ISO 9001 is the international standard for a Quality Management System (QMS). It specifies requirements an organization must meet to consistently provide products and services that satisfy customers and applicable regulations, and to continually improve. The current version is ISO 9001:2015. It is generic, applying to organizations of any size or sector.

What are the seven quality management principles?

ISO 9001:2015 is built on seven principles: customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making, and relationship management. They are the underlying philosophy from which the standard's specific requirements are derived.

What is the PDCA cycle in ISO 9001?

PDCA (Plan-Do-Check-Act) is the continual-improvement cycle that structures ISO 9001. Plan establishes objectives and processes; Do implements them; Check monitors and measures results against objectives; Act takes corrective action and drives improvement. The 2015 standard's clause structure maps directly onto PDCA.

What is the process approach?

The process approach means managing activities as interrelated processes that form a coherent system, understanding the inputs, outputs, and interactions of each, rather than managing functions in isolation. It focuses on how work actually flows across the organization to produce value for the customer, and it enables consistent, predictable results.

How does ISO 9001 certification work?

An organization builds and operates a QMS meeting ISO 9001 requirements, then an accredited third-party certification body audits it in two stages (documentation review, then on-site assessment). If conformity is confirmed, a certificate is issued, typically valid three years with annual surveillance audits and a recertification audit at the end. Certification is voluntary but often required by customers.

Engineering·11 min read·June 9, 2026

✅ ISO 9001 Quality Management Guide: The Seven Principles, PDCA, and Certification

A practical guide to ISO 9001:2015 — the seven quality management principles, the process approach, risk-based thinking, the PDCA cycle, and how audits and certification work.

What Is ISO 9001?

ISO 9001 is the world's most widely used standard for a Quality Management System (QMS). Published by the International Organization for Standardization, it sets out the requirements an organization must satisfy to consistently deliver products and services that meet customer and regulatory requirements, and to improve over time. The current edition, ISO 9001:2015, is deliberately generic — it applies to manufacturers, service firms, software companies, hospitals, and governments of any size. It tells you what a QMS must achieve, not how to run your specific business.

The Seven Quality Management Principles

ISO 9001:2015 rests on seven principles that express the philosophy behind every requirement:

Principle	Core idea
1. Customer focus	Understand and meet customer needs; aim to exceed expectations.
2. Leadership	Leaders set direction and create conditions for people to achieve quality objectives.
3. Engagement of people	Competent, empowered, engaged people at all levels enhance capability.
4. Process approach	Manage activities as interrelated processes within a system.
5. Improvement	Continual improvement is a permanent objective.
6. Evidence-based decision making	Decisions based on analysis of data and information.
7. Relationship management	Manage relationships with interested parties, including suppliers.

(The 2015 version reduced the earlier eight principles to seven by merging two.) These principles are not auditable clauses themselves, but the standard's requirements flow from them.

The Process Approach

A central theme of ISO 9001 is the process approach: viewing the organization as a system of interrelated processes rather than a set of isolated departments. Each process has defined inputs, outputs, resources, controls, and interactions with other processes. Managing the linkages between processes — not just the processes individually — is what produces consistent, predictable results and reveals where value is created or lost. This naturally connects to the lean idea of mapping and improving the value stream across functional boundaries.

Risk-Based Thinking

The 2015 revision elevated risk-based thinking to a core requirement. Rather than relying on a separate "preventive action" procedure, the whole QMS is expected to identify risks and opportunities and address them proactively. Organizations must determine what could affect their ability to deliver conforming products and plan actions to mitigate those risks — a shift from reacting to problems toward preventing them.

The PDCA Cycle

ISO 9001:2015 is organized around the Plan-Do-Check-Act (PDCA) cycle, the engine of continual improvement:

Plan — establish objectives, processes, and the resources needed to deliver results, and address risks and opportunities.
Do — implement what was planned.
Check — monitor and measure processes and products against policies, objectives, and requirements, and report results.
Act — take action to improve performance and correct nonconformities.

The standard's high-level clause structure maps onto PDCA: Context and Planning (Plan), Support and Operation (Do), Performance Evaluation (Check), and Improvement (Act), all under Leadership.

Key Requirements at a Glance

ISO 9001:2015 uses the common "Annex SL" structure with clauses 4 through 10:

Clause	Topic
4	Context of the organization (interested parties, QMS scope)
5	Leadership and commitment, quality policy, roles
6	Planning — risks/opportunities, quality objectives
7	Support — resources, competence, documented information
8	Operation — product/service realization, control of outputs
9	Performance evaluation — monitoring, internal audit, management review
10	Improvement — nonconformity, corrective action, continual improvement

Audits

Audits verify that the QMS conforms to the standard and works in practice. There are three common types:

Internal audit (first-party) — the organization audits itself to find gaps before external assessment.
Supplier/customer audit (second-party) — one organization audits another it does business with.
Certification audit (third-party) — an independent, accredited certification body assesses conformity.

Audits identify nonconformities (failures to meet a requirement), which trigger corrective action: contain the issue, find the root cause, fix it, and verify effectiveness — itself a small PDCA loop. Data from audits and process monitoring underpins evidence-based decision making, which is where statistical tools like process capability analysis come in. You can quantify whether a process reliably meets specifications on the process capability calculator.

Certification

Certification is voluntary but frequently required by customers and supply chains. The path typically runs:

Build the QMS — design processes and documentation to meet the requirements, and operate it long enough to generate records.
Internal audit and management review — confirm readiness and address gaps.
Stage 1 audit — the certification body reviews documentation and readiness.
Stage 2 audit — on-site assessment of the QMS in operation.
Certification — if conformity is confirmed, a certificate is issued, usually valid for three years.
Surveillance and recertification — periodic surveillance audits (often annual) maintain the certificate, with a full recertification audit at the end of the cycle.

Why ISO 9001 Matters

Consistency — standardized processes produce predictable, repeatable quality.
Customer confidence — certification signals a credible, audited quality system.
Market access — many customers and tenders require it as a precondition.
Continual improvement — the PDCA structure embeds ongoing improvement rather than one-time fixes.

Topics covered

ISO 9001ISO 9001:2015quality management systemQMSseven quality management principlesPDCAplan do check actprocess approachrisk-based thinkinginternal auditcertificationcontinual improvementcustomer focusquality engineeringnonconformity

🛠️ Related Free Tools

Put this knowledge to work on your iPhone

Browse our full catalog of professional iOS apps — from electrical code tools to AI builders.

Browse All 95+ Apps