ISO 9001:2015《品質管理系統 - 要求》

hlperng

配合國際標準化組織 (ISO) /國際電工委員會 (IEC) 2014 年所發行的 ISO/IEC 指令第 1 部 (ISO/IEC Directives Part 1) 《國際標準組織綜合補充、ISO 專屬程序》(Consolidated ISO supplement - Procedure specific to ISO) 之附錄 SL (Annex SL)《管理系統標準建議》(Proposals for management system standards) 所規定的管理系統標準高階架構 (high level structure, HLS) 要求，國際標準化組織 (ISO) 第 176 號技術委員會 (ISO/TC 176) 第 2 子委員會 (SC 2) 負責修訂的 2015 年版 ISO 9001:2015《品質管理系統 - 要求》(Quality management systems - Requirements)。ISO 9001:2015 草稿版 (draft international standard, DIS) 於 2014 年 5 月 13 日發行， 2014 年 7 月10 日開始投票、2014 年10月10 日截止投票。最終草稿版 (final draft international standard, FDIS) 於 2015 年 7 月 9 日開始由有興趣的會員國投票，2015 年 9 月 9 日截止。

ISO 9001:2015 國際標準正式版 (international standard, IS) 於 2015 年 9 月 15 日發行。新版本發行之後，依照慣例，預計會有三年的改版緩衝期。

ISO 9001:2015 是以風險為基礎（風險為基）(risk-based) 的品質管理國際標準，強調品質管理系統必須依照組織特性與個性，參考 ISO 9000 系列精神與原理加以客製完成。ISO 9001:2015 並不要求統一一致的品質管理系統，那是認證系統相關者的觀點。

ISO 9001:2015 強調變更管理與組織知識的傳承與創新，所以 2015 年版的發行並不要求組織的既有品質管理系統必須廢掉重新改寫，才能通過改版認證。若你的驗證公司要你原有的品質管理系統相關規定及（或）文檔廢掉重寫，把它 fire 掉換一家驗證公司，並記得向 IAF 與 TAF 寄存證信函，以維持公正無私的紀律！

ISO 推動 MSS 的目的在於強調組織（包括ISO 本身）對於文件管制應遵循一致的管理系統標準，包括格式、內容等。為了達到身教重於言教、以身作則的精神， 因此要求各技術委員會在研擬各種管理系統時，必須遵循 ISO 指令第 1 部對於 HLS（文件）架構的相關規定。

參考資料：

• ISO/TC 176/SC 2/WG 24/N112, ISO/DIS 9001:2014, Quality management systems - Requirements, 2014-05-13.
• ISO/TC 176/SC 2/N1147, ISO/CD 9001:2013, Quality management systems - Requirements, 2013-06-03.
• ISO/TC 176/SC 2/WG 244/N81, ISO/WD 9001:2012, Quality management systems - Requirements, 2012-06.
• ISO/IEC Directive Part 1, Consolidated ISO supplement - Procedure specifice to ISO, 2004 and 2005 corrected version.
• ISO Annex SL (normative) Proposals for management system standards
• ISO/FDIS 9001:2015, Quality management systems - Requirements
• ISO/FDIS 9001:2015 FDIS Transition Checklists
• IAF, Transition Planning Guidelines for ISO 9001:2015 issue 1, 12 Jan. 2015.
• 標檢局，ISO 9001:2015 標準簡介
  

peterlovejin

看的頭都暈了~~~ thank you ~~

hlperng

Annex A (informative) Clarification of new structure, terminology and concepts
A.1 架構與名詞(Structure and terminology)
The clause structure and some of the terminology of this International Standard, in comparison with ISO 9001:2008, have been changed to improve alignment with other management system standards.  
The consequent changes in the structure and terminology do not need to be reflected in the documentation of an organization’s quality management system.  
The structure of clauses is intended to provide a coherent presentation of requirements rather than a model for documenting an organization’s policies, objectives and processes.  There is no requirement for the structure of an organization’s quality management system documentation to mirror that of this International Standard.  
There is no requirement for the terms used by an organization to be replaced by the terms used in International Standard to specify quality management system requirements.  Organization can choose to use terms which suit their operations (for example: using ‘records’, ‘documentation’, ‘protocol’, etc., rather than ‘documented information’; or ‘supplier’, ‘partner’, ‘vendor’ etc. rather than ‘external provider’).  

Table B.1 – ISO 9001:2008與ISO 9001:2015之間名詞主要差異(Major differences in terminology between ISO 9001:2008 and ISO 9001:2015)

ISO 9001:2008	ISO 9001:2015
產品 Products	產品與服務 Products and services
排除 Exclusion	不使用 Not used (See Annex A.4 for clarification of applicability)
文檔、記錄 Documentation, records	文件化資訊 Documented information
工作環境 Work environment	過程運作之環境 Environment for the operation of processes
採購之產品 Purchased product	外部供應產品與服務 Externally provided products and services
供應者 Supplier	外部提供者 External provider

A.2 產品與服務(Products and services)
ISO 9001:2008 used the term “product” to include all output categories.  This International Standard uses “products and services”.  The term “products and services” includes all output categories (hardware, services, software and processed materials). The specific inclusion of “services” is intended to highlight the differences between products and services in the application of some requirements.  The characteristic of services is that at least part of the output is realized at the interface with the customer.  This means, for example, that conformity to requirements cannot necessarily be confirmed before service delivery.  
In some cases, the terms “products” and “services” are used together.  Most outputs that organization provide to customers, or are supplied to them by external providers, include both products and services.  The organization needs to take into account where, for example, a tangible products has some associated intangible service or an intangible service has some associated tangible product.  

A.3 組織內涵(Context of the organization)
There are two new clauses relating to the context of the organization.  4.1 Understanding the organization and its context and 4.2 Understanding the needs and expectations of interested parties.  Together these clauses require the organization to determine the issues and requirements that can impact on the planning of the quality management system.  
The titles of clauses 4.1 and 4.2 provide for alignment with other management system standards.  They do not imply extension of quality management system requirements beyond the Scope (Clause 1) of this International Standard.  
The Scope states, in part, that this International Standard is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and aims to enhancing customer satisfaction.  No requirement of this International Standard can be interpreted as extending that applicability without the agreement of the organization.  
There is no requirement in this International Standard for the organization to consider interested parties which have been determined by the organization not to be relevant to its quality management system.  Similarly, there is no requirement to address a particular requirement of a relevant interested party if the organization considers that the requirement is not relevant.  Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction.  
對於已經被組織確定與其品質管理系統無關的有興趣團體，本國際標準沒有要求組織考量這些團體。同樣的，也沒有要求組織要考慮已經被組織認定不相關的有興趣團體所提出的特別要求。至於是否相關的確定，取決于是否會衝擊組織持續提供滿足顧客及適用法令規章要求的產品與服務的能力、或是組織提升顧客滿意度的標的。
The organization can decide to determine additional needs and expectations that will assist it to meet its quality objectives.  However, it is the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this International Standard.  
組織可以決定，以確定有助於協助滿足其品質目標的額外需要與期望。不過，組織可以自主決定，是否接受可以滿足興趣團體、但是超過本國際標準所需的額外要求。

A.4 基於風險方式(Risk-based approach)
This International Standard requires the organization to understand its context (see clause 4.1) and determine the risks and opportunities that need to be addressed (see clause 6.1).  
One of the key purpose of a quality management system is to act as a preventive tool.  Consequently, this International Standard does not have a separate clause or sub-clause titled ‘Preventive action’.  The concept of preventive action is expressed through a risk-based approach to formulating quality management system requirements.  
The risk-based approach to drafting this International Standard has facilitated some reduction in prescriptive requirements and their replacement by performance-based requirements.  
Although risks and opportunities have to be determined and addressed, there is no requirement for formal risk management or a documented risk management process.  

A.5 應用性(Applicability)
This International Standard no longer makes specific reference to ‘exclusions’ when determining the applicability of its requirements to the organization’s quality management system.  However, it is recognized that an organization might need to review the applicability of requirements due to the size of the organization, the management model it adopts, the range of the organization’s activities, and the nature of the risks and opportunities it encounters.  
Where a requirement can be applied within the scope of its quality management system, the organization cannot decide that it is not applicable.  Where a requirement cannot be applied (for example where the relevant process in not carried out) the organization can determine that the requirement is not applicable.  However, this non-applicability cannot be allowed to result in failure to achieve conformity of products and services or to meet the organization’s aim to enhance customer satisfaction.  

A.6 文件化資訊(Documented information)
As part of the alignment with other management system standards a common clause ‘Documented Information’ has been adopted without significant change or addition (see 7.5).  Where appropriate, text elsewhere in this International Standard has been aligned with its requirements.  Consequently, the terms “documented procedure” and “record” have been replaced throughout the requirements text by “documented information”.  
Where ISO 9001:2008 would have referred to documented procedures (e.g., to define, control or support a process) this is now expressed as a requirement to maintain documented information.  
Where ISO 9001:2008 would have referred to record this is now expressed as a requirement to retain documented information.  

A.7 組織知識(Organizational knowledge)
Clause 7.1.5 Organizational knowledge addresses the need to determine and maintain the knowledge obtained by the organization, including by its personnel, to ensure that it can achieve conformity of products and services.   
The process for considering and controlling past, existing and additional knowledge needs to take account of the organization’s context, including its size and complexity, the risks and opportunities it needs to address, and the need for accessibility of knowledge.  The balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organization, provided that conformity of products and services can be achieved.  

A.8 外部供應產品與服務之控制(Control of externally provided products and services)
Clause 8.4 Control of externally provided products and services addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing or processes and functions of the organization or by any other means.  
The organization is required to take a risk-based approach to determine the type and extent of controls appropriate to particular external providers and externally provided products and services.  

hlperng

第 9 章績效評估




9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
The organization shall determine:
    a) what needs to be monitored and measured;
    b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results;
    c) when the monitoring and measuring shall be performed;
    d) when the results from monitoring and measurement shall be analyzed and evaluated.  
The organization shall ensure that monitoring and measurement activities are implemented in accordance with the determined requirements and shall retain appropriate documented information as evidence of the results.  
The organization shall evaluate the quality performance and the effectiveness of the quality management system.  

9.1.2 Customer satisfaction
The organization shall monitor customer perceptions of the degree to which requirements have been met.  
The organization shall obtain information relating to customer views and opinions of the organization and its products and services.  
The methods for obtaining and using this information shall be determined.  
NOTE.  Information related to customer views can include customer satisfaction or opinion surveys, customer data on delivered products or services quality, market-share analysis, compliments, warranty claims and deale reports.  

9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information arising from monitoring, measurement and other sources.  
The output of analysis and evaluation shall be used to:
    a) demonstrate conformity of products and services to requirements;
    b) assess and enhance customer satisfaction;
    c) ensure conformity and effectiveness of the quality management system;
    d) demonstrate that planning has been successfully implemented;
    e) assess the performance of processes;
    f) assess the performance of external provider(s);
    g) determine the need or opportunities for improvements within the quality management system.  
The results of analysis and evaluation shall also be used to provide inputs to management review.


9.2 Internal audit
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
    a) conforms to:
         1) the organization’s own requirements for its quality management system;
         2) the requirements of this International Standard;
    b) is effectively implemented and maintained.
  
9.2.2 The organization shall:
    a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the quality objectives, the importance of the processes concerned, customer feedback, changes impacting on the organization, and the results of previous audits;
    b) define the audit criteria and scope for each audit;
    c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
    d) ensure that the results of the audits are reported to relevant management;
    e) take necessary correction and corrective actions without undue delay;
    f) retain documented information as evidence of the implementation of the audit programme and the audit results.  
NOTE.  See ISO 19011 for guidance.  

9.3 Management review
9.3.1 Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, and effectiveness.  
The management review shall be planned and carried out taking into consideration:
    a)  the status of actions from previous management reviews;
    b) changes in external and internal issues that are relevant to the quality management system including its strategic direction;
    c) information on the quality performance, including trends and indicators for:
        1)  nonconformities and corrective actions;
        2) monitoring and measurement results;
        3) audit results;
        4) customer satisfaction;
        5) issues concerning external providers and other relevant interested parties;
        6) adequacy of resources required for maintaining an effective quality management system;
        7) process performance and conformity of products and services;
    d) the effectiveness of actions taken to address risks and opportunities (see clause 6.1);
    e) new potential  opportunities for continual improvement.
9.3.2 The outputs of the management review shall include decisions and actions related to:
    a) continual improvement opportunities;
    b) any need for changes to the quality management system, including resource needs.  
The organization shall retain documented information as evidence of the results of management reviews.  

hlperng

第8章「運作」，是 Annex SL 允許每一種管理系統依其特性自行發揮的章節。Annex SL只規定8.1節的內容，第8.2節至8.7是ISO 9001:2015新增部分。


8 Operation
8.1 Operational planning and control
The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1, by:
    a) determining requirements for the products and services;
    b) establishing criteria for the processes and for the acceptance of products and services;
    c) determining the resources needed to achieve conformity to product and service requirements;
    d) implementing control of the processes in accordance with the criteria;
    e) retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements.
The output of this planning shall be suitable for the organization’s operations.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
The organization shall ensure that outsourced processes are controlled in accordance with 8.4.  

8.2 Determination of requirements for products and services
8.2.1 Customer communication
The organization shall establish the processes for communicating with customers in relation to:
    a) information relating to products and services;
    b) enquiries, contracts or order handling, including changes;
    c) obtaining customer views and perceptions, including customer complaints;
    d) the handling or treatment of customer property; if applicable;
    e) specific requirements for contingency actions, when relevant.  

8.2.2 Determination of requirements related to products and services
The organization shall establish, implement and maintain a process to determine the requirements for the products and services to be offered to potential customers.  
The organization shall ensure that:
a) product and service requirements (including those considered necessary by the organization), and applicable statutory and regulatory requirements, are defined;
b) it has the ability to meet the defined requirements and substantiate the claims for the products and services it offeres.
8.2.3 Review of requirements related to products and services
The organization shall review, as applicable:
    a) requirements specified by the customer, including the requirements for delivary and post-delivery activities;
    b) requirements not stated by the customer, but necessary for the customers’ specified or intended use, when know;
    c) additional statutory and requlatory requirements applicable to the products and services;
    d) contract or order requirements differing from those previously expressed.  
NOTE.  Requirements can also include those arising from relevant interested parties.  
This review shall be conducted prior to the organization’s commitment to supply products and services to the customer and shall ensure contract or order requirements differing from those previously defined are resolved.  
Where the customer does not provide a documented statement of their requirements, the cutomer requirements shall be confirmed by the organization before acceptance.  
Documented information describing the results of the review, including any new or changed requirements for the products and services, shall be retained.  
Where requirements for products and services are changed, the organization shall ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements.  

8.3 Design and development of products and services
8.3.1 General
Where the detailed requirements of the organization’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organization shall establish, implement and maintain a design and development process.  
NOTE 1.  The organization can also apply the requirements given in 8.5 to the development of processes for production and services provision.  
NOTE 2.  For services, design and development planning can address the whole service delivery process.  The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 together.  

8.3.2  Design and development planning
In determining the stages and controls for design and development, the organization shall consider:
    a) the nature, duration and complexity of the design and development activities;
    b) requirements that specify particular process stages, including applicable design and development reviews;
    c) the required design and development verification and validation;
    d) the responsibilities and authorities involved in the design and development process;
    e) the need to control interfaces between individuals and parties involved in the design and development process;
    f) the need for involvement of customer and user groups in the design and development process;
    g) the necessary documented information to confirm that design and development requirements have been met.  

8.3.3 Design and development inputs
The organization shall determine:
    a) requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements;
    b) applicable statutory and regulatory requirements;
    c) standards or codes of practice that the organization has committed to implements;
    d) internal and external resource needs for the design and development of products and services;
    e) the potential consequences of failure due to the nature of the products and services;
    f) the level of control expected of the design and development process by customers and other relevant interested parties.  
Inputs shall be adequate for design and development purposes, complete, and unambiguous.  Conflicts among inputs shall be resolved.

8.3.4 Design and development controls
The controls applied to the design and development process shall ensure that:
    a) the results to be achieved by the design and development activities are clearly defined;
    b) design and development reviews are conducted as planned;
    c) verification is conducted to ensure that the design and development outputs have met the design and development input requirements;
    d) validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known).  

8.3.5 Design and development outputs
The organization shall ensure that design and development outputs:
    a) meet the input requirements for design and development;
    b) are adequate for the subsequent processes for the provision of products and services;
    c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable;
    d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use.
The organization shall retain the documented information resulting from the design and development process.  

8.3.6 Design and development changes
The organization shall review, control and identify changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements.  
Documented information on design and development changes shall be retained.  

8.4 Control of external provided products and services
8.4.1 General
The organization shall ensure that externally provided processes, products, and services conform to specified requirements.  
The organization shall apply the specified requirements for the control of externally provided products and services when:
    a) products and services are provided by external providers for incorporaton into the organization’s own products and services;
    b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;
    c) a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function.  
The organization shall establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements.  
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.  
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.  

8.4.2 Type and extent of control of external provision
In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organization shall take into consideration:
    a) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements;
    b) the perceived effectiveness of controls applied by the external provider.  
The organization shall establish and implement verification or other activities necessary to ensure the externally provided processes, products and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers.  
Processes or functions of the organization which have been outsourced to an external provider remain within the scope of the organization’s quality management system; accordingly, the organization shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resulting process output.  

8.4.3  Information for external providers
The organization shall communicate to external providers applicable requirements for the following:
    a) the products and services to be provided or the processes to be performed on behalf of the organization;
    b) approval or release of products and services, methods, processes or equipment;
    c) competence of personnel, including necessary qualification;
    d) their interactions with the organization’s quality management system;
    e) the control and monitoring of the external provider’s performance to be applied by the organization;
    f) verification activities that the organization, or its customer, intends to perform at the external provider’s premises.  
The organization shall ensure the adequacy of specified requirements prior to their communication to the external provider.  

8.5 Production and service operation
8.5.1 Control of production and service provision
The organization shall implement controlled conditions for procedures for production and service provision, including delivery and post-delivery activities.  
Controlled conditions shall include, as applicable:
    a) the availability of documented information that defines the characteristics of the products and services;
    b) the availability of documented information that defines the activities to be performed and the results to be achieved;
    c) monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met;
    d) the use, and control of suitable infrastructure and process environment;
    e) the availability and use of suitable monitoring and measuring resources;
    f) the competence and, where applicable, required qualification of persons;
    g) the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and services provision where the resulting output cannot be verified by subsequent monitoring or measurement;
    h) the implementation of products and services release, delivery and post-delivery activities.
  
8.5.2 Identification and traceability
Where necessary to ensure conformity of products and services, the organization shall use suitable means to identify process results.  
The organization shall identify the status of process outputs with respect to monitoring and measurement requirements throughout production and service provision.  
Where traceability is a requirement, the organization shall control the unique identification of process outputs, and retain any documented information necessary to maintain traceability.  
NOTE.  Process outputs are the results of any activities which are ready for delivery to organization’s customer or to an internal customer (e.g., receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc.  

8.5.3 Property belonging to customers or external providers
The organization shall exercise care with property belonging to the customer or external providers while it is under the organization’s control or being used by the organization.  The organization shall identify, verify, protect and safeguard and customer’s or external provider’s property provided for use or incorporation into the products and services.  
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider.  
NOTE.  Customer property can include material, components, tools and equipment, customer premises, intellectual property and personal data.  

8.5.4 Preservation
The organization shall ensure preservation of process outputs during production and service provisons, to the extent necessary to maintain conformity to requirements.  
NOTE.  Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.  

8.5.5 Post-delivery activities
As applicable, the organization shall meet requirements for post-delivery activities associated with the products and services.  
In determining the extent of post-delivery activities that are required, the organization shall consider:
    a) the risks associated with the products and services;
    b) the nature, use and intened lifetime of the products and services;
    c) customer feedback;
    d) statutory and regulatory requirements.  
NOTE.  Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.  

8.5.6 Control of changes
The organization shall review and control unplanned changes essential for production or service provision to the extent necessary to ensure continuing conformity with specified requirements.  
The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.  

8.6 Release of products and services
The organization shall implement the planned arrangements at appropriate stages to verify that product and service requirements have been met.  Evidence of conformity with the acceptance criteria shall be retained.  
The release of products and services to the customer shall not proceed until the planned arragements for verification of conformity have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.  Documented information shall provide traceability to the person(s) authorizing release of products and services for delivery to the customer.  

8.7 Control of nonconforming process outputs, products and services
The organization shall ensure process outputs, products and services that do not conform to requirements are identified and controlled to prevent their unintended use or delivery.  
The organization shall take appropriate corrective action based on the nature of the nonconformity and its impact on the conformity of products and services.  This applies also to nonconforming products and services detected after delivery of the products or during the provision of the service.  
As applicable, the organization shall deal with nonconforming process outputs, products and services in one or more of the following ways:
    a) correction;
    b) segregation, containment, return or suspension of provision of products and services;
    c) informing the customer;
    d) obtaining authorization for:
        - use “as is” ;
        - release, continuation or re-provision of the products and services;
        - acceptance udner concession.  
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be verified.  
The organization shall retain documented information of actions taken on nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with nonconformity.

hlperng

2014 年 ISO 9001 的 DIS 版第 7 章「支援」(Support) 共有 5 節：
7.1 資源 (Resources)
7.2 職能 (Competence)
7.3 認知 (Awarenesss)
7.4 溝通 (Communication)
7.5 文件化資訊 (Documented information)

competence 職能，人員對於所賦予的工作應具備的能力，
awareness 在ISO 9000 系列長久以來大家習慣翻譯為認知，但是最進機器人意題夯，有兩個名詞與此有關：cognitive computing 與 situation awareness，前者為認知運算、後者為狀況感知。認知在先、感知在後，所以若要加以區別，awareness 宜翻譯為「感知」，認知是 cognition、類似的 recognition 則為認識（舊識再認知）。

第七章的關鍵字為：資源 (7.1 Resources) ，也就是支援品質管理系統能夠順利運作所需要的項目，包括人員 (7.1.2 People)、基礎設施 (7.1.3 Infrastructure)、過程運作環境 (7.1.4 Environment for the operation of processes)、監視與量測資源 (7.1.5 Monitoring and measuring resources) (系統、設備、儀器、裝置)、及組織知識 (7.1.6 Organizational knowledge)。其中基礎設施一般包括建築與設施、硬體與軟體設備、運輸及資訊與通訊技術，可以參考政府公務部門規定的財產分類或資產管理的資本門會計分科；過程操作環境本來是使用工作環境 (working environment)，可能是考量不要造成和安全與衛生管理系統的工作(或作業)環境定義發生混淆，因此從工作環境改為（品質管理系統）過程操作時有關的環境。

第七章討論的內容，特別強調的只在於（人員）職能、認知、溝通與文件化資訊等四個項目。

• 擔任品質管理系統過程相關作業的人員必須要有職能 (7.2 competence)，這些人員在執行過程作業的工作時要有認知 (7.3 awareness)。
• 品質管理系統要能夠成功，有賴於溝通 (7.4 communication) 技巧的運作。
• 原來的文件 (documents)，包括程序(書) (procedures) 及記錄 (records)，改為文件化資訊(7.5 documented information)。文件化資訊分為需要維護 (maintain) 的及需要保存 (retain) 的兩類，組織需要維護 (maintain) 的文件化資訊就是支持各項過程運作的程序書 (procedures)、需要保存 (retain) 的文件化資訊就是提供過程已經執行完畢信心的記錄 (records)。此一要求規定在第 4.4 節的最後一句：“The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.”
  

ISO 9001-2015 第七章的內容，除了 7.1.1 節針對品質管理系統加以詳細論述之外，大致遵循 Annex SL HLA 的規定

7.1 資源 (Resources)
7.1.1 概述 (General)
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system.  
The organization shall consider:
a) the capabilities of, and constraints on, existing internal resources;
b) what needs to be obtained from external providers.  

7.1.2 人員 (People)
To ensure that the organization can consistently meet customer and applicable statutory and regulatory requirements, the organization shall provide the persons necessary for the effective operation of the quality management system, including the processes needed.  

7.1.3 基礎建設 (Infrastructure)
The organization shall determine, provide and maintain the infrastructure for the operation of its processes to achieve conformity of products and services.
NOTE.  Infrastructure can include:
a) buildings and associated utilities;
b) equipment including hardware and software;
c) transportation;
d) information and communication technology.  

7.1.4 過程操作環境 (Environment for the operation of processes)
The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services.  
NOTE.  Environment for the operation of processes can include physical, social, psychological, environmental and other factors (such as temperature, humidity, ergonomics and cleanliness).

7.1.5 監視與量測資源 (Monitoring and measuring resources)
Where monitoring or measuring is used for evidence of conformity of products and services to specified requirements the organization shall determine the resources needed to ensure valid and reliable monitoring and measuring results.  
The organization shall ensure that the resources provided:  
a) are suitable for the specific type of monitoring and measurement activities being undertaken;
b) are maintained to ensure their continued fitness for their purpose.  
The organization shall retain appropriate documented information as evidence of fitness for purpose of monitoring and measurement resources.  
Where measurement traceability is: a statutory or regulatory requirement; a customer or relevant interested party expectation; or considered by the organization to be an essential part of providing confidence in the validity of measurement results; measuring instrument shall be:
- verified or calibrated at specified intervals or prior to use against measurement standards traceable to international or national measurement standards.  Where no such standards exist, the basis used for calibration or verification shall be retained as documented information;
- identified in order to determine their calibration status;
- safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results.  
The organization shall determine if the validity of previous measurement results has been adversely affected when an instrument is found to be defective during its planned verification or calibration, or during its use, and take appropriate corrective action as necessary.

7.1.6 組織知識 (Organizational knowledge)
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.  
組織必須決定其過程運作及達成產品與服務符合性所需要的知識。
This knowledge shall be maintained, and made available to the extent necessary.  
此一知識必須予以維護，並且依所需程度備妥可用。
When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access the necessary additional knowledge.  
當處理變更需要及趨勢時，組織必須考慮其現有的知識，然後決定如何獲得或存取必要的額外知識。
NOTE 1.  Organizational knowledge can include information such as intellectual property and lessons learned.  
註釋 1：組織知識可以包括智慧財產及經驗教訓等資訊。
NOTE 2.  To obtain the knowledge required, the organization can consider:
註釋 2：為獲得所要求的知識，組織可以考量：
a) internal sources (e.g., learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the organization);
內部資源（例如：組織內失敗或成功專案所得到的教訓、無記錄知識的擷取及主題專家的經驗）；
b)  external sources (e.g., standards, academia, conferences, gathering knowledge with customers or providers).  
b) 外部資源（例如：標準、學術界、研討會、從顧客或供應者收集到的知識）。

7.2 職能 (Competence)
The organization shall:
組織必須：
a) determine the necessary competence of person(s) doing work under its control that affects its quality performance;
b) ensure that these persons are competent on the basis of appropriate education, training, or experience;
c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;
d) retain appropriate documented information as evidence of competence.  
NOTE.  Applicable actions can include, for example, the provision of training to, the mentoring of, or the re-assignment of currently employed persons; or the hiring or contracting of competent persons.  

7.3 認知 (Awareness)
Persons doing work under the organization’s control shall be aware of:
在組織控制下執行工作人員必須認知：
a) the quality policy;
a) 品質政策；
b) relevant quality objectives;
b) 相關品質目標；
c) their contribution to the effectiveness of the quality management system, including the benefits of improved quality performance;
c) 他們對於品質管理系統的有效性，包括改進後品質績效的利益；  
d) the implications of not conforming with the quality management system requirements.  
d) 不符合品質管理系統要求的影響。

7.4 溝通 (Communication)
The organization shall determine the internal and external communications relevant to the quality management system including:
a) on what it will communicate;
b) when to communicate;
c) with whom to communicate;
d) how to communicate.  

7.5 文件化資訊 (Documented information)
7.5.1 概述 (General)
The organization’s quality management system shall include:
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.
NOTE.  The extent of documented information for a quality management system can differ from one organization to another due to:
a) the size of organization and its type of activities, processes, products and services;
b) the complexity of processes and their interactions;
c) the competence of persons.  
7.5.2 創建與更新 (Creating and updating)
When creating and updating documented information the organization shall ensure appropriate:
a) identification and description (e.g., a title, date, author, or reference number);
b) format (e.g., language, software version, graphics) and media (e.g., paper, electronic);
c) review and approval for suitability and adequacy.  

7.5.3 文件化資訊之控制 (Control of documented information)
7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g., from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g., version control);
d) retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and controlled.  
NOTE.  Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.  

hlperng

2014 年ISO 9001 的 DIS 版第 6 章「規劃品質管理系統」(planning for the quality management system)包括 3 節：
6.1「強調風險與機會之行動」(actions to address risks and opportunities)
6.2 「品質目標及規劃達標」(quality objectives and planning to achieve them)
6.3 「規劃變更」(planning for changes)
這一章的主角為品質管理系統，說明品質管理系統規劃的相關活動，

ISO/DIS 9001:2014 與 Annex SL 的差異如下紅色斜體字所標示：
6.1 強調風險與機會之行動 (Actions to address risks and opportunities)
6.1.1 When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
a) give assurance that (assure) the quality management system can achieve its intended outcomes (result(s));
b) prevent, or reduce, undesired effects;
c) achieve continual improvement.  
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
    1) integrate and implement the actions into its quality management system processes (see 4.4);
    2) evaluate the effectiveness of these actions.  
Actions taken to address risks and opprotunities shall be proportionate to the potential impact on the conformity of products and services.  
NOTE 1.  Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
ISO/FDIS 9001:2015 增加了注釋 2：
NOTE 2. Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new clients, building partnerships, using new technology and desirable and viable possibitlies to address the organization's or its customers' needs.  

6.2 品質目標及達標之規劃 (Quality objectives and planning to achieve them)
6.2.1 The organization shall establish quality objectives at relevant functions, levels and processes needed for the quality management system.
The quality objective shall:
a) be consistent with the quality policy;
b) be measurable (if practicable);
c) take into account applicable requirements;
d) be relevant to conformity of products and services and the enhancement of customer satisfaction;
e) be monitored;
f) be communicated;
g) be updated as appropriate.  
The organization shall retain documented information on the quality objectives.
  
6.2.2 When planning how to achieve its quality objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.  

Annex SL 沒有 6.3 節，ISO 9001:2015 增加此一節：
6.3 變更之規劃 (Planning of changes)
Where the organization determines the need for change to the quality management system (see 4.4) the change shall be carried out in a planned and systematic manner.
當組織決定品質管理系統 (參閱第 4.4 節) 有變更之需要時，必須以有規劃及系統性的方式完成變更。

The organization shall consider:
a) the purpose of the change and any of its potential consequences;
b) the integrity of the quality management system;
c) the availability of resources;
d) the allocation or reallocation of responsibilities and authorities.  
組織必須考量：
a) 變更之目的及任何潛在之後果；
b) 品質管理系統之完整性；
c) 資源之可用性；
d) 職責與職權之配當或再配當。

hlperng

2014 年 ISO 9001 的 DIS 版第 5 章「領導」(Leadership) 分為 3 節：5.1「領導與承諾」(leadership and commitment)、5.2「品質政策」(quality policy)、5.3「組織角色、職責與職權」(organizational roles, responsibilities and authorities)
這一章的主角為高層管理(高階管理或最高管理階層)(top management)。

5. 領導 (Leadership)
5.1 領導與承諾 (Leadership and commitment)
5.1.1 Leadership and commitment for the quality management system
Top management shall demonstrate leadership and commitment with respect to the quality management system by: a) taking accountability of the effectivenss of the quality management system;
b) ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with strategic direction and the context of the organization;
c) ensuring that the quality policy is communicated, understood and applied within the organization;
d) ensuring the integration of the quality management system requirements into the organization's business processes;
e) promoting awareness of the process approach;
f) ensuring that the resources needed for the quality management system are available;
g) communicating the importance of effective quality management and of conforming to the quality management system requirements;
h) ensuring that the quality management system achieves its intended results (outcome(s));
i) engaging, directing and supporting persons to  contribute to the effectiveness of the quality management systems;
j) promoting continual improvement;
k) supporting other relevant management roles to demonstrate their leadership as it applied to their area of responsibility.  
NOTE.  Reference to "business" in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization's existence; whether the organization is public, private, for profit or not for profit.  


5.1.2 顧客聚焦 (Customer focus)
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
a) customer requirements and applicable statutory and regulatory requirements are determined and met;
b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed;
c) the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements is maintained;
d) the focus on enhancing customer satisfaction is maintained.  

5.2 品質政策 (Quality policy)
5.2.1 Top management shall establish, review and maintain a quality policy that:
a) is appropriate to the purpose and context of the organization;
b) provides a framework for setting and reviewing quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality management system.  
5.2.2 The quality policy shall:
a) be available as documented information;
b) be communicated, understood and applied within the organization;
c) be available to relevant interested parties, as appropriate.

5.3 組織角色、職責與職權 (Organizational roles, responsibilities and authorities)
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.  
Top management shall assign the responsibility and authority for:
a) ensuring that the quality management system conforms to the requirements of this International Standard;
b) ensuring that the processes are delivering their intended outputs;
c) reporting on the performance of the quality management system, on opportunities for improvement and on the need for change or innovation, and especially for reporting to top management;
d) ensuring the promotion of customer focus throughout the organization;
e) ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

hlperng

持續不是連續或不斷，改進不只是改善，持續改進是改善。

2015 年 ISO 9001:2015 FDIS 版，除少數修正外，大致與 DIS 版類似，差異如下表所示。
2014 年 ISO 9001 的 DIS 版，第 10 章「改進」(Improvement)，包括 3 節，10.1 概述(general)、10.2 不符合性與改正行動(nonconformity and corrective actions)、10.3 持續改進 (continual improvement)。

此一章最大的意義在於「持續」 (continual) 與「改進」 (improvement) 兩個名詞的意義。
與 2008 年第四版相比較改變很大，2015 年版主要的重點有兩項，第一是點出章標題：改進 (improvement) 與第 3 節標題：「持續改進」或「時常改進」 (continual improvement)，兩者有大小範圍的差異，第二是取消過去大家已經習慣常用的「預防行動」(preventive action, PA) 與「改正行動」(corrective action, CA) 兩大改進法寶中的「預防行動」(PA)。

不過預防行動只是表面上被取消，取代之的是基於風險思維或風險為基思維 (risk-based thinking)。主要的觀念在於，當發現品質管理系統發生不符合情事時，就要馬上改進，若使用預防行動作為其手段，在觀念有可能會誤導到「改進的動作可以延到以後再說」的疑慮，這一點符合現代許多管理常採用的行動方式，那就是將過去的事先規劃的預防 (preventive)，改為較務實的預測 (predictive) 或互動或調適 (proactive or adaptive) 的趨勢。

至於改進與持續改進，首先應該了解英文 continual 一字的意義，continual 是指的持續、時常、常常發生，但是有開始有結束，反複不斷地頻繁的意思，而 continuous 則是連續不中斷、不停止。所以 continual improvement 是持續改進、continuous improvement 則是不斷改進。管理系統不可能一直再改變，因此可以想像，ISO 9001 使用使用較為嚴謹的 continual 而不是大家習慣常用的 continuous。中文翻譯為持續，因此可以稱 continual improvement 為持續改進，若是使用持續不斷改進或不斷改進，則會超過英文的原義。

有關改進 (improvement) 部分，可以從第 10.1 節第二段後面的注釋 (NOTE) 看出它的意義，FDIS 版與 DIS 版的內容分別為：
FDIS 版：「改進的範例可以包括改正（或矯正）、改正行動、持續改進、突破性變更、創新、與組織重整。」(Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.)
DIS 版：「改進效果的產生可以反應式（例如改正行動）、漸進式（例如持續改進）、階梯式變更（例如突破）、創造式（例如創新）、或藉由組織重整（例如轉變或轉型）。」(Improvement can be effected reactively (e.g., corrective action), incrementally (e.g., continual improvement), by step change (e.g., breakthrough), creatively (e.g., innovation) or by re-organization (e.g., transformation). )

改進與改善之區別，可能就要追溯到西方人對於改善 (Kaizen) 與改進 (improvement) 的看法。日本改善之父今井正明(Masaaki Imar) 先生 1997 指出，管理 (management) 有兩項功能，包括維持（或維護） (maintenance) 與改進 (improvement)。其中維護指的是維持現有技術、管理及運作標準有關的活動，以及透過訓練與紀律保持這些標準。改進 (improvement) 指的是提升現有（技術、管理及運作）標準有關的活動，又分為改善 (kaizen) 與創新 (innovation) 兩部分，亦即：改進 (Improvement) = 持續改進 (continual improvement) + 創新 (innovation)。

改善亦稱持續改進 (continual improvement, CI) 為小改進 (small improvements)，是一種持續的努力 = 現場改善 (Gemba Kaizen)

改善 (kai-zan) = Kai (change) + zen (for the better)

管理職能 = 維持 + 改進 = 維持 + 改善 + 創新 = 維持 + 持續改進 + 創新
管理手法 = 規劃 + 組織 + 分工 + 領導 + 統御

ISO/DIS 9001:2015 與 ISO/FDIS 9001:2015 第 10 章 內容比較
DIS (2015)	FDIS (2015)	注釋
10. Improvement	10. Improvement
10.1 General	10.1 General
The organization shall determine and select opportunities for improvement and implement necessary actions to meet customer requirements and enhance customer satisfaction.	The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.	加了一個字any
This shall include, as appropriate: a) improving processes to prevent nonconformities; b) improving products and services to meet known and predicted requirements; c) improving quality management system results.	These shall include: a) improving products and services to meet requirements as well as to address future needs and expectations; b) correcting, preventing or reducting undersired effects; c) improving the performance and effectiveness of the quality management systems.	維持三項，但是內容大符調整。
NOTE.  Improvement can be effected reactively (e.g., corrective action), incrementally (e.g., continual improvement), by step change (e.g., breakthrough), creatively (e.g., innovation) or by re-organization (e.g., transformation).	NOTE.  Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.	文字內容改變。 原先使用形容詞、括號舉例名詞，改為只用名詞。
10.2 Nonconformity and corrective action	10.2 Nonconformity and corrective action	維持
10.2.1 When a nonconformity occurs, including those arising from complaints, the organization shall: a) react to the nonconformity and as applicable:     1) take action to control and correct it;     2) deal with the consequences; b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:     1) reviewing the nonconformity;     2) determining the causes of the nonconformity;     3) determining if similar nonconformities exist, or could potentially occur; c) implement any action needed; d) review the effectiveness of any corrective action taken; e) make changes to the quality management system, if necessary.   Corrective actions shall be appropriate to the effects of the nonconformities encountered.   NOTE 1.  In some instances, it can be impossible to eliminate the cause of a nonconformity.   NOTE 2.  Corrective action can reduce the likelihood of recurrence to an acceptable level.	10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall: a) react to the nonconformity and, as applicable:     1) take action to control and correct it;     2) deal with the consequences; b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:     1) reviewing and analyzing the nonconformity;     2) determining the causes of the nonconformity;     3) determining if similar nonconformities exist, or could potentially occur; c) implement any action needed; d) review the effectiveness of any corrective action taken; e) update risks and opportunities determined during planning, if necessary; f) make changes to the quality management system, if necessary. Corrective actions shall be appropriate to the effects of the nonconformities encountered.	those 改成 any； 項目增加一項 (e) 風險與機會； 取消兩個注釋。
10.2.2 The organization shall retain documented information as evidence of: a) the nature of the nonconformities and any subsequent actions taken; b) the results of any corrective action.	10.2.2 The organization shall retain documented information as evidence of: a) the nature of the nonconformities and any subsequent actions taken; b) the results of any corrective action.	不變
10.3 Continual improvement The organization shall continually improve the suitability, adequacy, and effectiveness of the quality management system.   The organization shall consider the outputs of analysis and evaluation, and the outputs from management review, to confirm if there are areas of underperformance or opportunities that shall be addressed as part of continual improvement.   Where applicable, the organization shall select and ultilise applicable tools and methodologies for investigation of the causes of underperformance and for supporting continual improvement.	10.3 Continual improvement The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system.   The organization shall consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.	取消第三段內容 (Where applicable ...)。

ISO 9001:2015 FDIS (2015)
10. Improvement
10.1 General
The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.  
These shall include (as appropriate):
a) improving products and services to meet requirements as well as to address future needs and expectations;
b) correcting, preventing or reducting undersired effects;
c) improving the performance and effectiveness of the quality management systems.  
NOTE.  Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.  

10.2 Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any  (those) arising from complaints, the organization shall:
a) react to the nonconformity and, as applicable:
    1) take action to control and correct it;
    2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
    1) reviewing and analyzing the nonconformity;
    2) determining the causes of the nonconformity;
    3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) update risks and opportunities determined during planning, if necessary;
f) make changes to the quality management system, if necessary.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.  

10.2.2 The organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.  

10.3 Continual improvement
The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system.  
The organization shall consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.  



ISO 9001:2015 DIS (2014)
ISO 9001:2015 DIS 版第 10 章，除明確定義為品質管理系統，增加第 1 節（Annex SL 只有兩節）概述，第 10.3 節（亦即 Annex SL 第 10.2 節）增加一段敘述之外（如紅字部分），其餘條款文字與 Annex SL 相同。
10.1 概述 (General)
The organization shall determine and select opportunities for improvement and implement necessary actions to meet customer requirements and enhance customer satisfaction.  
This shall include, as appropriate:
a) improving processes to prevent nonconformities;
b) improving products and services to meet known and predicted requirements;
c) improving quality management system results.
NOTE.  Improvement can be effected reactively (e.g., corrective action), incrementally (e.g., continual improvement), by step change (e.g., breakthrough), creatively (e.g., innovation) or by re-organization (e.g., transformation).
注釋：達到改進效果可以是透過反應式（例如：改正行動）、漸進式（例如：持續改進）、階段變更式（例如：突破）、創造式（例如：創新）、或是藉由組織重整（例如：轉換）。

10.2 不符合性及改正行動(Nonconformity and corrective action)
10.2.1 When a nonconformity occurs, including those arising from complaints, the organization shall:
a) react to the nonconformity and as applicable:
    1) take action to control and correct it;
    2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
    1) reviewing the nonconformity;
    2) determining the causes of the nonconformity;
    3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) make changes to the quality management system, if necessary.  
Corrective actions shall be appropriate to the effects of the nonconformities encountered.  
NOTE 1.  In some instances, it can be impossible to eliminate the cause of a nonconformity.  
NOTE 2.  Corrective action can reduce the likelihood of recurrence to an acceptable level.

10.2.2 The organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.

10.3 Continual improvement
The organization shall continually improve the suitability, adequacy, and effectiveness of the quality management system.  
The organization shall consider the outputs of analysis and evaluation, and the outputs from management review, to confirm if there are areas of underperformance or opportunities that shall be addressed as part of continual improvement.  
Where applicable, the organization shall select and ultilise applicable tools and methodologies for investigation of the causes of underperformance and for supporting continual improvement.  


2013年 CD 版
10.1 Nonconformity and corrective action
When a nonconformity occurs, the organization shall:
(同 Annex SL 10.1)
10.2 Improvement
The organization shall improve the quality management system, processes and goods and services, as appropriate, through responding to:
a) results of analysis of data;
b) changes in the context of the organization;
c) changes in identified risk (see 6.1); and
d) new opportunities.  
The organization shall evaluate, prioritise and determine the improvement to be implemented.


2012 年 WD版
10.1 Nonconformity and corrective action
(同 Annex SL 10.1)

10.2 Improvement
The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system.
The organization shall define a structured approach for continual improvement of quality management system process and/or product through the use of the outcomes of performance evaluation (see 9).  
The organization shall maintain control over its processes in all areas of its quality management system during continual improvement implementation.  Plans shall be established for change implementation to ensure consideration of the impact in all relevant areas.  
NOTE.  Continual improvement may include processes /approaches such as innovation, lean, six sigma, etc.  

hlperng

新版 ISO 9001 第四章〈組織之情境〉為新的章節，分為 4 節：4.1「瞭解組織及其情境」、4.2「瞭解有興趣團體之需要及期望」、4.3「決定品質管理系統之範圍」、4.4「品質管理系統及其過程」。
有些單位在引介 2015 年版 ISO 9001 時，將此章的名稱 "context of the organization" 翻譯為「組織環境」。ISO 9001:2008 只強調組織環境的概念，在ISO 9004:2009 的圖 1，的確是以組織環境 (organization's environment) 來界定及說明品質管理系統的範圍。但是，ISO 在處理 MSS 時，已經明白定位管理系統的範圍，組織在乎的不應只是營業環境，還要包括組織文化等內部因子，以及組織運作的社經環境等外在因子，所以組織的系統包括系統內涵本身、邊界及環境。這也是 2015 版的品質管理八大原則取消系統方式變成品質管理七大原則的基本原因，因為品質管理系統本身就是系統，何須用系統方式來處理之。關於組織情境的定義，ISO 21500:2012《專案管理指引》圖1 或許是不錯的理解參考資料。ISO 9001:2015 要求，組織都必須識別、監視、與審查和組織的運作目的及策略方向有關的內部和外部議題，使品質管理系統可以影響預定的結果。
(請參閱：本論壇 ISO 21500:2012《專案管理指引》http://tw-redi.com/forum.php?mod=viewthread&tid=461&extra=page%3D1)

只是 "Context" 這個字在 CNS 處理等同國際標準的風險管理相關國家標準，CNS 14889:2012 (ISO Guide 73:2009 IDT)、CNS 31000:2013 (idt ISO 31000:2008) 及 CNS 31010:2012 (idt ISO 31010:2009) 時，已經將 context 翻譯為「前後環節」，在有些文件則翻譯為上下文。就中文而言，context 應該譯為 「情境」或內涵，不過情境還是比較貼切的用語，其範圍比內涵或環境的境界更廣。

另外第 4.4 節的最後一段條款，也隱含著將品質管理系統作業中，事前規劃的程序書 (procedures) 及事後結果的記錄 (records) 改為建檔資訊或文件化資訊 (documented information) 之後，兩者的區別是以必須「維持」(maintain) 的事前建檔或文件化資訊為程序書，必須「保存」(retain) 的事後建檔或文件化資訊為記錄。


以下為ISO 9001:2015 的條文，黑色為 MSS 規定的標準條文，紅色是 ISO 9001 特有新增或變更的條文：

4.1 瞭解組織及其情境 (Understanding the organization and its context)
The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.  
The organization shall monitor and review the information about these external and internal issues.  
NOTE 1.  Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional or local.  
NOTE 2.  Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge and performance of the organization.  

4.2 瞭解有興趣團體之需要及期望(Understanding the needs and expectations of interested parites)
Due to their impact or potential impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine
a) the interested parties that are relevant to the quality management system;
b) the requirements of these interested parties that are relevant to the quality management system.  
The organization shall monitor and review the information about these interested parties and their relevant requirements.

4.3 決定品質管理系統之範圍(Determining the scope of the quality management system)
The organization shall determine the boundaries and applicability of the quality management system to establish its scope.  
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organization.  
Where a requirement of this International Standard within the determined scope can be applied, then it shall be applied by the organization.  
If any requirement(s) of this International Standard cannot be applied, this shall not affect the organization’s ability or responsibility to ensure conformity of products and services.
The scope shall be available and be maintained as documented information stating the:
- products and services covered by the quality management system;
- justification for any instance where a requirement of this International Standard cannot be applied.  

4.4 品質管理系統及其過程 (Quality management system and its processes)
The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed the their interactions, in accordance with the requirements of this International Standard.  
The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine:
a) the inputs required and the outputs expected from these processes;
b) the sequence and interaction of these processes;
c) the criteria, methods, including measurement and related performance indicators needed to ensure the effective operation, and control of these processes;
d) the resources needed and ensure their availability;
e) the assignment of the responsibilities and authorities for these processes;
f) the risks and opportunities in accordance with the requirements of 6.1, and plan and implement the appropriate actions to address them;
g) the methods for monitoring, measuring, as appropriate, and evaluation of processes and, if needed, the changes to processes to ensure that they achieve intended results;
h) opportunities for improvement of the processes and the quality management system.  
The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.