Show me desktop version

ISO 9001 Knowledge base

Strahinja Stojanovic

List of mandatory documents required by ISO 9001:2015

Since the publication of the new revision of ISO 9001 last month, many people have been wondering what documents are mandatory in this new 2015 revision. How many documents are required?

So, here is the list – below you will see not only mandatory documents, but also the most commonly used documents for ISO 9001 implementation.

Mandatory documents and records required by ISO 9001:2015

Here are the documents you need to produce if you want to be compliant with ISO 9001:2015. (Please note that some of the documents will not be mandatory if the company does not perform relevant processes.):

  • Scope of the QMS (clause 4.3)
  • Quality policy (clause 5.2)
  • Quality objectives (clause 6.2)
  • Criteria for evaluation and selection of suppliers (clause 8.4.1)



And, here are the mandatory records (note that records marked with * are only mandatory in cases when the relevant clause is not excluded):

  • Monitoring and measuring equipment calibration records* (clause 7.1.5.1)
  • Records of training, skills, experience and qualifications (clause 7.2)
  • Product/service requirements review records (clause 8.2.3.2)
  • Record about design and development outputs review* (clause 8.3.2)
  • Records about design and development inputs* (clause 8.3.3)
  • Records of design and development controls* (clause 8.3.4)
  • Records of design and development outputs *(clause 8.3.5)
  • Design and development changes records* (clause 8.3.6)
  • Characteristics of product to be produced and service to be provided (clause 8.5.1)
  • Records about customer property (clause 8.5.3)
  • Production/service provision change control records (clause 8.5.6)
  • Record of conformity of product/service with acceptance criteria (clause 8.6)
  • Record of nonconforming outputs (clause 8.7.2)
  • Monitoring and measurement results (clause 9.1.1)
  • Internal audit program (clause 9.2)
  • Results of internal audits (clause 9.2)
  • Results of the management review (clause 9.3)
  • Results of corrective actions (clause 10.1)

Non-mandatory documents

There are numerous non-mandatory documents that can be used for ISO 9001 implementation. However, I find these non-mandatory documents to be most commonly used:

  • Procedure for determining context of the organization and interested parties (clauses 4.1 and 4.2)
  • Procedure for addressing risks and opportunities (clause 6.1)
  • Procedure for competence, training and awareness (clauses 7.1.2, 7.2 and 7.3)
  • Procedure for equipment maintenance and measuring equipment (clause 7.1.5)
  • Procedure for document and record control (clause 7.5)
  • Sales procedure (clause 8.2)
  • Procedure for design and development (clause 8.3)
  • Procedure for production and service provision (clause 8.5)
  • Warehousing procedure (clause 8.5.4)
  • Procedure for management of nonconformities and corrective actions (clauses 8.7 and 10.2)
  • Procedure for monitoring customer satisfaction (clause 9.1.2)
  • Procedure for internal audit (clause 9.2)
  • Procedure for management review (clause 9.3)

So, this is it – what do you think? Is this too much to write? Do these documents cover all aspects of quality management?

Click here to download a white paper: Checklist of Mandatory Documentation Required by ISO 9001:2015, with more detailed information on the most common ways to structure and implement mandatory documents and records.

83 responses to “List of mandatory documents required by ISO 9001:2015”

  1. Davor Vugrinec says:

    Dear Kristan
    if you allready have ISO 9001 implemented, transfer to ISO 9001:2015 is much easyer than going from scratsch. Your ISO team is competent to doing that.

  2. C Yuceth Barcenas says:

    Thanks for the compilation. Regarding Records of training, skills, experience and qualifications, is this referred only to Quality MS aspects?
    I am starting to implement a solid Quality MS in the company I work for. Please, could you share some examples of Quality Objectives to compare with my proposal to board of directors? Thanks in advance.

    • Strahinja Stojanovic says:

      Records of training, skills, experience and qualifications refer to capability and competence to perform activities and processes and ultimately produce conforming products so the records should capture not only training regarding quality but any training the employees take while they are in the company.

      As far as the objectives are concerned, they should be related to the QMS (Quality Management System), example of such objective is to increase customer satisfaction by 10% compared to previous year. For more information, see:
      – How to Write Good Quality Objectives https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/

  3. Leandro says:

    Hello, and Thanks for all the information and courses offered.
    I am not sure about “Criteria for evaluation and selection of suppliers (clause 8.4.1)” as a mandatory document. It is not indicated like that. In addition, I think that 7.1.5.2 is closer to be a document as it is indicated that the criteria has to be recorded, so, probably it will be a documented standardized criteria. But 8.4.1 doesn’t indicate that the criteria has to be recorded or documented, it is only for the results.
    Thanks!

    • Strahinja Stojanovic says:

      I agree that there is no explicit requirement to document the criteria but, that is one of the safes ways to ensure consistency of the evaluation and repetitiveness of the results. Without documented criteria the only way to ensure consistency of the evaluation results is to have the same person conducting the evaluation every time.

  4. MOHAMMAD AHMAD says:

    Per ISO 9001:2015, is there a mandatory requirement to have a Risk Assessment/ Management procedure? Should these risk assessment/ management be at department/ project level or organization level?

    • Strahinja Stojanovic says:

      Hi Mohammad,

      The standard does not require documented procedure for risk assessment. Identification of risks and opportunities should be conducted on the level of the QMS primarily, but it can consequently be applied in processes and projects as well. The standard doe not have explicit requirements in this regard, so the organization itself can determine to what level of details does it need to conduct risk assessment.

      For more information, see: How to address risks and opportunities in ISO 9001 https://advisera.com/9001academy/blog/2016/06/21/how-to-address-risks-and-opportunities-in-iso-9001/

      Best regards,

      Strahinja

  5. Tri Nguyen says:

    Dear sir. is there the documents about organization knowledge to meet the clause 7.1.6 of ISO 9001. Please kindly send to me if you have those documents. Thanks

    • Strahinja Stojanovic says:

      Dear Tri,

      We haven’t developed any documents for organizational knowledge since the standard doesn’t requires this clause to be documented. Basically, the organization knowledge is stored in procedures, work instructions and other documents that describe how the organization is performing its activities, so there is no need for additional documentation.

      If you like, you can write in the manual or some other document who is responsible for identification and preservation of the knowledge, as well as making it available where is is needed.

      For more information, see: How to manage knowledge of the organization according to ISO 9001 https://advisera.com/9001academy/blog/2016/08/30/how-to-manage-knowledge-of-the-organization-according-to-the-iso9001/

  6. Chan Menghong says:

    Why is documented information on ” Criteria for evaluation and selection of suppliers (clause 8.4.1) ” mandatory ?
    The standards here specifies only ” retain ” documented information.

    • Strahinja Stojanovic says:

      Dear Chan,

      It is not explicitly required to document criteria for evaluation and selection of suppliers, but it is the only way to maintain consistency of the evaluation. By documenting the criteria you will ensure that there wont be any variation in the evaluation if different persons perform the evaluation and selection of suppliers

  7. prince kumar says:

    dear sir,
    kindly confirm me is the migration test of Product mandatory for iso 9001:2015.

    • Strahinja Stojanovic says:

      Dear Prince,

      Migration Test of Product is not explicitly required by the standard, however, if such record helps organization to produce or maintain conformity of the product, it can be considered as a mandatory document. The standard itself considers documents mandatory if are required by the standard itself and if are determined necessary by the organization to achieve effectiveness of the QMS or conformity of products and services.

      Best regards,

      Strahinja

  8. Abdul Haseeb says:

    Where can I find ISO 9001-2015 published document?

  9. Ahmed says:

    Assalam alikum,

    i work in information technology department, we dont use any equipment,

    how to fulfill this requirement “Monitoring and measuring equipment calibration records* (clause 7.1.5.1)” in Information technology industry.

    • Strahinja Stojanovic says:

      Dear Ahmed,

      Monitoring and measuring requirements are often excluded from the scope of QMS in information technology industry simply because most of the companies in this industry do not use monitoring and measuring equipment. If you company doesn’t use monitoring and measuring equipment or do not perform calibration to the equipment because of its nature, you can exclude this requirement from your QMS and you wont need to have such record.

      Best regards,

      Strahinja

  10. Muhammad Tanveer says:

    Strahinja Stojanovic can you help me.
    i am confusing about the document and record. We have the SAPs, SOPs and Equipment work instruction. The list of these Document we want make List of each. What should be the ISO Number for the list. The List should be the document or record.

    • Strahinja Stojanovic says:

      Dear Muhammad,

      The list you are mentioning should be considered as a record. I’m not sure what you mean by ISO number, if you are thinking of the clause of ISO 9001 to which the list should refer to, the clause is 7.5. If you are thinking about the identification number of the document within the QMS, you should apply your procedure for document and record control.

      Best regards,

      Strahinja

  11. Hala J says:

    Hello,

    where should we write the Scope of QMS is it fine if we added to the quality policy?

    • Strahinja Stojanovic says:

      Hi Hala,

      The scope can be documented in a separate document or Quality Manual, as it used to be in the previous version of the standard. Technically, you can document the scope within the policy but it is not a common practice.

      Best regards,

      Strahinja

  12. Aaron Dinglasan says:

    Hello! Can I asks if the seven quality management principles of ISO 9001:2015 can be used as a guidelines if the organizations is ready to be an ISO accredited?

    • Strahinja Stojanovic says:

      Hi Aaron,

      Yes, the principles can be used regardless of the desire of the organization to get certified or not. The principles represent good foundation for establishing Quality Management System even if you are not planning to implement all requirements of the standard.

      Best regards,

      Strahinja

  13. Abu Bakar says:

    Hi
    My Name is Abu Bakar (AB). i’m working in education chain and currently i’m working on shifting from ISO 9000: 2008 to ISO 9000: 2015. i don’t know which documents i should prepare and how to. if anyone have any sample or sample documents plz share with me. Your support highly appreciated. Thanks in advance.
    My email address is
    [email protected]

  14. security_2017 says:

    Hi there,
    Currently I am working at establishing an ISMS within an organization who is currently transitioning towards 9001:2015. Any suggestions on how to start this in order to integrate the two management systems? Right now I am studying both of the standards in order for me to find out the similarities and differences between them.
    Any help is welcome.
    Kind regards

    • Strahinja Stojanovic says:

      Hi,

      The best place to start is to identify common requirements of both standards and to implement them first. If the transition process for ISO 9001 is already on it’s way, the best would be to see to what extent it covers the common requirements of both standards and to add later parts of ISO 27001.

      Best regards,

      Strahinja

  15. Janice says:

    Hello, my name is Janice. Do you need to have a different document number for the same work instruction and same form that one is an English version and one is a Spanish Version? Thanks!

    • Strahinja Stojanovic says:

      Dear Jenice,

      Considering that the documents have the same content and they are only written in different languages, they can have the same document number. On the other hand, it is better to keep track on all documents by assigning them different ID number, or you can have in your document ID a mark for the different languages.For example, the document in english can have the ID 123.45.EN and the document in Spanish can have IS 123.45.ES.

      Best regards,

      Strahinja

  16. Mary Anne Kale says:

    mandatory documents for 4.1 and 4.2 ISO 9001:2015.

    • Strahinja Stojanovic says:

      Dear Mary Anne,

      ISO 9001dose not have requirements for documented information in clauses 4.1 and 4.2.

      Best regards,

      Strahinja

  17. Mary Anne Kale says:

    Thanks Strahinja I just needed someone’s confirmation! Enjoy your day.
    Mary Anne

  18. Muhammad Naveed Khan says:

    Tell me the sections belongs to quality policy, organogram, list of functions, smart objectives, job description, standard Operating Procedure, work instrucrions in ISO 9001:2015 ?

    • Strahinja Stojanovic says:

      Dear Mhammad,

      Requirements for quality policy are located in the clause 5.2. Organogram and list of functions are not mandatory documents but defining the organogram would be part of determining context of the organization (cause 4.1) and list of functions can be considered as part of requirements regarding roles and responsibilities (clause 5.1) the same can be said for the job descriptions, although they can be part of requirements regarding people (clause 7.1.2) and competence (clause 7.2).

      Operating procedures and work instructions are also not mandatory but can be considered as a part of requirements regarding operation (clause 8.1).

      Best regards,

      Strahinja

      • Muhammad Naveed Khan says:

        Dear Strahinja

        Thanks for your kind reply. I have be chosen as internal auditor and they have assigned me 5 audits. The check list for the audit or u can say what we are going to check in audit is quality policy, organogram, smart objectives, JDs, SOPs, work instructions and form & formates. So if u can guide me in this regard, please.

  19. vibhuti says:

    these are the mandatory and non mandatory standard operating procedures as well , right?

    • Strahinja Stojanovic says:

      The article covers both mandatory and most commonly used non-mandatory documents. As far as the non-mandatory documents are concerned, the organization can decide whether to create them all or to create some additional ones that can be useful for this specific organization.

      Best regards,

      Strahinja

  20. vinoth kumar says:

    I have one doubt Mr.Strahinja Stojanovic, Whether a exact Quality manual and respective documents and records are enough to obtain the ISO 9001:2015 certificate???
    and if it is ok that i don’t have Quality system procedure for each and every department in my firm

    • Strahinja Stojanovic says:

      Dear Vinoth,

      The requirements for documentation in new version of the standard are significantly decreased. The emphasis is no longer on how the process is conducted, but rather on conformity of the process outputs to the requirements.

      The organization itself can decide what is sufficient level of documenting the processes, some more simple processes wont need documented procedure, but some more complex ones will. Based on the competence of the employees and the risks within the processes, you will decide whether to document the procedure or not. You do not have to, by default, have documented procedures for every department in your company.

      Best regards,

      Strahinja

  21. Muhammad Hafizuddin Kamarudin says:

    Hye Mr Strahinja Stojanovic, may i know how can i refer the clauses of the documents regarding the ISO 9001:2015? Is there any example of completed documentation that i can download it from?

  22. Anand Kaveri says:

    Please guide whether context of organization to be determined at each department / functional level or it is sufficient to be at apex level at top management level only.

    • Strahinja Stojanovic says:

      Dear Anand,

      The context should be determined on the level of organization not on the level of processes. You need to determine what internal and external issues can affect the effectiveness of the QMS and customer satisfaction. The issues themselves can be related to some process, but you don’t need to analyze every process to determine its context.

      Best regards,

      Strahinja

  23. Anand Kaveri says:

    Please guide – whether context of organization needs to be determined at each department or functional level or only at apex level by top management .

    • Strahinja Stojanovic says:

      Dear Anand,

      The context need to be determine only on the top level, but it needs to include all relevant information from the processes.

      Best regards,

      Strahinja

  24. Anand Kaveri says:

    Thanks Strahinja

  25. Anand Kaveri says:

    Kindly explain what is required in clause 8.2.1e) contingency plan. Thanks

    • Strahinja Stojanovic says:

      Dear Anand,

      A contingency plan is sometimes referred to as “Plan B,” because it can be also used as an alternative for action if expected results fail to materialize. Contingency actions are taken in case when the products or services are not delivered or if the products and services provided are not compliant with requirements.

      Best regards,

      Strahinja

  26. Muhammed Adeiza says:

    how many relevant documented information in ISO 9001:2015?

  27. Jav Man says:

    does iso 1101 fall under the control of iso 9001???

    • Strahinja Stojanovic says:

      Dear Jav,

      ISO 1101 can theoretically fall under ISO 9001 only if it required by an interested party and it can be identified as need and expectation of an interested party, but ISO 9001 itself does not require in any way implementation or compliance with ISO 1101.

      Best regards,

      Strahinja

  28. Jav Man says:

    In other words, If my company follows iso 9001 compliance, does iso 1101 become a requirement ? Does it have to be followed? Thanks

    • Strahinja Stojanovic says:

      Dear Jav,

      ISO 1101 Geometrical product specifications (GPS) — Geometrical tolerancing — Tolerances of form, orientation, location and run-out is not mandatory for organizations that want to be ISO 9001 compliant, these two standards are not in any correlation, so you can implement them together or separately.

      Best regards,

      Strahinja

  29. I think the requirement of clause 8.4.1 is a form of Record… ?

    • Iciar Gallo says:

      Dear Franklin

      The clause 8.4.1 is referred in the standar as documented information needed to be maintained by the organization, then it is not a type of record. Records are documented information needed to be retained by the organization for the purpose of providing evidence of result achieved.

      Best regards

      Iciar

      • Thanks Iciar! Yes, the clue word is Retained for record versus Maintained for document right? But isn’t 8.4.1 using “retain documented information….?”

        • Iciar Gallo says:

          Dear Franklin, certainly since the standard ISO 9001:2015 mentions that documented information arises from the activities of clause 8.4.1 “must be retained”, then it is a type of record. We could say that a form is a document, and when it is completed becomes a record. Therefore, documents can change but records can´t. This is the case of the clause 8.4.1, where it is necessary to keep records as a proof of existence of the activities of evaluation, selection, monitoring of performance and re-evaluation of external providers. These files cannot be edited or re-created, so they are not considered documents but records.

  30. Michalis says:

    Hello to all! I have a question regarding companies selling products which require occasionally after an sales technical/scientific support (answering customers queries by phone, giving some guidance etc.) . Let’s suppose that there is no no standard protocol or procedure applied and followed inside the company for provision of this kind of support . Would ISO 9001 2015 still require the company to keep any documented procedure or anything similar? What if relative information is already documented as a part of of internal external issues in the QMS manual? Wouldn’t that be enough?
    Thank you.

    • Iciar Gallo says:

      Dear Michalis

      Organizations have to demonstrate that where applicable, they have taken postdelivery activities into account but it is not mandatory to write any procedure or protocol, although it can be beneficial in order to describe post-delivery processes and their responsibilities. You can include post delivery information in the manual but still you will need to have post delivery monitoring indicators, some kind of instructions or procedures, monitoring records, and also you will need to include a scoring section in the customer satisfaction survey.

      This kind of support that you have mentioned is known in the standard as post-delivery activities. ISO 9001:2015 requires organizations to meet requirements for post-delivery activities associated with their products and services. Post-delivery activities can include all customer requirements and contractual obligations like maintenance service. During customer communication the requirements for post-delivery activities such as any warranty, servicing or other support agreements, should be clearly and comprehensively identified, reviewed, agreed and recorded. This may be in the form of purchase orders / terms and conditions for example.

      This article can help you with the product realization – ISO 9001:2015 clause 8.5 product realization – practical examples for compliance: https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/#

      Best regards

  31. Michalis says:

    I have the impression that ISO 9001 2015 does not dictate anymore that a list of document and files regarding the QMS should be maintained by an organization, the same way QMS manual is now opcional. Could someone confirm?

    • Iciar Gallo says:

      Dear Michalis

      You still need to comply with a list of mandatory documents to meet ISO 9001:2015 requirements. Although the Quality Manual is no longer a mandatory document, some other documents and records remain mandatory in the new version of the standard. To better understand it – there are some changes in the new standard regarding the vocabulary used, ISO 9001:2015 no longer uses the terms “documents” and “records” but both now are called “documented information”. This documented information can be of two kinds:
      – documented information needed to be maintained by the organization, which covers procedures, policies, etc, that were referred in ISO 9001:2008 as documented procedures or just documents.
      -documented information to be retained by the organization, known as records in ISO 9001:2008 .

      Best regards

  32. Christian Pascual Bandera says:

    Hello sir. May I ask if Customer Feedback register (hard copy) is required for auditing? Before we are sending forms to our clients (supermarkets for the feedback)and now we are using survey monkey. Please advise if which is required. The old way which we are using papers because it was audited before by Certificating Body.And now we haven’t consulted yet for this way of survey.

    • Iciar Gallo says:

      Dear Christian

      Customer satisfaction is required by the standard as a tool to measure the level of satisfaction that your customers have with the organization and its products or services. Your company needs to collect this information to determine how good your organization conducts different activities (i.e. design, delivery, communication). How you collect and record this information is up to the organization, therefore you can keep a customer feedback register with the information provided by the surveys.

      Best regards

  33. Mark Santiago Santos says:

    Hello, May I ask, to which document should the context of the organization be included? Should it be a separate document like Quality Manual or could it be integrated in a document (i.e. a section in Quality Manual)?

  34. GOPAL CHANDRA HAZRA says:

    ISO 9001-2008 speaks of Management Representative who is responsible for implementation of QMS in the organisation. While auditing, I found maximum interaction with MR. Revised version of ISO 9001-2015 is silent of MR. Now who will be responsible for implementation of revised dersion of QMS in the organisation?

  35. GOPAL CHANDRA HAZRA says:

    Context of the organisation is mainly addressed in the manual of the organisation. Can the same be addressed in procedures by identification of issues & interested parties ?

  36. Sagar N says:

    Will you please elaborate, which clauses may be applicable to Production, Quality, maintenance and stores department of any organization?
    Thanks in advance.

  37. moideen says:

    What all are the documents mandatory for a organization dealing with Trading, installation and maintenace work.

Leave a Reply

Your email address will not be published. Required fields are marked *

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.