SIST ISO 54002:2025

International
Standard
ISO 54002
First edition
Quality management systems —
2025-09
Guidance for the application of
ISO 9001:2015 in police organizations
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to police organizations .2
3.2 Terms related to police service .4
4 Context of the organization . 5
4.1 Understanding the organization and its context .5
4.2 Understanding the needs and expectations of interested parties .7
4.3 Determining the scope of the quality management system .8
4.4 Quality management system and its processes .9
5 Leadership .11
5.1 Leadership and commitment .11
5.1.1 General .11
5.1.2 Customer focus . 13
5.2 Policy .14
5.2.1 Establishing the quality policy .14
5.2.2 Communicating the quality policy . 15
5.3 Organizational roles, responsibilities and authorities . 15
6 Planning . 16
6.1 Actions to address risks and opportunities .16
6.2 Quality objectives and planning to achieve them.19
6.3 Planning of changes .21
7 Support .22
7.1 Resources . 22
7.1.1 General . 22
7.1.2 People . 23
7.1.3 Infrastructure .24
7.1.4 Environment for the operation of processes . 25
7.1.5 Monitoring and measuring resources . 26
7.1.6 Organizational knowledge . 28
7.2 Competence . 29
7.3 Awareness .31
7.4 Communication .32
7.5 Documented information . 34
7.5.1 General . 34
7.5.2 Creating and updating . 35
7.5.3 Control of documented information . 36
8 Operation .38
8.1 Operational planning and control . 38
8.2 Requirements for products and services . 39
8.2.1 Customer communication . 39
8.2.2 Determining the requirements related to products and services . 40
8.2.3 Review of requirements related to products and services.41
8.2.4 Changes to requirements for products and services .42
8.3 Design and development of products and services .42
8.3.1 General .42
8.3.2 Design and development planning .43
8.3.3 Design and development inputs . 44
8.3.4 Design and development controls .45
8.3.5 Design and development outputs . 46

iii
8.3.6 Design and development changes .47
8.4 Control of externally provided processes, products and services . 48
8.4.1 General . 48
8.4.2 Type and extent of control . 49
8.4.3 Information for external providers . 50
8.5 Production and service provision .51
8.5.1 Control of production and service provision .51
8.5.2 Identification and traceability .52
8.5.3 Property belonging to customers or external providers . 53
8.5.4 Preservation . 54
8.5.5 Post-delivery activities . 55
8.5.6 Control of changes . 56
8.6 Release of products and services .57
8.7 Control of nonconforming outputs .57
9 Performance evaluation .60
9.1 Monitoring, measurement, analysis and evaluation . . 60
9.1.1 General . 60
9.1.2 Customer satisfaction .62
9.1.3 Analysis and evaluation . 63
9.2 Internal audit . 64
9.3 Management review . 66
9.3.1 General . 66
9.3.2 Management review inputs .67
9.3.3 Management review outputs . 68
10 Improvement .69
10.1 General . 69
10.2 Nonconformity and corrective action .70
10.3 Continual improvement . 72
Annex A (informative) Police organization and police service . 74
Annex B (informative) Management of quality of the police organization .81
Annex C (informative) Terminology in police organizations .88
Bibliography .89

iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance.
This first edition cancels and replaces IWA 12:2013, which has been technically revised.
The main changes are as follows:
— the guidance of technical content for policing in ISO 9001:2015 has been updated;
— the structure has been changed to the ISO harmonized structure for management system standards.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

v
Introduction
0.1  General
In this document, exact replication of the text reproduced from ISO 9001:2015 is placed in boxes to
distinguish it from guidance given for each clause.
Reference by police organizations to this document may be used in conjunction with reference to ISO 9001.
ISO 9001:2015, Quality management systems — Requirements
Introduction
0.1  General
The adoption of a quality management system is a strategic decision for an organization that can help to
improve its overall performance and provide a sound basis for sustainable development initiatives.
The potential benefits to an organization of implementing a quality management system based on this In-
ternational Standard are:
a) the ability to consistently provide products and services that meet customer and applicable statutory
and regulatory requirements;
b) facilitating opportunities to enhance customer satisfaction;
c) addressing risks and opportunities associated with its context and objectives;
d) the ability to demonstrate conformity to specified quality management system requirements.
This International Standard can be used by internal and external parties.
It is not the intent of this International Standard to imply the need for:
— uniformity in the structure of different quality management systems;
— alignment of documentation to the clause structure of this International Standard;
— the use of the specific terminology of this International Standard within the organization.
The quality management system requirements specified in this International Standard are complementary
to requirements for products and services.
This International Standard employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA)
cycle and risk-based thinking.
The process approach enables an organization to plan its processes and their interactions.
The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed,
and that opportunities for improvement are determined and acted on.
Risk-based thinking enables an organization to determine the factors that could cause its processes and its
quality management system to deviate from the planned results, to put in place preventive controls to min-
imize negative effects and to make maximum use of opportunities as they arise (see Clause A.4).
Consistently meeting requirements and addressing future needs and expectations poses a challenge for
organizations in an increasingly dynamic and complex environment. To achieve this objective, the organiza-
tion might find it necessary to adopt various forms of improvement in addition to correction and continual
improvement, such as breakthrough change, innovation and re-organization.
In this International Standard, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement.

vi
Ensuring that citizens have trust in their police organizations is very important. Police organizations have
a vital role in maintaining social stability and creating a healthy, sustainable economic environment for
development and investment.
This document will benefit police organizations that are seeking to provide coherent and harmonized police
services. It supports the development of the police organization to achieve its desired strategies and goals.
When interested parties begin to show high levels of satisfaction and confidence, governments can realize
the cost-benefit analysis of a police organization by adopting this document. Police organizations benefit
when they demonstrate their ability to logically and consistently meet the needs of their customers (citizens,
users, beneficiaries).
A quality management system can help to direct and control a police organization’s activities, processes and
resources to address its interested parties.
A quality management system can help to structure processes, resources and documentation needed by the
police organization.
It is important in society for citizens to feel secure and for communities to have stability. It is a strategic
decision for police organizations seeking to provide high-quality services to adopt a quality management
system. This helps organizations:
— to pursue their strategies and achieve objectives;
— to promote ongoing feelings of safety and protection;
— ensure the effective handling of crime situations;
— to prevent and reduce crime;
— to provide a safe environment for all.
This document provides guidance for police organizations on understanding and implementing a quality
management system.
This document does not prescribe mandatory approaches to implementation. This document does not
provide any preferred method of interpretation. Finally, this document does not add, reduce or modify in
any way the requirements of ISO 9001:2015. An objective of this document is to align the essential services
of police organizations with quality management principles. This can be achieved by establishing links
between organizations and by facing the needs of the customers/citizens in an integrated manner (see
Annex A).
This document refers to ISO 9000, ISO 9001, ISO/TS 9002, and associated standards, with the practice and
terminology commonly deployed in the context of policing systems.
NOTE The use of the terms and definitions presented in this document can vary. Variation can be in accordance
with the culture, practices and customs of each location and region in which the police organization is located.
The quality management system in a police organization can be influenced by:
— policies;
— objectives;
— legal and regulatory requirements;
— diverse work methods;
— resource availability;
— administrative practices that are specific for the context.
Therefore, with so many variables to consider, it can be expected that the details of one police organization’s
quality management system vary from another. The specific processes can vary significantly but the overall
framework this document provides will provide standardization of adopters, attainable goals to meet

vii
the needs of their interested parties and continuous improvement of the police organization. Some police
organizations require detailed procedures, and some do not. What matters is that the quality management
system yields effective, consistent and reliable results. It is important that the quality management
system is as simple as possible in order to function properly. The quality management system should also
be sufficiently understandable so that the police organization can meet its particular policies and quality
objectives.
It is not intended that conformity to ISO 9001 be regarded as a final objective. Once a police organization is
providing consistent and conforming products and services to the local community it can still improve. It is
important that it looks beyond conformance to requirements. An organization can consider using ISO 9004
or other excellence models, or both, to improve its overall effectiveness and efficiency.
According to ISO 9001, for an organization to be successful, it must be guided and controlled in a
systematic and transparent way. This is particularly true for police organizations, where transparency and
accountability to customers/citizens are vital to gain their trust and confidence. Sustainable success will
only result from the implementation of a comprehensive quality management system that addresses the
needs and expectations of all interested parties.
The quality management system of a reliable and successful police organization covers all activities
and processes. These activities and processes can affect the ability of a police organization to satisfy
requirements. Requirements can be from:
— customers/citizens;
— statutory and regulatory requirements, and compliance commitments applicable to products and
services;
— the organization’s own requirements;
— all other relevant interested parties (e.g. regional or national governments).
All requirements from ISO 9001 are considered applicable unless they do not affect the determined scope
of the police organization. In determining the applicability of ISO 9001 (see 4.3), the police organization
should consider each requirement to be integrated within police organization processes and documented
information (see 5.1). The police organization should not simply decide that an entire clause is not applicable.
Sometimes some of the requirements can be applicable in a clause/subclause while in others, some of the
requirements in a clause/subclause are not applicable within the organization.
Annex A should be used by police organizations that are initially evaluating their organization. Annex A
evaluates the scope and maturity of their processes and products and services.
Annex B defines the quality system processes that are necessary to provide reliable services and products
to customers/citizens.
Annex C provides information on terminology within a police organization.
The manner in which a police organization applies guidance can vary. This variance depends on factors such as:
— the size or complexity of the organization;
— the model of management it adopts;
— the range of activities and services provided by the organization;
— the nature of risks, threats and opportunities it encounters.

viii
0.2  Quality management principles
ISO 9001:2015, Quality management systems — Requirements
0.2  Quality management principles
This International Standard is based on the quality management principles described in ISO 9000. The de-
scriptions include a statement of each principle, a rationale of why the principle is important for the organ-
ization, some examples of benefits associated with the principle and examples of typical actions to improve
the organization’s performance when applying the principle.
The quality management principles are:
— customer focus;
— leadership;
— engagement of people;
— process approach;
— improvement;
— evidence-based decision making;
— relationship management.
The relevance of the seven quality management principles to police organizations are as follows:
— Customer/citizen focus: A police organization exists to serve its customers, i.e. its citizens. Therefore,
the needs and expectations of citizens should be of priority in the plans and programmes of the police
organization. These needs and expectations are primarily expressed by the relevant authorities and by
the law.
— Leadership: Top management is the head of police organization and supervises senior leaders. Top
management should create a mission, vision and values, and provide direction to all concerned (e.g. police
staff, police officers, volunteers with the organization) with regard to applicable laws and legislation to
achieve objectives and targets that meet the needs and expectations of the customers/citizens.
— Engagement of people: All people who have an interest should be involved in police organization
processes. This includes users of the police service, beneficiaries of the police service and citizen security.
This principle envisages ensuring a high level of motivation on an ongoing basis.
— Process approach: The process approach is an adoption of a logical framework and the approach to
achieving results in a police organization. The process approach should be based on processes that
describe policing elements such the daily activities of policing areas. Processes do not describe the vision
and long-term plans, but instead are used to achieve them.
— Improvement: A police organization should maintain its performance. Additionally, the police
organization should search for new opportunities to improve its processes and enhance the satisfaction
of its customers/citizens.
— Evidence-based decision-making: Use of evidence and data analysis should provide the basis for
improving the quality management system and its processes.
— Relationship management: A police organization should be attentive to how it relates to customers/
citizens, external providers and partners, and to its horizontal and vertical relationships.

ix
0.3  Process approach
0.3.1  General
ISO 9001:2015, Quality management systems — Requirements
0.3  Process approach
0.3.1  General
This International Standard promotes the adoption of a process approach when developing, implementing and
improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting
customer requirements. Specific requirements considered essential to the adoption of a process approach
are included in 4.4.
Understanding and managing interrelated processes as a system contributes to the organization’s effective-
ness and efficiency in achieving its intended results. This approach enables the organization to control the
interrelationships and interdependencies among the processes of the system, so that the overall performance
of the organization can be enhanced.
The process approach involves the systematic definition and management of processes, and their interac-
tions, so as to achieve the intended results in accordance with the quality policy and strategic direction of
the organization. Management of the processes and the system as a whole can be achieved using the PDCA
cycle (see 0.3.2) with an overall focus on risk-based thinking (see 0.3.3) aimed at taking advantage of oppor-
tunities and preventing undesirable results.
The application of the process approach in a quality management system enables:
a) understanding and consistency in meeting requirements;
b) the consideration of processes in terms of added value;
c) the achievement of effective process performance;
d) improvement of processes based on evaluation of data and information.
Figure 1 gives a schematic representation of any process and shows the interaction of its elements. The
monitoring and measuring check points, which are necessary for control, are specific to each process and
will vary depending on the related risks.
Figure 1 — Schematic representation of the elements of a single process

For police organizations to be able to adopt a process approach, it is important to recognize the different
types of processes that are needed. These include processes for the management, operation and support
staff processes (see Annex B). The processes needed to provide the services of the police organization are
the core of the operational processes.

x
Typical examples of processes for police organizations are:
— strategic management processes to determine the police organization’s role in the socio-economic and
security environment;
— provision of products and services to customers (citizens, users and beneficiaries);
— improvement of quality management system processes;
— transparent internal and external communication processes.
For each process, the police organization should consider the following questions:
— Who is the customer? (Who receives the output from the process?) This may be an internal customer,
within another area of the same police organization, or an external customer such as a citizen who is
receiving a product or service.
— What are the main inputs to the process? (e.g. information, legal requirements, national and/or regional
policing policies, materials, energy, human and financial resources.)
— What are the desired outputs from the process? (e.g. what are the characteristics of the service to be
provided?)
— What controls and indicators are needed to verify the process performance or results, or both?
— What is the interaction with other police organization processes? (Outputs from one process typically
form inputs into other processes.)
— What controls are necessary to have transparency?

xi
0.3.2  Plan-Do-Check-Act cycle
ISO 9001:2015, Quality management systems — Requirements
0.3.2  Plan-Do-Check-Act cycle
The PDCA cycle can be applied to all processes and to the quality management system as a whole. Figure 2
illustrates how Clauses 4 to 10 can be grouped in relation to the PDCA cycle.
NOTE Numbers in brackets refer to the clauses in this International Standard.
Figure 2 — Representation of the structure of this International Standard in the PDCA cycle
The PDCA cycle can be briefly described as follows:
— Plan: establish the objectives of the system and its processes, and the resources needed to deliver
results in accordance with customers’ requirements and the organization’s policies, and identify and
address risks and opportunities;
— Do: implement what was planned;
— Check: monitor and (where applicable) measure processes and the resulting products and services
against policies, objectives, requirements and planned activities, and report the results;
— Act: take actions to improve performance, as necessary.
The PDCA cycle enables development of a systematic method of assessment.
The PDCA cycle can be initiated at any stage by a police organization. It can be the first time a quality
management system is implemented, or it can be initiated in the process of upgrading its system.
The PDCA cycle assesses its current performance (the Check stage) using the requirements of Clause 9,
“Performance evaluation”. The results of performance evaluation are fed into the PDCA cycle’s Act stage (see
Clause 10, “Improvement”). The Act stage is when a police organization initiates the necessary actions to
address the opportunities for improvement identified at the Check stage.

xii
At the Plan stage of the PDCA cycle, the police organization has two parts. A police organization plans the
actions agreed at a previous stage. As well, but most importantly, it carries out the actions by assessing the
needs and expectations of its customers/citizens and its other relevant interested parties. These are the
necessary objectives, targets and actions to address the risks and opportunities identified as per Clause 6,
“Planning”. At the PDCA cycle’s Do stage, the objectives and actions planned are communicated throughout
the police organization. New processes or changes to existing processes are implemented to ensure that
agreed objectives are met.
The police organization should use the PDCA cycle, with risk-based thinking. This will help to:
— design its quality management system;
— design and document its processes and their interactions;
— identify each of the necessary activities to maintain its quality level;
— achieve continual improvement, take advantage of opportunities and prevent undesirable results.
The police organization should make short-, medium- and long-term plans, and can use the PDCA cycle.
0.3.3  Risk-based thinking
ISO 9001:2015, Quality management systems — Requirements
0.3.3  Risk-based thinking
Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system.
The concept of risk-based thinking has been implicit in previous editions of this International Standard in-
cluding, for example, carrying out preventive action to eliminate potential nonconformities, analysing any
nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of
the nonconformity.
To conform to the requirements of this International Standard, an organization needs to plan and implement
actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for
increasing the effectiveness of the quality management system, achieving improved results and preventing
negative effects.
Opportunities can arise as a result of a situation favourable to achieving an intended result, for example, a
set of circumstances that allow the organization to attract customers, develop new products and services,
reduce waste or improve productivity. Actions to address opportunities can also include consideration of
associated risks. Risk is the effect of uncertainty and any such uncertainty can have positive or negative ef-
fects. A positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk
result in opportunities.
In police organizations, any changes in the operational environment can be a source of uncertainty and can
lead to a deviation of performance.
EXAMPLE 1 Changes in policies, regulations, security incidents and the expectations of relevant interested parties.
Risk-based thinking is not new and can be inherent in the way the police organization already operates. This
document recommends that the identification of risks and opportunities is performed systematically and as
part of an integrated process.
The police organization should address the risks and opportunities associated with its processes.
EXAMPLE 2 In the provision of products and services, in the performance of the quality management system.
At the same time, risks, threats and opportunities should be identified as a result of analyses for the strategic
direction of the police organization.
Openness to citizen participation can be an opportunity to develop the police organization and to improve
its products, services and processes. However, caution is needed to ensure citizen participation is not solely
negative, such as only a forum for complaints.
NOTE An example of citizen participation is integrated citizen observatories (ICOs).

xiii
0.4  Relationship with other management system standards
ISO 9001:2015, Quality management systems — Requirements
0.4  Relationship with other management system standards
This International Standard applies the framework developed by ISO to improve alignment among its Inter-
national Standards for management systems (see Clause A.1).
This International Standard enables an organization to use the process approach, coupled with the PDCA
cycle and risk-based thinking, to align or integrate its quality management system with the requirements
of other management system standards.
This International Standard relates to ISO 9000 and ISO 9004 as follows:
— ISO 9000 Quality management systems — Fundamentals and vocabulary provides essential background
for the proper understanding and implementation of this International Standard;
— ISO 9004 Managing for the sustained success of an organization — A quality management approach provides
guidance for organizations that choose to progress beyond the requirements of this International
Standard.
Annex B provides details of other International Standards on quality management and quality management
systems that have been developed by ISO/TC 176.
This International Standard does not include requirements specific to other management systems, such as
those for environmental management, occupational health and safety management, or financial management.
Sector-specific quality management system standards based on the requirements of this International
Standard have been developed for a number of sectors. Some of these standards specify additional quality
management system requirements, while others are limited to providing guidance to the application of this
International Standard within the particular sector.
A matrix showing the correlation between the clauses of this edition of this International Standard and
the previous edition (ISO 9001:2008) can be found on the ISO/TC 176/SC 2 open access web site at:
www.iso.org/tc176/sc02/public.
The quality management system of the police organization should address some aspects related to other
management systems. This is to ensure the quality of the products and services it provides. Examples include
anti-bribery, the environment, health and safety, and risk management. This document follows the structure
of ISO 9001 and therefore follows the harmonized structure for all ISO management system standards
(MSS). The harmonized structure helps to enable
...