[wpml_language_selector_widget]

Why is it necessary to understand ISO 9001:2015?

The Importance of Establishing an Integrated Management System in the Digital Age

Summary

ISO 9001:2015 is often considered solely as a quality management system standard; this overshadows its structural and conceptual relationship with other ISO management system standards. The “Annex SL” (High Level Structure) approach makes this relationship visible by providing a common framework for modern ISO management system standards. ISO 9001:2015 is designed in accordance with this high-level structure. Therefore, other ISO Management System Standards can be integrated based on common clauses using ISO 9001:2015 as a foundation. Organizations can establish efficient and effective management systems in the digital age, particularly by integrating artificial intelligence management and other information management standards. This study evaluates the compatibility of ISO 9001:2015 with standards such as ISO 15189, ISO/IEC 27001, and ISO/IEC 42001 from the perspective of “Annex SL”. The study was conducted using qualitative document analysis methods; The clause structure of "Annex SL" and the management approach of ISO 9001:2015 were examined comparatively. The findings show that ISO 9001:2015 is not only a quality standard but also offers a central reference framework for integrated management systems. Although certification is not the goal, organizations are advised to learn these standards and establish integrated management systems.

Keywords: “Annex SL”, ISO 9001:2015, Integrated Management Systems, ISO 15189, ISO/IEC 42001

Entrance

The need for organizations to simultaneously manage quality, information security, patient safety, and technological risks has made the implementation of multiple ISO management system standards mandatory. However, the past publication of ISO standards with different terminologies, clause structures, and management approaches has made the establishment of integrated management systems difficult.

To overcome this problem, ISO developed the High Level Structure (HLS) approach, called “Annex SL” (1). “Annex SL” defines a common structure, common headings and common terminology for all new and revised ISO management system standards. ISO 9001:2015, as the first widely used management system standard to fully adopt the “Annex SL” structure, holds a central position in terms of integration with other ISO standards (2).

This study examines the compatibility of ISO 9001:2015, which was developed and implemented in real-world situations within the framework of the fundamental principles of "Annex SL," with other ISO management system standards.

Method

This study is based on qualitative document analysis. Within the scope of the analysis, the structure of the ISO 9001:2015 standard and the common and differing aspects of other “Annex SL” based standards such as ISO 15189:2022, ISO/IEC 27001:2022 and ISO/IEC 42001:2023 were analyzed and examined comparatively (2,3,4,5). Standard texts, guidance documents, and integration-focused literature were used in the analysis process; in particular, the inter-standard consistency of the concepts of “organizational context”, “leadership”, “risk-based thinking” and “continuous improvement” was evaluated.

Findings

“Structural Characteristics of "Annex SL"

“Annex SL” defines 10 core principles common to all management system standards: scope, referenced standards, terms and definitions, organizational context, leadership, planning, support, operation, performance evaluation, and improvement. This structure ensures that management systems operate in accordance with the Plan-Do-Check-Act (PDCA) cycle.

The Integration Role of ISO 9001:2015

ISO 9001:2015 is a standard that fully utilizes the “Annex SL” structure. This allows ISO 9001:2015 to function as a ’core structure“ for other management systems (Table 1).

Table 1. Structural compatibility of the main clauses defined under Annex SL (High-Level Structure) with ISO 9001:2015, ISO 15189:2022, ISO/IEC 27001:2022 and ISO/IEC 42001:2023.

“Main Article: ”Annex SL” ISO 9001:2015 ISO 15189:2022 ISO/IEC 27001: 2022 ISO/IEC 42001: 2023 Explanation Regarding Integration
4. The Context of the Organization Through a shared internal and external context and stakeholder analysis, all management systems are placed within the same strategic framework.
5. Leadership Top management accountability and policy integrity form the basis of integration.
6. Planning Risk-based thinking is applied as a common approach in all standards.
7. Support Resources, expertise, awareness, and documentation can be managed under a single structure.
Operation 8 Discipline-specific processes are harmonized with a common operational framework.
9. Performance Evaluation Monitoring, measurement, internal audit, and YGG* mechanisms can be integrated.
10. Improvement Corrective actions and continuous improvement are carried out in conjunction with the PDCA cycle.
*YGG: Management Review

Shared Governance Elements: Organizational Context and Stakeholder Approach

“One of the most innovative elements of Annex SL is the concept of organizational context. This approach, addressed under Clause 4 of ISO 9001:2015, mandates a systematic analysis of the internal and external context, stakeholders, and their expectations. This same approach is extended to patient safety and clinical users in ISO 15189, and to stakeholders affected by and using artificial intelligence (AI) in ISO/IEC 42001.

Risk Thinking and Continuous Improvement

“With Annex SL, risk-based thinking has become a common element of all ISO management systems. While this approach is addressed through quality risks in ISO 9001:2015, it is integrated with information security, clinical risks, or artificial intelligence risks in other standards. In parallel, internal audit, management review, and corrective action mechanisms are structured similarly across all standards.

The Context of Health and Digital Technologies

Healthcare services, medical laboratories and areas where digital technologies are used intensively are characterized by complex risk structures and high levels of responsibility. In these areas, a holistic management approach is needed instead of addressing quality management, patient safety, information security and artificial intelligence applications separately (6). ISO 9001:2015 plays a binding role in establishing this holistic approach.

Argument

The findings show that ISO 9001:2015 is not merely a standard regulating quality processes; it offers a framework that creates a common language and structure across different management areas. This indicates that ISO 9001:2015 becomes even more meaningful when considered in conjunction with other ISO management system standards.

Especially in multidisciplinary and high-risk sectors, adopting an integrated management approach rather than focusing on individual standards increases managerial effectiveness and sustainability. ISO 9001:2015 provides both a conceptual and structural foundation for establishing this integration.

Conclusion

Understanding ISO 9001:2015 is not limited to knowing only the requirements of a quality management system. Correctly interpreting this standard also enables organizations to grasp how they can integrate different ISO management system standards. ISO 9001:2015 stands out as a natural point of reference for integrated approaches within the current ISO management system ecosystem.

Therefore, ISO 9001:2015 should be considered not only as a standard component of quality management, but also as a fundamental element of modern corporate governance.

It is recommended that every organization aiming to use AI understand ISO 9001:2015 in order to comprehend AI management. Even if budget constraints prevent obtaining Quality Management System Certification, efforts to ensure a shared understanding of this standard within the organization must be undertaken.

Sources

  1. ISO/IEC Directives, Part 1 – Annex SL. https://www.iso.org/directives-and-policies.html (Accessed: 07.01.2026)
  2. ISO 9001:2015. Quality management systems — Requirements.
  3. ISO 15189:2022. Medical laboratories — Requirements for quality and competence.
  4. ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection — Information security management systems — Requirements
  5. ISO/IEC 42001:2023. Artificial intelligence management system.
  6. Aslan D. Risk, Quality and Process-Based Management Model in Medical Laboratories. Nobel Academic Publishing. Ankara. 2023.

Notes

This paper is based on an academic assessment addressing the structural alignment and integration of ISO management systems and conceptually examines the role of ISO 9001:2015 in establishing integrated management systems in the digital age. While the document does not have a specific objective, understanding this standard will facilitate the integration of other management standards, contributing to a fully prepared organization for the future.

Who can benefit from this article?

  • Hospital and institutional administrators
  • Quality and process managers
  • Digital transformation managers
  • Academics
  • Those interested in AI and data governance

Prof. Dr. Diler Aslan

ORCID ID: 0000-0003-4907-9445

January 8, 2026

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top