NQA IMS Quote Request Form UK
NQA IMS Quote Request Form UK
NQA IMS Quote Request Form UK
1. Organisation details:
Company name (Legal entity
Country:
requiring certification):
Postcode: Website:
Contact name:
Job title:
Email:
2. Which management systems standards are you requiring certification for? (Tick all that apply)
ISO 9001:2015 (Quality) ISO 14001:2015 (Environmental) ISO 45001:2018 (H&S)
Complete Section A Complete Section B Complete Section C
ISO 50001:2018 (Energy) ISO 13485:2016 (Medical Devices) SSIP (Safety Systems in Procurement)
Complete Section D Complete Section E Complete Section C
ISO 27001:2013 (Info Security) ISO 44001:2017 (Collaborative) ISO 55001:2014 (Asset)
Complete Section F Complete Section G Complete Section H
ISO 27701 (Privacy Information) Transferring your Certification ISO 22301 (BCMS)
Complete Section F Complete Section I Complete Section J
Please note; you must have or be applying for ISO 27001
to gain this certification. If you are certified to ISO 27001
with another provider, then please apply to transfer this
certification to NQA.
Is your management system integrated with other standards and to what extent?
For further detail on integration approaches within management system standards, please click here.
No. of staff:
NQA/QRF/IMS/UK/JUN21/V9 Page 1
Please detail the activities your employees conduct and the number involved in each task (e.g. maintenance, office based, production):
Operations/Delivery
Sales R&D
– office/site based
Operations/Delivery
Marketing Management
– field based
HR Maintenance
If you have more than 1 site please download, complete and return an NQA Multi-Site Supplement Questionnaire.
Where part time workers or seasonal workers are employed, please provide full details below:
Yes No
7. Do you provide installation, contract site works or undertake your business activity at
client locations?
Yes No
NQA/QRF/IMS/UK/JUN21/V9 Page 2
Yes No
9. Does the organisation have a simple structure with vertical lines of management
communication and few decision makers?
Yes No
10. D
oes the organisation have staff speaking in more than one language and/or use an
interpreter?
If yes, please specify which language/s:
Are you using a consultant to help you implement/manage the management system?
14. Where did you hear about NQA’s service? (Tick all that apply)
Please ensure that the following sections of this form are also completed (as appropriate).
PLEASE CLICK BELOW TO GO DIRECTLY TO THE RELEVANT SECTION:
C - SSIP (Safety Systems in Procurement) D - ISO 50001:2018 (Energy) E - ISO 13485:2016 (Medical Devices)
F - ISO 27001:2013 (Info Security) F - ISO 27701 (Privacy Information) G - ISO 44001:2017 (Collaborative)
If you have any problems completing this form please call 0800 052 2424 (option 2) or email [email protected]
If you choose to give us any personal information (for example your e-mail address) we will treat this information in line with our privacy notice which can be located here:
https://www.nqa.com/en-gb/privacy. We will only use the information provided to respond to your enquiry and provide you with any information or materials requested. By
submitting this information you are requesting a quote for services from NQA and a subsequent quote letter will be issued to you based on the information provided within
this form.
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
Yes No
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
Please complete the following questions considering ALL locations applying for certification.
Yes No
1. Are your operations subject to an authorisation/permit/licence/registration from a
regulatory body? (e.g. environmental permit, hazardous waste producer registration, abstraction licences, registered
waste or water discharge exemptions, etc.)
2. Discharges to water/sewer:
Do you produce any industrial effluent (other than domestic sewage and surface water)? Frequently Occasionally Never
3. Waste:
Do you produce hazardous, special or clinical waste? Frequently Occasionally Never
5. Incidents/prosecutions: Yes No
Have you had, including significant stakeholder complaints any environmental incidents leading to high clean-up costs or a
breach of legislation (including prosecution)?
If you answered yes to any of the above questions, please provide details, including which location(s) this applies to:
Do you have listed buildings (Grade I, Grade II*, Grade II) or archaeological sites (tumuli, burial mounds etc.) on site? Yes No
Is the site within or adjacent to any designated nature conservation sites including Site of Special Scientific Interest (SSSI),
Yes No
National Park, or Special Areas of Conservation?
Is there evidence to suggest land contamination requiring clean-up is present at the site? Yes No
If you answered yes to any of the above questions, please provide details, including which location(s) this applies to:
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
1. If you are applying for SSIP please identify which role(s) you would like approving against:
Designer Principal Designer Contractor Principal Contractor Non-construction
Working at heights
Does your business handle, produce, use or store dangerous substances (including toxic, oxidising, explosive, flammable,
Yes No
etc.) in large quantities and could therefore be subjected to COMAH (Control of Major Accident Hazards)?
If you have answered yes to any of the above questions, please provide details, including which location(s) this applies to:
5. Are there members of the public present at your organisation’s sites? Yes No
6. P
lease provide details of legislation, regulations, obligations and guidance notes applicable to the
business:
E.g. Construction Design and Management Regulations, Control of Major Accident Hazards Regulations, etc.
7. Please provide a description of any formal involvement with a competent regulatory authority:
E.g. HSE in the UK
8. H
ave you had any incidents leading to or pending prosecution/insurance claims/ Yes No
enforcement notices in the last five years?
If yes, please provide details:
9. Please state accurately all injuries, diseases and dangerous occurrences (RIDDOR) for the past 12
months:
Number of reportable dangerous occurrences: Number of reportable accidents involving a member of the public:
Note: Disclosure of information is a requirement for contractual obligation. The applicant may be contacted before issue of a quotation.
10. Are there any additional personnel that are not detailed in your employed Yes No
personnel number (e.g. contractors/subcontractors personnel) performing work or work-related activities under
the control or influence of the organisation’s system?
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
IF YOU ARE A MULTI-SITE CLIENT PLEASE DOWNLOAD, COMPLETE AND RETURN
THE NQA MULTI-SITE SUPPLEMENT QUESTIONNAIRE.
Processes/activities of site:
Energy sources:
For additional guidance on how to complete this section please click here.
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
When/how was the sterilization conducted? During production Outsource Intend for end-user sterilization
4. H
ave you had any incidents leading to or pending prosecution/insurance claims/ Yes No
enforcement notices in the last year?
If yes, please provide details:
5. Please list below legal obligations relevant to the proposed scope of certification:
Does the organisation use suppliers to supply processes or parts that are critical to the function of the medical device
Yes No
and/or the safety of the user or finished product?
Does the organisation have multiple shifts/a number of production lines? Yes No
Does the organisation have no production (e.g. wholesale, retail, transportation or maintenance of equipment? Yes No
Does the organisation reduce the production range since last audit? Yes No
If you answered yes to any of the above questions, please provide details below:
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
1. Are you aware of any standards, regulations or laws with which your company or industry must
comply? If so list these below:
Legal (e.g. Data Protection Act, Computer Misuse Act etc):
Regulatory (e.g. PCI DSS, Information Governance Statement of Compliance (IG SoC)):
2. Risk level and complexity - if you answer yes to any of the below you must provide details:
Government Do you handle Government information classified at e.g. military bases, defence
classification or above secret? supply chain, government
departments.
Nature of Could the nature of information held result in a e.g. Solicitors, law firms,
information breach or loss; having material financial, personal or banks, insurers, credit
managed reputational impact to any interested party? agencies (regulated
by FCA), organisations
Information handled includes: providing payroll services
•C ustomers, end users, staff contractors or others or pension administration
sensitive personal information e.g. health records etc.
or financial information
• Intellectual property
(e.g. designs, software source code)
Volume of data Does the information held include a large set of e.g. E-commerce websites,
managed - aggregated sensitive personal information that could be used for utility companies, online
data sets identity theft or fraud? payment websites,
organisations collecting
e.g. This could include individuals’ usernames and individual’s data via web
passwords used to access web portals or other portals, organisations
systems. processing and analysing
customer data.
Complexity of Does the technology used include a diverse or e.g. Large IT infrastructure,
technology used complex infrastructure? many servers, multiple
different platforms, any
e.g. Many servers (>100 physical or virtual servers) organisation permitting
AND/OR BYOD (“bring your own
device”) is included in this
“Bring your own device” (BYOD) is permitted. criterion, regardless of size.
Supply Chain Do you share sensitive information with third parties? e.g. Criminal records, credit
checks, outsourced payroll
e.g. Customers’/end users’/staff or others personal etc.
information. Including outsourced payroll, third party
vetting services (criminal records, credit checks)
AND/OR: Intellectual property (designs, source code
or other sensitive proprietary information).
Importance of integrity If the information produced by your company is e.g. Organisations such as
of information incorrect or incomplete, could there be a threat to secure printers (passport/
individual or collective health / wellbeing / safety / visa printers/prescription/
security / miscarriage of justice or risk of fraud? medical instruction
printers), health providers
(clinical information/
medical record systems),
gambling service providers.
Susceptibility to fraud or Could the theft of information (by staff / contractors e.g. Organisations
targeted disruption or others) managed by your organisation result in susceptible to fraud (e.g.
fraud or targeted disruption? by theft or misuse of data)
or heightened risk of
e.g. Theft of personal information by staff working in attempted fraud.
finance / insurance, call centres, clinics, pharmacies.
AND/OR: Hacking of software/website/IT systems.
Information not Do you hold any ISMS related information that N/A
available to audit cannot be made available for review by the audit
team because it contains confidential or sensitive
information?
2. A
re you currently or has your business ever been under investigation/fined by a Yes No
data enforcement agency? (e.g. ICO)
If yes, please provide details below:
3. Please confirm whether your organisation is a data processor, data controller or both:
Data Processor Data Controller Both Data Processor and Data Controller
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
1. Please provide the details below of the relationships you would like certificating:
10
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
IF YOU ARE A MULTI-SITE CLIENT PLEASE DETAIL ON A SEPARATE SHEET THE ASSET GROUPS
PERTAINING TO EACH SITE, UNLESS THESE ARE UNIFORM ACROSS ALL SITES
1. Please detail the business activities covered by your Asset Management System (AMS):
2. Please list the different categories of Asset Groups below (use a separate sheet if necessary):
Asset group name Asset group description Company asset? Client asset?
3. Please select the most appropriate description applicable to your scope of AMS:
The asset portfolio is a complex networked system of assets. It is a highly interdependent system.
The asset portfolio is complex, but has discrete locations with partially interdependent systems.
4. Please select the most appropriate description applicable to the criticality of your business assets
within the scope of your AMS:
High impact on business and stakeholders of asset failure.
5. Are there significant business continuity and supply chain risks? Yes No
6. A
re there any statutory requirements for recording financial and non-financial Yes No
information relevant to asset management, risk management, management of
change, complexity of the outsourced processes etc.
If yes, please provide details:
1. Certificate details:
Certificate number Standard Valid until date Certification Body
4. H
ave any complaints been raised against your organisation to your certification Yes No
body, or is a regulatory body currently engaged with or investigating you in
relation to activities you are certificated for? (e.g. HSE for health and safety breaches)
If yes, please provide more information:
5. Please detail the number of open major and/or minor No. of minors No. of majors
non-conformities on this certificate:
6. How frequently do you receive audits from your Annually 6 monthly Other
current certification body?
7. Please detail your last audits up to and including the latest recertification or stage 2 audit:
Audit type (Surveillance/Recert/Stage 2/Special) Audit duration Audit date
ONLY COMPLETE THIS SECTION IF APPLYING FOR CERTIFICATION AGAINST THIS STANDARD
IF YOU ARE A MULTI-SITE CLIENT PLEASE DOWNLOAD, COMPLETE AND RETURN
THE NQA MULTI-SITE SUPPLEMENT QUESTIONNAIRE.
1. P
lease provide a list of departments that are within the proposed scope of your BCMS and the
functions/processes for which they are responsible:
(E.g. Finance, Personnel, Operations, Development, Manufacturing etc, giving an indication of the scope and extent of those activities.)
2. D
o the functions and activities detailed above depend on outsourced activities or those supplied by
out-of-scope departments?
(E.g. IT, Payroll, Manufacturing etc. If so, describe the type and degree of dependency below.)
3. D
oes your organisation provide staff who work permanently on customer or third Yes No
party sites?
If yes please provide details: