How to Build a Quality Management System


in today's highly competitive business environment, forward-thinking organisations are more committed than ever to continually refining their processes and procedures to improve their products and services. The development of a Quality Management System (QMS) is perhaps the best way to demonstrate this commitment.

However, the creation of a QMS is always a challenge for companies. All markets have become very competitive and having the right QMS is important to be sure that you provide the right product and service to your customers.

It is important to understand that a QMS is a system to manage the your business. It is not a system to guarantee quality. It is a management system that, if done right, produces quality outcomes. A QMS could be built for ISO certification, to satisfy customer requirements, or to create a system to continuously improve products and services and provides organisations with the opportunity to increase their competitive position by focusing improvement efforts on those operational areas in the most need of change.

To build a QMS, start by identifying issues, and interested parties, and continue with mapping your processes, defining your QMS scope, quality policy, quality objectives, determining support, developing documentation, critical procedures, your defects, processes, then measure, monitor, and improve.

Identify and Assess Issues (Clause 4)

The standard requires:

The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.

Most organizations look at things like their market, applicable legislation, competitors, their customers, and their internal processes while some will include looking at their environmental impact. Very few organizations actually look at their workforce, their community and the cultural and social aspects of the company. The 2015 version of the ISO 9001 standard pushes companies to include all these elements when planning the scope of the QMS.

When the phrase Context of the Organization is used, context means a combination of external and internal factors that have a direct impact on the organization and its ability to continue providing products and services to its customers.

Internal factors includes things like the organization’s culture, structure, governance, technology, strategic decisions and vision for the future.

External factors encompassed the whole environment in which the organization operates: social, cultural, legal, political, regulatory, statutory, economical, etc., at all levels including local, state, country and even international.

When thinking of the internal issues for the business, I suggest that you start off by noting the interested parties within your business. By knowing who is involved in the business, you’ll have a strong foundation of what needs to be considered here.

To assess internal and external issues, you will need to do a SWOT analysis:

  • Strengths: the unique benefits that are brought about by your current resources, and market position that your business has within your industry.

  • Weaknesses: deficiencies that your business currently has in the market that you operate. These could be brought about by your resources, or your current position in the market.

  • Opportunities: new areas growth, or improved quality of service/product that can be obtained by doing changes in your current business. These improvements can generally be made available to your business by changing resources or focus within your business.

  • Threats: potential outside circumstances that could have an effect on your business.

Identify and Assess your Interested Parties (Clause 4)

Interested parties have always existed, the same as context did. We now need to take them into account based on the boundaries defined by the context.

There are many interested parties, including shareholders and owners, government bodies, employees, business associations, customers, suppliers, debt holders and the communities where people or facilities are located. The context can be used to determine how wide you need to go.

A common method of determining this is with an Interested Party Matrix – where the Interested Party is plotted against two variables. These variables might be plotting the level of ‘stake’ in the outcomes of the organization against ‘resources’ of the Interested Party. Another is the ‘importance’ of the Interested Party against the ‘influence’ of the Interested Party.


  1. Make a list of all Interested Parties.

  2. Rank the Interested Parties. This ranking could be done on a scale of one to five, according to one of the criteria on the matrix, such as ‘interest in the organizational objectives’ or ‘interest in the financial success’.

  3. Another method for ranking interested parties is using an Interested Parties Matrix.

  4. Ask the following questions: Are there any surprises? Which Interested Parties do we have the most/least contact with? Which Interested Parties might we have to make special efforts to ensure engagement?

Use the Power and Interest Matrix

A useful tool for helping you decide how to manage a particular interested party is the Power/Interest Matrix developed by Johnson and Scholes.

This simple tool relates two important relationship variables:

  • How much interest do they have in your decisions and activities? This could be interpreted as the strength of their relevance.

  • How much power or influence do they have over your decisions and activities? This could be interpreted as their significance or risk.

Plotting interested parties helps you to prioritize the effort required to meet their needs and expectations:

Identify Needs and Expectations of Interested Parties (Clause 4)

Due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, ISO 9001 requires the organization to determine:

  1. the interested parties that are relevant to the quality management system;

  2. the requirements of these interested parties that are relevant to the quality management system.

Once the interested parties have been identified, we need to define their “needs and expectations”. Identification of an Interested Party’s needs and expectations is an essential part of developing a compliant QMS.

Use different research methods as necessary to confirm your knowledge of each group or significant stakeholder. Summarize the findings and add them to the relevant column in your table of Interested Parties.

Taking the time to understand the needs and expectations of your interested parties is essential to:

  • Defining the scope of your management system.

  • Ensuring customer satisfaction.

  • Meeting compliance obligations.

  • Continual improvement of the organization and its management system.

  • Meeting the requirements of ISO 9001.

By using the methods described in this article, you can develop your own process or framework for identifying, understanding, monitoring and reviewing interested parties in terms of:

  • Level of interest (Relevance)

  • Level of influence (Significance)

For each relevant interested parties you then need to write out what their known needs & expectations are. These needs and expectations can be declared or unspoken, so it is important to think through all of the possible places that an interested party might identify their needs. For each of the categories mentioned above, here are some of the places to look to find this information:

  • Customers & Suppliers – Contracts and performance specifications is the first place to look. Other sources of information can include; customer meetings, supplier meetings, concerns and complaints, responses to purchase information, warranty information, returned products, and almost any other time you interact with a customer using your products or services where they can identify what they expect and what they are displeased with.

  • Government organizations – What statutory and regulatory requirements are applicable to your business. Remember, this can include environmental or health & safety legislation to as not meeting this could impact your ability to delivery on your product and service agreements.

  • Non-government agencies – Are there any industry standards or codes of practice for the products and services you are providing? If so, have you committed to implement these?

  • Employees – What do your employees need to successfully provide your products and services? Are there infrastructure or workplace needs that you should deliver on? This will greatly depend on the union status of your workforce, so keep this in mind.

  • Shareholders – As shareholders are focused on the profit of your business, what QMS processes can improve on this, for instance continual improvement or cost reduction initiatives?

Map your processes (Clause 4)

Now you need to map your processes. This includes determining and defining processes. The process of creating process maps will force you to define your processes and the sequence and interaction of those processes. This is to address the requirements of clause 4.4 of ISO9001.

Process maps are important for understanding who is responsible for what. They define your core business process and communicate the flow of your business. Every company is different, and you need to take a close look at how your processes meet the needs of your customers.

When mapping your processes:

  • Follow an order through the system.

  • Identify support processes for IT, HR, and Accounting.

  • Determine how quality interacts with each process either for inspection, review, or to roll-up metrics in support of Quality Objectives.

It is going to be difficult for you to make changes to your company if you do not know what you are tracking. Start at the beginning. What happens when a customer places an order? Then, you may want to follow this order through your company. What happens to the order? How is it processed? How do you decide how to get your order to your customers? Some things might be delivered electronically, while others might need to be delivered in a physical package.

Mapping your processes could be done through establishing a Quality Manual for your QMS. Whilst a Quality Manual will no longer a mandatory document, according to the ISO 9001:2015 standard, we strongly recommend one for your QMS as it is a document where the organization presents itself, its quality management system, and even its way of thinking and approach to quality management. Common practices besides the requirements from clause 4.2.2, include some requirements from clause 4.1 and some other requirements that were easier to document through a Quality Manual.

A lucid, short, and clear Quality Manual gives the impression of an organization that knows what it is doing – an organization that really manages its QMS. A good Quality Manual facilitates the job of the auditor, and gives him the opportunity to better audit the system – and, with his observations, really contribute to improvement of the system. And what is more important, such Quality Manual is useful to the management representative and process owners because it provides an overall insight into the QMS.

Big companies often require their suppliers to have a QMS may demand to see a Quality Manual during selection of suppliers. What impression does your Quality Manual give about your company? A bulky Quality Manual says that you would rather spend resources instead of applying a creative approach.

Define Your QMS Scope (Clause 4)

Determining the scope of the QMS has been a part of the ISO 9001 requirements for a long time. The scope is a vital part of the quality manual, as it defines how far the QMS extends within the company’s operations, and details any exclusion from the ISO 9001 requirements and the justification for these. It is through the scope that you define what your Quality Management System covers within your organization.

The Scope Statement precisely describes your products and/or services, the regulatory requirements, activities, locations and facilities supported and documented by the quality management system of your company. In essence, your scope identifies exactly what your business does. Make sure your Scope details are fully documented in your QMS.

Section 4.3 of ISO9--1:2015 details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:

  1. External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results

  2. Requirements of relevant interested parties

  3. The product and service of the organization

It is most common that the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive and need to have a QMS certified to the ISO/TS 16494 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 since many of the automotive requirements do not apply).

So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be easily identified which parts are. Some examples could be:

  • XYZ Manufacturing located in London, England, producing machined components in the aerospace and automotive industry within Europe.

  • XYZ Consultants located in offices in Europe, Asia, and North American provide Information Technology Support to companies in any industry.

  • XYZ Computing provides software development services to companies in the automotive and heavy machinery industries within North and South America.

  • XYZ Industries is a division of XYZ International that operates in Indonesia and provides paper products to the Asian market.

Define Your Quality Policy (Clause 5)

Your Quality Policy states your missions and visions of your organization as it relates to quality which are basically what your customers expect from you. It is your quality mission.

When building your quality management system and writing your quality policy, think about your commitments to your customers:

  • Quality – What do you need to do consistently to satisfy your customer?

  • Customer Satisfaction – What are your customer’s requirements?

  • Continuous Improvement – What do you need to do better to satisfy your customer more than now?

By establishing quality policy an ISO 9001 standard wants to say, besides creating it and maintaining it, that you have to write in such a way to match with the purpose of your company’s nature. Ensure to show the company's commitment, such as meeting applicable requirements like customer or regulatory requirements.

The standard requires top management to establish, implement and maintain a quality policy that:

  1. is appropriate to the purpose and context of the organization and supports its strategic direction;

  2. provides a framework for setting quality objectives;

  3. includes a commitment to satisfy applicable requirements;

  4. includes a commitment to continual improvement of the quality management system.

Other policies that are important to your organisation include:

  • Ethics & Conduct Policy

  • Employment Policy

  • Non-discrimination Policy

  • Compensation and Benefits Policy

  • Internet, Email, & Cyber-security Policy

  • Misconduct Policy

  • Purchasing Policy

  • Credit Policy

  • Workplace Safety Policy