Posted on

ISO 9001 Annex A & B – What is it used for?

With the changes to the ISO 9001:2015 standard comes new terminology and requirements. Annex A and B are included in the ISO 9001 standard to explain structure, terminology, and concepts used in the standard. In this article, we will briefly review Annex A and B.


Annex A


Annex A includes an overview of:

  • Structure and terminology (A.1) 
  • Products and Services (A.2)
  • Understanding the needs and expectations of interested parties (A.3)
  • Risk based thinking (A.4)
  • Applicability (A.5)
  • Documented information (A.6)
  • Organisational Knowledge (A.7)
  • Control of externally provided processes, products and services (A.8)


A.1 Structure and terminology 

This section explains the clause sequencing of the 2015 version of the standard and compares terminology differences between the new and previous version. 


ISO 9001:2008 ISO 9001:2015
Products Products and services
Exclusions  Not used (See A.5 Applicability)
Management representative Not used (Similar responsibilities and authorities are assigned but no requirement for a single management representative)
Documentation, quality manual, documented procedures, records Documented information
Work environment Environment for the operation of processes 
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product Externally provided products and services
Supplier  External provider


Products and Services (A.2)


The standard explains the terms ‘products’ and ‘services’ and how they are different to the terms used in the 2008 version. 


Even though the term ‘product’ included all categories of businesses, the previous 2008 version was a little more difficult for service industries e.g. postal service, to apply the whole standard to. By including the term ‘service’ to the 2015 version, it has allowed businesses greater scope of applying the standard because it highlights the differences between products and services with specific requirements. 


Understanding the needs and expectations of interested parties (A.3)


With reference to clause 4.2, annex A.3 explains there is no mandatory requirement in the standard to consider interested parties when defining your organisations context if they are not relevant to the QMS. 


Risk based thinking (A.4)


Annex A.4 explains risk based thinking as a continuation of clause 0.3.3. The key areas of the standard where risk based thinking applies, the purpose of risk based thinking and applicability. 


It highlights an important note that could be very time consuming if unnoticed by the implementation team, referring to clause 6.1…


Although 6.1 specifies that the organisation shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organisations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards.”

ISO 9001:2015 Annex A.4


Applicability (A.5)


The 2008 version allowed for ‘exclusions’ when identifying the scope of the QMS, the new standard does not. Now the standard specifies that you must consider the applicability of the requirements for your business. You must consider the size and complexity of your organisation, management model, activities and the nature of the risks and opportunities.  Once the applicability has been considered and identified, then you can declare in the scope that the requirements of clause XYZ do not apply to your QMS. This decision must not negatively affect the QMS.


Documented information (A.6)


Annex A.6 explains what the differences are in terminology. Documented information is a new term in the 2015 version, previously known as ‘Documentation, quality manual, documented procedures, records’. Clause 7.5 is dedicated to documented information.


Organisational Knowledge (A.7)


Clause 7.1.6 is dedicated to organisational knowledge. Annex A.7 describes the reason for introducing the clause requirements:

a) safeguarding the organisation from loss of knowledge, e.g. through staff turnover; failure to capture and share information;
b) encouraging the organisation to acquire knowledge, e.g. learning from experience; mentoring; benchmarking.”
ISO 9001:2015 Annex A.7

Control of externally provided processes, products and services (A.8)


Clause 8.4 refers to externally provided processes, products and services and controls over them. These include purchasing from a supplier; associate company associations and outsourcing processes externally. The standard recognises that using external resources is a common practice especially in the case of service industries, so the organisations doing this need to apply the key concepts of the standard. When planning how to control those external companies, your organisation must practice risk-based thinking.


Annex B


Annex B provides details of other International Standards for quality management and quality management systems that have been developed by ISO/TC 176. It compares them on table B.1 and the relationships between them.