Jack Sehkon and Associates Inc.

10 Core Elements of a Quality Management System (QMS)

Learn about the 10 clauses of a Quality Management System in detail.

Core elements of an ISO 9001 quality management system (QMS)

Clause 1 - Scope of ISO 9001 Standard

Indirectly conveys the message why do you need a QMS. It covers if you need to meet customer requirements and statutory/regulatory requirements (related to product) and enhance customer satisfaction, then you need to adopt ISO 9001 based QMS. It also covers any exclusions from clause 8 as long as that exclusion does not impact on your organization’s ability to deliver products that meet customer requirements and statutory/regulatory requirements.

Clause 2 - Normative References

It references ISO 9000:2015, Quality management systems — Fundamentals and vocabulary.

Clause 3 - Terms and definitions

It references ISO 9001:2015.

Clause 4 - Organizational Context

Clauses 4.1 and 4.2 Understanding Organization Context

Covers identifying internal and external issues along with stakeholders relevant to your organization’s purpose and strategic direction. This can be achieved using SWOT and PESTLE tools combined with risk assessment (Organizational Risk Register) to develop a strategic plan supported by operational plan(policies and procedures) at the working level. Finally, it requires monitoring and reviewing of internal/external issues/stakeholders to ensure these remain relevant. 

Clause 4.3  Scope 

Scope’ of QMS is determined based on products and services as well as internal/external issues and relevant stakeholders. It provides provision for exclusion from clause 8 based on justification. Scope must be documented.

Clause 4.4 QMS and Processes 

Refers to overall QMS and technically covers all ISO 9001 clauses in the form of text based on PDCA cycle. It especially covers processes identification based on process approach model and can be termed as Functional Process Lists. Finally, it generically covers the extent of documented information to be maintained and retained for the whole QMS.

elements of qms

Clause 5 - Leadership

Clause 5.1/5.2 Leadership Commitment 

Relates to obligations from leadership with respect to QMS. Some of the key ones include ensuring alignment of QMS with the strategic plan, delivery of intended outcomes of QMS, being accountable for the QMS and promoting the process approach and risk-based thinking. It additionally requires leadership and commitment with respect to customer focus.

elements of a quality management system

Clause 5.2 Policy 

Requires leadership to take a direct role in establishing, implementing, and maintaining a quality policy consistent with strategic plan and 3 required commitments. The policy must be documented.

Clause 5.3 Roes/Responsibilities/Authorities 

Requires leadership to ensure roles/responsibilities/authorities are assigned, communicated, and understood for the development, implementation, and maintenance of QMS and its integrity.

Clause 6 - Planning

Clause 6.1 Actions to Address Risks and Opportunities

Requires organizational risks to be determined based on organizational context and stakeholders. Furthermore, these risks require to be mitigated in conjunction with operational risks identified in Clause 4.4. The effectiveness of risk mitigation is also required. This clause provides the framework for QMS which is pivotal for a prevention-based management system.

fundamental elements of qms

Clause 6.2 Quality Objectives and Means to Achieve Them

Quality objectives require to be established based on product conformance, customer satisfaction factors as well as other requirements including compliance with statutory/regulatory requirements. The objectives could be static or dynamic and must be measurable, consistent with quality policy and established at various functions and levels depending upon the size and nature of the organization.

The objectives could be targeted towards process, product, customer, compliance, organizational financial performance, and employee engagement. The objectives must be documented. In addition, objectives are required to be supported by programs that address various steps, responsibilities, resources, and timelines.

Clause 6.3 Planning of Changes

ISO 9001 Standard requires a change management system for QMS. The change management system must cover change identification, change consequences assessment including responsibilities to maintain the integrity of QMS.

Looking to certify your organization's QMS?

Contact JSA Inc. for questions related to your company’s QMS certification. Our proven and successful strategies can help you achieve QMS certification without any delays and hassles. Hire JSA for certification project!

Clause 7 - Support

Clause 7.1.1/7.1.2 General/People

This clause covers the determination and provision of all resources (human and infrastructure) for the development, implementation, and maintenance of QMS. The purpose is to explore the constraints of existing resources and determine potential outsourcing.

Clause 7.1.3 Infrastructure

This clause covers the determination, provision, and maintenance of infrastructure for the development, implementation, and maintenance of QMS. The processes related to the infrastructure include project management, equipment installation/commissioning/start-up and equipment maintenance.  The infrastructure included could be equipment, software, transportation, and communication technology.

Clause 7.1.4 Environment for Operation of Processes

This clause covers the determination, provision, and maintenance of work environment for the conformity of the products/services. The work environment factors also include human and physical factors such as social, psychological, and physical aspects.

Clause 7.1.5 Monitoring and Measuring Resources

This clause deals with determination and implementation of monitoring and measuring requirements as well as resources for valid and reliable results to verify the conformity of products and services to specified requirements. The required monitoring and measuring resources will be suitable for the type of monitoring and measuring and maintained to be fit for the purpose intended.

When measurement traceability is required, the monitoring and measuring equipment is required to be:

  • verified and calibrated.
  • identified for status.
  • protected from damage and deterioration.

It is required to take appropriate action on faulty M/M equipment and products affected when found unfit.

7.2 Competence

It is required to establish necessary competence for employees based on training, education and experience for the effectiveness of QMS. Training needs are identified, and gaps are addressed through CBT, buddy system and job observation. It is also required to assess the effectiveness of the actions taken. Appropriate evidence of competence is required to be retained.

 7.3 Awareness

It is required to cause awareness of QMS that can be done through the following:

  • Process Lists
  • Strategic Plan
  • Risk Registers
  • Quality Policy/Objectives
  • System Procedures
  • Operating Procedures
  • Work Instructions
  • Supporting Tools
  • Legal Register

7.4 Communication

This requires internal and external QMS communication based on who, what, when and how.

7.5 Documented Information

This clause requires maintaining and retaining documented information for the QMS based on:

  • Requirements of ISO 9001 Standard defined in clause by clause
  • Requirements determined by your organization based on process identification and functional risk registers.

In addition, requirements for documented information controls are defined that can include:

  • New document approval for adequacy and suitability
  • On-going review based on risk assessment.
  • Typical documented information controls
  • Identification of documents of external origin and their control.

Clause 8 - Operation

8.1 Operational Planning and Control

This clause requires planning, implementing, and controlling the processes identified through process identification and risk assessment (clause 4.4 and 6.1) and implement action identified in clause 6 by:

  • Defining the products/services requirements
  • Developing processes
  • Identifying the criteria for all processes (including outsourced processes) pertaining to clauses 4 through 10 including acceptance criteria for products and services
  • Providing necessary resources for conformity of products and services
  • Executing the planned processes

One of the ways to achieve the above could be using a Quality Plan.

The last requirement is to determine and maintain/retain documented information for high risk processes.

8.2 Requirements for Products and Services

Before making a commitment to the customer for products/services, this clause requires an organization to do the following:

  • Determine requirements for products and services including applicable statutory and regulatory requirements.
  • Confirm their ability to meet committed requirements.
  • Conduct a review of all commitments made including any contract changes or amendments.

It is required to retain documented information on the results of the review.

Typical documented information that could cover this clause includes RFP, RFQ, Tender documents, Contract etc.

8.3 Design and Development of Products and Services

This clause requires that an overall design and development process be established, implemented, and maintained to ensure that subsequent products and services can be realized. Development means conceptual design whereas design/development refers to detailed design. 

This clause is broken into subsequent clauses:

  • 8.3.2 Design and Development Planning
  • 8.3.3 Design and Development Inputs 
  • 8.3.4 Design and Development Controls
  • 8.3.5 Design and Development Outputs
  • 8.3.6 Design and Development Changes

8.3.2 Design and Development Planning

This clause indirectly hints at determining the design and development stages with appropriate controls for the overall design and development process. It further lays out considerations for managing the stages and their controls based on:

  • the design/development nature and complexity.
  • Number of process stages, including applicable reviews.
  • the verification and validation aspects. 
  • the overall responsibilities. 
  • the resource needs. 
  • any interfaces between persons involved. 
  • any involvement of customers and users.
  • the requirements for manufacturing and service delivery. 
  • the level of control by customers and other stakeholders.
  • documented information needed. 

The above can be achieved by having a Design and Development Plan.

8.3.3 Design and Development Inputs 

This clause requires the determination of the requirements essential for the specific types of products and services to be designed and developed. 

In order to design and develop, the organization could consider following inputs: 

  • functional and performance requirements. 
  • information derived from previous similar design and development activities. 
  • statutory and regulatory requirements and applicable standards or codes of practice.
  • potential consequences of failure

The typical inputs could be customer requirements, applicable legislation for the products and services, previous successful designs, and previous lessons learned. It is required to retain documented information on design and development inputs.

8.3.4 Design and Development Controls

This clause requires controls to be applied during design and development to ensure intended outputs are achieved. The controls include:

  • Design Reviews-reviews conducted at design stage levels to ensure intermediate outputs satisfy respective inputs. Reviews could include ongoing drawing checks, calculations and software outputs. It is required to retain documented information on design and development reviews.
  • Design Verification– ensure overall design and development outputs satisfy the design inputs. The verification could consist of a number of reviews. Verification could include consolidated reviews or alternate methods to validate the design and development. It is required to retain documented information on design and development verification.
  • Design Validation– ensures design/development is fit for the purpose it was intended. Validation could include client approvals, equipment performance tests or hydrostatic tests. It is required to retain documented information on design and development verification.
  • 8.3.5 Design and Development Outputs

It is required that design outputs meet design inputs and allow manufacturing of the product and delivery of services through defined monitoring and measuring activities with acceptable criteria. In addition, the outputs specify the requirements for product characteristics to ensure safe and proper operation of products/services. It is required to retain documented information on design and development outputs. The outputs could include stamped drawings, calculations, software program printouts, equipment performance specifications, operating manuals and maintenance manuals.

  • 8.3.6 Design and Development Changes

Management of change process is required for managing design and development changes.

8.4 Control of externally provided processes, products and services

8.4.1 General 

It is required to determine the controls to be applied to externally provided processes, products and services under various scenarios:

  • External provider’s products and services become a part of the organization’s own products and services such as a component or a part.
  • Products and services are provided directly to the customer(s) by external providers on behalf of the organization. 
  • a process, or part of a process, is provided by an external provider as a result of a decision by the organization such as painting, and sandblasting.

It is required to put a process in place for the evaluation, selection, monitoring of performance, and re-evaluation of external providers including criteria for decision-making.  A supplier qualification questionnaire can be used to execute this process. It is required to retain appropriate documented information. 

  • 8.4.2 Type and extent of control 

It is required to take accountability of all processes (including outsourced processes) and apply controls to external provider as well as provided products/services. The type and nature of controls will be based on the following:

  • the risk assessment of the externally provided processes, products, and services on the organization’s product/services.
  • the effectiveness of the controls applied by the external provider either administrative or through documentation.
  • verification, or other activities to ensure conformance such as source surveillance.
  • 8.4.3 Information for external providers 

It is required to ensure that requirements are adequately defined prior to their communication to the external provider regarding Purchase Order. 

These requirements shall include:

  • the processes, products, and services to be provided.
  • the approval of products and services and methods, processes and equipment as appropriate
  • the release of products and services.
  • competence, including any required qualification of persons; 
  • the external providers’ interactions with the organization.
  • control and monitoring of the external providers’ performance 
  • verification or validation activities at supplier’s premises.

8.5 Production and service provision 

8.5.1 Control of production and service provision 

This is the clause responsible for manufacturing of the product or delivery of services.

It is required to manufacture the product or deliver services under controlled conditions. These controlled conditions include, as applicable: 

  • the availability of documented information such as operating procedures, work instructions and supporting tools. 
  • the availability and use of suitable testing and inspection equipment. 
  • the execution of testing, inspection, review, verification and validation activities at appropriate stages to verify that processes and products/services conform with acceptance criteria. 
  • the use of suitable infrastructure (equipment, machinery, IT equipment, Software and communication technology and environment (physical, social, and psychological) for the operation of processes. 
  • the appointment of competent persons, including any required qualification such as welder certification. 
  • the validation, and periodic revalidation of processes whose output is not measurable. 
  • the implementation of actions to prevent human error such as culture enhancement and training. 
  • the implementation of release, delivery and warranty/servicing activities related to product/services.

8.5.2 Identification and traceability

This clause requires identification of product/service status and traceability where required by the customer or applicable statutory/regulatory authority. It is required to retain the documented information necessary to enable traceability.

8.5.3 Property belonging to customers or external providers.

It is required to identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services. When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, it is required to report this to the customer or external provider and retain documented information on what has occurred.

8.5.4 Preservation 

It is required to preserve through identification, handling, contamination control, packaging, storage, transmission or transportation, and protection outputs during production and service provision, to the extent necessary to ensure conformity to requirements. 

8.5.5 Post-delivery activities

It is required to meet requirements for post-delivery activities associated with the products and services. In determining the extent of post-delivery activities, the following is considered:

  • statutory and regulatory requirements. 
  • the potential undesired consequences associated with its products and services. 
  • the nature, use and intended lifetime of its products and services. 
  • customer requirements. 
  • customer feedback. 

Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

8.5.6 Control of changes 

It is required to review and control changes for production or service provision to ensure continuing conformity with requirements and retain documented information.

element of qms

8.6 Release of products and services

It is required to implement defined plan, at appropriate stages, to verify that the product and service requirements have been met. The release of products and services to the customer is not permitted unless approved by the customer or applicable statutory authority. It is required to retain documented information on the evidence of conformity and traceability to the person(s) authorizing the release.

8.7 Control of nonconforming outputs 

This clause does not only apply to final product but also to intermediate products or process outputs. It is required that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery. The appropriate action is based on the nature of the nonconformity and its effect on the conformity of products and services. It provides several options to deal with nonconformity. Conformity to the requirements is verified when nonconforming outputs are corrected. It is required to retain documented information on nonconformity description, actions taken, and identification of the authority deciding the action.

Consult JSA today to get started!

Clause 9 - Performance Evaluation

9.1 Monitoring, measurement, analysis, and evaluation

9.1.1 General 

This clause requires to determine regarding monitoring and measuring: 

  • what 
  •  methods (how to) 
  • when 
  • when to analyze and evaluate results. 

This clause is used to monitor and measure products, processes and QMS.

The data collected during monitoring and measuring is called raw data. This data could be static or dynamic, absolute or relative. It could involve techniques including statistical. The data collected could lead to KPIs.

It is required to retain appropriate documented information as evidence of the results. 

9.1.2 Customer satisfaction 

It is required to monitor customer satisfaction using defined methods. Examples of monitoring customer satisfaction can include customer surveys, customer feedback on delivered products and services, meetings with customers, market-share analysis, compliments, warranty claims and dealer reports. 

9.1.3 Analysis and evaluation 

It is required to analyze and evaluate appropriate raw data and information arising from monitoring and measurement. The raw data (KPIs) can be trended and the deviations from the norm evaluated to determine the following:

  • products and services conformance (product/service KPIs) 
  • the degree of customer satisfaction (customer satisfaction index) 
  • the performance and effectiveness of the quality management system (quality objectives and QMS KPIs)
  • planning implementation effectiveness (cycle time, yield, throughput)
  • the effectiveness of actions taken to address risks and opportunities (validation of risk register
  • the performance of external providers (quality, service, and delivery)
  • the need for improvements to the quality management system. 

9.2 Internal audit 

It is required to conduct internal audits at defined schedule to provide information on whether the quality management system conforms to: 

  • the organization’s own requirements for its quality management system. 
  • the requirements of ISO 9001 Standard; and
  • is effectively implemented and maintained. 

It requires that an audit program planned, established, implemented and maintained based on specific requirements:

  • Include the frequency, methods, responsibilities, planning requirements and reporting, based on risk assessment, changes affecting the organization, and the results of previous audits. 
  • define the audit criteria and scope for each audit. 
  • select auditors and conduct audits to ensure objectivity and the impartiality of the audit process. 
  • ensure that the results of the audits are reported to relevant management. 
  • take appropriate corrections and corrective actions without undue delay. 
  • retain documented information as evidence of the implementation of the audit program and the audit results. The documented information could include audit plan, audit checklist, audit procedure, audit report, process requirements matrix, risk matrix.

9.3 Management review 

This clause is an excellent tool for leadership to demonstrate their commitment to QMS by ensuring that QMS continues to be suitable, adequate and effective and aligned with strategic plan. 

Following management review inputs based on analyzed data are required to be addressed:

  •  the status of actions from previous management reviews (outstanding items) 
  • changes in external and internal issues that are relevant to the quality management system (SWOT and PESTLE) 
  • information on the performance and effectiveness of the quality management system, including trends in: 
    • customer satisfaction and feedback from stakeholders KPIs. 
    • the extent to which quality objectives have been met. 
    • process performance and conformity of products and services (product and process KPIs) 
    • nonconformities and corrective actions (NCR KPIs)
    • monitoring and measurement results (testing, inspection, review, verification, and validation KPIs) 
    • audit results (Audit KPIs)
    • the performance of external providers (service, delivery, quality, and cost) 
    • the adequacy of resources. 
    • the effectiveness of actions taken to address risks and opportunities (risk register validation) 
    • opportunities for improvement. 

It is required that the outputs of the management review include decisions and actions with timelines and responsibilities related to: 

  • opportunities for improvement. 
  • any need for changes to the quality management system; 
  • resource needs. 

It is required to retain documented information as evidence of the results of management reviews.

core element of quality management system

Clause 10 -Improvement

10.1 General 

The process to determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction must include:

  • improving products and services to meet requirements as well as to address future needs and expectations. 
  • correcting, preventing or reducing undesired effects. 
  • improving the performance and effectiveness of the quality management system.

10.2 Nonconformity and corrective action

when a nonconformity occurs, including any arising from complaints, it is required to

  1. react to the nonconformity and, as applicable: 
  • take action to control and correct (immediate fix) it. 
  • deal with the consequences resulting from nonconformity such as work stoppage.
  1. b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by: 
  • reviewing and analyzing the nonconformity using process approach. 
  • determining the causes (root) of the nonconformity using a proven methodology
  • determining if similar nonconformities exist or could potentially occur.
  1. c) implement any action needed such as corrective action 
  2. d) review the effectiveness of any corrective action taken by observing the symptoms recurrence. 
  3. e) update risks and opportunities determined during planning (risk register), if necessary; 
  4. f) make changes to the quality management system using change management system, if necessary. 

Corrective actions must be based on fiscal sanity.

It is required to retain documented information on the nature of the nonconformities and any subsequent actions taken, and the results of any corrective action. 

10.3 Continual improvement

This is the last clause to reap the benefits of all the work done so far. It is required to continually improve the suitability, adequacy, and effectiveness of the quality management system by utilizing the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.

Looking to get certified? We offer online training courses!

Sign up for our QMS Courses

Related Blogs

  • What is ISO 9001? – Learn about ISO 9001 standard, its purpose, benefits, how to implement it, get certified and more.
  • What is Quality Management Systems? – An easy guide to a Quality Management System – definition of QMS, its benefits, purpose, past of quality and more.
  • ISO 9001:2015 standard – Learn about ISO 9001 principles, how the structure has changed, risk based thinking and more.

Case Studies

Justice Institute of B.C.

(Post-Secondary Institute) Jack Sekhon and Associates assisted Justice Institute in achieving certification to ISO 9001 QMS Standard.

Baker Hughes

(Oilfield Servicing) - Jack Sekhon and Associates assisted Baker Hughes in achieving certification to ISO 9001 QMS Standard.

National Oilwell Varco

(Oilfield Equipment, Technologies, And Expertise) - Jack Sekhon and Associates assisted NOV in achieving certification to ISO 9001 QMS Standard.

Coast Testing

(Non-Destructive Testing, Inspection & Engineering) - Jack Sekhon and Associates assisted Coast Testing in achieving certification to ISO 9001 QMS Standard.
Scroll to Top