Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO9001 Requirements Explained

The ISO9001 quality management standard is by far the most popular of the management system standards produced by ISO, with around a million organizations certified to it worldwide. It provides an assurance both to the organization itself and to its customers and regulators that quality is at front and centre of the way things are done and that continual improvement is at work. In this blog we look at the requirements of ISO9001 and summarise what must be done to become certified to this well-regarded standard.

Overall structure

Since its last update in 2015, ISO9001 has followed what is known as the “Annex SL” structure of management system standards. This is a common definition of headings and wording that must be used across all standards that have a management system at their heart, such as ISO14001 (environmental management), ISO27001 (information security) and ISO45001 (occupational health and safety). This structure dictates that the requirements of the standard (the things that must be complied with if certification is to be achieved) are contained under the following major headings:

  1. Context of the organization
  2. Leadership
  3. Planning
  4. Support
  5. Operation
  6. Performance evaluation
  7. Improvement

In order to understand the requirements of ISO9001 let’s take a look at each of these clauses of the standard in turn.

Clause 4 - Context of the organization

Within this clause, ISO9001 requires that four items are defined. First, the external and internal issues that affect the success of its objectives; for example, an external issue might be the economic outlook and an internal issue might be employee relations. Second, the interested parties of the quality management system (QMS) and how they interact with it. Third, the scope of the QMS – that is what’s included and excluded, such as offices and departments. Lastly, this clause asks you to define the processes involved in the QMS and what’s needed to make them run smoothly.

Clause 5 - Leadership

Top management is required to show that they support the QMS and the standard provides a list of ways that they can do this, with customer focus being given special emphasis. There is then a need for a quality policy and a clear definition of the roles involved in the QMS and what they do.

Clause 6 - Planning

Risk assessment is a key part of the ISO9001 standard and this clause requires that risks to the QMS (and also opportunities for it) are identified and actions taken to address them. There is also a need to set objectives and plan how they will be achieved, as well as carrying out changes in a planned way.

Clause 7 - Support

This clause covers a wide variety of requirements, including the resources needed to operate the QMS (such as people, infrastructure and monitoring), making sure that people are competent to carry out their roles, general awareness of the QMS and communication about it, through to how documentation should be created and maintained.

Clause 8 - Operation

Clause 8 is where the main part of the ISO9001 standard sits, and a long list of requirements covers how products and services are defined, designed and developed, produced, released and managed. This will take some effort to interpret in the context of your specific organization and its products and services, to understand exactly what is needed for conformance to the standard. But in essence you will need a fully thought-through end-to-end process in which customer requirements are effectively turned into finished product or service. And don’t forget the role of external parties in that process too. This clause is where you’re likely to (justifiably) spend the most time and likely get the most benefit

Clause 9 - Performance evaluation

Once you’ve completed the hard work of defining your processes, this clause asks you to consider how you will be able to tell if they are working properly. It also requires you to pay attention to what your customers think.

You’ll need to put an internal audit programme in place and hold regular management reviews to look at how your QMS is performing.

Clause 10 - Improvement

Having defined everything, there is a strong requirement to ensure that your QMS gets better over time and that anything that goes wrong (a “nonconformity”) is addressed promptly.

The ISO9001 journey

If you’re feeling that this sounds like a lot of work then you’re not wrong – it is. But there must be a reason why that million organizations worldwide have gone to all of this effort, surely? Well, leaving aside the benefits of reassuring your customers about quality, there are many ways in which a QMS transforms your organization for the better and makes the effort seem worthwhile. Having a detailed look at what you do and how (and why) you do it will inevitably generate a lot of creative thought, out of which will come efficiencies, new ways of working, improved customer satisfaction and ultimately, more sales. The trick in meeting the requirements is to think carefully about how they apply to your situation specifically, and how they will improve what you do. Chances are, if they don’t improve things, then you haven’t understood the requirements correctly.


Download your free ISO9001 implementation guide

For more detail on the requirements of the standard, download our free 30-page implementation guide.


  • Privacy Policy


    When you request to download our free implementation guide, we use your name, company name (which is optional), phone number, country and your email address to email you a link to download the requested document. We may also email or call you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

We’ve helped more than 4000 businesses with their compliance


The content is exactly what we needed to get started. We lean heavily on the templates to get most of the key points for each section in place and can focus on those points that are most important to us.


View all Testimonials