IMS of Quality, Environment and OH&S Internal Audit checklist

EHS documentation 39 Minutes

The following checklist for IMS of quality, environment and OH&S can be used for both internal audits as well as Gap Analysis tools.

IMS Checklist
Clause 4: Context of the organization
4.1 Understanding the organization and its context
1Has the organization determined the external and internal issues relevant to the Purpose & strategic direction of its IMS and that can affect its ability to achieve the intended results?
2Does the organization monitor and review information about these external and internal issues?
3Does it includes environmental conditions that impact or are impacted by the organization?
4Has the organization determined whether climate change is a relevant issue?
4.2 Understanding the needs and expectations of interested parties
1Has the organization determined the interested parties that are relevant to the IMS?
2Has the organization determined the requirements of these interested parties relevant to the IMS?
3Has the organization determined which of these needs and expectations becomes its compliance obligation including legal and other requirements?
4Does the organization monitor and review the information about these interested parties and their relevant requirement?
4.3Determining the scope of the quality management system
1Has the organization established the scope of its IMS?
2Has the organization determined the boundaries and applicability of the IMS?
3Does the scope consider planned or performed work-related activities and include activities, products, and services that impact OH&S performance?
4While determining Applicability, does the organization determine if it affects its ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction?
5When determining the scope, how does the organization consider external and internal issues referred to in 4.1, the requirements of relevant interested parties referred to in 4.2 , and its products and services?
6Does the scope includes organizational units, functions, physical boundaries, activities, products, services, and the organization’s control and influence, with all within-scope elements included in the system?
7Is the scope documented and available to its interested parties
4.4 Integrated Management System related to Quality, Environmental and OH&S and its processes.
1Has the organization established, implemented, maintained and continually improved its IMS including including the necessary processes and their interactions?
4.4.1
1Has the organization determined the processes needed for the IMS?
2Has the organization addressed the risks and opportunities associated with these processes?
3Has the organization considered the knowledge gained in 4.1 and 4.2 when establishing and maintaining the Integrated management system?
4Has the organization determined the application of these processes throughout the organization?
5Has the organization determined and applied the criteria and methods needed to ensure the effective operation and control of these processes?
6Has the organization determined the sequence and the interaction of these processes?
7Has the organization determined the resources needed for the organization?
8Has the organization ensured the availability of the resources needed for these processes?
9Has the organization assigned the responsibilities and authorities for these processes?
10Has the organization evaluated these processes and implemented any changes needed to ensure that these processes achieve their intended results?
11Has the organization improved in its processes and its IMS?
12Does the scope give justification for any requirements that the organization determines and does not apply to the scope of its IMS?
4.2.2 
1Has the organization maintained documented information to support the operation of its processes?
2Do the organization retain documented information as evidence that the processes have been carried out as planned?
Clause 5Leadership and worker participation
5.1Leadership and commitment
5.1.1General
1Does the top management demonstrate leadership and commitment by taking accountability for the effectiveness of its IMS?
2How does the top management take accountability for their effectiveness including accountability for the prevention of work-related injury and ill health, as well as the provision of safe and healthy workplaces and activities?
3Has the top management ensured that the Quality, Environmental and OH&S policy and Quality, Environmental and OH&S objective are established?
4Is the Quality, Environmental and OH&S policy and Quality, Environmental and OH&S objective compatible with the context and strategic direction of the organization?
5Has the organization integrated the requirements of IMS with the business processes?
6How does the top management promote the use of the process approach and risk-based thinking?
7Are the risks and opportunities that can affect the conformity of products and services and the ability to enhance customer satisfaction determined and addressed?
8How does the top management ensure that the resources needed to establish, implement, maintain and improve the quality, environmental, and OH&S management system are available?
9Is the importance of the effectiveness of and conformity of IMS and meeting IMS requirements communicated?
10Does the top management ensure that the QMS is achieving its Intended results?
11Does Top Management engage, directs and supports the persons required to contribute to the effectiveness of the IMS requirements?
12Is Top Management promoting improvements?
13Is Top Management supporting other relevant management roles to demonstrate their leadership as it applies to their area of responsibilities?
13How does the top management ensure the developing, leading and promoting a culture in the organization that supports the intended outcomes of the Integrated management system?
14How does the organization ensure the protecting workers from reprisals when reporting incidents, hazards, risks and opportunities?
15How does the organization establish and implement process for consultation and
participation of workers?
16Has the organization have established and have a functioning health and safety committees,?
5.1.2Customer Focus
1Does the Top Management demonstrate leadership and commitment by ensuring that customer and applicable statutory and regulatory requirements are determined, understood and are consistently meeting the requirements?
2Is the focus on enhancing customer satisfaction maintained?
3Is quality policy appropriate to the purpose and context of the organization and does it support its strategic directions?
5.2Policy
5.2.1Establishing the quality Environmental and OH&S policy
1Has the Top Management established, implemented and maintained a Quality Environmental and OH&S policy?
2Is the policy appropriate to its purpose and context, supporting its strategic direction?
3Does the policy include the nature, scale, and environmental impacts of its activities, products, and services?
4Does the policy include a commitment to providing safe and healthy working conditions for preventing work-related injury and ill health, considering the specific nature of its OH&S risks and opportunities?
5Does the policy provide the framework for setting Quality, Environmental and OH&S objective?
6Does the policy includes a commitment to the protection of the environment, including prevention of pollution and other specific commitment(s) relevant to the context of the organization?
7Does the policy includes a commitment to satisfy applicable requirements?
8Does the policy includes a commitment to fulfil its compliance obligations include legal and other requirement?
9Does the policy includes a commitment to eliminate hazards and reduce OH&S risks ?
10Does the policy includes includes a commitment to continual improvement of the quality, environmental and OH&S management system to enhance its quality , environmental and OH&S performance?
11Does the policy includes includes a commitment to consultation and participation of workers, and, where they exist, workers’ representatives?
5.2.2Communicating the quality policy
1Is the policy relevant and appropriate?
2Is policy is available and maintained as documented information?
3Is policy communicated, understood and applied within the organization?
4Is Quality policy appropriate and made available to the relevant interested parties?
5.3Organizational roles, responsibilities and authorities
1Has the Top management ensured that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization?
2Are the Organizational roles, responsibilities and authorities maintained as documented information within the organization?
3How does the Workers at each level of the organization assume responsibility for those aspects of the management system over which they have control?
4While assigning the responsibilities and authorities, do the top management ensure that the quality, environmental and OH&S management system conforms to the requirements of this Standard?
5While assigning the responsibilities and authorities, does the top management ensure that the performance of its IMS and opportunities for improvement are reported to them?
6While assigning the responsibilities and authorities, does the top management ensure that the processes are delivering their intended outputs?
7While assigning the responsibilities and authorities, does the top management ensure that there is the promotion of customer focus throughout the organization?
8While assigning the responsibilities and authorities, does the top management ensure that the integrity of the integrated management system is maintained when changes to the integrated management system are planned and implemented?
5.4 Consultation and Participation of workers
1Has the organization implemented , established and maintained processes for the consultation and participation of workers at all applicable levels and functions and where they exit the workers representative in the development, planning , implementation, performance evaluation and action for improvement of the OH&S management system?
2Does the organization provide mechanisms, time, training and resources necessary for consultation and participation?
3Does the organization provide timely access to clear, understandable and relevant information about the OH&S management system?
4Does the organization determine and remove obstacles or barriers to participation and minimize those that cannot be removed?
5Does the consultation of non-managerial workers emphasize on determining the needs and expectations of interested parties?
6Does the consultation of non-managerial workers emphasize on establishing the OH&S policy?
7Does the consultation of non-managerial workers emphasize on assigning organizational roles, responsibilities and authorities, as applicable?
8Does the consultation of non-managerial workers emphasize on determining how to fulfill legal requirements and other requirements?
9Does the consultation of non-managerial workers emphasize on establishing OH&S objectives and planning to achieve them?
10Does the consultation of non-managerial workers emphasize on determining applicable controls for outsourcing, procurement and contractors?
11Does the consultation of non-managerial workers emphasize on determining what needs to be monitored, measured and evaluated?
12Does the consultation of non-managerial workers emphasize on planning, establishing, implementing and maintaining an audit program?
13Does the consultation of non-managerial workers emphasize on ensuring continual improvement?
14Does the participation of non-managerial workers determine the mechanisms for their consultation and participation?
15Does the participation of non-managerial workers identify hazards and assessing risks and opportunities?
16Does the participation of non-managerial workers determine actions to eliminate hazards and reduce OH&S risks?
17Does the participation of non-managerial workers determine competence requirements, training needs, training and evaluating training?
18Does the participation of non-managerial workers determine what needs to be communicated and how this will be done?
19Does the participation of non-managerial workers determine control measures and their effective implementation and use?
20Does the participation of non-managerial workers emphasize on investigating incidents and nonconformities and determining corrective actions?
Clause 6Planning
6.1Actions to address risks and opportunities
6.1.1
1Have the organization established, implemented and maintained the process needed to meet the requirements in 6.1.1 to 6.1.4?
2While determining risk and opportunities does the organization consider the issues referred to in 4.1 (context), the requirements referred to in 4.2 (interested parties) and 4.3 (the scope of its Integrated management system)?
3Does the organization’s risk and opportunities process assure that the Integrated management system can achieve its intended outcome?
4Does the organization’s risk and opportunities process achieve continual improvement?
5Does the organization’s risk and opportunities process prevent, or reduce, undesired effects?
6Does the organization’s risk and opportunities process enhance desirable effects?
7When determining the risks and opportunities, does the organization take into account environmental aspects?
8When determining the risks and opportunities, does the organization take into account hazards?
9When determining the risks and opportunities, does the organization take into account OH&S risks and other risks?
10When determining the risks and opportunities, does the organization take into account OH&S opportunities and other opportunities ?
11When determining the risks and opportunities, does the organization take into account compliance obligations including legal requirements and other requirements ?
12 When determining the risks and opportunities, does the organization shall determine potential emergency situations, including those that can have an environmental impact and safety hazards.
13Do the organization s maintain documented information of its risks and opportunities that need to be addressed and the processes needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned?
6.1.2 Environmental aspects, Hazard identification and assessment of risks and opportunities
6.1.2.1 Hazard identification
1Has organisation established, implemented and maintained a processes for hazard identification that is ongoing and proactive.?
2While determining the hazards, has the organization taken into account how work is organized, social factors (including workload, work hours, victimization, harassment and bullying), leadership and the culture in the organization?
3While determining the hazards, has the organization taken into account routine and non-routine activities and situations like infrastructure, equipment, materials, substances and the physical conditions of the workplace?
4While determining the hazards, has the organization taken into account routine and non-routine activities and situations like product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance and disposal;
5While determining the hazards, has the organization taken into account human factors and how the work is performed?
6While determining the hazards, has the organization taken into account past relevant incidents, internal or external to the organization, including emergencies, and their causes?
7While determining the hazards, has the organization taken into account potential emergency situations?
8While determining the hazards, has the organization taken into account of those people with access to the workplace and their activities, including workers, contractors, visitors and other persons?
9While determining the hazards, has the organization taken into account those people in the vicinity of the workplace who can be affected by the activities of the organization?
10While determining the hazards, has the organization taken into account those workers at a location not under the direct control of the organization?
11While determining the hazards, has the organization taken into account the design of work areas, processes, installations, machinery/ equipment, operating procedures and work organization, including their adaptation to the needs and capabilities of the workers involved?
12While determining the hazards, has the organization taken into account situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organization?
13While determining the hazards, has the organization taken into account situations not controlled by the organization and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace?
14While determining the hazards, has the organization taken into account actual or proposed changes in organization, operations, processes, activities and the OH&S management system?
15While determining the hazards, has the organization taken into account changes in knowledge of, and information about, hazards?
6.1.2.2 Assessment of OH&S risks and other risks to the OH&S management system
1Has organisation established, implemented and maintained processes to assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls?
2Has organisation established, implemented and maintained a processes to determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S management system?
3Are the organization’s methodologies and criteria for the assessment of OH&S risks defined with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way?
4Does the organization maintain documented information on the methodologies and criteria?
6.1.2.3 Assessment of OH&S opportunities and other opportunities for the OH&S management system
1Has organisation established, implemented and maintained processes to assess OH&S opportunities to enhance OH&S performance, while taking into account planned changes to the organization, its policies, its processes or its activities ?
2Has organisation established, implemented and maintained processes to assess opportunities to adapt work, work organization and work environment to workers?
3Has organisation established, implemented and maintained processes to assess opportunities to eliminate hazards and reduce OH&S risks?
4Has organisation established, implemented and maintained processes to assess other opportunities for improving the OH&S management system?
6.1.2.4Environmental Aspects
1Has the organisation determined the environmental aspects of its activities, products, and services that it can control and influence and their associated impacts considering the life cycle perspective?
2While determining the environmental aspects, has the organization taken into account change including planned or new developments and new or modified activities, products and services?
3While determining the environmental aspects, has the organization taken into account abnormal conditions and reasonably foreseeable emergency situations?
4What criteria has the organization used to determine those aspects that can have a significant environmental impact and how are these communicated at the various levels within the organization?
5Are aspects and impacts maintained as documented information, significant aspects including the criteria used to determine its significance?
6.1.3Determination of Compliance obligations, including the legal and other requirements.
How does the organization determine and have access to the compliance obligations related to its environmental aspects and up-to-date legal requirements and other requirements that are applicable to its hazards, OH&S risks and integrated management system?
how does the organization apply these compliance obligations including legal requirements and other requirements to the organization and determine what needs to be communicated?
Has the organization taken these compliance obligations including legal requirements and other requirements into account when establishing, implementing, maintaining and continually improving its Integrated management system?
Has the organization maintained and retained documented information on its legal requirements and other requirements and how does the organization ensure that it is updated to reflect any changes?
6.1.4 Planning action
What action have the organization planned to address these risks and opportunities?
What action have the organization planned to address significant environmental aspects and safety hazards?
1What action have the organization planned to address legal requirements and other requirements?
What action have the organization planned to prepare for and respond to emergency situations?
How does the organization integrate and implement the actions into its Quality, environment and OH&S management system processes or other business processes?
Has the organization evaluated the effectiveness of these actions?
2Is the action proportionate to the potential impact on the conformity of products and services?
3Has the organization taken into account the hierarchy of controls and outputs from the Integrated management system when planning to take action?
4When planning these actions, has the organization considered its best practices, technological options and its financial, operational and business requirements?
6.2Quality, Environmental and OH&S objectives and planning to achieve them
6.2.1 Quality, Environmental and OH&S objectives
1Has the organization shall establish Quality, Environment and OH&S objectives at relevant functions and levels in order to maintain and continually improve the Integrated management system and Quality, Environment and OH&S performance?
2Are the Quality, Environmental and OH&S objectives consistent with the Quality, Environmental and OH&S policy?
3Are the Quality, Environmental and OH&S objectives measurable or capable of performance evaluation?
4Are the objectives relevant to conformity of products and services and to enhancement of customer satisfaction?
5Does establishing policy take into account the applicable requirements?
6Does it considers its risks and opportunities?
7Does it considers its significant environmental aspects and safety hazards
8Does it considers its associated compliance obligations including legal requirement and other requirement?
9Does it considers the results of consultation with workers and, where they exist, workers’ representatives;
10Are the objectives monitored, communicated and updated as required?
6.2.2Planning to achieve Quality, Environmental and OH&S objectives
For achieving the objectives does the organization determine what will be done, what resources will be required, who will be responsible and when it will be completed?
how the results are evaluated, including indicators for monitoring progress toward achievement of its measurable Quality, Environmental and OH&S objectives?
how the actions to achieve Quality, Environmental and OH&S objectives integrated into the organization’s business processes?
Does the organization maintain and retain documented information on the objectives and plan to achieve them?
6.3Planning for change
1While determining changes for the IMS, are changes carried out in a planned manner?
2While planning for change, does the organization consider the purpose of the change and their potential consequence; the integrity of the IMS; the availability of resources; and the allocation and reallocation of responsibilities and authorities?
Clause 7Support
7.1Resources
7.1.1General
1Has the organization determined and provided the resources needed for the establishment, implementing, maintaining and continually improvement of the IMS?
2Has the organization considered the capabilities and constraints of existing internal resources?
3Has the organization considered what needs to be obtained from external providers?
7.1.2People
1Has the organization determined and provided the persons required for effective implementation of IMS and for operation and control of its processes?
7.1.3Infrastructure
1Has the organization determined and maintained the infrastructure needed for the operation of its processes and to achieve conformity of product and services?
7.1.4Environment for the operation of processes
1 Has the organization determined, provided and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services?
7.1.5Monitoring and measuring resources
7.1.5.1General
1Has the organization determined and provided the necessary resources needed when monitoring and measuring are used to verify conformity to product and service requirement?
2Are resources suitable for the type of monitoring and measurement activities undertaken?
3Are resources maintained to ensure their continuing fitness?
4Does the organization retain appropriate documented information as evidence of fitness for the purpose of the monitoring and measurement resources?
7.1.5.2Measurement traceability
1Is there a requirement for measurement traceability?
2Where measurement traceability is a requirement, is measurement equipment calibrated or verified at a specified interval or prior to use?
3Is the calibration done against measurement standards traceable to national or international standards?
4Where no such standard exists, are documented information retained for the basis used for calibration or verification?
5While addressing changing needs and trends, does the organization consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates?
6Are the measuring equipment identified in order to determine their status?
7Is the measuring equipment safeguarded from adjustments, damage or deterioration that would invalidate the calibration and subsequent measurement results?
8Are the measuring equipment safeguarded from adjustments, damage or deterioration that would invalidate the calibration and subsequent measurement results?
7.1.6Organizational knowledge
1Does the organization determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services?
2Does the organization maintain this knowledge and make it available to the extent necessary?
3Does the organization determine and take appropriate action if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose?
7.2 Competence
1How does the organization determine the necessary competence of person(s) doing work including workers under its control that affects or can affect the quality, environmental and OH&S performance, its ability to fulfil its compliance obligations and effectiveness of the quality management system?
2How does the organization ensure that these persons also workers are competent (including the ability to identify hazards) on the basis of appropriate education, training, or experience?
3How does the organization determine training needs associated with its environmental aspects and its environmental management system?
4Where applicable, what actions are taken to acquire and maintain the necessary competence, and how do you evaluate the effectiveness of the actions taken?
5Does the organization retain the appropriate documented information as evidence of competence?
7.3Awareness
1How does the organization ensure that the persons doing work under the organization’s control are aware of the quality, environmental, OH&S policy and relevant quality, environmental, OH&S objectives?
2How does the organization ensure that the persons doing work under the organization’s control are aware of their contribution to the effectiveness of the quality, environmental, OH&S management system, including the benefits of improved quality, environmental and OH&S performance?
3How does the organization ensure that the persons doing work under the organization’s control are aware of the implications and potential consequences of not conforming to the quality, environmental, OH&S management system requirements including the benefits of enhanced quality, environmental, OH&S performance and not fulfilling the organization’s compliance obligations?
4How does the organization ensure that the persons doing work under the organization’s control are aware of the significant environmental aspects and related actual or potential environmental impacts associated with their work?
5How does the organization ensure that the persons doing work under the organization’s control are aware of incidents and the outcomes of investigations that are relevant to them?
6How does the organization ensure that the persons doing work under the organization’s control are aware of hazards, OH&S risks and actions determined that are relevant to them?
7How does the organization ensure that the persons doing work under the organization’s control are aware of the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so?
7.4Communication
7.4.1 General
1Has the organization established, implemented and maintained the processes needed for the internal and external communications relevant to the quality, environmental, OH&S management system?
2Does the process includes on what it will communicate, when to communicate, how to communicate, and who communicates?
3Does the process includes with whom to communicate internally among the various levels and functions of the organization, among contractors and visitors to the workplace and among other interested parties?
4Has the organization taken into account diversity aspects e.g. gender, language, culture, literacy,
disability when considering its communication needs?
5Has the organization taken the views of external interested parties are considered in establishing its communication processes?
6When establishing its communication processes, has the organization taken into account its Compliance obligation including legal requirements and other requirements?
7How does the organization ensures that quality , environmental and OH&S information to be communicated is consistent with information generated within Integrated management system, and is reliable?
8How does the organization responds to relevant communications on its Integrated management system?
9How does the organization retains documented information as evidence of its communications, as appropriate?
7.4.2 Internal communication
1How does the internally communicate information relevant to the Integrated management system among the various levels and functions of the organization, including changes to the Integrated management system, as appropriate?
2How does the organization ensure its communication processes enables persons doing work includes workers to contribute to continual improvement?
7.4.3 External communication
1How does the organization externally communicate information relevant to the Integrated management system, as established by the organization’s communication processes and taking into account its Compliance obligations included legal requirements and other requirements?
7.5Documented Information
7.5.1General
1Does the organization’s IMS include documents required by this standards and documents determined by the organization necessary for the effectiveness of the IMS?
7.5.2Creating and updating
1While creating and updating documented information, does the organization ensure it is appropriate in terms of identification and descriptions?
2While creating and updating documented information does the organization ensure that it is in proper format and in the correct media?
3While creating and updating documented information, does the organization ensure that there are appropriate review and approval for suitability and adequacy?
7.5.3Control of documented information
1Does the organization control its documented information to ensure that it is available and suitable for use, whenever it is needed?
2Is the documented information adequately protected?
1Is the distribution, access, retrieval and use of documented information adequately controlled?
2Is the documented properly stored and adequately preserved and it is legible?
3Is there control of changes (e.g. version control)?
4Are their adequate control in place for retention and disposition?
5Is external origin documented information necessary for planning and operation of IMS appropriately identified and controlled?
6Are records protected for unintended alterations?
Clause 8Operations
8.1Operation planning and control
8.1.1 General
1Does the organization plan, implement and control the processes needed to meet the requirement for the provision of product and services and to implement the action determined in clause 6?
2Does the organization determine the requirements for the products and services?
3Has the organization established criteria for the processes and acceptance of products and services?
4Does the organization adapt work to workers?
5Does the organization determine the resources needed to achieve conformity to the product and service requirements?
6Does the organization implement controls of the processes in according with the criteria?
7Does the organization determine, maintain and retain necessary documented information to have confidence that the processes have been carried out as planned and to demonstrate the conformity of products and services?
8Does the organization control its planned changes and review the consequences of unintended changes?
9Does the organization take action to mitigate any adverse effects of its unintended changes?
10At multi-employer workplaces, does the organization coordinate the relevant parts of the Integrated management system with the other organizations?
11Is the output of this planning suitable for the organization’s operations?
12How are outsources process controlled or influenced?
13Is the type and extent of control or influence to be applied to the process defined within the Integrated management system?
14Consistent with a life cycle perspective, how does the organization establish controls, as appropriate, to ensure that its environmental requirements are addressed in the design and development process for the product or service, considering each life cycle stage?
15Consistent with a life cycle perspective, how does the organization determine its environmental requirements for the procurement of products and services, as appropriate?
16Consistent with a life cycle perspective, how does the organization communicate its relevant environmental requirements to external providers, including contractors?
17Consistent with a life cycle perspective, how does the organization consider the need to provide information about potential significant environmental impacts associated with the transportation or delivery, use, end-of-life treatment and final disposal of its products and services?
8.1.2 Eliminating hazards and reducing OH&S risks
Has the organization established, implemented and maintained processes for the elimination of hazards and reduction of OH&S risks using the following hierarchy of controls:
a) eliminate the hazard.
b) substitute with less hazardous process, operations, materials or equipment.
c) use engineering controls and reorganization of work.
d) use administration controls, including training.
e) use adequate personal protective equipment.
8.1.3 Management of change
1Has the organization established processes for the implementation and control of planned temporary and permanent changes that impact environmental and OH&S performance including new products, services and processes, or changes to existing products, services and processes, including workplace locations and surroundings, working organization, working conditions, Equipment, work force?
2Has the organization established processes for the implementation and control of planned temporary and permanent changes that impact performance including changes to Compliance obligation including legal requirements and other requirements?
3Has the organization established processes for the implementation and control of planned temporary and permanent changes that impact performance including changes to knowledge or information about environmental aspects, OH&S hazards and OH&S risks?
4Has the organization established processes for the implementation and control of planned temporary and permanent changes that impact performance including developments in Knowledge and technology?
5Does the organization review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary?
8.1.4 Procurement
8.1.4.1 General
1Has the organization established, implemented and maintained processes to control the procurement of products and services in order to ensure their conformity to its Integrated management system?
8.1.4.2 Contractors
Does the organization coordinate its procurement processes with its contractors, in order to identify environmental aspect and safety hazards and assess and control the environmental aspect and safety hazards arising from the contractors’ activities and operations that impact the organization?
Does the organization coordinate its procurement processes with its contractors, in order to identify environmental aspect and safety hazards and assess and control the risks arising from the organization’s activities and operations that impact the contractors workers?
Does the organization coordinate its procurement processes with its contractors, in order to identify environmental aspect and safety hazards and assess and control the HSE risks arising from the contractors’ activities and operations that impact other interested parties in the workplace?
How does the organization ensure that the requirements of its Integrated management system are met by contractors and their workers?
Do the organizations procurement processes define and apply occupational HSE criteria for the selection of contractors?
8.1.4.3 Outsourcing
1How does the organization ensure outsourced functions and processes are controlled?
2Does the organization ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended outcomes of the Integrated management system?
3Has the type and degree of control to be applied to these functions and processes been defined within the Integrated management system?
8.2Requirements for products and services
8.2.1Customer communication
1Does the organization communicate with customers to provide information relating to products and services, handling enquiries, contracts or orders (including any changes)?
2Does the organization obtain customer feedback relating to products and services including customer complaint?
3Does the organization communicate with the customers relating to handling or controlling customer property?
4Has the organization established requirements for contingency action, where required?
8.2.2Determining the requirements for products and services
1Has the organization determined the requirements for product and services to be offered the customer?
2Are the requirements defined and does it includes applicable statutory regulatory requirements and those considered necessary by the organization?
3Can the organization meet the claims for the product and services it offers?
8.2.3Review of the requirements for products and services
1Has the organization ensured that it has the ability to meet the requirements for products and services?
2Has the organization conducted a review before committing to supply product and services?
3Has the organization reviewed the requirements specified by the customer, including the requirements for delivery and post-delivery activities?
4Has the organization reviewed the requirements not stated by the customers but necessary for the specified or intended use when know?
5Has the organization reviewed the statutory & regulatory requirements applicable to the product and services and requirements specified by the organization?
6Have the organization reviewed and resolved contract or order requirements differing for those previously defined?
7When the customer does not provide a documented statement of their requirement, does the organization conform to the customer’s requirements before acceptance?
8Does the organization retain documented information on the results of the review and on any new requirements for the products and services?
8.2.4Changes to requirements for products and services
1Does the organization ensure that the relevant documented information is amended and the relevant persons are made aware of the changed requirements when the requirements for the products and services are changed?
8.2.5 Emergency preparedness & response
1Has the organization established, implemented and maintained the processes needed to prepare for and respond to potential emergency situations ?
2Has the organization established a planned response to emergency situations, including the provision of first aid?
3How is the organization prepared to respond by planning actions to prevent or mitigate adverse environmental impacts from emergency situations?
4How will the organization respond to actual emergency situations?
5What action will the organization take to prevent or mitigate the consequences of emergency situations, appropriate to the magnitude of the emergency and the potential environmental impact and OH&S risks?
6How will the organization provide relevant information and training related to emergency preparedness and response, as appropriate, to relevant interested parties, including persons working under its control?
7How does the organization evaluate performance and, as necessary, revising the planned response, including after testing and, in particular, after the occurrence of emergency situations?
8How will the organization communicate and provide relevant information to all workers on their duties and responsibilities?
9How does the organization communicate relevant information to contractors, visitors, emergency response services, government authorities and, as appropriate, the local community?
10 How does the organization take into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response?
11How does the organization maintain and retain documented information on the processes and on the plans for responding to potential emergency situations?
8.3Design and development of products and services
8.3.1General
1 Has the organization established, implemented and maintain a D&D process that is appropriate to the subsequent provision of product and services?
8.3.2Design and development planning
1In determining the stages and controls for D&D, has the organization is taken into consideration the nature, duration and complexity of D&D activities?
2In determining the stages and controls for D&D, has the organization taken into consideration the required process stages including D&D reviews?
3In determining the stages and controls for D&D, has the organization taken into consideration the D& D verification and validation activities?
4In determining the stages and controls for D&D, has the organization taken into consideration the responsibilities and authorities involved in the D&D process?
5In determining the stages and controls for D&D, has the organization taken into consideration the external and internal resources needed?
6In determining the stages and controls for D&D, has the organization taken into consideration the need to control interfaces between persons involved in D&D?
7In determining the stages and controls for D&D, has the organization taken into consideration the need for involvement of customer and user?
8In determining the stages and controls for D&D, has the organization taken into consideration the requirements of the subsequent provision of product and services?
9In determining the stages and controls for D&D, has the organization taken into consideration the level of the control expected for the D&D by customers and other relevant interested parties?
10In determining the stages and controls for D&D, has the organization taken into consideration the documented information needed to demonstrate that design and development requirement has been met?
8.3.3Design and Development inputs
1Has the organization determined the essential requirements for the specific types of products and services to be designed and developed?
2Does the organization consider the following functional and performance requirements; statutory and regulatory requirements; standards or code of practices that the organization has committed to implement; information derived from previous design and development activities; potential consequences of failure due to the nature of the product and services?
3Does the organization ensure that the inputs are adequate for D&D purpose, complete and unambiguous?
4Does the organization resolve the conflicting D&D inputs?
5Are documented information for D&D inputs retained?
8.3.4Design and development controls
1Has the organization applied the necessary controls to D & D processes to ensure that the result to be achieved are defined?
2Has the organization conducted a review to evaluate the ability of the results of D& D to meet the requirements?
3Has the organization conducted the verification to ensure that D&D output meet input requirements?
4Has the organization conducted the validation to ensure that the resulting product and service meet the requirements of the specified application or intended use?
5Has the organization taken necessary action on the problems determined during reviews, verification or validation activities?
6Has the organization retained documented information on the above-mentioned activities?
8.3.5Design and Development outputs
1Does the organization ensure that D&D outputs meet the input requirements?
2Does the organization ensure that D&D outputs are adequate for the subsequent processes for the provision of product and services?
3Does the organization ensure that D&D outputs include (or has reference) monitoring and measuring requirements and acceptance criteria?
4Does the organization ensure that D&D outputs specify the characteristics of the products and services that are essential for their intended use?
5Does the organization retain documented information on design and development outputs?
8.3.6Design and Development changes
1Has the organization identified, reviewed and controlled changes made during, or subsequent to the D & D of the product and services to ensure that there is no averse to the impact on conformity to requirement?
2Has the organization retained the documented information on D&D changes, the result of reviews, authorization of the changes and the action taken to prevent adverse impact?
8.4Control of externally provided processes, products and services
8.4.1General
1Does the organization ensure that the externally provided processes, products and services conform to the requirements?
2Does the organization determine the controls needed when the product and services from the external providers are incorporated into their own product and services?
3Does the organization determine the controls needed when the product and services from the external providers are provided directly to the customer by external providers?
4Does the organization determine the controls needed when the process or part of the process is provided by the external providers?
5Has the organization determined and applied the criteria for selection, evaluation, monitoring of performance and re-evaluation of external providers?
6Has the organization retained the documented information of these activities and any action arising out or evaluation/re-evaluation?
8.4.2Type and extent of control
1Does the organization ensure that the externally provided processes, product and services do not adversely affect its ability to consistently deliver conforming products and services to the customers?
2Does the organization ensure that the externally provided process remains within the control of its IMS?
3Has the organization defined the controls to be applied to an external provider and its resulting outputs?
4Has the organization taken into consideration the potential impact of the organization’s ability to consistently meet customer and applicable statutory and regulatory requirement?
5Has the organization taken into consideration the effectiveness of the controls applied by the external providers?
6Has the organization determined the verification or other activities, necessary to ensure that the externally provided processes, products and services meet requirements?
8.4.3Information for external providers
1Does the organization ensure the adequacy of requirements prior to their communication to the external provider?
2Does the organization communicate to the external providers its requirements for the processes, products and services required?
3Does the organization communicate to the external providers its requirements for the approval of the product and services; methods, processes and equipment; the release of product and services?
4Does the organization communicate to the external providers its requirements for competence including any qualification of persons?
5Does the organization communicate to the external providers its requirements for external provider’s interactions with the organizations?
6Does the organization communicate to the external providers its requirements for control and monitoring of the external providers’ performance to be applied by the organization?
7Does the organization communicate to the external providers its requirements for verification or validation activities that the organization or its customer intends to perform at the external providers’ premises?
8.5Production and Service provision
8.5.1Control of production and service provision
1Has the organization implemented production and service provision under controlled conditions?
2 Are there any documented information available that defines the characteristics of the product, services or activities to be performed and the results to be achieved?
3Are any suitable monitoring and measuring resources available? Are they being used?
4Are monitoring and measuring activities being performed at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met ?
5Are competent persons (including qualification) being appointed?
6Is the infrastructure and environment being used suitable for operation of processes?
7Has the organization implemented any actions to prevent human error?
8Has the organization implemented any release, delivery and post-delivery activities?
9Where resulting output cannot be verified by subsequent monitoring or measurement, has the organization conducted validation and periodic revalidation of the process for production and service provision?
8.5.2Identification and traceability
1Has the organization used any suitable means to identify output when it is necessary to ensure the conformity of products and services?
2Has the status of outputs with respect to monitoring and measuring requirements throughout the production and service provision being identified by the organization?
3Has the organization controlled the unique identification of the outputs when traceability is a requirement?
4Has the organization retain the documented information necessary to enable traceability, when traceability is a requirement?
8.5.3Property belonging to customers or external providers
1When property belonging to customers or external providers is under the organization’s control or being used by the organization, does the organization exercise adequate care?
2Does the organization identify, verify, protect and safeguard customers’ or external providers’ property?
3When the property or the customer or external provider is lost, damaged or otherwise, fount to be unsuitable for use, does the organization report this to the customer or external provider? Does the organization retain documented information on what has occurred?
8.5.4Preservation
1Does the organization preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements?
Post-delivery activities
8.5.5
1Does the organization meet requirements for post-delivery activities associated with the product and services?
2In determining the extent of post-delivery activities does the organization considers the statutory & regulatory requirements; the potential undesired consequences associated with its product and services; customer requirement & feedback; nature, use and intended lifetime of its product and services?
8.5.6Control of change
1Do the organization conduct review and control changes for production or service provision to ensure continuing conformity with requirements?
2Does the organization retain documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review?
8.6Release of products and services
1Has the organization implemented planned arrangements, at appropriate stages, to verify that the product and service requirements have been met?
2Does the organization ensure that the release of product and service proceed only after the planned arrangement is satisfactorily completed or approved by the relevant authority and as applicable by the customer?
3Does the organization retain the documented information on the release of products and services and it includes information relating to the evidence of conformity with the acceptance criteria; traceability of the person authorizing the release?
8.7Control of nonconforming outputs
1Does the organization ensure that the outputs which do not conform to their requirements are identified and controlled to prevent their unintended use or delivery?
2Is the action appropriate to the nature of the nonconformity and its effect on the conformity of products and services?
3Do the organization also consider nonconforming product and services detected after delivery of products, during and after the provision of services?
4When non-conforming products and services are detected does the organization take correction action and/or segregation, containment, return, or suspension of the provision of product & services and/or informing the customer and/or obtaining authorization for acceptance under concession?
5Does the organization retain documented information that describes the nonconformity; describes the actions taken; describes any concession obtained; identifies the authority deciding the action in respect of the nonconformity?
Clause 9Performance evaluation
9.1Monitoring, measurement, analysis, and evaluation
9.1.1General
1Has the organization established, implemented and maintained process for monitoring, measurement, analysis and performance evaluation.
2How does the organization monitor, measure, analyse and evaluate its quality, environmental and OH&S performance?
3How does the organization determine what needs to be monitored and measured?
4Does it includes the extent to which its compliance obligations including the legal requirements and other requirements are fulfilled?
5Does it also includes the activities and operations related to identified aspects, hazards, risks and opportunities.
6Does it includes the progress towards achievement of the organization’s OH&S objectives?
7Does it also includes the effectiveness of operational and other controls?
8Has the organization determined the methods for monitoring, measurement, analysis and performance evaluation, as applicable, to ensure valid results?
9Has the organization determined the criteria against which the organization will evaluate its quality, environmental and OH&S performance, and appropriate indicators?
10Has the organization determined when the monitoring and measuring shall be performed?
11Has the organization determined when the results from monitoring and measurement shall be analyzed, evaluated and communicated?
12How does the organization evaluate the quality, environmental and OH&S performance and determine the effectiveness of the Integrated management system?
13How does the organization ensure that monitoring and measuring equipment is calibrated or verified as applicable, and is used and maintained as appropriate?
14Does the organization maintain documented information as evidence of the results of monitoring, measurement, analysis and performance evaluation?
15Does the organization maintain documented information on the maintenance, calibration or verification of measuring equipment?
9.1.2Customer satisfaction
1Does the organization establish methods that the organization can use to monitor customer perceptions?
2Does the organization figure out how the organization is going to obtain information about how customers feel about how well it is meeting their needs and expectations?
3Does the organization figure out how the organization is going to review information about how customers feel about how well it is meeting their needs and expectations?
4Do the organization monitor how well customer needs and expectations are being fulfilled?
5Do the organization monitor how the organization’s customers feel about how well the organization is meeting their needs and expectations (do the organization monitor the organization’s customers’ perceptions)?
9.1.3Analysis and evaluation
1How does the organization analyze and evaluate appropriate data and information arising from monitoring and measurement?
2Does the organization use its analytical results to evaluate performance?
3Does the organization evaluate the conformity of products and services?
4Does the organization evaluate the degree of customer satisfaction;
5Does the organization evaluate the performance and effectiveness of the integrated management system;
6Does the organization evaluate if planning has been implemented effectively;
7Does the organization evaluate the effectiveness of actions taken to address risks and opportunities;
8Does the organization evaluate the performance of external providers;
9Does the organization evaluate the need for improvements to the Integrated management system.
9.1.4 Evaluation of compliance
Has the organization established, implemented and maintained the processes needed to evaluate fulfilment of its compliance obligations including legal requirements and other requirements?
How does the organization determine the frequency and method(s) for the evaluation of compliance?
How does the organization evaluate compliance and take action if needed?
How does the organization maintain knowledge and understanding of its compliance status with legal requirements and other requirements?
How does the organization retain documented information of the compliance evaluation result?
9.2Internal Audit
9.2.1
1Does the organization conduct internal audits at planned intervals?
2Did the organization plan a program that can find out if IMS meets the Organization’s own requirement including the Quality, environmental and OH&S policy and Quality, environmental and OH&S objectives and requirements of this standards?
3Did the organization plan a program that can find out if IMS is effectively implemented and maintained?
9.2.2
1Did the organization plan, establish, implement, and maintain an audit program?
2Did the audit program include the frequency, methods, responsibilities, planning requirements, and reporting?
3Does the audit program take into consideration the quality, environmental and OH&S importance of the process concerned, changes affecting the organization, and the results of previous audits?
4Did the organization define the audit criteria and scope of each audit?
5Does the organization ensure that the audit is conducted by the auditors to ensure objectivity and impartiality of the audit process?
6Does the organization ensure that the results of the audits are reported to relevant management?
Does the organization ensure that relevant audit results are reported to workers, and, where they exist, workers’ representatives, and other relevant interested parties?
7Does the organization take appropriate correction and corrective action without undue delays and continually improve its quality, environmental and OH&S performance?
8Does the retain documented information as evidence of the implementation of the audit program and the audit results?
9.3Management review
9.3.1General
1Does the Top Management review the organization IMS at planned intervals?
2Does the review ensure IMS’s continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization?
9.3.2Management review inputs
1Does the review take into consideration the status of actions from previous management reviews?
2Are the changes in external and internal issues relevant to IMS considered?
3Are the changes in the needs and expectations of interested parties considered?
4Are the changes in its significant environmental aspects and safety hazards considered?
5Are the changes in compliance obligations include the legal requirements and other requirements considered?
6Are the changes in risks and opportunities considered?
7Does the review take into consideration information on the performance and effectiveness of the IMS?
8Does the review take into consideration customer satisfaction and feedback from relevant interested parties?
9Does the review take into consideration the extent to which the Quality, Environmental and OH&S policy and the Quality, Environmental and OH&S objectives have been met?
10Does the review take into consideration the process performance and conformity of products and services?
11Does the review take into consideration incidents, nonconformities , corrective actions and continual improvement?
12Does the review take into consideration results of evaluation of compliance with legal requirements and other requirements?
13Does the review take into consideration monitoring and measuring results?
14Does the review take into consideration audit results?
15Does the review take into consideration the performance of external providers?
16Does the review take into consideration the consultation and participation of workers?
17Does the review take into consideration the adequacy of resources for maintaining an effective Integrated management system?
18Does the review take into consideration the effectiveness of actions taken to address risks and opportunities?
19Does the review take into consideration the opportunities for improvement?
20Does the review take into consideration the relevant communication(s) from interested parties, including complaints?
9.3.3Management review outputs
1Do the outputs of the Management review include decisions and actions related to the opportunities for improvement ?
2Do the outputs of the Management review include decisions and actions related to any need for changes to the IMS?
3Do the outputs of the Management review include decisions and actions related to resources needed?
4Do the outputs of the Management review include decisions and actions related to the continuing suitability, adequacy and effectiveness of the Integrated management system in achieving its intended outcomes?
5Do the outputs of the Management review include decisions and actions related to actions, if needed, when quality, environmental and OH&S objectives have not been achieved?
6Do the outputs of the Management review include decisions and actions related to any implications for the strategic direction of the organization?
7Does the organization retain documented information as evidence of the result of the management review?
Clause 10Improvement
10.1General
1Has the organization determine and select opportunities for improvement?
2Has the organization implemented any necessary action to meet the intended outcomes of its Integrated management system including customer requirements and enhance satisfaction?
3Has the organization taken action for improving products & services to meet requirements as well as to address future needs and expectations?
4Has the organization taken action for correcting, preventing, or reducing undesired effects?
5Has the organization taken action for improving the performance and effectiveness of the IMS?
10.2Nonconformity and corrective action
10.2.1 Nonconformity and corrective action
1When any nonconformity (including complaints) occurs, does the organization take action to control and correct it and deal with the consequences?
2When any nonconformity (including complaints) occurs, does the organization evaluate the need for action to eliminate the causes of the nonconformity?
3Does the organization reviews and analyzes the nonconformity?
4Does the organization determine the causes of the nonconformity?
5Does the organization determine similar nonconformity exist or could potentially occur?
6Has the organization implemented any action needed?
7Has the organization reviewed the effectiveness of the corrective action taken?
8Has the organization updated risk and opportunities determined during planning if necessary?
9Has the organization made changes to the IMS if necessary?
10Are the corrective actions appropriate to the effects of the nonconformities encountered?
11Does the organization retain documented information on the nature of the nonconformities and any subsequent actions taken; and the result of any corrective action?
10.2.2 Incident
1Has the organization established, implemented and maintained a processes, including reporting,
investigating and taking action, to determine and manage incidents?
2When an incident occurs, does the organization react in a timely manner to the incident or nonconformity?
3When an incident occurs, does the organization take action to control and correct it and) deal with the consequences?
4When an incident occurs, does the organization evaluate, with the participation of workers and the involvement of other relevant interested parties, the need for corrective action to eliminate the root cause(s) of the incident , in order that it does not recur or occur elsewhere, by investigating the incident, determining the cause(s) of the incident and by determining if similar incidents have occurred, or if they could potentially occur?
5When an incident occurs, does the organization review existing assessments of OH&S risks and other risks, as appropriate?
6When an incident occurs, does the organization determine and implement any action needed, including corrective action, in accordance with the hierarchy of controls and the management of change?
7When an incident occurs, does the organization assess OH&S risks that relate to new or changed hazards, prior to taking action?
8When an incident occurs, does the organization review the effectiveness of any action taken, including corrective action?
9When an incident occurs, does the organization make changes to the Integrated management system, if necessary?
8How does the organization determine that Corrective actions is appropriate to the effects or potential effects of the incidents encountered?
Does the organization retain documented information as evidence of the nature of the incidents and any subsequent actions taken and the results of any action and corrective action, including their effectiveness?
9How does the organization communicate this documented information to relevant workers, and, where they exist, workers’ representatives, and other relevant interested parties?
10.3Continual improvement
1Does the organization continually improve the suitability, adequacy, and effectiveness of the IMS?
2Does the organization consider the results of analysis and evaluation, and output from management review to determine if there are needs or opportunities to be addressed as part of continual improvement?
3How can the organization enhance quality, environmental and OH&S performance?
4How can the organization promote a culture that supports an Integrated management system?
5How can the organization promote the participation of workers in implementing actions for the continual improvement of the Integrated management system?
6How can the organization communicate the relevant results of continual improvement to workers, and, where they exist, workers’ representatives?
7How can the organization maintaining and retaining documented information as evidence of continual improvement?

Back to Home Page

If you need assistance or have any doubt and need to ask any questions contact me at preteshbiswas@gmail.com. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply