ISO 9001:2015 · 900,000+ COMPANIES · QUALITY

ISO 9001 Clause 10.2. Non-Conformance, CAPA and Continuous Improvement.

ISO 9001:2015 is the minimum requirement of virtually every industrial customer. IgeraIndustria makes every clause queryable: non-conformances, CAPA, internal audits, documented information and management review. Your quality manager finds the answer in seconds.

ISO 9001:2015 pre-indexed CAPA and audits supported <3s response

ISO 9001: the world's most certified standard and the most poorly managed

With more than 900,000 active certificates worldwide, ISO 9001 is a standard requirement for industrial customers. Yet most companies manage their quality system reactively: they respond to audits instead of keeping the system alive between certification cycles.

900,000+

Companies certified ISO 9001 worldwide. It is the minimum requirement for almost every industrial customer.

Cl. 10.2

Non-conformances and CAPA: generates 38% of non-conformances in recertification audits. The most problematic clause.

Cl. 6.1

Risk-based thinking: new in version 2015. Many companies still fail to implement it correctly.

Cl. 7.5

Documented information: version control is mandatory. Outdated paper in use is an automatic non-conformance.

The quality manager spends hours searching for exactly what clause 10.2 requires to close an audit NC, or which documented information is mandatory vs optional under clause 7.5. IgeraIndustria answers those questions in seconds, citing the exact requirement, so the quality team can focus on implementing real improvements.

Instant ISO 9001 query by clause

IgeraIndustria locates the exact clause that applies to each question and responds with the requirements, mandatory documented information, and the most common errors that ISO 9001 certification auditors detect.

Exact clause by management area

Ask in plain language — «what do I need to control my external suppliers?» — and IgeraIndustria locates clause 8.4, the evaluation criteria, and the documented information the audit will verify.

Requirements for processes and procedures

Which processes require mandatory documented information per the standard, which are optional, and how to document without generating additional control obligations (clause 7.5.2).

Non-conformance management (10.2)

Complete non-conformance process: registration, root cause analysis, CAPA definition, owner, deadline, effectiveness verification and closure. Mandatory documented information (10.2.2).

Documented information control (7.5)

Distinction between «maintain» (procedures) and «retain» (records). Version control, access, distribution, storage and protection. What makes an outdated document an automatic NC.

Internal audit (9.2)

Audit programme: criteria, scope, frequency, selection of internal auditors and reporting of findings. Relationship between audit results and management review (9.3).

Management review (9.3)

Mandatory inputs: audit results, customer satisfaction, process performance, non-conformances, resources, risks and opportunities. Outputs: decisions and actions. Minutes format that auditors verify.

Complete ISO 9001 audit support

For both internal audits and certification body visits, IgeraIndustria provides the support the quality team needs at every stage of the audit cycle.

Internal audit preparation with per-clause checklist

For each ISO 9001:2015 clause, IgeraIndustria generates a verification checklist with the requirements, the documented information the internal auditor should request, and the evidence that demonstrates compliance.

Gap analysis vs ISO 9001:2015

Identifies which standard requirements are partially implemented or lack documentary evidence. Especially useful for companies that migrated from ISO 9001:2008 or whose system has not been updated for years.

Audit simulation with real audit questions

IgeraIndustria can pose the questions that certification auditors typically ask per clause, allowing the quality team to identify gaps before the actual audit visit.

Evidence management by clause

For each clause requiring documented information, IgeraIndustria indicates what type of document or record is valid as evidence, how it should be identified, and how long it must be retained.

Closure of audit non-conformances

Support for the NC response process: root cause analysis (5 Whys, Ishikawa, 8D), corrective action definition, reasonable deadline, named owner, and how to draft the response to the certification body.

Action plans with deadline and owner

CAPA action plan structure that meets clause 10.2.2 requirements: action description, named owner, deadline, effectiveness verification criterion, and follow-up status.

The 4 key clauses of ISO 9001:2015

These clauses concentrate the majority of non-conformances in certification and surveillance audits. IgeraIndustria explains them with exact requirements, practical examples, and the most common errors.

4.1 / 4.2 — Context and interested parties

Analysis of the internal and external context that can affect the organisation's ability to achieve the intended results of the QMS. Identification of interested parties (customers, suppliers, regulators, employees) and their requirements. This analysis must be reviewed periodically and evidenced, even though no specific methodology is required. Auditors ask how the context was determined and how it influences the QMS scope.

6.1 — Risks and opportunities

Risk-based thinking: the newest and most misunderstood concept in ISO 9001:2015. The standard does not require a formal risk management procedure, but it does require evidence that the organisation has analysed what could go wrong (risks) and what improvements it could exploit (opportunities), and has planned actions to address them. Many companies confuse this requirement with ISO 31000 and over-document it unnecessarily.

8.4 — Control of externally provided processes

Requirements for the selection, evaluation and monitoring of external suppliers that affect the conformity of the final product or service. The clause differentiates between product suppliers, service providers, and outsourcing of QMS processes. Includes evaluation criteria, re-evaluation frequency, and communication of requirements to suppliers. This is one of the areas where most NCs are found due to lack of up-to-date evaluation records.

9.1 — Monitoring, measurement and analysis

The organisation must determine what needs to be monitored and measured, how it will do so, with what frequency, and when to analyse and evaluate results. Includes customer satisfaction (9.1.2), process performance analysis, and QMS effectiveness. Auditors verify that selected indicators are relevant to quality objectives (6.2) and that their results are presented at management review (9.3).

How IgeraIndustria works for ISO 9001

Five steps from loading your quality system to receiving an answer with the exact clause and required documented information.

01

Index your quality management system

Upload your quality procedures, audit plan, NC records, supplier evaluations and quality objectives. IgeraIndustria processes them together with the full ISO 9001:2015 standard in under 24 hours.

02

Connect the assistant to the quality team

Embed it in your quality portal, Teams, Slack or as a WhatsApp bot for the shop floor team. One line of code. Compatible with any document management tool.

03

The quality manager asks in plain language

«What documented information is mandatory under ISO 9001:2015?», «How do I close the auditor’s NC on clause 8.4?», «What inputs are mandatory in the management review?»

04

IgeraIndustria searches across 2 knowledge layers

First in your internal documentation (procedures, NC records, supplier evaluations), then in the indexed ISO 9001:2015 standard with all its clauses and documented information requirements.

05

Answer with clause, requirements and documented information

The response cites the applicable ISO 9001 clause, states whether the documented information is mandatory («maintain») or optional, and flags the most common errors in certification audits.

IgeraIndustria in action — ISO 9001 clause 7.5

Query on mandatory documented information resolved in under 3 seconds with the complete list split between «maintain» and «retain».

IgeraIndustria — Widget ISO 9001 Quality

Quality Manager

What documented information does ISO 9001:2015 require mandatorily? (not optional)

IgeraIndustria

ISO 9001:2015 — Clause 7.5 Documented Information

MAINTAIN (procedures):

  • • QMS scope (4.3) · Quality policy (5.2) · Quality objectives (6.2)
  • • Change planning (6.3) · Supplier evaluation results (8.4)

RETAIN (records):

  • • Management review results (9.3.3)
  • • Monitoring and measurement evidence (9.1.1)
  • • Internal audit results (9.2.2)
  • • Non-conformances and CAPA (10.2.2)

⚠️ Everything else is optional — but if you document it, you must control it (7.5.2)

✓ ISO 9001:2015 Clause 7.5 · Confidence: 99.7%

180

employees, industrial packaging

-60%

audit preparation time

-34%

customer complaints

We have been ISO 9001 certified for 8 years and always prepared the recertification audit with two weeks of document chaos. Since we started using IgeraIndustria, the quality manager resolves in seconds which evidence each clause requires. The last recertification was the first in our history with zero major non-conformances. And customer complaints dropped 34% because we manage NCs so much faster.

Quality Director

Industrial packaging company — 180 employees — Catalonia

*Representative testimonial based on results from real customers

Frequently asked questions — ISO 9001:2015

What documented information is mandatory vs optional in ISO 9001:2015?

ISO 9001:2015 uses two key terms in clause 7.5: «maintain» and «retain». Clauses that say «maintain documented information» require procedures (documents describing how things are done): QMS scope (4.3), quality policy (5.2), quality objectives (6.2), process criteria and methods (4.4), supplier evaluation criteria (8.4). Those that say «retain documented information» require records (evidence of completed activities): management review results (9.3.3), internal audit results (9.2.2), non-conformances and CAPA (10.2.2). Any additional documentation the organisation creates voluntarily falls under clause 7.5.2 control requirements — failing to control it is an automatic non-conformance at audit.

What is the difference between a major and a minor non-conformance?

In ISO 9001 audits, non-conformances are classified as major or minor. A major non-conformance (major NC) implies the complete absence of a standard requirement, a systemic failure, or a real risk to product or service conformity. A major NC can lead to suspension or withdrawal of the certificate if not resolved within the agreed timeframe. A minor non-conformance (minor NC) is an isolated, one-off failure that does not compromise the system as a whole. Minor NCs require corrective action within the follow-up cycle but do not put the certificate at risk. Clause 10.2 of the standard requires that every non-conformance — major or minor — is recorded, the root cause is analysed, and a corrective action plan is defined with a named owner and deadline.

What is CAPA and how does it differ from corrective action?

CAPA stands for Corrective Action and Preventive Action. In the context of ISO 9001:2015, the term «preventive action» disappeared as a separate concept: it was absorbed into risk-based thinking (clause 6.1). The current standard speaks exclusively of corrective action in clause 10.2. A complete CAPA includes: (1) immediate correction of the problem (eliminating the effect), (2) root cause analysis (5 Whys, Ishikawa, 8D), (3) corrective action that eliminates the cause (not just the effect), (4) owner, deadline, and effectiveness verification criteria. The most common mistake is confusing the correction (putting out the fire) with the corrective action (preventing the fire from starting again).

What does ISO 9001:2015 require for external supplier control (clause 8.4)?

Clause 8.4 is one of the most dense clauses in the standard and one where the most non-conformances are found due to lack of up-to-date records. It requires: (1) criteria for selecting and evaluating external suppliers (not just initial, but periodic), (2) definition of the type of control applied to each supplier based on the impact on the final product or service, (3) clear communication of requirements to suppliers (specifications, deadlines, expected quality), (4) verification or inspection activities where applicable. The standard differentiates between product suppliers, service providers, and outsourcing of QMS processes. Mandatory documented information includes the evaluation criteria and the results of periodic re-evaluations.

What is the difference between internal and external audits under ISO 9001?

Internal audits (clause 9.2) are planned and carried out by the organisation itself using in-house personnel or contracted external auditors who are independent of the area being audited. The objective is to verify that the quality management system meets standard requirements and is effectively implemented. Results are a mandatory input to management review (9.3). External audits are conducted by accredited certification bodies (BSI, Bureau Veritas, TUV, Lloyd's, SGS, etc.) and are what grant, maintain or withdraw the ISO 9001 certificate. The structure is: initial audit (stage 1 document review + stage 2 on-site), annual surveillance audits, and recertification every 3 years. A robust internal audit programme is the best preparation for external audits.

What are the mandatory inputs to the management review (clause 9.3)?

Clause 9.3 requires management review to include a minimum set of documented inputs. Mandatory inputs (9.3.2): (a) status of actions from previous reviews, (b) changes in external and internal issues (context 4.1/4.2), (c) performance information including: customer satisfaction, achievement of quality objectives (6.2), process performance, non-conformances and CAPA, monitoring and measurement results, audit results, external supplier performance, (d) adequacy of resources, (e) effectiveness of actions taken on risks and opportunities (6.1). Outputs (9.3.3) must include decisions on improvement opportunities, changes needed, and resources required. The meeting minutes are the documented information that auditors request to verify compliance with this clause.

IgeraIndustria ISO 9001 Plans

No lock-in. Cancel whenever you want.

Starter

149/month

For ISO 9001-certified industrial SMEs that want to prepare audits without spending weeks on document searches.

  • ISO 9001:2015 pre-indexed
  • Queries by clause
  • Documented information checklist
  • 1,000 queries/month
  • Widget for the quality manager
  • Email support
Start Starter
MOST POPULAR

Professional

299/month

For companies with an active quality system, periodic audits and the need for ongoing support for the quality and production team.

  • ISO 9001 + internal documentation indexed
  • Assisted NC and CAPA management
  • Audit simulation by clause
  • 5,000 queries/month
  • Standard update alerts
  • Priority support
Start Professional

Enterprise

599/month

For industrial groups with ISO 9001 integrated with ISO 14001 and ISO 45001, multiple sites and internal audit teams.

  • Multi-site and multi-standard
  • ISO 9001 + 14001 + 45001 integrated
  • Assisted change management (6.3)
  • Unlimited queries
  • 99.9% uptime SLA
  • Dedicated customer success
Contact sales

Manage ISO 9001 clause by clause. Start today.

  • Free 14-day trial — no credit card required
  • Full ISO 9001:2015 pre-indexed from day 1
  • Upload your internal quality documentation (procedures, NCs, supplier evaluations)
  • Documented information checklist by clause ready for audits
Start free trial