What is the definition of requirement in ISO 9000?

In ISO 9000:2015, a requirement is defined as a “need or expectation that is stated, generally implied or obligatory”.

In industrial and regulated environments, this definition is broad by design. A requirement can come from many sources and still fall under this ISO 9000 definition, for example:

• Customer and contract requirements (technical specifications, delivery conditions, quality clauses).
• Regulatory and statutory requirements (safety regulations, environmental limits, export controls, industry-specific rules).
• Internal requirements (standard operating procedures, engineering standards, equipment limits, IT security policies).
• Implied requirements (needs or expectations that are common practice in the industry or essential for fitness for use, even if not explicitly written).

What this means in practice

In a brownfield manufacturing environment with mixed systems (ERP, MES, QMS, PLM, legacy controls), the ISO 9000 definition means you should treat all relevant needs and expectations that affect product conformity or process performance as requirements that must be:

• Identified and traced to their source (customer, regulation, internal standard).
• Documented in controlled systems (specs, procedures, work instructions, configuration data).
• Validated and verified where appropriate (e.g., qualification of equipment, software validation for MES/QMS changes).
• Managed under change control so that modifications are assessed for impact on quality, compliance, and interoperability.

The standard’s wording does not guarantee compliance or audit outcomes. How effectively you interpret, document, and control these “needs or expectations” across legacy and new systems will drive your actual risk profile and audit readiness.