ISO 9001 specifies requirements for a quality management system that supports the consistent delivery of products and services meeting customer, statutory, and regulatory expectations. It is the most widely applied management system standard worldwide, used by organizations of every size and sector — from single-site manufacturers to global service providers and public authorities — as a common reference for how quality is planned, controlled, and improved. The current published version is ISO 9001:2015 and serves as the basis for ISO 9001 certification worldwide. A revision is in its final stage: the Final Draft International Standard (FDIS) was submitted for ballot in mid-April 2026, with publication of ISO 9001:2026 expected in September 2026, followed by a three-year transition period.
Already have a quality management system in place?
If your organization has implemented a quality management system based on ISO 9001 and you’re looking for a certification partner, our dedicated certification page has everything you need — from process overview to a personalized quote.
What is ISO 9001, from a certification body’s perspective?
As the only certifiable standard in the ISO 9000 family, ISO 9001 sets the international benchmark against which an organization’s quality management system is independently assessed. An accredited certification body assesses the system against ISO 9001 requirements through an independent, two-stage certification process and, on conformity, issues a certificate that is then maintained through periodic surveillance audits and a full recertification on a three-year cycle.
ISO 9001 follows the Harmonized Structure shared by current ISO management system standards (Clauses 4 through 10, built on the Plan–Do–Check–Act cycle). Third-party certification matters in this market because customers, regulators, and supply-chain partners need a recognized, comparable reference for evaluating suppliers and partners across regions and sectors: an ISO 9001 certificate issued under accreditation provides independent evidence of conformance, with a clearly defined audit cycle and a transparent decision-making process behind it.
As a certification body, DQS assesses and certifies conformity — it does not design or implement your management system. That independence is what gives a certificate its value: the organization builds and runs the system, and an accredited third party verifies it against the standard.
Key Facts at a Glance
| Full Title | ISO 9001 — Quality management systems — Requirements |
| Published by | International Organization for Standardization (ISO), Technical Committee ISO/TC 176 |
| First Published | 1987 (as the ISO 9001/2/3 series of standards) |
| Current Version | ISO 9001:2015. Revision ISO 9001 in progress: ISO/FDIS 9001 issued in April 2026 for ballot; publication of ISO 9001:2026 expected in September 2026, followed by a three-year transition period. |
| Management System Type | Quality management system (QMS) |
| Applicable to | Organizations of any size or sector, public or private, providing products or services |
| Certifiable | Yes. Independent third-party certification by an accredited certification body is the most widely recognized form of demonstrating conformance. |
| Structure | Harmonized Structure (formerly Annex SL / High Level Structure); Clauses 1–3 (introductory) and Clauses 4–10 (requirements) |
| Related Standards | ISO 9000, ISO 9004, IATF 16949, IA9100/AS9100, ISO 13485, ISO 14001, ISO 45001 |
Context and Drivers
Customer Expectations and Market Competitiveness
Customers across business-to-business and business-to-consumer markets increasingly expect demonstrable quality assurance from their suppliers. For many procurement organizations, ISO 9001 certification is a baseline qualifying criterion in tendering and supplier approval. The standard offers a recognized, comparable reference point: a buyer in Stuttgart can read an ISO 9001 certificate issued in Pune and arrive at a reasonable common understanding of what it covers. That common reference is the foundation on which more demanding sector-specific schemes and contractual quality requirements are built.
Supply Chain Requirements and Tier Pressures
Original Equipment Manufacturers (OEMs) and other large buyers cascade quality requirements down their supply chains. In sectors such as automotive, aerospace, medical devices, and food, sector-specific extensions of ISO 9001 (IATF 16949, IA9100/AS9100, ISO 13485, FSSC 22000) are common contractual requirements. Even where no sector standard applies, ISO 9001 certification is frequently a prerequisite for being considered as a Tier 1 or Tier 2 supplier. As supply chain due diligence regulations expand — the German Supply Chain Due Diligence Act (LkSG), the EU Corporate Sustainability Due Diligence Directive (CSDDD), and comparable instruments elsewhere — certified management systems are increasingly used by buyers as evidence of supplier process maturity.
Regulatory and ESG Convergence
ISO 9001 itself is not legally mandated in most jurisdictions, but public-sector procurement, regulated industries, and corporate sustainability reporting frameworks routinely treat certification to recognized management system standards as evidence of a controlled operational environment. The ISO 9001 revision integrates climate change considerations into the standard’s context clause, aligning ISO 9001 with the ISO/CEN climate amendment introduced across management system standards in 2024. The result is a quality framework that connects more explicitly with environmental, social, and governance (ESG) reporting obligations that increasingly shape supplier evaluation and corporate disclosure.
Core Requirements
ISO 9001 follows the Harmonized Structure (formerly High Level Structure) shared across modern ISO management system standards. The introductory Clauses 1 to 3 (scope, normative references, terms and definitions) are accompanied by the requirement clauses 4 to 10, which are structured along the Plan–Do–Check–Act cycle.
Clause 4 — Context of the Organization
Organizations identify the internal and external issues relevant to the quality management system, the needs and expectations of interested parties (customers, regulators, suppliers, employees, shareholders), and the scope and processes of the system. From the 2026 revision onward, climate change must be considered as a factor in this context.
Clause 5 — Leadership
Top management is accountable for the effectiveness of the quality management system. The clause covers commitment, customer focus, the quality policy, and the assignment of organizational roles, responsibilities, and authorities. The 2026 revision introduces an explicit expectation that leadership promotes a quality culture and ethical behavior.
Clause 6 — Planning
Organizations plan actions to address risks and opportunities that could affect conforming products and services or customer satisfaction. They set quality objectives consistent with the quality policy and plan changes to the management system in a controlled manner. The 2026 revision restructures Clause 6.1 to distinguish more clearly between actions that address risks and actions that pursue opportunities.
Clause 7 — Support
Requirements cover the resources needed for the quality management system — people, infrastructure, work environment, monitoring and measuring resources, organizational knowledge — as well as competence, awareness, communication, and documented information.
Clause 8 — Operation
The largest clause covers the operational life cycle: operational planning and control, requirements for products and services, design and development, control of externally provided processes, products, and services, production and service provision, release of products and services, and control of nonconforming outputs.
Clause 9 — Performance Evaluation
Organizations monitor, measure, analyze, and evaluate the quality management system. Requirements include customer satisfaction monitoring, internal audit, and management review.
Clause 10 — Improvement
Nonconformities are addressed through correction and corrective action, and the organization continually improves the suitability, adequacy, and effectiveness of the quality management system.
Target Groups and Application Areas
ISO 9001 is deliberately generic. It is implemented by manufacturers, service providers, software and IT firms, healthcare providers, logistics companies, construction firms, professional services, education institutions, and public authorities. There are no minimum size, revenue, or sector thresholds.
Typical application areas include manufacturing and industrial production, where ISO 9001 provides the baseline structure on which sector standards (IATF 16949 for automotive, IA9100/AS9100 for aerospace, ISO 13485 for medical devices) are built. Service and knowledge industries apply the standard’s process-based logic to support consistent service delivery, customer satisfaction measurement, and continual improvement. Public-sector bodies and regulated industries often require or expect ISO 9001 certification as part of procurement frameworks and as evidence of operational discipline. Small and medium-sized enterprises (SMEs) frequently use ISO 9001 to formalize processes, qualify for larger customer relationships, and lay the groundwork for integrated management systems that combine quality with environmental, occupational health and safety, or information security management.
A well-designed quality management system supports informed decisions by providing leadership with reliable performance information; it provides the basis on which evidence-based management of products, services, and processes is built. The system itself does not act — it enables the people in the organization to act with better information and a more consistent operational baseline.
Related Standards
Harmonized Structure and Typical Combinations
The Harmonized Structure (formerly High Level Structure) shared across ISO management system standards means ISO 9001 can be combined with other systems with minimal duplication. The most common combinations are ISO 9001 with ISO 14001 (environment), ISO 45001 (occupational health and safety), and ISO/IEC 27001 (information security). Where multiple systems are operated in parallel, organizations often consolidate context analysis, internal audit, management review, and documentation into a single integrated management system.
The ISO 9000 Family
ISO 9001 is the only certifiable standard in the ISO 9000 family. Two supporting documents are particularly relevant. ISO 9000 sets out the fundamental concepts and vocabulary used in the quality management standards; it is referenced normatively in ISO 9001 but is itself not certifiable. ISO 9004 provides guidance on achieving sustained success through a quality management approach; it is broader than ISO 9001 and is also not certifiable. These documents are useful references for organizations that want to deepen their understanding of the concepts ISO 9001 specifies, but they are not standards against which certificates are issued.
Sector-Specific Derivatives
Several major sector schemes build on ISO 9001 in a normative sense. IATF 16949 is the automotive quality management standard, published by the International Automotive Task Force; organizations certified to IATF 16949 must satisfy both ISO 9001 requirements and the additional automotive sector requirements. IA9100 (formerly AS9100/EN 9100/JISQ 9100) is the aerospace, space, and defense quality standard governed by the International Aerospace Quality Group (IAQG); the IA9100 series is undergoing harmonization in step with the ISO 9001:2026 revision. ISO 13485 covers quality management for medical devices; it was originally derived from ISO 9001 but has since evolved into an independent standard that is intentionally not aligned to the latest Annex SL updates, reflecting regulatory expectations in the medical device sector.
Differentiation from Similar Standards
ISO 9001 is sometimes confused with related concepts. ISO 9001 contains certifiable requirements; ISO 9000 defines the vocabulary used in those requirements. Total Quality Management (TQM) is a broader management philosophy and is not a specification; ISO 9001 is a normative document with auditable requirements. Industry-specific schemes such as IATF 16949, IA9100, and ISO 13485 add sector-specific requirements to (or, in the case of ISO 13485, replace) the generic ISO 9001 baseline.
Your organization has already established a quality management system based on ISO 9001 — and you’re now considering independent certification? Learn more on our dedicated ISO 9001 Certification page.
About DQS as a certification body
This article is part of the DQS Knowledge Center, a resource on management system standards and certification processes. For context on who produced it:
- Heritage and history. One of Germany’s first management system certifiers — DQS issued its first ISO 9001 certificate in 1986 and has audited and certified management systems for over 40 years.
- Global footprint. Operates from more than 80 offices in 60 countries with a worldwide network of more than 3,000 auditors.
- Accreditation scope. Accredited for ISO 9001 alongside related standards such as ISO 14001, ISO 45001, and ISO/IEC 27001 — so integrated management systems can be certified from a single provider.
- Network membership. Member of IQNet, the international certification network, supporting cross-border recognition of DQS certificates.
The articles in this Knowledge Center are written and reviewed by DQS specialists working with these standards in audit practice. Where applicable, content is verified against the current version of the standard, the issuing body’s official publications, and recent regulatory or accreditation guidance. This article was last reviewed on 3 June 2026.
Frequently Asked Questions about ISO 9001
ISO 9001 is a voluntary international standard. It is, however, often required contractually — by customers, supply chain partners, or as part of public procurement processes. In some regulated sectors, a quality management system equivalent in substance to ISO 9001 is required by law or by sector regulation, even where the certificate itself is not.
The currently published version is ISO 9001:2015. ISO 9001:2026 is expected to be published in September 2026, following the Final Draft International Standard ballot that began in mid-April 2026. After publication, a three-year transition period is planned.
The revision is positioned as an evolution rather than a structural overhaul. Confirmed changes include the explicit integration of climate change into Clause 4.1 (context), an extension of leadership requirements to cover quality culture and ethical behavior, restructured risk and opportunity provisions in Clause 6.1, and corresponding updates to awareness and communication requirements in Clause 7. The Harmonized Structure is retained, so the clause-by-clause logic remains familiar.
ISO’s accreditation framework foresees a three-year transition period after publication of a revised management system standard. Certificates against ISO 9001:2015 remain valid during this period until they are migrated. The exact end date will be confirmed by the International Accreditation Forum (IAF) once the new version is published.
ISO 9000 defines the fundamental concepts and vocabulary of quality management. ISO 9001 specifies the certifiable requirements for a quality management system. Organizations are certified against ISO 9001, not ISO 9000. ISO 9000 is a useful reference for understanding the terms used in ISO 9001, but it is not itself a certification standard.
No. ISO 9001 specifies requirements for the quality management system that supports the consistent delivery of products and services meeting customer and regulatory expectations. It does not certify the products or services themselves; product certification is a separate discipline governed by other standards and conformity assessment schemes.
IATF 16949 and IA9100/AS9100 are sector-specific schemes that incorporate ISO 9001 requirements and add provisions specific to the automotive and aerospace sectors, respectively. ISO 13485 was historically derived from ISO 9001 but has since evolved into an independent medical device quality management standard that is intentionally not aligned to the latest ISO 9001 revisions, in order to remain stable for medical device regulators.