Vol. 2, No. 2, pp 17 - 32, 2021
DOI: 10.55969/paradigmplus.v2n2a2
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A Blockchain-based Approach to Support an ISO
9001:2015 Quality Management System

Rafael Bettín-Díaz ID 1, Camilo Mejía-Moncayo ID 2, and Alix E. Rojas ID 1,�

1Universidad Ean, Bogotá, Colombia
{rbettind4339,aerojash}@universidadean.edu.co

2École de Technologie Supérieure, Montreal, Canada
camilo.mejia-moncayo.1@ens.etsmtl.ca

Abstract

Quality is an essential element for any company that wants to be recognized successfully. The
companies take part in a certification process under a quality standard, such as ISO 9001 for varied
reasons. Some of them are to improve the performance of its operation, differentiate itself from its
competitors, achieve a better position in the market, and export quickly. Getting and maintaining
such certification can put high pressure on the company. Even, become a source of corruption risk
in emerging markets, where companies may be tempted to perform unethical practices. Such as fal-
sifying or adulterating documents to maintain their certifications and the benefits derived from it.
Thus, it becomes necessary to reinforce with technology the quality management system audit pro-
cess to minimize corruption risk. Given this, here is the proposed software architecture for a quality
management system supported by Blockchain technology. This architecture helps to guarantee the
integrity and immutability of the information, exposing any fraud attempt and even facilitates the
audit process’s automation.

Keywords: Software architecture ⋅ Blockchain ⋅ ISO 9001-2015 ⋅ Quality Management System

Received: 3 June 2021 ⋅ Accepted: 21 August 2021 ⋅ Published: 31 August 2021.

1 Introduction
ISO 9001 is a standard of quality management systems (QMS) with international recognition, as is
shown by over one million companies and organizations in over 170 countries certified [1]. ISO 9001
certification is not mandatory; however, it can be a useful tool to add credibility and differentiate an
organization from its competitors [2]. The certification allows demonstrating that a company com-
plies with standards and procedures that will provide a high level of customer service [3]. The pri-
mary motivation for ISO 9001 certification is to improve the products/services, and most importantly,
the process that produces them [4]. If the process is done correctly, ISO standards can improve the
business processes and add real value to the company, enhancing its performance[5, 6, 7, 8].

For obtaining an ISO 9001 certification, an external body audits the company requesting the cer-
tification. This process includes verifying the control of the documentation, the records kept the
conformity of the personnel and management with the system, the functioning of the system in each
area of the organization, and the training of the personnel to comply with the requirements, among

This article is distributed under the terms of the Creative Commons License Attribution 4.0 International (CC BY 4.0), which
permits unrestricted use, distribution, and reproduction in any medium, providing appropriate credit to the original authors
and source.

https://doi.org/10.55969/paradigmplus.v2n2a2
https://orcid.org/0000-0003-1938-190X
https://orcid.org/0000-0002-3661-2231
https://orcid.org/0000-0002-0371-3925


18 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

others [9]. However, suppose that the process is not well implemented. In that case, the company can
not obtains the certificate or lost it. That produces continuous pressure on the company to maintain
the certification, becoming a source of corruption risk. The company could be tempted to do uneth-
ical practices like paying a bribe, adulterating or falsifying registries, or other corrupted methods to
keep the certification [10]. Even, for some industries in emerging markets, quality certification is a
contractual requirement to export to some markets[5].

In this context, the audit of information in repositories and databases has some drawbacks since
the registries can be modified, added, or deleted by unethical practices or even cyber-attacks [11, 12].
All this makes it impossible to guarantee real transparency and reliability of the information to be
used by certifying bodies. It could be almost impossible for an auditor to detect whether a document
was tampered with or whether the evidence is the actual result of a well-done procedure. Unless the
system can maintain immutable records and allow traceability of the process.

Due to the aforementioned, in this study, a Blockchain-based Software Architecture to guaran-
tee the immutability, traceability, and transparency of the quality assurance and certification process
under ISO 9001:2015 is proposed. This architecture takes the essence of quality management sys-
tems, with their requirements and principles, to be reinforced by Blockchain technology. To provide
greater confidence and transparency in the information and documentation needed to carry out an
ISO 9001:2015 certification process that allows the audit of this information to be performed anywhere
by any person with access to the Blockchain and even facilitates its automation.

2 Literature Review
This section explains the essential concepts regarding ISO 9001:2015 quality management systems
and Blockchain technology.

2.1 Quality Management Systems and ISO 9001:2015
Nowadays, there are many interpretations of what quality is, a simple definition is meeting customer
requirements. For ISO 9001:2015 Quality Management System[13], is the “degree to which a set of
inherent characteristics of an object fulfills requirements”. The ISO 9000, is a generic series of quality
management standards for quality management systems (QMS). A QMS includes all activities of the
overall management function that determine the quality policy, objectives, and responsibilities and
their implementation. ISO 9001:2015 apply to the business process within an organization and can be
used by manufacturing or service industries [14]. ISO 9001 is based on seven principles that represent
a set of fundamental beliefs, norms, rules, and values as described ISO [15], these principles are
customer focus, leadership, engagement of people, process approach, improvement, evidence-based
decision-making, and relationship management, table 1 provides a description of them.

ISO 9001 may be implemented in different ways depending on organization management, thanks
to its flexibility and the scope for the certification process, which might explain the unmatched per-
formance of these standardized systems [16]. The standard was the first released in 1987, since then,
it has been a significant quality movement and framework for all kinds of organizations worldwide; it
is estimated that more than one million companies have adopted this standard since its creation[17].

According to the American Society for Quality [18], ISO 9001 is based on a plan-do-check-act
methodology and provides a process-oriented approach to documenting and reviewing the structure,
responsibilities, and procedures required to achieve effective quality management in an organization.
Specific sections of this standard contain information on topics such as requirements for a quality
management system, including documented information, planning and determining process interac-
tions; responsibilities of management; management of resources, including human resources and an
organization’s work environment; product realization, including the steps from design to delivery;

ParadigmPlus (2021) 2:2



A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 19
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table 1: ISO Quality Management Principles

Quality Principles Description

Customer Focus

Sustained success is achieved when an organization attracts and retains
the confidence of customers and other interested parties. Every aspect
of customer interaction provides an opportunity to create more value for
the customer. Understanding the current and future needs of customers
and other interested parties contributes to the sustained success of the
organization.

Leadership
Creation of the unity of purpose and direction and engagement of peo-
ple enable an organization to align its strategies, policies, processes, and
resources to achieve its objectives.

Engagement of
people

To manage an organization effectively and efficiently, it is important to
involve all people at all levels and to respect them as individuals. Recog-
nition, empowerment, and enhancement of competence facilitate the en-
gagement of people in achieving the organization’s quality objectives.

Process Approach
The quality management system consists of interrelated processes. Un-
derstanding how results are produced by this system enables an orga-
nization to optimize the system and its performance.

Improvement
Improvement is essential for an organization to maintain current levels
of performance, react to changes in its internal and external conditions,
and create new opportunities.

Evidence-based
decision-making

Decision making can be a complex process, and it always involves some
uncertainty. It often involves multiple types and sources of inputs, as
well as their interpretation, which can be subjective. It is important
to understand cause-and-effect relationships and potential unintended
consequences. Facts, evidence, and data analysis lead to greater objec-
tivity and confidence in decision-making.

Relationship
Management

Interested parties influence the performance of an organization. Sus-
tained success is more likely to be achieved when the organization man-
ages relationships with all of its interested parties to optimize their im-
pact on its performance. Relationship management with its suppliers
and partners networks is of particular importance.

measurement, analysis, and improvement of the QMS through activities like internal audits and cor-
rective and preventive action [13]. Where standardized processes allow guarantee the repeatability
of the product or service quality features.

The adoption of ISO 9001 in a company requires an implementation process that will be involved
all company statements. In this sense, the British Assessment Bureau [19], suggests the following
steps for a successful implementation:

1○ Make the right choice: Make sure the standard it has chosen fits the organization’s needs; also
make sure it already has processes that can be assessed.

2○ Reviewing the standard: It will help it to learn the quality management system it wants to be
certified.

3○ Communicating the goal: The implementation process requires teamwork from all its collab-
orators. Additional effort will be necessary; it is important to communicate the objectives and
the target to be achieved.

ParadigmPlus (2021) 2:2



20 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4○ Establish training requirements: Get prepared to be ready. Based on its team’s knowledge
about the standard, could be beneficial to improve its skills to help the implementation process

5○ Using a consultant: ISO standards implementation requires a consultant to help companies
get certified. It is not the consultant’s responsibility for implementing the ISO standard. Each
company handles its implementation. Senior management should be actively involved in the
process to achieve the goal.

6○ Select a certification body: ISO implementations are based on a three-year cycle; make sure the
certification body can provide it with the companionship it needs for this specific objective.

7○ Developing a management system: These standards apply to any organization in any industry
sector. The framework provided for this standard will not tell it how to manage processes in
its organization; it has to implement a quality management system based on the standard that
applies to its own organization in concordance with its resources, production, measurement,
analysis, and improvements.

8○ The stage 1 audit: The process starts with a "Stage 1 Audit". The auditor will review the pro-
cess and provide a gap analysis that will help to identify the actions required for meeting the
standard.

9○ The stage 2 audit: Once your organization has filled the gaps identified during the stage 1 audit,
it comes to the Stage 2 Audit, will demonstrate the effectiveness of your quality management
system and that your organization meets the requirement for certification.

10○ Maintaining the management system: This can be the hardest part of the certification, it is the
organization responsible for ensuring that itself applies the quality management system once
the certification has been granted. Communication and training will be necessary along the way,
internal audits must be implemented to make sure the standards are being met, and corrective
action should be held to assure quality management.

Once QMS is implemented, an organization that requests ISO 9001 certification should demon-
strate that fulfills the requirements to be certified [20]. Where the core of the certification process
is the audit; in which the compliance standardized processes against the registries or document ev-
idence provided by the company is verified. This process must be performed by an independent,
impartial, and free from conflicts of interests certification body. Depending on the audit findings,
whether the company or process is certified or not.

However, as was defined by the ISO 9000 principles, the result depends on the information reg-
istered in the evidence. This system feature could represent a weak element of the system in some
contexts. Because the evidence could be changed or deleted for varied reasons, and the process will
depend on the honesty of the participants (company and certification body). Unfortunately, these
situations happen although contradict the system principles.

2.2 Blockchain
In 2009, as the world was reeling from a meltdown in the financial sector and politicians were mus-
ing about what could and should be done, a project called Bitcoin quietly dropped onto the global
stage; Satoshi Nakamoto [21] published the article Bitcoin: A Peer-to-Peer Electronic Cash System in
October 2008, in which he described the cryptocurrency called Bitcoin. Many electronic cash schemes
existed prior to Bitcoin, but none of them achieved widespread use. By adopting Blockchain technol-
ogy, Bitcoin achieved compelling capabilities that promoted its use. The use of a Blockchain-enabled
Bitcoin to be implemented in a distributed fashion so that no single user controlled the currency and
no single point of failure existed [22].

ParadigmPlus (2021) 2:2



A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 21
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Blockchain may have been used as the underlying technology for all Bitcoin’s transactions, but
its applicability goes beyond. This technology itself can be described as the general ledger for all
transactions of any kind of assets ever made [23]. Blockchain enables a potentially evolving and open
set of parties to maintain a safe, permanent, and tamper-proof digital ledger of transactions, without
a central authority. The key to the technology is that transactions are not recorded centrally; instead,
each party maintains a copy of the ledger. Most parties need to approve (verify) a new transaction
before it can be recorded in the ledger – according to a notion of the majority that varies depending on
the specific technology. Once a transaction is approved, it is almost impossible to change it or remove
it. Hence, Blockchain technology can be seen as a replicated append-only transactional data store, and
hence it can be used as a substitute for centralized registers maintained by single trusted authorities
[24], it has the potential to revolutionize the digital world by enabling a distributed consensus where
each and every online transaction involving digital assets, past and present, can be verified at any time
in the future. It does this without compromising the privacy of the digital assets and parties involved.
Distributed consensus and anonymity are two important characteristics of Blockchain technology.

Blockchain 2.0, goes beyond cryptocurrencies and is involved with Smart Contracts, which are
mostly computer protocols designed to facilitate, verify, or enforce the negotiation or execution of a
contract digitally [25]. These contracts allow the realization of credible transactions without third par-
ties and are stored under Blockchain technology. Due to this technology’s potential, many industries
have been working in order to adapt and adopt it in different business processes, the main criteria to
decide to use or not the Blockchain will define whether or not the assistance of intermediaries along
the process.

There are different opportunities to apply Blockchain technology in varied industries as is de-
scribed next. In agriculture, Blockchain applications include food safety through traceability of prove-
nance, information system, agro-trade, finance, crop certification, and insurance [26]. The prove-
nance of products and traceability is one the most important application of Blockchain in order to
track the life-cycle of a product, information that can be used to make an informed purchase. Prior
works have been done in this field, e.g., [27, 28].

Several bank entities are working together to adopt Blockchain technology, mostly for the settle-
ment of transactions between financial entities; this will reduce the time in which a transaction is
reflected from one entity to another. Blockchain platforms will also likely take some role in replacing
the systems that now manage the distribution of electricity. As a smarter grid is built, Blockchains
may aid in facilitating dynamic signaling between producers and consumers, especially as the line
between those roles continues to blur [22].

Identity management systems based on Blockchain can facilitate the identification process in cru-
cial situations like an emergency [22]. All the data about the medical records of a patient is shared
among all practitioners, making these records trustworthy and immutable [22]. Social programs are
susceptible to being affected by unethical practices, due to its sense this contribution Cortes et al., [29]
presents a model based on Blockchain technology with a reliable structure, in which the transactions
are registered in Blockchain and smart contracts take control over the verification of the processes’
fulfillment.

Industry 4.0 [30] with the Internet of Things technologies could provide the links between Block-
chain technologies and different applications as supply chains [31], even allowing to recover process
information. Also, there are many opportunities for implementing Blockchain technologies for circu-
lar economy strategies as is described by Vogel [32]. In this sense, Blockchain technology could be
used in reverse logistics to reduce uncertainty about the quality and condition of used products [33].

The applications of Blockchain technology previously described having in common that they seek
to provide credibility in the information. In this sense, they apply the principles of immutability,
traceability, and transparency of the transactions carried out on the Blockchain. These principles are
used to solve problems in which there is a risk of losing, modifying, or even adulterating information.
It is precisely these characteristics that this study wishes to add to the quality management system
towards mitigating the risk of executing unethical actions and providing confidence to stakeholders.

ParadigmPlus (2021) 2:2



22 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3 Blockchain-enabled Software Architecture Proposal

The Blockchain-based Software Architecture to support ISO 9001: 2015 certification, is proposed to
improve the current certification structure. As we have seen in section 2, currently there is a well-
defined process to achieve this, involving third parties in the process, in terms of consulting and
auditing.

An information system architecture without the use of Blockchain, such as those that currently ex-
ist in the market, may make it unnecessary to use a consulting company to generate pre-audit readi-
ness; However, this same information system, using Blockchain technology, can facilitate the audit
process, due to the way in which the Blockchain is constructed, the traceability of the transactions
generated during the preparation of the certification process can be determined.

In this case, the proposal of using Blockchain to support a quality certification under a specific
standard, i.e., the same software architecture we already know with an additional layer, see Figure 1,
must consider the use of specifics Blockchain components as presented in Table 2, with the purpose

Table 2: Principal components of a Blockchain-software solution to support ISO certification.

Blockchain
Components Description

Node Application

Each Internet-connected computer has to run a specific application to
be a participant in the Blockchain Network. In a more technical look,
each computer must be able to process application-specific messages to
generate an update on the ledger[34].

Shared Ledger

Is a logic component; it is a data structure managed inside the node
application. Each of the participants of the network, once they have
installed the node application, has access to the Shared Ledger of the
ecosystem they have access to each participant able to run as many ap-
plications they have permitted to use, according to the specific rules,
smart contract, and payment when applying [34].

Consensus
Is the process by which a network, or node, guarantees the ordering of
transactions and confirms its validity, in order to validate the block of
chain[35].

Smart Contracts
These are an important component of a Blockchain, which helps to en-
code automatic validation for a transaction that before was specified on
a written contract[36]

Alerts This are applications that work together in the Blockchain to monitorthe smart contract results and produce events [37]

Participants

In a permission Blockchain Network like the one suggested in this pa-
per; participants will be everyone involves within the organization that
needs to communicate with the Blockchain. For a public Blockchain like
Bitcoin, anyone with a virtual wallet1 will be a participant of the net-
work.

Virtual Machine

It is a representation of a machine by a machine; in software devel-
opment, a virtual machine assigns specific capabilities for the soft-
ware (disk space, processor, and memory) that would help to improve
performance[38]. In Blockchain, as the last logic component, it lives in
the node application, and some of these virtual machines are called wal-
lets [34].

ParadigmPlus (2021) 2:2



A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 23
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 1: Layered architecture for a Blockchain-enabled QMS

of being able to validate conditions and business rules that are present in the information that is
being stored into the Blockchain[39]. Given the fact that an audit model must generate action plans
regarding the findings, they must be parameterized a priori, so that the necessary alarms can be
generated to comply with the standard.

The main component of this architecture (see Figure 1) is the Business Process Management layer,
which is used to communicate information among different audiences, in this case between the ser-

Figure 2: Communication between the QMS and Blockchain

ParadigmPlus (2021) 2:2



24 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 3: Process that occurs inside the Blockchain every time, prior to store a transaction.

vices layer and operative system layer.
As shown in Figure 2 The communication between QMS and Blockchain will be through REST2

API3. Services, which endpoints are provided by the Blockchain and will be connected to the QMS
server Creating the Block of chains (see Figure 1). For each transaction performed in the QMS that
triggers a call to the Blockchain, will start a process (see Figure 3) to verify the validity of the transac-
tion (consensus), validate the outcome of the process through the smart contract (validation), which
will establish whether the processes are inside the control limits or not; with this information, it will
send a response to the QMS server (alert) for the business process owner to take actions on the pro-
cess, that, in the end, for this kind of certification will be a consider an opportunity for improvement
and finally store the information on the Blockchain (Block 1).

This software architecture is proposed to work under a permission Blockchain, which means, the
administrator, in conjunction with the organization, will decide who gets to participate and their roles.

3.1 Proof of development
A QMS is used by businesses to control vital activities through a set of policies, procedures, and
processes for meeting customers’ requirements. Several types of QMS have been developed based on
ISO 9000 Standard, which requires all intern operations to be documented and employees to follow
them. One of the major principles of QM is decision-making based on evidence. Data gathered allows
for inspecting the actual result of the process and then comparing it to the goal established in the
quality objective in each process.

Based on the above, through a proof of concept (POC), we developed two smart contracts to
simulate the monitoring of a task. This implementation was not carried out to see the overall func-
tionality of the QMS but focused on checking the traceability of one activity, specifically the creation,
review, and approval of one document. We chose Ethereum, an open-source blockchain platform
with smart contracts functionality, for this implementation. It provides the object-oriented program-
ming language Solidity, allowing easy business logic implementation and producing a digital ledger
of transaction records. Finally, it was tested on the decentralized applications Ethereum ecosystem
by using MetaMask.

Those contracts in Solidity contain persistent data in state variables, and functions can modify
these variables. In this test, the contract CreatorTask creates the contract Responsible4Task. When the
contract Responsible4Task is created, its constructor method, a function declared with the constructor

2Representational State Transfer
3application programming interface

ParadigmPlus (2021) 2:2



A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 25
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

keyword, is executed once.
Algorithm 1 models the responsibility concept through a contract; the ’owner’ variable is the type

’address’ that holds a 20-byte value corresponding to the last 20 bytes of the hash of a public key. The
tasks and the owners (task responsible) are identified with addresses for this design. The addresses
are pre-fixed ’0x’ since this represents the hexadecimal format (base 16 notation). It manages the data

Algorithm 1 Smart Contract: Responsible4Task
.
▷ Declaration of state variables:
task ∶ T askCreator
owner ∶ address
roleN ame ∶ bytes32
idEmployee ∶ uint

Create a task owner
procedure constructor(rolN ame′, idEmployee′) ▷ Constructor method of the smart contract

owner ← msg.sender
task ← T askCreator(msg.sender)
roleN ame ← roleN ame′

end procedure
idEmployee ← newId

Obtain rol
function getRoleName(.)

return roleN ame
end function

Rename rol
function setRoleName(newRoleName)

if msg.sender = address(task) then
roleN ame ← newRoleN ame

end if
end function

Obtain employee id
function getEmployeeId(.)

return idEmployee
end function

Modify employee id
function setEmployeeId(newId)

if msg.sender = address(task) then
idEmployee ← newId

end if
end function

Transfer task responsability
function transferResponsability(newOwner)

if msg.sender! = owner then return ▷ returns control to the calling function
end if
owner ← newOwner

end function

ParadigmPlus (2021) 2:2



26 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

related to the employee in charge of the task, so the function exists to transfer responsibility to a new
owner when the employee cannot make the task.

Algorithm 2 models the task concept, and only when a task is created a ’Responsible4Task’ contract
must be constructed then. This contract creates a responsibility contract from the source code (and
the binary). It manages the data related to the task, what it is about, where the evidence is stored
(records and documents), its state, and who the employee is related to it.

Figure 4 is composed of three images. The black box on the left is the development environment
just before deploying the contract. Above it, the upper rectangle in light blue color identifies the
account ’0x737d..31F’ and the amount of Ether cryptocurrency in it; and the bottom rectangle indicates
the contract name and its state. On the right is the graphical interface of MetaMask that is connected to
the Account Rp1 ’0x737d..31F’ that belongs to the Rospten Network. Since the test uses the Ethereum
blockchain, the account needs ETH gas, an amount of Ethereum cryptocurrency, which means an
amount in Ether to pay the cost for users to interact with the network. Miners in the ecosystem set the
price of ETH gas based on the network’s computational power they consume to verify a transaction
and put on a layer of security to the network. At the bottom is the notification window that shows up

Algorithm 2 Smart Contract: TaskCreator
.
▷ Declaration of state variables:
typeT ask ∈{Creation, Review, Approval}
description ∶ string
source ∶ string
ownerT ask ∶ Responsible4T ask

Create a task
function createTask(typeTask’, description’, source’, role, idEmployee): Responsible4Task

typeT ask ← typeT ask′

description ← description′

source ← source′

ownerT ask ← newResponsible4T ask(role, idEmployee)
return ownerT ask

end function
Obtain the responsibility description

function getResponsibility(.)
return description

end function
Obtain the employee Id of task responsible

function getResponsibility(.)
return ownerT ask.getEmployeeId()

end function
Update the role name of task responsible

function updateRoleName(newDescription)
ownerT ask.changeRoleN ame(newDescription)

end function
Update the employee Id of task responsible

function updateEmployeeId(newId)
ownerT ask.setEmployeeId(newId)

end function

ParadigmPlus (2021) 2:2



A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 27
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Figure 4: Smart contract deploying on web platform

when the transaction is done and the contract is ready for execution.
Figure 5 shows the TaskCreator and Responsible4Task contracts. The TaskCreator exposes the

function ’createTask’ after it executes and is included in a block whose hash is ’0xf39Fd...’ (left side).
In this test, the task is to create a document defined in the field type with the value ’0’, and the de-
scription field stores the detail of the task, which is a ’communication plan’. The source field relates
to the absolute address where the document is stored, since database, repository, or local file system.

Figure 5: Test of a task creation - Manager must create the communication plan document

ParadigmPlus (2021) 2:2



28 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

And the data of the task responsible are bound with the ’role’ and ’id_employee’ fields. The top right
picture shows the function ’getResponsibility’ that returns the description of the task. And the bot-
tom right picture is the contract ’Responsible4Task’. The function ’getOwner’ returns the owner of
the task address which is associated with account ’0xf39F...’

4 Discussion
The proposed architecture is attempting to make ISO certifications more transparent. Due to the
Blockchain layer, certification information will be available for review and verification by anyone with
permission. Also, a business will have an integrated system that will ensure that all processes involved
in certification are being monitored. This requires sending signs when needed; collecting information
regarding quality inspections, materials, products, and more, these transactions are verified by smart
contracts on the Blockchain and then make available for audit[39]. In this sense, is mandatory to
establish which transactions will be recorded on Blockchain, to avoid unnecessary efforts or resource
consumption in this way.

Document control refers to the policies and procedures that should be in place to ensure that
there is organizational accountability for records and demonstrate the effective operation of the qual-
ity management system: it is fundamental to all companies’ success. From a regulatory sense, it’s
their way of proving your documentation is following requirements for compliance. Organizations
must be able to prove that they are meeting their quality management goals. Documentation must be
accurate, objective, and current in this regard, and practice must stand up to the scrutiny that a prop-
erly executed external audit will demand. The proposed architecture could help these tasks, allowing
the organizations to establish and control their documents and records as evidence of conformity to
requirements to obtain an ISO 9001 Certification. About this, in the QMS is suggested to identify what
documents or information Blockchain must record and by how many times keep it.

The product/service quality hinges on the efficacy of the Organization’s system to manage your
process’s quality. It is essential to have the right foundation, infrastructure, and tools to oversee and
maintain that quality. In this sense, the architecture proposed allows the automation of the audit
process, which means early alert systems to make the right decisions and keep the system efficient
and trustworthy.

5 Conclusions
In this work, a software architecture based on Blockchain is proposed and explained to support an ISO
9001: 2015 QMS. The main objective of guaranteeing the immutability, traceability, and transparency
of the quality assurance system is possible through the Blockchain’s transparent consensus mecha-
nism. This makes it possible to verify transactions’ validity and how information has been modified
or created in the process. In this manner, it supports QMS in the certification process.

The workflows’ execution of the software architecture proposed allows the automation of the reg-
ulatory processes by reporting and monitoring required data and checking compliance and approval
processes. The Blockchain layer seeks to improve the ISO 9001:2015 certification audit process by
maintaining the traceability and immutability of the records stored in it.

The proposed architecture is oriented to process and provides an intuitive and straightforward
way to facilitate communication among the participants. All these allow the organizations to be in a
constant improvement environment and have evidence to make crucial decisions. Also, the system
could deliver more quality products and services if the processes are being performed and improved
systematically.

Finally, with the evolution of this kind of solution, companies could expand and build an ecosys-
tem for working together and self-regulated with quality standards like ISO 9001:2015, and represent

ParadigmPlus (2021) 2:2



A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 29
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

an opportunity to provide customer confidence.

Authors’ Information
– Rafael Bettín-Díaz has a degree in systems engineering from Universidad del Sinú, Montería,
Colombia, and a M.Sc. in processes engineering from Universidad Ean, Bogotá, Colombia.

– Camilo Mejía-Moncayo has a degree and M.Sc. in mechanical engineering both from Univer-
sidad Nacional de Colombia, Bogota, Colombia. Currently he is Ph.D. candidate at École de
Technologie Supérieure, Montréal, Canada.

– Alix E. Rojas has a degree in systems engineering from Escuela Colombiana de Ingeniería, and
a M.Sc. in systems engineering from Universidad Nacional de Colombia, Bogota, Colombia.
Currently, she is an associate professor at the Universidad Ean, Bogota, Colombia.

Authors’ Contributions
– Rafael Bettín-Díaz participated in writing the original draft, conceptualization, and software

development.

– Camilo Mejía-Moncayo contributed to the conceptualization of the project, methodology, re-
viewing, and editing.

– Alix E. Rojas: contributed to the conceptualization of the project, methodology, reviewing, and
editing.

Competing Interests
The authors declare that they have no competing interests.

References

[1] ISO, “The ISO Survey of Management System Standard Certfications -2017- Explanatory Note
Background,” Tech. Rep. August, ISO, 2018.

[2] J.-A. Medina-Merodio, C. De-Pablos-Heredero, L. Jimenez-Rodriguez, L. Fernandez-Sanz,
R. Robina-Ramirez, and J. Andres-Jimenez, “A framework to support the process of measure-
ment of customer’s satisfaction according to iso 9001,” IEEE Access, vol. 8, pp. 102554–102569,
2020.

[3] I. Betlloch-Mas, R. Ramón-Sapena, C. Abellán-García, and J. Pascual-Ramírez, “Implantación y
desarrollo de un sistema integrado de gestión de calidad según la norma iso 9001:2015 en un
servicio de dermatología,” Actas Dermo-Sifiliográficas, vol. 110, no. 2, pp. 92–101, 2019.

[4] I. Montiel, B. W. Husted, and P. Christmann, “Using private management standard certification
to reduce information asymmetries in corrupt environments,” sep 2012.

[5] J. A. LiPuma, S. L. Newbert, and J. P. Doh, “The effect of institutional quality on firm export
performance in emerging economies: A contingency model of firm age and size,” Small Business
Economics, vol. 40, no. 4, pp. 817–841, 2013.

[6] B. Ullah and Z. Wei, “ISO Certification, Corruption and Firm Performance: A Cross-Country
Study,” tech. rep., ISO, 2013.

ParadigmPlus (2021) 2:2



30 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

[7] D. P. Kafetzopoulos, E. L. Psomas, and K. D. Gotzamani, “The impact of quality management
systems on the performance of manufacturing firms,” International Journal of Quality & Reliability
Management, vol. 32, no. 4, pp. 381–399, 2015.

[8] R. Prada Ospina and P. C. Ocampo, “Quality in relation to models and management systems in
the automotive sector. A bibliographic review,” Revista ESPACIOS, vol. 39, no. 16, 2018.

[9] S. Johana, M. Marín, J. Luis, G. Díaz, J. Luis, and G. Reyes, “Sistema de gestión de calidad y
certificación ISO 9001:2008-Limitantes y desafíos para las Pymes Quality management system
and ISO 9001:2008 certification-Barriers and challenges to SMEs,” Revista ESPACIOS, vol. 39,
no. 09, 2018.

[10] K. G. Dastidar, “Effects of Corruption and Incompetence in the Quality Monitoring Process,” in
Oligopoly, Auctions and Market Quality, Economics, Law, and Institutions in Asia Pacific, ch. 0,
pp. 75–112, Springer, February 2017.

[11] J. A. Rodríguez-Corzo, A. E. Rojas, and C. Mejía-Moncayo, “Methodological model based on
Gophish to face phishing vulnerabilities in SME,” 2018 ICAI Workshops, ICAIW 2018 - Joint Pro-
ceedings of the Workshop on Data Engineering and Analytics, WDEA 2018, Workshop on Smart Sus-
tainable Cities, WSSC 2018, Workshop on Intelligent Transportation Systems, WITS 2018 and Workshop
on Empirical Experiences on Software Reuse, WEESR 2018, 2018.

[12] R. M. Nivia, P. E. Cortés, and A. E. Rojas, “Implementation phase methodology for the devel-
opment of safe code in the information systems of the ministry of housing, city, and territory,”
in Computational Science and Its Applications – ICCSA 2018 (O. Gervasi, B. Murgante, S. Misra,
E. Stankova, C. M. Torre, A. M. A. Rocha, D. Taniar, B. O. Apduhan, E. Tarantino, and Y. Ryu,
eds.), (Cham), pp. 34–49, Springer International Publishing, 2018.

[13] “ISO 9001:2015(en), Quality Management Systems.”

[14] N. Orviz Martínez, A. Blanco González, and C. Del Castillo Feito, “Legitimacy and corpo-
rate reputation: Study from iso management system standards,” Revista Venezolana de Gerencia,
vol. 25, no. 91, pp. 976–994, 2020.

[15] International Organization for Standardization, “Quality Management Principles,” 2015.

[16] H. Yin and P. J. Schmeidler, “Why do standardized ISO 14001 environmental management sys-
tems lead to heterogeneous environmental outcomes?,” Business Strategy and the Environment,
vol. 18, no. 7, pp. 469–486, 2009.

[17] L. M. Fonseca, “From Quality Gurus and TQM To ISO 9001:2015: A review of several quality
Paths,” International Journal for Quality Research, vol. 9, no. 1, pp. 167–180, 2015.

[18] American Society for Quality, “What is ISO 9001:2015 – Quality Management Systems?,” Amer-
ican Society for Quality, 2018.

[19] The British Assessment Bureau, “ISO 9001: The Ultimate Beginner’s Guide,” 2016.

[20] International Organization for Standardization, ISO 9001:2015 Quality Management System Re-
quirements. Norway: GNV GL, 2015.

[21] Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System.” https://bitcoin.org/
bitcoin.pdf, 2008.

[22] M. Peck, “Reinforcing the links of the blockchain,” 2017.

ParadigmPlus (2021) 2:2

https://bitcoin.org/bitcoin.pdf
https://bitcoin.org/bitcoin.pdf


A Blockchain-based Approach to Support an ISO 9001:2015 Quality Management System 31
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

[23] M. Gates, Blockchain: Ultimate Guide to Understanding Blockchain, Bitcoin, Cryptocurrencies, Smart
Contracts and the Future of Money. North Charleston, SC, USA: CreateSpace Independent Pub-
lishing Platform, 2017.

[24] F. Milani, L. García-Bañuelos, and M. Dumas, “Blockchain and Business Process Improvement,”
2016.

[25] M. Crosby, Nachiappan, P. Pattanayak, S. Verma, and V. Kalyanaraman, “BlockChain Technol-
ogy: Beyond Bitcoin,” Applied Innovation Review, vol. June, no. 2, pp. 6–19, 2016.

[26] V. S. Yadav and A. R. Singh, “A systematic literature review of blockchain technology in agricul-
ture,” in Proceedings of the International Conference on Industrial Engineering and Operations Man-
agement, pp. 973–981, 2019.

[27] R. Bettín-Díaz, A. E. Rojas, and C. Mejía-Moncayo, “Methodological approach to the definition
of a blockchain system for the food industry supply chain traceability,” in Computational Science
and Its Applications – ICCSA 2018 (O. Gervasi, B. Murgante, S. Misra, E. Stankova, C. M. Torre,
A. M. A. Rocha, D. Taniar, B. O. Apduhan, E. Tarantino, and Y. Ryu, eds.), (Cham), pp. 19–33,
Springer International Publishing, 2018.

[28] Q. Ding, S. Gao, J. Zhu, and C. Yuan, “Permissioned Blockchain-based Double-layer Framework
for Product Traceability System,” IEEE Access, 2019.

[29] C. Cortés, A. Guzmán, C. A. Rincón-González, C. Torres-Casas, and C. Mejía-Moncayo, “A pro-
posal model based on blockchain technology to support traceability of colombian scholar feed-
ing program (pae),” in Applied Informatics (H. Florez, M. Leon, J. M. Diaz-Nafria, and S. Belli,
eds.), (Cham), pp. 245–256, Springer International Publishing, 2019.

[30] B. G. Choi, E. S. Jeong, and S. W. Kim, “Multiple security certification system between blockchain
based terminal and internet of things device: Implication for open innovation,” Journal of Open
Innovation: Technology, Market, and Complexity, vol. 5, no. 4, 2019.

[31] M. Teodorescu and E. Korchagina, “Applying Blockchain in the Modern Supply Chain Manage-
ment: Its Implication on Open Innovation,” Journal of Open Innovation: Technology, Market, and
Complexity, vol. 7, no. 1, p. 80, 2021.

[32] J. Vogel, S. Hagen, and O. Thomas, “Discovering Blockchain for Sustainable Product-Service
Systems to enhance the Circular Economy,” 14th International Conference on Wirtschaftsinformatik,
pp. 1493–1507, feb 2019.

[33] M. Kouhizadeh, Q. Zhu, and J. Sarkis, “Blockchain and the circular economy: potential tensions
and critical reflections from practice,” Production Planning and Control, vol. 0, no. 0, pp. 1–17,
2019.

[34] Neocapita, “The Logical Components of Blockchain – Neocapita – Medium,” 2017.

[35] Hyperledger.org, “Introduction to Hyperledger Business Blockchain Design Philosophy and
Consensus.”

[36] S. Mery and D. Selman, “Make your blockchain smart contracts smarter with business rules,” ©
Copyright IBM Corporation 2017, p. 21, 2017.

[37] X. Liu, W. Wang, H. Guo, A. V. Barenji, Z. Li, and G. Q. Huang, “Industrial blockchain based
framework for product lifecycle management in industry 4.0,” Robotics and Computer-Integrated
Manufacturing, vol. 63, p. 101897, 2020.

ParadigmPlus (2021) 2:2



32 Rafael Bettín-Díaz et al.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

[38] J. Smith and Ravi Nair, “The architecture of virtual machines,” Computer, vol. 38, pp. 32–38, 5
2005.

[39] C. Paris, “Quality Professionals: Embrace Blockchain or Perish,” 2018.

ParadigmPlus (2021) 2:2


	Introduction
	Literature Review
	Quality Management Systems and ISO 9001:2015
	Blockchain

	Blockchain-enabled Software Architecture Proposal
	Proof of development

	Discussion
	Conclusions