Prepare and Align: System Readiness for ISO 9001:2015

The big changes of emphasis between ISO 9001:2015 and ISO 9001:2008 can be summarised as:

  • Risk management pervades the new standard, from basic health and safety to the business risks associated with finance, brand, competitors and regulatory and legal compliance.
  • Increasing responsibility for risk and quality within the organisation, with a particular emphasis on senior management. The updated standard requires an ability to demonstrate this approach within the QMS. The goal is to align quality management with business strategy and drive operational high performance.
  • A reduction in prescriptiveness further facilitates this focus on leadership and learning and the overall governance of the organisation.


ISO 9001:2015 supports a risk-based model of governance and continuous improvement. The performance of the business will improve through pervasive and comprehensive awareness of risk.

In addressing risks by actively monitoring and managing controls and preventive barriers, an organisation:

  • strengthens processes
  • learns
  • develops a mature culture, and
  • achieves new levels of high operational performance.

Quality and continuous improvement should pervade your business, and the way to achieve that is to focus on the risks and manage them down to acceptable levels.


ISO 9001:2015 requires that you adopt a risk based approach to quality. This requires the modelling of nonconformances as risks that consist of the undesirable event plus the preventive barriers and mitigating controls. Each risk can exist as a document within the repository. It can be created collaboratively, edited, approved, published, distributed, reviewed and withdrawn. When new information becomes available that can strengthen a preventive barrier, it simply becomes a matter of updating the control description in the relevant procedure document.

This approach to risk documentation and management, using Q-Pulse’s Documents module is one – albeit rather limited – way that you can start to think about and align with the new ISO 9001:2015 standard. The process is the same regardless of the scale and context of the risk:

  • define the failure
  • define the preventive controls
  • define the mitigations
  • document these definitions and procedures and
  • use the Q-Pulse Document Control, CA/PA and Audit modules to manage all of this

However, with a document-based risk management system, emerging risk would not be visible. To make this emerging risk profile visible requires a more powerful risk management capability such as that available in Q-Pulse’s Reporting module.

In addition to a basic process management approach, Q-Pulse’s Reporting module embeds risk assessment and management into the operational reporting process. In responding to an event, the Reporting module includes risk assessment and analysis tools that enable:

  • Risk assessment throughout the investigation process
  • Automatic visibility of new events and investigations
  • Attachment of new evidence to support the investigation process
  • Manage findings and outcomes
  • Analysis for continuous improvement and risk mitigation purposes

And with a risk-based approach to supply chain management, Q-Pulse also allows you to:

  • Risk-rate and performance monitor individual suppliers and also track the risk profile of the entire supply chain
  • Set risk-based reviews and manage the frequency of reviews in proportion to the level of risk: more risk, more reviews
  • Provide self-service reviews and surveys to suppliers
  • Audit suppliers

In addition, organisations can fully implement a risk based approach to quality management using the risk modelling and management capabilities of Q-Pulse’s Risk module.

The Risk module uses the bowtie model to graphically illustrate a risk, including the undesirable events to be avoided, the preventive and recovery controls that mitigate the business risk. The result is a solution that supports dynamic risk management where controls are maintained in real time.

As well as defining and managing risks inside documents in the Documents module, Q-Pulse’s Risk module can use risk registers where risks can be recorded, described and visualised in terms of the hazards or assets they relate to and where undesirable events are represented as threats, consequences and controls.


The benefits of compliance with ISO 9001 have always included reduced costs associated with improved quality, better relationships with customers and suppliers and more efficient business processes. The risk-based approach to compliance inherent in ISO 9001:2015 adds significantly to this via the anticipative, proactive attitude it engenders:

  • Modernising and strengthening your quality management system
  • Anticipating problems and preventing them before they emerge
  • Strengthening control and oversight of operational processes
  • Making a step change improvement in operational performance and efficiency
  • Strengthening processes for reputation and brand protection

Ideagen’s quality, safety and risk management software Q-Pulse offers a complete solution to achieving ISO 9001:2015 compliance.

Download the Prepare and Align: System Readiness for ISO 9001:2015 whitepaper.

Download now