ISO 9001: 2015

A Quality Management System

Implementation & Audit
INNORPI GROUP
 What is Quality?

“The degree to which a set of inherent characteristics fulfill requirements”.

ISO 9000
• A degree of excellence – The Concise Oxford Dictionary
• Fitness for Purpose – Defoe and Juran (2010)
• Quality is a dynamic state associated with products, services, people,
processes, and environments that meets or exceeds expectations and
helps produce superior value – Goetsch and Davis (2010)
• Conformance to requirements – Phil B. Crosby (1979)
The ISO 9000 series of standards is the international standard for quality management. The
aim of this series of standards is to aid supplier quality assurance and to provide a common,
authoritative and widely accepted standard by which to evaluate and compare the potential of
firms to meet acceptable levels of quality and reliability
 𝑄𝑢𝑎𝑙𝑖𝑡𝑦 ≠ 𝑆𝑝𝑒𝑐𝑖𝑓𝑖𝑐𝑎𝑡𝑖𝑜𝑛

High Specification Low Specification

If both cars satisfy the purpose for which they were
purchased, they can both be quality products
ISO 9001 Quality Objectives-SMART
• Specific – The objectives should be clear enough and
specific so that everyone understands and interprets
them in the same way.

• Measurable – An objective should be quantifiable and

you should be able to track performance to see if you
have or have not achieved the desired outcome.

• Attainable – An objective should be “doable” and within

your organizations reach to achieve them reasonably.

• Relevant –Objectives should be realistic, relevant and

consistent with your quality management policy.

• Time-bound– An objective should be quantifiable and

have a time frame associated with it.
 Quality Management (QM)

Quality management is the process for ensuring that all project activities
necessary to design, plan and implement a project are effective and
efficient with respect to the purpose of the objective and its performance.

Quality management is not an event - it is a process- a repetitive cycle

of measuring quality and updating processes until the desired quality
is achieved.

Quality management is, thus, the totality of functions involved

in the determination and achievement of quality, including
quality assurance and quality control.
Quality Assurance (QA) includes all activities designed to produce products and services
of appropriate quality. QA focuses on the entire quality system including suppliers and
ultimate consumers of the product or service.

Quality Control (QC) has a narrower focus than quality assurance. QC focuses on the
process of producing the product or service with the intent of eliminating problems that
might result in defects.
 The Purpose Of Quality Management

“The primary focus of

quality management is
to meet customer
requirements and to
strive to exceed
customer expectations”
ISO 9001: 2015
Quality Management History
Pre- • Craftsmanship Era
1900s

1900s- • Inspection Era: Mass Production and Industrialization.

1930s

1930s- • Quality Control Era: Statistical Process Control, Supplier Assessment.

1950s

• Total Quality Management Era: Deming, Leadership, Systems Thinking, Involvement

1950s-
and Empowerment of Staff.
1970s

• Standards and Awards: ISO 9000, Baldrige Awards, European Foundation for Quality
1970s-
Management, Excellence Award.
1990s

1990s- • Initiative Era: Lean, Six Sigma

Present
 What’s Wrong With Traditional Approaches?
 Lack of Leadership
Leadership is concerned in producing change and movement by vision
building, aligning people and communicating (Kotter, 1990).
 Short Term Focus/ Lack of Long Term Focus
Caused by stock market.
 Lack of Costumer Focus
The Nokia example
“If I had asked my costumers what they wanted, they would have said
a faster horse” _ Henry Ford
 Lack of Systems Thinking (Interdependency of parts)

 Human Resources Mentality

The International Organization for Standardization
(ISO), is an independent, nongovernmental
organization with a membership of 165 national
standards bodies, that oversees the drafting of ISO
9001 and many other international standards. ISO,
through its 165 member organizations, brings
together experts “to share knowledge and develop
voluntary, consensus-based, market relevant
International Standards that support innovation and
provide solutions to global challenges.”

“ISO 9001:2015 is not a giant, scary monster. It’s a commonsense approach to running
any organization. When process owners complain about additional work that ISO 9001
creates, I always ask them, ‘Tell me one thing in ISO 9001 you wouldn’t do in a business.’
With or without ISO 9001, the requirements outlined in the standard are fundamental to
any business.”
Govind Ramu, the chair of subcommittee of ISO 9001:2015
Post 1945 NATO AQAP

1960s Defense Standards MIL-Q-9858

1972 BS 4891 Guide to Quality Assurance

1973 73/851 DC (Issued by SMMT, based on 05-21)

1975 BS 5179 pt 1-3: Non-mandatory

1979 BS 5750 pt 1-6: Mandatory equivalent²

1987 ISO 9000 Series, ISO 9001: 1987

1994 ISO 9001: 1994

2000 ISO 9001: 2000

2008 ISO 9001: 2008

2015 ISO 9001: 2015

With 9001: 2000:
 Improved consistency with traceability

 Enhanced customer focus

 Focused leadership

 The involvement of people

 A system approach to management

 Continual improvement

 A factual approach to decision making

 Mutually beneficial supplier relationships

For an efficient and successful management of any organization
 Customer Focus

“Understanding current and future

needs of customers and other interested
parties contributes to sustained success
of an organization”.
(ISO 9001: 2015)
Actions to Take
 Recognize direct and indirect customers as those who receive value from
the organization.

 Understand customers’ current and future needs and expectations.

 Communicate customer needs and expectations throughout the

organization.

 Link the organization’s objectives to customer needs and expectations.

 Plan, design, develop, produce, deliver and support goods and services
to meet customer needs and expectations.
 Actively manage relationships with customers to achieve sustained
success.

 Measure and monitor customer satisfaction and take appropriate actions.

 Determine and take actions on interested parties’ needs and expectations

that can affect customer satisfaction.
Key benefits

 There is an increase in customer value

 There is an increase in customer satisfaction

 There is an improvement in customer loyalty

 It enhances in reputation of the organization

 There is an expansion of customer base

 There is increase in revenue and market share.

 Leadership
Leadership is a process by which leaders help themselves and others to do
the right things within a given framework.

Leaders set a clear strategy, build an inspiring vision, and create something
new. Leadership is about mapping out where you need to go to "win" as a
team or an organization.
Actions to Take
 Communicate the organization’s mission, vision, strategy, policies and
processes throughout the organization.

 Create and sustain shared values, fairness and ethical models for behavior
at all levels of the organization.

 Establish a culture of trust and integrity.

 Encourage an organization-wide commitment to quality.

 Ensure that leaders at all levels are positive examples to people in the
organization.

 Provide people with the required resources, training and authority to act
with accountability.

 Inspire, encourage and recognize people’s contribution.

Key Benefits

 Increased effectiveness and efficiency in meeting the organization’s

quality objectives.

 Better coordination of the organization’s processes.

 Improved communication between levels and functions of the

organization.

 Development and improvement of the capability of the organization and

its people to deliver desired results
Engagement of People

Engaging people means

employees are committed to
their organization's goals and
values, motivated to contribute
to organizational success, and
are able at the same time to
enhance their own sense of well-
being.
Actions to Take

 Ensure that people’s abilities are used and valued

 Make people accountable

 Enable participation in continual improvement

 Evaluate individual performance

 Enable learning and knowledge sharing

 Enable open discussion of problems, constraints, brainstorming ..

Key Benefits
 Improved understanding of the organization’s quality objectives by
people in the organization and increased motivation to achieve them.

 Enhanced involvement of people in improvement activities.

 Enhanced personal development, initiatives and creativity.

 Enhanced people’s satisfaction.

 Enhanced trust and collaboration throughout the organization.

 Increased attention to shared values and culture throughout the

organization
Process Approach
The process approach is a management strategy
which incorporates the plan-do-check-act cycle
and risk-based thinking. It means that processes
are managed and controlled. It also means that we
not only understand what the core processes are,
but we also consider how they fit together.
 Improvement

“Successful organizations have an

ongoing focus on improvement”.
(ISO Org.)

The organization is required to

determine opportunities for
improvement, plan and implement the
necessary actions in order to achieve
intended results as well as enhance
customer satisfaction.
 Improving Products and Services
Meeting customer requirements
Enhancing customer satisfaction

 Correcting, Preventing, and Reducing Undesired Effect

Which activity is not performed well and why?
What kind of training may help personnel to do their job better?

 Improving the Performance of the QMS

Improving the ability of processes to achieve intended results and thus the
achievement of the quality objectives.

 Improving the Effectiveness of the QMS

Effectiveness of the planning of the QMS
Effectiveness of processes and activities
Effectiveness of performance of external providers
Actions to Take (As per ISO 9001: 2015)
 Establishment of improvement objectives at all levels of the
organization.

 Educate and train people at all levels on how to apply basic tools and
methodologies to achieve improvement objectives.

 Ensure people are competent to successfully promote and complete

improvement projects.

 Track, review and audit the planning, implementation, completion and

results of improvement projects.

 Integrate improvement considerations into the development of new or

modified goods, services and processes.
Key Benefits (As per ISO 9001: 2015)
 Improved process performance, organizational capabilities and
customer satisfaction.

 Enhanced focus on root-cause investigation and determination,

followed by prevention and corrective actions.

 Enhanced ability to anticipate and react to internal and external risks

and opportunities.

 Enhanced consideration of both incremental and breakthrough

improvement.

 Improved use of learning for improvement.

 Enhanced drive for innovation.

Evidence-Based Decision Making

Decisions based on the analysis

and evaluation of data and
information are more likely to
produce desired results.
1.Gathering evidence:
• Seek out best available research evidence
• Collect contextual information on factors important for the decision
• Draw upon the expertise and knowledge of others

2. Interpreting evidence:
• Analyzing the data
• Consider the strength of the research evidence
• Explore the experience, preferences, and values of others.

3. Applying what you learned from evidence:

• Consider all three types of evidence to make effective decisions
Actions to Take (As per ISO 9000: 2015)
 Determine, measure and monitor key indicators to demonstrate the
organization’s performance.

 Make all data needed available to the relevant people.

 Ensure that data and information are sufficiently accurate, reliable

and secure.

 Analyze and evaluate data and information using suitable methods.

 Ensure people are competent to analyze and evaluate data as needed.

 Make decisions and take actions based on evidence, balanced with

experience and intuition.
Key Benefits (As per ISO 9000: 2015)

 Improved decision-making processes

 Improved assessment of process performance and ability to achieve

objectives

 Improved operational effectiveness and efficiency

 Increased ability to review, challenge and change opinions and decisions

 Increased ability to demonstrate the effectiveness of past decisions

Relationship Management

“Effective relationships allow

business partners to leverage each
other’s resources and learn from
each other”.

Interested parties: suppliers,

contractors, partners, customers,
investors, employees or society as
a whole
 Step back from the problem
Keeping the customer in the focus will enable you to solve the problem
together.
How does the issue affect them?
What do you all stand to lose if the customer’s needs aren’t met?

 Focus on Trust
“End the practice of awarding business on the basis of price tag. Instead,
minimize total cost. Move toward a single supplier for any one item, on a
long-term relationship of loyalty and trust”.
Actions to Take (As per ISO 9000: 2015)
 Determine relevant interested parties (such as suppliers, partners, customers,
investors, employees, and society as a whole) and their relationship with the
organization.

 Determine and prioritize interested party relationships that need to be

managed.

 Pool and share information, expertise and resources with relevant interested
parties.

 Measure performance and provide performance feedback to interested parties,

as appropriate, to enhance improvement initiatives.

 Establish collaborative development and improvement activities with suppliers,

partners and other interested parties.

 Encourage and recognize improvements and achievements by suppliers and

partners.
Key Benefits (As per ISO 9000: 2015)

 Enhanced performance of the organization and its interested parties

through responding to the opportunities and constraints related to each
interested party

 Common understanding of goals and values among interested parties

 Increased capability to create value for interested parties by sharing

resources and competence and managing quality-related risks

 A well-managed supply chain that provides a stable flow of goods and

services
https://www.iso.org/standard/62085.html
Clause 1: Scope

• The goals and purposes of the standard

What is the purpose of a QMS?
How may the QMS reach its purpose?
• The approach and reference to customer requirements
• The approach and reference to regulatory or statutory requirements
• Applicability of the standard requirements
Clause 2: Normative references

‘Normative references’ simply means any other documents which are

referenced within the management system standard.

Information (concepts, principles and definitions) should be understood

and applied as defined or explained in ISO 9000.

It is possible that such information may have different meaning or

interpretation in some industries, regulatory or business context.
Clause 3: Terms and definitions
Clause 4: Context of the organization
4.1. Understanding the organization and its context
Examples of internal context include:
• Employee engagement
• Training and development
• Skills and competence
• Physical resources
• Management methodology
• Policies
• Mission / values • Supplier / partner management

Examples of external context include:

• government regulations and changes in the
law
• The organization's competition;
• the events that may affect corporate image;
• Changes in technology.
• Shareholders
• Political influences
• Environmental considerations
• General public
Auditing
- Interviews with top management
- Documented information: SWOT analysis; PESTLE analysis
Clause 4: Context of the organization
4.2. Understanding the needs and expectations of interested parties

Direct customers;
Employees;
Suppliers;
 Identify interested parties that are Corporate partners;
relevant to the QMS Regulatory bodies (e.g. NSI, NPCC, SIA, BAFE etc.);
Owners/shareholders;
Insurance;
 Determine the requirements of Society;
these interested parties that are Service providers;
relevant to the QMS Competitors;
Government;
The Local Authority;
The police;
The fire brigade;
Anyone who has an impact on your business.
Requirements of Interested Parties

 What are their terms and conditions?

 When will I be paid?

 Have we got effective communications?

 What information do I need and when can they give it to

me?

 Are they above board?

 Are they compliant with the applicable requirements?

 Auditing

 Conducting interviews and reviewing any documents available

Clause 4: Context of the organization
4.3. Determining the scope of the QMS
The physical or geographical site within which your operations take place,
the products / services included in the QMS, the relevant parties and any
areas which you have determined to be not applicable
Must consider
 The external and internal issues referred to in 4.1
 The requirements referred to in 4.2
 Products and services provided.

ISO 9001:2015 states that:

 All requirements are applicable
 If a requirement cannot be applied, it must
-Not affect the ability to provide conforming product
-Be justified
Auditing

- Reviewing the QMS scope documents (QMS scope should be maintained

as documented information )

- Reviewing the justification of the requirements considered not applicable

Clause 4: Context of the organization
4.4. Quality management system and its processes

“Establish, implement, maintain and continually improve the QMS,

including the processes needed and their interactions, in accordance with
the requirements of this International Standard”.
Organizations shall determine:

 Inputs required and outputs expected from the QMS processes.

 Determine the sequence and interaction of processes.

 Criteria, methods, including measurements and related performance

indicators needed to ensure the effective operation and control.

 Assignment of the responsibilities and authorities for these processes.

 Risks and opportunities and plan and implement appropriate actions to

address them.
Maintain documented information that could change like
procedures, guidelines, software, manuals.
Retain unchanged documented information to make sure that the
processes are carried out as planned.
Auditing
Identify:

• QMS processes and their interaction

• Inputs & outputs

• Responsibilities & authorities

• Risks & opportunities

• Criteria & methods

• Documented information.
 Clause 5: Leadership
5.1. Leadership and commitment
5.1.1. General

ISO 9001:2015 requires top

management to be much more
“hands on” with respect to their
QMS.
 Takes accountability for the effectiveness of their organization's QMS
 Ensures that their organization's quality policy and quality objectives are
consistent with the organization's overall strategic direction and the
context in which the organization is operating.
 Works alongside their people in the organization in order to ensure that
the quality objectives are achieved.
 Ensures that the quality policy is communicated, understood and applied
across the organization.
 Promote process approach and risk-based thinking.
 Makes sure that the quality management system is achieving the results
that are intended.
 Leads people to contribute to the effective operation of the system;
 Drives continual improvement and innovation and develop leadership in
their managers.
 Provides resources for the QMS.
Auditing
 Ensures the involvement of the top management

 Conducts interviews with top management

 Communicates with personnel

 Reviews documented information

 5.1.2. Customer focus

Top management shall

demonstrates leadership and
commitment to customer focus
 Customer requirements and applicable statutory / regulatory
requirements are determined and met.

 The risks and opportunities that can affect conformity of products and
services and the ability to enhance customer satisfaction are
determined and addressed.

 The focus on consistently providing products and services that meet

customer and applicable statutory and regulatory requirements is
maintained.

 The focus on enhancing customer satisfaction is maintained.

Auditing
 Conducts interviews with top management

 Reviews documented information

 Ensures customer satisfaction (customer reviews)

 Ensures legal requirements are met

Clause 5: Leadership
5.2. Policy
5.2.1. Developing the Quality Policy

The direction and intentions of the

organization with respect to quality
Top management shall establish a quality policy that:

 Is appropriate to the purpose of the organization

 Provides a framework for setting quality objectives

 Includes a commitment to satisfy applicable requirements

 Includes a commitment to continual improvement of the quality

management system
5.2.2. Communicating the Quality Policy

The quality policy shall

 Be available as documented information.

 Be communicated, understood and applied within the organization.

 Be available to interested parties, as appropriate (e.g. clients /

suppliers / manufacturers / staff).
Auditing
 Review the Quality Policy documents

 Ensures Quality Policy is communicated, understood and applied

throughout the organization (Interviews )

 Ensures Quality Policy is available to interested parties

 Ensures Quality Policy is often reviewed and if needed, revised by

the Top Management
5.3. Organizational roles, responsibilities and authorities

Top management shall assign the responsibility and authority for

 Ensuring that the QMS conforms to the requirements of ISO 9001

 Ensuring that the processes are delivering their intended outputs

 Ensuring the promotion of customer focus

 Reporting on the performance of the quality management system,

on opportunities for improvement and on the need for change or
innovation, and especially for reporting to top management
Auditing

 Conducts interviews

 Ensures responsibilities and authorities are assigned

 Reviews documented information

 Clause 6: Planning
6.1. Actions to address risks & opportunities

Determine the risks and opportunities that

need to be addressed to:

 Give assurance that the QMS can achieve its

intended result(s)

 Prevent or reduce undesired effects

 Achieve continual improvement.

 Avoiding the risk

Taking the risk

Eliminating the risk

Sharing the risk

Do nothing
Methods for risks analysis:

• FMEA—failure mode and effects analysis

• Fishbone

• FTA—fault tree analysis

• ETA—event tree analysis

• Pareto-analysis
Risk—The probability of arriving at an unexpected state where requirements are not met. This state
is represented by potential events.
Opportunity—The possibility for improvement due to a favorable combination of circumstances or
conditions in the QMS.
Auditing
 Review the risk management documents (Risk registers)

If there’s no risk management documents:

 Conduct interviews

 Review other documents (Market research documents, strategies

documents, competitor information)
ISO 9001 Quality Objectives-SMART
• Specific – The objectives should be clear enough and
specific so that everyone understands and interprets
them in the same way.

• Measurable – An objective should be quantifiable and

you should be able to track performance to see if you
have or have not achieved the desired outcome.

• Attainable – An objective should be “doable” and within

your organizations reach to achieve them reasonably.

• Relevant –Objectives should be realistic, relevant and

consistent with your quality management policy.

• Time-bound– An objective should be quantifiable and

have a time frame associated with it.
Clause 6: Planning
6.2. Quality objectives and planning to achieve them
The organization shall establish quality objectives at relevant functions,
levels and processes.

The quality objectives shall

 Be consistent with the quality policy
 Be measurable
 Take into account applicable requirements
 Be relevant to conformity of products and services and the enhancement
of customer satisfaction
 Be monitored
 Be communicated
 Be updated as appropriate.
When planning how to achieve its quality objectives, the
organization shall determine

 What will be done

 What resources will be required

 Who will be responsible

 When it will be completed

 How the results will be evaluated.

Auditing
 Review the quality objectives documents

 Conduct interviews with personnel and top management

 Review objective status

Clause 6: Planning
6.3. Planning of changes

Where there is a need for change to the

QMS this must be done in a planned and
systematic manner.

Examples: moving from one site to

another, changing processes or methods
used, going online, technology/software
change, personnel leaving, opening a
new office in a different location, etc.
The organization needs to consider:

 The purpose of the change and any potential consequences;

 The integrity of the QMS

 The availability of resources

 Allocation or reallocation of responsibilities and authorities.

What What effects Could the

What are What are the will the change change
resources
you trying consequences have upon he
affect other
are
to achieve? ? staff and their
areas?
required? roles
Auditing
 Review the planning of the change/change management documents

 Review of other documents (strategies, plans, etc.)

 Conduct interviews with personnel and top management

Clause 7: Support
7.1. Resources
7.1.1. General People

Infrastructure
The organization shall identify,
determine, and define the required Process
resources needed for establishing, Environment
designing, implementing, maintaining,
Monitoring and
and improving a QMS. measuring
resources

Organizational
knowledge
 7.1.2. People

The organization is required to

identify and provide human
resources needed for effective
implementation, operation and
control of the QMS and its processes.

• Regulatory requirements
• Business requirements
Auditing
 Ensure human resources are fulfilling the needs (competence and
number)

 Conduct interviews with personnel and top management/observation

 Review documents

 Ensure subcontractors are competent and trained

7.1.3. Infrastructure

The organization is required to

determine, provide, and maintain the
environment necessary for the
operation of its processes and to
achieve conformity of products and
services.
Infrastructure

Facilities/Buildings Information/Communication

Transportation Equipment
Auditing

 Review documents

 Ensure risks and opportunities related to infrastructure are identified

 Ensure infrastructure is preserved/maintained

 What kind of maintenance is performed? (corrective+preventive)

 Who’s responsible for maintenance?

7.1.4. Environment for the Operation of Processes

The organization is required

determine, provide and maintain the
environment necessary for the
operation of its processes and to
achieve conformity of products and
services.

Social Psychological

Physical
Physical Environment (temperature, heat, humidity, light, airflow,
hygiene, noise)
Social Environment (non-discriminatory, calm, non-
confrontational)
Psychological Environment (stress reducing, burnout prevention,
emotionally protective)
Auditing

 Environment observation

 Ensure health and security measures are taken

 Physical factors observation

 Psychological factors observation

 Social factors observation (interviews)

7.1.5. Monitoring and Measuring Resources

The organization is required to

determine and provide the resources
needed to ensure valid and reliable
results when monitoring or measuring
is used to verify the conformity of
products and services to requirements.

What tools it uses?

Will these tools give the required results?

 Suitable measuring tools
Equipment that is used to test and commission systems such as
multimeters, insulation testers, sound pressure level meters, etc.

 Equipment has to be:

- Calibrated or verified , or both
- Identified
- Protected
Auditing

 Equipment observation

 Ensure equipment are calibrated, verified, or both

 Review documents

 Ensure personnel know how to use equipment properly

7.1.6. Organizational knowledge

The organization is required to determine, maintain

and make available the knowledge necessary for the operation of its
processes and to achieve conformity of its products and services.
When addressing changing needs and trends

 Can include information such as intellectual property and lessons learned

 Can consider:
-Internal sources (e.g. learning from failures and successful projects,
documented knowledge and experience of experts within the
organization);
-External sources (e.g. standards, academia, conferences, gathering
knowledge with customers or providers).
Auditing

 Ensure knowledge is provided to everyone within the organization

Clause 7: Support
7.2. Competence
The organization shall

 Determine the necessary competence of person(s) doing work under its

control that affects its quality performance,/job descriptions

 Ensure that these persons are competent on the basis of appropriate

education, training, or experience;

 Retain appropriate documented information as evidence of competence

 Where applicable, take actions to acquire the necessary competence, and

evaluate the effectiveness of the actions taken.
Applicable actions may include

 Provision of training to personnel

 Mentoring of personnel

 Re-assignment of current personnel

 Hiring or sub-contracting competent persons

Auditing

 Review documents (diplomas, authorizations, permits, certificates,

licenses, resumes; training records, etc.)

 Evaluate the training process (internal & external) and methods,

mentoring and re-assignments

 Evaluate competence of outsourced personnel

Clause 7: Support
7.3. Awareness

Persons doing work under the organization’s control shall be aware

of:

 The quality policy and relevant objectives

 Their contribution to the effectiveness of the QMS, including the

benefits of improved quality performance

 The implications of not conforming with the QMS requirements

 Quality policy read and understood

 Understand companies aim

 Understand company’s processes in which they are involved

 Understand their impact

 Understand they can have a positive effect

 Understand they can have a negative effect

Auditing

 Review of documents: training records

 Interviews with personnel to evaluate the level of awareness, their

roles and impact and their behavior
Clause 7: Support
7.4. Communication

The organization shall determine the internal and external communications

relevant to the QMS including

 On what it will communicate

 When to communicate

 With whom to communicate

 How to communicate
 Utilize existing communication channels, methods and means.

 Consider who will be responsible for general communication, such as

website content, general marketing.

 Consider who will be responsible for specific communication such as

customer / client connection, product specific literature and the relevant
needs of the intended audience.

 Consider incoming communication.

Who is responsible for receiving legislative updates within the
organization and making sure they are communicated to relevant
people?
Internal communications:

 New policies
External communications:
 New or amended objectives
 Allocation of key account managers
 New or amended strategies
 Implement review meetings
 New clients

 New or amended technology

 New products

 Issues with suppliers

 Anything that will have an impact on them

Auditing

 Evaluate communication means/system/methods/channels used

(Management led communication in work areas, E-mail, intranet,
and websites, meetings)

 Are communication methods fit for purpose?

 Conduct interviews with personnel and top management

 Examine the feedback mechanisms within the organization

 Review documented information (minutes of meetings) that should

contain items of internal communication
Clause 7: Support
7.5. Documented Information
7.5.1. General
 Documents need to be maintained as documented
information: Must be kept up to date/ Revised
(quality policy, quality objectives)

 Records need to be retained as documented

information (records must be kept as evidence that
the organization have satisfied that particular
requirement)
In order to prove that it’s working a QMS, the
organization needs to evidence it
7.5.2. Creating and Updating
 Identification and description (reference numbers .. etc.)
 Format (language, software version, graphics) and media (paper,
electronic)
 Review and approval

7.5.3. Control of Documented Information

 Available to the right people
 In a suitable format
 Protected from unintended alteration or destruction
Control of documented information:

 Distribution, access, retrieval and use

 Storage and preservation

 Control of changes

 Retention and disposition

Auditing
 Ensure documented information required by the standard (quality
policy, quality objectives) are maintained

 Ensure documented information necessary to ensure the

effectiveness of its QMS (like manuals, procedures, instructions, etc.)
to be maintained

 Ensure documented information is properly created and updated

 Ensure documented information is properly controlled

Note: This isn’t a stand alone action

Clause 8: Operation
8.1. Operational Planning and Control

Plan, implement and control the processes needed

to meet requirements for the provision of products and services, and to
implement the actions determined in 6.1 by:

 Determining requirements for the products and services

 Establishing criteria for the processes and acceptance criteria

 Determining the resources needed

 Implementing the control of processes

 Retaining documented information

 Set up supplier accounts / trade accounts

 Purchase stock

 Ensure personnel have correct skills and understand the process

 Purchase tools and vehicles

 Make sure the organization has enough personnel

 Issue clear instructions, drawings, procedures risk assessments

to enable personnel to do the job.

The organization needs to show clear control of the process

The same control should be applied to subcontractors
Auditing

 Ensure requirements for the products and services are identified

 Review documented information/Project plans before the

organization and the customer commit to the work

 Ensure measures are taken to make sure all applicable legal

requirements are met
Clause 8: Operation
8.2. Requirements for Products and Services
8.2.1. Customer Communication
Establish the processes for communicating in relation to:

 Information relating to products and services

 Enquiries, contracts or order handling, including changes

 Obtaining customer views and perceptions, including customer complaints

 Handling or treatment of customer property, if applicable

 Specific requirements for contingency actions, when relevant

what plans
How can they Looking you put in
What are Getting place if
expect to be after their
you selling?
dealt with? feedback something
property
goes wrong
Auditing

 Who’s responsible for customer communication: Department or one

person?

 Ensures reliability of information regarding products and services

(websites ..)

 How does organization respond to customer communication

requests (Complaint Handling Process)

 Effectiveness of communication
 8.2.2. Determining the Requirements Related
to Products and Services

Process to determine the requirements

(customer, regulatory, safety, and
organizational) for the products and
services to be offered to potential
customers.

The organization has the ability to

meet the defined requirements
and substantiate the claims for the
products and services it offers.
Auditing
 Evaluate the process/method to determine requirements related to
products and services

 Ensure the organization has the ability to meet the defined

requirements and substantiate the claims for the products and
services it offers.

 Review of documented information (websites, catalogs, brochures,

etc.)

 Conduct interviews
8.2.3. Review of Requirements Related to Products and Services

The organization is required to:

 Ensure it is able to meet the

requirements for products and
services being offered

 Conduct a review before committing

to supply products and services
This review must take into account:

 Customer requirements, the install and any after work (maintenance,

follow up, servicing, etc.)

 Elements that need to be completed to ensure the job is fitted correctly

(meter reading tests, commissioning forms, standard operational
check, etc.)

 Anything else the company need to implement

 Statutory and regulatory requirements

 Any variations
Auditing

 Review of documented information (websites, catalogs, brochures,

etc.)

 Evaluate the process/method to review requirements related to

products and services

 Who’s responsible for the review and decision making

8.2.4. Changes to Requirements for Products and Services
In case of changes to requirements:

 Documented information is amended

 Relevant persons should be made

aware of the impact of changing
requirements

Retain documented information on:

 Results of review

 Any new requirements for products and services

Auditing

 Evaluate change management used in contracts and orders

Clause 8: Operation
8.3. Design and Development of Products and Services
8.3.1. General

The organization shall establish,

implement and maintain a design and
development process that is
appropriate to ensure the subsequent
provision of products and services.

Applicability?
Auditing

 Verify that any claims of non-applicability are valid

 Review how the decision to proceed with design and development is

taken (have risks and opportunities, including cost implications,
been considered and have all relevant interested parties (internal or
external) been consulted)
 8.3.2. Design and Development Planning

The organization has to plan the

design and development process
in order to determine the stages of this
process as well as the controls needed.
 How long will it take to survey / what surveying skills are needed?

 Who should review the design? Who can confirm it is right?

 What needs to be done to check if it is right?

 Who would be responsible?

 Resources needed and any subcontractors

 Ensuring all involved communicate (e.g. surveyor and designer and administrator)

 Checking that what you are designing is what the customer wants

 What other things are needed – products and services?

 Control needed to ensure it goes to plan, from customers and interested parties
(subcontractors / manufacturers / monitoring stations)

 Documenting that the above has been considered

Auditing
 What is the overall flow of the design planning?

 How is it described?

 What resources and competencies are required?

 What part of the design will be outsourced?

 Who is responsible and are the authorities defined?

 How are (internal and external) interfaces between various groups identified and
managed?

 Are the required verification, validation and review points defined?

 Are the main milestones and timelines identified?

 Is the implementation and effectiveness of the plan monitored?

 Is the plan updated and communicated to all relevant functions as necessary?

8.3.3. Design and Development Inputs

The organization has to determine the

requirements essential for the specific
types of products and services to be
designed and developed

 What needs to be considered to design

 Standards and/or codes of practice

 Design or development failure

 Retain documented information on design and development inputs

Auditing

 Develop an understanding of how the organization identifies its

own inputs: -products, services and processes;
-financial, environmental, health and safety issues;
-the organization’s risks and impacts;
-customer’s requirements and expectations;
-statutory and regulatory requirements applicable to the product
or service

 Evaluate the risks, the possible implications for customer

satisfaction and issues that the organization may encounter if some
relevant inputs are not considered

 Review of documented information

 8.3.4. Design and Development Controls

The organization is required to apply

controls to the design and development
process

Retain documented information on design and development control activities

 Defined outcomes including specifications, design intent, functional and performance
requirements, customer/end user expectations

 Design review process with functional representation from the customer, engineering,
production, quality, project management etc.), design review gates (e.g. preliminary
design review, detail design review, critical design review), commercial/technical
considerations, authorized progression to next stage;

 Verification activities such as modelling, simulations, alternative calculations,

comparison with other proven designs, experiments, tests, and specialist technical
reviews;

 Validation activities such as functional testing, performance testing, trials, prototypes,

demonstrations, and simulations;

 Management of actions arising from design reviews, verification or validation activities

e.g. action registers, ownership, timescales, escalation, changes to risk profile.
Auditing Design and Development Review
 Do reviews occur at planned stages throughout the design process?

 Are the reviews carried out in a systematic way involving representatives

of the functions concerned with the stage(s) being reviewed?

 Have all original and any new inputs been considered ?

 Have revised inputs and outputs been reviewed and approved by those
with the relevant responsibility and authority?

 Does the output demonstrate the suitability, adequacy and effectiveness

of the designed product or service?

 Are there adequate records of reviews?

Auditing Design and Development Verification
 Required verifications are planned and that verification is performed as
appropriate during the design and development process

 The completed design or development is acceptable and the results are

consistent with and traceable to the initial requirements

 The completed design or development is the result of implementation of

a proper sequence of events, inputs, outputs, interfaces, logic flow,
allocation of timing, etc.

 The design or development provides safety, security, and compliance

with other requirements and design inputs;

 Evidence is available to demonstrate that the verification results and any

further actions have been recorded and confirmed when actions are
completed.
Auditing Design and Development Validation

 Ensure there are records to confirm that the validations have

been carried out

 The validation was carried out in accordance with the planned

arrangements for validation

 The validation indicates that the resulting product or service is

capable of meeting the requirements of the specification

 Ensure there are records of any actions necessary to correct

non-compliance with the design and development inputs and
the reasons for these deviations.
8.3.5. Design and Development Outputs

The design and development outputs should comply with the

identified needs in order to ensure that the resulting product can
fulfil its intended use.

Outputs can include information relevant to:

• Marketing, sales and purchasing
• Production
• Quality assurance
• Information for service provision and maintenance of the
product after delivery and, should be provided in a form that
enables verification and validation activities to be performed.
The organization is required to ensure that outputs:
 Meet the input requirements.

 Be suitable for subsequent processes for the provision of products

and services.

 Include, or refer to, appropriate monitoring and measuring

requirements and their acceptance criteria.

 Define the characteristics of the products and services that are

essential for their intended purpose and their safe and proper
provision.

 All the information of the Design and Development outputs needs to

be documented either through a register or some other form.
Auditing

 Obtain evidence from the projects selected to confirm that:

-Information regarding the completion of design and development

stages is available

-The design and development process has been completed for the
stage under review

-Design and development outputs have been confirmed

 Review documented information

8.3.6. Design and Development Changes

The organization is required to

identify, review, and control changes
made during, or subsequent to, the
design and development of products
and services, to the extent necessary to
ensure that there is no adverse impact
on conformity to requirements.
Retain documented information on:

 Design and development changes

 Results of reviews of changes

 Authorization of the changes

 Actions taken to prevent adverse impacts

Auditing
 Are the sources and requests for changes properly identified and
communicated?

 Is the impact of any change evaluated?

 Is any additional design proving or testing undertaken where appropriate?

 Are the effects of the changes on products (or constituent parts) and
services already delivered evaluated?

 Has appropriate approval been given before a change is implemented (this

could include statutory or regulatory approval or approval by the client)?

 Are the changes fully documented and do records include information

regarding any necessary additional actions?
 8.4. Control of Externally Provided Processes,
Products, and Services
8.4.1. General

The organization needs to consider the

impact of suppliers on what they
provide the customer and how it may
reflect if something goes wrong when
they recommend a product.
The organization is required to ensure
that externally provided processes,
External providers:
products and services conform to
- suppliers
requirements.
- subcontractors
- associate companies
  Self-assessment questionnaires
The organization is required to
 Audits of the supplier’s quality
determine the control applied to
management system
externally provided processes,
products, and services
 Audits of the supplier’s processes
  Technology

The organization is required to  Quality

determine and apply criteria for the
evaluation, selection, monitoring of  Responsiveness
performance, and re-evaluation of
external providers, based on their  Delivery
ability to provide processes or
products and services in accordance  Cost
with requirements
 Environmental Impact
Documented information is required
8.4.2. Type of Extent Control

The organization is required to ensure

that externally provided processes,
products and services do not adversely
affect its ability to consistently deliver
conforming products and services to its
customers.
  Check of products at delivery

 Site acceptance tests

 Second-party supplier audits

If supplier audits are required, this should be written in to the

contracts with the suppliers.

Risk-Based Thinking

Externally provided processes, products and services must remain

under the organization’s QMS control through documented information
 Supplier

 Date

 Purchase Order Number

 Items required

 Quantities

 Required delivery date

 Quoted prices where applicable or known

 Any other information deemed critical for the supply of the material
should also be noted.
Auditing
 Review documented information (a list) indicating which are the approved
external providers and that this documented information is kept up to
date

 Orders have been placed to external providers satisfying the defined

criteria

 There is effective performance of outsourced processes

 The activities necessary for ensuring that the specified requirements have
been met are carried out

 Verify that risk based thinking has been applied by an organization in

determining appropriate controls over external providers
8.4.3. Information for External Providers

The organization is required, where

appropriate, to communicate not just
the products or services they wish to
receive but also any processes they
want the external provider to
undertake on their behalf.
 Defining product approval requirements

 Defining intended verification arrangements

 Defining personnel qualifications and quality,

environmental, and safety requirements

 Maintaining records
Purchasing Verification

 QMS requirements
 Competence of external personnel
 Purchase orders
 Purchasing specification
 Purchasing agreements
 Delivery notes
 Release certificates
 Certificates of conformity
 Inspection and acceptance tests
 Product specifications
 National or international standards
Receiving Inspection

 Confirmation of identification using purchase order number, drawing

numbers, material markings etc.

 Confirmation of adherence to delivery schedule

 Confirmation of conformance to purchase order requirements

 Confirmation of correct quantities

 Visual examination for obvious defects

 Measurement comparison to drawings where required

 Specified certification/documentation as required

Auditing

 Confirm that the specification quoted in a purchase order is the same as

the specification contained in the design (or the specification received
from the customer);

 Identify whether or not there were discussions between the organization

and potential suppliers regarding the design specification of critical
components during the design process or prior to an order being placed;

 Was there some form of “approval” of the specification before the final
specification/order was confirmed to the external provider?

 Does the purchase order contain or refer to any statutory or regulatory

requirements?
8.5. Production and Service Provision
8.5.1. Control of Production and Service Provision

The organization is required to control

the manner in which products are
produced and the services provided
 Documented information that defines the characteristics of the
product or service is available
 Documented information that defines the activities that need to be
performed to produce the product or deliver the service is available,
and that this specifies the results that are to be achieved
 Monitoring and measurement takes place at appropriate points in the
production process to ensure that both the processes themselves and
the process outputs meet the organization’s acceptance criteria
 Environment and infrastructure are suitable
 Suitable monitoring and measurement resources are made available
 Personnel are competent and, where necessary, appropriately qualified
 Up-to-date work instructions
 Product and service release, delivery and post-delivery activities are
implemented
Auditing

 Review documented information

 Ensures competence of personnel (personal files, training records)

 Observation of measurement and monitoring resources available as well

as infrastructure and environment for operation of processes
 8.5.2. Identification and Traceability

The organization must seek and record

evidence that product is identified (as
appropriate) and its status with regards to
monitoring and measuring is identified
throughout the manufacturing processes.
 Must have a process in place for the identification and traceability of
outputs (physical part marking, labeling, tags, bar codes, visual
indicators, part segregation, lay down areas, storage racks)

 Establish and implement a procedure to identify the product through

the design, development, manufacture and delivery stages

-Establish the identity and status of products

-Maintain the identity and status of products
-Maintain records of serial or batch numbers
Auditing

 Ensure that product is identified (as appropriate) and its status with
regards to monitoring and measuring is identified throughout the product
realization processes.

 Ensure that the organization is controlling and recording the unique

identification of the product.
8.5.3. Property Belonging to Customers or External Providers

The organization is required to seek and

record evidence they have extended their
treatment of customer/external providers
property

 Intellectual info such as data / addresses / prices

 Materials
 Tools equipment
 Customer keys
Auditing

 Ensure that the organization has clearly identified any and all customer
property

 Verify that the organization has established a process to protect customer

property

 Evaluate the process established for contacting the customer when these
items are lost, damaged or otherwise found unsuitable for the process
8.5.4. Preservation

The organization is required to protect

and preserve the product during internal
processing and delivery to the intended
destination
 Identification – Ensure that products are properly identified and do not
become mixed with other orders

 Handling – This may include bulk handing using moving equipment or

physical contact where handling may influence product conformity

 Packaging – Ensure that labeling and marking of shipped products are

sufficient to enable adequate identification and traceability back through
the QMS

 Storage – This should include storage conditions to prevent the

deterioration, damage or loss

 Protection – Raw materials, in-process materials, inspected product,

nonconforming product and product ready for shipping should also be
identified with its status and protected from any unintended alteration
Auditing

 Ensure preservation measures are taken

 Legal or regulatory requirements applicable to the preservation in the

industry
8.5.5. Post-delivery Activities

The organization must meet

requirements for post-delivery
activities associated with the products
and services

 Actions under warranty provisions

 Contractual obligations (maintenance
services)
 Supplementary services (recycling or
final disposal)
 Statutory and regulatory requirements

 The potential undesired consequences associated with its products

and services

 The nature, use and intended lifetime of its products and services

 Customer requirements

 Customer feedback
Auditing

 Evaluate post-delivery activities

 Review of documented information (warranty reports, installation reports,

training minutes, maintenance records, etc.)
8.5.6. Control of Changes

The organization is required to review

and control changes for production or
service provision, to the extent
necessary to ensure continuing
conformity with requirements

 Retain documented information about any changes

 Who authorized the change

 The actions arising from the change

 Risk-based thinking
Auditing

 Is the impact of the change evaluated to determine its affects to work in

process or products already delivered?

 What process control documentation (procedures, forms, etc.) will need

updating as the result of change to be implemented?

 Was the change approved prior to implementation including, where

applicable, approval by the customer, statutory or regulatory authority?

 Review documented information - Does retained documented information

indicate the source of change and information on necessary actions and
approvals?
8.6. Release of Products and Services

The organization is required to

implement planned arrangements, at
appropriate stages, to verify that the
product and service requirements have
been met

 Methods/Techniques/Formats
The release of product Planned arrangements

-Design verification and design

-Release to the next operation validation (modelling,
-Release to an internal customer simulations, experiments, trials,
-Release to final customer prototypes, etc.)
-Destructive and non-
destructive testing --Customer
 Product characteristics are continually acceptance testing
met -Product
 Evidence of conformity with product certification/qualification
requirements. -Third party qualification from a
regulator, recognized society, or
independent testing body etc.

Retain documented information to provide evidence that acceptance

criteria have been met
Auditing

 Verify that records are maintained to provide evidence of conformity

(certificate of conformity, release certificate, regulatory certificate)

 Person(s) authorizing the release of products? (name, authorized

signatories, user identification)
Their authority status?
8.7. Control of Nonconforming Outputs

The organization is required to ensure

that outputs that do not conform to
their requirements are identified and
controlled to prevent their unintended
use or delivery

Dealing with nonconforming outputs:

- Correction
- Segregation, containment, return or suspension of provision of products
and services
- Inform the customer (Open and Honest)
- Obtain authorization for acceptance under concession (“Okay, this once
I’ll accept the outputs if they ..” )
 Conformity to the requirements are verified when nonconforming outputs
are corrected.

Retain documented information that:

 Describes the nonconformity

 Describes the actions taken

 Describes any concessions obtained

 Identifies the authority deciding the action in respect of the nonconformity

Hold, recall, Name?

Understand investigate,fol Allowance?
Position?
able low up,review Limit?
training List
Auditing
 Whether the personnel involved are sufficiently empowered with the
authority to decide the disposition of the service, for example:
- to immediately terminate the service
- to replace the service provided
- to offer an alternative

 The organization's customer claims and complaints processes

 Any temporary corrections that are implemented to mitigate the

effect of the nonconformity (e.g. refund, credit, upgrade, etc.)

 The identification, segregation and replacement of the relevant

service equipment, service providers and environment.
Clause 9: Performance Evaluation
9.1. Monitoring, Measurement, Analysis and Evaluation
9.1.1. General

Monitoring, measurement, analysis and

evaluation to determine if the expected
results are being achieved
  What needs to be monitored and measured

 Methods for monitoring, measurement, analysis and evaluation, as

applicable, to ensure valid results

 When the monitoring and measuring shall be performed

 When the results from monitoring and measurement shall be analyzed

and evaluated

 Retain appropriate documented information

 Evaluate the quality performance and the effectiveness of the QMS

What if the organization have just started and have no evidence yet?

For example, commissioning paperwork, test results, and technical audits.

Auditing
 Review of documented information (results of monitoring,
measurement, analysis and evaluation)

 What the organization considers needed to monitor and measure

 What methods are used (key performance indicators, conformity of

the products and services, accomplishment of quality objectives,
customer satisfaction, warranty claims, complaints, etc.)
9.1.2. Customer Satisfaction

The organization is required to monitor

customers’ perceptions of the degree
to which their needs and expectation
have been fulfilled.

 Are there any trends?

 Are customer needs and expectations changing?

 Using customer satisfaction surveys

 Face-to-face evaluations (“How was your stay”?)

 Telephone calls or visits made periodically or after delivery of

products and services

 Internal enquiries among the organization’s personnel who are in

contact with customers

 Monitoring accounts receivable, warranty claims, etc.

 Customer complaints analysis

Auditing
 What is the desired output of this process? What information is
actually available on customer perceptions? How is this information
used by management to drive improvements to the product,
processes and the QMS?

 How is the data collected to feed the process?

 How reliable is the information? (verify the criteria the organization

has used for any sampling of its customers)

 How is the data analyzed?

9.1.3. Analysis and Evaluation

Analyzes and evaluates appropriate

data and information arising from
monitoring and measurement

Quality records, monitoring and measuring

results, process performance results,
objectives, internal audit findings, customer
surveys and feedback, 2nd or 3rd-party audit
results, competitor and benchmarking
information
 The results of analysis are used to evaluate:

 Conformity of products and services

 The degree of customer satisfaction

 The performance and effectiveness of the quality management system

 If planning has been implemented effectively

 The effectiveness of actions taken to address risks and opportunities

 The performance of external providers

 The need for improvements to the quality management system.

The analysis and review of the monthly preventative maintenance performance
Auditing

 How is data collected?

 Is information used in management review or any other processes?

9.2. Internal Audits
 Feedback loop on its processes

 To be able to highlight areas for improvement

9.2.1

The organization is required to perform

internal audits of its QMS at planned
intervals.
 The QMS conforms to the organization’s requirements

 The QMS conforms to the ISO 9001:2015 standard's requirements

 That the QMS is effectively implemented and maintained

Are you doing what you said you would do in your QMS?

Are you following your own procedures?

Is it a living system?
 9.2.2
 The planning, implementing and maintaining of the audit program

 Defining the audit criteria (Policies, processes, performance criteria, information {risks
and opportunities}) and scope of each audit

 Selection of auditors and conducting audits to ensure objectively and the impartiality of
the audit process

 Ensure that the results of the audits are reported to relevant management

 Take appropriate correction and corrective actions without undue delay (non-
conformance or improvement notice: actions should be taken)

 Retain documented information as evidence of the implementation of the audit program

and the audit results.(calendar, referencing any non-conformances or improvement
notices
Frequency? How? Responsibilities? Planning and reporting? Risk-based Thinking
Once/2 years, quarterly, monthly, regularly (flexible) Complexity, Size, Criticality
and previous audits
For example: auditing the supply chain
Auditing
 The competencies that are needed for and applied to the audit

 Objectivity and impartiality of the internal audit process

 The risk-based thinking performed by the organization in planning

internal audits

 The degree of management involvement in the internal audit process

 The guidance provided by ISO 19011 (but note that ISO 9001 does not
require the organization to use ISO 19011)

 The way the outcome of the internal audit process is used by the
organization to evaluate the effectiveness of its QMS and to identify
opportunities for improvements.
9.3. Management Review

9.3.1. General

Top management reviews the

organization’s QMS, at planned
intervals, to ensure its continuing
suitability, adequacy, effectiveness and
alignment with the strategic direction
of the organization

Policy, Objectives, Targets, etc.

To respond to issues and to recommend improvements

Who should attend management review meetings?

 Member of Top management

 Functional management

 Line management

 Process owners

 Process champions

 Action owners within the scope of the quality management system

 Internal Auditors
How often?

 Critical management review agenda items (process

performance, customer feedback and monitoring and
measuring results) should be reviewed monthly

 Less critical agenda items (reviewing the quality policy

and objectives should be undertaken less frequently)
perhaps every quarter

Annual management reviews are insufficient in frequency to be able

react to any issues effectively
9.3.2. Management Review Inputs
 The status of actions from previous management reviews

 Any changes internal or external that would have an impact on the QMS (restructuring or changing
focus to an entirely new industry)

 Review information on the performance & effectiveness of the QMS

-Customer satisfaction
-Progress on quality objectives
-Internal quality
-Any non-conformances or corrective actions or complaints
-Issues around monitoring and measurement results
-Audit results
-How external providers are performing and any actions required there

 How adequate are resources

 How effective have any actions, that were taken as a result of risks or opportunities, been
 What are the opportunities within the organization for improvement?
 9.3.3. Management Review Outputs

 Opportunities for improvement

 Any need for changes to the QMS

 Resources

Retain documented information to provide evidence that the management

review has been done and the results of it (minutes, reports, etc.)
Auditing

 Review of documented information

 Conduct interviews with top management

 Ensure management review meetings are covering inputs and outputs

 Ensure actions and decisions are aimed at the improvement of the

QMS
Clause 10: Improvement
10.1. General

The organization is required to

determine and select opportunities for
improvement and implement any
necessary actions to meet customer
requirements and enhance customer
satisfaction

Results of analysis and evaluation of environmental, quality and health &

safety performance, compliance, internal audits and management reviews.
 Meet customer requirements and enhance customer satisfaction

 Improve products and services to meet requirements as well as to

address future needs and expectations. Focus on improving products and
services (future needs and expectations, investment in latest technology
and innovation, improving reliability, reducing cost, and improving on-
time delivery)

 Correcting, preventing or reducing undesired effects by investigating root

cause, preventing escapes to the customer, acting on customer feedback
and/or in service reports

 Improving the performance and effectiveness of the QMS by acting on

process performance results, understanding audit findings, reducing
waste, process re-engineering, structural re-organization, and
promoting breakthrough projects.
Auditing

 Ensure the organization has identified opportunities for improvement

 Evaluate actions that have been taken on those opportunities

 Look for evidence that the organization is analyzing data from

process monitoring (internal communication, follow-up activities,
documented procedures, the effectiveness of management review
meetings, customer feedback systems, and training programs)

 Verify how the organization has determined a “proposed rate of

improvement”

An auditor should remember that it would be unrealistic to expect an

organization to make progress on all potential improvements simultaneously.
10.2. Nonconformity and Corrective Action

The organization is required to

react to nonconformities and
implement corrective actions
whenever nonconformities are
identified.
 React to the nonconformity, and as applicable
-Take action to control and correct it
-Deal with the consequences (Upset customer)

 Evaluate the need for action to eliminate the causes of the

nonconformity, in order that it does not recur or occur elsewhere, by:
-Reviewing the nonconformity
-Determining the causes of the nonconformity
-Determining if similar nonconformities exist, or could potentially occur

 Implement any action needed

 Review the effectiveness of any corrective action taken (Additional

process monitoring, additional internal audits, associated metrics, etc.)

 Make changes to the quality management system, if necessary

Retain documented information on:
 Nature of nonconformities and actions taken
 Results of corrective actions
Auditing

 Review of documented information

 Conduct interviews with personnel

 Evaluate actions and methods used

 Check if the nonconformity is happening in other processes or other

areas of the organization
10.3. Continual Improvement

The organization is required to

continually improve the suitability,
adequacy and effectiveness of the
quality management system
 Identify improvement opportunities and management system
underperformance (data analysis and evaluation, internal auditing,
management review, and the use of appropriate tools and
methodologies)

 Increase the level of conforming outputs

 Improve its processes and reduce process variation in order to enhance

general performance for the benefit of its customers and interested
parties.
 What is an Audit?

Systematic, independent and documented

process for obtaining audit evidence and
evaluating it objectively to determine the
extent to which audit criteria are fulfilled
 Purpose of an Audit

Collecting objective evidence to

allow an informed judgment
about the status of the quality
management system.

Audit Findings:
 Conformities
 Non-Conformities
 Opportunities for Improvement
 Verifies conformity to requirements

 Increases awareness and understanding

 Provides a measurement of effectiveness of the management

system to top management

 Reduces risk of management system failure

 Identifies improvement opportunities

 Continuous improvement if performed regularly

Types of Audits

Internal Audit: (Requirement of ISO 9001)

• First Party:
Done by the organization itself using its own auditors

External Audit:
• Second Party:
Audit conducted by parties that have
an interest in the organization
( customers)

• Third Party:
Audit performed by independent
organization or regulatory body
(ISO 9001 registrar)
Defining Audit Objectives, Scope, Criteria

Audit Objectives may include:

 Determining of the extent of conformity of auditee’s QMS with

audit criteria

 Evaluation of capability of QMS to ensure compliance with

statutory, regulatory, and contractual requirements

 Evaluation of effectiveness of the QMS to meet its objectives

 Identification of areas of improvement

Audit Scope
 What are the boundaries of an audit?

 What processes will we audit?

 What organizational functions are included?

 What is the audit emphasis?

 What is the timeframe?

Audit Criteria: Reference against which conformity is determined:

 National and International Standards (ISO 9001:2015)

 Contract and Customer Requirements

 Legal requirements/ Industry Codes

Auditors and Audit Team
Auditor: Person with the competence to conduct an audit

Selection of Audit Team depends on the competence

 Audit objectives, scope, criteria, and duration

 Competence of team to meet objectives
 Statutory, regulatory, contractual and accreditation/certification
requirements

Can be composed of one or more persons

Should have at least one lead auditor that coordinates team activities

Could include: auditors, auditors in training, technical

experts, guides, observers
 Communicating and clarifying audit requirements

 Planning and carrying Out assigned responsibilities efficiently

 Documenting the findings

 Reporting the audit results

 Verifying the effectiveness of corrective actions

 Safeguarding records and confidential information

 Cooperating with audit team

Audit Planning

 Determine the objective, scope and

criteria

 Select the team

 Initial contact with the auditee

(Like setting a date and a place)

 Identify specified requirements

 Prepare work documents (Checklists,

forms)

 Draw up audit plan

Audit Execution
Opening Meeting
 Purpose is to confirm all prior arrangements
 Hold opening meeting with auditee top management and those
responsible for processes audited
 Meeting may be informal
 Audit team present
 Auditor will describe Scope, Objective, Criteria
-Open Question
Conducting Audit
-Expansive Question
 Review and check record and documents
-Opinion Question
 Observing work activities
-Non-Verbal
 Questioning Techniques
-Repetitive Question
 Notes Taking
-Hypothetical Question
-Closed Question
Audit focus must be on conformity and effectiveness, NOT on
finding nonconformities
Generating Audit Findings

 Results of evaluating audit evidence against audit criteria (ISO 9001) to

generate audit findings

 Indicate if findings are conformities, nonconformities or opportunities

for improvement

 Record nonconformity findings and supporting evidence

 Obtain auditee acknowledgement of nonconformities for accuracy and

understandability

 Keep a record of unresolved issues

Conclusion: The result of the audit after taking into consideration the
objectives of the audit and the findings
Closing Meeting
 Hold closing meeting to present audit findings and conclusions

 Cover situations encountered during audit that may decrease

reliance on audit conclusions

 Discuss and resolve diverging audit findings and conclusions

 Keep a record if not resolved

 Provide recommendations for improvement where specified by audit

objectives

 Keep minutes and attendance records

 Will normally be informal for internal audits

Nonconformity

 Non-fulfillment of a specified requirement:

-Not doing it
-Partially doing it
-Doing it the wrong way

 Specified requirement:
-Conditions of the customer contract
-Quality standard (ISO 9001:2015)
-Statutory or regulatory requirements
Nonconformity - Minor

 Failure to comply with a requirement which (based on judgment

and experience) is not likely to result in QMS failure

 Minimal risk of nonconforming product or service

 Examples:
-A two month lapse in the internal audit program
-A training record not available
-No actions taken to improve system based on previous result
findings
Nonconformity - Major

 Absence or total breakdown of a system to meet a requirement

 A number of minors related to the same clause or requirement

 A nonconformity that experience and judgment indicate will likely result

in QMS failure or significantly reduce its ability to assure controlled
processes and products

 Examples:
-No documented procedure for a required documented ISO 9001:2015
process/activity
-No awareness program for the quality management system
-No future planned internal audits
-Insufficient scope
-Numerous minor nonconformities found in the production process
 Audit Report: Prepare, Approve & Distribute

1. Audit reference
2. Client and Auditee details
3. Audit team details
4. List of auditee representatives
5. Objectives, scope, and criteria
6. Audit plan – dates, places, areas audited
and timing
7. Summary of audit process
8. Audit Summary 10. Nonconformity reports
9. Uncertainty due to sampling 11. Recommendation
12. Obstacles encountered
Audit report is distributed to: 13. Any areas in audit scope not covered
auditee, audit client (if they are not 14. Any unresolved issues between the auditee
the same), certification body, etc. and team
15. Confirmation that audit objectives
Audit is complete when all activities in accomplished
audit plan have been carried out and audit 16. Confidentiality statement
report is distributed 17. Distribution list
Conducting The Follow-Up
 Audit conclusions may require corrective, preventive, or improvement
actions

 Auditee decides and carries out these actions within agreed

timeframe

 These actions are not part of the audit

 Audit team should verify completion and effectiveness of actions

taken

 This verification may be part of a subsequent audit