Anda di halaman 1dari 10

[organization name]

Implementation checklist for ISO 9001:2015 transition


The new version of the ISO 9001 standard was published in September 2015. Organizations are granted a three-year transition period from that
date to comply with the current version of the standard, at which time the 2008 version and any certification pertaining to it will become
obsolete. This means that you may have surveillance audits against the 2008 revision until September 2018, although some certification bodies
have announced that they will stop issuing new certificates against the 2008 revision by September 2016, so it is advised that you consult your
own certification body regarding your organizations circumstances if you are pursuing your initial 9001 accreditation.

The latest version of the standard brings a lot of changes, and all of them need to be identified and understood before the transition project can
begin. For more information about the changes, see: Infographic: ISO 9001:2015 vs. 2008 revision What has changed?

Identifying changes is only the beginning; all of them need to be translated into a series of tasks and activities to be completed in order to
achieve full compliance with ISO 9001:2015 (See also: How to make the transition from ISO 9001:2008 revision to the 2015 revision). Keeping an
eye on what is done and what steps are ahead is crucial for the success of such projects therefore, we hope youll find this checklist useful.

What needs to be done? Completed Note


1) Define context of the organization.
Determine how to identify internal and Determining context of the organization requires identifying all internal and
external issues. external issues relevant to the QMS (Quality Management System). Depending
on size and complexity of the organization you will need to decide who will be
involved and how often the context shall be examined. For more information,
see: How to identify the context of the organization in ISO 9001:2015.
Make decision about documenting the Considering that this is a new requirement, it can be beneficial to document the
requirement. Procedure for Determining Context of the Organization and Interested Parties

that will define what elements of the context will be analyzed, who will take a
part in it, and how often the review will be conducted.
Identify internal and external issues. The organization needs to determine internal and external issues that can affect

the ability of the company to achieve its objectives. This can include
Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 1 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

organizational culture, organizational structure, process and information flow in


the organization, as well as the legal, cultural, and economic environment in
which the company operates. For more information, see: ISO 9001:2015 case
study: Context of the organization as a success factor in manufacturing company.
2) List all interested parties.
Identify interested parties relevant to the Interested parties can have a great impact on the organization, and it is
QMS. important to determine who the interested parties are and what their needs and
expectations are regarding the organizations QMS.
Determine relevant needs and expectations Interested parties can have different requirements regarding different aspects of
of the interested parties. the company. In regard to ISO 9001, it is important only to identify needs and
expectations that relate to the Quality Management System.
Decide which of these needs and Interested parties and their needs and expectations that the organization
expectations will become compliance determines to be relevant to its QMS become compliance obligations, and
obligations for the organization. something that the organization must fulfill. These usually include legal

requirements regarding quality of products and requirements of the customers.
For more information about interested parties, see: How to determine interested
parties and their requirements according to ISO 9001:2015.
Make a decision about documenting The organization must monitor and review information about the interested
interested parties and their needs and parties and their relevant requirements. This is usually done by documenting a

expectations. List of Interested Parties, and additionally, the organization can document the
procedure that will describe the process in detail.
3) Review the scope of the QMS.
Determine whether the changes in the If the organization implemented the previous version of the standard several
company locations, processes, and products years ago, it is possible that the document about the scope of the QMS has not
are reflected in the scope of the QMS. been revised since, and the company opened new branches, developed new

products, or introduced new technologies. The transition is a good chance to
review the scope and adapt it to the organizations current needs. For more
information, see: How to define the scope of the QMS according to ISO

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 2 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

9001:2015.
Revise the document about the scope if If there were any changes to the scope of the QMS, they need to be documented.
necessary. In the previous version of the standard, requirements regarding the scope were
part of the Quality Manual, but if the organization decides to exclude the manual

from its QMS documentation, the scope can be documented in a separate
document called the Scope of the Quality Management System, defining all
activities, products, and services of the organization within the scope.
4) Demonstrate leadership.
The top management demonstrates Getting the top management involved in the QMS is one of the biggest challenges
commitment and leadership by taking in the implementation and maintenance of the system. If the top management is
accountability for QMS effectiveness. familiar with the benefits of ISO 9001 and their own responsibilities, they are

more willing to actively participate and commit to the QMS. For more
information, see: To what extent should top management be involved in your
QMS?
The QMS is integrated with the organizations The only way to ensure that the QMS is really implemented and applied is to
business processes. integrate its activities with everyday business activities. The transition is a great
opportunity to review existing QMS activities and see how to make them more

simple and natural to the employees, to ensure they are performed as defined.
For more information, see: ISO 9001: Why it should be viewed as a business
management system.
Resources needed for QMS functioning are The biggest problem with the requirements regarding leadership is that they
available. cannot be met simply by writing a policy or procedure; they must be met by
taking action. The top management must provide sufficient resources, in terms of

human resources and finances, for the operational controls that require them in
order to ensure the effectiveness of the QMS.
For more information, see: How to make your investment in ISO 9001 profitable.
Top management supports persons to One of the important roles of the top management in the QMS is to raise

contribute to the QMS and promotes awareness and demonstrate to its employees that the QMS is important for the

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 3 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

continual improvement. company. If the top management doesnt care about the QMS, neither will the
employees. The top management must also support relevant management roles
to demonstrate leadership in their areas of responsibility.
The Quality Policy is appropriate to the The existing Quality Policy needs to be updated to reflect the purpose and
purpose and context of the organization and context of the organization, and to provide a framework for setting the Quality

provides a framework for setting QMS Objectives.
objectives.
The Quality Policy includes a commitment to Requirements regarding the Quality Policy havent changed significantly, but the
satisfy applicable requirements, and a policy must be reviewed to ensure that it contains a commitment to satisfy
commitment to continual improvement of applicable requirements, and a commitment to continual improvement of the
the Quality Management System. QMS. For more information about the policy, see: How to Write a Good Quality
Policy.
The Quality Policy is documented, Once the policy is documented or the new version is published, it must be
communicated, understood, and applied communicated within the company so the employees are aware of it, and it must
within the organization and it is available to be made available to interested parties. Making the policy available to interested
relevant interested parties. parties includes publishing it on the companys website or providing it to the
interested party upon request.
5) Align QMS objectives with the companys strategy.
QMS objectives are established at relevant The top management should be involved in defining quality objectives. The
functions and levels, taking into objectives should take into consideration the applicable requirements, and be
consideration customer satisfaction, relevant to conformity of products and services and to enhancement of customer

compliance obligations, and risks and satisfaction. They should be defined at appropriate levels and functions in the
opportunities. company. For more information, see: Aligning quality objectives of the QMS with
the strategic direction of the company.
QMS objectives are consistent with the In order to contribute to the improvement of the QMS, the objectives need to be
Quality Policy and the S.M.A.R.T. principle. aligned with the policy. They also need to be specific, measurable, achievable,

realistic, and timed to enable the organization to evaluate whether they are
achieved. For more information about the objectives, see: How to Write Good

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 4 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

Quality Objectives.
Actions to achieve the objectives are defined Once the objectives are defined, the organization must determine actions to
and the objectives are documented. ensure that the objectives will be achieved. Planning actions includes defining
what will be done, who will do it, what resources are needed, and what are the
deadlines. Plans for achieving the objectives are often documented in the record
called Quality Objectives.
6) Assess risks and opportunities.
Make a decision on the methodology for The organization needs to determine risks and opportunities related to the
identification of risks and opportunities. context of the organization, and the ability of the QMS to achieve the intended
results, enhance desirable effects, and achieve improvement. The standard
doesnt require the organization to adopt a methodology for risk assessment;
however, it can be beneficial for bigger companies with more complex products,
services, or processes. For more information about risks and opportunities, see:
How to address risks and opportunities in ISO 9001.
Identify risks and opportunities. Identification of risks and opportunities is a novelty for many QMSs. The risks and
opportunities should be observed on an organizational level of the company and
its processes. The key is to determine what can jeopardize or enhance the quality

performance, compliance with the obligations, or context of the organization. For
more information, see: Risk-based thinking replacing preventive action in ISO
9001:2015 The benefits.
Take actions to address risks and The organization needs to take actions to address risks and opportunities in order
opportunities. to provide assurance that the QMS will deliver the intended results, prevent or

reduce undesired effects, and continually improve the QMS. The actions are
integrated with QMS processes and evaluated for their effectiveness.
Make a decision on documenting risks and There is no requirement to document risks and opportunities to be addressed,
opportunities. but there is a requirement to monitor information about risks and opportunities

and actions taken to address them. Depending on the methodology the company
selected, different levels of documented information will be required. For small

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 5 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

and mid-size organizations, it can be documented with the Procedure for


Addressing Risks and Opportunities.
7) Control documented information.
Identify all requirements for documents and With the change of the standard came a change in documentation requirements.
records. Most of the existing documentation can still be used in the QMS, but it is
important to identify the documents that are not mandatory anymore and make
a decision regarding whether to keep them as a part of your QMS. At the same

time, there are some new documentation requirements, and they also need to be
taken into account when making the transition. For more information about
documentation requirements, see: List of mandatory documents required by ISO
9001:2015.
Revise and update the existing document and The new version of the standard has more precise requirements regarding
record control process. document and record control. It defines requirements for creating and updating
documents, control and retention, and disposition of the documents. The existing
document and record control process needs to be reviewed to determine
whether it is compliant with the new version of the standard. For more
information, see: New approach to document and record control in ISO
9001:2015.
Revise and update existing QMS All documentation must be updated; some of it will require comprehensive
documentation. changes, but others will only need a change in reference to the clause of the
standard. Regardless of the level of changes required, it is also beneficial to
review all documents and discard redundant parts of the documentation.
Download a free preview of the ISO 9001:2015 Transition Toolkit to gain some
perspective on the amount of changes needed to your existing QMS
documentation.
8) Operational control
Determine requirements for products and The transition is a great opportunity for improvement of the existing system. One

services. of the elements often neglected are requirements for products and services. The

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 6 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

organization needs to define exactly how its product or service should be, in
order to avoid delivering a product or service that is not compliant with the
organizations requirements. For more information, see: ISO 9001: Requirements
for the release of the product or service.
Establish criteria and control for processes. In order to produce quality products or to deliver quality service, the organization
needs to define how the processes are carried out and what criteria need to be

met in order to confirm that the product or service is compliant with
requirements.
Make a decision on documenting operational The new version of the standard allows the organization to decide on the level of
controls. documentation necessary to ensure that processes are carried out as planned. In
some cases, some processes will need documented procedures, while in other

cases a flowchart will be enough. Organizations will need to review existing
documentation for the processes and decide what is really necessary and what
can be discarded.
9) Review the design and development process.
Design and development planning When determining stages and controls for design and development, the
organization needs to consider the nature, complexity, and duration of the
project as well as project stages, verification and validation activities,
responsibilities, and other elements that will ensure the success of the design and
development.
For more information, see: Case study: Design and development in the software
industry.
Design and development inputs The organization needs to define requirements for the specific types of products
or services to be designed and developed. This includes considering functional
and performance requirements, information from similar previous projects,

statutory and regulatory requirements, and potential consequences of failure.
For more information, see: How to include statutory and regulatory requirements
in your QMS.

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 7 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

Design and development controls To ensure the success of the design and development, the organization needs to
define verification and validation activities; take actions when problems are

discovered during reviews, validation, and verification; and retain documented
information on these activities.
Design and development outputs Design and development outputs must meet the input requirements and be
adequate for subsequent processes for provision of product or service. The
outputs need to include monitoring and measuring requirements and the
acceptance criteria, as well as the characteristics of the products and services
that are essential for their intended purpose and safe and proper provision.
10) Control of external providers
Reevaluate external providers. Evaluation of suppliers was required by the previous version, but this is often
neglected by organizations. This is a good opportunity to reevaluate your

suppliers based on their ability to provide processes, products, or services in
accordance with requirements.
Define the type and extent of control. The type and extent of controls enforced on the external providers will vary
depending on the size of the supplier, the complexity of the processes and
product or service provided, and the relationship the organization has with the

supplier. The key is to ensure that the organization receives the product or
service it requires.
For more information, see: How to control outsourced processes using ISO 9001.
Provide information to external providers. In order to ensure that the processes, products, and services provided externally
meet the organizations requirements, the organization needs to communicate
its requirements for processes, products, and services and control and

monitoring of the providers performance, as well as validation and verification
activities that the organization or its customers wants to perform at the
providers premises.
11) Performance evaluation
Establish Key Performance Indicators (KPIs). The company needs to monitor, measure, analyze, and evaluate its quality

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 8 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

performance. To do so, the company must determine the Key Performance


Indicators that will show the condition of the QMS and point out the weaknesses
of the system. For more information, see: How to define Key Performance
Indicators for a QMS based on ISO 9001.
Determine methods for monitoring and Once the KPIs are defined, the company must determine how those KPIs will be
measuring. monitored, measured, and evaluated. For more information, see: How to

implement the Check phase (performance evaluation) in the QMS according to
ISO 9001:2015.
Monitor the KPIs. As part of monitoring and measuring, the company must determine their
frequency. Results of monitoring and measuring of the KPIs are important inputs
for later management review and improvement of the QMS.
12) Measuring and reporting
Conduct the internal audit. The internal audit process will be the same as it was in the previous version of the
standard, but the requirements to be audited will be different. The standard
doesnt require internal auditors to get additional certificates for ISO 9001:2015,

but it can be beneficial for internal auditors to take an ISO 9001:2015 Internal
Auditor Course to become familiar with the standard and refresh their knowledge
on auditing.
Conduct the management review. The management review process will stay the same; the only difference is that
the inputs and outputs of the management review have changed. There are now
additional requirements for reviewing context of the organization, effectiveness
of actions taken to address risks and opportunities, defining opportunities for
improvement, and improving integration of the QMS with other business
processes. For more information on management review, see: How to make
Management Review more useful in the QMS.
Conduct corrective actions. In case of nonconformities found during the internal audit, or if the management
review resulted in opportunities for improvement, corrective actions need to be
initiated and conducted to achieve full compliance with the standard and

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 9 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.
[organization name]

improve the QMS. For more information, see: How to proceed once a QMS
corrective action is defined.

Sample documentation
You can download a preview of the ISO 9001:2015 Transition Documentation Toolkit. This will allow you to see a sample of policies and
procedures required to make the transition to the ISO 9001:2015 standard, and see what changes should be made to your existing
documentation.

Implementation checklist for ISO 9001:2015 transition ver [version] from [date] Page 10 of 10

2017 This template may be used by clients of Advisera Expert Solutions Ltd. www.advisera.com in accordance with the Licence Agreement.