Home / ISOs / ISO 9001-2008 Vs ISO 9001-2000 – The New Requirements and a Comparison Between Them

ISO 9001-2008 Vs ISO 9001-2000 – The New Requirements and a Comparison Between Them

Congratulations to all of us quality managers. We have a new standard. ISO 9001: 2008. This is really an exciting moment for quality managers. In order to celebrate this event in a way that only quality managers know how, I prepared here a comparison article between the ISO 9001: 2000 and the new born ISO 9001: 2008. I also included my comments regarding my experience and my perspective of things.

At the end of it I will summon the new requirements from the new ISO 9001: 2008 standard.

Paragraph number 0.1 – Changes here are a statement about whom and where the standard includes any statutory requirements. Statutory requirement (of any kind) has the same scale as any customer or regulatory requirements. It's also clarified that these requirements are restricted to those applicable to the product.

Paragraph number 0.4 – There is a comment that state that the new standard is made due consideration to ISO 14001: 2004.

My comment – Of course. The world is getting greener every day so they must remind you of the ISO 14001 standard. I believe and recommend to any organization that is required to implement the ISO 14001 standard to implement also the ISO 9001 standard. There is a big correlation between the two. They actually support one another. It would be easier for organization to obtain the ISO standard 14001 requirements if it has been already certified for ISO 9001.

Paragraph number 1.1 & 1.2 – Statutory requirements had been referred in relation with purchased products and product realization. Second note explains that a statutory requirement can be a legal requirement.

My comment – After so many years of auditions the long last debt had been settled. Statutory legal requirements and regulatory requirements are applicable to the purchasing processes as well. It was always an open area that no one had the exact answer: Does your supplier must follow the law or not? Almost yes.

Paragraph number 2 – Normative reference – the ISO 9000 is now replaced by ISO 9000: 2005.

Paragraph number 3 – The explanations about what is a customer and what is an organization and what is a supplier had been removed.

Paragraph number 4.1 – Clause a – The word "determine" replaces the word "identify". A note had been added stating that a purchased processes are considered as purchasing products. Another note had been added demanding that these processes would be controlled as well as products.

My comment – When identifying, you are required to search and find something according to the requirement. When determining, the responsibility of the results is in your hands …

It was obvious before …. Sometimes they feel a need to state the obvious.

Paragraph number 4.2.1 – Slight change of words, but when you examine the change you realize the meaning remains same.

Note 2 was changed: A single document may include requirements for more than one procedure. Requirements of one procedure may appear in more than one document.

My comment – It's about time. A lot of headaches are filed to be save. If your auditor was one of the old schools and demanded everything by the book, you had problems. Now you may document two quality requirements on one document: Job description and trainings, for example. Or you can split one record into two documents. However it is suitable for you as long as you achieve the requirements.

A good example is that it is possible to combine the corrective and the preventive procedures together. As long as you maintain the requirements …

Paragraph number 4.2.3 – Paragraph f – A clarification that external documentation is considered while it is part of the quality management system.

My comment – When an external document is part of your quality management system, it is required to be included under the quality procedures: documents control and records control.

Paragraph number 5.1 – Clause a – the word "statutory" had been added.

Paragraph number 5.5.2 – An additional requirement that the management representative would have been a member of the organization's management.

My comment – That addition puts all external consultants at risk – you can no longer be the management representative. That sets a whole new line of form and documentation for you to develop in order that the external consultants would have considered as a management representative. All external consultants would have to be creative on this one.

Paragraph number 6.2 – Change of words from "affecting product quality" to "affecting conformity to product requirements"

Paragraph number 6.2.2 – Clause b – "provide training or take other actions to satisfy these needs" changed to "where applicable training needs to be provided to achieve the necessary competency"

Clause c – you must ensure that the training is with competence rather than if it was an effective training.

My comment – It all goes back to defining. You defined what is necessary now you must provide it – nothing is new. On one hand it is an improvement. The training must be reviewed before for its competency to the requirements. But we are still on this one. We think: instead of testing your employees if they got anything out of the training you must now review the training itself before or maybe both …. Only time will tell …

Paragraph number 6.3 – Clause c – information systems are included.

My comment – They are totally right!

Paragraph number 6.4 – A new note: noise, humidity, temperatures are part of a working environment.

My comment – That also puts an old debate aside. No longer can cruel owners of factories ignore these factors. Wait until they will combine the OHSAS 18001 Standard …

Paragraph number 7.1 – Clause c – measurement had been added to the product acceptance activities.

Paragraph number 7.2.1 – Clause a – change of words – not of the meaning.

Clause c – the word 'applicable' replacements 'related'. Change of words – not of the meaning.

Clause d – change of words – not of meaning.

A note had been added to explain the meaning of "post delivery activities".

My comment – I agree with the "post delivery activities" – it was not clear enough for our opinion.

Paragraph number 7.3.1 – A note had been added clarifying that design review, verification and validation are separated processes but they may be connected together.

Paragraph number 7.3.3 – A change of words. A note had been added clarifying the inclusion of "preservation of product".

My comment – The preservation of the product is to be included now in the design and development developments.

Paragraph number 7.5.3 – A requirement had been added regarding the measurements and test status must be identified through the product realization.

My comment – This requirement so far was required in standards such as ISO 13485 Standard for medical devices and the ISO / TS 16949 for the automotive industry. The requirement assures you that the inspection activities are defined maintained and registered and so is the product's status.

Paragraph number 7.5.4 – A change of words in the requirement to inform the customer of any problem regarding his property.

The note had been amended that also personal data is included as customer's property.

Paragraph number 7.5.5 – A change of words:

"devices" in the title was changed to "equipment"

"conformity of" to "in order to maintain conformity to requirements".

Reference to paragraph 7.1 was removed

Paragraph number 7.6 – A change of words:

from "devices" to "equipment".

The reference to paragraph 7.2.1 had been removed.

Clause c – from "be identified to enable the"

to "identification to enable theirs".

Changes in the notes:

Note 1 – the reference to ISO 100012-2 had been removed.

Note 3 – explanation about when configuration of computer must be applied when the computer is used for monitor and measurements processes.

My comment – That means that from now on, a computers that provides any kind of measurements services, is considered as a monitoring and measuring device. And when the computer configuration has been changed – the software is required to be calibrated again.

How can one calibrate a computer? Ask your supplier or your system administrator. They will know better than anyone. But you would have to prove it has been done and present evidences.

Paragraph number 8.2.1 – A note had been added to suggest some means of conducting customer satisfaction evaluation.

Paragraph number 8.2.2- Requirements for the audit evidence and results had been added.

Requirements for the management responsibility had been added – The management is responsible for ensuring preventive and corrective action to be taken.

The reference to the ISO 10011 is changed to ISO 19011.

My comment – As I see it, that means an addition within the Management Responsibility procedure or the Internal audit procedure concerning management ensuring that preventive and corrective actions would be taken according to the results and decisions of the internal audit and a reference to the validation and verification.

Take a look at the next web site that provides you with prepared solutions for internal audit procedure the9000store.com.

Paragraph number 8.2.3 – A change of words:

"to ensure conformity of the product" had been removed.

A note had been added to clarify that the organization should determine the type of the monitoring and measuring according to the processes and how this effect would affect the quality management system.

Paragraph number 8.2.4 – A change of word: "maintain evidence of conformity with acceptance criteria" had been removed but it is still a requirement.

Paragraph number 8.3 – An addition: Clause d – specify how to deal with a nonconforming product that was discovered after delivery – but actually there is nothing new only that they moved it to a new clause.

So, what are the new requirements of the new standard?

  • Statutory requirements are given scale as any other legal or customer's requirements.
  • The statutory requirements include the suppliers as well.
  • A purchased process is just like any other product that the organization purchased. If it's affecting the product it must be under the quality management system.
  • You may include two quality processes in one document and split one process into two documents.
  • The management representative must be a member of the top management.
  • A requirement to ensure that trainings are suitable for the product in advance and not to exam wherever the training was effective after it was taken.
  • Information system is now specifically considered as a substructure.
  • Parameters such as humidity, noise and temperatures, concerning the employees' health are considered as working environment.
  • Measuring is considered as one of the activities of product realization. The product realization process shall include references to the inspection activities and the status of the product through the realization processes.
  • The product realization process shall include references to the inspection activities and the status of the product through the realization processes.
  • Software configuration is a reason for re-calibrating the software.
  • The management is now responsible for preventive and corrective actions regarding nonconformities that were disclosed during internal audits.
  • The organization should determine the type of monitoring and measuring according to the processes and indicate how this would affect the quality management system.


Most of the changes made here are really minor and are assistance for understanding open issues. I accepted a bit more of new standard but I am satisfied. The objective was not to create any earth qaukes in the quality industry but to keep update with changes in technology and to update the feedbacks and responses that were collected over the last years. I am lucky. I already thought that all my articles in our website should be changed …

Itay Abuahv Eng.

Rate this post

Check Also

ISO 9001 Vs Six Sigma

I won’t get into the history and background of each process management approach. You only …

Leave a Reply

Your email address will not be published. Required fields are marked *