ISO/IEC 9001•

ISO 9001 – Clause 6 – Planning

See it in action
By Max Edwards | Updated 21 March 2024

Explore the essentials of ISO 9001:2015 Clause 6, including Quality Management System planning, risk-based thinking, and strategies for identifying risks to enhance organisational resilience and quality performance.

Jump to topic

ISO 9001:2015 and Clause 6 – Planning

Understanding the ISO 9001 Quality Management System Standard

ISO 9001:2015 sets the criteria for a quality management system (QMS) and is founded on several quality management principles, including a strong customer focus, the involvement of high-level company management, a process approach, and continual improvement. As a globally recognised standard, it helps ensure that customers get consistent, good-quality products and services, which in turn brings many business benefits.

The Role of Planning in Achieving Quality Objectives and Processes

Planning is a critical component of the QMS. It involves setting quality objectives and outlining the processes necessary to deliver results in accordance with customer requirements and the organisation’s policies. At ISMS.online, we understand that effective planning is pivotal in managing and improving the systems that create and control the products and services an organisation supplies.

Overview of the Six Implementable Clauses of ISO 9001:2015

ISO 9001:2015 is structured into ten clauses, with clauses 4 through 10 containing the requirements for a QMS. Clause 6, specifically, is one of the six main clauses that outline the criteria for implementing and maintaining an effective QMS.

Deep Dive into Clause 6: Planning and Its Significance

Clause 6 of ISO 9001:2015 emphasises the need to plan actions to address risks and opportunities, change management, and quality objectives. It's a proactive approach that requires an understanding of the context of the organisation and the needs of interested parties. At ISMS.online, we provide tools and guidance to help you navigate this clause, ensuring that your planning process is aligned with the standard's requirements and your strategic objectives.

Book a demo

Risk-Based Thinking in ISO 9001:2015

Risk-based thinking is a cornerstone of the ISO 9001:2015 standard, permeating various clauses to ensure a proactive approach to Quality Management System (QMS) management. At ISMS.online, we understand that integrating this concept into your QMS is not just about compliance; it’s about enhancing the resilience and responsiveness of your organisation.

The Concept and Integration Across Clauses

Risk-based thinking mandates that you consider both risks and opportunities in all QMS processes. This approach is not isolated to a single clause but is woven throughout the standard, ensuring that risk consideration becomes a natural part of your organisational thinking and planning.

Proactive QMS Management

By adopting risk-based thinking, you’re not just reacting to adverse events but proactively managing potential risks and opportunities. This forward-thinking stance is crucial for the sustainability and growth of your business.

Framework for Objectives and Planning

Risk-based thinking provides a structured framework for setting objectives, developing action plans, and allocating resources effectively. It ensures that you’re always one step ahead, with strategies in place to address potential challenges and capitalise on opportunities.

Risk Evaluation and Analysis Process

The process of risk evaluation, assessment, identification, and analysis is integral to risk-based thinking. It involves a thorough examination of your processes and the external environment to pinpoint areas that require attention. At ISMS.online, our platform offers dynamic tools to facilitate these critical risk management activities, helping you maintain a robust and reliable QMS.


Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Identifying Risks and Opportunities

In the realm of ISO 9001:2015, Clause 6 emphasises the importance of a systematic approach to understanding, identifying, and planning for risks and opportunities. At ISMS.online, we provide the tools and guidance to ensure that this process is not only compliant but also adds real value to your organisation.

Understanding and Identifying Risks and Opportunities

The first step in risk management is to comprehend the full scope of what could impact your organisation’s objectives. This means looking beyond immediate challenges to identify potential risks and opportunities that could influence long-term success. Our platform facilitates this by providing a structured environment for risk assessment.

Contextualising to Your Organisation

Risks and opportunities must be relevant to your specific context. This includes considering the needs and expectations of interested parties, as well as the internal and external issues that are unique to your organisation. We help you tailor your risk management process to align with these factors, ensuring that it is both effective and pertinent.

Impact of External/Internal Issues

External and internal issues can significantly influence risk identification. Whether it’s changing market conditions, technological advancements, or internal process changes, our platform helps you capture and analyse these factors to maintain a proactive stance in your QMS.

Considering Process Type and Consequences

Finally, it’s crucial to consider the type of processes, their levels, and the potential consequences of failures. Understanding these elements helps in prioritising risks and focusing on areas that require immediate attention. With ISMS.online, you can manage this process seamlessly, ensuring that your risk identification is both thorough and precise.


Risk Identification Methodology

Understanding and managing risks is a pivotal aspect of ISO 9001:2015, and at ISMS.online, we recognise the critical need for a consistent and effective risk identification methodology. This methodology is not just a compliance requirement; it’s a strategic tool that can steer your organisation towards resilience and quality excellence.

Consistency and Effectiveness in Risk Identification

A consistent approach ensures that risk identification is not a one-off event but a continuous process that adapts to new information and changing circumstances. Effectiveness, on the other hand, means that the methodology actually identifies risks that matter, allowing you to focus your resources where they are needed most.

Components of a Robust Methodology

An effective risk and opportunity identification methodology includes:

  • Comprehensive Analysis: Looking at all aspects of your operations to identify where risks may exist.
  • Stakeholder Involvement: Engaging with interested parties to understand their perspectives on risk.
  • Regular Reviews: Updating your risk assessments to reflect changes in your operating environment.

The Role of the Risk Management Framework

Our risk management framework encompasses:

  • Methodology: A systematic approach to identify and evaluate risks.
  • Risk Appetite: Defining the level of risk you’re willing to accept.
  • Training: Ensuring your team has the knowledge to identify and manage risks effectively.
  • Reporting: Keeping stakeholders informed about risks and the actions taken to address them.

Through ISMS.online, we provide you with the tools and support to implement a risk management process that is integral to your QMS and aligned with ISO 9001:2015 Clause 6.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Determining Risks and Opportunities

When it comes to ISO 9001:2015, Clause 6.1 emphasises the need for a detailed understanding of the internal and external factors that can impact your Quality Management System (QMS). At ISMS.online, we guide you through the intricate process of identifying these variables to ensure your organisation’s resilience and continual improvement.

Inputs for Risk and Opportunity Determination

To effectively determine risks and opportunities, you must consider a variety of inputs:

  • External/Internal Analysis: Assessing the external environment and internal organisational context.
  • Strategic Direction: Aligning risks and opportunities with the strategic goals of your organisation.
  • Interested Parties: Understanding the needs and expectations of stakeholders.
  • QMS Scope: Considering the boundaries and applicability of your QMS.
  • organisational Processes: Evaluating the processes within your QMS for potential risks and opportunities.

Interested Party Management

Managing the expectations and requirements of interested parties is crucial. It ensures that your risk management process is comprehensive and considers all potential impacts on stakeholder satisfaction and compliance.

Clause 5.3 Requirements

Clause 5.3 mandates a planned approach to address risks and opportunities. This involves:

  • Recording Actions: Documenting the steps taken to address identified risks and opportunities.
  • Evaluating Effectiveness: Assessing whether the actions taken have been effective in mitigating risks and capitalising on opportunities.

Through our platform, we provide the structure and tools necessary for you to record and evaluate your risk management actions, ensuring that your QMS remains robust and compliant.


Documenting Evidence for ISO 9001 Clause 6

As you navigate the requirements of ISO 9001:2015, particularly Clause 6, the documentation of evidence becomes a pivotal aspect of your Quality Management System (QMS). At ISMS.online, we are committed to assisting you in managing and documenting this evidence effectively.

Forms of Evidence in QMS

To comply with Clause 6, you will need to gather various forms of evidence:

  • Meeting Minutes: Documenting the discussions and decisions made during meetings.
  • SWOT Analysis: Assessing strengths, weaknesses, opportunities, and threats.
  • Feedback and Competitor Analysis: Collecting insights from customers and analysing market competition.
  • Strategic Documents and Reviews: Maintaining records of strategic planning and periodic reviews.
  • Inspections and Corrective Actions: Recording the outcomes of inspections and any corrective actions taken.
  • Management Review Minutes and Risk Records: Documenting the findings and decisions from management reviews, as well as detailed risk assessments.

The Role of Management Review

Management review is integral to Clause 6, ensuring that your QMS is performing as intended and that continuous improvement is being pursued. Documented information from these reviews provides evidence of your commitment to quality.

Implementing a Document Control System

A robust document control system is essential for maintaining the integrity of your QMS documentation. It ensures that all evidence is accurate, up-to-date, and accessible when needed.

Our Assistance with Documentation

At ISMS.online, we offer a platform that simplifies the documentation process, providing:

  • Structured Document Management: organise and store all your QMS documentation in one secure location.
  • Easy Access and Retrieval: Quickly find the documents you need with our intuitive search and retrieval system.
  • Compliance Assurance: Our tools help ensure that your documentation meets the requirements of ISO 9001:2015 Clause 6.

By leveraging our services, you can ensure that your documentation is not only compliant but also a valuable asset for your organisation’s quality journey.


Compliance doesn't have to be complicated.

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

The Importance and Benefits of Risk Management

In the context of ISO 9001:2015, risk management is not merely a compliance exercise; it’s a strategic approach that permeates every aspect of your operations. At ISMS.online, we’re dedicated to helping you realise the full spectrum of benefits that effective risk management can bring to your organisation.

Influencing Operations and Decision-Making

Risk management is a critical driver for operational efficiency and informed decision-making. By identifying potential risks early, you can:

  • Prevent Disruptions: Proactively address issues before they impact your operations.
  • Enhance Decision Quality: Make informed choices with a clear understanding of potential risks and rewards.

Achieving Competitive Advantage

Effective risk management contributes to a robust competitive edge by:

  • Increasing Flexibility: Quickly adapt to changes and challenges in the business environment.
  • Improving Resource Allocation: Direct your resources to areas with the greatest potential for return or risk mitigation.

Building Customer Confidence

Your commitment to risk management directly affects customer perception, leading to:

  • Greater Assurance: Customers feel more secure knowing that you manage risks diligently.
  • Enhanced Resilience: Demonstrate your ability to withstand and recover from adverse events.

Supporting Your Risk Management Efforts

Our Quality Management System at ISMS.online is designed to support your risk management initiatives by providing:

  • Dynamic Risk Management Tools: Identify, assess, and manage risks efficiently.
  • Transparent Reporting: Keep stakeholders informed with clear and concise risk reports.

By leveraging our platform, you can ensure that risk management is an integral part of your quality journey, driving continuous improvement and fostering trust among your stakeholders.


Further Reading

Risk Management Methodology and Information

In the landscape of ISO 9001:2015, understanding and adeptly managing risks is pivotal for enhancing decision-making and bolstering customer confidence. At ISMS.online, we advocate for a strategic approach to risk management that not only complies with standards but also fortifies your organisation’s trustworthiness and reliability.

Embracing Risk-Based Thinking

Risk-based thinking is integral to ISO 9001:2015, and it involves:

  • Identifying Opportunities: recognising areas for growth and improvement.
  • Improving Customer Satisfaction: Ensuring that potential issues are addressed before they affect your clients.
  • Implementing Preventive Actions: Taking steps to prevent non-conformities.

Transitioning with the PDCA Methodology

We suggest adopting the Plan-Do-Check-Act (PDCA) cycle to transition smoothly to risk-based thinking. This iterative process allows for continual refinement and improvement of your risk management practices.

Documenting Risk Management Activities

Maintaining well-documented information is essential for effective risk management. This includes:

  • Risk Management Files: Keeping detailed records of risk assessments and mitigation strategies.
  • Other Sources: utilising various documentation tools to support your risk management process.

By partnering with ISMS.online, you gain access to a platform that simplifies the documentation and management of your risk-related activities, ensuring that your QMS remains robust and transparent.


Communication and Management of Risks

Effective risk management within the framework of ISO 9001:2015 is not an insular activity; it necessitates clear and consistent communication both within your organisation and with external parties. At ISMS.online, we provide the tools and support to ensure that this communication is seamless and effective.

Internal and External Communication

Communicating risks is essential for fostering an organisational culture that prioritises risk awareness. This includes:

  • Internal Communication: Ensuring that all team members are aware of potential risks and the measures in place to mitigate them.
  • External Communication: Informing stakeholders, including suppliers and customers, about relevant risks and how they are being managed.

Risk Management in Outsourced Processes

When you outsource processes, it’s crucial to integrate risk management activities by:

  • Assessing Changes: Evaluating how changes in outsourced processes could impact your risk profile.
  • Communicating Control Measures: Clearly conveying your risk control measures to suppliers to ensure alignment with your QMS.

Early Risk Management in Design & Development

Incorporating risk management early in the design and development stages allows for:

  • Hazard Identification: Spotting potential issues before they become problems.
  • Risk Evaluation: Assessing the potential impact of identified risks.
  • Design Input Integration: Using risk evaluation to inform design decisions, enhancing the safety and quality of your products or services.

Our Role in Your Risk Management Strategy

At ISMS.online, we are committed to aiding you in the communication and management of risks by providing:

  • Structured Communication Channels: Facilitate clear and traceable communication regarding risk management.
  • Integrated Risk Management Tools: Our platform offers dynamic tools to help you identify, evaluate, and communicate risks effectively.

By leveraging our services, you can ensure that risk management is an integral part of your operations, contributing to the overall robustness and reliability of your QMS.


Risk Registers and Auditing Risk Management

Risk registers are a fundamental tool in the ISO 9001:2015 framework, serving as a centralised repository for capturing and monitoring risks. At ISMS.online, we provide a structured approach to managing your risk registers, ensuring that they are an asset to your risk management process.

Components of Risk Registers

A comprehensive risk register includes:

  • Description: Clearly articulating the nature of the risk.
  • Type: categorising the risk to identify patterns and commonalities.
  • Likelihood and Severity: Assessing the probability of occurrence and potential impact.
  • Countermeasures: Outlining actions to mitigate the risk.
  • Risk Owner: Assigning responsibility for managing each risk.
  • Status: Tracking the current state of the risk.
  • Optional Quantitative Value: Applying metrics for a more objective risk assessment.

Assurance Framework and Internal Audit

Our assurance framework encompasses:

  • Process Reviews: Regularly examining your risk management processes for effectiveness.
  • Internal Audit Function: Providing an objective assessment of how well risks are being managed.
  • Recommendations for Improvements: Offering actionable insights to enhance your risk management practices.

How We Support Your Auditing Efforts

At ISMS.online, we assist you in:

  • Streamlining Risk Register Management: Our platform simplifies the creation, updating, and tracking of your risk registers.
  • Facilitating Internal Audits: We provide tools that support the internal audit function, making it easier to review and improve your risk management processes.

By integrating our solutions, you can ensure that your risk registers are not just compliant, but also a driving force for continuous improvement within your QMS.


Quality Objectives, Process Identification, and Ownership

In the journey toward ISO 9001:2015 compliance, the establishment of clear quality objectives is paramount. At ISMS.online, we guide you through aligning these objectives with your organisation’s Quality Policy and Risk Assessment, ensuring they are not only measurable but also meaningful.

Deriving Quality Objectives

Quality objectives are the benchmarks of success for your QMS. They should stem directly from your Quality Policy, reflecting the commitment to quality that you have articulated. Through risk assessment, we help you pinpoint areas of improvement that can transform into tangible objectives.

Establishing Measurable Objectives

It’s essential that your quality objectives are measurable. This allows you to track progress and make data-driven decisions. Our platform provides the tools to set, monitor, and review these objectives, ensuring they are aligned with your strategic direction.

Documenting Process Identification

A well-documented process is the backbone of any effective QMS. We assist you in detailing the inputs, outputs, resources, sequence, and interactions of your processes. This documentation is crucial for clarity and consistency across your organisation.

Assigning Process Ownership

Assigning owners to each process, with clearly defined responsibilities and authority, is critical for accountability. Our platform supports the designation of roles and responsibilities, ensuring that everyone knows who is responsible for each part of the QMS.



Performance Indicators, Change Management, and Compliance

In the pursuit of ISO 9001:2015 compliance, establishing and managing Key Performance Indicators (KPIs) is essential. At ISMS.online, we provide a structured approach to help you define, collect, and analyse performance data, ensuring continuous improvement within your Quality Management System (QMS).

Establishing and Monitoring KPIs

Key Performance Indicators (KPIs) are vital metrics that reflect the effectiveness and efficiency of your processes. We guide you in selecting meaningful KPIs that align with your quality objectives and in setting up mechanisms for regular data collection and analysis. This enables you to monitor performance and implement improvement actions where necessary.

Managing Change Effectively

Change is inevitable, and managing it effectively is critical for maintaining compliance. Our platform supports you in identifying potential changes, evaluating their implications, and ensuring that all changes are communicated, documented, and controlled in accordance with ISO 9001:2015 requirements.

Preparing for Clause 6 Audits

When it comes to Clause 6 audits, you need to be prepared with the right evidence. This includes records of your risk assessments, documented quality objectives, change management logs, and supplier evaluations. Our platform simplifies the maintenance and retrieval of these documents, making audit preparation more efficient.

Our Role in Your Compliance Journey

At ISMS.online, we are committed to supporting your compliance efforts. Our tools and services are designed to streamline the management of performance indicators, change management processes, and overall compliance with ISO 9001:2015. With our platform, you can ensure that your QMS is not only compliant but also capable of driving significant improvements across your organisation.

Book a demo

ISO 9001 Clause Table

ISO 9001 Clause NumberISO 9001 Clause Name
Clause 4Context of the Organization
Clause 4.1Understanding the Organization and Its Context
Clause 4.2Understanding the Needs and Expectations of Interested Parties
Clause 4.3Determining the Scope of the Quality Management System
Clause 4.4Quality Management System and Its Processes
Clause 5Leadership
Clause 5.1Leadership and Commitment
Clause 5.2Policy
Clause 5.3Organizational Roles, Responsibilities and Authorities
Clause 6Planning
Clause 6.1Actions to Address Risks and Opportunities
Clause 6.2Quality Objectives and Planning to Achieve Them
Clause 6.3Planning of Changes
Clause 7Support
Clause 7.1Resources
Clause 7.2Competence
Clause 7.3Awareness
Clause 7.4Communication
Clause 7.5Documented Information
Clause 8Operation
Clause 8.1Operational Planning and Control
Clause 8.2Requirements for Products and Services
Clause 8.3Design and Development of Products and Services
Clause 8.4Control of Externally Provided Processes, Products and Services
Clause 8.5Production and Service Provision
Clause 8.6Release of Products and Services
Clause 8.7Control of Nonconforming Outputs
Clause 9Performance Evaluation
Clause 9.1Monitoring, Measurement, Analysis and Evaluation
Clause 9.2Internal Audit
Clause 9.3Management Review
Clause 10Improvement

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Streamline your workflow with our new Jira integration! Learn more here.