3.1 Ensure ability to meet requirements before commitment -Review requirements specified by the customer, necessary for the specified or intended use,
specified by the organization, applicable legal, contract or order differing from previously
expressed -- confirm them before acceptance when they are not documented
8.2.3.2 Retain documented information on results of the review and
any new requirements
8.2.4 Changes to requirements for products and services
Amend documented information and make aware relevant persons.
8.3 Design and development of products and services (6)
8.3.1 General
Establish, implement and maintain a design & development process
8.3.2.Design and development planning
Consider: nature, duration and complexity of D&D activities; required
stages, including reviews; required verification and validation activities; responsibilities and
authorities involved; internal and external resources needs; control of interfaces between
persons involved; need of involving customers and users; requirements for subsequent
provision of products and services; level of control expected by customers and other
stakeholders; documented information needed to demonstrate
8.3.3 Design and developtment inputs

Determine and Retain DI, considering: functional and performance

requirements, information of previous designs, legal requirements, commited standards or
codes of practice, potential consequences of failure.
Shall be adequate, complete and unambiguous. Conflicting inputs shall
be resolved.
8.3.4 Design and development controls
Apply controls to ensure: results to be achieved are defined; review,
verification and validation activities are conducted; any necessary actions are taken on
problems determined; DI is retained.
8.3.5 Design and development outputs
Retain DI, and ensure : outputs meet input requirements, are adequate
for the provision of products and services, include monitoring and measuring requirements
and acceptance criteria, and specify the essential characteristics of products and services for
the intended purpose and safer and proper provision.
8.3.6 Design and development changes
Identify, review and control changes to ensure no adverse impact on
conformity. Retain DI on changes, results of reviews, authorization of changes and actions
taken to prevent adverse impacts.
8.4 Control of externally provided processes, products and services (3)
8.4.1 General
Ensure conformity. Determine controls when products & services of
providers are intended to be incorporated in own products & services, are directly supplied to
the customer, or process is externally provided.
Apply criteria and retain DI for evaluation, selection, monitoring of
performance and re-evaluation, and any actions taken.
8.4.2 Type and extent of control
Ensure they do not adversely affect the ability of the organisation.
Ensure they remain within the control of the QMS
Define controls to the provider and to the resulting output
Consider the potential impact on ability to meet customer and legal
requirements, and the effectiveness of the controls
Determine verification or other activities necessary to ensure meeting
requirements

8.4.3 Information for external providers

Ensure adequacy of requirements prior to their communication to the
provider.
Communicate: requirements for processes, products and services; the
approval of products and services, methods, processes and equipments, the release of
products and services; competence including qualification of persons; interactions of providers
with the organisation; control and monitoring of the performance; verification or validation
activities intended to be applied by the organisation or the customer at provider's premises.
8.5 Production and service provision (6)
8.5.1 Control of production and service provision
Provision under controlled conditions, including, as applicable: DI for
products, services, activities and results to be achieved; monitoring and measuring resources;
monitoring and measurement activities at appropriate stages; infraestructure and
environment for the operation; competent persons, including qualification; validation and revalidation activities for processes when their outputs could not be verified; actions to prevent
human error; release, delivery and post-delivery activities.
8.5.2 Identification and traceability
Identify outputs when it is necessary; identify the status of outputs
with respect to monitoring and measurement requirements; control de unique identification
when traceability is a requirement and retain DI to enable it.
8.5.3 Property belonging to customers or external providers
Exercise care when they are under organisation's control or being used
by the organisation: identify, verify, protect and safeguard them. When it is lost, damaged or
unsuitable for use, report it and retain DI.
8.5.4 Preservation
Preserve outputs during product and service provision to ensure
conformity.
8.5.5 Post-delivery activities
Meet requirements for this activities, considering: legal requirements;
potencial undesired consequences associated with products and services; nature, use and
intended life-time of products and services; customer requirements; customer feedback.
8.5.6 Control of changes
Review and control changes and retain DI of results, person authorising
the change and necessary actions.
8.6 Release of products and services

Shall not proceed until planned arrangements for verfying have been
satisfactory completed, unless approval of a relevant authority or the customer.
Retain DI including:evidence of conformity with acceptance criteria;
traceability to the person authorising release.
8.7 Control of nonconforming outputs (2)
8.7.1 Identify and control to prevent unintended use or delivery. Take
appropriate actions, in one of the following ways: correction (and verify again); segregation,
containment, return or suspension of provision; informing the customer; obtaining
authorisation for acceptande under concession.
8.7.2 Retain DI that describes the NC, actions taken and concessions obtained,
and identifies the authority deciding the action.

9. Performance evaluation (3)

9.1 Monitoring, measurement, analysis and evaluation (3)
9.1.1 General
Determine: what, how (methods) and when monitor and measure, and
when results shall be analysed and evaluated.
Evaluate the performance and effectiveness of the QMS and retain DI
as evidence.
9.1.2 Customer satisfaction
Determine methods for obtaining, monitoring and reviewing
customers' perceptions of the degree in which their needs and expectations have been
fulfilled.
9.1.3 Analysis and evaluation
Analyse data and information from monitoring and measurement, and
use the results to evaluate conformity of products and services, degree of customer
satisfaction, performance and effectiveness of the QMS, effective implementation of planning,
effectiveness of actions to address risks and opportunities, performance of external providers,
and need for improvements to the QMS.
9.2 Internal audit (2)
9.2.1 Conduct internal audits at planned intervals to verify it QMS conforms to
its requirements and the standard requirements, and if it is effectively implemented and
maintained.

9.2.2 Plan, establish, implement and maintain an audit programm, define audit
criteria and scope for each audit, select auditors and ensure objectivity and impartiality of the
audit process, report results to relevant management, take correction and corrective actions
without undue delay, and retain DI.
9.3 Management review (3)
9.3.1 General
Top management shall review the QMS at planned intervals.
9.3.2 Management review inputs
Status of actions from previous management reviews, changes in
external and internal issues, performance and effectiveness of the QMS (customer satisfaction
and feedback from relevant stakeholders, quality objectives achievement, process
performance and conformity or products and services, non conformities and corrective
actions, monitoring and measurement results, audit results and performance of external
providers), adequacy of resources, effectiveness of actions to address risks and opportunities,
and opportunities for improvement.
9.3.3 Management review outputs
Decisions and actions related to opportunities for improvement, need
for changes to QMS and resource needs. Retain DI.
10. Improvement (3)
10.1 General
Determine and implement opportunities for improvement to meet and
enhance customer satisfaction, improving products and services, correcting, preventing and
reducing undesired effects and improving the performance and effectivenes of the QMS.
10.2 Nonconformity and corrective actions (2)
10.2.1 React to the nonconformity (take action to control and correct it, and
deal with consequences), evaluate the need for action to eliminate the cause, implement any
action needed appropriately to the effects of th nonconformities encountered, update risks
and opportunities determined during planning, and make changes to the QMS, if necessary.
10.2.2 Retain DI of the nature of nonconformities, actions taken and results of
corrective actions.
10.3 Continual improvement
Continually improve suitability, adequacy and effectiveness of the QMS,
considering results of analysis and evaluation and management review.

Annex A - Clarification of new structure, terminology and concepts

Annex B - Other standards
Bibliography