ISO 9001:2015 – Clause 3 Explained: Process Approach, Risk-Based Thinking, and Key Terms
Introduction
ISO 9001:2015 Clauses 0.3 to 3 lay the foundation for an effective Quality Management System (QMS). These clauses highlight the purpose, scope, and key concepts of the standard to ensure organizations understand the framework before implementation. A core element is the Process Approach, which views organizational activities as interconnected processes to optimize resources and improve consistency.
Risk-Based Thinking is also emphasized, encouraging identification and management of risks and opportunities to reduce uncertainties and prevent failures. The Plan-Do-Check-Act (PDCA) cycle supports continuous improvement by promoting planning, executing, monitoring, and acting on results.
Together, Clauses 0.3 to 3, the Process Approach, Risk-Based Thinking, and the PDCA cycle build a strong QMS. These principles help organizations meet customer requirements, improve operations, and drive ongoing improvement for sustainable success.
3 Process Approach
This international standard encourages the use of a process approach when developing, implementing and improving a quality management system (QMS) to enhance customer satisfaction. The key requirements for a process approach, as set out the focused requirements for a process approach, are in Clause 4.4.
When an organization understands and manages interrelated processes as a system, it becomes more effective and efficient at achieving its goals. This understanding and management enables improved control of the interrelationships and interdependencies between processes and, therefore, improved performance.
The process approach represents a management approach in which processes and their interactions are systematically defined and managed, in order to achieve desired results. From a quality management perspective the process approach means managing processes and their interactions as a coherent system in a QMS.
Process-Based QMS
A process-based quality management system employs a process approach to put its quality policy into action and achieve its objectives.
A process-based QMS is a system of interrelated processes. Each (process) uses the materials/ resources (the inputs) to process , to deliver some output. The outputs of one process will normally feed into another (as inputs), and so the processes will work together to form a single , cohesive system.
ISO 9001 requires that you identify the QMS processes (and their sequence) and define their inputs, outputs, risks, opportunities, and assign responsibilities. The standard requires that you establish (or determine) what methods are required to manage, monitor, and control each process as well as the resources to do so. The standard requires that you address risks and opportunities that could affect the QMS and consider how internal and external issues, as well as the needs and expectations of interested parties, could change the results of the QMS.
At an abstract level, a process-based QMS can be simply diagrammed as a circular flow of interrelated processes with inputs and outputs. Suppliers and customers can be shown as part of the system interacting with one another the interrelated processes. The combination of inputs and outputs that arise from these interactions complete the QMS.
ISO 9001:2015 Clause Guide Panel
- Clause 1
- Clause 2
- Clause 3
- Clause 4 – Sub-clause 1
- Clause 4 – Sub-clause 2
- Clause 5 – Sub-clause 1
- Clause 5 – Sub-clause 2
- Clause 5 – Sub-clause 3
- Clause 6 – Sub-clause 1
- Clause 6 – Sub-clause 2
- Clause 7 – Sub-clause 1
- Clause 7 – Sub-clause 2
- Clause 7 – Sub-clause 3
- Clause 7 – Sub-clause 4
- Clause 8 – Sub-clause 1
- Clause 8 – Sub-clause 2
- Clause 8 – Sub-clause 3
- Clause 8 – Sub-clause 4
- Clause 8 – Sub-clause 5
- Clause 8 – Sub-clause 6
- Clause 8 – Sub-clause 7
- Clause 8 – Sub-clause 8
- Clause 8 – Sub-clause 9
- Clause 8 – Sub-clause 10
- Clause 8 – Sub-clause 11
- Clause 8 – Sub-clause 12
- Clause 9 – Sub-clause 1
- Clause 9 – Sub-clause 2
- Clause 9 – Sub-clause 3
- Clause 9 – Sub-clause 4
- Clause 10
PDCA Cycle
Management of the processes and the system as a whole can be achieved using the PDCA cycle (see 0.3.2) with an overall focus on risk-based thinking (see 0.3.3), aimed at taking advantage of opportunities and preventing undesirable results.
The PDCA cycle can be briefly described as follows:
Plan
Establish objectives and processes, identify resources, and address risks and opportunities in line with customer requirements and organizational policies.
Do
Implement the planned processes and activities as defined in the planning stage.
Check
Monitor and measure processes and resulting products/services against policies, objectives, requirements, and planned activities, and report the results.
Act
Take necessary actions to improve performance and ensure continual improvement of processes and results.
0.3.3 Risk-Based Thinking
Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system.
The concept of risk-based thinking has been implicit in previous editions of this International Standard, including preventive action to eliminate potential nonconformities, analysing any nonconformities that occur, and taking action to prevent recurrence appropriate to the effects of the nonconformity.
To conform to ISO 9001:2015, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing effectiveness, achieving improved results, and preventing negative effects.
Opportunities can arise from favorable situations such as attracting new customers, developing new products, reducing waste, or improving productivity. Actions to address opportunities should also consider associated risks.
Risk is the effect of uncertainty, it may have positive or negative consequences. A positive deviation can provide an opportunity, but not all positive effects result in opportunities.
Examples:
- Crossing a road directly may provide the opportunity to reach the other side quickly, but also carries a higher risk of injury.
- Using a footbridge reduces the risk of injury but may delay arrival.
Risk-based thinking ensures that preventive action is part of strategic planning, operation, and review.
0.4 Relationship with Other Management System Standards
This International Standard applies the framework developed by ISO to improve alignment among its International Standards for management systems (see Clause A.1).
It enables organizations to use the process approach, coupled with the PDCA cycle and risk-based thinking, to align or integrate QMS with other management system standards.
Connections:
- ISO 9000 provides fundamentals and vocabulary.
- ISO 9004 provides guidance for organizations to go beyond ISO 9001 requirements.
Annex B lists other related ISO standards.
This standard does not include requirements specific to other systems such as environmental, health and safety, or financial management. However, sector-specific QMS standards exist.
Annex SL provides a new common framework for management system standards to make integration (e.g., ISO 9001 + ISO 14001 + ISO 27001) easier through an Integrated Management System (IMS).
Clause 1 – Scope
This International Standard specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through effective application of the system, including processes for improvement and assurance of conformity.
All requirements are generic and applicable to any organization, regardless of type, size, or product/service.
Notes:
- “Product” or “service” applies only to those intended for customers.
- Statutory and regulatory requirements can be expressed as legal requirements.
Commentary (for auditors):
The key purpose of ISO 9001’s scope is customer satisfaction while ensuring compliance with statutory and regulatory requirements.
Clause 2 – Normative References
The following document is indispensable for the application of ISO 9001:2015:
- ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
Notes:
- A “Normative reference” means the listed document is essential for understanding and applying the standard.
Clause 3 – Terms and Definitions
For the purposes of ISO 9001:2015, the terms and definitions given in ISO 9000:2015 apply.
Note: The definition of the term “audit” in ISO 9001 is not the same as the definition given in ISO 9000:2015.
Conclusion
ISO 9001:2015 gives a solid foundation of a Quality Management System (QMS). Organizations with the Process Approach can lead their activities as a series of interconnected processes to improve effectiveness and consistency in achieving their intended results. The standard’s principles, Risk-Based Thinking and the PDCA Cycle provide organizations with assurance when managing uncertainty, identifying risks to determine and prioritise objectives, and meeting applicable requirements to drive continual improvement. The principles of ISO 9001:2015 are important when developing a more resilient QMS that improves customer satisfaction.
To implement the principles of ISO 9001:2015 and achieve ISO certification, organizations should seek professional help. Maxicert provides professional consulting support and trustworthy advice to allow a risk-free certification process.
Free 60–90 day implementation plan available after consultation.
FAQ
How is the ISO 9001 process approach different from how we usually work?
It connects all the work processes. Instead of departments working alone, it shows how they link together to get a job done for the customer.
What happened to preventive action in the new ISO 9001?
It’s now part of risk-based thinking. Instead of fixing problems after they happen, you now plan ahead to prevent them from happening at all.
Is the PDCA cycle only for big companies?
No, it works for any size business. It’s a simple way to plan, do, check, and improve your work, no matter how small your team is.
How do customer needs fit into the Process Approach?
Customer needs are the inputs for your processes. You design your processes to meet those needs and deliver the right results.
Client Testimonials
What Our Clients Say About Us?
We are trusted by thousands of clients belonging from technology, manufacturing, healthcare and various sectors
Their presence in Oman made us even better to accomplish our goal of achieving ISO certificates on time, we will definitely recommend their services.
Mr. Sailesh Mohanakrishnan Division Manager – Khimji Ramdas, Oman