100%(12)100% menganggap dokumen ini bermanfaat (12 suara)
1K tayangan30 halaman
This document is a checklist of ISO 9001:2015. The checklist covers the ISO 9001:2015 clause number, requirements of ISO 9001:2015, guidance and the auditing questions. It is an overview of the international standard ISO 9001:2015.
FOR ISO TRAINING AND CERTIFICATION, CONTACT US AT-
CALL: +91 9316744482, OR MAIL US AT: trg@eurotechworld.net
VISIT OUR WEBSITE: www.eurotechworld.net/trainings
This document is a checklist of ISO 9001:2015. The checklist covers the ISO 9001:2015 clause number, requirements of ISO 9001:2015, guidance and the auditing questions. It is an overview of the international standard ISO 9001:2015.
FOR ISO TRAINING AND CERTIFICATION, CONTACT US AT-
CALL: +91 9316744482, OR MAIL US AT: trg@eurotechworld.net
VISIT OUR WEBSITE: www.eurotechworld.net/trainings
This document is a checklist of ISO 9001:2015. The checklist covers the ISO 9001:2015 clause number, requirements of ISO 9001:2015, guidance and the auditing questions. It is an overview of the international standard ISO 9001:2015.
FOR ISO TRAINING AND CERTIFICATION, CONTACT US AT-
CALL: +91 9316744482, OR MAIL US AT: trg@eurotechworld.net
VISIT OUR WEBSITE: www.eurotechworld.net/trainings
9001:2015 Requirements of ISO 9001:2015 Guidance Auditing Questions
Clause No. CLAUSE 4 The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. The organization shall This new concept How has the organization monitor and review information about these relates to the factors determined external and external and internal issues. and internal issues? NOTE 1 Issues can include positive and negative conditions affecting How do you monitor and factors or conditions for consideration. organizational review information about NOTE 2 Understanding the external context can operation this? be facilitated by considering issues arising from E.g. regulation, Are these relevant to legal, technological, competitive, market, cultural, governance and purpose and strategic social and economic environments, whether stakeholders direction? international, national, regional or local. NOTE 3 Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge and performance of the 4.1 organization How have you determined Due to their effect or potential effect on the what interested parties are organizations ability to consistently provide Consider who the relevant to the QMS? products and services that meet interested parties How have you determined customer and applicable statutory and regulatory might be and what requirements those requirements, the organization shall determine: what their relevant parties have that are relevant a) the interested parties that are relevant to the interests might be, e.g. to the QMS? quality management system; customers, How has impact or potential b) the requirements of these interested parties that shareholders, board impact been determined? are relevant to the quality management system. members, Is the organization reviewing The organization shall monitor and review competitors, and monitoring information information about these interested parties and regulators. about these interested parties their relevant requirements and their relevant 4.2 requirements?
How have the boundaries and The organization shall determine the boundaries applicability of the QMS been and applicability of the quality management system used to establish the scope of to establish its scope. the organization? When determining this scope, the organization How have: The external and shall consider: internal issues; the a) the external and internal issues referred to in requirements of relevant 4.1; interested parties and; the b) the requirements of relevant interested parties products and services of the referred to in 4.2; organization been considered c) the products and services of the organization. when determining the scope of The organization shall apply all the requirements of the organization? this International Standard if they are applicable Where is the scope available? within the determined Where is it maintained as scope of its quality management system. Elements which do not documented information? The scope of the organizations quality apply can and should Does it state what products and management system shall be available and be be services are covered by the maintained as documented justifiedunderClause4.3 QMS? information. The scope shall state the types of of 9001:2015. products and services covered, and provide Does it justify how instances of requirements of the QMS justification for any requirement of this International Standard that the organization cannot be applied? determines is not applicable to the scope of its Can the organization claim quality management conformity to the ISO system. 9001:2015 International Conformity to this International Standard may only Standard by Ensuring that be claimed if the requirements determined as not requirements determined as being applicable do not applicable do not affect the not affect the organizations ability or responsibility organizations ability or to ensure the conformity of its products and responsibility to ensure the services and the enhancement of customer conformity of its products, satisfaction. services and enhancement of 4.3 customer satisfaction?
4.4 How has the QMS been 4.4.1 The organization shall establish, implement, established? maintain and continually improve a quality Show me how this is management system, including the processes implemented and how is it needed and their interactions, in accordance with maintained and continually the requirements of this International Standard. improved? The organization shall determine the processes How have the processes been needed for the quality management system and determined and how do they their application throughout the organization, and interact? shall: How have the processes been a) determine the inputs required and the outputs determined for the QMS? expected from these processes; What are the inputs and b) determine the sequence and interaction of these outputs for those processes? processes; What is the sequence and c) determine and apply the criteria and methods interaction of the processes? (including monitoring, measurements and related An elevated focus on What are the criteria, methods, performance indicators) needed to ensure the processes. Adoption of measurement and related effective operation and control of these processes; the performance indicators needed d) determine the resources needed for these process approach is to operate and control those processes and ensure their availability; now mandatory and processes? e) assign the responsibilities and authorities for will What resources are needed and these processes; be audited accordingly how are these made available? f) address the risks and opportunities as How are responsibilities and determined in accordance with the requirements of 6.1; authorities assigned for those g) evaluate these processes and implement any processes? changes needed to ensure that these processes How are risks and opportunities achieve their intended results; considered and what plans are h) improve the processes and the quality made to implement actions to management system. address them? 4.4.2 To the extent necessary, the organization What methods are used to shall: monitor, measure and evaluate a) maintain documented information to support processes and, if needed, what the operation of its processes; changes are made to achieve b) retain documented information to have intended results? confidence that the processes are being carried out How are opportunities to as planned. improve the processes and the QMS determined? CLAUSE 5
Show me how top management demonstrates leadership & commitment with respect to the Top management shall demonstrate leadership and QMS by taking accountability of commitment with respect to the quality the effectiveness of the QMS? management system by: How is the quality policy & a) taking accountability for the effectiveness of the objectives established for the quality management system; QMS and how they are b) ensuring that the quality policy and quality compatible with the strategic objectives are established for the quality direction & the organizational management system and are compatible with the context? context and strategic direction of the organization; How is the quality policy c) ensuring the integration of the quality communicated within the management system requirements into the organization? organizations business processes; Enhances 5.1, How this is understood and d) promoting the use of the process approach and Management applied? risk-based thinking; commitment, from How can the requirements of e) ensuring that the resources needed for the the 2008 Standard. The the QMS integrated into the quality management system are available; 2015 repositions business processes? f) communicating the importance of effective some requirements to How do you promote quality management and of conforming to the leadership, not awareness of the process quality management system requirements; management. The approach and how do you ensure g) ensuring that the quality management system emphasis has shifted that resources needed for the achieves its intended results; from QMS area available? h) engaging, directing and supporting persons to ensuring to engaging. How do you communicate the contribute to the effectiveness of the quality importance of effective quality management system; management and conforming to i) promoting improvement; the QMS requirements? j) supporting other relevant management roles to How do you ensure that the demonstrate their leadership as it applies to their QMS achieves its intended areas of responsibility. results? NOTE Reference to business in this International How to engage, direct and Standard can be interpreted broadly to mean those support people to contribute to activities that are core to the purposes of the the effectiveness of the QMS? organizations existence, whether the organization How do you promote continual is public, private, for profit or not for profit improvement and support other relevant management roles to demonstrate leadership in their 5.1.1 areas of responsibility?
How top management demonstrates leadership and commitment with respect to customer focus, ensuring Top management shall demonstrate leadership and statutory and regulatory Enhances 5.1, commitment with respect to customer focus by requirements are determined Management ensuring that: and met? commitment, from a) customer and applicable statutory and How can risks & opportunities the 2008 Standard. The regulatory requirements are determined, that can affect conformity of 2015 repositions understood and consistently met; products & services determined? some requirements to b) the risks and opportunities that can affect How can the ability to enhance leadership, not conformity of products and services and the ability customer satisfaction determined management. The to enhance customer satisfaction are determined and addressed? emphasis has shifted and addressed; How to maintain the focus on from c) the focus on enhancing customer satisfaction is consistently providing products ensuring to engaging. maintained and services that meet customer and applicable statutory and regulatory requirements? How can customer satisfaction 5.1.2 be maintained? How top management Enhanced establishes, reviews and Top management shall establish, implement and requirements from the maintains a quality policy? maintain a quality policy that: 2008 version: more How it is determined to be a) is appropriate to the purpose and context of the attention to be paid to appropriate for the purpose and organization and supports its strategic direction; the application of the context of the organization? b) provides a framework for setting quality policy across the If it provides a framework for objectives; organization. There is a setting and reviewing quality c) includes a commitment to satisfy applicable need for documented objectives? requirements; information, as If it contains any commitment d) includes a commitment to continual opposed to a to satisfy applicable improvement of the quality management system. documented requirements and for continual statement. 5.2.1 improvement of the QMS? Whether the quality policy is The quality policy shall: available as documented a) be available and be maintained as documented information? information; How can it be communicated? b) be communicated, understood and applied How can it be understood and within the organization; applied within the organization c) be available to relevant interested parties, as and how is it available to relevant appropriate. 5.2.2 interested parties?
How will top management ensure that the responsibilities and authorities for relevant roles Top management shall ensure that the are communicated, understood responsibilities and authorities for relevant roles and assigned within the are assigned, communicated and understood organization? within the organization. How does top management The role of the Top management shall assign the responsibility and assign the responsibility and Management authority for: authority for Representative has a) ensuring that the quality management system a)Ensuring that the QMS disappeared; however conforms to the requirements of this International conforms with the requirements the requirements of Standard; of the ISO9001:2015 the 2008 clause 5.5.2 b) ensuring that the processes are delivering their International standard still need to be met. intended outputs; b) Ensuring that processes are There is a new c) reporting on the performance of the quality delivering their intended requirement that management system and on opportunities for outputs? someone is tasked with improvement (see 10.1), in particular to top How will the performance of preserving the integrity management; the QMS, opportunities for of the QMS while it is d) ensuring the promotion of customer focus improvement and the needs for in the process of throughout the organization; change or innovation will be change. e) ensuring that the integrity of the quality reported to top management? management system is maintained when changes How will the customer focus be to the quality management system are planned and promoted within the implemented. organization? How will the integrity of the QMS maintained when changes 5.3 are planned and implemented? CLAUSE 6 How are the internal & external issues plus the interested parties considered while planning for the When planning for the quality management QMS? system, the organization shall consider the issues How can the risks and Organizations must referred to in 4.1 and the requirements referred to opportunities be determined and determine its context, in 4.2 and determine the risks and opportunities addressed so that the QMS can and the arising risks that need to be addressed to: a) achieve its intended results; and opportunities. a) give assurance that the quality management b) Prevent or reduce undesired Actions to address risk system can achieve its intended result(s); effects; must be proportional b) enhance desirable effects; c) Achieve continual to the potential impact. c) prevent, or reduce, undesired effects; improvement? d) achieve improvement Has the organization taken into consideration the issues referred in 4.1 and the requirements 6.1.1 referred to in 4.2?
Whether the organization has planned actions to address risks and opportunities? The organization shall plan: How are they integrated and a) actions to address these risks and opportunities; implemented into the QMS b) how to: processes? 1) integrates and implements the actions into its How to evaluate their quality management system processes (see 4.4); effectiveness? 2) evaluate the effectiveness of these actions. Whether the actions are taken Actions taken to address risks and opportunities to address risks and shall be proportionate to the potential impact on opportunities determined as the conformity of products and services. being appropriate to the potential impact on the conformity of products and 6.1.2 services? Whether the organization has quality objectives, relevant functions, levels and processes? The organization shall establish quality objectives at Are these consistent with the relevant functions, levels and processes needed for Extension of 2008 quality policy? the quality management system. The quality clauses, 5.4.1 and Whether they are measureable objectives shall: 5.4.2. Stronger and consider applicable a) be consistent with the quality policy; emphasis on the requirements? b) be measurable; importance of Whether they are relevant to c) take into account applicable requirements; objectives, which the products and services and d) be relevant to conformity of products and should be set for enhance customer satisfaction? services and to enhancement of customer processes. The Are they being monitored? satisfaction; organization must How? How often? e) be monitored; retain documented How will they be f) be communicated; information on quality communicated? g) be updated as appropriate. objectives. How can they be updated? The organization shall maintain documented Whether the documented information on the quality objectives information on the quality objectives is appropriate and 6.2.1 maintained? While planning how to achieve When planning how to achieve its quality quality objectives, whether the objectives, the organization shall determine: organization has determined: a) what will be done; a) What is to be done? b) what resources will be required; b) What resources will be used? c) who will be responsible; c) Who will be responsible? d) when it will be completed; d) When it will be completed? e) how the results will be evaluated. e) How will the results be 6.2.2 evaluated?
Whether the changes to the When the organization determines the need for An extension of the QMS are planned systematically? changes to the quality management system, the existing requirement: How to demonstrate the changes shall be carried out in a planned manner organizations must purpose and potential (see 4.4). The organization shall consider: identify the purpose consequences of these changes a) the purpose of the changes and their potential and likely and the integrity of the QMS? consequences; consequences of How resources will be made b) the integrity of the quality management system; change, and the available? c) the availability of resources; necessary resources How responsibility and d) the allocation or reallocation of responsibilities and responsibilities. accountability is allocated or and authorities. 6.3 reallocated? CLAUSE 7 The organization shall determine and provide the How resources are determined resources needed for the establishment, for the establishment, implementation, maintenance and continual implementation, maintenance Need to evidence improvement of the quality management system. and continual improvement of external as well as The organization shall consider: the QMS? internal resource a) the capabilities of, and constraints on, existing How will the capabilities and requirements. internal resources; constraints on internal resources b) what needs to be obtained from external and needs from external 7.1.1 providers. providers are to be considered? How has the organization The organization shall determine and provide the determined and provided the persons necessary for the effective implementation persons necessary for the No significant change of its quality management system and for the effective implementation of its operation and control of its processes. QMS and for the operation and 7.1.2 control of its processes?
The organization shall determine, provide and
maintain the infrastructure necessary for the How has the organization operation of its processes and to achieve determined, provided and Enhanced reference to conformity of products and services. maintained the infrastructure examples: hardware, NOTE Infrastructure can include: necessary for the operation of its software, a) buildings and associated utilities; processes and for achieving transportation b) equipment, including hardware and software; conformity of products and c) transportation resources; services? d) information and communication technology. 7.1.3
The organization shall determine, provide and More prescriptive than maintain the environment necessary for the before with a operation of its processes and to achieve requirement to conformity of products and services. determine, provide and How has the organization NOTE A suitable environment can be a combination maintain a suitable determined, provided, and of human and physical factors, such as: environment. There is a maintained the environment a) social (e.g. non-discriminatory, calm, non- note in the new clause necessary for the operation of its confrontational); that examples of processes and to achieve b) psychological (e.g. stress-reducing, burnout environment for the conformity of products and prevention, emotionally protective); operation of services? c) physical (e.g. temperature, heat, humidity, light, processes include airflow, hygiene, noise). social, psychological These factors can differ substantially depending on and environmental 7.1.4 the products and services provided. How has the organization determined and provided the resources needed to ensure valid and reliable results while monitoring and measuring is The organization shall determine and provide the used to verify the conformity of resources needed to ensure valid and reliable products and services to results when monitoring or measuring is used to Measuring requirements? verify the conformity of products and services to equipment becomes Whether the organization has requirements. The organization shall ensure that measuring ensured that the resources the resources provided: resource, provided: a) are suitable for the specific type of monitoring acknowledging that a) Are suitable for the specific and measurement activities being undertaken; professional type of monitoring and b) are maintained to ensure their continuing fitness judgment and human measurement activities being for their purpose. senses may also be a undertaken? The organization shall retain appropriate measuring resource, b) Are maintained to ensure their documented information as evidence of fitness for e.g. tea tasting. continuing fitness for their purpose of the monitoring and measurement purpose? resources. Whether the organization retained documented information as evidence of fitness for purpose of the monitoring and measurement 7.1.5.1 resources or not?
Whether the organization has ensured that if measurement traceability is a requirement for providing confidence in the validity of measurement results, that measuring equipment is: When measurement traceability is a requirement, a) Calibrated or verified, or both, or is considered by the organization to be an at specified intervals, or prior to essential part of providing confidence in the validity use, against measurement of measurement results, measuring equipment standards traceable to shall be: international or national a) calibrated or verified, or both, at specified measurement standards & when intervals, or prior to use, against measurement no such standards exist, the basis standards traceable to international or national used for calibration or measurement standards; when no such standards verification is retained as exist, the basis used for calibration or verification documented information? shall be retained as documented information; b) Identified in order to b) identified in order to determine their status; determine their status or not? c) safeguarded from adjustments, damage or c) Safeguarded from deterioration that would invalidate the calibration adjustments, damage or status and subsequent measurement results. deterioration that would The organization shall determine if the validity of invalidate the subsequent previous measurement results has been adversely measurement results? affected when measuring equipment is found to be How has the organization unfit for its intended purpose, and shall take determined if the validity of appropriate action as necessary. previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, &takes appropriate 7.1.5.2 action?
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. This knowledge shall be maintained and be made available to the extent necessary. When addressing How has the organization changing needs and trends, the organization shall determined necessary knowledge consider its current knowledge and determine how for the operation of processes? to acquire or access any necessary additional How to determine necessary Examples of such knowledge and required updates. knowledge required for achieving knowledge could be NOTE 1 Organizational knowledge is knowledge conformity of products and intellectual e.g. specific to the organization; it is gained by services? designer software and experience. It is information that is used and shared How will you maintain this external sources of to achieve the organizations objectives. knowledge and make it available knowledge e.g. NOTE 2 Organizational knowledge can be based on: to the extent necessary? academia or a) internal sources (e.g. intellectual property; How to consider current conferences knowledge gained from experience; lessons learned knowledge and how to acquire from failures and successful projects; capturing and additional knowledge when sharing undocumented knowledge and experience; addressing changing needs and the results of improvements in processes, products trends? and services); b) external sources (e.g. standards; academia; conferences; gathering knowledge from customers 7.1.6 or external providers). The organization shall: How do you determine the a) determine the necessary competence of necessary competence of people person(s) doing work under its control that affects doing work under your control the performance and effectiveness of the quality that affects quality performance? management system; How to determine competence The requirement has b) ensure that these persons are competent on the on the basis of appropriate been extended to basis of appropriate education, training, or education, training and include people experience; experience? performing work under c) where applicable, take actions to acquire the How to take actions for the organizations necessary competence, and evaluate the acquiring necessary competence control, i.e. outsourced effectiveness of the actions taken; where applicable and to evaluate resource such as d) retain appropriate documented information as the effectiveness of those agencies. evidence of competence. actions? NOTE Applicable actions can include, for example, Whether the appropriate the provision of training to, the mentoring of, or documented information as the reassignment of currently employed persons; evidence of competence is 7.2 or the hiring or contracting of competent persons. retained or not?
This is more expansive How are people in the The organization shall ensure that persons doing and now applies to all organization aware of the quality work under the organizations control are aware of: persons doing work policy and relevant quality a) the quality policy; under the objectives? b) relevant quality objectives; organizations control. What is their contribution to c) their contribution to the effectiveness of the People must be aware the effectiveness of the QMS? quality management system, including the benefits of policy, objectives, What will be the benefits of of improved performance; how they contribute improved performance? d) the implications of not conforming with the and the implications of What will be the implications of quality management system requirements not conforming to the not conforming to the QMS 7.3 QMS. requirements? This is now much more How has the organization The organization shall determine the internal and prescriptive and determined internal and external external communications relevant to the quality includes external communications relevant to the management system, including: communications. QMS? a) on what it will communicate; Organizations must How to determine: b) when to communicate; now determine what, What to communicate? c) with whom to communicate; when, with whom and When to communicate? d) how to communicate; how communications With Whom to communicate? e) who communicates. 7.4 should take place. How to communicate? The organizations quality management system The Documented shall include: information must be a) documented information required by this controlled but there is International Standard; no longer a Does the organization have the b) documented information determined by the requirement to have a documented information as organization as being necessary for the documented procedure required by this standard? effectiveness of the quality management system. for this process. Whether the documented NOTE The extent of documented information for a Requirements now information determined by the quality management system can differ from one extend to access and organization is necessary for the organization to another due to: the size of usage, recognizing that effectiveness of the quality organization and its type of activities, processes, electronic information management system? products and services; the complexity of can be accessed as processes and their interactions; the read-only, without competence of persons. authority to change. 7.5.1 When creating and updating documented Whether the documented information, the organization shall ensure information contains appropriate: identification, description and a) identification and description (e.g. a title, date, the appropriate format? author, or reference number); How the documented b) format (e.g. language, software version, information is reviewed and graphics) and media (e.g. paper, electronic); approved for suitability and c) review and approval for suitability and adequacy adequacy? 7.5.2
Documented information required by the quality management system and by this International How will the documented Standard shall be controlled to ensure: information be controlled? a) it is available and suitable for use, where and How to make it available and when it is needed; suitable for use? b) it is adequately protected (e.g. from loss of How to protect it? 7.5.3.1 confidentiality, improper use, or loss of integrity). For the control of documented information, the organization shall address the following activities, as applicable: When controlling documented a) distribution, access, retrieval and use; information, how to address b) storage and preservation, including preservation distribution, access, retrieval, of legibility; use, storage and preservation, c) control of changes (e.g. version control); legibility, control of changes, its d) retention and disposition. retention and disposition. Documented information of external origin How to identify appropriate determined by the organization to be necessary for and controlled documented the planning and operation of the quality information of external origin management system shall be identified as which is necessary for the QMS. appropriate, and be controlled. Documented information retained a evidence of conformity shall 7.5.3.2 be protected from unintended alterations. CLAUSE 8 The organization shall plan, implement and control How processes will meet the the processes needed to meet the requirements for requirements for provision of the provision of products and services, and to products and services planned, implement the actions determined in Clause 6 by: implemented and controlled? a) determining the requirements for the products How can the requirements for and services; products and services be b) establishing criteria for determined? 1) the processes; This is a reworking and What is criteria for processes 2) the acceptance of products and services; reorganizing the 2008 and acceptance for products and c) determining the resources needed to achieve Clause 7.1 services? conformity to the product and service requirements. The How can the resources be requirements; requirement to plan determined? d) implementing control of the processes in and develop processes How is control process accordance with the criteria; is not new, but has implemented? e) determining and keeping documented been extended to Determine the documented information to the extent necessary: include information that shows that the 1) to have confidence that the processes have implementation and processes have been carried out been carried out as planned; control. as planned and conforms 2) to demonstrate the conformity of products products and services to the and services to their requirements. requirements. NOTE Keeping implies both the maintaining and How can it be determined that the retaining of documented information. The the output from the planning output of this planning shall be suitable for the process is suitable for your organizations operations. The organization shall operations? 8.1 control planned changes and review the How to control planned
consequences of unintended changes, taking action changes? to mitigate any adverse effects, as necessary. The How to review the organization shall ensure that outsourced consequences of unintended processes are controlled changes? Action to be taken to mitigate any adverse effects? How to control outsourced processes? A subtle change in the supplier customer relationship: the organization has What is the process for Communication with customers shall include: already determined the communicating with customers? a) providing information relating to products and products and services it How to communicate services; intends to offer, information relating to products; b) handling enquiries, contracts or orders, including reflecting a more services; enquiries; contracts; changes; common business order handling; customer views, c) obtaining customer feedback relating to products environment for perceptions and complaints; and services, including customer complaints; certification customers. handling or treatment of d) handling or controlling customer property; Requirements should customer property; specific e) establishing specific requirements for include those from requirements for contingency contingency actions, when relevant. interested parties and actions? also include statutory and regulatory requirements relating 8.2.1 to the product. What is the process for determining the requirements for When determining the requirements for the products and services to be products and services to be offered to customers, offered to potential customers? the organization shall ensure that: How to establish, implement a) the requirements for the products and services and maintain this process? are defined, including: How to define product and 1) any applicable statutory and regulatory service requirements including requirements; statutory and regulatory 2) those considered necessary by the requirements? organization; How to ensure that we have b) the organization can meet the claims for the the ability to meet the defined products and services it offers. requirements and substantiate any claims for our products and 8.2.2 services?
How has the organization determined that it has the ability to meet the requirements for products and services offered to customers? If the organization has conducted a review before committing to supply products The organization shall ensure that it has the ability and services to a customer that to meet the requirements for products and services includes: to be offered to customers. The organization shall a) Requirements specified by the conduct a review before committing to supply customer, inclusive of products and services to a customer, to include: requirements for delivery and a) requirements specified by the customer, post delivery activities? including the requirements for delivery and post- b) Requirements not stated, but delivery activities; are necessary for the specified or b) requirements not stated by the customer, but intended use, when known? necessary for the specified or intended use, when c) Requirements specified by the known; organization? c) requirements specified by the organization; d) d) Statutory and regulatory statutory and regulatory requirements applicable requirements applicable to the to the products and services; products and services? e) contract or order requirements differing from e) Contract or order those previously expressed. T requirements different from he organization shall ensure that contract or order those previously expressed? requirements differing from those previously Whether the organization defined are resolved. The customers requirements ensured that contract or order shall be confirmed by the organization before requirements differing from acceptance, when the customer does not provide a those previously defined are documented statement of their requirements. resolved or not? How has the organization ensured that customer requirements are confirmed by the organization before acceptance, if the customer does not provide a documented 8.2.3.1 statement of their requirements? Whether the organization has The organization shall retain documented retained documented information, as applicable: information as applicable: a) on the results of the review; a) On the reviews results? b) on any new requirements for the products and b) On any new requirement for services. the products and services? 8.2.3.2 The organization shall ensure that relevant How has the organization documented information is amended, and that ensured that relevant relevant persons are made aware of the changed documented information is requirements, when the requirements for products amended, and that relevant 8.2.4 and services are changed. persons are made aware of it.
This new clause mandates the How to establish, implement The organization shall establish, implement and introduction of a and maintain a design and maintain a design and development process that is design and development process to ensure appropriate to ensure the subsequent provision of development process subsequent provision of products products and services. where this activity is and services. 8.3.1 required In determining the stages and controls for design and development, the organization shall consider: a) the nature, duration and complexity of the While determining the stages design and development activities; and control for design and b) the required process stages, including applicable development, how to consider design and development reviews; the nature, duration and c) the required design and development verification complexity of the activities; and validation activities; requirements that specify d) the responsibilities and authorities involved in particular process stages the design and development process; Builds on existing 2008 including applicable reviews; e) the internal and external resource needs for the clauses 7.3.1- 7.3.6. required verification and design and development of products and services; Design and validation; responsibilities and f) the need to control interfaces between persons development needs to authorities? involved in the design and development process; be approached as a How are interfaces controlled g) the need for involvement of customers and users process. between individuals and parties? in the design and development process; What is the need for h) the requirements for subsequent provision of involvement of customer and products and services; user groups? i) the level of control expected for the design and Has the documented development process by customers and other information that confirms design relevant interested parties; and development requirements j) the documented information needed to have been met, are maintained. demonstrate that design and development 8.3.2 requirements have been met.
How do you determine requirements essential for the type of products and services being designed and developed, including: The organization shall determine the requirements Functional & performance essential for the specific types of products and requirements; services to be designed and developed. The Statutory and regulatory organization shall consider: requirements; a) functional and performance requirements; Information from previous similar b) information derived from previous similar design development and designed and development activities; Builds on existing 2008 activities; c) statutory and regulatory requirements; clauses 7.3.1- 7.3.6. Standards or codes of practice d) standards or codes of practice that the Design and which the organization is a organization has committed to implement; development needs to committed to implement; e) potential consequences of failure due to the be approached as a Potential consequences of nature of the products and services. process. failure; Inputs shall be adequate for design and Whether the inputs are development purposes, complete and adequate for design and unambiguous. Conflicting design and development development purposes, complete inputs shall be resolved. The organization shall and unambiguous? retain documented information on design and Whether the organization has development inputs. resolved conflicting design and development inputs? If the documented information on design and development 8.3.3 inputs has been retained? How will the controls that are applied to the design and The organization shall apply controls to the design development process ensure that and development process to ensure that: the results achieved by design a) the results to be achieved are defined; and development activities are b) reviews are conducted to evaluate the ability of clearly defined? the results of design and development to meet Whether the design and requirements; development reviews are c) verification activities are conducted to ensure Builds on existing 2008 conducted as planned? that the design and development outputs meet the clauses 7.3.1- 7.3.6. If the outputs meet the input input requirements; Design and requirements by verifying that d) validation activities are conducted to ensure that development needs to the resulting products and the resulting products and services meet the be approached as a services are capable of meeting requirements for the specified application or process. the requirements for the intended use; specified application or intended e) any necessary actions are taken on problems use? determined during the reviews, or verification and Whether any necessary action validation activities; has been taken on problems f) documented information of these activities is determined during the reviews, retained or verification and validation activities? 8.3.4 Whether the documented
information of the activities is retained? How to ensure whether the design and development outputs meet the input requirements for design and development or not? The organization shall ensure that design and If they are adequate for the development outputs: subsequent processes for the a) meet the input requirements; provision of products and b) are adequate for the subsequent processes for services? Builds on existing 2008 the provision of products and services; Whether they include or refer clauses 7.3.1- 7.3.6. c) include or reference monitoring and measuring monitoring and measuring Design and requirements, as appropriate, and acceptance requirements, and acceptance development needs to criteria; criteria, as applicable? be approached as a d) specify the characteristics of the products and How do they ensure that the process. services that are essential for their intended products to be produced, or purpose and their safe and proper provision. services to be provided, are fit for The organization shall retain documented intended purpose and are safe information on design and development outputs. and proper for use? Whether the documented information which results from the design and development 8.3.5 process is maintained? How to review, control and identify changes made in the design inputs and outputs during The organization shall identify, review and control design and development of changes made during, or subsequent to, the design products and services, ensuring and development of products and services, to the there is no impact on conformity Builds on existing 2008 extent necessary to ensure that there is no adverse to requirements? clauses 7.3.1- 7.3.6. impact on conformity to requirements. The How does the organization Design and organization shall retain documented information retain documented information development needs to on: on: be approached as a a) design and development changes; a) The design and development process. b) the results of reviews; changes? c) the authorization of the changes; b) The results of reviews? d) the actions taken to prevent adverse impacts. c) The authorization of the changes? d) The actions taken to prevent 8.3.6 adverse impacts?
How to ensure that externally provided processes, products and services conform to specified requirements? How to apply specified requirements for the control of The organization shall ensure that externally externally provided products and provided processes, products and services conform services when: to requirements. The organization shall determine Products and services are the controls to be applied to externally provided provided by external providers processes, products and services when: Enhanced emphasis on for incorporation in your a) products and services from external providers external providers and products and services; are intended for incorporation into the the extent of Products and services are organizations own products and services; employment of provided directly to customers by b) products and services are provided directly to contractors in current external providers on your the customer(s) by external providers on behalf of commercial practice. behalf; the organization; Extent of controls A process or part-process is c) a process, or part of a process, is provided by an needs to take account provided by an external provider external provider as a result of a decision by the of the potential impact as a result of the decision to organization. on the organizations outsource a process or function. The organization shall determine and apply criteria ability to consistently How to establish and apply for the evaluation, selection, monitoring of meet requirements. criteria for evaluation, selection, performance, and reevaluation of external Risk assessment will be monitoring of performance and providers, based on their ability to provide applicable here re-evaluation of external processes or products and services in accordance providers. with requirements. The organization shall retain How to assess their ability to documented information of these activities and any provide processes or products necessary actions arising from the evaluations and services in accordance with requirements specified? If the documented information of the results of evaluations, monitoring of performance and reevaluations of external 8.4.1 providers is maintained?
How to determine whether the controls applied to the external provision of processes, products and services, take into consideration: The organization shall ensure that externally a) The potential impact of the provided processes, products and services do not externally provided processes, adversely affect the organizations ability to products and services on the consistently deliver conforming products and ability to continuously meet services to its customers. The organization shall: customer and applicable a) ensure that externally provided processes statutory and regulatory remain within the control of its quality requirements? management system; b) The perceived effectiveness of b) define both the controls that it intends to apply the controls applied by the to an external provider and those it intends to external provider? apply to the resulting output; What verification or other c) take into consideration: activities have to be done to 1) the potential impact of the externally provided ensure externally provided processes, products and services on the processes, products and services organizations ability to consistently meet customer do not adversely affect your and applicable statutory and regulatory ability to deliver conforming requirements; products and services to your 2) the effectiveness of the controls applied by the customers? external provider; d) determine the verification, or How does the organization: other activities, necessary to ensure that the a) Ensure that externally externally provided processes, products and provided processes remain within services meet requirements. the control of its QMS? b) Ensure if it has defined both the controls it intends to apply to an external provider and those it intends to apply to the resulting 8.4.2 output? The organization shall ensure the adequacy of How to communicate to requirements prior to their communication to the external providers, the applicable external provider. The organization shall requirements for products and communicate to external providers its services to be provided or the requirements for: processes to be performed on a) the processes, products and services to be behalf of the organization? provided; How to communicate approval b) the approval of: or release of products and 1) products and services; services, methods, processes or 2) methods, processes and equipment; equipment; competence of 3) the release of products and services; personnel, including necessary c) competence, including any required qualification qualification; their interactions of persons; with the organization's QMS? d) the external providers interactions with the How to control and monitor the organization; external providers performance; e) control and monitoring of the external providers verification activities that the 8.4.3 performance to be applied by the organization; organization, or its customer,
f) verification or validation activities that the intends to perform at the organization, or its customer, intends to perform at external providers premises? the external providers premises. How to ensure the adequacy of specified requirements? What are the controlled conditions for production and service provision, including delivery and post-delivery activities? The organization shall implement production and What are the controlled service provision under controlled conditions. conditions for: Controlled conditions shall include, as applicable: a) Documented information a) the availability of documented information that defining the characteristics of the defines: products and services? 1) the characteristics of the products to be b) Documented information produced, the services to be provided, or the defining the activities to be activities to be performed; performed and the results to be 2) the results to be achieved; achieved? b) the availability and use of suitable monitoring c) Monitoring and measuring and measuring resources; activities at appropriate stages to c) the implementation of monitoring and ensure that criteria for control of measurement activities at appropriate stages to processes and process outputs, verify that criteria for control of processes or and acceptance criteria for outputs, and acceptance criteria for products and No significant changes. products and services, have been services, have been met; met? d) the use of suitable infrastructure and d) Use and control of suitable environment for the operation of processes; infrastructure and process e) the appointment of competent persons, environment? including any required qualification; e) The availability and use of f) the validation, and periodic revalidation, of the monitoring and measuring ability to achieve planned results of the processes resources? for production and service provision, where the f) The competence and required resulting output cannot be verified by subsequent qualification of persons? monitoring or measurement; g) Validation and periodic g) the implementation of actions to prevent human revalidation, of the ability to error; achieve planned results where h) the implementation of release, delivery and the resulting output cannot be post-delivery activities. verified by subsequent monitoring or measurement? h) The implementation of products and services release, delivery and post-delivery 8.5.1 activities?
The organization shall use suitable means to How to identify process outputs identify outputs when it is necessary to ensure the for ensuring conformity of conformity of products and services. products and services? The organization shall identify the status of outputs How to identify the status of with respect to monitoring and measurement process outputs? requirements throughout production and service How has the organization provision. controlled the unique The organization shall control the unique identification of process outputs, identification of the outputs when traceability is a where applicable? requirement, and shall retain the documented What documented information 8.5.2 information necessary to enable traceability is to be retained? The organization shall exercise care with property belonging to customers or external providers while How has the organization cared it is under the organizations control or being used for customer or external by the organization. providers property while under The organization shall identify, verify, protect and its control? safeguard customers or external providers How to identify, verify, protect property provided for use or incorporation into the and safeguard that property? products and services. How to report to the customer When the property of a customer or external or external provider if their provider is lost, damaged or otherwise found to be property is incorrectly used, lost, unsuitable for use, the organization shall report this damaged or found to be to the customer or external provider and retain unsuitable for use? 8.5.3 documented information on what has occurred. The organization shall preserve the outputs during production and service provision, to the extent How preservation of process necessary to ensure conformity to requirements. outputs during production and NOTE Preservation can include identification, service provision to maintain handling, contamination control, packaging, conformity to product storage, transmission or transportation, and requirements is maintained? 8.5.4 protection. The organization shall meet requirements for post- delivery activities associated with the products and How to fulfill requirements for services. In determining the extent of post-delivery post delivery activities related activities that are required, the organization shall with products and services? consider: How to determine risk; nature, a) statutory and regulatory requirements; use and intended lifetime; b) the potential undesired consequences associated customer feedback; statutory with its products and services; and regulatory requirements, c) the nature, use and intended lifetime of its while determining the extent of products and services; post delivery activities? d) customer requirements; 8.5.5 e) customer feedback The organization shall review and control changes How are unplanned changes for production or service provision, to the extent reviewed and controlled to necessary to ensure continuing conformity with ensure continuous conformity requirements. with specified requirements? The organization shall retain documented Has the organization retained 8.5.6 information describing the results of the review of documented information
changes, the person(s) authorizing the change, and showing the results of reviews of any necessary actions arising from the review. changes, the personnel authorizing change and any necessary actions? How has the planned The organization shall implement planned arrangement been implemented arrangements, at appropriate stages, to verify that at appropriate stages to verify the product and service requirements have been product and service met. requirements have been met? The release of products and services to the What evidence has been customer shall not proceed until the planned retained? arrangements have been satisfactorily completed, No substantive change How is the release of products unless otherwise approved by a relevant authority needed. Note and services held until planned and, as applicable, by the customer. refreshed terminology arrangements for verification of The organization shall retain documented referring to services in conformity have been information on the release of products and addition to product. satisfactorily completed, unless services. The documented information shall approved by a relevant authority, include: or the customer if applicable? a) evidence of conformity with the acceptance Whether the documented criteria; information which shows b) traceability to the person(s) authorizing the traceability to the person release. authorizing release of products 8.6 and services is maintained? How has the organization ensured that outputs that do not conform to their requirements The organization shall ensure that outputs that do are identified and controlled? not conform to their requirements are identified Whether the organization has and controlled to prevent their unintended use or taken appropriate action on delivery. outputs based on the nature of The organization shall take appropriate action the nonconformity and its effect Some minor changes; based on the nature of the nonconformity and its on the conformity of products There is no longer a effect on the conformity of products and services. and services? requirement for a This shall also apply to nonconforming products How has the organization documented and services detected after delivery of products, applied action on nonconforming procedure, but there is during or after the provision of services. products and services, detected a requirement to The organization shall deal with nonconforming after the delivery of products and maintain documented outputs in one or more of the following ways: during or after the provision of information on actions a) correction; services? taken, including b) segregation, containment, return or suspension Whether the organization has concessions and of provision of products and services; used one or more of the authorizations. c) informing the customer; following ways to deal with d) obtaining authorization for acceptance under nonconforming outputs concession. a) Correction? Conformity to the requirements shall be verified b) Segregation, containment, when nonconforming outputs are corrected. return or suspension or provision of products and services? c) Information to the customer? 8.7.1 d) Authorization for acceptance
under concession? Whether the organization has The organization shall retain documented retained documented information that: information describing: a) describes the nonconformity; a) The nonconformity? b) describes the actions taken; b) The actions taken? c) describes any concessions obtained; c) Any concessions obtained? d) identifies the authority deciding the action in d) Identification of the authority respect of the nonconformity. deciding the action in respect of 8.7.2 the nonconformity? CLAUSE 9 How to determine: What needs to be monitored and An enhanced emphasis measured? on evaluation of What are the methods for The organization shall determine: results, in addition to monitoring, measuring, analyzing a) what needs to be monitored and measured; measurement and and evaluating? b) the methods for monitoring, measurement, analysis. Monitoring When monitoring and measuring analysis and evaluation needed to ensure valid should be based on are to be performed? results; risk. Customer When are the results to be c) when the monitoring and measuring shall be perception now analyzed and evaluated? performed; d) when the results from monitoring includes soliciting Is there a documented and measurement shall be analyzed and evaluated. perceptions about the information showing that The organization shall evaluate the performance organization and its monitoring and measurement and the effectiveness of the quality management products and services. activities have been implemented system. The organization shall retain appropriate Preventive action and in accordance with determined documented information as evidence of the results. statistical techniques requirements? are no longer How to evaluate the quality referenced. performance and the 9.1.1 effectiveness of the QMS? The organization shall monitor customers How to monitor customer perceptions of the degree to which their needs and perception of the degree to expectations have been fulfilled. The organization which requirements have been shall determine the methods for obtaining, met? monitoring and reviewing this information. How can the information be NOTE Examples of monitoring customer obtained relating to customer perceptions can include customer surveys, views and opinions of your customer feedback on delivered products and products and services? services, meetings with customers, market-share What are the methods for analysis, compliments, warranty claims and dealer obtaining and using this 9.1.2 reports. information?
How does the organization analyze and evaluate data and information arising from monitoring, measurement and other sources? How the output of analysis and The organization shall analyze and evaluate evaluation is used to: appropriate data and information arising from Demonstrate conformity of monitoring and measurement. The results of products and services to analysis shall be used to evaluate: requirements? a) Conformity of products and services; Assess and enhance customer b) The degree of customer satisfaction; satisfaction? Ensure conformity c) The performance and effectiveness of the quality and effectiveness of the QMS? management system; Demonstrate that planning has d) If planning has been implemented effectively; been successfully implemented? e) The effectiveness of actions taken to address Assess the process performance? risks and opportunities; Assess the performance of f) The performance of external providers; external providers? g) The need for improvements to the quality Determine the need or management system. opportunities for improvements in the QMS? Where are the results of analysis and evaluation used to provide inputs to management 9.1.3 review? Whether the internal audits are being conducted at planned The organization shall conduct internal audits at intervals? planned intervals to provide information on There is no longer a Whether they determine if the whether the quality management system: need for a documented QMS conforms to the a) conforms to: procedure. Internal requirements of ISO 9001:2015 1) the organizations own requirements for its audit programme shall standard and to the other quality management system; take into consideration requirements established by 2) the requirements of this International changes to the Organization or not? Standard; organizations. How do they determine if the b) is effectively implemented and maintained. QMS is effectively implemented 9.2.1 and maintained or not?
Whether the audit programme(s) take into consideration the quality The organization shall: objectives, importance of the a) plan, establish, implement and maintain an audit processes, customer feedback, programme(s) including the frequency, methods, changes impacting the responsibilities, planning requirements and organization and the results of reporting, which shall take into consideration the previous audits? importance of the processes concerned, changes What is the audit criteria and affecting the organization, and the results of scope for each audit? previous audits; Is selection of auditors and the b) Define the audit criteria and scope for each conduct of audits are objective audit; and impartial? c) Select auditors and conduct audits to ensure Do they audit their own work? objectivity and the impartiality of the audit process; How are results reported to d) Ensure that the results of the audits are reported management? to relevant management; Whether all necessary e) Take appropriate correction and corrective corrections and corrective actions without undue delay; actions are taken without any f) Retain documented information as evidence of delay? the implementation of the audit program and the Whether the documented audit results. information of the audit program and the audit results is 9.2.2 maintained? With what frequency the top management reviews the organization's QMS? How can the QMS be deemed suitable, adequate and effective? What types of information are reviewed in management reviews? Overall purpose Do these include actions; status remains the same; of previous reviews; changes to however inputs should Top management shall review the organizations internal and external issues; now include strategic quality management system, at planned intervals, relevant to the QMS; issues that items relating to to ensure its continuing suitability, adequacy, affect strategy; KPIs for context, risk and effectiveness and alignment with the strategic nonconformities and corrective opportunities. Trends direction of the organization. actions; monitoring and and indicators should measurement of results; audit be used to monitor results; customer satisfaction; quality performance. issues concerning external providers; issues concerning other relevant parties; adequacy of resources and effectiveness of QMS; process performance; conformity of products and services; actions taken to address 9.3.1 risks and opportunities and their
effectiveness; new potential opportunities for continual improvement. Do the management reviews include decisions and actions relating to: Continuous improvement opportunities? The need for changes in the QMS, including resource needs? What documented information does the organization has as evidence of management reviews? The management review shall be planned and Whether the organization has carried out taking into consideration: planned and carried out taking a) the status of actions from previous management into consideration: reviews; a) The status of actions from b) changes in external and internal issues that are previous reviews? relevant to the quality management system; b) Change in external and c) information on the performance and internal issues that are relevant effectiveness of the quality management system, to the QMS? including trends in: c) Information on the 1) customer satisfaction and feedback from effectiveness and performance of relevant interested parties; the QMS which includes trends 2) the extent to which quality objectives have in: been met; 1. Customer satisfaction and 3) process performance and conformity of feedback from interested products and services; parties? 4) nonconformities and corrective actions; 2. Extent to which quality 5) monitoring and measurement results; objectives have been met? 6) audit results; 3. Process performance and 7) the performance of external providers; conformity of products and d) the adequacy of resources; services? e) the effectiveness of actions taken to address 4. Nonconformities and risks and opportunities for improvement. corrective actions? 5. Monitoring and measuring results? 6. Results of Audit? 7. Performance of external providers? d) The adequacy of resources? e) Effectiveness of actions taken to address risks and opportunities? f) Opportunities for 9.3.2 improvement?
Whether the organization has ensured that the outputs of the management review includes Opportunities for improvement; decisions and actions related to: b) Any need for changes to the quality a) Opportunities for management system; improvement? c) Resource needs. b) Need for changes to the QMS? The organization shall retain documented c) Resource needs? information as evidence of the results of Whether the organization is management reviews. retaining documented information as evidence of the results of the management 9.3.3 reviews? CLAUSE 10 How to determine and select opportunities for improvement? The organization shall determine and select What necessary actions have opportunities for improvement and implement any been implemented to meet necessary actions to meet customer requirements customer requirements and and enhance customer satisfaction. These shall enhanced customer satisfaction? include: The requirement for a How to: a) Improving products and services to meet documented Improve processes to prevent requirements as well as to address future needs preventive action nonconformities? and expectations; procedure has gone. Improve products and services to b) Correcting, preventing or reducing undesired meet known and predicted effects; requirements? c) Improving the performance and effectiveness of Correct, prevent or reduce the quality management system undesired effects? 10.1 Improve QMS results?
When corrective action In case of non conformities, has been completed, how do you; When nonconformity occurs, including any arising the organization can React? from complaints, the organization shall: move on to consider Take action to control and a) React to the nonconformity and, as applicable: whether any further correct it? 1) Take action to control and correct it; action is required to Deal with the consequences? 2) deal with the consequences; prevent a similar Does the organization evaluate b) Evaluate the need for action to eliminate the nonconformity the need for action to eliminate cause(s) of the nonconformity, in order that it does occurring in future. the cause so that it does not not recur or occur elsewhere, by: This requires the reoccur or occur elsewhere by: 1) Reviewing and analyzing the nonconformity; organization to Reviewing the nonconformity? 2) Determining the causes of the nonconformity; determine what caused Determining the cause of the 3) Determining if similar nonconformities exist, or the nonconformities nonconformity? could potentially occur; and then to consider Determining if similar c) Implement any action needed; whether the potential nonconformities exist or could d) Review the effectiveness of any corrective action for a similar problem potentially occur? taken; remains. The Actions needed are e) Update risks and opportunities determined organization is then implemented? during planning, if necessary; required to implement Review the effectiveness of f) Make changes to the quality management any actions identified corrective actions taken, if any? system, if necessary. as needed, review their Make necessary changes to the Corrective actions shall be appropriate to the effectiveness and make QMS? effects of the nonconformities encountered. changes to the quality How corrective actions are management system if appropriate to the effects of the 10.2.1 necessary. nonconformities encountered? What documented information The organization shall retain documented is there as evidence of: information as evidence of: The nature of the a) The nature of the nonconformities and any nonconformities and subsequent subsequent actions taken; actions taken? b) The results of any corrective action. The results of any corrective 10.2.2 action? How do you continually Organizations will now improve the suitability, adequacy need to demonstrate and effectiveness of the QMS? that they are using the How are outputs of analysis outputs from their The organization shall continually improve the and evaluation, and the outputs analysis and evaluation suitability, adequacy and effectiveness of the from management reviews are processes to identify quality management system. considered to confirm, if there areas of The organization shall consider the results of are areas of underperformance underperformance and analysis and evaluation, and the outputs from or opportunities that shall be opportunities for management review, to determine if there are addressed as part of continual improvement. needs or opportunities that shall be addressed as improvement? Appropriate tools and part of continual improvement. Which applicable tools and methodologies should methodologies for investigation be employed by the of causes of underperformance organization to support and for supporting continual this activity. 10.3 improvement are used?