ISO 9001:

ISO 9001:2015 ISO Clause

4 Context of the Organization
4.1 Understanding the organization and its context
4.1.1

4.1.2

4.2 Understanding the needs and expectations of interested parties

4.2.1

4.2.2

4.3 Determining the scope of the quality management system

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.4 Quality management system and its processes

4.4.1
 4.4.2

4.4.3

5 Leadership
5.1 Leadership and commitment
5.1.1 Leadership and commitment for the quality management system
 [Link]

NOTE Reference to “business” in this International Standard can be interpreted b

existence; whether the organization is public, private, for profit or not for profit.
5.1.2 Customer focus
5.1.2

5.2 Quality policy

5.2.1

5.2.2

5.3 Organizational roles, responsibility and authorities

 5.3.1

5.3.2

6 Planning for the quality management system

6.1 Actions to address risks and opportunities
6.1.1

6.1.2

6.1.2

[Link] Product design skills

[Link]

6.2 Quality objectives and planning to achieve them

 6.2.1

6.2.2

6.3 Planning of changes

6.3.1

7 Support
7.1 Resources
7.1.1 General
[Link]

7.1.2 People
[Link]

7.1.3 Infrastructure
[Link]
7.1.4 Environment for the operation of processes
[Link]

7.1.5 Monitoring and measuring resources

[Link]

[Link]

[Link]

[Link]

[Link]

7.1.6 Organizational knowledge

[Link]

[Link]

[Link]
7.2 Competence
7.2.1

7.3 Awareness
7.3.1

7.4 Communication
7.4.1

7.5 Documented information

7.5.1 General
[Link]

7.5.2 Creating and updating

[Link]

7.5.3 Control of documented information

[Link]
 [Link].1

[Link].2

[Link].3

8 Operation
8.1 Operational planning and control
8.1.1

8.1.2

8.1.3

8.1.4

8.2 Determination of requirements for products and services

8.2.1 Customer communication
 [Link]

[Link]

[Link]

8.2.3 Review of requirements related to products and services

[Link]

[Link]

[Link]

[Link]

[Link]

8.3 Design and development of products and services

8.3.1 General
 [Link]

8.3.2 Design and development planning

[Link]

8.3.3 Design and development inputs

[Link]

[Link]

8.3.4 Design and development controls

 [Link]

8.3.5 Design and development outputs

[Link]

[Link]

8.3.6 Design and development changes

[Link]

[Link]

8.4 Control of externally provided products and services

8.4.1 General
[Link]

[Link]

[Link]
 [Link]

8.4.2 Type and extent of control of external provision

[Link]

[Link]

[Link]

8.4.3 Information for external providers

[Link]

[Link]

8.5 Production and service provision

8.5.1 Control of production and service provision
[Link]
 [Link]

8.5.2 Identification and traceability

[Link]

[Link]

[Link]

8.5.3 Property belonging to customers or external providers

[Link]

[Link]

8.5.4 Preservation
[Link]
8.5.5 Post-delivery activities
[Link]

[Link]

8.5.6 Control of changes

[Link]

[Link]

8.6 Release of products and services

8.6.1

8.6.2

8.7 Control of non-conforming process outputs, products and services

8.7.1

8.7.2
 8.7.3

8.7.4

8.7.5

9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
[Link]

[Link]

[Link]

9.1.2 Customer satisfaction

[Link]

[Link]

[Link]

9.1.3 Analysis and evaluation

[Link]
 [Link]

[Link]

9.2 Internal audit

9.2.1
[Link]

9.2.2
[Link]

9.3 Management Review

9.3.1
[Link]
 [Link]

9.3.2
[Link]

[Link]

10 Improvement
10.1 General
10.1.1

10.1.2

10.2 Nonconformity and corrective action

10.2.1
 [Link]

[Link]

10.2.2
[Link]

10.3 Continual improvement

10.3.1

10.3.2

10.3.3
 ISO 9001:2015 INTERNAL AUDIT PLANNING
Procedure

The organization shall determine external and internal issues that are
relevant to its purpose and its strategic direction and that affect its ability
to achieve the intended result(s) of its quality management system.

The organization shall monitor and review the information about these
external and internal issues.
nterested parties
Due to their impact or potential impact on the organization’s ability to
consistently provide products and services that meet customer and
applicable statutory and regulatory requirements, the organization shall
determine:
a) the interested parties that are relevant to the quality management
system;
b) the requirements of these interested parties that are relevant to the
quality management system.

The organization shall monitor and review the information about these
interested parties and their relevant requirements.
ent system
The organization shall determine the boundaries and applicability of the
quality management system to establish its scope.
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organization.

Where a requirement of this International Standard within the determined

scope can be applied, then it shall be applied by the organization.

If any requirement(s) of this International Standard cannot be applied, this

shall not affect the organization’s ability or responsibility to ensure
conformity of products and services.
The scope shall be available and be maintained as documented
information stating the:
- products and services covered by the quality management system;
- justification for any instance where a requirement of this
International Standard cannot be applied.

The organization shall establish, implement, maintain and continually

improve a quality management system, including the processes needed
and their interactions, in accordance with the requirements of this
International Standard.
 The organization shall determine the processes needed for the quality
management system and their application throughout the organization
and shall determine:
a) the inputs required and the outputs expected from these processes;
b) the sequence and interaction of these processes;
c) the criteria, methods, including measurements and related performance
indicators needed to ensure the effective operation, and control of these
processes;
d) the resources needed and ensure their availability;
e) the assignment of the responsibilities and authorities for these
processes;
f) the risks and opportunities in accordance with the requirements of 6.1,
and plan and implement the appropriate actions to address them;
g) the methods for monitoring, measuring, as appropriate, and evaluation
of processes and, if needed, the changes to processes to ensure that they
achieve intended results;
h) opportunities for improvement of the processes and the quality
management system.

The organization shall maintain documented information to the extent

necessary to support the operation of processes and retain documented
information to the extent necessary to have confidence that the processes
are being carried out as planned.

management system
 Top management shall demonstrate leadership and commitment with
respect to the quality management system by:
a) taking accountability of the effectiveness of the quality management
system;
b) ensuring that the quality policy and quality objectives are established
for the quality management system and are compatible with the strategic
direction and the context of the organization;
c) ensuring that the quality policy is communicated, understood and
applied within the organization;
d) ensuring the integration of the quality management system
requirements into the organization’s business processes;
e) promoting awareness of the process approach;
f) ensuring that the resources needed for the quality management system
are available;
g) communicating the importance of effective quality management and of
conforming to the quality management system requirements;
h) ensuring that the quality management system achieves its intended
results;
i) engaging, directing and supporting persons to contribute to the
effectiveness of the quality management system;
j) promoting continual improvement;
k) supporting other relevant management roles to demonstrate their
leadership as it applies to their areas of responsibility.

eference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of t
ce; whether the organization is public, private, for profit or not for profit.

Top management shall establish, review and maintain a quality policy that:
a) is appropriate to the purpose and context of the organization;
b) provides a framework for setting and reviewing quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality
management system.

Top management shall establish, review and maintain a quality policy that:
a) is appropriate to the purpose and context of the organization;
b) provides a framework for setting and reviewing quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality
management system.

The quality policy shall:

a) be available as documented information;
b) be communicated, understood and applied within the organization;
c) be available to relevant interested parties, as appropriate.

ties
 Top management shall ensure that the responsibilities and authorities for
relevant roles are assigned, communicated and understood within the
organization.
Top management shall assign the responsibility and authority for:
a) ensuring that the quality management system conforms to the
requirements of this International Standard;
b) ensuring that the processes are delivering their intended outputs;
c) reporting on the performance of the quality management system, on
opportunities for improvement and on the need for change or innovation,
and especially for reporting to top management;
d) ensuring the promotion of customer focus throughout the organization;
e) ensuring that the integrity of the quality management system is
maintained when changes to the quality management system are planned
and implemented.

When planning for the quality management system, the organization shall
consider the issues referred to in 4.1 and the requirements referred to in
4.2 and determine the risks and opportunities that
need to be addressed to:
a) give assurance that the quality management system can achieve its
intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement.

The organization shall plan:

a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management
system processes (see 4.4);
2) evaluate the effectiveness of these actions.

Actions taken to address risks and opportunities shall be proportionate to

the potential impact on the conformity of products and services.

The organization shall ensure that personnel with product design

responsibility are competent to achieve design requirements and are
skilled in applicable tools and techniques.
Applicable tools and techniques shall be identified by the organization.

NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, elimi
changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
m
The organization shall establish quality objectives at relevant functions,
levels and processes.
The quality objectives shall:
a) be consistent with the quality policy,
b) be measurable;
c) take into account applicable requirements;
d) be relevant to conformity of products and services and the
enhancement of customer satisfaction;
e) be monitored;
f) be communicated;
g) be updated as appropriate.
The organization shall retain documented information on the quality
objectives.

When planning how to achieve its quality objectives, the organization shall
determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.

Where the organization determines the need for change to the quality
management system (see 4.4) the change shall be carried out in a planned
and systematic manner.
The organization shall consider:
a) the purpose of the change and any of its potential consequences;
b) the integrity of the quality management system;
c) the availability of resources;
d) the allocation or reallocation of responsibilities and authorities.

The organization shall determine and provide the resources needed for
the establishment, implementation, maintenance and continual
improvement of the quality management system. The organization shall
consider:
a) the capabilities of, and constraints on, existing internal resources;
b) what needs to be obtained from external providers.

To ensure that the organization can consistently meet customer and

applicable statutory and regulatory requirements, the organization shall
provide the persons necessary for the effective operation of the quality
management system, including the processes needed.

The organization shall determine, provide and maintain the infrastructure

for the operation of its processes to achieve conformity of products and
services.
NOTE 1 Any product realization change affecting customer requirements requires notification to, and agreement from, the cus

The organization shall determine, provide and maintain the environment

necessary for the operation of its processes and to achieve conformity of
products and services.
NOTE Environment for the operation of processes can include physical, social, psychological, environmental and other factors
humidity, ergonomics and cleanliness).

Where monitoring or measuring is used for evidence of conformity of

products and services to specified requirements the organization shall
determine the resources needed to ensure valid and reliable monitoring
and measuring results.

The organization shall ensure that the resources provided:

a) are suitable for the specific type of monitoring and measurement
activities being undertaken;
b) are maintained to ensure their continued fitness for their purpose.

The organization shall retain appropriate documented information as

evidence of fitness for purpose of monitoring and measurement
resources.

Where measurement traceability is: a statutory or regulatory requirement;

a customer or relevant interested party expectation; or considered by the
organization to be an essential part of providing confidence in the validity
of measurement results; measuring instruments shall be:
-verified or calibrated at specified intervals or prior to use against
measurement standards traceable to international or national
measurement standards. Where no such standards exist, the basis used
for calibration or verification shall be retained as documented
information;
-identified in order to determine their calibration status;
-safeguarded from adjustments, damage or deterioration that would
invalidate the calibration status and subsequent measurement results.

The organization shall determine if the validity of previous measurement

results has been adversely affected when an instrument is found to be
defective during its planned verification or calibration, or during its use,
and take appropriate corrective action as necessary.

The organization shall determine the knowledge necessary for the

operation of its processes and to achieve conformity of products and
services.
This knowledge shall be maintained, and made available to the extent
necessary.
When addressing changing needs and trends, the organization shall
consider its current knowledge and determine how to acquire or access
the necessary additional knowledge.
NOTE 1 Organizational knowledge can include information such as intellectual property and lessons learned.
NOTE 2 To obtain the knowledge required, the organization can consider:
a) internal sources (e.g. learning from failures and successful projects, capturing undocumented knowledge and experience of
the organization);
The organization shall:
a) determine the necessary competence of person(s) doing work under its
control that affects its quality performance;
b) ensure that these persons are competent on the basis of appropriate
education, training, or experience;
c) where applicable, take actions to acquire the necessary competence,
and evaluate the effectiveness of the actions taken;
d) retain appropriate documented information as evidence of
competence.

NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re- assignment of curre
or the hiring or contracting of competent persons.

Persons doing work under the organization’s control shall be aware of:
a) the quality policy;
b) relevant quality objectives;
c) their contribution to the effectiveness of the quality management
system, including the benefits of improved quality performance;
d) the implications of not conforming with the quality management
system requirements.

The organization shall determine the internal and external

communications relevant to the quality management system including:
a) on what it will communicate;
b) when to communicate;
c) with whom to communicate;
d) how to communicate.

The organization’s quality management system shall include:

a) documented information required by this International Standard;
b) documented information determined by the organization as being
necessary for the effectiveness of the quality management system.

NOTE The extent of documented information for a quality management system can differ from one organization to another du
a) the size of organization and its type of activities, processes, products and services;
b) the complexity of processes and their interactions;

When creating and updating documented information the organization

shall ensure appropriate:
a) identification and description (e.g. a title, date, author, or reference
number);
b) format (e.g. language, software version, graphics) and media (e.g.
paper, electronic);
c) review and approval for suitability and adequacy.
 Documented information required by the quality management system and
by this International Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper
use, or loss of integrity).

For the control of documented information, the organization shall address

the following activities, as applicable:
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
d) retention and disposition.

Documented information of external origin determined by the

organization to be necessary for the planning and operation of the quality
management system shall be identified as appropriate, and controlled.

NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and a
change the documented information.

The organization shall plan, implement and control the processes, as

outlined in 4.4, needed to meet requirements for the provision of
products and services and to implement the actions determined in 6.1, by:
a) determining requirements for the product and services;
b) establishing criteria for the processes and for the acceptance of
products and services;
c) determining the resources needed to achieve conformity to product and
service requirements;
d) implementing control of the processes in accordance with the criteria;
e) retaining documented information to the extent necessary to have
confidence that the processes have been carried out as planned and to
demonstrate conformity of products and services to requirements.

The output of this planning shall be suitable for the organization's

operations.
The organization shall control planned changes and review the
consequences of unintended changes, taking action to mitigate any
adverse effects, as necessary.

The organization shall ensure that outsourced processes are controlled in

accordance with 8.4.
d services
 The organization shall establish the processes for communicating with
customers in relation to:
a) information relating to products and services;
b) enquiries, contracts or order handling, including changes;
c) obtaining customer views and perceptions, including customer
complaints;
d) the handling or treatment of customer property, if applicable;
e) specific requirements for contingency actions, when relevant.

The organization shall establish, implement and maintain a process to

determine the requirements for the products and services to be offered to
potential customers.

The organization shall ensure that:

a) product and service requirements (including those considered
necessary by the organization), and applicable statutory and regulatory
requirements, are defined;
b) it has the ability to meet the defined requirements and substantiate the
claims for the products and services it offers.

The organization shall review, as applicable:

a) requirements specified by the customer, including the requirements for
delivery and post- delivery activities;
b) requirements not stated by the customer, but necessary for the
customers' specified or intended use, when known;
c) additional statutory and regulatory requirements applicable to the
products and services;
d) contract or order requirements differing from those previously
expressed.

NOTE Requirements can also include those arising from relevant interested parties.
This review shall be conducted prior to the organization’s commitment to
supply products and services to the customer and shall ensure contract or
order requirements differing from those previously defined are resolved.

Where the customer does not provide a documented statement of their

requirements, the customer requirements shall be confirmed by the
organization before acceptance.

Documented information describing the results of the review, including

any new or changed requirements for the products and services, shall be
retained.
Where requirements for products and services are changed, the
organization shall ensure that relevant documented information is
amended and that relevant personnel are made aware of the changed
requirements.

es
Where the detailed requirements of the organization’s products and
services are not already established or not defined by the customer or by
other interested parties, such that they are adequate for subsequent
production or service provision, the organization shall establish,
implement and maintain a design and development process.

NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes for production and ser
NOTE 2 For services, design and development planning can address the whole service delivery process. The organization can t
consider the requirements of clauses 8.3 and 8.5 together.

In determining the stages and controls for design and development, the
organization shall consider:
a) the nature, duration and complexity of the design and development
activities;
b) requirements that specify particular process stages, including applicable
design and development reviews;
c) the required design and development verification and validation;
d) the responsibilities and authorities involved in the design and
development process;
e) the need to control interfaces between individuals and parties involved
in the design and development process;
f) the need for involvement of customer and user groups in the design and
development process;
g) the necessary documented information to confirm that design and
development requirements have been met.

The organization shall determine:

a) requirements essential for the specific type of products and services
being designed and developed, including, as applicable, functional and
performance requirements;
b) applicable statutory and regulatory requirements;
c) standards or codes of practice that the organization has committed to
implement;
d) internal and external resource needs for the design and development of
products and services;
e) the potential consequences of failure due to the nature of the products
and services;
f) the level of control expected of the design and development process by
customers and other relevant interested parties.

Inputs shall be adequate for design and development purposes, complete,

and unambiguous. Conflicts among inputs shall be resolved.
 The controls applied to the design and development process shall ensure
that:
a) the results to be achieved by the design and development activities are
clearly defined;
b) design and development reviews are conducted as planned;
c) verification is conducted to ensure that the design and development
outputs have met the design and development input requirements;
d) validation is conducted to ensure that the resulting products and
services are capable of meeting the requirements for the specified
application or intended use (when known).

The organization shall ensure that design and development outputs:

a) meet the input requirements for design and development;
b) are adequate for the subsequent processes for the provision of
products and services;
c) include or reference monitoring and measuring requirements, and
acceptance criteria, as applicable;
d) ensure products to be produced, or services to be provided, are fit for
intended purpose and their safe and proper use.

The organization shall retain the documented information resulting from

the design and development process.

The organization shall review, control and identify changes made to design
inputs and design outputs during the design and development of products
and services or subsequently, to the extent that there is no adverse
impact on conformity to requirements.

Documented information on design and development changes shall be

retained.
vices

The organization shall ensure that externally provided processes,

products, and services conform to specified requirements.
The organization shall apply the specified requirements for the control of
externally provided products and services when:
a) products and services are provided by external providers for
incorporation into the organization’s own products and services;
b) products and services are provided directly to the customer(s) by
external providers on behalf of the organization;
c) a process or part of a process is provided by an external provider as a
result of a decision by the organization to outsource a process or function.

The organization shall establish and apply criteria for the evaluation,
selection, monitoring of performance and re-evaluation of external
providers based on their ability to provide processes or products and
services in accordance with specified requirements.
 The organization shall retain appropriate documented information of the
results of the evaluations, monitoring of the performance and re-
evaluations of the external providers.

on
In determining the type and extent of controls to be applied to the
external provision of processes, products and services, the organization
shall take into consideration:
a) the potential impact of the externally provided processes, products and
services on the organization’s ability to consistently meet customer and
applicable statutory and regulatory requirements;
b) the perceived effectiveness of the controls applied by the external
provider.

The organization shall establish and implement verification or other

activities necessary to ensure the externally provided processes, products
and services do not adversely affect the organization's ability to
consistently deliver conforming products and services to its customers.

Processes or functions of the organization which have been outsourced to

an external provider remain within the scope of the organization’s quality
management system; accordingly, the organization shall consider a) and b)
above and define both the controls it intends to apply to the external
provider and those it intends to apply to the resulting process output.

The organization shall communicate to external providers applicable

requirements for the following:
a) the products and services to be provided or the processes to be
performed on behalf of the organization;
b) approval or release of products and services, methods, processes or
equipment;
c) competence of personnel, including necessary qualification;
d) their interactions with the organization's quality management system;
e) the control and monitoring of the external provider’s performance to be
applied by the organization;
f) verification activities that the organization, or its customer, intends to
perform at the external provider’s premises.

The organization shall ensure the adequacy of specified requirements

prior to their communication to the external provider.

The organization shall implement controlled conditions for production and

service provision, including delivery and post-delivery activities.
 Controlled conditions shall include, as applicable:
a) the availability of documented information that defines the
characteristics of the products and services;
b) the availability of documented information that defines the activities to
be performed and the results to be achieved;
c) monitoring and measurement activities at appropriate stages to verify
that criteria for control of processes and process outputs, and acceptance
criteria for products and services, have been met.
d) the use, and control of suitable infrastructure and process environment;
e) the availability and use of suitable monitoring and measuring resources;
f) the competence and, where applicable, required qualification of
persons;
g) the validation, and periodic revalidation, of the ability to achieve
planned results of any process for production and service provision where
the resulting output cannot be verified by subsequent monitoring or
measurement;
h) the implementation of products and services release, delivery and post-
delivery activities.

Where necessary to ensure conformity of products and services, the

organization shall use suitable means to identify process outputs.
The organization shall identify the status of process outputs with respect
to monitoring and measurement requirements throughout production and
service provision.

Where traceability is a requirement, the organization shall control the

unique identification of the process outputs, and retain any documented
information necessary to maintain traceability.

NOTE Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to an inte
receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc.
providers
The organization shall exercise care with property belonging to the
customer or external providers while it is under the organization's control
or being used by the organization. The organization shall identify, verify,
protect and safeguard the customer’s or external provider’s property
provided for use or incorporation into the products and services.

When property of the customer or external provider is incorrectly used,

lost, damaged or otherwise found to be unsuitable for use, the
organization shall report this to the customer or external provider.

NOTE Customer property can include material, components, tools and equipment, customer premises, intellectual property an

The organization shall ensure preservation of process outputs during

production and service provision, to the extent necessary to maintain
conformity to requirements.
 NOTE Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.

As applicable, the organization shall meet requirements for post-delivery

activities associated with the products and services.
In determining the extent of post-delivery activities that are required, the
organization shall consider:
a) the risks associated with the products and services;
b) the nature, use and intended lifetime of the products and services;
c) customer feedback;
d) statutory and regulatory requirements.

NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance serv
services such as recycling or final disposal.

The organization shall review and control unplanned changes essential for
production or service provision to the extent necessary to ensure
continuing conformity with specified requirements.

The organization shall retain documented information describing the

results of the review of changes, the personnel authorizing the change,
and any necessary actions.

The organization shall implement the planned arrangements at

appropriate stages to verify that product and service requirements have
been met. Evidence of conformity with the acceptance criteria shall be
retained.

The release of products and services to the customer shall not proceed
until the planned arrangements for verification of conformity have been
satisfactorily completed, unless otherwise approved by a relevant
authority and, as applicable, by the customer. Documented information
shall provide traceability to the person(s) authorizing release of products
and services for delivery to the customer.

ducts and services

The organization shall ensure process outputs, products and services that
do not conform to requirements are identified and controlled to prevent
their unintended use or delivery.

The organization shall take appropriate corrective action based on the

nature of the nonconformity and its impact on the conformity of products
and services. This applies also to nonconforming products and services
detected after delivery of the products or during the provision of the
service.
 As applicable, the organization shall deal with nonconforming process
outputs, products and services in one or more of the following ways:
a) correction;
b) segregation, containment, return or suspension of provision of products
and services;
c) informing the customer;
d) obtaining authorization for:
- use “as-is’;
- release, continuation or re-provision of the products and services;
- acceptance under concession.

Where nonconforming process outputs, products and services are

corrected, conformity to the requirements shall be verified.
The organization shall retain documented information of actions taken on
nonconforming process outputs, products and services, including on any
concessions obtained and on the person or authority that made the
decision regarding dealing with the nonconformity.

tion

The organization shall determine:

a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as
applicable, to ensure valid results;
c) when the monitoring and measuring shall be performed;
d) when the results from monitoring and measurement shall be analysed
and evaluated.

The organization shall ensure that monitoring and measurement activities

are implemented in accordance with the determined requirements and
shall retain appropriate documented information as
evidence of the results.

The organization shall evaluate the quality performance and the

effectiveness of the quality management system.

The organization shall monitor customer perceptions of the degree to

which requirements have been met.
The organization shall obtain information relating to customer views and
opinions of the organization and its products and services.

The methods for obtaining and using this information shall be determined.

NOTE Information related to customer views can include customer satisfaction or opinion surveys, customer data on delivered
quality, market-share analysis, compliments, warranty claims and dealer reports.

The organization shall analyse and evaluate appropriate data and

information arising from monitoring, measurement and other sources.
The output of analysis and evaluation shall be used to:
a) demonstrate conformity of products and services to requirements;
b) assess and enhance customer satisfaction;
c) ensure conformity and effectiveness of the quality management system;
d) demonstrate that planning has been successfully implemented;
e) assess the performance of processes;
f) assess the performance of external provider(s);
g) determine the need or opportunities for improvements within the
quality management system.

The results of analysis and evaluation shall also be used to provide inputs
to management review.

The organization shall conduct internal audits at planned intervals to

provide information on whether the quality management system;
a) conforms to:
1) the organization’s own requirements for its quality management
system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.

The organization shall:

a) plan, establish, implement and maintain an audit programme(s)
including the frequency, methods, responsibilities, planning requirements
and reporting, which shall take into consideration the quality objectives,
the importance of the processes concerned, customer feedback, changes
impacting on the organization, and the results of previous audits;
b) define the audit criteria and scope for each audit;
c) select auditors and conduct audits to ensure objectivity and the
impartiality of the audit process;
d) ensure that the results of the audits are reported to relevant
management;
e) take necessary correction and corrective actions without undue delay;
f) retain documented information as evidence of the implementation of
the audit programme and the audit results.

NOTE See ISO 19011 for guidance.

Top management shall review the organization's quality management

system, at planned intervals, to ensure its continuing suitability, adequacy,
and effectiveness.
The management review shall be planned and carried out taking into
consideration:
a) the status of actions from previous management reviews;
b) changes in external and internal issues that are relevant to the quality
management system including its strategic direction;
c) information on the quality performance, including trends and indicators
for:
1) nonconformities and corrective actions;
2) monitoring and measurement results;
3) audit results;
4) customer satisfaction;
5) issues concerning external providers and other relevant interested
parties;
6) adequacy of resources required for maintaining an effective quality
management system;
7) process performance and conformity of products and services;
d) the effectiveness of actions taken to address risks and opportunities
(see clause 6.1);
e) new potential opportunities for continual improvement.

The outputs of the management review shall include decisions and actions
related to:
a) continual improvement opportunities;
b) any need for changes to the quality management system, including
resource needs.

The organization shall retain documented information as evidence of the

results of management reviews.

The organization shall determine and select opportunities for

improvement and implement necessary actions to meet customer
requirements and enhance customer satisfaction.

This shall include, as appropriate:

a) improving processes to prevent nonconformities;
b) improving products and services to meet known and predicted
requirements;
c) improving quality management system results.

NOTE Improvement can be effected reactively (e.g. corrective action), incrementally (e.g. continual improvement), by step cha
breakthrough), creatively (e.g. innovation) or by re-organization (e.g. transformation).
When a nonconformity occurs, including those arising from complaints,
the organization shall:
a) react to the nonconformity, and as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the
nonconformity, in order that it does not recur or occur elsewhere, by:
1) reviewing the nonconformity;
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) make changes to the quality management system, if necessary.

Corrective actions shall be appropriate to the effects of the

nonconformities encountered.

NOTE 1 In some instances, it can be impossible to eliminate the cause of a nonconformity. NOTE 2 Corrective action can reduc
recurrence to an acceptable level.

The organization shall retain documented information as evidence of:

a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.

The organization shall continually improve the suitability, adequacy, and

effectiveness of the quality management system.

The organization shall consider the outputs of analysis and evaluation, and
the outputs from management review, to confirm if there are areas of
underperformance or opportunities that shall be addressed as part of
continual improvement.

Where applicable, the organization shall select and utilise applicable tools
and methodologies for investigation of the causes of underperformance
and for supporting continual improvement.
015 INTERNAL AUDIT PLANNING
Audit Question What to look for

How has the organization determined external and internal issues relevant
to its purpose and strategic direction?
How do these affect the ability to achieve the intended result of the QMS?

How do you monitor and review information about these internal and
external issues?

How have you determined what interested parties are relevant to the
QMS?
How have you determined what requirements those parties have that are
relevant to the QMS?
How has impact or potential impact been determined?

How do you monitor and review the information about interested parties
and their relevant requirements?

How have the boundaries and applicability of the QMS been used to
establish the scope of the organization?
How have:
The external and internal issues;
The requirements of relevant interested parties and;
The products and services of the organization been considered when
determining the scope of the organization?

How has the application of the International Standard within the scope
been determined, and how has it been applied by the organization?

How have any requirements of the International Standard been

determined as not applicable? Show me how conformity of products and
services are not affected by this.
Where is the scope available? Where is it maintained as documented
information? Does it state what products and services are covered by the
QMS?
Does it justify how instances of requirements of the QMS cannot be
applied?

How has the QMS been established? Show me how this is implemented.
How is it maintained and continually improved? How have the processes
been determined and how do they interact?
How have the processes been determined for the QMS?
What are the inputs and outputs for those processes?
What is the sequence and interaction of the processes?
What are the criteria, methods, measurement and related performance
indicators needed to operate and control those processes?
What resources are needed and how are these made available?
How are responsibilities and authorities assigned for those processes?
How are risks and opportunities considered and what plans are made to
implement actions to address them?
What methods are used to monitor, measure and evaluate processes and,
if needed, what changes are made to achieve intended results?
How are opportunities to improve the processes and the QMS
determined?

What documented information exists to support the operation of

processes? How is this documented information retained? How is
confidence that the processes are being carried out as planned
determined?
 Show me how top management demonstrates leadership and
commitment
w.r.t. the QMS by taking accountability of the effectiveness of the QMS.
How is the quality policy and objectives established for the QMS and how
are they compatible with the strategic direction and the organizational
context?
How is the quality policy communicated within the organization? Show me
how this is understood and applied.
How are the requirements of the QMS integrated into the business
processes? How do you promote awareness of the process approach?
How do you ensure that resources needed for the QMS area available?
How do you communicate the importance of effective quality
management?
How do you communicate the importance of conforming to the QMS
requirements? How do you ensure that the QMS achieves its intended
results?
How do you engage, direct and support people to contribute to the
effectiveness of the QMS?
How do you promote continual improvement?
How do you support other relevant management roles to demonstrate
leadership in their areas of responsibility?

adly to mean those activities that are core to the purposes of the organization’s

How does top management establish, review and maintain a quality

policy? How is it determined to be appropriate to the purpose and context
of the organization?
Does it provide a framework for setting and reviewing quality objectives?
Does it contain a commitment to satisfy applicable requirements?
Does it include a commitment to continual improvement of the QMS?

How does top management establish, review and maintain a quality

policy? How is it determined to be appropriate to the purpose and context
of the organization?
Does it provide a framework for setting and reviewing quality objectives?
Does it contain a commitment to satisfy applicable requirements?
Does it include a commitment to continual improvement of the QMS?

Where is the quality policy available as

documented information?
How is it communicated?
Show me how it is understood and applied within the organization.
How have you made it available to relevant interested parties?
 How does top management ensure that responsibilities and authorities for
relevant roles are assigned, communicated and understood within the
organization?
How does top management assign the responsibility and authority for:
Ensuring that the QMS conforms to the International standard?
Ensuring processes are delivering their intended outputs?
How is the performance of the QMS, opportunities for improvement and
the need for change or innovation reported to top management?
How is customer focus promoted within the organization?
How is the integrity of the QMS maintained when changes to the QMS are
planned and implemented?

How are the internal and external issues and interested parties considered
when planning for the QMS?
How are risks and opportunities determined and addressed so that the
QMS can::
a) achieve its intended results;
b) Prevent or reduce undesired effects;
c) Achieve continual improvement?

How are actions planned to address risks and opportunities?

How are actions integrated and implemented into the QMS processes?
How do you evaluate the effectiveness of the actions?

How are actions taken to address risks and opportunities determined as

being appropriate to the potential impact on the conformity of products
and services?

How do you determine that personnel with product design responsibility

are competent to achieve design requirements? How do you determine
skills required in applicable tools and techniques? How do you identify
applicable tools and techniques?

oiding risk, taking risk in order to pursue an opportunity, eliminating the risk source,
aining risk by informed decision.
Where are the quality objectives and are these at all relevant functions,
levels and processes?
Are they consistent with the quality policy? Are they measureable?
Do they consider applicable requirements? Are they relevant to the
conformity of products and services and do they enhance customer
satisfaction?
Are they monitored? How? How often? How are they communicated?
How are they updated?
Where is the documented information on the quality objectives?

How does the organization determine what will be done, with what
resources, when completed and how will results be evaluated for quality
objectives?

How are changes to the QMS planned systematically?

Demonstrate the purpose and potential consequences of changes;
Demonstrate the integrity of the QMS; Demonstrate how resources are
made available?
Demonstrate how responsibility and authority is allocated or reallocated.

Demonstrate how resources are determined for the establishment,

implementation, maintenance and continual improvement of the QMS.
Show me how the capabilities and constraints on internal resources are
considered.
Show me how needs from external providers are considered.

How do you provide persons necessary to consistently meet customer,

applicable statutory and regulatory requirements for the QMS including
the necessary processes?

How do you determine, provide and maintain the infrastructure for the
operation of processes to achieve products and service conformity?
irements requires notification to, and agreement from, the customer.

How do you determine, provide and maintain the environment for the
operation of processes to achieve products and service conformity?

hysical, social, psychological, environmental and other factors (such as temperature,

How are the resources determined for ensuring valid and reliable
monitoring and measuring results, where used?

How do you ensure that resources provided are suitable for the specific
monitoring and measurement activities and are maintained to ensure
continued fitness for purpose?

Show me the documented information which is evidence of fitness for

purpose of monitoring and measurement resources.

Where applicable, show me how measurement instruments are:

Verified or calibrated at specified intervals against national or
international measurement standards;
If there are no standards, show me the documented information which is
used as the basis used for calibration or verification. Show me how
measurement instruments are identified to determine their calibration
status.
Show me how they are safeguarded from adjustments.
Show me how they are safeguarded from damage and deterioration.

How do you determine the validity of previous measurements if you find

an instrument to be defective during verification or calibration?
What appropriate actions can you take?

How do you determine necessary knowledge for the operation of

processes? How do you determine necessary knowledge to achieve
conformity of products and services?
How do you maintain this knowledge and how do you make it available to
the extent necessary?
How do you consider current knowledge and how do you acquire
additional knowledge when addressing changing needs and trends?

as intellectual property and lessons learned.

consider:
ojects, capturing undocumented knowledge and experience of topical experts within
 Show me how:
You determine the necessary competence of people doing work under
your control that affects quality performance;
How do you determine competence on the basis of appropriate education,
training or experience?
How do you take actions to acquire necessary competence where
applicable and how do you evaluate the effectiveness of those actions?
Show me documented information where appropriate of competence.

of training to, the mentoring of, or the re- assignment of currently employed persons;

How are people aware of:

The quality policy? Relevant quality objectives?
Their contribution to the effectiveness of the QMS?
The benefits of improved performance? The implications of not
conforming with the QMS requirements?

How do you determine internal and external communications relevant to

the QMS?
How do you determine: What?
When?
With Whom? How?

What documented information do you have as required by this standard?

What documented information do you have as being necessary for the
effectiveness of your QMS?

agement system can differ from one organization to another due to:
roducts and services;

Show me that your documented information contains: Identification;

Description;
In what media format?
Show me how the documented information is reviewed and approved for
suitability and adequacy.
 Show me how you control documented information.
Show me how you make it available and suitable for use.
How do you protect your documented information?

When controlling documented information, how do you address:

Distribution; Access; Retrieval; Use;
Storage and preservation; Legibility;
Control of changes; Retention and disposition.

How do you identify as appropriate and control documented information

of external origin which you have determined as necessary for the QMS

iew the documented information only, or the permission and authority to view and

How are processes needed to meet requirements for provision of products

and services planned, implemented and controlled?
How are requirements for products and services determined?
How is criteria for processes and acceptance for products and services
determined?
How are resources determined?
How is process control implemented? Show me the documented
information that shows confidence in that the processes have been
carried out as planned and can demonstrate conformity of products and
services.

How have you determined that the output from the planning process is
suitable for your operations?
How do you control planned changes? How do you review the
consequences of unintended changes? What action is taken to mitigate
any adverse effects?

How do you control outsourced processes?

 What are your processes for communicating with customers? How do you
communicate information relating to: Products;
Services; Enquiries; Contracts; Order handling;
Customer views, perceptions and complaints;
Handling or treatment of customer property;
Specific requirements for contingency actions?

What is your process to determine the requirements for products and

services to be offered to potential customers? How do you establish,
implement and maintain this process?

How do you define product and service requirements including statutory

and regulatory requirements?
How do you ensure that you have the ability to meet the defined
requirements and substantiate any claims for your products and services?

How do you review:

Customer requirements for delivery and post-delivery?
Requirements necessary for customers’ specified or intended use, where
known; Additional statutory and regulatory requirements applicable to
products and services;
Any other contract or order requirements.

t interested parties.
Show me that the review is conducted prior to your commitment to
supply products and services to your customers. How do you resolve
contract or order requirements which differ from those previously
defined?

How do you confirm customer requirements where the customer does not
provide a documented statement?

Show me where you retain documented information which describes

results of the review including any new or changed requirements.

Show me the documented information containing changes to products

and services. How do you ensure that relevant personnel are made aware
of those changes?
 How do you establish, implement and maintain a design and development
process (where detailed requirements of your products and services are
not already established or defined by the customer or other parties).

in 8.5 to the development of processes for production and services provision.

ress the whole service delivery process. The organization can therefore choose to

When determining the stages and control for design and development,
show me how you consider:
The nature, duration and complexity of the activities;
Requirements that specify particular process stages including applicable
reviews;
Required verification and validation; Responsibilities and authorities;
How interfaces are controlled between individuals and parties;
The need for involvement of customer and user groups.
Show me documented information that confirms design and development
requirements have been met.

Can you show me how you determine: Requirements essential for the
type of products and services being designed and developed, including as
applicable: Functional & performance requirements; Statutory and
regulatory requirements; Standards or codes of practice where there is a
commitment to implement;
Internal and external resources needed for the design and development of
products and services;
Potential consequences of failure;
Level of control expected of the design and development process by
customers and other relevant parties.

How do you determine that inputs are adequate, complete and

unambiguous for design and development? How do you resolve conflicts
among inputs?
How do controls that are applied to the design and development process
ensure: Results achieved by design and development activities are clearly
defined? Design and development reviews are conducted as planned?
Outputs meet the input requirements by verification/
Validation is conducted to ensure that the resulting products and services
are capable of meeting the requirements for the specified application or
intended use (when known)?

How do you ensure that design and development outputs:

Meet the input requirements for design and development?
Are adequate for the subsequent processes for the provision of products
and services?
Include or reference monitoring and measuring requirements, and
acceptance criteria, as applicable?
Ensure products to be produced, or services to be provided, are fit for
intended purpose and their safe and proper use?

Show me the documented information which results from the design and
development process.

How do you review, control and identify changes made to the design
inputs and outputs during design and development of products and
services ensuring no impact on conformity to requirements?

Show me the documented information for design and development

changes.

How do you ensure externally provided processes, products and services

conform to specified requirements?
Show me how you apply specified requirements for the control of
externally provided products and services when: Products and services are
provided by external providers for incorporation into your own products
and services;
You provide products and services directly to customers by external
providers on your behalf;
A process or part-process is provided by an external provider as a result of
a decision to outsource a process or function.

Show me how you establish and apply criteria for evaluation, selection,
monitoring of performance and re-evaluation of external providers. How
do you assess their ability to provide processes or products and services in
accordance with specified requirements?
What documented information do you have of the results of evaluations,
monitoring of performance and re- evaluations of external providers?

How do you determine the controls applied to the external provision of

processes, products and services and take into consideration:
a) The potential impact of the externally provided processes, products and
services on the ability to consistently meet customer and applicable
statutory and regulatory requirements?
b) The perceived effectiveness of the controls applied by the external
provider?

What verification or other activities do you have to ensure externally

provided processes, products and services do not adversely affect your
ability to consistently deliver conforming products and services to your
customers?

When processes or functions have been outsourced to external providers,

how do you consider a) and b) in 8.4.1 and how do you define the controls
intended to be applied to the external provider and to the resulting
process output?

Show me how you communicate to external providers, applicable

requirements for:
Products and services to be provided or the processes to be performed on
behalf of the organization;
Approval or release of products and services, methods, processes or
equipment;
Competence of personnel, including necessary qualification;
Their interactions with the organization's quality management system;
The control and monitoring of the external provider’s performance to be
applied by the organization;
Verification activities that the organization, or its customer, intends to
perform at the external provider’s premises.

Before you communicate with external providers, how do you ensure the
adequacy of specified requirements?

What controlled conditions do you have for production and service

provision, including delivery and post-delivery activities?
 Can you show me controlled conditions for:
a) the availability of documented information defining the characteristics
of the products and services;
b) the availability of documented information defining the activities to be
performed and the results to be achieved;
c) monitoring and measurement activities at appropriate stages to verify
that criteria for control of processes and process outputs, and acceptance
criteria for products and services, have been met.
d) the use, and control of suitable infrastructure and process environment;
e) the availability and use of suitable monitoring and measuring resources;
f) the competence and, where applicable, required qualification of
persons;
g) the validation, and periodic revalidation, of the ability to achieve
planned results of any process for production and service provision where
the resulting output cannot be verified by subsequent monitoring or
measurement;
h) the implementation of products and services release, delivery and post-
delivery activities.

What means do you use to identify process outputs to ensure conformity

of products and services?
How do you identify the status of process outputs?

How do you control the unique identification of process outputs, where

applicable? What documented information do you retain?

ready for delivery to the organization’s customer or to an internal customer (e.g.

ducts, services, intermediate parts, components, etc.

What care do you provide for customer or external provider’s property

while under your control?
How do you identify, verify, protect and safeguard that property which is
provided for use or incorporation into your products or services?

What means do you use to report to the customer or external provider if

their property is incorrectly used, lost, damaged or found to be unsuitable
for use?

ols and equipment, customer premises, intellectual property and personal data.

How do you ensure preservation of process outputs during production and

service provision to maintain conformity to product requirements?
ng, storage, transmission or transportation, and protection.

How do you meet requirements for post- delivery activities associated

with products and services?
How do you determine:
Risk;
Nature, use and intended lifetime; Customer feedback;
Statutory and Regulatory requirements, when determining the extent of
post- delivery activities required with products and services?

y provisions, contractual obligations such as maintenance services, and supplementary

How do you review and control unplanned changes to ensure continuing

conformity with specified requirements?

What documented information can you show me which describes the

results of reviews of changes, the personnel authorizing change and any
necessary actions?

Show me how planned arrangement have been implemented at

appropriate stages to verify product and service requirements have been
met. Show me what evidence you retain.

Show me how the release of products and services is held until planned
arrangements for verification of conformity have been satisfactorily
completed, unless approved by a relevant authority, or the customer if
applicable. Show me documented information which shows traceability to
the person authorizing release of products and services.

How do you identify and control process outputs, products and services
that do not conform to requirements and prevent their unintended use or
delivery?

What appropriate corrective actions are taken based on the nature of the
nonconformity and its impact on the conformity of products and services?
How do you apply this to nonconformity detected after delivery?
 How you deal with nonconforming process outputs, products and services
in terms of: Correction;
Segregation, containment, return or suspension of provision of products
and services?
Informing the customer?
Obtaining authorization for use as-is? Release, continuation or re-
provision of the products and service?
Acceptance under concession?

How do you verify conformance where process outputs, products and

services are corrected following nonconformance?
What documented information do you keep following actions taken to
address nonconformities, including any concessions obtained and on the
person or authority that made the decision regarding dealing with the
nonconformance.

Show me how you determine: What needs to be monitored and

measured?
Methods for monitoring, measurement, analysis and evaluation to ensure
valid results?
When to perform monitoring and measuring?
When results shall be analysed and evaluated?

What documented information can you show me that monitoring and

measurement activities have been implemented in accordance with
determined requirements?

Show me how you evaluate the quality performance and the effectiveness
of the QMS.

How do you monitor customer perception of the degree to which

requirements have been met?
How do you obtain information relating to customer views and opinions of
your products and services?

What methods for obtaining and using this information do you have?

mer satisfaction or opinion surveys, customer data on delivered products or services

nd dealer reports.

So me how you analyse and evaluate data and information arising from
monitoring, measurement and other sources.
Show me how the output of analysis and evaluation is used to:
Demonstrate conformity of products and services to requirements?
Assess and enhance customer satisfaction?
Ensure conformity and effectiveness of the QMS?
Demonstrate that planning has been successfully implemented?
Assess process performance?
Assess performance of external providers? Determine the need or
opportunities for improvements within the QMS?

Show me where the results of analysis and evaluation are used to provide
inputs to management review.

Are internal audits being conducted at planned intervals? Do they

determine whether the QMS conforms to the requirements of ISO 9001
and to the other requirements established by Organization? (Review
records to demonstrate conformance)
Do they determine whether the QMS is effectively implemented and
maintained? (Review records)

Can you show me audit programme(s) that takes into consideration the
quality objectives, importance of the processes, customer feedback,
changes impacting the organization and the results of previous audits?
Where are the audit criteria and scope for each audit?
Can you demonstrate that selection of auditors and the conduct of audits
are objective and impartial and that auditors don’t audit their own work?
How are audit results reported to relevant management?
Can you demonstrate that necessary correction and corrective actions are
taken without undue delay?
Can you show me documented information of the audit programme and
the audit results?

What is the frequency that top management reviews the organization's

QMS? How is the QMS deemed suitable, adequate and effective?
 What kinds of information are reviewed in management reviews? These
must include: actions status of previous reviews; changes to
internal/external issues relevant to the QMS;
issues that affect strategy;
KPIs for nonconformities and corrective actions;
monitor and measurement of results; audit results;
customer satisfaction;
issues concerning external providers; issues concerning other relevant
parties; adequacy of resources and effectiveness of QMS;
process performance;
conformity of products and services; actions taken to address risks and
opportunities and their effectiveness; new potential opportunities for
continual improvement.

Show me that management reviews include decisions and actions relating

to: Continual improvement opportunities;
The need for changes to the QMS including resource needs.

Show me what documented information you have as evidence of

management reviews.

How do you determine and select opportunities for improvement? What

necessary actions have you implemented so that you have met customer
requirements and enhanced customer satisfaction?

Show me how you have: Improved processes to prevent nonconformities;

Improved products and services to meet known and predicted
requirements; Improved QMS results.

ction), incrementally (e.g. continual improvement), by step change (e.g.

(e.g. transformation).
 When nonconformities occur, show me how;
You react;
Take action to control and correct it; Deal with the consequences;
Evaluate the need for action to eliminate the cause so that it does not
recur or occur elsewhere by:
Reviewing the nonconformity; Determining the cause of the
nonconformity;
Determining if similar nonconformities exist or could potentially occur;
Actions needed are implemented; Review the effectiveness of corrective
actions taken, if any;
Make necessary changes to the QMS.

Show me how correction actions were appropriate to the effects of the

nonconformities encountered.

cause of a nonconformity. NOTE 2 Corrective action can reduce the likelihood of

What documented information can you show me as evidence of:

The nature of the nonconformities and subsequent actions taken;
The results of any corrective action.

Demonstrate that you continually improve the suitability, adequacy and

effectiveness of the QMS.

Demonstrate that outputs of analysis and evaluation and the outputs from
management review are considered to confirm if there are areas of
underperformance or opportunities that shall be addressed as part of
continual improvement.

What applicable tools and methodologies for investigation of the causes of

underperformance and to support continual improvement are selected?
 = Planned Internal Audit
* Checks will be indicated by divisions/department.
SCHEDULE
Who to go to Jan Feb Mar Apr May Jun Jul
INT AUD INT AUD
Check Check Check Check Check Check Check
MGT MGT

MGT MGT
EDULE
Aug Sep Oct Nov Dec

Check Check Check Check Check

ISO 9001 & 45001 IMPLEMENTATION PLAN & TIMELINE

TASK ID
Task Name Document References
ORIGI
PLAN

1 Find out about ISO 9001:2015 Guideline ISO 9001:2015 Standard

2 Top Management Commitment ISO 9001:2015

MONTH 1: LEARN

3 Choose a Certification Agency & Define TUV

Scope
Conduct a Gap Analysis & Internal &
MONTH 1: LEARN & PLAN

4 Gap Analysis Template

External Issues

5 Management Review Month 1 Review Checklist

6 Establish an Implementation Team Team Members

7 Develop the Audit Plan This document

MONTH 2: PLAN

8 Identify Key Processes & Legal Issues Key Process

9 Involve & Communicate with Employees Employee [Link]

10 Management Review Month 2 Review Checklist

11 Define the Quality Policy, Risk & IMS Policy

Opportunity Matrix
MONTH 3 & 4: DEFINE

12 Communicate the Quality Policy To Office and Site

13 Define the IMS Objectives IMS Objectives Template

MONTH 2, 3 & 4: DEFINE & BUILD

14 Establish Roles & Responsibilities To each Employee

15 Management Review Month 3 to 4 Review Checklist

16 Develop the IMS Manual IMS Manual Template

MONTH 5 & 6: BUILD

17 Develop the Mandatory Procedures Mandatory Procedures Templates

18 Develop the Operational Procedures & Operational Procedures Templates

Statutory Compliances

19 Select and Train Internal Auditors Internal Auditor Training (External)

20 Management Review Month 5 to 6 Review Checklist

 21 Provide Employee Training IMS - Awareness Training (External Agency)
MONTH 7: LAUNCH

22 Implement the IMS Management System Functional Procedures

MONTH 5 & 6: LAUNCH & REVIEW

23 Audit the Quality/Safety System Internal Audit Checklist

24 Management Review Month 7 Review Checklist

25 Begin Process Auditing Key Process Audit Checklists

MONTH 8: REVIEW

26 Implement System Changes

27 Refine the System

28 Management Review Month 8 Review Checklist

29 Certification Body Preliminaries

30 Pre-assessment Audit
MONTH 9: ASSESSMENT

MONTH 7: ASSESSMENT

31 Correct Non-conformances & Corrective

Action

32 Management Review Month 9 Review Checklist

33 Certification Day

34 Surveillance Audits

35 Maintain and Improve the IMS

 Document References Start Date Target Date % Action/Who
Complete

02.05.2019 02.05.2019 Q/S

02.05.2019 15.05.2019 Top Management

03.10.2019 11.10.2019 Top

Management/Q/S

02.05.2019 13.05.2019 Q/S

31.05.2019 31.05.2019 All Functional

02.05.2019 15.05.2019 Top Management

02.05.2019 02.05.2019 Q/S

06.05.2019 15.05.2019 All Functional

20.05.2019 30.09.2019 All Functional

31.05.2019 31.05.2019 All Functional

Risk & Opportunity Matrix Template 02.05.2019 25.06.2019 Top

Management/Q/S

13.05.2019 30.10.2019 HR

Top Management/All
30.06.2019 28.07.2019 Functional

15.05.2019 28.06.2019 HR

st 28.06.2019 28.06.2019 All Functional

15.05.2019 15.07.2019 Q/S

lates 15.05.2019 15.07.2019 Q/S, All Functional

plates 15.06.2019 15.07.2019 ALL Functional / HR

ernal) 15.07.2019 30.09.2019 Top Management

st 31.07.2019 31.07.2019 All Functional

ternal Agency) 8.08.2019 31.07.2019 HR

15.08.2019 Continue All Functional

25.09.2019 Continue Q/S

28.09.2019 28.08.2019 All Functional

15.10.2019 Continue Internal Auditors

20.10.2019 Continue Q/S

20.10.2019 Continue Q/S

23.10.2019 26.09.2019 All Functional

14.11.2019 Continue Q/S

14.11.2019 Continue Q/S

25.11.2019 Continue Q/S

29.11.2019 29.11.2019 All Functional

Dec 2019 last week Q/S

Ongoing

Ongoing
 PLAN DO REVIEW ACT

Month 1 Month 2 Month 3 Month 4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Month 4 Month 5 Month 6 Month 7 Month 8
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Month 8 Month 9 Month 10 Month 11 Month 12
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
Month 12
46 47 48