Why implement ISO 9001:2015The standard can help you to reduce
waste in terms of your procedures, can reduce the amount of
paperwork by streamlining your systems.Improve the efficiency and
productivity of the business.Demonstrate to customers that you are
committed to Quality and able to meet their requirements.Help to
secure new business and build on current relationships.Help to push
the business along and seek new improvements, develop and growCan
give you the competitive edge when quoting and marketing.
What is involved in implementing the ISO 9001 Standard?Identify
the requirements of ISO 9001 and how they apply to your
businessEstablish quality objectives and how they fit in to the
businessProduce a documented quality policy and
proceduresCommunicate them throughout the businessOnce developed,
perform internal audits to ensure the systems and procedures are
being adhered to.Perform management review meetings to review the
business performance and set new targets and action points
What is the Certification Process?Introduce procedures in line
with the ISO 9001 standardContact a UKAS Accredited Certification
Body who will independently audit your systems and approve you to
the ISO 9001:2008 Standard.Receive your Certificate and Logos and
present to your customers to demonstrate your commitment to
quality.Receive annual audits to ensure that your system remains
compliant.What is the Certification Process
ISO 9000 Work ProgrammeGap Analysis (where you are now?)Draft
Quality Manual and Procedures (where you need to be)Staff Awareness
trainingReview and Amend Manual and ProceduresVerify &
implement ProceduresCompile the Audit SchedulePerform Internal
Audits and Management Review
Audit
An audit is a systematic evidence gathering process. Audits must
beindependent and evidence must be evaluated objectively to
determine how well audit criteria are being met. There are three
types of audits: first-party, second-party, and third-party.
First-party audits are internalaudits while second and third party
audits are external audits.
Organizations use first party audits to audit themselves. First
party audits are used to provide input for management review and
for otherinternal purposes. They're also used to declare that an
organization meets specified requirements (this is called a
self-declaration).
Second party audits are external audits. Theyre usually done
bycustomers or by others on their behalf. However, they can also be
done by regulators or any other external party that has an interest
in an organization. Third party audits are external audits as well.
However, theyre performed by independent organizations such as
registrars (certification bodies) or regulators.
ISO also distinguishes between combined audits and joint audits.
When two or more management systems of different disciplines are
audited together at the same time, it's called a combined audit;
and when two or more auditing organizations cooperate to audit a
single auditee organization it's called a joint audit.
Audit criteria
Audit criteria are used as a reference point and include
policies,requirements, and other forms of documented information.
They arecompared against audit evidence to determine how well they
are being met. Audit evidence is used to determine how well
policies are beingimplemented and how well requirements are being
followed.
Audit evidence
Audit evidence includes records, factual statements, and other
verifiableinformation that is related to the audit criteria being
used. Audit criteriainclude policies, requirements, and other
documented information.
Audit findings
Audit findings result from a process that evaluates audit
evidence and compares it against audit criteria. Audit findings can
show that audit criteria are being met (conformity) or that they
are not being met (nonconformity). They can also identify best
practices or improvement opportunities.
Audit program
An audit program (or programme) refers to a set of one or more
audits that are planned and carried out within a specific time
frame and are intended to achieve a specific audit purpose.
Characteristic
A characteristic is a distinctive feature or property of
something.Characteristics can be inherent or assigned and can be
qualitative or quantitative. An inherent characteristic exists in
something or is a permanent feature of something while an assigned
characteristic is a feature that is attributed or attached to
something.
Competence
Competence means being able to apply knowledge and skill to
achieve intended results. Being competent means having the
knowledge and skill that you need and knowing how to apply it.
Being competent means that youre qualified to do the job.
Complaint
In the context of ISO 9001, a complaint refers to an expression
ofdissatisfaction with a product or service and is filed by a
customer and received by an organization. Whenever a customer
lodges a complaint, a response is either explicitly or implicitly
required.
Concession
A concession is a special approval that is granted to release
anonconforming product or service for use or delivery. Concessions
are usually restricted to a specific use and limited by time and
quantity and tend to specify that nonconforming characteristics may
not violatespecified limits.
Conformity
Conformity is the "fulfillment of a requirement". To conform
means to meet or comply with requirements and a requirement is a
need,expectation, or obligation. There are many types of
requirements including customer requirements, quality requirements,
qualitymanagement requirements, management requirements,
productrequirements, service requirements, contractual
requirements, statutory requirements, and regulatory
requirements.
Context of the organization
An organizations context is its business environment. It
includes all of the internal and external factors and conditions
that affect itsproducts and services, have an influence on its QMS,
and are relevant to its purpose and strategic direction.
An organizations external context includes all of the needs
andexpectations of interested parties, as well as its social,
cultural, legal, technological, regulatory, and competitive
environment. An organizations internal context includes its values,
culture, knowledge, and performance.
ISO 9001 2015 expects you to consider your organizations
internal and external context when you define the scope of its QMS
and when you plan it's design and development.
Continual improvement
Continual improvement is a set of recurring activities that are
carried out in order to enhance performance. Continual improvements
can beachieved by carrying out audits, self-assessments, and
managementreviews. Continual improvements can also be realized by
collecting data, analyzing information, setting objectives, and
implementingcorrective and preventive actions.
Contract
A contract is a binding agreement between two or more
parties.
Correction
A correction is any action that is taken to eliminate a
nonconformity.However, corrections do not address root causes. When
applied toproducts, corrections can include reworking products,
reprocessing them, regrading them, assigning them to a different
use, or simplydestroying them.
Corrective action
Corrective actions are steps that are taken to eliminatethe
causes of existing nonconformities in order to preventrecurrence.
The corrective action process tries to make sure that existing
nonconformities and potentiallyundesirable situations dont happen
again.
Customer
A customer is anyone who receives products or services (outputs)
from a supplier. Customers can be either people or organizations
and can be either external or internal to the supplier
organization. Examples of customers include clients, consumers,
users, guests, patients, purchasers, and beneficiaries.
Customer satisfaction
Customer satisfaction is a perception. It's also a question of
degree. It can vary from high satisfaction to low satisfaction. If
customersbelieve that you've met their requirements, they
experience highsatisfaction. If they believe that you've not met
their requirements, they experience low satisfaction.
Since satisfaction is a perception, customers may not be
satisfied even though youve met all contractual requirements. Just
because you havent received any complaints doesnt mean that
customers are satisfied.
There are many ways to monitor and measure customer
satisfaction. You can use customer satisfaction and opinion
surveys; you can collect product quality data (post delivery),
track warranty claims, examine dealer reports, study customer
compliments and criticisms, and analyze lost business
opportunities.
Data
The term data is defined as any facts about an object.
Defect
A defect is a type of nonconformity. It occurs when a product or
service fails to meet specified or intended use requirements.
Design and development
Design and development is a process (or a set of processes) that
usesresources to transform general input requirements for an object
intospecific output requirements.
An object is any entity that is either conceivable or
perceivable. Objects can be real or imaginary and could be material
or immaterial. Examplesinclude products, services, systems,
organizations, people, practices,procedures, processes, plans,
ideas, documents, records, methods, tools, machines, technologies,
techniques, and resources.
Determination
To determine means to find or to identify the value of a
characteristic.
Documented information
The term documented information refers to information that must
be controlled and maintained and its supporting medium. Documented
information can be in any format and on any mediumand can come from
any source.
Documented information includes information about the
managementsystem and related processes. It also includes all the
information thatorganizations need to operate and all the
information that they useto document the results that they achieve
(aka records).
Effectiveness
Effectiveness refers to the degree to which a planned effect is
achieved.Planned activities are effective if these activities are
actually carried out and planned results are effective if these
results are actually achieved.
Feedback
The term feedback is used to refer to a comment or an opinion
expressed about a product or service or an interest expressed in a
product or a service. It may also be used to refer to the customer
complaints-handling process itself.
Function
A function is a role that is performed by a unit of an
organization.
Improvement
Improvement is a set of activities that organizations carry out
in order to enhance performance (get better results). Improvement
can be achieved by means of a single activity or by means of a
recurring set of activities.
Information
Information is meaningful data. While it's not entirely clear
what the word meaningful is supposed to mean in this context,
dictionaries tend to say that something is meaningful if it is
significant, relevant, material, valid, or important.
Information system
In the context of this ISO 9001 standard, an information system
is a network of communication channels used within an
organization.
Infrastructure
The term infrastructure refers to the entire system of
facilities, equipment, and support services that organizations need
in order to function. According to ISO 9001, section 7.1.3, the
term infrastructure can include buildings, equipment, utilities,
and technologies (both hardware and software).
Innovation
Innovation is a process that results in a new or substantially
changedobject. An object is any entity that is either conceivable
or perceivable.Objects can be real or imaginary and could be
material or immaterial.Examples include products, services,
systems, organizations, people,practices, procedures, processes,
plans, ideas, documents, records,methods, machines, tools,
technologies, techniques, and resources.
Interested party
An interested party is anyone who can affect, be affected by, or
believe that they are affected by a decision or activity. An
interested party is a person, group, or organization that has an
interest or a stake in a decision or activity.
Involvement
Involvement occurs when people share objectives and are actively
engaged in and contribute to their achievement.
Knowledge
Knowledge is a collection of information and a justified belief
that this information is true with a high level of certainty.
Management
The term management refers to all the activities that are used
to coordinate, direct, and control organizations. These activities
includedeveloping policies, setting objectives, and establishing
processes to achieve these objectives. In this context, the term
management does not refer to people. It refers to what managers
do.
Management system
A management system is a set of interrelated or interacting
elements that organizations use to formulate policies and
objectives and to establish the processes that are needed to ensure
that policies arefollowed and objectives are achieved. These
elements include structures, programs, procedures, practices,
plans, rules, roles,responsibilities, relationships, contracts,
agreements, documents, records, methods, tools, techniques,
technologies, and resources.
There are many types of management systems. Some of these
includequality management systems, environmental management
systems, financial management systems, information security
management systems, business continuity management systems,
emergency management systems, disaster management systems, food
safetymanagement systems, risk management systems, and occupational
health and safety management systems.
The scope or focus of a management system could be restricted to
a specific function or section of an organization or it could
include the entire organization. It could even include a function
that cuts across several organizations.
Measurement
Measurement is a process that is used to determine a value. In
most cases this value will be a quantity.
Measuring equipment
Measuring equipment includes all the things needed to carry out
a measurement process. Accordingly, measuring equipment includes
instruments and apparatuses as well as all the associatedsoftware,
standards, and reference materials.
Monitoring
To monitor means to determine the status of an activity,
process, or system at different stages or at different times. In
order to determinestatus, you need to supervise and to continually
check and criticallyobserve the activity, process, or system that
is being monitored.
Nonconformity
Nonconformity is a nonfulfillment or failure to meet a
requirement. A requirement is a need, expectation, or obligation.
It can be stated or implied by an organization or interested
parties.
Object
An object is any entity that is either conceivable or
perceivable. Objects can be real or imaginary and could be material
or immaterial.Examples include products, services, systems,
organizations, people,practices, procedures, processes, plans,
ideas, documents, records,methods, tools, machines, technologies,
techniques, and resources.
Objective
An objective is a result you intend to achieve. Objectives can
be strategic, tactical, or operational and can apply to an
organization as a whole or to a system, process, project, product,
or service. Objectives may also be referred to as targets, aims,
goals, or intended outcomes.
Quality objectives are generally based on or derived from an
organizations quality policy and must be consistent with it.
Objective audit evidence
Objective audit evidence is information that is verifiable and
generally consists of records and other statements of fact that are
relevant to the audit criteria being used.
Objective evidence
Objective evidence is data that shows or proves that something
exists or is true. Objective evidence can be collected by
performingobservations, measurements, tests, or using other
suitable methods.
Organization
An organization can be a single person or a group that achieves
itsobjectives by using its own functions, responsibilities,
authorities, and relationships. It can be a company, corporation,
enterprise, firm,partnership, charity, association, or institution
and can be eitherincorporated or unincorporated and be either
privately or publiclyowned. It can also be an operating unit that
is part of a larger entity.
Output
An output is the result of a process. Outputs can be either
tangible or intangible. The output from one process is often the
input for another process.
ISO 9001 lists four generic output categories: services,
software, hardware, and processed materials. Outputs often combine
several of these categories. For example, an automobile (an output)
combineshardware (e.g. tires), software (e.g. engine control
algorithms), andprocessed materials (e.g. lubricants).
Outsource
When an organization makes an arrangement with an outside
organization to perform part of a function or process, it is
referred to as outsourcing. To outsource means to ask an external
organizationto perform part of a function or process normally done
inhouse. While an outsourced organization is beyond the scope of
your QMS, theoutsourced process or function itself falls within
your scope.
Performance
According to ISO, the term performance refers to a measurable
result. It refers to the measurable results that activities,
processes, products, services, systems and organizations are able
to achieve. Whenever theyperform well it means that acceptable
results are being achieved andwhenever they perform poorly,
unacceptable results are achieved.
Performance indicator
A performance indicator (metric) is a characteristic that is
used to measure customer satisfaction and how well outputs are
realized.
Policy
A policy is a general commitment, direction, or intention and is
formally stated by top management. A quality policy statement
shouldexpress top management's commitment to the implementation
andimprovement of its quality management system and should
allowmanagers to set quality objectives.
Process
A process is a set of activities that are interrelated or that
interact with one another. Processes use resources to transform
inputs into outputs. Processes are interconnected because the
output from one process often becomes the input for another
process.
While processes usually transform inputs into outputs, this is
not always the case. Sometimes inputs become outputs without
transformation.
Organizational processes should be planned and carried out under
controlled conditions. An effective process is one that realizes
planned activities and achieves planned results.
Process approach
The process approach is a management strategy. When managers use
a process approach, it means that they manage and control
theprocesses that make up their organization, the interaction
between these processes, and the inputs and outputs that tie these
processes together.
Process-based quality management system
A process-based quality management system uses a process
approach to manage and control how its quality policy is
implemented and how its quality objectives are achieved. A
process-based QMS is a network of interrelated and interconnected
processes.
Each process uses resources to transform inputs into outputs.
Since the output of one process becomes the input of another
process, processes interact and are interrelated by means of such
input-output relationships. These process interactions create a
single integrated process-based QMS.
Product
A product is a tangible or intangible output that is the result
of a process that does not include activities that are performed at
the interface between the supplier (provider) and the customer.
Products can be tangible or intangible. According to a note to
this definition, there are three generic product categories:
hardware,processed materials, and software. Many products combine
several of these categories. For example, an automobile (a product)
combineshardware (e.g. tires), software (e.g. engine control
algorithms), andprocessed materials (e.g. lubricants).
Provider
A provider is a person or an organization that supplies or
providesproducts or services. Providers can be either internal or
external to the organization. Internal providers supply products or
services to people within their own organization while external
providers supply products or services to other organizations.
Quality
The adjective quality applies to objects and refers to the
degree towhich a set of inherent characteristics fulfills a set of
requirements. An object is any entity that is either conceivable or
perceivable and an inherent characteristic is a feature that exists
in an object.
The quality of an object can be determined by comparing a set of
inherent characteristics against a set of requirements. If
thosecharacteristics meet all requirements, high or excellent
quality is achieved but if those characteristics do not meet all
requirements, a low or poor level of quality is achieved. So the
quality of an objectdepends on a set of characteristics and a set
of requirements and how well the former complies with the
latter.
Quality management
Quality management includes all the activities that
organizations use to direct, control, and coordinate quality. These
activities includeformulating a quality policy and setting quality
objectives. They alsoinclude quality planning, quality control,
quality assurance, and quality improvement.
Quality management system
A quality management system (QMS) is a set of interrelated or
interacting elements that organizations use to formulate quality
policies and quality objectives and to establish the processes that
are needed to ensure that policies are followed and objectives
areachieved. These elements include structures, programs,
practices,procedures, plans, rules, roles, responsibilities,
relationships, contracts, agreements, documents, records, methods,
tools, techniques, technologies, and resources.
Quality objective
A quality objective is a quality result that you intend to
achieve. Quality objectives are based on or derived from an
organizations quality policy and must be consistent with it. They
are usually formulated at all relevant levels within the
organization and for all relevant functions.
The adjective quality applies to objects and refers to the
degree to which a set of inherent characteristics fulfills a set of
requirements; and an object is any entity that is either
conceivable or perceivable.Therefore, a quality objective can be
set for any kind of object.
Quality policy
A quality policy should express top management's commitment to
thequality management system (QMS) and should allow managers to
setquality objectives. It should be based on ISOs quality
managementprinciples and should be compatible with your
organizations other policies and be consistent with its vision and
mission.
ISO's quality management principles ask you to focus on
customers and interested parties, to provide leadership, to engage
and involve people, to use a process approach, to encourage
improvement, to useevidence to make decisions, and to manage
corporate relationships.
Regulatory requirement
A regulatory requirement is an obligation that is specified by
an authority which gets its mandate from a legislative body.
Release
To release means to grant permission to proceed to the next
stage of a process. The term release is also used to refer to a
version of software or documented information.
Requirement
A requirement is a need, expectation, or obligation. It can be
stated orimplied by an organization, its customers, or other
interested parties.A specified requirement is one that has been
stated (in a document forexample), whereas an implied requirement
is a need, expectation, orobligation that is common practice or
customary.
There are many types of requirements. Some of these include
customerrequirements, quality requirements, quality management
requirements,management requirements, product requirements, service
requirements,contractual requirements, statutory requirements, and
regulatoryrequirements.
Review
Reviews are done to figure out how well objects achieve
establishedobjectives. Reviews ask the following question: is the
object a suitable,adequate, and effective way of achieving
established objectives?
There are many kinds of reviews. Some of these include
managementreviews, design and development reviews, customer
requirement reviews, nonconformity reviews, and peer reviews.
Risk
According to ISO 9000, risk is the effect of uncertainty on an
expectedresult and an effect is a positive or negative deviation
from what isexpected. The following two paragraphs will explain
what this means.
This definition recognizes that all of us operate in an
uncertain world.Whenever we try to achieve something, theres always
the chance thatthings will not go according to plan. Sometimes we
get positive resultsand sometimes we get negative results and
occasionally we get both.Because of this, we need to reduce
uncertainty as much as possible.
Uncertainty (or lack of certainty) is a state or condition that
involvesa deficiency of information and leads to inadequate or
incompleteknowledge or understanding. In the context of risk
management,uncertainty exists whenever the knowledge or
understanding of an event, consequence, or likelihood is inadequate
or incomplete.
While this definition argues that risk can be positive as well
as negative, a note acknowledges that "the term risk is sometimes
used when there is only the possibility of negative
consequences".
Risk-based thinking
Risk-based thinking refers to a coordinated set of activities
and methods that organizations use to manage and control the many
risks that affect its ability to achieve objectives. Risk-based
thinkingreplaces what the old standard used to call preventive
action.
While risk-based thinking is now an essential part of the new
standard, it does not actually expect you to implement a formal
risk management process nor does it expect you to document your
organizations risk-based approach.
Service
A service is an intangible output and is the result of a process
that includes at least one activity that is carried out at the
interface between the supplier (provider) and the customer.
Service provision can take many forms. Service can be provided
to support an organizations own products (e.g. warranty service or
the serving of meals). Conversely, it can be provided for a
productsupplied by a customer (e.g. a repair service or a delivery
service). It can also involve the provision of an intangible thing
to a customer (e.g. entertainment, ambience, transportation, or
advice).
Statutory requirement
A statutory requirement is defined by a legislative body and is
obligatory.
Strategy
A strategy is a plan for achieving an objective.
Supplier
A supplier is a person or an organization that provides products
orservices. Suppliers can be either internal or external to an
organization.Internal suppliers provide products or services to
people within their own organization while external suppliers
provide products or services to other organizations.
Examples of suppliers include organizations and people who
produce,distribute, or market products, provide services, or
publish information. While ISO still includes a definition for this
term, the new ISO 9001 2015standard no longer actually uses it. It
prefers, instead, to use the termexternal provider.
System
A system is defined as a set of interrelated or interacting
elements. A management system is one type of system. It is a set of
interrelated or interacting elements that organizations use to
formulate policies and objectives and to establish the processes
that are needed to ensure that policies are followed and objectives
are achieved.
Top management
The term top management normally refers to the people at the top
of an organization. It refers to the people who provide resources
and delegate authority and who coordinate, direct, and
controlorganizations.
However, if the scope of a management system covers only part of
an organization, then the term top management refers, instead, to
the people who direct and control that part of the
organization.
Traceability
Traceability is the ability to identify and trace the history,
distribution,location, and application of products, parts,
materials, and services.A traceability system records and follows
the trail as products, parts,materials, and services come from
suppliers and are processed andultimately distributed as final
products and services.
Validation
Validation is a process. It uses objective evidence to confirm
that therequirements which define an intended use or application
have been met. Whenever all requirements have been met, a validated
status isestablished. Validation can be carried out under realistic
use conditions or within a simulated use environment.
There are several ways to confirm that the requirements which
define an intended use or application have been met. For example
you could do tests, you could carry out alternative calculations,
or you could examine documents before you issue them.
Verification
Verification is a process. It uses objective evidence to confirm
that specified requirements have been met. Whenever
specifiedrequirements have been met, a verified status is
achieved.
There are many ways to verify that requirements have been met.
For example you could inspect something, you could do tests, you
could carry out alternative calculations, or you could examine
documents before you issue them.
ISO DIS 9001 2015 is an "Interim Working Draft". It's not the
final version of the standard. According to ISO, the final official
version "is due to be published by the end of 2015".
4. Context
4.1 Understand your organization and its unique context
Identify and understand your organization's context.
Identify and understand your organization's context before you
establish its quality management system (QMS).
Consider the external issues that are relevant to your
organization's purpose and strategic direction and think about the
influence these issues could have on its QMS and the results it
intends to achieve.
Consider the internal issues that are relevant to your
organization's purpose and strategic direction and think about the
influence these issues could have on its QMS and the results it
intends to achieve.
Monitor information about your organization's context.
Consider the impact changes in context could have on your
organization's quality management system (QMS).
4.2 Clarify the needs and expectations of interested parties
Identify the parties who affect or could affect your QMS.
Consider how interested parties affect or could affect your
ability to provide products and services that meet customer
requirements.
Consider how interested parties affect or could affect your
ability to provide products and services that meet statutory and
regulatory requirements.
Clarify and understand their unique needs and expectations.
Monitor and review information about your interested
parties.
4.3 Define the scope of your quality management system
Clarify boundaries and think about what your QMS should apply
to.
Use boundary and applicability information to define your
scope.
Consider your organization's context when you define your
scope.
Document the scope of your quality management system (QMS).
Use your scope document to describe the boundaries of your
organization's QMS and to explain what it applies to.
Use your scope document to identify and describe the products
and services that will be included in your organization's QMS.
Use your scope document to explain that every ISO 9001
requirement is mandatory and may only be excluded if it cannot be
applied.
Control the document that defines the scope of your QMS.
Maintain your organization's scope document.
4.4 Establish a QMS that complies with this standard
Develop a process-based quality management system (QMS).
Determine the processes that your QMS needs.
Determine process sequences and interactions.
Determine methods needed to manage processes.
Determine resources needed to support processes.
Determine process responsibilities and authorities.
Determine risks and opportunities for each process.
Determine methods needed to check your processes.
Determine opportunities to improve your processes.
Implement your process-based quality management system.
Support your process-based quality management system.
Improve your process-based quality management system.
5. Leadership
5.1 Provide leadership by focusing on quality and customers
5.1.1 Provide leadership by encouraging a focus on quality
Accept responsibility for your QMS.
Demonstrate a commitment to your QMS.
Ensure that a quality policy is developed.
Ensure that quality objectives are established.
Ensure that requirements are built into processes.
Ensure that your QMS achieves all intended results.
Communicate your commitment to the QMS.
Explain why quality management is important.
Expect managers to be accountable for their QMS.
Encourage your personnel to support their QMS.
Promote an awareness of the process approach.
5.1.2 Provide leadership by encouraging a focus on customers
Expect personnel to focus on customers.
Expect personnel to manage all relevant requirements.
Expect personnel to provide compliant products and services.
Expect personnel to manage relevant risks and opportunities.
Expect personnel to focus on enhancing customer
satisfaction.
5.2 Provide leadership by establishing a suitable quality
policy
5.2.1 Provide leadership by formulating your quality policy
Develop an appropriate quality policy.
Make sure that it supports your organization's purpose.
Make sure that it deals with your organization's context.
Make sure that it can be used to set quality objectives.
Formulate your organization's quality policy.
Make a commitment to satisfy applicable requirements.
Make a commitment to continual QMS improvement.
5.2.2 Provide leadership by implementing your quality policy
Document your organization's quality policy.
Communicate your organization's quality policy.
Apply your organization's quality policy.
5.3 Provide leadership by defining roles and
responsibilities
Assign QMS roles, responsibilities, and authorities.
Communicate QMS roles, responsibilities, and authorities.
6. Planning
6.1 Define actions to manage risks and address opportunities
6.1.1 Consider risks and opportunities when you plan your
QMS
Plan the development of your organization's QMS.
Identify the risks and opportunities that could influence the
performance of your organization's QMS or disrupt its
operation.
Consider how your organization's context could affect how well
its QMS is able to achieve intended results.
Consider how your organization's interested parties could affect
how well its QMS is able to achieve intended results.
Figure out what you need to do to address the risks and
opportunities that could influence the performance of
yourorganization's QMS or disrupt its operation.
6.1.2 Plan how youre going to manage risks and opportunities
Consider your organization's risk treatment options.
Define actions to address risks and opportunities.
Define actions that you can take to address the risks and
opportunities that could influence the performance of your QMS or
disrupt or damage its operation.
6.2 Set quality objectives and develop plans to achieve them
6.2.1 Establish quality objectives for all relevant areas
Clarify criteria for setting quality objectives.
Set quality objectives in all relevant areas.
Communicate your quality objectives.
Document your quality objectives.
Monitor your quality objectives.
Update your quality objectives.
6.2.2 Develop plans to achieve objectives and evaluate
results
Establish plans to achieve quality objectives.
Plan how you're going to evaluate your results.
6.3 Control changes to your quality management system
Plan changes to your quality management system.
Consider the purpose of the changes you intend to make.
Consider responsibilities and authorities whenever you make
changes.
Consider the consequences that changes could potentially
produce.
7. Support
7.1 Support your QMS by providing the necessary resources
7.1.1 Provide internal and external resources for your QMS
Determine the resources that your QMS needs.
Provide the resources that your QMS needs.
7.1.2 Provide suitable people for your QMS and your
processes
Provide the people that your QMS needs to be effective.
Provide the people that you need in order to be sure that your
organization is capable of meeting customer requirements on a
consistent basis.
Provide the people that you need in order to be sure that your
organization is capable of meeting all applicable statutory and
regulatory requirements on a consistent basis.
7.1.3 Provide the infrastructure that your processes must
have
Determine the infrastructure that your processes need.
Identify the infrastructure that your organization needs in
order to support process operations and to achieve conformity of
products and services.
Provide the infrastructure that your processes need.
7.1.4 Provide the appropriate environment for your processes
Determine the environment that your processes need.
Identify the environment that your organization needs in order
to support process operations and to achieve conformity of products
and services.
Provide the environment that your processes need.
7.1.5 Provide suitable monitoring and measuring resources
Determine monitoring and measuring resource requirements.
Identify the monitoring and measuring resources that you need in
order to be sure that you can provide products and services that
meet all relevant requirements.
Determine your measurement traceability requirements.
Identify the measurement traceability resources that customers
and interested parties expect you to have.
Identify the measurement traceability resources that
governmental agencies expect you to have.
7.1.6 Provide knowledge to facilitate process operations
Determine the knowledge that your organization needs to
have.
Acquire the knowledge that your organization needs to have.
Make organizational knowledge available to the extent
necessary.
Monitor relevant trends and changes in knowledge and
information.
Maintain the organizational knowledge that has been
acquired.
7.2 Support your QMS by ensuring that people are competent
Identify those under your control who do work that affects
quality.
Clarify your organization's quality competence requirements.
Acquire competence whenever shortcomings are discovered.
Document the competence of those whose work affects quality.
Evaluate the effectiveness of actions taken to acquire
competence.
7.3 Support your QMS by explaining how people can help
Make personnel aware of your organization's QMS.
Share information about your QMS with the people who carry out
work that is under your organization's control.
7.4 Support your QMS by managing your communications
Support your QMS by managing QMS communications.
Figure out how internal communications will be handled.
Figure out how external communications will be handled.
7.5 Support your QMS by controlling documented information
7.5.1 Include the documented information that your QMS needs
Figure out how extensive documented QMS information should
be.
Consider your activities when you establish documents and
records.
Consider your personnel when you establish documents and
records.
Consider your processes when you establish documents and
records.
Consider your products when you establish documents and
records.
Consider your services when you establish documents and
records.
Consider your size when you establish documents and records.
Select all the documents and records that your QMS needs.
Select all the internal documents and records that your QMS
needs.
Select all the external documents and records that your QMS
needs.
7.5.2 Manage the creation and revision of documented
information
Manage the creation and revision of documented information.
Make sure that your organizations QMS documents and records are
properly identified and described.
Make sure that your organizations QMS documents and records are
properly formatted and presented.
Make sure that your organizations QMS documents and records are
properly reviewed and approved.
7.5.3 Control the management and use of documented
information
7.5.3.1 Control your organization's QMS documents and
records
Select all of the QMS documents and records that you need.
Select all the documentation that you need in order toprotect
the confidentiality, integrity, and use of information.
Select all of the documentation that is required by ISO
9001.
Control all the QMS documents and records that you need.
Control all the internal documentation that your QMS needs.
Control all the external documentation that your QMS needs.
7.5.3.2 Control how QMS documents and records are controlled
Control how QMS documents and records are controlled.
Control how QMS documents and records are created.
Control how QMS documents and records are identified.
Control how QMS documents and records are distributed.
Control how QMS documents and records are accessed.
Control how QMS documents and records are retrieved.
Control how QMS documents and records are stored.
Control how QMS documents and records are used.
Control how QMS documents and records are changed.
Control how QMS documents and records are protected.
Control how QMS documents and records are preserved.
8. Operations
8.1 Develop, implement, and control your operational
processes
Plan the implementation and control of operational
processes.
Prepare operational process implementation and control
plans.
Use your plans to implement and control operational
processes.
Control planned operational process changes and
modifications.
Retain suitable operational process documents and records.
8.2 Clarify how product and service requirements will be
managed
8.2.1 Clarify how communications with customers will be
handled
Establish processes for communicating with customers.
Establish how customer enquires should be handled.
Establish how orders and contracts should be handled.
Establish how customer feedback should be handled.
8.2.2 Clarify how product and service requirements will be
specified
Establish a process for managing product and service
requirements.
Implement your product and service requirement management
process.
Maintain your product and service requirement management
process.
8.2.3 Clarify how product and service requirements will be
reviewed
Review product and service requirements before you accept an
order.
Confirm all unwritten customer requirements before you accept
them.
Clarify differences between your original proposal and the final
order.
Resolve differences between your original proposal and the final
order.
Retain and control documents that describe the results of your
reviews.
8.3 Establish a process to design and develop products and
services
8.3.1 Create a design and development process when necessary
Establish a design and development process (when necessary).
Establish a design and development process whenever product and
service requirements are unavailable or inadequate.
Implement a design and development process (when necessary).
8.3.2 Plan product and service design and development
activities
Plan your design and development stages and controls.
Consider design and development process complexities.
Consider design and development process requirements.
Consider design and development process participation.
Consider design and development process interfaces.
Consider design and development process responsibilities.
Consider design and development process documentation.
8.3.3 Determine product and service design and development
inputs
Clarify your product and service design and development
inputs.
Define product and service design and development resource
needs.
8.3.4 Specify how design and development process will be
controlled
Establish your design and development controls.
Ensure that your results are clearly defined.
Ensure that your reviews are done as planned.
Ensure that output verifications are performed.
Ensure that output validations are carried out.
8.3.5 Clarify how design and development outputs will be
produced
Control product and service design and development outputs.
Ensure that outputs can be compared against input
requirements.
Ensure that outputs are capable of supporting product
provision.
Ensure that outputs include or refer to acceptance criteria.
Ensure that outputs can be used to validate proposals.
Control design and development output documents and records.
8.3.6 Review and control all design and development changes
Identify changes made to design inputs and outputs.
Review changes made to design inputs and outputs.
Control changes made to design inputs and outputs.
8.4 Monitor and control externally provided products and
services
8.4.1 Confirm that external products and services meet
requirements
Confirm that externally provided processes, products, and
services meet requirements.
Confirm that externally provided products and services meet
requirements if they are incorporated into your organization's own
products and services.
Confirm that externally provided processes and functions meet
your organization's requirements.
Establish criteria to select and evaluate external
providers.
8.4.2 Establish controls for externally provided products and
services
Consider controls for external providers, processes, products,
and services.
Consider the potential impact that externally provided
processes, products, and services could have on your organization's
ability to consistently meet external requirements.
Consider the controls that external process, product, and
serviceproviders have implemented and think about how effective
theircontrols actually are.
Develop controls for external providers, processes, products,
and services.
Implement controls for external providers, processes, products,
and services.
8.4.3 Discuss your organizations requirements with external
providers
Clarify what you expect from external providers.
Clarify your organization's process requirements.
Clarify your organization's product requirements.
Clarify your organization's service requirements.
Clarify your organization's equipment requirements.
Clarify your organization's interaction requirements.
Clarify your organization's verification requirements.
Clarify your organization's competence requirements.
Clarify your organization's methodological requirements.
Clarify your organization's monitoring and control
requirements.
Discuss your organization's requirements with external
providers.
8.5 Manage and control production and service provision
activities
8.5.1 Establish controls for production and service
provision
Implement controlled conditions.
Implement controlled conditions for production.
Implement controlled conditions for service provision.
Implement controlled conditions for delivery process.
Implement controlled conditions for post-delivery process.
8.5.2 Identify process outputs and control their unique
identity
Use suitable means to identify process outputs.
Identify process outputs throughout production.
Identify process outputs throughout service provision.
Control the unique identify of process outputs.
Control output identity if traceability is a requirement.
8.5.3 Protect property owned by customers and external
providers
Identify property owned by your customers and external
providers.
Verify property owned by your customers and external
providers.
Protect property owned by your customers and external
providers.
Monitor property owned by your customers and external
providers.
8.5.4 Preserve outputs during production and service
provision
Preserve process outputs during production and service
provision.
Consider using suitable identification methods to preserve
outputs.
Consider using suitable packaging methods to preserve
outputs.
Consider using suitable handling methods to preserve
outputs.
Consider using suitable storage methods to preserve outputs.
8.5.5 Clarify and comply with all post-delivery requirements
Clarify your organization's post-delivery requirements.
Identify the activities that must be carried out after product
delivery.
Identify the activities that must be carried out after service
delivery.
Comply with your organization's post-delivery requirements.
8.5.6 Control changes for production and service provision
Review unplanned changes related to production and service
provision.
Document review results, actions taken, and who authorized
change.
Control unplanned changes related to production and service
provision.
8.6 Implement arrangements to control product and service
release
Establish planned arrangements to verify products at each
stage.
Verify that product requirements were met at appropriate
stages.
Establish planned arrangements to verify services at each
stage.
Verify that service requirements were met at appropriate
stages.
8.7 Control nonconforming process outputs, products, and
services
Identify nonconforming process outputs, products, and
services.
Control nonconforming process outputs, products, and
services.
Control the unintended use or delivery of outputs, products, and
services that do not conform to requirements.
Document the actions and decisions taken to prevent the
unintended use or delivery of outputs, products, and services that
do not conform to requirements.
Prevent nonconforming process outputs, products, and
services.
9. Evaluation
9.1 Monitor, measure, analyze, and evaluate QMS performance
9.1.1 Plan how youre going to monitor, measure, analyze, and
evaluate
Plan how to monitor, measure, analyze, and evaluate your
QMS.
Monitor, measure, analyze, and evaluate your organization's
QMS.
Monitor the performance and effectiveness of your QMS.
Measure the performance and effectiveness of your QMS.
Analyze the performance and effectiveness of your QMS.
Evaluate the performance and effectiveness of your QMS.
9.1.2 Obtain customer information and monitor customer
satisfaction
Establish methods for obtaining and using customer
information.
Obtain information about the opinions and perceptions of
customers.
Monitor the perceptions, opinions, and attitudes of your
customers.
9.1.3 Analyze and evaluate your monitoring and measurement
results
Analyze and evaluate the data and information you have
collected.
Use analytical results and evaluations to generate relevant
outputs.
Use outputs to show that requirements are being met.
Use outputs to demonstrate that your plans are working.
Use outputs to assess performance, compliance, and
effectiveness.
Use outputs to identify QMS improvement needs and
opportunities.
Use outputs to evaluate the performance of your QMS
processes.
Use outputs to provide inputs for management review process.
9.2 Use internal audits to examine conformance and
performance
9.2.1 Audit your quality management system at planned
intervals
Conduct internal QMS audits at planned intervals.
Find out if your organization's QMS meets requirements.
Examine the effectiveness of your organization's QMS.
9.2.2 Develop an internal audit program for your
organization
Plan the development of your internal audit program.
Develop a program that can find out if QMS meets
requirements.
Develop a program that can determine if your QMS is
effective.
Establish your organization's internal audit program.
Establish internal audit responsibilities.
Establish internal audit planning requirements.
Establish internal audit reporting requirements.
Establish internal audit schedules.
Establish internal audit methods.
9.3 Review the suitability, adequacy, and effectiveness of your
QMS
9.3.1 Plan and perform management reviews at planned
intervals
Plan your management review activities.
Schedule QMS reviews at planned intervals.
Review your organization's QMS at regular intervals.
Review QMS suitability, adequacy, and effectiveness.
9.3.2 Generate management review outputs and document
results
Generate suitable management review outputs.
Document the results of your management reviews.
10. Improvement
10.1 Determine improvement opportunities and make
improvements
Consider ways of enhancing customer satisfaction.
Consider opportunities to support innovation.
Consider opportunities to take corrective action.
Consider opportunities to transform your operations.
Consider opportunities to make incremental changes.
Meet customer requirements and enhance satisfaction.
10.2 Control nonconformities and take appropriate corrective
action
10.2.1 Correct nonconformities and address causes and
consequences
React to your organization's nonconformities.
Control and correct your nonconformities.
Evaluate the need to eliminate causes.
Develop corrective actions to address causes.
Implement corrective actions to address causes.
Review the effectiveness of your corrective actions.
10.2.2 Document your nonconformities and the actions that are
taken
Document your organization's nonconformities.
Document the actions taken to address nonconformities.
Document your organization's corrective action results.
10.3 Enhance the suitability, adequacy, and effectiveness of
your QMS
Consider evaluation, analytical, and management review
outputs.
Use outputs to confirm that QMS improvement opportunities
exist.
Select methodologies to analyze causes and support
improvement.
Improve the suitability, adequacy, and effectiveness of your
QMS.