This International Standard employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking.

The process approach enables an organization to plan its processes and their interactions.

The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on.

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise

The process approach involves the systematic definition and management of processes, and their interactions, so as to achieve the intended results in accordance with the quality policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle (see 0.3.2) with an overall focus on risk-based thinking (see 0.3.3) aimed at taking advantage of opportunities and preventing undesirable results.

The PDCA cycle can be applied to all processes and to the quality management system as a whole.

The PDCA cycle can be briefly described as follows:

• Plan: establish the objectives of the system and its processes, and the resources needed to deliverresults in accordance with customers’ requirements and the organization’s policies, and identifyand address risks and opportunities;
• Do: implement what was planned;
• Check: monitor and (where applicable) measure processes and the resulting products and servicesagainst policies, objectives, requirements and planned activities, and report the results;
• Act: take actions to improve performance, as necessary

When creating and updating documented information, the organization shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic);
c) review and approval for suitability and adequacy.

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements. The organization shall retain documented information on:
a) design and development changes;
b) the results of reviews;
c) the authorization of the changes;
d) the actions taken to prevent adverse impacts.