ISO 9001 Clause 6: Planning for the QMS

The Role of Planning in ISO 9001

Planning is the mechanism that turns good intentions into reliable outcomes. Clauses 4 and 5 establish the context, stakeholder needs, and leadership commitment that your QMS depends on. Clause 6 takes all of that intelligence and channels it into concrete plans: what could go wrong, what you are aiming for, and how you will handle change along the way.

Without structured planning, organisations tend to react to problems after they occur rather than preventing them. Clause 6 embeds a forward-looking mindset into the QMS, ensuring that risk management, objective-setting, and change control are not afterthoughts but integral parts of how the system operates.

Clause 6.1: Actions to Address Risks and Opportunities

Risk-based thinking is one of the central concepts in ISO 9001:2015, and Clause 6.1 is where it becomes most tangible. When planning for your QMS, you must consider the issues identified under Clause 4.1 (internal and external context) and the requirements determined under Clause 4.2 (interested parties). From these, you identify the risks and opportunities that need to be addressed.

The purpose of this exercise is fourfold: to give assurance that the QMS can achieve its intended results, to enhance effects that are desirable (such as improved efficiency or customer loyalty), to prevent or reduce effects that are undesirable (such as defects, delays, or regulatory breaches), and to achieve improvement across the system.

You must plan actions to address these risks and opportunities and integrate those actions into your QMS processes. This is not about maintaining a standalone risk register that no one refers to. The actions should be embedded into process planning, resource allocation, and operational controls so that risk management happens as part of daily work rather than as a separate administrative task.

The standard also requires you to evaluate the effectiveness of the actions you take. If a risk mitigation measure is in place but has never been tested or reviewed, you cannot claim with confidence that it works. Regular evaluation closes the loop and ensures your planning remains grounded in reality.

It is worth noting that ISO 9001 does not mandate a formal risk management methodology such as ISO 31000 or FMEA. The approach can be as simple or as sophisticated as your organisation requires, provided it is systematic, proportionate, and effective.

Clause 6.2: Quality Objectives and Planning to Achieve Them

Quality objectives give your QMS direction and purpose. Without clear, measurable targets, it is difficult to know whether your system is performing well or simply going through the motions. Clause 6.2 requires you to establish quality objectives at relevant functions, levels, and processes throughout the organisation.

What Quality Objectives Must Be

The standard sets out specific criteria that quality objectives must meet. They must be consistent with the quality policy, providing a direct connection between your stated commitments and the targets you set. They must be measurable, so that progress can be tracked objectively rather than assessed through subjective impressions. They must take into account applicable requirements, including customer expectations and regulatory obligations. And they must be relevant to the conformity of products and services and to the enhancement of customer satisfaction.

Quality objectives must also be monitored, communicated to relevant people, and updated as circumstances change. An objective that was set eighteen months ago and never revisited is unlikely to remain meaningful or motivating.

Planning to Achieve Objectives

Setting objectives is only half the task. For each objective, you must plan what will be done to achieve it, what resources will be required, who will be responsible, when it will be completed, and how the results will be evaluated. This planning transforms objectives from aspirational statements on a wall chart into actionable work items with clear ownership and timelines.

Effective organisations tie their quality objectives into broader business planning cycles, ensuring that quality goals are reviewed alongside financial targets, operational priorities, and strategic initiatives. This integration reinforces the principle that quality is a business function, not a compliance function.

Clause 6.3: Planning of Changes

Change is inevitable in any organisation. New products are launched, processes are redesigned, suppliers change, technology is upgraded, and regulations are updated. Clause 6.3 recognises this reality and requires that when changes to the QMS are needed, they are carried out in a planned and systematic manner.

When planning changes, you must consider the purpose of the changes and their potential consequences. Understanding why a change is being made and what could happen as a result helps you prepare for both intended benefits and unintended side effects. You must also consider the integrity of the quality management system, ensuring that a change in one area does not undermine controls or processes elsewhere.

The availability of resources is another consideration. A change that requires additional training, new equipment, or revised documentation cannot be implemented effectively if those resources have not been planned for. Finally, you need to consider the allocation or reallocation of responsibilities and authorities, since changes often shift who is accountable for what.

In practice, this means having a defined change management process that assesses the impact of proposed changes before they are implemented, ensures the right people are involved in planning and approving changes, communicates changes to everyone affected, and verifies after implementation that the change achieved its intended purpose without creating new problems.

Organisations that manage change poorly tend to experience a recurring pattern: well-intentioned improvements that create unexpected quality issues because the ripple effects were not thought through. Clause 6.3 exists to break that pattern.

Requirements Summary

• Identify risks and opportunities based on context analysis (4.1) and interested party requirements (4.2)
• Plan and implement actions to address identified risks and opportunities within QMS processes
• Evaluate the effectiveness of actions taken to address risks and opportunities
• Establish measurable quality objectives at relevant functions, levels, and processes
• Ensure quality objectives are consistent with the quality policy, monitored, communicated, and updated
• Plan what will be done, resources required, responsibilities, timelines, and evaluation methods for each objective
• Carry out changes to the QMS in a planned manner, considering purpose, consequences, system integrity, resources, and responsibilities

Key Audit Questions

1. How does the organisation determine which risks and opportunities need to be addressed, and how are those decisions linked to the context analysis?
2. Can you demonstrate how risk mitigation actions are integrated into QMS processes rather than managed separately?
3. What are the current quality objectives, and how do they connect to the quality policy and strategic direction?
4. For a specific quality objective, can you show the plan including resources, responsibilities, timelines, and how results are evaluated?
5. How does the organisation manage changes to the QMS, and what process is used to assess potential consequences before implementation?
6. Can you provide an example of a recent change and explain how its impact on the QMS was evaluated after implementation?

Get the Full Audit Checklist

Want a ready-made tool for auditing your planning processes? Our ISO 9001 checklist includes targeted questions for Clause 6, covering risk assessment, objective-setting, and change management. Download it to ensure nothing is overlooked during your next audit.

Download the ISO 9001 Checklist