Category: ISO 9001:2015

ISO 9001:2015 Clause 8.1 Operational planning and control

ISO 9001:2015 Requirements

The organization shall plan, implement and control the processes needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6, by:

  1. determining the requirements for the products and services;
  2. establishing criteria for:
    • the processes;
    • the acceptance of products and services;
  3. determining the resources needed to achieve conformity to the product and service requirements;
  4. implementing control of the processes in accordance with the criteria;
  5. determining and keeping documented information to the extent necessary:
    • to have confidence that the processes have been carried out as planned;
    • to demonstrate the conformity of products and services to their requirements.

NOTE “Keeping” implies both the maintaining and the retaining of documented information.
The output of this planning shall be suitable for the organization’s operations. The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. The organization shall ensure that outsourced processes are controlled.

1) The organization shall plan, implement and control the processes needed to meet the requirements for the provision of products and services,

Operational planning and control involves setting objectives and targets; planning and implementing activities; Monitoring and controlling activities; Continuous improvement. At its core, operational planning and control are about ensuring that an organisation’s resources are best used to achieve its objectives. To do this, an organisation needs to have a clear understanding of its processes, products, and services. It also needs to have a clear understanding of the market and the customer needs. With this information, an organisation can create a plan for how to best use its resources to achieve its objectives. Once the plan is in place, the organisation needs to monitor and control its operations to ensure that it is achieving its objectives. The operational planning and control process is an ongoing cycle that helps organisations to continuously improve their performance. Operational planning and Control is a dynamic process that is constantly evolving in response to changes in the external environment and the needs of the organisation. It is an essential part of any organisation’s overall strategy and helps to ensure that the organisation can respond effectively to opportunities and challenges. Operational Planning and Control is important because it provides a framework for making decisions about the allocation of resources and the implementation of activities. It helps managers to ensure that an organisation can achieve its objectives by identifying and responding to opportunities and threats in the environment. It helps managers to monitor progress towards objectives and take corrective action if necessary. This can help to avoid or minimise disruptions to operations and keep projects on track. It helps to improve communication between different departments and levels within an organisation. It can also help to create a sense of ownership and responsibility among employees for the achievement of organisational goals. Here’s a step-by-step guide on how an organization can effectively perform operational planning and control within its QMS:

  1. Define Quality Objectives: Start by establishing clear and measurable quality objectives. These objectives should align with your organization’s strategic goals and reflect what you aim to achieve in terms of quality.
  2. Identify Processes: Identify the key processes within your organization that directly impact product or service quality. These could include design and development, manufacturing, procurement, customer service, and more.
  3. Process Mapping: Create process maps or flowcharts for each identified process. Document the inputs, activities, outputs, and interactions within each process.
  4. Risk Assessment: Conduct a risk assessment for each process to identify potential risks and opportunities related to quality. Consider factors such as resource availability, process capabilities, and external influences.
  5. Set Quality Requirements: Define the quality requirements for each process, including specifications, standards, and customer expectations. Ensure that these requirements are clear and well-communicated to relevant personnel.
  6. Resource Allocation: Allocate the necessary resources, including personnel, equipment, materials, and technology, to support the execution of each process effectively.
  7. Document Procedures and Work Instructions: Develop documented procedures and work instructions that detail how each process should be performed to meet quality requirements. Ensure that these documents are readily available to employees.
  8. Training and Competence: Provide training to employees to ensure they are competent in executing their roles within each process. Regularly assess and update their competence as needed.
  9. Monitoring and Measurement: Implement monitoring and measurement processes to track the performance of each process. This may involve collecting data, conducting inspections, and performing tests at specified intervals.
  10. Data Analysis: Analyze the data collected during monitoring and measurement to identify trends, patterns, and potential areas for improvement.
  11. Corrective and Preventive Actions: Implement corrective actions to address nonconformities and prevent their recurrence. Develop preventive actions to proactively mitigate potential issues.
  12. Change Management: Establish a change management process to evaluate and control changes to processes, procedures, or resources that could impact quality.
  13. Supplier and Contractor Control: If applicable, ensure that suppliers and contractors are also subject to quality controls to maintain the integrity of your processes and the products or services they provide.
  14. Documented Information: Maintain documented information that provides evidence of effective operational planning and control, including records of monitoring, measurement, corrective actions, and changes.
  15. Management Review: Periodically review the performance of your operational planning and control processes during management review meetings. Use these reviews to make informed decisions and drive continuous improvement.
  16. Communication: Foster clear and effective communication channels among employees, departments, and stakeholders regarding operational planning, control activities, and quality objectives.
  17. Continuous Improvement: Continuously seek opportunities to improve your operational planning and control processes by using data-driven decision-making and feedback from stakeholders.

2) Determining the requirements for the products and services

The requirements for products and services provided by an organisation shall be determined and managed. Determination of the requirements for products and services is a key activity of the organisation that needs to be understood, controlled, and improved. Determining the requirements for products and services is a fundamental step in operational planning and control within a Quality Management System (QMS). This step ensures that the organization fully understands what needs to be delivered to meet customer expectations and conform to quality standards. Here’s how to go about it:

  1. Customer Requirements: Begin by gathering and documenting all customer requirements. This includes specifications, standards, expectations, and any unique demands or preferences communicated by customers.
  2. Regulatory and Legal Requirements: Identify and document all applicable regulatory and legal requirements that pertain to the products or services you offer. These may include safety standards, environmental regulations, industry-specific certifications, and more.
  3. Organizational Standards and Policies: Determine any internal quality standards, policies, and procedures that apply to the products or services. This includes your organization’s own quality requirements and specifications.
  4. Stakeholder Expectations: Consider the expectations and requirements of other relevant stakeholders, such as suppliers, partners, and employees, that may influence the products or services you provide.
  5. Industry Standards and Best Practices: Stay informed about industry standards, best practices, and benchmarks that are relevant to your products or services. These can provide valuable guidance on quality requirements.
  6. Product or Service Design Inputs: If applicable, involve design and development teams to provide input on the requirements for new products or services. Ensure that design inputs are aligned with customer needs and quality objectives.
  7. Risk Assessment: Conduct a risk assessment to identify potential risks and uncertainties associated with the requirements. This helps in addressing and mitigating quality-related risks.
  8. Document Requirements: Document all identified requirements in a clear and structured manner. Use a standardized format or template to ensure consistency and easy reference.
  9. Validation of Requirements: Validate the requirements with stakeholders, including customers, to confirm that they accurately reflect their needs and expectations. Make necessary adjustments based on feedback.
  10. Change Management: Establish a process for managing changes to requirements, whether they come from customers, regulatory updates, or other sources. Ensure that changes are properly assessed and documented.
  11. Communication: Communicate the requirements effectively to all relevant parties within the organization, including those responsible for executing the processes that deliver the products or services.
  12. Monitoring and Review: Continuously monitor and review the requirements to ensure they remain up-to-date and relevant. Regularly assess whether the products or services are meeting these requirements.
  13. Feedback Loop: Create a feedback loop with customers and stakeholders to gather feedback on the delivered products or services. Use this feedback to make improvements and adjustments to requirements as needed.

By determining and documenting the requirements for products and services as part of your operational planning and control processes, you ensure that your organization is well-equipped to meet customer expectations, comply with regulations, and maintain a high level of quality in its offerings. This is a fundamental aspect of effective quality management within a QMS.

3) Establishing criteria for the processes and the acceptance of products and services;

Establishing clear criteria for processes and the acceptance of products and services is a crucial part of operational planning and control within a Quality Management System (QMS). These criteria serve as benchmarks to ensure that processes are performed consistently and that the resulting products and services meet the required quality standards. Here’s how to establish these criteria effectively:

  1. Process Criteria: Define specific criteria for each process that are essential for achieving the desired outcomes. Process criteria may include factors such as process inputs, activities, controls, and performance indicators.
  2. Acceptance Criteria for Products and Services: Clearly outline the acceptance criteria for products and services. These criteria should specify the minimum quality and performance standards that must be met for a product or service to be considered acceptable.
  3. Quality Standards and Specifications: Refer to relevant quality standards, industry specifications, and customer requirements to establish process and acceptance criteria. These external sources provide valuable guidance on what is expected.
  4. Measurement and Testing Requirements: Identify the measurement and testing methods that will be used to assess whether the process criteria and acceptance criteria have been met. This includes specifying sampling plans, inspection methods, and measurement techniques.
  5. Tolerances and Limits: Define acceptable tolerances and limits for critical parameters and characteristics. These provide a range within which variations are permissible without impacting product or service quality.
  6. Customer Requirements: Incorporate customer-specific requirements into your criteria. These may include unique features, performance expectations, or quality metrics that are important to your customers.
  7. Regulatory Compliance: Ensure that your criteria align with relevant regulatory and legal requirements. This is particularly important in industries with strict compliance obligations.
  8. Documented Procedures:Develop documented procedures and work instructions that provide step-by-step guidance on how processes should be executed to meet the established criteria.
  9. Verification and Validation Plans:Create verification and validation plans for processes and products/services. These plans should outline how and when verification and validation activities will be conducted to confirm compliance with the criteria.
  10. Criteria Communication: Communicate the established criteria clearly to all relevant personnel involved in the processes. Ensure that employees understand the importance of adhering to these criteria.
  11. Monitoring and Measurement: Implement monitoring and measurement processes to track the performance of processes and the quality of products and services. Regularly assess whether criteria are being met.
  12. Record Keeping: Maintain records of monitoring and measurement results, including any deviations or nonconformities. This documentation provides evidence of adherence to the criteria.
  13. Continuous Improvement: Continuously review and refine the criteria based on feedback, data analysis, and changes in customer needs or industry standards. Use lessons learned to enhance criteria over time.
  14. Change Control: Establish a change control process to manage updates or revisions to criteria. Ensure that changes are properly assessed, approved, and communicated.

By establishing clear and well-defined criteria for processes and the acceptance of products and services, organizations can consistently deliver high-quality results, meet customer expectations, and maintain compliance with relevant standards and regulations. This contributes to effective operational planning and control within a QMS.

4) Determining the resources needed to achieve conformity to the product and service requirements

Determining the resources needed to achieve conformity to product and service requirements is a vital part of operational planning and control within a Quality Management System (QMS). Adequate resource allocation ensures that your organization can consistently produce products and services that meet quality standards and customer expectations. Here’s how to effectively determine and allocate the necessary resources:

  1. Resource Identification: Begin by identifying the specific resources required for each process involved in producing products or delivering services. Resources can include personnel, equipment, materials, technology, facilities, and more.
  2. Resource Evaluation: Assess the current availability and capability of the identified resources. Consider factors such as their capacity, efficiency, and suitability for the tasks they will perform.
  3. Resource Planning: Develop a resource plan that outlines how each resource will be allocated to various processes. Ensure that the plan aligns with the organization’s objectives and quality requirements.
  4. Personnel Allocation: Assign skilled and trained personnel to appropriate roles within processes. Ensure that employees have the necessary training and competence to perform their tasks effectively.
  5. Equipment and Technology: Ensure that equipment and technology are maintained, calibrated, and in good working condition. Regularly review and upgrade equipment as needed to meet quality requirements.
  6. Material Sourcing and Management: Establish processes for sourcing, receiving, storing, and handling materials and components. Ensure that materials meet quality specifications and are used efficiently.
  7. Capacity Planning:
    • Analyze the capacity of resources to determine if additional resources are needed during peak demand periods. Plan for contingencies to handle fluctuations in workload.
  8. Supplier Relationships: Collaborate with suppliers and contractors to ensure a reliable supply of materials, components, or services. Verify that external suppliers meet quality and delivery standards.
  9. Technology and Tools: Utilize technology and tools, such as quality management software or data analytics, to optimize resource allocation and enhance process efficiency.
  10. Resource Monitoring and Performance Measurement: Implement monitoring and performance measurement systems to assess how well resources are utilized and whether they contribute to meeting quality objectives.
  11. Risk Assessment:Conduct risk assessments to identify potential resource-related risks that could impact the achievement of product and service conformity. Develop mitigation plans for high-priority risks.
  12. Resource Optimization: Continuously seek opportunities to optimize resource utilization and reduce waste. This includes minimizing resource downtime and enhancing resource efficiency.
  13. Communication and Collaboration: Foster clear communication and collaboration among departments, teams, and suppliers to ensure effective resource allocation and adherence to quality requirements.
  14. Change Management: Establish a change control process to assess and manage changes to resource allocation plans. Ensure that changes are properly evaluated, approved, and communicated.
  15. Continuous Improvement: Encourage a culture of continuous improvement to regularly review and enhance resource allocation strategies based on data-driven insights and feedback.

By determining and allocating the necessary resources effectively, organizations can enhance their ability to consistently achieve conformity to product and service requirements, meet customer expectations, and maintain compliance with quality standards within their QMS.

5) Implementing control of the processes in accordance with the criteria;

Implementing control of processes in accordance with established criteria is a critical aspect of operational planning and control within a Quality Management System (QMS). This ensures that processes are executed consistently and that the resulting products and services meet the required quality standards. Here’s how to effectively implement control of processes:

  1. Understand the Criteria: Ensure that all personnel involved in the process understand the established criteria, including quality standards, specifications, and customer requirements.
  2. Documented Procedures: Develop and maintain documented procedures and work instructions that outline how the process should be executed to meet the established criteria. These documents serve as guides for employees.
  3. Training and Competence: Provide training to employees to ensure they are competent in performing their roles within the process. Training should cover not only the technical aspects but also an understanding of the criteria and quality expectations.
  4. Resource Allocation: Allocate the necessary resources, including personnel, equipment, materials, and technology, to support the execution of the process effectively.
  5. Monitoring and Measurement: Implement monitoring and measurement processes to track the performance of the process. This may involve collecting data, conducting inspections, and performing tests at specified intervals.
  6. Verification and Validation: Carry out verification and validation activities as outlined in the verification and validation plans. Confirm that the process meets the established criteria and quality standards.
  7. Tolerance and Control Limits: Pay close attention to tolerance and control limits for critical parameters and characteristics. Ensure that variations are within acceptable limits to maintain product or service quality.
  8. Feedback and Corrective Actions: Establish a feedback loop to capture information on deviations or nonconformities. Implement corrective actions promptly to address any issues that may arise during the process.
  9. Change Control: Implement a change control process to assess and manage any changes to the process or its criteria. Ensure that changes are properly evaluated and approved.
  10. Communication: Foster clear and effective communication among employees involved in the process. Encourage reporting of issues, concerns, and opportunities for improvement.
  11. Continuous Improvement: Encourage a culture of continuous improvement within the organization. Use data and feedback to identify areas where the process can be enhanced and streamlined.
  12. Record Keeping: Maintain records of monitoring, measurement results, corrective actions, and any changes related to the process. These records provide evidence of compliance with the established criteria.
  13. External Audits and Inspections: Be prepared for external audits and inspections to assess the effectiveness of process controls and adherence to quality standards.
  14. Management Review: Include the review of process performance and adherence to criteria as part of management review meetings. Use these reviews to make informed decisions and set objectives for improvement.
  15. Supplier and Contractor Control: If applicable, ensure that suppliers and contractors involved in the process also adhere to the established criteria. This helps maintain the integrity of the process and the products or services they provide.

By implementing control of processes in alignment with the established criteria, organizations can consistently produce products and services that meet or exceed quality requirements, customer expectations, and regulatory standards. This is a fundamental component of effective operational planning and control within a QMS.

6) Determining and keeping documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate the conformity of products and services to their requirements

Here are the key documents and records typically needed for compliance with this clause:

Documents:

  1. Process Documentation:Documented procedures and work instructions that detail how specific processes within the organization are planned, executed, controlled, and monitored.
  2. Resource Planning Documents: Documents outlining the organization’s resource planning strategies, including human resources, equipment, materials, and technology, to support operational processes effectively.
  3. Change Control Procedures: Procedures that define how changes to processes, documents, and records are assessed, authorized, implemented, and communicated.
  4. Risk Assessment and Management Documents: Documents related to risk assessment and management processes, including risk identification, analysis, and mitigation plans. These documents help ensure that risks to the effectiveness of operational processes are adequately addressed.
  5. Supplier and Contractor Management Procedures (if applicable): Procedures that outline how suppliers and contractors are assessed, selected, and managed to ensure they meet quality and conformity requirements.

Records:

  1. Monitoring and Measurement Records: Records of monitoring and measurement activities, including data related to process performance, product and service conformity, and quality objectives. These records demonstrate that processes are being effectively controlled.
  2. Records of Corrective Actions and Preventive Actions: Records of corrective actions taken to address nonconformities and prevent their recurrence. These records demonstrate that issues are being addressed promptly and effectively.
  3. Records of Change Control: Records that document changes to processes, procedures, or documents, including the reasons for changes, approvals, and implementation details.
  4. Resource Allocation and Utilization Records: Records related to the allocation and utilization of resources, such as personnel schedules, equipment maintenance logs, and material inventory records.
  5. Records of Risk Assessments: Records of risk assessments conducted for various processes, including risk identification, analysis, and mitigation plans.
  6. Supplier and Contractor Evaluation Records (if applicable): Records of supplier and contractor evaluations, assessments, and performance reviews, including any actions taken based on these assessments.
  7. Management Review Records: Records of management review meetings, including meeting minutes, action items, and decisions related to process performance and improvement.
  8. Records of Training and Competence Assessment: Records of employee training, qualifications, and competence assessments related to operational processes.
  9. Records of Process Performance Improvements: Records demonstrating continuous improvement efforts within operational processes, including the implementation of corrective and preventive actions.

These documents and records are critical for demonstrating compliance with ISO 9001:2015 Clause 8.1 and for ensuring effective operational planning and control within a Quality Management System. They provide evidence of how processes are planned, executed, monitored, and improved to achieve conformity to product and service requirements and meet quality objectives.

7) The output of this planning shall be suitable for the organization’s operations.

The output of operational planning should be tailored to be suitable for the organization’s specific operations. This means that the planning process should result in plans and strategies that align with the organization’s unique needs, goals, and circumstances. Here’s why this is important and how to achieve it:

  1. Alignment with Organizational Objectives: Operational plans should be closely aligned with the organization’s strategic objectives. They should support the overarching goals and mission of the organization.
  2. Customization for Different Processes: Recognize that different operational processes within the organization may have varying requirements and constraints. The output of operational planning should be customized to address the specific needs of each process.
  3. Resource Allocation: Ensure that the allocation of resources, including personnel, equipment, materials, and technology, is in line with the organization’s operational capabilities and constraints.
  4. Risk Management: Develop plans that consider the unique risks and challenges associated with the organization’s operations. Risk mitigation strategies should be tailored to address these specific risks.
  5. Scalability and Flexibility: Plan for scalability and flexibility in operations. The output of operational planning should allow for adjustments and adaptations as the organization grows or responds to changing market conditions.
  6. Compliance and Quality: Ensure that operational plans take into account compliance with regulatory requirements, quality standards, and customer expectations specific to the organization’s industry or sector.
  7. Resource Efficiency: Strive for resource efficiency by optimizing processes and resource allocation to minimize waste and improve productivity.
  8. Communication and Engagement: Engage relevant stakeholders within the organization in the planning process. Seek input from teams, departments, and individuals directly involved in the operations to ensure that plans are practical and achievable.
  9. Clear Objectives and Key Performance Indicators (KPIs): Set clear objectives and KPIs for each operational process. These should be designed to measure performance and progress toward organizational goals.
  10. Continuous Improvement: Embed a culture of continuous improvement within the organization’s operations. Regularly review and refine operational plans based on data-driven insights and feedback.
  11. Monitoring and Review: Implement processes for monitoring and reviewing the execution of operational plans. Regularly assess whether plans are achieving the desired outcomes and make adjustments as needed.
  12. Documentation and Communication: Document operational plans and ensure that they are communicated effectively to relevant personnel. This ensures that everyone understands their roles and responsibilities.
  13. Feedback and Adaptation: Encourage feedback from employees and teams involved in the operations. Use this feedback to adapt and improve operational plans over time.

By tailoring the output of operational planning to suit the organization’s operations and context, an organization can enhance its ability to achieve its objectives, maintain operational efficiency, and respond effectively to both challenges and opportunities. This alignment is essential for the success and sustainability of the organization.

8) The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

Controlling planned changes and reviewing the consequences of unintended changes is a critical aspect of effective Quality Management System (QMS) implementation. This process ensures that changes to processes, procedures, or other aspects of the organization’s operations are managed in a controlled and systematic manner. Here’s how to approach this requirement:

  1. Change Management Process: Establish a formal change management process within your organization. This process should define how changes are initiated, assessed, approved, implemented, and reviewed. It should cover planned changes (intentional changes) as well as unintended changes (unforeseen issues or deviations).
  2. Change Request Initiation: Anyone within the organization should be able to initiate a change request. Encourage employees to report issues, suggest improvements, or request changes when they encounter situations that may affect product quality, safety, or efficiency.
  3. Change Evaluation: When a change request is received, assess its impact on the organization’s processes, products, or services. Evaluate the potential risks and benefits associated with the change.
  4. Change Authorization: Changes should be authorized by individuals or teams with the appropriate authority and expertise to make informed decisions. Clearly define the approval process and criteria for change authorization.
  5. Documentation and Communication: Document all change requests, including the rationale for the change, proposed actions, and authorization details. Communicate the approved changes to relevant stakeholders, ensuring that everyone affected is aware of the upcoming modifications.
  6. Risk Assessment: Conduct a risk assessment for planned changes to identify potential adverse effects. Consider how the change may impact product quality, compliance with standards, customer satisfaction, and other critical factors.
  7. Unintended Change Review: Regularly monitor and review processes to detect unintended changes or deviations. Investigate and document the root causes of these unintended changes, whether they result from human error, equipment malfunction, or other factors.
  8. Corrective and Preventive Actions: When unintended changes are detected, take immediate corrective actions to address any adverse effects. Additionally, consider implementing preventive actions to reduce the likelihood of similar issues occurring in the future.
  9. Verification and Validation: Verify and validate that the changes, whether planned or unintended, have achieved the desired outcomes and have not adversely affected product quality or safety.
  10. Documentation of Change Outcomes: Maintain records of the outcomes of both planned and unintended changes. This documentation should include details of any corrective or preventive actions taken.
  11. Continuous Improvement: Continuously assess the effectiveness of your change management process. Use data and feedback to refine the process and make improvements over time.
  12. Training and Awareness: Ensure that employees are trained on the change management process and are aware of their responsibilities in reporting and managing changes.
  13. Communication: Foster open communication channels so that employees feel comfortable reporting unintended changes or issues that may arise during operations.

By implementing a robust change management process that covers both planned and unintended changes, organizations can proactively address issues, minimize adverse effects, and continuously improve their QMS and operational performance. This contributes to the organization’s ability to maintain quality, consistency, and compliance with standards and customer expectations.

10) The organization shall ensure that outsourced processes are controlled.

Ensuring the control of outsourced processes is a critical component of effective Quality Management System (QMS) implementation, as organizations often rely on external suppliers or service providers to deliver certain aspects of their products or services. Controlling outsourced processes helps maintain quality, consistency, and compliance with the organization’s standards and customer requirements. Here’s how to ensure the control of outsourced processes:

  1. Identification of Outsourced Processes: Begin by identifying which processes or parts of processes are outsourced. Clearly define the scope of work that is being performed by external suppliers or service providers.
  2. Supplier Selection and Evaluation: Establish a robust supplier selection and evaluation process. Assess potential suppliers based on their ability to meet quality and performance requirements, compliance with standards, financial stability, and reputation.
  3. Contractual Agreements: Develop clear and comprehensive contractual agreements with outsourced partners. These agreements should outline roles, responsibilities, quality expectations, delivery schedules, and any other critical terms and conditions.
  4. Quality Requirements: Clearly communicate your organization’s quality requirements and standards to outsourced partners. Provide them with documentation detailing the quality specifications and criteria that must be met.
  5. Quality Audits and Assessments: Conduct regular quality audits and assessments of your outsourced partners. Evaluate their processes, systems, and performance against established criteria. This may involve on-site audits or remote assessments.
  6. Performance Monitoring: Implement a system for ongoing performance monitoring of outsourced processes. Track key performance indicators (KPIs) to ensure that quality and delivery targets are being met.
  7. Communication and Collaboration: Foster open communication and collaboration between your organization and outsourced partners. Maintain regular contact to address issues, provide feedback, and ensure alignment with quality objectives.
  8. Change Control: Establish a change control process that covers changes to outsourced processes. Ensure that any modifications or updates are communicated, evaluated, and approved in accordance with your QMS requirements.
  9. Nonconformity Management: Develop procedures for managing nonconformities that may arise from outsourced processes. Define the process for reporting, investigating, and resolving nonconformities in collaboration with the supplier.
  10. Traceability and Documentation: Maintain clear traceability of products or services provided by outsourced partners. Keep records of the products or services received, inspected, and accepted.
  11. Training and Competence: Ensure that outsourced partners’ employees who are involved in your processes are adequately trained and competent to perform their roles effectively.
  12. Contingency Planning: Develop contingency plans to address any disruptions in outsourced processes. This includes identifying alternative suppliers or processes to mitigate risks.
  13. Legal and Regulatory Compliance: Ensure that outsourced partners comply with all relevant legal and regulatory requirements applicable to your industry and products or services.
  14. Continuous Improvement: Continuously assess the performance of outsourced processes and the effectiveness of your control measures. Seek opportunities for improvement and work collaboratively with partners to implement enhancements.

By implementing robust control measures for outsourced processes, organizations can minimize risks, maintain product or service quality, and ensure compliance with standards and customer expectations. Effective control of outsourced processes is essential for the overall success of the QMS and the organization’s ability to deliver high-quality products or services.

Example of Operational Planning and Control Procedure

Objective: To ensure that operational processes are planned, executed, and controlled to meet product and service quality requirements and achieve organizational objectives.

Scope: This procedure applies to all operational processes within the organization.

Responsibilities:

  • Top Management: Responsible for overall QMS effectiveness and providing necessary resources.
  • Quality Manager: Responsible for overseeing the implementation and compliance of this procedure.
  • Process Owners: Responsible for planning and controlling their respective operational processes.
  • Employees: Responsible for following the procedures and contributing to process improvements.

Procedure:

  1. Process Identification and Documentation:
    • Process owners identify and document the operational processes within their areas of responsibility.
    • Each documented process includes a process description, objectives, inputs, outputs, controls, and key performance indicators (KPIs).
  2. Process Planning:
    • Process owners develop process plans that outline the specific activities, resources, and timelines required to achieve process objectives.
    • Consideration is given to customer requirements, regulatory requirements, and QMS standards.
  3. Resource Allocation:
    • Process owners identify and allocate the necessary resources, including personnel, equipment, facilities, and materials, to execute the process according to the plan.
  4. Risk Assessment:
    • A risk assessment is conducted to identify potential risks and opportunities associated with the operational process.
    • Risk mitigation and contingency plans are developed as needed.
  5. Monitoring and Measurement:
    • KPIs and performance indicators are established to monitor the effectiveness and efficiency of the operational process.
    • Monitoring frequency and responsible parties are defined.
  6. Process Execution:
    • Personnel responsible for the process execute activities according to the documented process plan.
    • They ensure compliance with documented procedures, quality standards, and customer requirements.
  7. Nonconformance Handling:
    • Any deviations from the process plan, including nonconforming outputs, are promptly identified, documented, and reported to the responsible personnel.
    • Corrective and preventive actions are initiated, when necessary.
  8. Process Control and Records:
    • Process owners maintain control over the process, ensuring that it operates within defined parameters.
    • All records related to process execution, monitoring, and nonconformance handling are accurately documented and retained.
  9. Process Review and Improvement:
    • Regular process reviews are conducted to assess performance against objectives and KPIs.
    • Opportunities for improvement are identified and corrective actions are taken to enhance process effectiveness.
  10. Management Review:
    • Top management reviews the overall performance of operational processes as part of the management review process.
    • Resource allocation and strategic decisions are adjusted as needed to support process improvements and QMS objectives.
  11. Communication:
    • Process owners communicate process changes, improvements, and performance updates to relevant stakeholders, including employees, customers, and suppliers.
  12. Documentation and Records:
    • All process-related documentation and records are controlled, retained, and made available as necessary to support decision-making and audits.
  13. Training:
    • Personnel involved in operational processes receive training as required to perform their roles effectively and in compliance with the QMS.
  14. Review and Revision:
    • This procedure is periodically reviewed and revised to ensure its ongoing effectiveness and alignment with organizational needs and objectives.

ISO 9001:2015 clause 8.6 Release of products and services

ISO 9001:2015 requirement

The organization shall implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met.
The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.
The organization shall retain documented information on the release of products and services. The documented information shall include:
a) evidence of conformity with the acceptance criteria;
b) traceability to the person(s) authorizing the release.

1) The organization shall implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met.

The release of products and services to the customer is a critical stage of production. This is the time to check and ensure that your product or service is meeting the requirements of the customer and is created or delivered as per the acceptance criteria set by the client. Clause 8.6 Release of product and services of ISO 9001:2015 requires that an organization defines planned arrangements at suitable stages to verify that the product and service requirements have been met. The clause also requires that the evidence of conformity with acceptance criteria is retained by the organization. The quality of a product or service is an important criteria that influences customer satisfaction greatly. A product or service should be made as per the requirements defined by the customer and should meet the customer’s acceptance criteria. When a product does not meet the customer’s acceptance criteria and is released prior to verification by the organization, it can lead to customer dissatisfaction and in turn lead to the organization losing its credibility and finally losing its customer base including returning customers. A pre-determined set of verification steps at different stages of product or service can considerably reduce the chances of bad deliveries and that is what makes this clause an important clause where documented evidence of such verification activities should also be retained by the organization. Verifying that product and service requirements have been met is a critical aspect of quality management to ensure the delivery of high-quality products and services to customers. To fulfill this requirement, organizations should implement planned arrangements at appropriate stages of their processes. Here’s a breakdown of how organizations can implement these arrangements effectively:

  1. Define Verification Points: Identify the key stages in your processes where verification activities are necessary to ensure that product and service requirements are met. These verification points may vary depending on your industry and specific processes.
  2. Establish Criteria for Verification: Define clear criteria for verification at each identified stage. These criteria should be specific, measurable, and aligned with the product or service requirements and relevant quality standards.
  3. Select Verification Methods: Determine the most suitable verification methods for each stage. Verification methods can include inspections, testing, measurements, reviews, audits, or other relevant techniques.
  4. Develop Verification Plans: Create verification plans that outline the specific activities, responsibilities, and schedules for each verification point. These plans should also include the acceptance criteria that must be met.
  5. Allocate Resources: Ensure that you have the necessary resources, including personnel, equipment, tools, and materials, to carry out the planned verification activities effectively.
  6. Implement Verification Activities:Execute the verification activities at the designated stages of the process. This may involve conducting inspections, testing samples, reviewing documentation, or performing other relevant checks.
  7. Record Verification Results: Document the results of each verification activity, including whether the product or service met the specified requirements. Record any deviations, nonconformities, or issues identified during verification.
  8. Take Corrective Actions: If nonconformities or deviations are identified during verification, take appropriate corrective actions to address these issues promptly. Corrective actions may involve rework, adjustments, or process improvements.
  9. Validation of Processes: For critical processes or when introducing new products or services, conduct process validation to ensure that the process consistently produces results that meet requirements.
  10. Document Verification Activities: Maintain records of all verification activities, including the results, actions taken, and any changes made to the process as a result of the verification findings.
  11. Review and Continuous Improvement: Periodically review the effectiveness of your verification activities and make improvements as necessary. Continuously seek ways to enhance the verification process to prevent defects and nonconformities.
  12. Communication: Ensure effective communication within the organization regarding verification activities and their outcomes. Share important information with relevant stakeholders to support decision-making and improvement efforts.

By implementing planned arrangements for verification at appropriate stages of their processes, organizations can systematically ensure that product and service requirements are met, ultimately leading to improved quality, customer satisfaction, and compliance with quality management standards

2) The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable,by the customer.

This clause requires that an organization decide the verification activities, or simply put, inspection and testing methods that you will put in place to ensure that the product or service is what the customer needs. While determining the adequate level of inspection or testing, you need to look at your complete production process or service delivery process and decide on the stages or points at which verification activities should take place. Such activities may be planned in your quality plan or project programmes. The organization needs to identify, monitor and measure key characteristics of the product or service to verify their conformance to requirements and agreed acceptance criteria. All the planned verification activities should be carried out before the release is made to the customer. In case there is a need to release any intermediate/final product or service to the customer before all planned verifications to that stage have been completed, prior written approval should be obtained from relevant internal authority and/or customer. Planned arrangements for verification can include activities like simulations, trials, functional testing, system testing, performance or load testing, prototypes, inspection which may include in-process or final article inspection, user acceptance testing, product qualification/ certification, third party testing or qualification by a regulator, etc. While planning for these verification activities, an organization should also ensure that they determine the documentation necessary to demonstrate compliance with this clause. Another important aspect is to also determine who is responsible for these activities. In other words, who decides if all product or service characteristics are met. Also, identify what equipment is required for such activities as this equipment may also need to undergo calibrations. Let’s take an example of a software development firm. Verification activities may start at the very beginning of the software development with a detailed requirements review. This may be followed by design reviews and verification, code reviews, system and integration testing. At the end of the project, there may be user acceptance testing which will validate that the product meets the acceptance criteria set by the customer. At each stage of the software development, review and test records are maintained to show compliance. A final inspection may be performed before the final release to ensure that all the test results are passed using sample data. All these are planned arrangements that are substantiated with evidence of conformity at every point. Here’s a breakdown of the key elements involved in this process:

  1. Planned Arrangements: Develop clear and well-documented planned arrangements that specify the criteria, processes, and activities that must be completed before the release of products and services. These arrangements should align with the organization’s quality management system and relevant standards.
  2. Verification and Validation: Implement verification and validation processes to confirm that the products and services meet the specified requirements. This involves conducting inspections, tests, measurements, and other checks to ensure quality compliance.
  3. Review and Approval: Establish a review and approval process to evaluate whether the planned arrangements have been satisfactorily completed. Relevant personnel or authorities, often within the organization, should assess the results and make decisions regarding release.
  4. Relevant Authority Approval: If the planned arrangements have not been fully completed, and there is a need to release products or services for specific reasons, approval from a relevant authority within the organization is required. This authority should have the knowledge and authority to make informed decisions.
  5. Customer Approval (If Applicable): In some cases, especially when customer requirements are stringent or contractual agreements mandate it, seek approval from the customer before releasing products or services that deviate from the planned arrangements. This is particularly important for customized or critical projects.
  6. Concessions and Documentation: If there are deviations or nonconformities identified during the verification process, document these issues and any associated concessions, corrective actions, or preventive actions taken. Maintain comprehensive records for traceability and accountability.
  7. Communication: Ensure transparent and effective communication within the organization regarding the status of planned arrangements and the decision to release or not. Stakeholders should be informed of any deviations or approved concessions.
  8. Continuous Improvement: Periodically review the effectiveness of the release process and associated planned arrangements. Seek opportunities for improvement to prevent future issues and enhance quality control.
  9. Audit and Compliance: Include the release process in internal and external audits to ensure adherence to quality management standards and regulatory requirements. Audits can help identify areas for improvement.

By adhering to these principles and ensuring that the release of products and services is based on completed planned arrangements and approvals, organizations can minimize the risk of delivering non-conforming products or services to customers. This helps build trust, enhances customer satisfaction, and promotes compliance with quality standards such as ISO 9001.

3) The organization shall retain documented information on the release of products and services.

Maintaining records of the release of products and services is a critical aspect of quality management. These records provide evidence that the organization has followed its planned arrangements, verification processes, and approval procedures to ensure that the delivered products and services meet the specified requirements. Here’s what you should include in these records:

  1. Clearly specify the product or service that is being released. Include details such as product or service names, codes, or identifiers.
  2. Document the date and time when the release occurred. This timestamp is crucial for traceability and historical reference.
  3. Note whether the product or service met the planned arrangements and quality criteria as specified in the organization’s procedures.
  4. Include information about the results of verification and validation activities, such as inspections, tests, measurements, and reviews. This may involve records of test reports, inspection logs, or review findings.
  5. Identify the individuals or authorities responsible for reviewing and approving the release. Document their names, titles, and signatures.
  6. If there were any deviations or nonconformities identified during the verification process, document the reasons for releasing the product or service despite these issues. Include any concessions obtained or corrective actions taken.
  7. If customer approval was required as part of the release process, include records of customer approvals or any communication related to customer consent.
  8. Document any concessions granted, along with details of corrective actions taken to address nonconformities. This may involve records of corrective action plans, implementation dates, and verification of effectiveness.
  9. Ensure that the records are traceable to the specific product or service and that they are controlled to prevent unauthorized changes or tampering.
  10. Specify the retention period for these records in accordance with organizational policies, industry regulations, and applicable quality standards.
  11. Ensure that these records are easily accessible for internal and external audits and inspections.
  12. Maintain a well-organized system for record keeping, whether in physical or electronic form, to facilitate retrieval and reference when needed.

Maintaining records of product and service releases not only demonstrates compliance with quality management standards but also provides a historical record that can be invaluable for audits, customer inquiries, and continuous improvement efforts. Properly documented release records help ensure that products and services meet customer expectations and regulatory requirements.

4) The documented information shall include evidence of conformity with the acceptance criteria and traceability to the person(s) authorizing the release.

IT requires that documented evidence is available with respect to the acceptance criteria set. This clause requires that documentation is maintained to provide evidence of conformity which should also indicate the person(s) authorizing the release of the product. The extent of documentation may be based on the risk involved in the process and complexity of the product or service provided. It could just include a test report which shows the results of the product testing. If the equipment was used for testing or measurements, you may also need records to show equipment or test system used was within the calibration range. You may also need supporting evidence to show that the person who used the calibrated equipment was trained to use that equipment.Other records that provide evidence that acceptance criteria have been met may include release notes or certificates, certificate of conformity, regulatory certificate, etc. The final requirement of Clause 8.6 is the traceability of the person authorizing the release of the product or service. You will need to show that the personnel making the decision to release the product or service has the authority to do so. This could be due to his/her role or position in the organisation, appropriate competency and training or other reason deemed appropriate by the organisation. The information that may be included in verification records can be as simple as a signature on the test report or can include the name of the personnel authorizing the release of the product or service, authorized signatories, stamp impression, their authority status, etc.There may be conditions where a product is released without it meeting the requirements or specification provided by the customer/regulatory body. This also needs to be authorised by a relevant authority and reasons for doing so should also be documented. For example, there may be a case where the customer requests to ship a product early without certain inspection or testing being completed. A copy of such approvals should be maintained within the records of this product shipment. Here’s how to incorporate these elements into your release records:

  1. Evidence of Conformity with Acceptance Criteria: Ensure that the documented information clearly indicates how the product or service conforms to the acceptance criteria. This evidence can take various forms, including:
    • Inspection reports showing that measurements and tests meet specified standards.
    • Certificates of compliance or conformity.
    • Records of reviews and verifications confirming that all requirements have been met.
    • Test results, with values and comparisons against established limits.
    • Any other relevant data or evidence demonstrating compliance.
  2. Traceability to the Person Authorizing the Release:
    • Clearly state the name, title, and authority of the person who authorized the release. Include their signature or electronic approval to provide a clear link between the release decision and the responsible individual.
    • Ensure that the documented information includes a date and timestamp for the authorization, allowing for traceability of the release decision to a specific point in time.
  3. Record Format: Create a structured record format that includes fields or sections for the evidence of conformity and the authorization details. This format should be standardized to facilitate consistency and ease of reference.
  4. Retention and Accessibility:
    • Store these records in a manner that ensures their retention and easy retrieval during audits or inspections.
    • Implement controls to protect the integrity and security of the records to prevent unauthorized alterations.
  5. Integration with Quality Management Systems (QMS):
    • Integrate the release documentation into your organization’s QMS, making it a part of the overall quality control process.
    • Ensure that personnel responsible for authorizing releases are aware of and follow established procedures for recording their approvals.
  6. Continuous Improvement:
    • Periodically review the release records to identify opportunities for improvement in the release process and documentation.
    • Consider feedback and lessons learned to enhance the traceability and evidence of conformity in release documentation.

Documented information that includes evidence of conformity with acceptance criteria and traceability to the authorizing authority not only helps demonstrate compliance with quality management standards but also enhances accountability and transparency in the product and service release process. It provides a clear record of the decision-making process and the basis for releasing products and services to customers or end-users.

ISO 9001:2015 Clause 8.7 Control of nonconforming outputs

ISO 9001:2015 Requirements

8.7.1 The organization shall ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.
The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.
The organization shall deal with nonconforming outputs in one or more of the following ways:
a) correction;
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for acceptance under concession.
Conformity to the requirements shall be verified when nonconforming outputs are corrected.
8.7.2 The organization shall retain documented information that:
a) describes the nonconformity;
b) describes the actions taken;
c) describes any concessions obtained;
d) identifies the authority deciding the action in respect of the nonconformity.

1) The organization shall ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.

This clause requires that an organization identify the outputs that do not conform to the requirements of the customer, and control these to prevent their unintended use or delivery. Outputs do not necessarily mean defective products or errors in service delivery, this could be any in-process output as well. This could include errors in the design document, issues with the invoice, issues in understanding the requirements of the customer, or a faulty product. The intent of the clause is that non-conforming process outputs, products or services are not delivered to the customer or used internally inadvertently. Identifying non-conforming process outputs, products and services, and taking adequate steps to ensure that it is not delivered to the customer in that form or is not used as an input to the next processing activity, is important to ensure the overall quality of the product or service. A non-conforming output when not identified or controlled can lead to a number of quality issues that will eventually reach the customer. A defective product or bad quality service is never appreciated by a customer, and can lead to customer dissatisfaction. Therefore, it is important that organizations identify all stages that generate process outputs, and put in place mechanisms to identify non-conforming outputs, and have a defined set of steps to handle such non-conforming outputs. Output here means any output from the process, product or service.Identifying and controlling non-conforming output is a critical aspect of quality management within an organization. Non-conforming output refers to products, services, or processes that do not meet established quality standards or specifications. Here’s a step-by-step guide on how to identify, control, and prevent the unintended use or delivery of non-conforming output:

  1. Clearly define quality standards, specifications, and criteria for your products, services, or processes. These standards serve as the basis for determining what constitutes non-conformance.
  2. Develop and document standard operating procedures (SOPs) that outline the processes and criteria for quality control and assurance. Ensure that all employees have access to and are trained on these procedures.
  3. Implement regular inspections and testing processes throughout the production or service delivery cycle to identify non-conforming output. Use various tools and techniques, such as statistical process control (SPC) or Six Sigma methodologies, to monitor and measure quality.
  4. Establish a formal process for reporting non-conforming output. Anyone who identifies a non-conformance should document it and report it to the appropriate personnel, such as quality control teams or supervisors.
  5. Once non-conforming output is identified, segregate it from conforming output to prevent mixing. Clearly label or tag non-conforming items to ensure they are not inadvertently used or delivered.
  6. Conduct a root cause analysis to determine why the non-conformance occurred. Identifying the underlying causes helps in implementing corrective and preventive actions to avoid future occurrences.
  7. Develop corrective action plans to address the identified root causes. These actions may involve rework, repair, or disposal of non-conforming items. Ensure that corrective actions are effective in preventing recurrence.
  8. Implement preventive measures to proactively avoid non-conforming output in the future. This might involve process improvements, employee training, or equipment maintenance.
  9. : Maintain comprehensive records of all non-conforming output, including the actions taken to address each instance. This documentation is essential for audit purposes and continuous improvement efforts.
  10. Implement a robust change control process that ensures any changes to products, services, or processes are thoroughly reviewed and validated to prevent unintended non-conformance.
  11. Regularly review and assess the effectiveness of your non-conformance control procedures. Continuously seek ways to improve processes and reduce the occurrence of non-conforming output.
  12. Train your employees on the importance of identifying and reporting non-conforming output. Create a culture of quality and awareness throughout the organization.
  13. Extend your non-conformance control processes to include suppliers and their products or services. Ensure that your suppliers meet your quality standards and provide non-conforming material control processes for incoming materials.

By following these steps and maintaining a strong commitment to quality management, organizations can effectively identify, control, and prevent the unintended use or delivery of non-conforming output, ultimately improving customer satisfaction and minimizing quality-related risks.

2) The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services.

The first step in getting this clause implemented is to identify the process outputs, products or services that do not conform to the requirements, be it customer requirement or other requirements. For each “nonconforming” process outputs, products or services, adequate controls should be established by the organization to ensure that such non-conforming outputs are not delivered to the customers or used unintentionally internally as part of the input to another process. These non-conforming outputs may be found during self-reviews, peer reviews, testing or inspection methods established at various stages of the process. While non-conformities in an organization are expected at any stage of work, what ISO 9001 requires is that these are identified timely and handled efficiently whenever they are presented. In other words, non-conformity will eventually occur, but what is required is that the nonconformity is identified and addressed. Adequate actions should be planned for each non-conforming output. It is not necessary that for each output, the same action may be required. The action should be proportionate to the nature of the nonconformity and the impact of the output on the final product or service. An erroneous invoice may just need to be corrected, but a defective part that is part of the final product should either be fixed or segregated or returned (if supplied by a supplier) to ensure that it is not used (as it is) to produce the final product. Taking appropriate action based on the nature of nonconformities is a fundamental principle of quality management systems. Here’s how organizations can determine appropriate actions based on the nature of nonconformities and their impact on product or service conformity:

  1. Begin by thoroughly assessing the nonconformity. This involves understanding the nature and extent of the deviation from established quality standards, specifications, or requirements.
  2. Evaluate the potential impact of the nonconformity on the conformity of products or services. Consider factors such as safety, customer requirements, regulatory compliance, and the severity of the issue.
  3. Categorize the nonconformity based on its severity. Common categories may include critical, major, and minor nonconformities. These categories help prioritize corrective actions.
  4. Implement immediate containment measures to prevent the nonconforming product or service from reaching the customer or causing further issues within the organization. This may involve quarantine, rework, or removal of affected items.
  5. Conduct a root cause analysis to identify the underlying reasons for the nonconformity. Understanding the root causes is crucial for implementing effective corrective and preventive actions.
  6. Develop and implement corrective actions to address the root causes and eliminate the nonconformity. These actions aim to correct the immediate issue and prevent its recurrence.
  7. Implement preventive actions to proactively address any systemic or potential issues that could lead to similar nonconformities in the future. This helps improve overall process stability and quality.
  8. Communicate the nonconformity and the actions taken to relevant stakeholders, including customers if necessary. Transparency is essential for maintaining trust and ensuring appropriate response.
  9. Maintain comprehensive records of the nonconformity, actions taken, and their effectiveness. Proper documentation is essential for tracking progress, demonstrating compliance, and facilitating continuous improvement.
  10. Review and verify the effectiveness of corrective and preventive actions. Ensure that the actions taken have indeed resolved the nonconformity and prevent its recurrence.
  11. Encourage feedback from employees and stakeholders to identify further opportunities for improvement in quality management processes.
  12. Include nonconformities and their resolution in internal and external audits to demonstrate adherence to quality standards and regulatory requirements.

The specific actions taken will vary depending on the nature and impact of each nonconformity. Organizations should have documented procedures and guidelines in place to ensure consistency and effectiveness in responding to nonconformities and continuously strive to improve their processes to minimize the occurrence of nonconformities in the first place.

3) This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.

This requirement also applies to nonconforming products or services that are identified after delivery to the customers. So, if a customer reports a defect in the software that you delivered, and he/she is not able to operate the system any further, it’s a showstopper and needs an immediate correction. On the other hand, a bug which is only a small issue that does not hamper his work, for example, a ‘button is not getting displayed at the right place’, may be fixed in the next release. The action should be proportionate to the magnitude of the problem that you have in hand. Addressing nonconforming products and services detected after delivery or during/after the provision of services is crucial for maintaining customer satisfaction and upholding the organization’s quality standards. Here’s how organizations can take appropriate action in these situations:

  1. Isolate the Nonconforming Product or Service: Immediately segregate and isolate the nonconforming product or service to prevent further distribution or use.
  2. Document the Nonconformity: Thoroughly document the nonconformity, including its nature, location, and the circumstances of its discovery. Detailed documentation is essential for investigations and corrective actions.
  3. Investigate the Root Cause: Conduct a root cause analysis to determine why the nonconformity occurred. Identifying the underlying reasons is critical to preventing similar issues in the future.
  4. Notify Relevant Parties: Inform all relevant parties, including customers if necessary, about the nonconformity. Transparent and timely communication is essential for managing customer expectations and resolving issues.
  5. Corrective Actions: Develop and implement corrective actions to address the root causes and rectify the nonconformity. This might involve repairs, replacements, refunds, or other appropriate measures.
  6. Preventive Actions: Implement preventive actions to prevent the recurrence of similar nonconformities in the future. This could involve process improvements, employee training, or quality control enhancements.
  7. Customer Feedback and Resolution:If the nonconformity affects a customer, work closely with the customer to resolve the issue to their satisfaction. This may involve addressing their specific needs and concerns.
  8. Documentation and Records:Maintain detailed records of the nonconformity, actions taken, and their effectiveness. Proper documentation is critical for tracking progress and demonstrating compliance.
  9. Continuous Improvement: Use the lessons learned from addressing nonconforming products and services to drive continuous improvement in your organization’s processes and systems.
  10. Audit and Compliance: Include nonconforming products and services, as well as the actions taken to address them, in internal and external audits to ensure adherence to quality standards and regulatory requirements.
  11. Feedback Loop: Establish a feedback loop to collect and analyze data on nonconformities and their resolution. This information can be invaluable for preventing future issues.
  12. Supplier Feedback: If the nonconforming product or service is linked to a supplier, provide feedback to the supplier to ensure they address the issue and prevent its recurrence.

Addressing nonconformities detected after delivery or during/after the provision of services is not only a requirement for quality management but also an opportunity to demonstrate commitment to customer satisfaction and continuous improvement. Organizations that effectively handle such situations can build trust with their customers and stakeholders while minimizing the impact of nonconforming products and services on their reputation and operations.

4) The organization shall deal with nonconforming outputs in one or more of the following ways correction; segregation, containment, return or suspension of provision of products and services; informing the customer; obtaining authorization for acceptance under concession.

There are a number of ways that the organization can use to deal with nonconforming process outputs, products or services. The selection of the right methods depends on the necessity of the process. This may include one or multiple methods being applied to the non-conforming item:

a) Correction: Correction involves taking action to rectify the nonconformity so that it meets the required quality standards. This may include rework, repair, adjustment, or any other appropriate measures to bring the nonconforming output into conformity.

b) Segregation, Containment, Return, or Suspension: Depending on the severity of the nonconformity, organizations may choose to:

  • Segregate: Physically separate nonconforming products or services from conforming ones to prevent mixing.
  • Containment: Implement immediate measures to prevent the nonconforming product or service from reaching customers or causing further issues.
  • Return: If applicable, return nonconforming products to the supplier or manufacturer.
  • Suspension: Temporarily suspend the provision of products or services until the nonconformity is addressed.

c) Informing the Customer:In situations where the nonconformity has the potential to affect the customer, it is important to transparently communicate the issue to the customer. This allows them to make informed decisions and may involve providing options for resolution, such as replacement, repair, or refunds.

d) Obtaining Authorization for Acceptance under Concession: Sometimes, organizations may seek authorization from relevant parties, including customers or regulatory authorities, to accept nonconforming outputs under specific conditions or concessions. This typically occurs when the nonconformity poses minimal risk or when alternative solutions are not readily available.

The choice among these options depends on factors such as the nature and severity of the nonconformity, customer requirements, regulatory compliance, and the organization’s quality management procedures. It’s important for organizations to have well-documented processes and guidelines in place to ensure that appropriate actions are taken to address nonconforming outputs effectively and in accordance with established standards and requirements.If the organization decides to correct a nonconforming process output, product or service, then it must verify that the action it has taken has restored the process output, product or service conformity to the requirement.

5) Conformity to the requirements shall be verified when nonconforming outputs are corrected.

Verifying conformity to requirements is a crucial step after correcting nonconforming outputs. This verification ensures that the corrective actions taken have effectively addressed the nonconformity and that the product or service now meets the specified quality standards. Here’s how organizations typically verify conformity after correcting nonconforming outputs:

  1. Correction of Nonconforming Output: First, implement the necessary corrective actions to address the nonconformity. This may involve rework, repair, adjustments, or other measures to bring the product or service into conformity with the requirements.
  2. Documentation: Properly document the corrective actions taken, including details of what was done, who performed the actions, and when they were completed. Documentation is essential for traceability and audit purposes.
  3. Verification Process: After the correction is completed, initiate a verification process to confirm that the nonconforming output has been successfully corrected. This process may include a combination of the following steps:
    • Inspection and Testing: Conduct inspections and tests to ensure that the corrected product or service meets the specified requirements. This may involve using the same criteria used during initial inspections.
    • Review and Approval: Depending on your organization’s procedures, involve relevant personnel in reviewing and approving the corrected product or service to ensure it aligns with the requirements.
    • Records Review: Examine the documentation related to the corrective actions to confirm that all necessary steps were taken and that the actions were effective in addressing the nonconformity.
  4. Release for Use or Delivery: Once verification confirms that the corrected product or service conforms to the requirements, it can be released for use or delivery. Ensure that there is a clear process in place for releasing products or services from correction to regular workflow.
  5. Record Keeping:Maintain comprehensive records of the verification process, including the results of inspections, tests, reviews, and approvals. These records serve as evidence of conformity and can be valuable for audits and quality monitoring.
  6. Feedback Loop: Establish a feedback loop to continuously monitor the effectiveness of corrective actions. If any issues or nonconformities reoccur, take additional corrective and preventive actions as necessary.

By verifying conformity after correcting nonconforming outputs, organizations ensure that the product or service meets the required quality standards and reduces the risk of recurring nonconformities. This verification step is integral to maintaining quality, satisfying customer expectations, and adhering to requirement of quality management system .

6) The organization shall retain documented information that describes the nonconformity; describes the actions taken; describes any concessions obtained; and identifies the authority deciding the action in respect of the nonconformity.

SO 9001 standard also requires that an organization records non-conformities and how these were handled. Typically, a report is created to record all the non-conformities. This report, usually called as Non-Conformity Log, should include at least the below details:

  1. Description of the Issue:Document a clear and detailed description of the nonconformity. This should include information about what the nonconformity is, where it was identified, its severity or impact, and any relevant details that help in understanding the nature of the nonconformity. The problem or the issue identified should be clearly defined. All information gathered using techniques like 5Why’s and 1 How i.e., who, why, what, when, where and how will help in understanding the issue and creating the right action plans. The detail should include what non-conforming indicators were found.
  2. Describe the immediate actions taken to fix the issue. Document the actions taken to address and correct the nonconformity. This includes a step-by-step account of the corrective actions implemented, who performed them, when they were executed, and any other pertinent details regarding the resolution process.This should describe the procedures taken to correct the problem and prevent it from repeating in the future.
  3. Any concessions from the customer in accepting the non-conforming product.  If you have such scenarios where the customer may authorize acceptance of a faulty product or service, the same shall be recorded. The customer could be either internal or external.If the organization has obtained any concessions, waivers, or authorizations related to the nonconformity, document these details. Describe the conditions, terms, and reasons for obtaining these concessions.
  4. Identify the person responsible who authorizes the fix. It is important to find out if the fix has eliminated the problem. This should be done by a person who is authorized to do so. He shall re-validate the output to ensure the fix is done appropriately. Clearly identify the authority or individual responsible for deciding the appropriate actions in response to the nonconformity. This includes specifying who authorized the corrective actions, concessions, or other measures related to the nonconformity.I

All such non-conformance records that detail out the non-conformance and actions taken to fix such issues should be retained by the organization. The whole process of identifying and controlling non-conforming products, services, and process outputs is intended to keep an organization alert on inputs and outputs of processes.t’s important to emphasize that proper documentation is critical for traceability, transparency, and compliance with quality management system standards. Documented information related to nonconformities provides a historical record that can be valuable for audits, continuous improvement, and ensuring that the organization consistently follows its quality management procedures.Here are the key documents and records associated with Clause 8.7:

  1. Procedure for Control of Nonconforming Outputs: Organizations are typically required to have a documented procedure that outlines how nonconforming products or services will be identified, evaluated, segregated, corrected, and verified.
  2. Records of Nonconforming Outputs: Organizations must maintain records of nonconforming products or services. These records should include information about the nature of the nonconformity, its identification, its location, and any relevant details about its impact or severity.
  3. Corrective and Preventive Action Records: When nonconforming outputs are identified and corrected, records of the corrective and preventive actions taken should be maintained. This includes details about what actions were taken, who performed them, when they were executed, and their effectiveness.
  4. Records of Concessions Obtained: If the organization obtains concessions or authorizations for acceptance of nonconforming products or services, records of these concessions should be documented. This includes the conditions, terms, and reasons for obtaining such concessions.
  5. Verification Records: Records of the verification process to confirm the conformity of corrected nonconforming outputs should be maintained. This includes information on inspections, tests, reviews, and approvals related to the verification process.
  6. Authority Designation Records: Records should identify the authority or individual responsible for deciding the appropriate actions regarding nonconforming outputs. This helps establish accountability within the organization.
  7. Feedback and Improvement Records: Organizations should maintain records related to the feedback loop for nonconforming outputs. This includes records of any recurring issues and the corresponding corrective and preventive actions taken to address them.
  8. Documentation of Customer Communication: If nonconforming outputs have the potential to affect customers, organizations should document the communication with customers regarding the nonconformities, including any agreed-upon resolutions.

These documents and records are critical for demonstrating conformity with ISO 9001:2015 requirements and for ensuring effective control of nonconforming outputs. They also serve as valuable tools for tracking and improving the organization’s quality management processes. Properly maintained records are essential for audit purposes and for continuous improvement efforts.

Example of Procedure for Control of Nonconforming Outputs

Objective: To define the process for identifying, evaluating, and controlling nonconforming outputs to ensure that they are addressed in a manner consistent with quality requirements and regulatory standards.

Scope: This procedure applies to all employees and processes within the organization that have the potential to generate nonconforming products or services.

Responsibilities:

  • Quality Manager: Responsible for overall oversight of the procedure.
  • Department Heads/Supervisors: Responsible for identifying, documenting, and reporting nonconforming outputs within their respective departments.
  • Corrective and Preventive Action Team: Responsible for implementing corrective and preventive actions as required.

Procedure Steps:

1. Identification of Nonconforming Outputs: a. Nonconforming outputs may be identified through internal inspections, customer complaints, process monitoring, or other sources. b. Any employee who identifies a nonconformity should immediately document it and report it to their supervisor or department head.

2. Documentation of Nonconformity: a. The individual who identifies the nonconformity should document it using the Nonconforming Output Report Form. b. The form should include details such as the nature of the nonconformity, its location, date of identification, and any relevant information about its impact.

3. Evaluation and Categorization: a. The department head or supervisor reviews the Nonconforming Output Report to assess the severity and impact of the nonconformity. b. The nonconformity is categorized as critical, major, or minor based on predefined criteria.

4. Corrective Action: a. For critical nonconformities, immediate containment measures are implemented to prevent further distribution or use. b. A Corrective Action Team is assigned to investigate the root cause and develop corrective action plans. c. Corrective actions are documented, including what was done, who performed the actions, and when they were completed.

5. Verification of Corrective Action: a. The Corrective Action Team verifies the effectiveness of corrective actions through inspections, tests, or other suitable means. b. Once verified, the nonconforming output is re-evaluated to ensure it meets quality requirements.

6. Records and Documentation: a. All records related to nonconforming outputs, corrective actions, and verifications are properly maintained and stored. b. Records are made available for internal and external audits as required.

7. Communication: a. If the nonconformity affects a customer, communicate the issue transparently, along with proposed resolutions and timelines.

8. Continuous Improvement: a. Periodically review the procedure and associated processes to identify opportunities for improvement in nonconformity identification, evaluation, and corrective action.

9. Authority Designation: a. The Quality Manager is responsible for authorizing the final disposition of nonconforming outputs.

10. Concessions: a. Any concessions or authorizations for acceptance of nonconforming outputs are documented and maintained as per the organization’s policies.

ISO 9001:2015 Clause 10.3 Continual improvement

ISO 9001:2015 Requirement

The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system.
The organization shall consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.

1)The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system.

To continually improve the suitability, adequacy, and effectiveness of the quality management system (QMS), organizations can follow a structured and systematic approach. Here are steps and practices to achieve this:

  1. Leadership Commitment:
    • Ensure that top management is committed to the continuous improvement of the QMS.
    • Clearly communicate the importance of continual improvement throughout the organization.
  2. Establish a Framework:
    • Develop a documented framework for continual improvement, which may include policies, procedures, and guidelines.
    • Define roles and responsibilities for those involved in the improvement process.
  3. Performance Monitoring:
    • Regularly monitor and measure the performance of the QMS using relevant metrics and key performance indicators (KPIs).
    • Analyze data to identify trends, areas of improvement, and potential issues.
  4. Customer Feedback:
    • Collect and analyze customer feedback to understand their needs and expectations.
    • Use customer input to identify areas where the QMS can be enhanced to better meet customer requirements.
  5. Internal Audits:
    • Conduct regular internal audits of the QMS to identify non-conformities and areas for improvement.
    • Ensure that corrective and preventive actions are taken to address audit findings.
  6. Employee Involvement:
    • Encourage employees at all levels to contribute ideas and suggestions for improvement.
    • Establish a culture of continuous improvement where employees feel empowered to propose changes.
  7. Root Cause Analysis:
    • When issues or non-conformities are identified, use root cause analysis techniques (e.g., 5 Whys, Fishbone Diagrams) to determine the underlying causes.
    • Address the root causes to prevent recurrence.
  8. Set Objectives and Targets:
    • Define clear and measurable improvement objectives and targets for the QMS.
    • Ensure that these objectives are aligned with the organization’s overall goals and quality policy.
  9. Action Plans:
    • Develop action plans for achieving the defined objectives and targets.
    • Assign responsibilities and deadlines for each action.
  10. Training and Skill Development:
    • Provide training and development opportunities to employees to enhance their skills and knowledge related to the QMS.
    • Ensure that employees are competent in their roles.
  11. Documentation and Documentation Control:
    • Keep documentation related to the QMS up to date.
    • Ensure that documented processes and procedures reflect the most current practices.
  12. Risk Management:
    • Assess and manage risks that could impact the QMS’s suitability, adequacy, and effectiveness.
    • Develop strategies to mitigate or respond to identified risks.
  13. Management Reviews:
    • Hold regular management reviews of the QMS to assess its performance and identify areas for improvement.
    • Use management review meetings to make strategic decisions about the QMS.
  14. Feedback Loops:
    • Create feedback loops within the organization to gather input and ideas from various departments and teams.
    • Encourage cross-functional collaboration in improvement efforts.
  15. Continual Learning:
    • Stay informed about industry best practices, changes in regulations, and emerging technologies that could impact the QMS.
    • Adapt and update the QMS as needed to stay current.
  16. Communication: Communicate improvements and changes in the QMS to relevant stakeholders, both internally and externally.

Remember that continual improvement is an ongoing process. It requires dedication, monitoring, adaptation, and a commitment to making the QMS more effective in delivering quality products or services and meeting organizational goals. Regularly assess the results of improvement efforts and make adjustments as necessary to ensure long-term success.

2) The organization shall consider the results of analysis and evaluation to determine if there are needs or opportunities that shall be addressed as part of continual improvement.

To consider the results of analysis and evaluation to determine the needs or opportunities for continual improvement, organizations should follow a structured process. Here’s a step-by-step guide on how to effectively use data-driven insights to identify areas that require improvement:

  1. Define Objectives and Scope:
    • Clearly define the objectives of your analysis and evaluation efforts. What specific aspects of the organization are you assessing, and what are your goals for improvement?
    • Identify the scope of your analysis, including which processes, products, services, or areas of the organization will be evaluated.
  2. Data Collection:
    • Gather relevant data from various sources. This may include:
      • Performance metrics and KPIs
      • Customer feedback and complaints
      • Internal audit reports
      • Employee feedback and suggestions
      • Market research
      • Competitor analysis
      • Regulatory or compliance data
  3. Data Analysis:
    • Use appropriate data analysis techniques to examine the collected data. Common methods include statistical analysis, trend analysis, and root cause analysis.
    • Identify patterns, trends, anomalies, and areas of concern within the data.
    • Categorize data into different themes or areas of focus, such as quality, efficiency, customer satisfaction, or compliance.
  4. Prioritization:
    • Prioritize the identified areas based on their impact on the organization’s goals and objectives.
    • Consider factors such as:
      • The severity of the issue or the potential benefit of the opportunity.
      • The level of risk associated with not addressing the issue or seizing the opportunity.
      • The available resources (time, budget, personnel) for improvement initiatives.
  5. Needs Assessment:
    • For areas identified as needs (problems, deficiencies, or non-conformities), conduct a deeper assessment to understand the root causes.
    • Use techniques like the “5 Whys” or Fishbone Diagrams to trace issues back to their origins.
    • Develop a clear understanding of why these needs exist and what impact they have on the organization.
  6. Opportunity Assessment:
    • For areas identified as opportunities, brainstorm potential improvement ideas.
    • Consider innovative approaches, best practices from other industries, and feedback from customers and employees.
    • Evaluate the feasibility and potential benefits of each opportunity.
  7. Action Planning:
    • Develop detailed action plans for addressing both needs and opportunities.
    • Specify the actions to be taken, responsible individuals or teams, timelines, and success criteria.
    • Ensure that action plans are aligned with the organization’s overall strategy and quality policy.
  8. Implementation:
    • Execute the action plans according to the defined timelines and responsibilities.
    • Monitor progress and make adjustments as necessary.
  9. Continuous Monitoring and Review:
    • Continuously monitor the results of improvement initiatives.
    • Regularly review and update action plans based on feedback and changing circumstances.
  10. Communication and Feedback:
    • Communicate the results of analysis, improvement initiatives, and progress to relevant stakeholders within the organization.
    • Encourage feedback and input from employees, as well as customers, to ensure that improvement efforts are on track.
  11. Documentation:
    • Document the entire process, including the analysis, prioritization, action plans, and outcomes.
    • Maintain records to demonstrate compliance with quality management standards and regulations.
  12. Continuous Learning and Adaptation:
    • Foster a culture of continuous learning and adaptability within the organization.
    • Stay informed about industry best practices, emerging technologies, and changing customer needs that may present new opportunities for improvement.

By following this systematic approach, organizations can effectively consider the results of analysis and evaluation to identify needs and opportunities for continual improvement. This approach ensures that improvement efforts are well-informed, focused on key priorities, and aligned with the organization’s strategic goals.

3) The organization shall consider the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.

The outputs from management review provide valuable insights and strategic direction for organizations to determine needs and opportunities for continual improvement. Here’s how an organization can effectively consider these outputs to drive improvement:

  1. Conduct Regular Management Reviews:
    • Ensure that management reviews are conducted at planned intervals, as required by quality management standards (e.g., ISO 9001). These reviews typically involve top management or key decision-makers.
  2. Review Relevant Outputs:
    • During the management review process, various outputs and documents are typically discussed and reviewed. These may include:
      • Performance Metrics and KPIs: Examine data on key performance indicators, which can indicate areas of success or concern.
      • Customer Feedback and Complaints: Analyze customer feedback and complaints to identify patterns or recurring issues.
      • Audit Findings: Review internal and external audit reports to identify non-conformities or areas of weakness.
      • Risk Assessments: Evaluate risk assessments to understand potential threats and opportunities.
      • Quality Policy and Objectives: Ensure alignment of the QMS with the organization’s quality policy and objectives.
      • Resource Allocation: Assess the allocation of resources, including budget, personnel, and technology, to identify areas that may require additional support.
  3. Identify Needs and Opportunities:
    • Based on the information discussed during the management review, identify areas within the organization that require attention. These can be categorized as needs or opportunities:
      • Needs: These are areas where there are clear deficiencies, non-conformities, or issues that require corrective action. For example, recurring customer complaints or audit findings.
      • Opportunities: These are areas where improvements or innovations can enhance performance, customer satisfaction, or efficiency. They may not necessarily be associated with immediate problems but represent potential areas for growth or enhancement.
  4. Prioritize Areas for Improvement:
    • Prioritize the identified needs and opportunities based on their significance and potential impact on the organization’s goals, customer satisfaction, and compliance.
    • Consider the level of risk associated with each area, as well as the available resources for improvement initiatives.
  5. Develop Action Plans:
    • Create detailed action plans for addressing the identified needs and opportunities. Specify the actions to be taken, responsible individuals or teams, timelines, and success criteria.
    • Ensure that action plans align with the organization’s strategic objectives and quality policy.
  6. Implementation:
    • Execute the action plans according to the defined timelines and responsibilities.
    • Monitor progress and make adjustments as necessary.
  7. Continuous Monitoring and Review:
    • Continuously monitor the results of improvement initiatives.
    • Regularly review and update action plans based on feedback and changing circumstances.
  8. Communication and Feedback:
    • Communicate the results of the management review and the subsequent improvement efforts to relevant stakeholders within the organization.
    • Encourage feedback and input from employees, as well as customers, to ensure that improvement efforts are on track.
  9. Documentation:
    • Document the outputs of the management review, including decisions made and action plans.
    • Maintain records to demonstrate compliance with quality management standards and regulations.
  10. Continuous Learning and Adaptation:
    • Foster a culture of continuous learning and adaptability within the organization.
    • Stay informed about industry best practices, emerging technologies, and changing customer needs that may present new opportunities for improvement.

By systematically considering the outputs from management review, organizations can align their improvement efforts with strategic priorities and ensure that resources are allocated effectively to address both immediate needs and long-term opportunity for growth and excellence.

Documented Information Required

This clause emphasizes the importance of maintaining records and documents that demonstrate the organization’s efforts in continually improving its quality management system (QMS). Here are the specific documents and records required by Clause 10.3:

1. Documented Information of Continual Improvement Objectives:Organizations are required to document their objectives for continual improvement of the QMS. This document should outline what the organization aims to achieve in terms of QMS improvements.

2. Evidence of Results of Improvement Initiatives: Organizations should maintain records or documented evidence of the results achieved from their continual improvement initiatives. This includes any actions taken to address identified needs or opportunities for improvement.

3. Records of Management Reviews: Records of management reviews, which include discussions and decisions related to continual improvement, should be maintained. These records demonstrate how top management is actively involved in the improvement process.

4. Records of Corrective Actions: Any corrective actions taken in response to identified non-conformities or issues should be documented. This includes details of the non-conformity, the corrective action taken, and verification of its effectiveness.

5. Records of Preventive Actions: Similar to corrective actions, organizations should maintain records of preventive actions. These records should document the proactive steps taken to prevent potential issues from occurring.

6. Records of Changes in the QMS: Whenever changes are made to the QMS, records of those changes should be maintained. This includes any updates to processes, procedures, or documentation that result from improvement initiatives.

7. Records of Monitoring and Measurement Results: Records of monitoring and measurement results related to QMS performance should be maintained. This includes data on key performance indicators (KPIs), customer feedback, and internal and external audit findings.

8. Records of Customer Feedback: Customer feedback, whether it’s complaints or compliments, should be recorded and analyzed as part of the continual improvement process. This information helps identify areas where improvements are needed.

9. Records of Internal Audits: Records of internal audits, including audit plans, audit reports, and corrective actions resulting from audit findings, should be maintained. These records demonstrate the organization’s commitment to evaluating its QMS.

10. Records of Employee Suggestions and Involvement: If employees contribute suggestions for improvement or actively participate in improvement initiatives, records of their input and involvement should be documented.

11. Documentation of Improvement Plans:– When improvement plans are developed, they should be documented. These plans should include details on the objectives, actions to be taken, responsible individuals or teams, timelines, and success criteria.

12. Records of Training and Competence Development: Records of training and competence development programs should be maintained to ensure that employees are equipped with the necessary skills to support improvement initiatives.

These documents and records are essential for demonstrating the organization’s commitment to continual improvement and for providing evidence of compliance with ISO 9001:2015 requirements. Properly maintaining these records also enables organizations to track the effectiveness of their improvement efforts over time and make data-driven decisions to enhance their QMS.

ISO 9001:2015 Clause 10.2 Nonconformity and corrective action

10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:

  1. react to the nonconformity and, as applicable:
    • take action to control and correct it;
    • deal with the consequences;
  2. evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
    • reviewing and analysing the nonconformity;
    • determining the causes of the nonconformity;
    • determining if similar nonconformities exist, or could potentially occur;
  3. implement any action needed;
  4. review the effectiveness of any corrective action taken;
  5. update risks and opportunities determined during planning, if necessary;
  6. make changes to the quality management system, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered.
10.2.2 The organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.

1) When a nonconformity occurs, the organization must react to the nonconformity by taking action to control and correct it; or deal with the consequences;

When a nonconformity occurs within an organization, it is essential to react promptly and effectively to address the issue and ensure that it does not recur. The specific actions taken may vary depending on the nature and severity of the nonconformity, but generally, the organization should follow these steps:

  1. Identify and Document the Nonconformity: The first step is to identify and document the nonconformity. This involves gathering information about what went wrong, where it occurred, when it occurred, and who was involved.
  2. Containment: Once the nonconformity is identified, the organization should take immediate action to contain it. This may involve isolating the affected area, products, or processes to prevent the nonconformity from spreading or causing further damage.
  3. Root Cause Analysis: To prevent similar nonconformities in the future, it’s crucial to determine the root causes of the issue. This involves investigating why the nonconformity occurred in the first place. Tools like the 5 Whys technique or Fishbone (Ishikawa) diagrams are often used for root cause analysis.
  4. Corrective Action: Corrective actions are measures taken to eliminate the root causes of the nonconformity and prevent its recurrence. These actions may include process changes, employee training, equipment maintenance, or any other appropriate steps to address the issue.
  5. Verification of Effectiveness: After implementing corrective actions, the organization should verify their effectiveness. This ensures that the nonconformity has been adequately addressed and that the corrective actions are working as intended.
  6. Preventive Action: In addition to corrective actions, preventive actions are taken to prevent similar nonconformities from occurring in the future. This involves proactively identifying and addressing potential sources of nonconformities to reduce the likelihood of their occurrence.
  7. Documentation and Record Keeping: Throughout the entire process, it is essential to maintain proper documentation and records of the nonconformity, the actions taken, and their outcomes. This documentation is crucial for audit purposes and continuous improvement.
  8. Communication: Effective communication is essential during the entire process. This includes informing relevant stakeholders about the nonconformity, the actions being taken, and the resolution.

So, to answer your question, when a nonconformity occurs, the organization must react by taking action to control and correct it (addressing the immediate issue) and dealing with the consequences (preventing future occurrences). Both corrective and preventive actions are necessary to ensure the organization’s quality, safety, and compliance standards are upheld.

2) When a complaint occurs, the organization must react by taking action to control and correct it; or deal with the consequences;

When a complaint occurs within an organization, the organization must react promptly and effectively to address the complaint and satisfy the customer or stakeholder who raised it. The appropriate reaction typically involves both options you mentioned:

  1. Taking Action to Control and Correct the Complaint:
    • Address the specific issues raised in the complaint by investigating and identifying the root causes.
    • Develop and implement corrective actions to resolve the complaint. These actions should be tailored to the nature of the complaint and should aim to eliminate the root causes.
    • Communicate with the customer or stakeholder who made the complaint, informing them of the actions being taken and providing an estimated timeline for resolution.
    • Ensure that any necessary adjustments are made to products, services, or processes to prevent similar complaints in the future.
    • Monitor and verify the effectiveness of corrective actions to ensure the issue has been adequately addressed.
  2. Dealing with the Consequences of the Complaint:
    • Address any immediate consequences of the complaint, such as providing compensation or refunds to the affected customer if applicable.
    • Evaluate the impact of the complaint on customer satisfaction, reputation, and other relevant factors.
    • If necessary, develop strategies to mitigate the consequences, such as communicating with other stakeholders, conducting public relations efforts, or implementing changes to prevent similar issues in the future.
    • Consider the long-term consequences of the complaint and take steps to improve the organization’s processes and customer service to prevent similar complaints from occurring in the future.

In summary, when a complaint occurs, the organization’s response should be multifaceted, encompassing both corrective actions to address the specific issue and measures to deal with the consequences, which may include repairing relationships with customers and preventing future complaints. Effective complaint management is essential for maintaining customer satisfaction and a positive reputation.

3) The organization must evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere, by reviewing and analysing the nonconformity; determining the causes of the nonconformity; determining if similar nonconformities exist, or could potentially occur

When a nonconformity occurs within an organization, it’s crucial to evaluate the need for action to eliminate the causes of the nonconformity to prevent its recurrence or occurrence elsewhere. This evaluation typically involves a systematic approach, and as you mentioned, it should include the following steps:

a) Reviewing and Analyzing the Nonconformity:

  • Begin by thoroughly reviewing and analyzing the nonconformity. This includes gathering all available information related to the nonconformity, such as incident reports, customer complaints, inspection data, and any other relevant documentation.
  • Examine the details of the nonconformity, including when and where it occurred, who was involved, and its specific impact on products, services, or processes.
  • This review helps in gaining a clear understanding of the nature and scope of the nonconformity.

b) Determining the Causes of the Nonconformity:

  • Conduct a root cause analysis to determine why the nonconformity occurred. This involves identifying the underlying factors and systemic issues that contributed to the nonconformity.
  • Utilize tools like the 5 Whys, Fishbone diagrams (Ishikawa), fault tree analysis, or failure mode and effects analysis (FMEA) to delve into the causes.
  • The goal is to pinpoint the specific weaknesses or failures in processes, procedures, training, or other elements that led to the nonconformity.

c) Determining if Similar Nonconformities Exist or Could Potentially Occur:

  • After identifying the root causes of the nonconformity, assess whether similar nonconformities exist in other parts of the organization or could potentially occur.
  • Review historical data, conduct risk assessments, and evaluate similar processes or products to identify potential areas of concern.
  • This proactive approach helps in preventing the recurrence of similar issues by addressing them before they become nonconformities.

Once these steps are completed, the organization can develop and implement corrective actions to address the specific causes of the nonconformity and preventive actions to minimize the risk of similar nonconformities occurring in the future. This systematic approach to evaluating and addressing nonconformities is a fundamental aspect of quality management systems and continuous improvement processes, such as those outlined in ISO 9001.

4) When the non conformance occurs, the organization must implement any action needed;

When a nonconformity occurs within an organization, it is essential for the organization to implement any necessary actions for several important reasons:

  1. Nonconformities often arise from issues related to product or service quality, safety, or reliability. Failing to address these issues can lead to dissatisfied customers, which can result in loss of business, damage to the organization’s reputation, and potential legal liabilities.
  2. Many organizations operate within regulated industries where compliance with specific standards, laws, or regulations is mandatory. Nonconformities can lead to compliance breaches, which can result in fines, legal actions, or even the suspension of operations. Implementing corrective and preventive actions is necessary to maintain compliance.
  3. Nonconformities can disrupt the normal flow of operations. Addressing these issues promptly can help prevent production delays, increased operational costs, and resource wastage. Implementing actions to correct and prevent nonconformities helps maintain operational efficiency.
  4. Identifying and addressing nonconformities is an essential part of the continuous improvement process. By understanding the root causes of nonconformities and taking action to eliminate them, organizations can enhance their processes, reduce errors, and increase overall efficiency and effectiveness.
  5. Nonconformities often signify risks within an organization. Failing to address these risks can lead to more significant issues down the line. Implementing corrective and preventive actions helps mitigate these risks, preventing potential crises and emergencies.
  6. Nonconformities can result in legal and liability issues, especially in cases where nonconformities lead to harm, injury, or damage. Implementing actions helps demonstrate the organization’s commitment to rectify its mistakes and can reduce the likelihood of legal action.
  7. Addressing nonconformities promptly and effectively can demonstrate to customers that the organization is responsive and committed to providing quality products or services. This can improve customer retention and loyalty.
  8. Nonconformities can harm an organization’s reputation, and a damaged reputation can be challenging to rebuild. Implementing actions to address nonconformities and prevent their recurrence is vital for protecting and managing the organization’s reputation.

In summary, implementing actions to address nonconformities is essential for maintaining customer satisfaction, compliance with regulations, operational efficiency, risk mitigation, and overall organizational health. It is a proactive approach that helps organizations avoid costly consequences and improve their processes over time.

5) The organization must review the effectiveness of any corrective action taken

Reviewing the effectiveness of corrective actions is a crucial step in the process of addressing nonconformities and ensuring that the underlying issues have been adequately resolved. This review is an integral part of a continuous improvement cycle and helps organizations verify that the corrective actions taken have achieved the desired results. Here’s why reviewing the effectiveness of corrective actions is important:

  1. Verification of Problem Resolution: Reviewing effectiveness confirms whether the initial problem or nonconformity has been fully resolved. It ensures that the identified root causes have been addressed and that the issue no longer exists.
  2. Preventing Recurrence: By assessing the effectiveness of corrective actions, organizations can determine whether there is a risk of the nonconformity recurring. This proactive approach helps prevent future occurrences of the same problem.
  3. Ensuring Compliance: In regulated industries, verifying the effectiveness of corrective actions is essential to demonstrate compliance with relevant standards and regulations. Regulatory authorities often require evidence that nonconformities have been adequately addressed.
  4. Customer Satisfaction: Effective corrective actions contribute to improved customer satisfaction. A review of effectiveness helps ensure that the organization’s efforts align with customer expectations, leading to higher levels of satisfaction.
  5. Resource Allocation: Organizations invest resources (time, money, personnel) in implementing corrective actions. Evaluating effectiveness allows organizations to assess whether these resources were well-spent and whether any adjustments are needed.
  6. Continuous Improvement: Reviewing corrective actions is part of the PDCA (Plan-Do-Check-Act) cycle, a fundamental principle of quality management systems. It fosters a culture of continuous improvement by providing feedback on what works and what needs further refinement.
  7. Data-Driven Decision Making: The review process typically involves collecting data and metrics to assess the outcomes of corrective actions. This data can inform future decisions, helping the organization make informed choices about process improvements.
  8. Documentation and Records: Maintaining records of corrective action reviews is essential for audit purposes and to demonstrate due diligence in addressing nonconformities.

To effectively review corrective actions, organizations should establish clear criteria for success, conduct follow-up audits or inspections, and engage relevant stakeholders to provide feedback. If the corrective actions are found to be ineffective or if the nonconformity recurs, the organization should revisit the root cause analysis and implement more robust actions.In conclusion, reviewing the effectiveness of corrective actions is a fundamental step in the process of addressing nonconformities, fostering continuous improvement, and ensuring the long-term health and success of an organization.

6) The organization must update risks and opportunities determined during planning, if necessary;

When a nonconformity occurs within an organization, it can indeed be an opportunity to update and refine the organization’s assessment of risks and opportunities. Here’s how the occurrence of a nonconformity can influence the evaluation of risks and opportunities:

  1. Identifying New Risks: The nonconformity itself can highlight previously unidentified risks. By analyzing the root causes of the nonconformity, the organization may uncover systemic weaknesses or vulnerabilities in its processes, which could lead to the identification of new risks that need to be addressed.
  2. Evaluating the Impact: Nonconformities often have consequences that impact various aspects of the organization, such as product quality, customer satisfaction, or regulatory compliance. Assessing the impact of the nonconformity can provide insights into the severity of certain risks or the potential for risks to materialize.
  3. Reviewing Controls: Nonconformities may reveal weaknesses in existing controls or risk mitigation strategies. Organizations can use these instances to reassess the effectiveness of their current risk management measures and update or strengthen controls as needed.
  4. Opportunities for Improvement: Nonconformities also present opportunities for improvement. By addressing the root causes and implementing corrective and preventive actions, organizations can enhance their processes, reduce errors, and seize opportunities to optimize operations or enhance product quality.
  5. Stakeholder Feedback: Nonconformities often trigger feedback from customers, regulators, or other stakeholders. This feedback can shed light on customer expectations, market trends, and emerging opportunities that the organization may need to consider.
  6. Compliance and Regulatory Implications: Depending on the nature of the nonconformity, there may be compliance or regulatory implications. These may include changes in regulations or standards that affect the organization’s risk profile or create new opportunities.

To effectively update risks and opportunities following a nonconformity, organizations should incorporate the following steps:

  1. Root Cause Analysis: Thoroughly investigate the nonconformity to identify the root causes. This analysis can reveal weaknesses in existing processes and controls, leading to updates in risk assessments.
  2. Risk Assessment: Review and reevaluate the organization’s risk assessment in light of the new information and insights gained from the nonconformity. Consider how the nonconformity impacts risk likelihood and severity.
  3. Opportunity Identification: Similarly, assess how the nonconformity and its resolution might create opportunities for improvement or optimization within the organization. These opportunities can be integrated into the organization’s strategic planning.
  4. Controls and Actions: Determine if adjustments are needed in risk mitigation measures or actions to seize opportunities. Update risk management plans and strategic initiatives accordingly.
  5. Communication: Ensure that relevant stakeholders are informed about the updated risks and opportunities and any corresponding changes in strategies or plans.

By treating nonconformities as learning opportunities, organizations can enhance their risk management practices and strategic planning, ultimately strengthening their ability to navigate challenges and leverage opportunities effectively.

7) When non conformity occurs, organization must make changes to the quality management system, if necessary

When a nonconformity occurs within an organization, it can indeed necessitate changes to the organization’s quality management system (QMS), if such changes are necessary to prevent the recurrence of the nonconformity or to improve the overall effectiveness of the QMS. Here’s why and how changes to the QMS may be required following a nonconformity:

Why Changes to the QMS May Be Necessary:

  1. Preventing Recurrence: The primary goal of addressing a nonconformity is to prevent its recurrence. If the nonconformity is a result of weaknesses in the QMS processes, procedures, or controls, changes to the QMS may be necessary to eliminate these weaknesses.
  2. Continuous Improvement: Nonconformities provide opportunities for learning and improvement. Organizations should view them as feedback mechanisms that can highlight areas where the QMS can be enhanced to prevent similar issues in the future.
  3. Alignment with Standards and Regulations: If the nonconformity resulted in non-compliance with quality standards or regulatory requirements, changes to the QMS may be required to ensure ongoing compliance.
  4. Customer Satisfaction: Nonconformities often impact customer satisfaction. Improving the QMS can lead to better product or service quality, which can in turn enhance customer satisfaction and loyalty.

How to Make Changes to the QMS:

  1. Root Cause Analysis: Begin by conducting a thorough root cause analysis to determine why the nonconformity occurred. Identify weaknesses or gaps in the QMS processes that contributed to the nonconformity.
  2. Corrective Actions: Develop and implement corrective actions to address the root causes of the nonconformity. These actions may include process changes, updated procedures, additional training, or other measures designed to prevent recurrence.
  3. Preventive Actions: In addition to corrective actions, implement preventive actions to minimize the risk of similar nonconformities occurring in the future. This involves proactively identifying and addressing potential sources of nonconformities.
  4. Risk Assessment: Reassess the organization’s risk assessment and management processes to incorporate any new insights gained from the nonconformity. Ensure that identified risks are effectively mitigated.
  5. Quality Policy and Objectives: Review and, if necessary, update the organization’s quality policy and objectives to reflect the changes made to the QMS. Ensure that these documents align with the organization’s commitment to quality.
  6. Documentation: Update relevant documentation, including quality manuals, procedures, work instructions, and process maps, to reflect the changes in the QMS.
  7. Training and Communication: Provide training to employees on the updated QMS processes and procedures. Communicate the changes effectively throughout the organization to ensure everyone is aware of the improvements.
  8. Monitoring and Measurement: Implement new monitoring and measurement processes to track the effectiveness of the changes made to the QMS. Regularly assess whether the changes are achieving the desired outcomes.
  9. Audit and Review: Include the changes in the QMS as part of the organization’s internal audit and management review processes. This ensures ongoing evaluation and improvement.
  10. Continuous Improvement: Establish a culture of continuous improvement within the organization. Encourage employees to report potential nonconformities and suggest improvements to the QMS.

By making necessary changes to the QMS following a nonconformity, organizations can strengthen their quality management processes, enhance product or service quality, and demonstrate a commitment to ongoing improvement. This contributes to the organization’s ability to consistently meet customer requirements and maintain compliance with quality standards.

8) Corrective actions shall be appropriate to the effects of the nonconformities encountered.

Corrective actions taken by an organization should be appropriate to the effects of the nonconformities encountered. This principle is a fundamental aspect of effective quality management and is outlined in various quality management system standards, including ISO 9001. Here’s why it’s important and what it entails:

Why Corrective Actions Should Be Appropriate to the Effects of Nonconformities:

  1. Proportional Response: The corrective actions should be proportionate to the significance and potential impact of the nonconformity. Minor nonconformities may require less extensive actions than major ones. Matching the response to the severity of the nonconformity ensures efficient resource allocation.
  2. Preventing Recurrence: The purpose of corrective actions is to eliminate the root causes of nonconformities and prevent their recurrence. Effective corrective actions directly address the factors that led to the nonconformity, ensuring that similar issues do not arise in the future.
  3. Minimizing Risk: Nonconformities can have varying degrees of risk associated with them. Corrective actions should aim to minimize or mitigate these risks. Inadequate corrective actions can expose the organization to continued risk.
  4. Cost-Efficiency: Implementing corrective actions can involve costs related to time, materials, and labor. Appropriateness ensures that these resources are used efficiently, avoiding unnecessary expenditures.
  5. Customer Satisfaction: Corrective actions that effectively address the effects of nonconformities contribute to improved product or service quality, which can enhance customer satisfaction. Inappropriately applied corrective actions may not fully satisfy customer expectations.

What Appropriate Corrective Actions Entail:

  1. Root Cause Analysis: Begin by conducting a thorough root cause analysis to identify the underlying factors that led to the nonconformity. This analysis informs the selection of appropriate corrective actions.
  2. Tailored Solutions: Develop corrective actions that are tailored to the specific nonconformity. This might involve process changes, training, equipment maintenance, or other measures that directly address the identified root causes.
  3. Effectiveness Assessment: Evaluate the anticipated effectiveness of the corrective actions in preventing recurrence. This assessment should be based on data, analysis, and expert judgment.
  4. Risk Assessment: Consider the potential risks associated with the nonconformity when determining the appropriateness of corrective actions. Actions should aim to reduce or eliminate these risks.
  5. Continuous Improvement: View corrective actions as an opportunity for continuous improvement. Beyond addressing the immediate nonconformity, assess whether the actions can lead to broader process enhancements.
  6. Documentation and Communication: Document the corrective actions taken and communicate them effectively within the organization. Ensure that relevant stakeholders are aware of the actions and their expected outcomes.
  7. Monitoring and Verification: Monitor the implementation of corrective actions and verify their effectiveness. Confirm that the nonconformity has been adequately addressed and that the actions have resulted in the desired improvements.

By ensuring that corrective actions are appropriate to the effects of nonconformities, organizations can effectively manage their quality, mitigate risks, and maintain compliance with quality management standards. This approach fosters a culture of quality and continuous improvement within the organization.

10) The organization shall retain documented information as evidence of the nature of the nonconformities and any subsequent actions taken; and the results of any corrective action.

retaining documented information as evidence of the nature of nonconformities and any subsequent actions taken, as well as the results of corrective actions, is a critical practice for effective quality management and compliance with quality management standards,

Documented Information:

  1. Nonconformity Report (NCR) or Incident Report: ISO 9001 does not prescribe a specific format, but organizations must have a documented process for recording and reporting nonconformities when they are identified. This report should include details such as the nature of the nonconformity, its location, date, and the person who identified it.
  2. Corrective Action Plan: When a nonconformity is identified, organizations should document the plan for corrective action. This plan outlines the actions to be taken to address the nonconformity, including responsibilities, timelines, and resources required.
  3. Records of Corrective Actions: Maintain records of the actions taken to correct nonconformities. These records should include information about what actions were taken, who was responsible, when they were completed, and any supporting evidence or documentation.
  4. Root Cause Analysis: Organizations should document the results of the root cause analysis conducted to determine why the nonconformity occurred. This analysis helps in identifying the underlying causes that need to be addressed to prevent recurrence.
  5. Preventive Action Plan: If the organization identifies potential nonconformities or areas of concern during the corrective action process, a documented preventive action plan may be required. This plan outlines the actions to be taken to prevent similar issues in the future.

Records:

  1. Nonconformity Records: Maintain records of all identified nonconformities, including their descriptions, investigation details, and actions taken to address them. These records serve as historical data and evidence of the organization’s nonconformity management process.
  2. Corrective Action Records: Keep records of all corrective actions implemented, including documentation of the actions, their effectiveness, and any follow-up actions or verifications. These records demonstrate the organization’s commitment to resolving nonconformities.
  3. Preventive Action Records: If preventive actions are taken, maintain records of these actions, including the plan, actions taken, and their effectiveness. These records demonstrate proactive efforts to prevent nonconformities.
  4. Review and Verification Records: Records of reviews, verifications, and assessments conducted to evaluate the effectiveness of corrective and preventive actions should be kept. These records demonstrate that the organization has evaluated whether the actions have achieved the desired results.
  5. Management Review Records: Any discussions or decisions related to nonconformities and corrective actions during management reviews should be documented. This provides evidence of top management’s involvement and commitment to quality improvement.
  6. Training Records: Records of training provided to employees involved in the nonconformity and corrective action process should be maintained. This ensures that personnel are competent to carry out their responsibilities in this regard.

These documents and records collectively provide evidence of an organization’s commitment to addressing nonconformities, continuously improving its processes, and ensuring the effectiveness of its quality management system in accordance with ISO 9001:2015 Clause 10.2. It’s important for organizations to establish clear processes for creating, maintaining, and retaining these documents and records as part of their quality management system.

ISO 9001:2015 Clause 10.1 Improvement-General

10.1 General

The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.

These shall include:
a) improving products and services to meet requirements as well as to address future needs and expectations;
b) correcting, preventing or reducing undesired effects;
c) improving the performance and effectiveness of the quality management system.
NOTE Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.

As per Annex A (Guidance on the use of ISO 14001:2015 standard) of ISO 14001:2015 standard it further explains:

The organization should consider the results from analysis and evaluation of environmental performance, evaluation of compliance, internal audits and management review when taking action to improve. Examples of improvement include corrective action, continual improvement, breakthrough change, innovation and re-organization.

1) The organization shall determine and select opportunities for improvement

Determining and selecting opportunities for improvement is a critical aspect of maintaining a proactive and continually evolving Quality Management System (QMS). Here’s a structured approach to help organizations identify and prioritize opportunities for improvement:

  1. Collect Data and Feedback:
    • Gather feedback from customers through surveys, complaints, and direct communication. Identify areas where customers have expressed dissatisfaction or suggested improvements.
    • Encourage employees to provide feedback on processes, workflows, and potential areas for improvement. Employees often have valuable insights into operational inefficiencies.
    • Analyze key performance indicators (KPIs) and other performance metrics to identify areas where the organization is falling short of targets or benchmarks.
    • Create process maps or flowcharts to visualize current workflows. This can help pinpoint bottlenecks, redundancies, and areas for streamlining.
  2. Risk and Opportunity Assessment:
    • Conduct a thorough risk assessment to identify potential risks that could impact the QMS or the organization’s objectives negatively.
    • Simultaneously, assess opportunities for improvement. Consider how addressing identified risks can create opportunities for enhancing quality, efficiency, or competitiveness.
  3. Benchmarking: Research and compare your organization’s processes, performance, and practices with industry benchmarks and best practices. Identify gaps and areas where improvement is needed to align with or surpass industry standards.
  4. Root Cause Analysis: When issues or non-conformities are identified, perform root cause analysis to determine the underlying causes. Addressing root causes can lead to more effective and lasting improvements.
  5. Brainstorming and Idea Generation: Facilitate brainstorming sessions with cross-functional teams to generate ideas for improvement. Encourage creativity and open discussion to explore new approaches.
  6. Prioritization:
    • Develop criteria for prioritizing improvement opportunities. Consider factors such as potential impact on quality, customer satisfaction, operational efficiency, and strategic alignment.
    • Use methods like the Pareto Principle (80/20 rule) to focus on the vital few improvements that will yield the most significant benefits.
  7. SWOT Analysis: Conduct a SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis to identify internal strengths and weaknesses and external opportunities and threats. Opportunities can often be leveraged for improvement.
  8. Cost-Benefit Analysis: Evaluate the potential costs and benefits associated with each improvement opportunity. Consider factors like implementation costs, timeframes, and expected returns on investment.
  9. Feasibility Assessment: Assess the feasibility of implementing each improvement opportunity. Consider factors such as available resources, technology requirements, and organizational capacity.
  10. Action Planning: Develop detailed action plans for selected improvement opportunities. Define specific objectives, responsibilities, timelines, and resource allocations.
  11. Testing and Piloting: If feasible, consider testing improvement initiatives on a smaller scale (piloting). This allows you to assess their effectiveness before full-scale implementation.
  12. Implementation and Monitoring: Execute the improvement initiatives and closely monitor their progress. Continuously collect data and feedback to assess the impact of the changes.
  13. Review and Adjust: Periodically review the results of improvement initiatives. Adjust strategies and actions based on feedback and performance data to ensure sustained improvement.
  14. Communication: Communicate improvement efforts and their benefits to employees, customers, and relevant stakeholders. Transparency can build support and enthusiasm for change.

By systematically following these steps, organizations can identify, select, and implement opportunities for improvement in a structured and effective manner. The key is to maintain a continuous improvement mindset and integrate improvement efforts into the organization’s culture and processes.

2) Implement any necessary actions to meet customer requirements and enhance customer satisfaction.

To implement necessary actions to meet customer requirements and enhance customer satisfaction, organizations should follow a structured and customer-centric approach. Here are steps to help organizations effectively implement these actions:

  1. Understand Customer Requirements: Begin by thoroughly understanding your customers’ needs, expectations, and preferences. This can be achieved through customer surveys, feedback, direct communication, and market research.
  2. Set Clear Quality Objectives: Based on the information gathered, establish clear and specific quality objectives that align with customer requirements. These objectives should be measurable and achievable.
  3. Cross-Functional Collaboration: Involve cross-functional teams, including representatives from sales, marketing, product development, production, and customer service, in the process. Collaboration ensures that customer-centric actions are integrated throughout the organization.
  4. Quality Planning: Develop a comprehensive quality plan that outlines the specific actions required to meet customer requirements. Consider aspects such as product quality, service quality, on-time delivery, and responsiveness.
  5. Process Improvement: Identify areas within your processes that directly impact customer satisfaction. Implement process improvements to enhance the quality and efficiency of these areas.
  6. Customer-Centric Training: Provide training to employees at all levels to ensure they understand the importance of meeting customer requirements and are equipped with the skills to do so effectively.
  7. Communication and Feedback: Establish effective communication channels for gathering ongoing feedback from customers. Ensure that feedback is promptly addressed and used to drive improvement.
  8. Quality Assurance: Implement quality assurance practices and measures to consistently deliver products or services that meet or exceed customer expectations. This may involve quality control checks, inspections, and testing.
  9. Continuous Monitoring and Measurement: Continuously monitor and measure key performance indicators (KPIs) related to customer satisfaction. Use data to assess performance against quality objectives and identify areas needing improvement.
  10. Root Cause Analysis: When customer issues or complaints arise, conduct root cause analysis to identify the underlying causes. Address these root causes to prevent recurrence.
  11. Corrective and Preventive Actions: Develop and implement corrective actions to address immediate customer concerns. Additionally, establish preventive actions to proactively prevent potential issues.
  12. Technology and Tools: Utilize technology and tools that can enhance customer interactions, streamline processes, and improve the overall customer experience. This may include CRM (Customer Relationship Management) systems, data analytics, and automation.
  13. Performance Reviews: Regularly review and assess the performance of customer-centric actions and initiatives. Adjust strategies and actions based on performance data and feedback.
  14. Employee Recognition and Incentives: Recognize and reward employees for their contributions to customer satisfaction. Encourage a customer-focused culture through incentives and recognition programs.
  15. Supplier Relationships: Ensure that your suppliers and partners align with your commitment to meeting customer requirements. Collaborate with them to enhance the quality of inputs and services they provide.
  16. Transparency and Accountability: Maintain transparency in your actions and decisions related to customer requirements. Hold individuals and teams accountable for meeting quality objectives and customer satisfaction goals.
  17. Regular Customer Reviews: Conduct regular reviews with key customers to discuss their evolving needs, provide updates on improvements, and strengthen the customer-provider relationship.
  18. Legal and Regulatory Compliance: Ensure that your products and services comply with all relevant laws, regulations, and industry standards to build customer trust and confidence.
  19. Continuous Improvement Culture: Foster a culture of continuous improvement, where employees at all levels are encouraged to identify and suggest actions to enhance customer satisfaction.
  20. Communication of Achievements: Publicize and communicate achievements related to meeting customer requirements and enhancing customer satisfaction. This can include marketing materials, testimonials, and public statements.

By following these steps and maintaining a customer-centric approach, organizations can effectively implement actions that not only meet customer requirements but also drive continuous improvement in customer satisfaction, which is essential for long-term success and competitiveness.

3) The organization must determine the opportunity for improving products and services to meet requirements as well as to address future needs and expectations

Identifying opportunities for improving products and services to meet current requirements and address future needs and expectations is vital for the long-term success and sustainability of an organization. Here’s how an organization can systematically determine these opportunities:

  1. Customer Feedback and Engagement:
    • Actively seek feedback from customers through surveys, interviews, and direct interactions.
    • Analyze customer complaints, suggestions, and comments to identify areas for improvement.
    • Engage with customers to understand their evolving needs, preferences, and expectations.
  2. Market Research and Analysis:
    • Conduct market research to stay informed about industry trends, emerging technologies, and changing customer demands.
    • Analyze market data, competitor offerings, and consumer behavior to identify gaps or opportunities for innovation.
  3. Competitive Benchmarking:
    • Compare your products and services with those of your competitors to identify areas where you can differentiate and excel.
    • Evaluate the features, quality, pricing, and customer experience provided by competitors.
  4. Customer Journey Mapping:
    • Map the customer journey to identify touchpoints and interactions with your organization.
    • Pinpoint pain points and areas where customer satisfaction can be enhanced.
  5. Cross-Functional Collaboration:
    • Involve cross-functional teams, including product development, marketing, sales, and customer support, in discussions about product and service improvements.
    • Collaborate to generate ideas and prioritize enhancements.
  6. Quality Management System (QMS) Data:
    • Leverage data from your QMS, including performance metrics and customer complaints, to pinpoint areas that require attention.
    • Use this data to track trends in product or service quality.
  7. Risk and Opportunity Assessment:
    • Conduct risk assessments to identify potential risks and opportunities related to your products and services.
    • Consider how addressing risks can lead to product/service improvements.
  8. Emerging Technologies:
    • Stay informed about emerging technologies and their potential applications to enhance your products and services.
    • Explore how automation, artificial intelligence, and digitalization can improve efficiency and customer experience.
  9. Environmental and Social Considerations:
    • Consider sustainability and environmental impact in product and service development.
    • Address societal and ethical concerns, as these can influence customer preferences.
  10. Regulatory Compliance:
    • Stay updated on industry regulations and standards.
    • Ensure that your products and services meet or exceed compliance requirements.
  11. Customer Segmentation:
    • Segment your customer base to understand the unique needs and expectations of different customer groups.
    • Tailor products and services to meet specific segment requirements.
  12. Innovation Culture:
    • Foster a culture of innovation within your organization where employees are encouraged to propose and test new ideas.
    • Provide resources and support for innovation initiatives.
  13. Feedback Loops:
    • Establish feedback loops that continuously gather and analyze customer feedback.
    • Use this feedback to drive iterative improvements in products and services.
  14. Prototyping and Testing:
    • Develop prototypes and conduct testing to validate product/service enhancements before full-scale implementation.
    • This minimizes risks associated with major changes.
  15. Continuous Improvement: Integrate opportunities for improvement into your organization’s continuous improvement processes, such as Plan-Do-Check-Act (PDCA) cycles.
  16. Resource Allocation: Allocate resources (personnel, budget, technology) to support initiatives aimed at improving products and services.
  17. Customer Co-Creation: Involve customers in the co-creation of new products and services, ensuring that their input shapes the development process.

By systematically considering these factors and approaches, organizations can identify and act on opportunities to improve their products and services to meet current requirements and proactively address future needs and expectations. This not only enhances customer satisfaction but also positions the organization for long-term success and competitiveness.

4) The organization must determine the opportunity for correcting, preventing or reducing undesired effects

Identifying opportunities for correcting, preventing, or reducing undesired effects is a fundamental aspect of a robust Quality Management System (QMS). This process helps an organization address issues, mitigate risks, and continually improve its operations. Here’s how an organization can systematically determine these opportunities:

  1. Risk Assessment:
    • Conduct a comprehensive risk assessment across various aspects of the organization, including processes, products, services, and external factors.
    • Identify potential risks and their potential undesirable effects on quality, safety, compliance, or customer satisfaction.
  2. Root Cause Analysis:
    • Investigate incidents, non-conformities, customer complaints, and other issues to identify the root causes behind them.
    • Understanding root causes helps in developing effective corrective and preventive actions.
  3. Data Analysis:
    • Analyze data and performance metrics to detect trends or patterns that indicate undesirable effects.
    • Pay attention to metrics related to product or service quality, customer complaints, process efficiency, and safety.
  4. Customer Feedback:
    • Review customer feedback and complaints to identify recurring issues or concerns.
    • Use this information to address specific problems and enhance customer satisfaction.
  5. Internal Audits:
    • Conduct regular internal audits of processes and systems to identify non-conformities or areas where improvements are needed.
    • Ensure that audit findings are thoroughly analyzed.
  6. External Factors: Consider external factors such as changes in regulations, market conditions, or technology advancements that may have undesirable effects on your operations or products.
  7. Customer Requirements: Review and ensure alignment with customer requirements and expectations. Failure to meet these requirements can lead to undesirable effects on customer satisfaction and retention.
  8. Industry Best Practices: Benchmark against industry best practices and standards to identify gaps in your organization’s processes and systems.
  9. Resource Allocation:
    • Evaluate resource allocation to determine whether additional resources are needed to correct or prevent issues.
    • Ensure that the organization has the necessary resources to maintain and improve quality.
  10. Proactive Problem Solving:
    • Encourage a culture of proactive problem-solving, where employees are empowered to identify issues and suggest solutions.
    • Implement mechanisms for employees to report issues without fear of retribution.
  11. Continuous Monitoring: Continuously monitor processes and systems using real-time data, sensors, or automated alerts to detect and address issues as they arise.
  12. Testing and Simulation: Use testing and simulation techniques to identify potential failures or weaknesses in products, processes, or systems before they become actual problems.
  13. Change Management: Implement effective change management practices to minimize disruptions and ensure that changes do not result in unexpected undesirable effects.
  14. Training and Competence: Ensure that employees are adequately trained and competent in their roles to prevent errors and undesired effects.
  15. Documentation and Record-Keeping:
    • Maintain detailed documentation and records of issues, corrective actions, and preventive measures taken.
    • Use these records to track the effectiveness of actions and identify recurring problems.
  16. Feedback and Improvement Loop: Establish a feedback loop that ensures that corrective and preventive actions are reviewed, evaluated, and adjusted as necessary to maintain their effectiveness.
  17. Management Review: Include the identification of opportunities for correcting, preventing, or reducing undesired effects as a regular agenda item in management review meetings.
  18. Cross-Functional Collaboration: Encourage cross-functional teams to collaborate in identifying and addressing issues, as different perspectives can lead to more effective solutions.

By systematically considering these factors and approaches, organizations can proactively identify and address issues, prevent the recurrence of problems, and continually improve their processes and systems to reduce undesired effects. This approach contributes to the overall effectiveness and efficiency of the QMS.

5) The organization must determine the opportunity for improving the performance and effectiveness of the quality management system.

Identifying opportunities for improving the performance and effectiveness of the Quality Management System (QMS) is essential for maintaining a dynamic and continually improving quality system. Here are steps an organization can take to systematically determine these opportunities:

  1. Management Review:
    • Initiate and conduct regular management reviews of the QMS, as per ISO 9001 requirements.
    • During these reviews, assess the performance and effectiveness of the QMS, and identify areas for improvement.
  2. Performance Metrics and Key Performance Indicators (KPIs):
    • Establish and monitor relevant KPIs and performance metrics related to the QMS.
    • Analyze performance data to detect trends, anomalies, or areas where performance falls short of objectives.
  3. Customer Feedback: Analyze customer feedback, including complaints and surveys, to identify areas where the QMS can be improved to enhance customer satisfaction.
  4. Internal Audits:
    • Conduct regular internal audits of the QMS processes and procedures.
    • Use audit findings to pinpoint non-conformities and areas requiring corrective and preventive actions.
  5. Risk-Based Thinking:
    • Apply risk-based thinking throughout the organization to identify potential risks to the QMS’s performance.
    • Develop strategies to mitigate or prevent these risks and enhance the QMS’s effectiveness.
  6. Continuous Improvement Culture:
    • Foster a culture of continuous improvement among employees at all levels.
    • Encourage employees to proactively suggest improvements and innovations in their areas of expertise.
  7. Root Cause Analysis:
    • When issues or non-conformities arise, conduct root cause analysis to identify the underlying causes.
    • Address root causes to prevent recurrence and enhance the effectiveness of the QMS.
  8. Benchmarking:
    • Benchmark your organization’s QMS against industry best practices and standards.
    • Identify areas where your QMS can align better with recognized benchmarks.
  9. Technological Advancements:
    • Stay informed about technological advancements and tools that can enhance QMS performance.
    • Implement relevant technologies to streamline processes and improve data analysis.
  10. Resource Allocation:
    • Evaluate the allocation of resources, including personnel, training, and technology, to support the QMS.
    • Ensure that resources are appropriately allocated to areas requiring improvement.
  11. Documentation and Process Optimization:
    • Review and update documentation related to QMS processes and procedures.
    • Streamline and optimize processes to improve efficiency and effectiveness.
  12. Supplier Relationships:
    • Collaborate with suppliers to improve the quality of inputs and services they provide.
    • Ensure that supplier performance aligns with QMS requirements.
  13. Training and Competence:
    • Invest in training and development programs to enhance the competence of employees involved in QMS processes.
    • Competent employees are better equipped to contribute to QMS effectiveness.
  14. Customer Requirements and Expectations:
    • Continuously monitor changes in customer requirements and expectations.
    • Align the QMS with evolving customer needs to maintain and enhance customer satisfaction.
  15. Feedback Loop:
    • Establish a feedback loop to capture insights from employees, customers, and other stakeholders about potential QMS improvements.
    • Act on this feedback to drive enhancements.
  16. Resource Efficiency: Explore opportunities to optimize resource utilization within the QMS while maintaining or improving performance.
  17. Legal and Regulatory Compliance:
    • Ensure that the QMS remains compliant with all applicable laws, regulations, and industry standards.
    • Monitor changes in regulations that may impact QMS performance.
  18. Documented Information:
    • Keep records of improvement initiatives, their outcomes, and lessons learned.
    • Use this documented information to inform future improvement efforts.

By systematically considering these factors and approaches, organizations can identify opportunities for improving the performance and effectiveness of their QMS. Continual improvement is a foundational principle of quality management, and actively seeking these opportunities ensures that the QMS remains adaptable, efficient, and aligned with organizational goals.

6) Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.

Improvement in the context of a Quality Management System (QMS) can take various forms, ranging from corrective actions to breakthrough innovations and re-organizations. Here are examples of each type of improvement:

  1. Correction:
    • Example: Your quality control process identifies a batch of defective products before they are shipped to customers. The correction involves segregating and reworking the defective products to bring them into compliance with quality standards.
  2. Corrective Action:
    • Example: Customer complaints indicate recurring issues with a specific product feature. A corrective action involves investigating the root cause of the problem, implementing changes in the design or manufacturing process, and monitoring to ensure the issue doesn’t reoccur.
  3. Continual Improvement:
    • Example: Through regular data analysis, you notice a gradual decline in customer satisfaction scores for a particular service. As a part of continual improvement, you regularly gather feedback, make incremental adjustments to the service delivery process, and monitor satisfaction scores to ensure consistent improvement over time.
  4. Breakthrough Change:
    • Example: After years of using traditional manufacturing methods, a company decides to invest in automation and robotics to drastically improve efficiency and reduce production costs. This represents a breakthrough change that has a significant impact on the QMS and the organization as a whole.
  5. Innovation:
    • Example: An organization introduces a new product line that incorporates cutting-edge technology not previously used in its industry. This innovation not only meets customer demands but also sets a new industry standard.
  6. Re-Organization:
    • Example: To improve collaboration and communication within the company, a re-organization is undertaken. Departments are restructured, reporting lines are adjusted, and cross-functional teams are formed to better support the QMS and overall organizational goals.
  7. Process Optimization:
    • Example: A company identifies inefficiencies in its order processing system that result in delays and errors. It undertakes a process optimization initiative to streamline workflows, reduce errors, and improve order fulfillment times.
  8. Supplier Relationship Enhancement:
    • Example: To improve the quality of components received from a key supplier, the organization works closely with the supplier to establish a more robust quality assurance process, leading to higher-quality inputs for the QMS.
  9. Environmental Sustainability:
    • Example: Recognizing the growing importance of environmental sustainability, an organization adopts sustainable practices in its production processes, reducing waste and energy consumption while improving its environmental footprint.
  10. Customer-Centric Design:
    • Example: A software company involves customers in the design and development process of its products. This customer-centric approach leads to user-friendly software with features that directly address customer needs and preferences.
  11. Digital Transformation:
    • Example: A traditional manufacturing company undergoes a digital transformation, implementing IoT (Internet of Things) sensors, data analytics, and cloud computing to monitor and optimize production processes, resulting in improved quality and efficiency.
  12. Employee Empowerment:
    • Example: The organization empowers employees by encouraging them to identify and implement improvements in their respective areas. This approach fosters a culture of continuous improvement, where employees take ownership of QMS enhancements.

These examples illustrate the diverse range of improvement possibilities within a QMS. The choice of improvement type depends on the specific needs and goals of the organization, but all forms of improvement contribute to the overall effectiveness and efficiency of the QMS and, ultimately, the organization’s success.

Documented Information required

  1. Monitoring and Measurement Processes: Documented procedures or work instructions that outline how monitoring and measurement activities are conducted, including what to measure, how to measure it, and when to measure it.
  2. Performance Metrics and Indicators: Documentation specifying the performance metrics, key performance indicators (KPIs), and other measurements used to evaluate the performance of processes and the QMS.
  3. Monitoring and Measurement Results: Records of actual monitoring and measurement results for processes and QMS performance. These records should include data collected, when it was collected, and any relevant analysis or calculations.
  4. Calibration and Verification Records: Records of equipment calibration and verification, if applicable. This includes calibration certificates, schedules, and records of equipment maintenance.
  5. Internal Audit Records: Records of internal audits, including audit plans, checklists, audit reports, and corrective action records for any non-conformities identified during audits.
  6. Management Review Records: Documentation related to management review meetings, including agendas, minutes, and records of decisions and actions taken during the reviews.
  7. Data Analysis Records:Records of data analysis, including reports and records of trends, statistical analysis, or any analysis of performance data that forms the basis for decision-making.
  8. Customer Feedback and Complaints: Records of customer feedback, complaints, and their resolution. These records may include customer complaints, investigation reports, and actions taken to address customer concerns.
  9. Supplier Evaluation Records: Records of supplier evaluations, performance assessments, and any actions taken based on supplier performance.
  10. Risk Assessment and Mitigation Records: Documentation of risk assessments, risk registers, and records of actions taken to mitigate identified risks.
  11. Corrective and Preventive Action Records: Records of corrective actions and preventive actions taken in response to non-conformities, issues, or potential issues identified through monitoring and measurement.
  12. Non-Conformity Records: Records of identified non-conformities, including details of the non-conformity, its root cause analysis, and actions taken for correction and prevention.
  13. Validation and Verification Records: Records of validation and verification activities related to product and service conformity. This may include validation plans, test reports, and verification records.
  14. Evidence of Compliance: Records demonstrating compliance with applicable legal and regulatory requirements, industry standards, and customer-specific requirements.
  15. Documented Information Control Records: Records of document control activities, including document review and approval, distribution, and changes to documents within the QMS.
  16. Records of Change Control: Records of changes made to the QMS, including change requests, approvals, and implementation records.
  17. Training Records: Records of employee training and competence, including training plans, records of completed training, and assessments of competence.
  18. Records of Process Performance and Conformity: Records demonstrating process performance, conformity of products and services, and results of inspections and tests.
  19. Records of Monitoring and Measurement Equipment: Records of monitoring and measurement equipment, including maintenance schedules, calibration records, and verification records.
  20. Records of Supplier and External Provider Performance: Records documenting the performance of external providers, including supplier evaluations and audits.

ISO 9001:2015 Clause 9.3 Management review

9.3.1 General

Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.

9.3.2 Management review inputs

The management review shall be planned and carried out taking into consideration:

  1. the status of actions from previous management reviews;
  2. changes in external and internal issues that are relevant to the quality management system;
  3. information on the performance and effectiveness of the quality management system, including trends in:
    • customer satisfaction and feedback from relevant interested parties;
    • the extent to which quality objectives have been met;
    • process performance and conformity of products and services;
    • nonconformities and corrective actions;
    • monitoring and measurement results;
    • audit results;
    • the performance of external providers;
  4. the adequacy of resources;
  5. the effectiveness of actions taken to address risks and opportunities ;
  6. opportunities for improvement.

9.3.3 Management review outputs

The outputs of the management review shall include decisions and actions related to:
a) opportunities for improvement;
b) any need for changes to the quality management system;
c) resource needs.
The organization shall retain documented information as evidence of the results of management reviews.

1)Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.

Management review is a regular evaluation exercise where the performance of the quality management system is reviewed to check if the systems are producing the desired results. This process requires the top management to periodically review various elements of the Quality Management System and ensure its suitability, adequacy and effectiveness. That means the top Management shall review that the Quality Management System to check if it still fits its purpose (suitable), is still sufficient (adequate) and is still able to achieve its intended purpose (effective).While assessing the suitability and adequacy of the Quality Management System this clause requires management additionally consider any changes to the context of the organization and also alignment between the QMS and the strategic direction of the organization. The intent is not only to review the performance of the Quality Management System but to also evaluate the need for any changes in the quality policy, objectives and other elements of the Quality Management System. Management review is an additional performance evaluation check apart from internal audits and monitoring and analysis which helps in ensuring the effectiveness of the quality management system. Management oversight is important for any management system or a continuous improvement initiative to succeed. It is, therefore, crucial that management remains committed to holding these meetings on a regular basis to keep themselves abreast with the performance of the management system. Management reviewing the management system at regular intervals helps in understanding changes in the context which is important to ensure that the Quality Management System always remains in sync with changing business scenarios. A key output of the management review meetings is the identification of process improvements which in turn helps in improving quality and customer satisfaction which are key to the success of any company and business growth. Management review should be conducted at planned intervals; this could be daily, weekly, monthly, quarterly, semi-annually or annually. The frequency should be decided by the Management based on the size and nature of the organization. It is a common misconception among companies implementing ISO 9001 requirements that management review is a separate exercise that should be done by the top management at a fixed frequency. While this approach is fine but there can be various ways of making the management review more effective, less time consuming and fused with existing processes in place. The goal should be to meet all the requirements of ISO 9001. Top management can look at different aspects of the management system and decide which of the elements can be discussed or is already being discussed in existing ongoing meetings. For example, if top management has a meeting already in place where they review the customer satisfaction survey results; this is one element of the management system that should be reviewed. So, Instead of having this agenda again in the management review, the management team shall continue the existing practice and ensure that the records of the meeting are being maintained. In a larger organization, where multiple layers of management are there, a more suitable approach would be to have management meetings at different levels to capture data which then can serve as an input to the strategic planning meetings of the Executive Team. To conclude, an organization may conduct management reviews as a standalone activity or in a combination of related activities (e.g. meetings, reports, etc.) and the frequency at which it needs to be conducted should be based on the business environment, size of the organization and complexity of the work being done.

The organization should conduct its Management Review of its Quality Management System (QMS) in a structured and systematic manner to ensure that it effectively evaluates the QMS’s suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization. Here are the key steps and considerations for conducting a Management Review:

  1. Preparation and Planning:
    • Schedule the Review: Determine the frequency of the management review meetings as per your organization’s needs and requirements (e.g., annually, biannually, quarterly).
    • Identify Participants: Invite relevant stakeholders, including top management, quality managers, process owners, and other key personnel.
    • Gather Data: Collect relevant data and information to be reviewed during the meeting. This may include performance metrics, customer feedback, audit results, non-conformances, corrective and preventive actions, and changes in the external and internal context of the organization.
  2. Conduct the Review Meeting:
    • Opening and Agenda: Start the meeting with an agenda that outlines the topics to be discussed. Ensure that the objectives of the review are clear to all participants.
    • Review Objectives: Discuss the purpose of the management review, which is to assess the QMS’s suitability, adequacy, effectiveness, and alignment with the organization’s strategic goals.
    • Review Data: Present and discuss the collected data and information, focusing on key performance indicators, trends, and any issues or opportunities for improvement.
    • Evaluate Adequacy and Suitability: Assess whether the QMS is still appropriate and sufficient for the organization’s needs and objectives.
    • Evaluate Effectiveness: Determine if the QMS is achieving its intended outcomes, such as product or service quality, customer satisfaction, and compliance with standards.
    • Strategic Alignment: Ensure that the QMS supports the strategic direction of the organization and discuss any necessary adjustments.
    • Risk Assessment: Consider any emerging risks or opportunities that may impact the QMS.
    • Resource Allocation: Discuss resource requirements, including personnel, training, technology, and infrastructure, to support the QMS effectively.
  3. Decision-Making:
    • Action Items: Identify and assign action items to address any issues or opportunities for improvement identified during the review.
    • Prioritization: Determine the priority of actions based on their significance and impact on the QMS and the organization.
    • Resourcing: Allocate necessary resources to implement the action items effectively.
  4. Follow-Up:
    • Track Progress: Monitor the progress of action items and ensure they are completed within the specified timelines.
    • Documentation: Maintain records of the management review meeting, including minutes, decisions made, and action plans.
  5. Communication and Reporting:
    • Report Outcomes: Communicate the results of the management review to relevant stakeholders within the organization. This may include sharing the insights gained and actions taken.
  6. Continuous Improvement:
    • Use the outcomes of the management review to drive continuous improvement in the QMS and the organization’s quality performance.

Remember that the management review process should be documented, and the records should be retained for future reference and as evidence of compliance with quality management standards if required. Additionally, it’s essential to create a culture of continuous improvement within the organization to ensure that the QMS remains dynamic and responsive to changing needs and circumstances. A well-structured management review of a Quality Management System (QMS) is a critical tool to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization. Here’s how the management review process achieves these objectives:

  1. Continuing Suitability and Adequacy:
    • Assessment of Business Context: During the management review, top management evaluates the external and internal factors affecting the organization. This assessment helps determine if the QMS remains suitable and adequate to address the evolving needs and circumstances of the organization.
    • Review of Objectives and Goals: The management review assesses whether the QMS aligns with the organization’s current objectives and goals. If business goals have changed, the QMS may need adjustments to stay aligned.
    • Identification of Risks and Opportunities: By discussing risks and opportunities in the management review, the organization can ensure that the QMS is equipped to address emerging challenges and capitalize on opportunities effectively.
  2. Effectiveness:
    • Performance Metrics: The management review evaluates key performance indicators (KPIs) and other metrics to assess the effectiveness of the QMS in meeting quality-related objectives. This analysis helps identify areas where the QMS may be falling short or excelling.
    • Customer Feedback: Customer satisfaction and feedback are crucial indicators of QMS effectiveness. Reviewing customer complaints, surveys, and feedback can reveal areas for improvement.
    • Audit and Compliance Results: The outcomes of internal and external audits, as well as compliance assessments, are reviewed to ensure that the QMS is meeting established standards and regulatory requirements.
    • Non-Conformance and Corrective Actions: The review process examines instances of non-conformance and the effectiveness of corrective and preventive actions taken. This helps determine if the QMS is addressing issues adequately.
  3. Alignment with Strategic Direction:
    • Strategic Goals and Objectives: The management review ensures that the QMS is aligned with the organization’s strategic goals and objectives. If there are any deviations or conflicts, adjustments can be made to realign the QMS.
    • Resource Allocation: The review process discusses resource requirements to support the QMS and the organization’s strategic direction. This includes personnel, training, technology, and infrastructure.
    • Change Management: If the organization’s strategic direction is shifting, the management review can help plan and implement necessary changes in the QMS to accommodate new strategies and priorities.
  4. Action Planning and Implementation:
    • Based on the findings of the management review, action items and improvement plans are developed. These action items may include process changes, resource allocation, training, and policy updates to enhance the QMS.
    • Assign responsibilities and timelines for implementing these actions, ensuring that they address any identified gaps or opportunities for improvement.
  5. Monitoring and Follow-Up:
    • After the management review, ongoing monitoring and follow-up are essential to ensure that the agreed-upon actions are carried out effectively.
    • Regularly track progress on action items and adjust plans as needed to address any unexpected challenges or changes in the business environment.
  6. Continuous Improvement:
    • The management review process should feed into the organization’s culture of continuous improvement. It should encourage a proactive approach to identifying and addressing issues, even before they become critical.

By following these steps and maintaining a disciplined and well-documented management review process, an organization can ensure that its QMS remains aligned with its strategic direction and continues to be suitable, adequate, and effective in achieving its quality objectives.

2) The management review shall be planned and carried out taking into consideration the status of actions from previous management reviews

Certainly, considering the status of actions from previous management reviews is a crucial aspect of ensuring the effectiveness and continuity of the Quality Management System (QMS) and the management review process. Here’s how this practice contributes to the overall improvement of the QMS:

  1. Continuous Improvement: Reviewing the status of actions from previous management reviews allows management to track progress on identified issues and improvement initiatives. This helps ensure that the organization is actively working towards resolving problems and enhancing its processes.
  2. Accountability: It holds individuals and teams accountable for implementing the agreed-upon actions and improvements. When actions are assigned and tracked from one management review to the next, it encourages responsible parties to fulfill their commitments.
  3. Prevents Recurrence: By examining the status of previous actions, management can determine whether corrective and preventive actions taken in response to previous issues have been effective in preventing their recurrence. If issues persist, additional measures can be devised.
  4. Resource Allocation: Assessing the status of actions provides insights into resource allocation. If certain actions have been consistently delayed or remain incomplete, it may indicate resource shortages or other obstacles that need to be addressed.
  5. Data-Driven Decision-Making: Management reviews should be data-driven. By reviewing the outcomes and progress of previous actions, decisions in the current management review can be based on tangible evidence and real-world results.
  6. Demonstrating Commitment to Improvement: Demonstrating that the organization is actively tracking and addressing issues from one management review to the next shows a commitment to quality and continuous improvement, which can positively impact employee morale and stakeholder confidence.

To effectively incorporate the status of previous actions into the management review process:

  • Maintain a centralized record or database that tracks all action items, their due dates, responsible parties, and current statuses.
  • During the management review meeting, review the status of each outstanding action item from previous reviews. Discuss the reasons for delays or completion, if applicable.
  • Use this information to inform decision-making in the current review. Prioritize actions that are overdue or critical to the QMS’s effectiveness.
  • Encourage open and honest discussions about challenges and obstacles that have hindered the completion of actions and seek solutions to overcome them.
  • Ensure that action items are closed out or formally documented as ongoing if they require further attention.

By continuously monitoring and addressing the status of actions from previous management reviews, organizations can maintain a proactive approach to quality management and drive meaningful improvements in their processes and systems.

3) The management review shall be carried out taking into consideration of changes in external and internal issues

Considering changes in external and internal issues during the management review is a crucial aspect of ensuring that the Quality Management System (QMS) remains effective, relevant, and aligned with the organization’s goals and context. Here’s how taking these changes into account can enhance the management review process:

  1. Adaptation to External Factors:
    • Market Trends: Changes in market trends, customer preferences, and competitive landscapes can impact the organization’s ability to meet customer needs. Reviewing these changes allows the organization to adjust its QMS to stay competitive and responsive.
    • Regulatory Changes: Shifts in regulations and compliance requirements can affect how the organization operates. Monitoring and addressing these changes within the QMS ensure ongoing adherence to legal and regulatory obligations.
    • Technological Advances: Advances in technology may create new opportunities for process improvement or require adjustments in how products or services are delivered. Integrating relevant technological changes into the QMS can lead to efficiency gains.
    • Economic Conditions: Economic fluctuations, such as recessions or growth periods, can influence resource availability and budget considerations. The QMS should be adaptable to these changes.
  2. Internal Factors:
    • Organizational Structure: Changes in the organization’s structure, such as mergers, acquisitions, or reorganizations, can impact processes, responsibilities, and workflows. The QMS should reflect these changes to ensure clarity and efficiency.
    • Resource Allocation: Alterations in resource availability, such as personnel, budget, or technology, can affect the QMS’s ability to meet quality objectives. Adjustments may be needed to optimize resource allocation.
    • Customer Feedback: Changes in customer feedback and expectations are vital inputs for QMS improvement. Addressing evolving customer needs can enhance customer satisfaction and loyalty.
    • Process Performance: Continuous monitoring of internal processes and their performance metrics helps identify areas for improvement and optimization within the QMS.

Incorporating changes in external and internal issues into the management review process involves the following steps:

  1. Data Gathering: Collect relevant data and information about external and internal changes since the last management review. This may include market research, regulatory updates, customer feedback, internal performance data, and more.
  2. Analysis: Analyze the collected data to identify the potential impacts of these changes on the QMS and the organization’s strategic goals.
  3. Discussion: During the management review meeting, engage in discussions regarding how these changes affect the organization and its quality management processes.
  4. Decision-Making: Make informed decisions based on the analysis and discussions. Determine whether adjustments to the QMS are necessary to address these changes effectively.
  5. Action Planning: If changes require modifications to the QMS, develop action plans with clear responsibilities and timelines for implementation.
  6. Follow-Up: Monitor the progress of action items related to addressing changes in external and internal issues and ensure they are completed as planned.

By systematically considering changes in external and internal issues, organizations can maintain a QMS that is adaptive, resilient, and better positioned to meet evolving customer needs, regulatory requirements, and strategic objectives. This approach supports the ongoing improvement of the QMS and the organization’s overall performance.

3) The management review shall be carried out taking into consideration of information on the performance and effectiveness of the quality management system, including trends in

a) Customer Satisfaction and Feedback from Relevant Interested Parties:

  • Customer satisfaction and feedback are key indicators of the QMS’s effectiveness in meeting customer needs.
  • Monitoring customer satisfaction trends helps identify areas for improvement in products, services, or processes.
  • Feedback from relevant interested parties, including suppliers, partners, and regulators, provides insights into broader stakeholder satisfaction and expectations.

b) Extent to Which Quality Objectives Have Been Met:

  • Quality objectives are specific, measurable goals set by the organization to achieve desired quality outcomes.
  • Reviewing the achievement of these objectives assesses the overall performance of the QMS and its alignment with organizational goals.
  • Deviations from objectives may indicate areas needing improvement.

c) Process Performance and Conformity of Products and Services:

  • Analyzing process performance metrics helps identify areas where processes may be falling short of expectations or where improvements are needed.
  • Assessing the conformity of products and services against established quality standards ensures that quality requirements are consistently met.

d) Nonconformities and Corrective Actions:

  • Examining nonconformities (instances where products, services, or processes did not meet established requirements) and corrective actions taken to address them helps gauge the QMS’s ability to identify and rectify issues.
  • It promotes a culture of continuous improvement by learning from past mistakes.

e) Monitoring and Measurement Results:

  • Monitoring and measurement results include data related to various aspects of the QMS, such as product quality, process efficiency, and compliance.
  • Reviewing these results provides insights into the overall health of the QMS and highlights areas where adjustments may be necessary.

f) Audit Results:

  • Audit results from internal and external audits assess the organization’s compliance with standards, regulations, and its own procedures.
  • Audit findings help identify areas of non-compliance and areas that require corrective or preventive action.

g) Performance of External Providers:

  • The performance of external providers, such as suppliers and service providers, can directly impact the organization’s product or service quality.
  • Evaluating the performance of these providers ensures that they meet the organization’s quality and reliability standards.

To effectively incorporate these factors into the management review process:

  1. Data Collection: Gather relevant data and information for each of these factors. This may include customer feedback, performance metrics, audit reports, and records of nonconformities and corrective actions.
  2. Analysis: Analyze the data to identify trends, patterns, and areas requiring attention or improvement.
  3. Discussion: During the management review meeting, engage in discussions regarding the findings and their implications for the QMS and the organization.
  4. Decision-Making: Based on the analysis and discussions, make informed decisions regarding adjustments or improvements to the QMS, processes, or resources.
  5. Action Planning: Develop action plans, as necessary, to address identified areas for improvement and assign responsibilities and timelines.
  6. Follow-Up: Monitor the progress of action items and ensure they are completed in a timely manner.

5) The management review shall be carried out taking into consideration the adequacy of resources;

Considering the adequacy of resources during the management review is crucial to ensure that the Quality Management System (QMS) has the necessary resources to effectively meet its objectives and support the organization’s quality goals. Adequate resources encompass various elements, including personnel, infrastructure, technology, and financial resources. Here’s how addressing the adequacy of resources in the management review can benefit the QMS:

  1. Personnel: Assessing the sufficiency and competence of personnel involved in QMS-related roles and responsibilities is vital. This includes evaluating whether staff members have the necessary skills, training, and qualifications to perform their roles effectively.
  2. Infrastructure: Adequate infrastructure, facilities, and equipment are essential to support the QMS. This might involve reviewing whether facilities and equipment are in good condition, maintained, and capable of meeting quality requirements.
  3. Technology: Technology plays a significant role in modern QMS. Evaluating the adequacy of technology resources, including software, hardware, and data management tools, ensures that the QMS is efficient and up-to-date.
  4. Financial Resources: Adequate financial resources are required to support various QMS activities, such as training, process improvements, audits, and compliance efforts. A review of financial allocations helps ensure that these activities are adequately funded.
  5. Training and Development: Assessing the organization’s training and development programs helps determine if employees receive the necessary training to perform their roles effectively and stay updated on quality standards and procedures.
  6. Documentation and Records: Adequate resources should be allocated to maintain accurate documentation and records as required by the QMS and relevant standards. This ensures transparency and traceability of processes.
  7. Quality Assurance and Control: Adequate resources should be available to support quality assurance and control activities, including inspections, testing, and monitoring, to ensure that products or services meet quality requirements.

Incorporating the adequacy of resources into the management review process involves the following steps:

  1. Resource Assessment: Gather data on the current state of resources, including staffing levels, qualifications, infrastructure, technology, and budget allocations.
  2. Resource Utilization: Evaluate how resources are being utilized within the organization and whether they align with the QMS’s objectives and priorities.
  3. Identify Resource Gaps: Identify any resource shortages, deficiencies, or areas where resources may not be effectively allocated to support the QMS.
  4. Discussion and Decision-Making: During the management review meeting, engage in discussions about the adequacy of resources and their impact on the QMS’s performance.
  5. Action Planning: If resource gaps or deficiencies are identified, develop action plans to address them. Determine whether additional resources are required or if existing resources need to be reallocated.
  6. Follow-Up: Monitor the progress of resource-related action items and ensure they are completed as planned.
  7. Budget Considerations: If financial resources are a concern, discuss budget considerations and allocation adjustments to better support the QMS and quality-related initiatives.

By considering the adequacy of resources during the management review, organizations can ensure that their QMS operates effectively, efficiently, and in alignment with quality objectives. This proactive approach helps prevent resource-related obstacles from hindering the QMS’s ability to consistently deliver high-quality products or services.

6) The management review shall be carried out taking into consideration the effectiveness of actions taken to address risks and opportunities

Considering the effectiveness of actions taken to address risks and opportunities during the management review is a critical aspect of maintaining a robust and responsive Quality Management System (QMS). Here’s how this practice contributes to the overall improvement of the QMS:

  1. Risk Management:
    • Identification: Review the effectiveness of risk identification processes within the organization. Determine whether identified risks are comprehensive and accurate.
    • Assessment: Assess whether the organization has appropriately evaluated the significance and potential impact of identified risks on quality objectives and overall performance.
    • Mitigation: Evaluate the actions taken to mitigate or manage identified risks. Assess whether these actions have been effective in reducing risk exposure and preventing negative consequences.
  2. Opportunity Management:
    • Identification: Review how opportunities for improvement are identified within the organization, including opportunities related to enhanced quality, efficiency, and innovation.
    • Assessment: Assess whether the organization has effectively evaluated the potential benefits and advantages associated with identified opportunities.
    • Leveraging Opportunities: Examine the actions taken to capitalize on identified opportunities. Evaluate whether these actions have been successful in realizing benefits and enhancing the QMS.
  3. Continuous Improvement:
    • Learning from Actions: Evaluate whether the organization has a culture of learning from actions taken to address risks and opportunities. Determine if lessons learned are being applied to future risk and opportunity management efforts.
    • Feedback Loop: Ensure that feedback from risk and opportunity management is integrated into the QMS’s continuous improvement processes.
  4. Documentation and Reporting:
    • Documentation: Review the documentation of risk assessments, risk treatment plans, opportunity assessments, and actions taken. Ensure that these records are complete and well-maintained.
    • Reporting: Assess how risk and opportunity management results are communicated within the organization. Determine if relevant stakeholders are informed about risks, opportunities, and the actions taken to address them.
  5. Resource Allocation:
    • Resources for Risk Mitigation: Evaluate whether the organization has allocated appropriate resources (personnel, technology, budget, etc.) to effectively address identified risks.
    • Resources for Opportunity Realization: Assess whether resources have been allocated to seize and leverage identified opportunities.

Incorporating the effectiveness of actions taken to address risks and opportunities into the management review process involves:

  1. Data Collection: Gather data on the results of risk and opportunity assessments, actions taken, and their outcomes.
  2. Analysis: Analyze the data to determine whether the actions were successful in managing risks and exploiting opportunities. Assess whether further actions are needed.
  3. Discussion: During the management review meeting, engage in discussions about the effectiveness of risk and opportunity management within the QMS.
  4. Decision-Making: Make informed decisions based on the analysis and discussions. Determine whether adjustments or improvements are necessary in risk and opportunity management processes.
  5. Action Planning: If the review reveals areas where actions are needed to enhance the effectiveness of risk and opportunity management, develop action plans with clear responsibilities and timelines.
  6. Follow-Up: Monitor the progress of action items related to improving risk and opportunity management practices and ensure they are completed as planned.

By focusing on the effectiveness of actions taken to address risks and opportunities, organizations can better position themselves to proactively manage challenges, exploit opportunities for improvement, and enhance the overall performance of the QMS. This approach promotes resilience and continual improvement within the organization.

7) The management review shall be carried out taking into consideration the opportunities for improvement

Considering opportunities for improvement during the management review is a fundamental aspect of maintaining a dynamic and continually improving Quality Management System (QMS). Here’s how this practice contributes to the overall enhancement of the QMS:

  1. Identification of Improvement Opportunities:
    • Process Efficiency: Review processes within the organization to identify areas where efficiency can be improved. This may involve streamlining workflows, reducing waste, or optimizing resource utilization.
    • Cost Reduction: Identify opportunities to reduce costs without compromising quality. This may involve sourcing materials more efficiently, improving supplier relationships, or implementing cost-effective technologies.
    • Enhanced Quality: Look for ways to enhance the quality of products or services, which can lead to improved customer satisfaction and market competitiveness.
    • Innovation: Encourage a culture of innovation to identify and implement new ideas, technologies, or approaches that can provide a competitive advantage or improve quality.
  2. Customer Focus:
    • Customer Feedback: Review customer feedback and complaints to identify trends or recurring issues. Use this information to drive improvements in products, services, and customer satisfaction.
    • Customer Expectations: Stay attuned to changing customer expectations and preferences. Identify opportunities to better align products and services with customer needs.
  3. Regulatory and Compliance:
    • Changes in Regulations: Monitor changes in regulatory requirements and standards. Identify opportunities to ensure compliance while also streamlining processes.
    • Risk Mitigation: Identify potential risks and compliance issues within the QMS and develop strategies to mitigate them.
  4. Performance Metrics:
    • Key Performance Indicators (KPIs): Continually assess KPIs to identify areas where performance falls short of targets or where improvement is possible.
    • Benchmarking: Compare your organization’s performance to industry benchmarks and best practices to identify gaps and opportunities for improvement.
  5. Resource Optimization:
    • Resource Allocation: Review resource allocation, including human resources, budget, and technology. Identify opportunities to optimize resource allocation for improved QMS performance.
  6. Documentation and Record-Keeping:
    • Documentation Review: Evaluate the quality and completeness of documentation and records within the QMS. Ensure that accurate records are maintained to support decision-making and compliance.

Incorporating opportunities for improvement into the management review process involves the following steps:

  1. Data Collection: Gather data on identified improvement opportunities from various sources, including performance metrics, customer feedback, process evaluations, and compliance assessments.
  2. Analysis: Analyze the data to determine the feasibility, potential impact, and priority of each improvement opportunity.
  3. Discussion: During the management review meeting, engage in discussions about the identified opportunities for improvement within the QMS.
  4. Decision-Making: Make informed decisions based on the analysis and discussions. Determine which improvement opportunities to prioritize and pursue.
  5. Action Planning: Develop action plans with clear responsibilities and timelines for implementing the chosen improvement opportunities.
  6. Follow-Up: Monitor the progress of action items related to improvement opportunities and ensure they are completed as planned.

9) The outputs of the management review shall include decisions and actions related to opportunities for improvement; any need for changes to the quality management system; resource needs.

The outputs of the management review are critical for driving improvements and ensuring the effectiveness of the Quality Management System (QMS). These outputs typically include decisions and actions related to:

a) Opportunities for Improvement: During the management review, the organization identifies various opportunities for improvement across different aspects of the QMS, such as processes, products, services, and customer satisfaction. The decisions and actions related to these opportunities may include:

  • Prioritizing improvement initiatives based on their potential impact on quality, customer satisfaction, and strategic objectives.
  • Assigning responsibilities for implementing improvement projects or initiatives.
  • Defining clear objectives and performance targets for improvement efforts.
  • Allocating resources, including personnel, budget, and technology, to support improvement initiatives.
  • Establishing timelines and milestones for the implementation of improvement actions.
  • Monitoring and measuring progress toward achieving the identified improvements.
  • Reviewing and adjusting improvement strategies as necessary based on results and feedback.

b) Changes to the Quality Management System (QMS): The management review often reveals the need for changes to the QMS to enhance its effectiveness, alignment with strategic goals, and responsiveness to evolving circumstances. Decisions and actions related to changes in the QMS may include:

  • Identifying specific areas or processes within the QMS that require modification, enhancement, or streamlining.
  • Updating documented procedures, policies, or work instructions to reflect changes in processes or requirements.
  • Revising quality objectives and performance metrics to align with current organizational goals and customer expectations.
  • Ensuring that changes are communicated effectively throughout the organization.
  • Assigning responsibilities for implementing QMS changes and monitoring progress.
  • Conducting impact assessments to understand the implications of proposed changes on various aspects of the organization.

c) Resource Needs: Adequate resources are essential for the effective operation of the QMS. Decisions and actions related to resource needs may include:

  • Identifying specific resource requirements to support the QMS, such as additional personnel, training, technology, or budget allocations.
  • Allocating resources strategically to address gaps or deficiencies identified during the management review.
  • Prioritizing resource allocation based on the significance of QMS-related activities and their impact on quality and organizational objectives.
  • Establishing mechanisms for monitoring and managing resource utilization to ensure efficiency and effectiveness.
  • Integrating resource needs into the organization’s strategic planning and budgeting processes.

Overall, the outputs of the management review, including decisions and actions related to improvement opportunities, changes to the QMS, and resource needs, play a vital role in driving continual improvement, maintaining compliance with quality standards, and aligning the QMS with the organization’s strategic direction. These outputs provide a roadmap for enhancing quality, efficiency, and customer satisfaction while ensuring that the QMS remains agile and adaptable to changing circumstances.

10) The organization shall retain documented information as evidence of the results of management reviews.

Here are the key documents and records required for the management review process

  1. Management Review Agenda: Document that outlines the topics and objectives to be addressed during the management review meeting. This helps ensure that the review covers all relevant areas of the QMS.
  2. Management Review Minutes: Detailed records of what was discussed during the management review meeting, including decisions made, actions assigned, and any key points raised. Minutes provide evidence of the review process and its outcomes.
  3. Quality Policy and Objectives: The organization’s quality policy document and documented quality objectives. These provide context for the review and help assess alignment with the strategic direction of the organization.
  4. Performance Data and Metrics: Data related to the performance of the QMS, including key performance indicators (KPIs) and other relevant metrics. This data may include trends, results of performance evaluations, and any areas of concern or improvement.
  5. Customer Feedback and Complaints: Records of customer feedback, complaints, and their resolution. These documents help assess customer satisfaction and identify areas for improvement.
  6. Audit Results: Reports from internal and external audits, including findings, non-conformities, and corrective actions. Audit results provide insights into the QMS’s compliance and effectiveness.
  7. Non-Conformities and Corrective Actions: Records of identified non-conformities, their root causes, and the actions taken to address them. This includes documented information on corrective and preventive actions.
  8. Risk and Opportunity Assessments: Documentation related to risk and opportunity assessments, which may include risk registers, assessments of their significance, and action plans to address identified risks and opportunities.
  9. Changes to the QMS: Records of any changes made to the QMS, including updates to policies, procedures, processes, and quality objectives. This documentation helps track changes and their impact on the QMS.
  10. Resource Allocation and Needs: Information on resource allocation, including personnel, technology, training, and budget allocations, to support the QMS. This ensures that resource needs are addressed during the review.
  11. Action Plans: Documentation of action plans developed as a result of the management review, including details of what actions are needed, who is responsible, and timelines for completion.
  12. Follow-Up Records: Records that show the progress of action items identified in previous management reviews, demonstrating that they have been addressed or are in progress.
  13. Historical Records: Previous management review records, which help provide context and historical perspective during the current review. These records may include past agendas, minutes, and action items.
  14. Other Relevant Documents: Any other documents or records that are pertinent to the specific needs of the organization and the management review process.

It’s essential for organizations to maintain these documents and records in an organized and accessible manner to demonstrate their commitment to the management review process and compliance with ISO 9001:2015 requirements. These records provide evidence of the organization’s ongoing efforts to evaluate, improve, and maintain the effectiveness of its QMS.

ISO 9001:2015 Clause 5.3 Organizational roles, responsibilities and authorities

ISO 9001:2015 Requirements

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization. Top management shall assign the responsibility and authority for:

  1. ensuring that the quality management system conforms to the requirements of ISO 9001:2015
  2. ensuring that the processes are delivering their intended outputs;
  3. reporting on the performance of the quality management system and on opportunities for improvement, in particular to top management;
  4. ensuring the promotion of customer focus throughout the organization;
  5. ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

1) Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.

This clause emphasizes the importance of clearly defining and communicating the responsibilities and authorities associated with various roles within an organization’s structure. Each employee needs to know who is responsible for the various elements of the management system to ensure a successful implementation. Develop an organization chart and create job descriptions to satisfy the requirements in order to clearly define roles, responsibilities and authorities and communicate those responsibilities and authorities throughout your organization.You should develop and make available to all employees a list of key personnel and their job descriptions, responsibilities, along with an organization chart of key employees as they relate to your management system. This should effectively define, document, and communicate the organizational structure of the management system. Please note that this method is a suggestion, and other ways of meeting the requirement for organizational structure may be used.

Let’s break down the key points:

  1. Responsibilities: Every role within an organization has specific tasks and duties that contribute to the overall functioning and achievement of goals. These responsibilities need to be well-defined and understood by the individuals holding those roles.
  2. Authorities: Alongside responsibilities, individuals need to have the necessary authority to make decisions and take actions related to their roles. Authority grants them the power to carry out their responsibilities effectively.
  3. Assignment: It’s essential to assign specific responsibilities and authorities to individuals based on their skills, expertise, and the needs of the organization. This alignment ensures that the right people are in the right roles.
  4. Communication: Once roles, responsibilities, and authorities are determined, clear communication is key. The organization’s leadership must effectively communicate these aspects to the individuals involved. This could be through job descriptions, official documents, meetings, or other channels.
  5. Understanding: It’s not enough to communicate the information; it’s equally important that individuals understand what’s expected of them. This understanding ensures that they can fulfill their roles and exercise their authorities in a way that aligns with the organization’s goals.

When top management takes these steps seriously and ensures that roles, responsibilities, and authorities are well-defined, communicated, and understood, it helps to create a more efficient, organized, and accountable workforce. It minimizes confusion, prevents duplication of efforts, and enhances overall productivity. This principle is fundamental in building a well-functioning and effective organization.

2) Ensuring that the quality management system conforms to the requirements of ISO 9001:2015

Assigning responsibility and authority for ensuring that the quality management system (QMS) conforms to the requirements of ISO 9001:2015 involves a structured approach to ensure that the QMS is effectively managed and maintained. Here’s a step-by-step guide on how top management can achieve this:

  1. Identify Key Roles: Determine the key roles and positions within the organization that will be directly responsible for the QMS. These roles may include a Quality Manager, Quality Assurance Officer, Process Owners, and other relevant personnel.
  2. Define Responsibilities: Clearly define the specific responsibilities of each identified role in relation to the QMS. Responsibilities should include activities such as monitoring processes, conducting internal audits, reviewing performance data, and ensuring compliance with ISO 9001:2015 requirements.
  3. Allocate Authority: Assign the necessary authority to each role to ensure they have the power to make decisions and take actions related to the QMS. This could involve decision-making authority, resource allocation, and the ability to initiate corrective and preventive actions.
  4. Document Roles and Responsibilities: Document the defined roles, responsibilities, and associated authorities in a formal document. This could be part of the organization’s quality manual, policies, or a separate roles and responsibilities matrix.
  5. Communication: Communicate the assigned roles, responsibilities, and authorities throughout the organization. Ensure that everyone involved is aware of who is responsible for what and how decisions will be made.
  6. Training and Support: Provide training and support to individuals in the designated roles. This ensures they have the necessary knowledge and skills to carry out their responsibilities effectively and in accordance with ISO 9001:2015.
  7. Monitoring and Reporting: Establish a mechanism for ongoing monitoring and reporting of QMS performance. This could involve regular meetings, performance reviews, and the use of key performance indicators (KPIs) to assess the effectiveness of the QMS.
  8. Empower Continuous Improvement: Encourage a culture of continuous improvement within the organization. Empower those responsible for the QMS to identify areas for improvement, initiate corrective actions, and implement changes that enhance the QMS’s effectiveness.
  9. Review and Adapt: Periodically review the roles, responsibilities, and authorities to ensure they remain aligned with the organization’s needs and changes in the business environment. Adjustments may be necessary as the organization evolves.
  10. Lead by Example: Top management should demonstrate their commitment to the QMS by actively participating in its oversight, reviewing performance data, and taking action on improvement opportunities.

By following these steps, top management can effectively assign responsibility and authority for the QMS and ensure that it remains in conformity with the requirements of ISO 9001:2015. This approach promotes accountability, transparency, and a systematic approach to quality management throughout the organization.

3) Ensuring that the processes are delivering their intended outputs

Assigning responsibility and authority for ensuring that processes are delivering their intended outputs involves a structured approach to monitoring and managing processes within an organization. Here’s a step-by-step guide on how top management can achieve this:

  1. Process Identification: Identify the key processes within the organization that contribute to the delivery of products, services, or other outcomes. These processes could include production processes, customer service, sales, quality control, etc.
  2. Define Process Owners: Assign specific individuals or teams as process owners for each identified process. Process owners are responsible for overseeing the process from end to end, ensuring its efficiency, effectiveness, and alignment with organizational goals.
  3. Clarify Responsibilities: Clearly define the responsibilities of each process owner. This includes responsibilities related to process design, implementation, monitoring, improvement, and ensuring the intended outputs are achieved.
  4. Allocate Authority: Provide process owners with the necessary authority to make decisions related to the process. This could involve decision-making power, resource allocation, and the ability to implement changes to improve the process.
  5. Document Roles and Responsibilities: Document the roles, responsibilities, and authorities of process owners in a formal document. This could be part of the organization’s process documentation or a separate process ownership matrix.
  6. Establish Performance Metrics: Define key performance indicators (KPIs) that measure the effectiveness and efficiency of each process. These metrics should be aligned with the intended outputs and overall organizational goals.
  7. Monitoring and Reporting: Implement a system for continuous monitoring of process performance. Process owners should regularly review the KPIs, analyze data, and report on the process’s performance to top management.
  8. Review Meetings: Conduct regular review meetings where process owners present the performance data, discuss challenges, and propose improvements. Top management can provide guidance and support based on the reported data.
  9. Empower Continuous Improvement: Encourage process owners to identify opportunities for improvement within their respective processes. Provide them with the authority to implement changes and innovations that enhance process outcomes.
  10. Collaboration and Communication: Foster collaboration between process owners and other relevant departments. Effective communication ensures that cross-functional processes are well-coordinated and aligned.
  11. Training and Support: Provide process owners with training and resources to enhance their process management skills. This empowers them to effectively oversee and optimize their processes.
  12. Top Management Engagement: Top management should actively participate in process review meetings and support process owners in their roles. Their involvement demonstrates commitment to process improvement.
  13. Recognition and Accountability: Recognize and reward process owners for their contributions to process improvement and achieving intended outputs. Hold them accountable for their performance.
  14. Review and Adapt: Regularly review and adapt the process ownership structure and responsibilities as the organization evolves and new processes emerge.

By following these steps, top management can effectively assign responsibility and authority for ensuring that processes are delivering their intended outputs. This approach promotes a culture of accountability, process improvement, and alignment with organizational goals.

4) Reporting on the performance of the quality management system and on opportunities for improvement, in particular to top management;

Assigning the responsibility and authority for reporting on the performance of the quality management system and opportunities for improvement to top management is a crucial aspect of maintaining effective quality control and continuous improvement within an organization. Here’s how top management can achieve this:

  1. Define Roles and Responsibilities: Clearly define the roles and responsibilities of top management in relation to the quality management system (QMS) and improvement opportunities. This can be done through job descriptions, organizational charts, and documented responsibilities that outline what is expected of top management in terms of oversight, decision-making, and engagement with the QMS.
  2. Quality Policy and Objectives: Top management should establish the organization’s quality policy and objectives. These should align with the overall business strategy and demonstrate the commitment to quality. The quality policy should be communicated throughout the organization, and objectives should be measurable, achievable, and relevant to the organization’s mission.
  3. Reporting Structure: Design a reporting structure that ensures regular communication and reporting of QMS performance and improvement opportunities to top management. This can be facilitated through routine meetings, reports, dashboards, and other communication channels.
  4. Key Performance Indicators (KPIs): Define relevant Key Performance Indicators (KPIs) that measure the effectiveness of the QMS and reflect areas for improvement. Top management should be involved in selecting these KPIs, as they need to provide meaningful insights into the organization’s performance.
  5. Regular Performance Review Meetings: Schedule periodic meetings specifically dedicated to reviewing the QMS performance and improvement opportunities. These meetings should involve top management and relevant stakeholders. During these meetings, discuss the KPIs, analyze trends, identify gaps, and strategize for improvement.
  6. Continuous Improvement Culture: Top management should foster a culture of continuous improvement by promoting the importance of seeking out and acting upon improvement opportunities. This involves not only addressing current challenges but also proactively identifying potential areas for enhancement.
  7. Allocation of Resources: Provide the necessary resources, including human resources, technology, budget, and training, to support the effective reporting and implementation of improvement initiatives. This demonstrates a commitment to achieving the desired outcomes.
  8. Escalation and Decision-Making Authority: Define the levels of escalation and decision-making authority that top management possesses concerning QMS performance and improvement initiatives. This ensures that critical decisions can be made promptly and that any roadblocks are addressed effectively.
  9. Communication and Transparency: Establish transparent communication channels for sharing QMS performance data, improvement plans, and progress updates with the entire organization. This helps create a sense of ownership and accountability across all levels.
  10. Lead by Example: Top management should lead by example by actively participating in improvement projects, demonstrating commitment to quality, and showcasing a willingness to adapt and change for the betterment of the organization.

Remember that assigning responsibility and authority for QMS performance reporting and improvement opportunities requires ongoing commitment and involvement from top management. It’s a collaborative effort that requires alignment between top management’s strategic vision and the operational implementation of quality management principles.

5) Ensuring the promotion of customer focus throughout the organization

Promoting customer focus throughout the organization is essential for maintaining customer satisfaction, driving innovation, and achieving long-term success. Here’s how top management can effectively assign the responsibility and authority for ensuring the promotion of customer focus:

  1. Set Clear Expectations: Top management should clearly communicate their expectations regarding the importance of customer focus and its alignment with the organization’s overall mission and goals.
  2. Define Roles and Responsibilities: Assign specific roles and responsibilities for promoting customer focus. Designate individuals or teams responsible for understanding customer needs, gathering feedback, and driving initiatives to enhance customer satisfaction.
  3. Establish Customer-Centric Objectives: Incorporate customer-centric objectives into the organization’s strategic planning. These objectives should be measurable and directly tied to overall business goals. Assign responsibility for achieving these objectives to relevant individuals or departments.
  4. Leadership Involvement: Top management should lead by example. Demonstrating a commitment to customer focus sends a powerful message to the entire organization. Regularly engage in discussions about customer needs, experiences, and feedback.
  5. Training and Development: Provide training and development opportunities to employees to enhance their customer-centric skills. Assign responsibility for implementing training programs and workshops to relevant departments or individuals.
  6. Customer Feedback Mechanisms: Establish mechanisms for collecting and analyzing customer feedback. Assign responsibility for managing customer feedback channels, such as surveys, reviews, and complaints, to specific individuals or teams.
  7. Cross-Functional Collaboration: Assign the responsibility to foster collaboration between different departments to ensure a holistic approach to customer focus. Create cross-functional teams responsible for addressing customer needs from various angles.
  8. Customer-Centric Metrics: Define and track metrics related to customer satisfaction, loyalty, and engagement. Assign the responsibility for tracking these metrics to designated individuals or teams.
  9. Continuous Improvement Initiatives: Assign responsibility for identifying areas of improvement based on customer feedback and market trends. Create a culture where employees feel empowered to suggest and implement changes that enhance the customer experience.
  10. Recognition and Rewards: Assign the responsibility for implementing a recognition and rewards system that acknowledges employees who excel in promoting customer focus. This can encourage employees to prioritize customer needs.
  11. Regular Communication: Facilitate regular communication from top management that highlights the importance of customer focus. This could be through company-wide meetings, newsletters, or other internal communication channels.
  12. Empowerment for Problem Resolution: Give employees the authority to address customer issues promptly and effectively. Assign responsibility for ensuring that employees have the necessary tools and empowerment to resolve customer concerns.
  13. Review and Feedback Loops: Establish a regular review process where top management assesses the effectiveness of customer focus initiatives. Assign responsibility for gathering data and preparing reports to evaluate progress.
  14. Incorporate Customer Insights into Decision-Making: Assign the responsibility for ensuring that customer insights and feedback are considered when making strategic and operational decisions.
  15. Lead Customer-Centric Culture: Ultimately, it’s top management’s responsibility to cultivate and sustain a customer-centric culture. This involves integrating customer focus into the organization’s values, mission, and daily operations.

By assigning clear responsibilities and authorities for these actions, top management can effectively ensure the promotion of customer focus throughout the organization. It’s important to lead by example and create an environment where every employee understands the significance of prioritizing customer needs.

6_ Ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

Maintaining the integrity of the quality management system (QMS) during planned changes is critical to ensure consistent quality, compliance, and effectiveness. Here’s how top management can assign responsibility and authority to ensure QMS integrity during changes:

  1. Designate Change Management Teams: Assign responsibility to a change management team or individual who will oversee the planning, execution, and monitoring of QMS changes. This team should consist of representatives from relevant departments, including quality, operations, compliance, and affected areas.
  2. Change Impact Assessment: Assign the responsibility to conduct a thorough impact assessment before implementing changes. This involves analyzing how proposed changes will affect different aspects of the QMS, processes, documentation, and personnel.
  3. Change Control Process: Assign responsibility for establishing a formal change control process. This process should outline how changes are identified, evaluated, approved, communicated, and implemented. Clearly define roles and responsibilities within this process.
  4. Risk Assessment and Management: Assign responsibility for conducting risk assessments related to proposed changes. This helps identify potential risks to QMS integrity and allows for appropriate mitigation strategies to be developed and implemented.
  5. Authorization and Approval: Define the authority required for approving changes at different levels. Assign the responsibility for ensuring that proper authorization is obtained before implementing any changes to the QMS.
  6. Document Control: Assign responsibility for managing the documentation associated with QMS changes. This includes updating policies, procedures, work instructions, and other relevant documents to reflect the approved changes.
  7. Training and Communication: Assign responsibility for developing a training plan to ensure that all personnel affected by the changes are educated on the new processes, procedures, and requirements. Communication should be clear and consistent.
  8. Validation and Verification: Assign responsibility for validating and verifying changes as needed. This may involve testing new processes, conducting audits, or reviewing data to ensure that the changes have been implemented correctly.
  9. Monitoring and Measurement: Assign responsibility for monitoring the performance of the QMS after changes are implemented. This includes tracking key performance indicators (KPIs) to assess the effectiveness of the changes and identifying any potential issues.
  10. Continuous Improvement: Assign responsibility for evaluating the results of the changes and identifying opportunities for further improvement. This involves collecting feedback, analyzing data, and making necessary adjustments.
  11. Escalation Protocols: Define escalation protocols and assign responsibility for addressing any unexpected issues or challenges that arise during the implementation of changes. This ensures that issues are resolved promptly.
  12. Management Review: Assign responsibility for reporting on the changes made to the QMS during management review meetings. Top management should be kept informed of the status and outcomes of QMS changes.
  13. Post-Implementation Audit: Assign responsibility for conducting post-implementation audits to ensure that the changes have been properly executed and are producing the desired results.
  14. Compliance and Regulatory Considerations: Assign responsibility for ensuring that any changes adhere to relevant regulations and standards. This may involve working with legal and regulatory affairs teams.
  15. Lessons Learned: Assign responsibility for capturing lessons learned from the change management process. This information can be valuable for future changes and improvements.

By clearly assigning responsibility and authority for these steps, top management can ensure that changes to the quality management system are planned, executed, and monitored in a way that maintains its integrity and effectiveness. Open communication, collaboration, and a systematic approach are key to successful change management within the QMS.

Documented Information Required:

There are no mandatory requirement for this clause. It does provide general guidance on the information that should be documented and maintained.

  1. Procedure for Role Assignment: Create a procedure that outlines how roles and responsibilities are assigned, communicated, and updated within the organization. This procedure can help ensure consistency and accuracy in role assignments.
  2. Roles and Responsibilities Matrix: Maintain a matrix that maps out different roles, their respective responsibilities, and associated authorities. This matrix can serve as a quick reference guide for personnel to understand who is responsible for what.
  3. Approval and Authorization Records: Keep records of approvals and authorizations for specific actions, decisions, or changes that require formal approval from higher levels of authority. These records demonstrate that the necessary approvals were obtained.
  4. Training Records: Maintain records of training sessions and qualifications that demonstrate employees’ competencies and their alignment with assigned roles and responsibilities.
  5. Communication Records: Keep records of communication related to roles, responsibilities, and authorities. This can include meeting minutes, emails, and other forms of communication that pertain to these aspects.
  6. Organizational Changes Records: If there are changes to the organizational structure, roles, or responsibilities, document the details of these changes, including reasons, dates, and parties involved.
  7. Performance Evaluation Records: Keep records related to the evaluation of personnel performance with regard to their assigned roles and responsibilities. This can include performance appraisals, feedback, and improvement plans.
  8. Organizational Chart: Organization charts are used to show the overall hierarchy of a business and the roles, responsibilities and authorities, including job titles and lines of reporting that operate within the quality management system. The organization chart should include the roles and responsibilities that are required to comply with quality management system requirements to ensure they are integrated within your business processes. All employees should be encouraged to understand their own, and others’, responsibilities for implementing and maintaining business and QMS processes. All defined accountabilities, responsibilities and authorities must be stated in your documentation and communicated throughout your organization. Top management are responsible for reviewing, maintaining and communicating your business’s organization chart.
  9. Job Descriptions: For each job title identified, your organization should develop a job description to provide a narrative of what the role entails and to identify all associated tasks. Top management are responsible for assigning relevant roles and responsibilities (e.g. the tasks allocated to each role) and the authorities (e.g. permissions and interfaces allocated within each role).The assignment of relevant roles, responsibilities and authorities that affect conformity across your organization includes the roles of Top management, Management Representative, Line Managers, Departmental Managers, Supervisors, Process Owners, and Process Users, etc. relating to:
    • Conformance of the QMS to ISO 9001;
    • Delivery of process output results ;
    • Reporting of QMS performance and improvement opportunities ;
    • Promoting customer focus ;
    • Maintaining the integrity of the QMS when changes occur .

Arrangements to demonstrate that relevant roles, responsibilities and authorities are communicated and understood, and include as appropriate your organization chart, resource allocation spreadsheets, role profiles, accountability statements, job descriptions, training matrices, and skills, competence, qualification and performance reviews. Job descriptions should comprise the following criteria:

  1. Title of the job;
  2. Where the role sits within the team, department and wider business;
  3. Who the role reports to, and other key interactions;
  4. Key areas of responsibility and the deliverables expected;
  5. Short, medium and long-term objectives;
  6. Scope for progression and promotion;
  7. Required education and training;
  8. Soft skills and personality traits necessary to excel;
  9. Location and travel requirements;
  10. Remuneration range and benefits available;
  11. Convey our organization’s culture and identity.

The quality accountabilities and responsibilities of each employee are integral components of their respective job descriptions. Remember that the specific documents and records you need may vary depending on the complexity and size of your organization. The goal is to have a clear and effective system in place that ensures everyone understands their roles, responsibilities, and authorities, and that decisions are made and communicated appropriately within the organization. It’s important to tailor your documentation and record-keeping to best suit your organization’s needs while meeting the intent of ISO 9001:2015 Clause 5.3.

ISO 9001:2015 Internal Audit checklist

The following checklist can be used for both internal audits as well as Gap Analysis tools.

ISO 9001:2015 Checklist
Clause 4: Context of the organization
4.1 Understanding the organization and its context
1Has the organization determined the external and internal issues relevant to the Purpose & strategic direction of its QMS and that can affect its ability to achieve the intended results?
2Does the organization monitor and review information about these external and internal issues?
3Has the organization determined whether climate change is a relevant issue?
4.2 Understanding the needs and expectations of interested parties
1Has the organization determined the interested parties that are relevant to the QMS?
2Has the organization determined the requirements of these interested parties relevant to the QMS?
3Does the organization monitor and review the information about these interested parties and their relevant requirement?
4.3Determining the scope of the quality management system
1Has the organization established the scope of its QMS?
2Has the organization determined the boundaries and applicability of the QMS?
3While determining the scope, has the organization determined the external and internal issues, requirements of relevant interested parties, products and services of the organization?
4How does the organization applies all the requirements of ISO 9001:2015 if they are applicable
within the determined scope of its quality management system?
5Does the scope of the organization’s quality management system is available and be maintained as
documented information?
6Does the scope state the types of products and services covered?
7Is any of the requirement of ISO 9001:2015 which the organization has determined not applicable to the scope of its quality management system? If yes has the organization provided justification for not being applicable?
8While determining Applicability, does the organization determine if it affects its ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction?
4.4 Quality management system and its processes
4.4.1
1Has the organization established, implemented, maintained and continually improved its QMS , including the processes needed and their interactions, in accordance with the requirements of this ISO 9001:2015 Standard?
2Has the organization determined the application of these processes and their application throughout the organization?
3 Has the organization determined determine the inputs required and the outputs expected from these processes;
4Has the organization determined the sequence and the interaction of these processes?
5Has the organization determined the resources needed for the organization?
6Has the organization ensured the availability of the resources needed for these processes?
7Has the organization determined and applied the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes?
8Has the organization assigned the responsibilities and authorities for these processes?
9How does the organization address the risks and opportunities as determined in accordance with the requirements of 6.1?
10Has the organization evaluated these processes and implemented any changes needed to ensure that these processes achieve their intended results?
11Has the organization improved in its processes and its QMS?
4.2.2 
1Has the organization maintained documented information to support the operation of its processes?
2Do the organization retain documented information as evidence that the processes have been carried out as planned?
Clause 5Leadership
5.1Leadership and commitment
5.1.1General
1Does the top management demonstrate leadership and commitment by taking accountability for the effectiveness of its QMS?
2Has the top management ensured that the quality policy and quality objective are established?
3Is the quality policy and quality objective compatible with the context and strategic direction of the organization?
4Has the organization integrated the requirements of QMS with the business processes?
How is the top management promoting the use of the process approach and risk-based thinking?
Is the top management ensuring that the resources needed for the QMS are available?
Is the importance of the effectiveness of QMS and meeting QMS requirements communicated?
Does the top management ensure that the QMS is achieving its intended results?
5Does Top Management engage, directs and supports the persons required to contribute to the effectiveness of the QMS requirements?
6Is Top Management promoting improvements?
7Is Top Management supporting other relevant management roles to demonstrate their leadership as it applies to their area of responsibilities?
5.1.2Has the organization determined and provided the persons required for the effective maintenance of QMS and for operation and control of its processes?
1Does the Top Management demonstrate leadership and commitment by ensuring that customer and applicable statutory and regulatory requirements are determined, understood and are consistently meeting the requirements?
2how does the top management ensures that the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed?
3Is the focus on enhancing customer satisfaction maintained?
5.2Policy
5.2.1Establishing the Quality policy
1Has the Top Management established, implemented and maintained a quality policy?
2Is quality policy appropriate to the purpose and context of the organization and does it support its strategic directions?
3Does the Quality policy provide the framework for setting quality objectives?
4Does the Quality policy includes a commitment to satisfy applicable requirements?
5Does the Quality policy includes a commitment to continual improvement of the quality management system.?
5.2.2Communicating the quality policy
1Is Quality policy maintained as documented information?
2Is Quality policy communicated, understood and applied within the organization?
3Is Quality policy appropriate and made available to the relevant interested parties?
5.3Organizational roles, responsibilities and authorities
1Has the Top management ensured that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization?
2While assigning the responsibilities and authorities, do the top management ensure that the quality management system conforms to the requirements of ISO 9001:2015?
3While assigning the responsibilities and authorities, do the top management ensure that the processes are delivering their intended output?
4While assigning the responsibilities and authorities, does the top management ensure that the performance of its QMS and opportunities for improvement are reported to them?
5While assigning the responsibilities and authorities, does the top management ensure that there is the promotion of customer focus throughout the organization?
6While assigning the responsibilities and authorities, do the top management ensure that the integrity of QMS is maintained when changes to the QMS are planned and maintained?
Clause 6Planning
6.1Actions to address risks and opportunities
6.1.1
1While planning for QMS, does the organization consider the issues referred to in clause 4.1 and the requirements referred to in clause 4.2?
2Has the organization determined the risks and opportunities that have to be addressed so that QMS can achieve its intended results, enhance desirable effects, prevent, or reduce undesired effects and achieve improvement?
6.1.2
1Has the organization planned actions to address these risks and opportunities?
2How does the organization integrate and implement the actions into its quality management system processes?
3How does the organization evaluated the effectiveness of these actions?
4Is the action taken to address risks and opportunities proportionate to the potential impact on the conformity of products and services?
6.2Quality objectives and planning to achieve them
6.2.1
1Has the organization established quality objectives at relevant functions, levels and processes needed for the QMS?
2Are the quality objectives consistent with the quality policy?
3Are the quality objectives measurable and do they take account of applicable requirements?
4Does the organization have quality objectives which are relevant to the conformity of products and services and enhancement of customer satisfaction?
5Are the quality objectives monitored, communicated and updated as required?
6Does the organization maintain documented information on the quality objectives?
6.2.2
1For achieving quality objectives the organization determines what will be done, what resources are required, who will be responsible, when will it be completed and how are the result to be evaluated?
6.3Planning for change
1While determining changes for the QMS, are changes carried out in a planned manner?
2While planning for change, does the organization consider the purpose of the change and their potential consequence; the integrity of the QMS; the availability of resources; and the allocation and reallocation of responsibilities and authorities?
7.1Resources
7.1.1General
1Has the organization determined and provided the resources needed for the establishment, implementing, maintaining and continually improvement of the QMS?
2Has the organization considered the capabilities and constraints of existing internal resources?
3Has the organization considered what needs to be obtained from external providers?
7.1.2People
1Has the organization determined and provided the persons required for the effective maintenance of QMS and for the operation and control of its processes?
7.1.3Infrastructure
1Has the organization determined and maintained the infrastructure needed for the operation of its processes and to achieve conformity of product and services?
7.1.4Environment for the operation of processes
1 Has the organization determined, provided and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services?
7.1.5Monitoring and measuring resources
7.1.5.1General
1Has the organization determined and provided the necessary resources needed when monitoring and measuring are used to verify conformity to product and service to requirements?
2Are resources suitable for the type of monitoring and measurement activities undertaken?
3Are resources maintained to ensure their continuing fitness for their purpose?
4Does the organization retain appropriate documented information as evidence of fitness for the purpose of the monitoring and measurement resources?
7.1.5.2Measurement traceability
1Is there a requirement for measurement traceability?
2Where measurement traceability is a requirement, is measurement equipment calibrated or verified at a specified interval or prior to use?
3Is the calibration done against measurement standards traceable to national or international standards?
4Where no such standard exists, are documented information retained for the basis used for calibration or verification?
5How is the measuring equipment identified in order to determine their status?
6How is the measuring equipment safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results?
7Does the organization determine and take appropriate action if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose?
7.1.6Organizational knowledge
Does the organization determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services?
2Does the organization maintain this knowledge and make it available to the extent necessary?
3While addressing changing needs and trends, does the organization consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates?
7.2Competence
1Does the organization determine the necessary competence of its employees whose work affects the performance and effectiveness of the QMS?
2Does the organization ensure that its employees are competent on basis of appropriate education, training or experience?
3Does the organization take applicable actions to acquire the necessary competence and evaluate the effectiveness of action taken?
4Does the organization retain the appropriate documented information as evidence of competence?
7.3Awareness
1Does the organization ensure that the persons doing work under the organization’s control are aware of its quality policy, relevant quality objectives, their contribution to the effectiveness of QMS including the benefits of improved performance and the implications of not meeting QMS requirements?
7.4Communication
1Does the organization determine the internal and external communication relevant to the QMS including on what it will communicate, when to communicate, with whom to communicate, how to communicate, and who communicates?
7.5Documented Information
7.5.1General
1Does the organization’s QMS include documents required by ISO 9001:2015 and documents determined by the organization necessary for the effectiveness of the QMS?
7.5.2Creating and updating
1While creating and updating documented information, does the organization ensure it is appropriate in terms of identification descriptions?
2While creating and updating documented information does the organization ensure that it is in proper format and in the correct media?
3While creating and updating documented information, does the organization ensure that there are appropriate review and approval for suitability and adequacy?
7.5.3Control of documented information
7.5.3.1
1Does the organization control its documented information to ensure that it is available and suitable for use, whenever it is needed?
2Is the documented information adequately protected?
7.5.3.2
1Is the distribution, access, retrieval and use of documented information adequately controlled?
2Is the documented properly stored and adequately preserved and it is legible?
3Is there control of changes (e.g. version control)?
4Are their adequate control in place for retention and disposition?
5Is external origin documented information necessary for planning and operation of QMS appropriately identified and controlled?
6Are records protected for unintended alterations?
Clause 8Operations
8.1Operation planning and control
1Does the organization plan, implement and control the processes needed to meet the requirement for the provision of product and services and to implement the action determined in clause 6?
2Does the organization determine the requirements for the products and services?
3Has the organization established criteria for the processes and acceptance of products and services?
4Does the organization determine the resources needed to achieve conformity to the product and service requirements?
5Does the organization implement controls of the processes in according with the criteria?
6Does the organization determine, maintain and retain necessary documented information to have confidence that the processes have been carried out as planned and to demonstrate the conformity of products and services?
7Is the output of this planning suitable for the organization’s operations?
8Does the organization control its planned changes and review the consequences of unintended changes?
9Does the organization take action to mitigate any adverse effects of its unintended changes?
10How does the organization ensure that outsourced processes are controlled?
8.2Requirements for products and services
8.2.1Customer communication
1Does the organization communicate with customers to provide information relating to products and services, handling enquiries, contracts or orders including any changes?
2Does the organization obtain customer feedback relating to products and services including customer complaint?
3Does the organization communicate with the customers relating to handling or controlling customer property?
4Has the organization established requirements for contingency action, where required?
8.2.2Determining the requirements for products and services
1How does the organization determine the requirements for products and services to be offered to customers?
2How are the requirements defined and does it include applicable statutory regulatory requirements and those considered necessary by the organization?
3How does the organization ensure that it meets the claims for its products and services?
8.2.3Review of the requirements for products and services
1How does the organization ensure it can meet product and service requirements?
2How does the organization conduct a review before committing to supply products and services?
3How does the organization review the requirements specified by the customer, including the requirements for delivery and post-delivery activities?
4How does the organization review the requirements not stated by the customers but necessary for the specified or intended use when known?
5How does the organization review the statutory & regulatory requirements applicable to the product and services and requirements specified by the organization?
6How does the organization review and resolve contract or order requirements differing from those previously defined?
7When the customer does not provide a documented statement of their requirement, how does the organization conform to the customer’s requirements before acceptance?
8Does the organization retain documented information on the results of the review and on any new requirements for the products and services?
8.2.4Changes to requirements for products and services
1How does the organization ensure that the relevant documented information is amended and the relevant persons are made aware of the changed requirements when the requirements for the products and services are changed?
8.3Design and development of products and services
8.3.1General
1 Has the organization established, implemented and maintained a D&D process that is appropriate to the subsequent provision of products and services?
8.3.2Design and development planning
1In determining the stages and controls for D&D, has the organization taken into consideration the nature, duration and complexity of D&D activities?
2In determining the stages and controls for D&D, has the organization taken into consideration the required process stages including D&D reviews?
3In determining the stages and controls for D&D, has the organization taken into consideration the D& D verification and validation activities?
4In determining the stages and controls for D&D, has the organization taken into consideration the responsibilities and authorities involved in the D&D process?
5In determining the stages and controls for D&D, has the organization taken into consideration the external and internal resources needed?
6In determining the stages and controls for D&D, has the organization taken into consideration the need to control interfaces between persons involved in D&D?
7In determining the stages and controls for D&D, has the organization taken into consideration the need for the involvement of customers and users?
8In determining the stages and controls for D&D, has the organization taken into consideration the requirements of the subsequent provision of products and services?
9In determining the stages and controls for D&D, has the organization taken into consideration the level of the control expected for the D&D by customers and other relevant interested parties?
10In determining the stages and controls for D&D, has the organization taken into consideration the documented information needed to demonstrate that design and development requirement has been met?
8.3.3Design and Development inputs
1Has the organization determined the essential requirements for the specific types of products and services to be designed and developed?
2Does the organization consider the following functional and performance requirements; statutory and regulatory requirements; standards or code of practices that the organization has committed to implement; information derived from previous design and development activities; potential consequences of failure due to the nature of the product and services?
3Does the organization ensure that the inputs are adequate for D&D purpose, complete and unambiguous?
4Does the organization resolve the conflicting D&D inputs?
5Are documented information for D&D inputs retained?
8.3.4Design and development controls
1Has the organization applied the necessary controls to D & D processes to ensure that the result to be achieved are defined?
2Has the organization conducted a review to evaluate the ability of the results of D& D to meet the requirements?
3Has the organization conducted the verification to ensure that D&D meet input requirements?
4Has the organization conducted the validation to ensure that the resulting product and service meet the requirements of the specified application or intended use?
5Has the organization taken necessary action on the problems determined during reviews, verification or validation activities?
6Has the organization retained documented information on the above-mentioned activities?
8.3.5Design and Development outputs
1Does the organization ensure that D&D outputs meet the input requirements?
2Does the organization ensure that D&D outputs include (or have reference) monitoring and measuring requirements and acceptance criteria?
3Has the organization identified, reviewed and controlled changes made during, or subsequent to the D & D of the product and services to ensure that there is no averse to the impact on conformity to requirements?
4Does the organization ensure that D&D outputs specify the characteristics of the products and services that are essential for their intended use?
5Does the organization retain documented information for D&D output?
8.3.6Design and Development changes
1Has the organization identified, reviewed and controlled changes made during, or subsequent to the D & D of the product and services to ensure that there is no averse to the impact on conformity to requirement?
2Has the organization retained the documented information on D&D changes, the result of reviews, authorization of the changes and the action taken to prevent adverse impact?
8.4Control of externally provided processes, products and services
8.4.1General
1Does the organization ensure that the externally provided processes, products and services conform to the requirements?
2Does the organization determine the controls needed when the product and services from the external providers are incorporated into their own product and services?
3Does the organization determine the controls needed when the product and services from the external providers are provided directly to the customer by external providers?
4Does the organization determine the controls needed when the process or part of the process is provided by the external providers?
5Has the organization determined and applied the criteria for selection, evaluation, monitoring of performance and re-evaluation of external providers?
6Has the organization retained the documented information of these activities and any action arising out or evaluation/re-evaluation?
8.4.2Type and extent of control
1Does the organization ensure that the externally provided processes, product and services do not adversely affect its ability to consistently deliver conforming products and services to the customers?
2Does the organization ensure that the externally provided process remains within the control of its QMS?
3Has the organization defined the controls to be applied to an external provider and its resulting outputs?
4Has the organization taken into consideration the potential impact of the organization’s ability to consistently meet customer and applicable statutory and regulatory requirement?
5Has the organization taken into consideration the effectiveness of the controls applied by the external providers?
6Has the organization determined the verification or other activities, necessary to ensure that the externally provided processes, products and services meet requirements?
8.4.3Information for external providers
1Does the organization ensure the adequacy of requirements prior to their communication to the external provider?
2Does the organization communicate to the external providers its requirements for the processes, products and services required?
3Does the organization communicate to the external providers its requirements for the approval of the product and services; methods, processes and equipment; the release of product and services?
4Does the organization communicate to the external providers its requirements for competence including any qualification of persons?
5Does the organization communicate to the external providers its requirements for external provider’s interactions with the organizations?
6Does the organization communicate to the external providers its requirements for control and monitoring of the external providers’ performance to be applied by the organization?
7Does the organization communicate to the external providers its requirements for verification or validation activities that the organization or its customer intends to perform at the external providers’ premises?
8.5Production and Service provision
8.5.1Control of production and service provision
1Has the organization implemented production and service provision under controlled conditions?
2 Are there any documented information available that defines the characteristics of the product, services or activities to be performed and the results to be achieved?
3Are any suitable monitoring and measuring resources available? Are they being used?
4Are monitoring and measuring activities being performed at appropriate stages?
5Are competent persons (including qualification) being appointed?
6Is the infrastructure and environment being used suitable for operation of processes?
7Has the organization implemented any actions to prevent human error?
8Has the organization implemented any release, delivery and post-delivery activities?
9Where resulting output cannot be verified by subsequent monitoring or measurement, has the organization conducted validation and periodic revalidation of the process for production and service provision?
8.5.2Identification and traceability
1Has the organization used any suitable means to identify output when it is necessary to ensure the conformity of products and services?
2Has the status of outputs with respect to monitoring and measuring requirements throughout the production and service provision being identified by the organization?
3Has the organization controlled the unique identification of the outputs when traceability is a requirement?
4Has the organization retain the documented information necessary to enable traceability, when traceability is a requirement?
8.5.3Property belonging to customers or external providers
1When property belonging to customers or external providers is under the organization’s control or being used by the organization, does the organization exercise adequate care?
2Does the organization identify, verify, protect and safeguard customers’ or external providers’ property?
3When the property or the customer or external provider is lost, damaged or otherwise, fount to be unsuitable for use, does the organization report this to the customer or external provider? Does the organization retain documented information on what has occurred?
8.5.4Preservation
1Does the organization preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements?
8.5.5Post-delivery activities
1Does the organization meet requirements for post-delivery activities associated with the product and services?
2In determining the extent of post-delivery activities does the organization considers the statutory & regulatory requirements; the potential undesired consequences associated with its product and services; customer requirement & feedback; nature, use and intended lifetime of its product and services?
8.5.6Control of change
1Do the organization conduct review and control changes for production or service provision to ensure continuing conformity with requirements?
2Does the organization retain documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review?
8.6Does the organization retain the documented information on the release of products and services and it include information relating to the evidence of conformity with the acceptance criteria; traceability of the person authorizing the release?
1Has the organization implemented planned arrangements, at appropriate stages, to verify that the product and service requirements have been met?
2Does the organization ensure that the release of product and service proceed only after the planned arrangement is satisfactorily completed or approved by the relevant authority and as applicable by the customer?
3Does the organization retain the documented information on the release of products and services and does it include information relating to the evidence of conformity with the acceptance criteria; and traceability of the person authorizing the release?
8.7Control of nonconforming outputs
8.7.1
1Does the organization ensure that the outputs which do not conform to their requirements are identified and controlled to prevent their unintended use or delivery?
2Is the action appropriate to the nature of the nonconformity and its effect on the conformity of products and services?
3Do the organization also consider nonconforming product and services detected after delivery of products, during and after the provision of services?
4When non-conforming products and services are detected does the organization take correction action and/or segregation, containment, return, or suspension of the provision of product & services and/or informing the customer and/or obtaining authorization for acceptance under concession?
5Does the organization retain documented information that describes the nonconformity; describes the actions taken; describes any concession obtained; identifies the authority deciding the action in respect of the nonconformity?
Clause 9Performance evaluation
9.1Monitoring, measurement, analysis, and evaluation
9.1.1General
1Did the organization plan how to monitor, measure, analyze, and evaluate its QMS?
2Did the organization plan how to monitor QMS performance and effectiveness?
3Did the organization figure out what needs to be monitored and select methods?
4Did the organization determine its QMS monitoring requirements?
5Does the organization select monitoring methods that can produce valid results?
6Did the organization establish when monitoring should be done and who should do it?
7Did the organization plan how to measure QMS performance and effectiveness?
8Did the organization figure out what needs to be measured and did the organization select methods?
9Did the organization determine its QMS measurement requirements?
10Does the organization select measurement methods that can produce valid results?
11Did the organization establish when measuring should be done and who should do it?
12Did the organization plan how to analyze QMS performance and effectiveness?
13Did the organization select analytical methods that are capable of producing valid results?
14Did the organization decide when monitoring and measurement results are analyzed?
15Did the organization plan how to evaluate QMS performance and effectiveness?
16Did the organization select evaluation methods that are capable of producing valid results?
17Did the organization decide when monitoring and measurement results are evaluated?
18Do the organization monitor, measure, analyze, and evaluate the organization’s QMS?
19Does the organization monitor the performance and effectiveness of the organization’s QMS?
20Do the organization record monitoring results and does the organization retain and control these records?
21Does the organization measure the performance and effectiveness of the organization’s   QMS?
22Do the organization record measurement results and does the organization retain and control these records?
23Does the organization analyze the performance and effectiveness of its   QMS?
24Do the organization record analytical results and does the organization retain and control these records?
25Does the organization evaluate the performance and effectiveness of its QMS?
26Do the organization record evaluation results and does the organization retain and control these records?
9.1.2Customer satisfaction
1Does the organization establish methods that the organization can use to monitor customer perceptions?
2Does the organization figure out how the organization is going to obtain information about how customers feel about how well it is meeting their needs and expectations?
3Does the organization figure out how the organization is going to review information about how customers feel about how well it is meeting their needs and expectations?
4Do the organization monitor how well customer needs and expectations are being fulfilled?
5Do the organization monitor how the organization’s customers feel about how well the organization is meeting their needs and expectations (do the organization monitor the organization’s customers’ perceptions)?
9.1.3Analysis and evaluation
1Does the organization analyze its monitoring and measurement results?
2Does the organization analyze and evaluate appropriate data and information?
3Does the organization use its analytical results to evaluate performance?
4Does the organization evaluate the performance of its QMS?
5Does the organization determine if it needs to improve its performance?
6Does the organization evaluate the performance of its external providers?
7Does the organization use its analytical results to evaluate effectiveness?
8Does the organization evaluate the effectiveness of its QMS?
9Does the organization determine if it needs to improve its effectiveness?
10Does the organization evaluate the effectiveness of its planning?
11Does the organization determine if its plans were effectively implemented?
12Does the organization evaluate the effectiveness of its actions?
13Does the organization evaluate the effectiveness of actions taken to address risks?
14Does the organization evaluate the effectiveness of actions taken to address opportunities?
15Does the organization use its analytical results to evaluate conformity?
16Does the organization evaluate the conformity of products and services?
17Does the organization use its analytical results to evaluate satisfaction?
18Does the organization evaluate the degree of customer satisfaction?
9.2Internal Audit
9.2.1
1Does the organization conduct internal audits at planned intervals?
2Did the organization plan a program that can find out if QMS meets the Organization’s own requirement and ISO 9001:2015 requirements?
3Did the organization plan a program that can find out if QMS is effectively implemented and maintained?
9.2.2
1Did the organization plan, establish, implement, and maintain an audit program?
2Did the audit program include the frequency, methods, responsibilities, planning requirements, and reporting?
3Does the audit program take into consideration the importance of the process concerned, changes affecting the organization, and the results of previous audits?
4Did the organization define the audit criteria and scope of each audit?
5Does the organization ensure that the audit is conducted by the auditors to ensure objectivity and impartiality of the audit process?
6Does the organization ensure that the results of the audits are reported to relevant management?
7Does the organization take appropriate correction and corrective action without undue delays?
8Does the retain documented information as evidence of the implementation of the audit program and the audit results?
9.3Management review
9.3.1General
1Does the Top Management review the organization QMS at planned intervals?
2Does the review ensure QMS’s continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization?
9.3.2Management review inputs
1Does the review take into consideration the status of actions from previous management reviews?
2Are the changes in external and internal issues relevant to QMS considered?
3Does the review take into consideration information on the performance and effectiveness of the QMS?
4Does the review take into consideration customer satisfaction and feedback from relevant interested parties?
5Does the review take into consideration the extent to which the quality objectives have been met?
6Does the review take into consideration the process performance and conformity of products and services?
7Does the review take into consideration nonconformities and corrective actions?
8Does the review take into consideration monitoring and measuring results?
9Does the review take into consideration audit results?
10Does the review take into consideration the performance of external providers?
11Does the review take into consideration the adequacy of resources?
12Does the review take into consideration the effectiveness of actions taken to address risks and opportunities?
13Does the review take into consideration the opportunities for improvement?
9.3.3Management review outputs
1Do the outputs of the Management review include decisions and actions related to the opportunities for improvement; any need for changes to the QMS; and resources needed?
2Does the organization retain documented information as evidence of the result of the management review?
Clause 10Improvement
10.1General
1Has the organization determine and select opportunities for improvement?
2Has the organization implemented any necessary action to meet customer requirements and enhance satisfaction?
3Has the organization taken action for improving products & services to meet requirements as well as to address future needs and expectations?
4Has the organization taken action for correcting, preventing, or reducing undesired effects?
5Has the organization taken action for improving the performance and effectiveness of the QMS?
10.2Nonconformity and corrective action
1When any nonconformity (including complaints) occurs, does the organization take action to control and correct it and deal with the consequences?
2When any nonconformity (including complaints) occurs, does the organization evaluate the need for action to eliminate the causes of the nonconformity?
3Does the organization reviews and analyzes the nonconformity?
4Does the organization determine the causes of the nonconformity?
5Does the organization determine similar nonconformity exist or could potentially occur?
6Has the organization implemented any action needed?
7Has the organization reviewed the effectiveness of the corrective action taken?
8Has the organization updated risk and opportunities determined during planning if necessary?
9Has the organization made changes to the QMS if necessary?
10Are the corrective actions appropriate to the effects of the nonconformities encountered?
10.2.2
1Does the organization retain documented information on the nature of the nonconformities and any subsequent actions taken; and the result of any corrective action?
10.3Continual improvement
1Does the organization continually improve the suitability, adequacy, and effectiveness of the QMS?
2Does the organization consider the results of analysis and evaluation, and output from management review to determine if there are needs or opportunities to be addressed as part of continual improvement?

Back to the Home Page

If you need assistance or have any doubts and need to ask any questions contact me at preteshbiswas@gmail.com. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.

ISO 9001:2015 CLAUSE 10 IMPROVEMENT

ISO 9001:2015 CLAUSE 10 IMPROVEMENT

Occasionally undesired things occur; now it’s time to address nonconformity and corrective action. And to make things better there’s continual improvement. The requirements here are familiar and well understood. But what about preventive action? It does not appear. As some have argued for many years, one of the objectives of a management system is preventive action. The requirements in clause 4.1 to “…determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its quality management system” and in clause 6.1 to “determine the risks and opportunities that need to be addressed to assure the Quality management system can achieve its intended outcome(s); prevent, or reduce, undesired effects; achieve continual improvement.” not only address preventive action but go beyond. And in the end, auditors will look back at the management system established in clause 4.4, reviewed in clause 9.3, and now continually improved. Finally, although there remains a requirement for processes, there is no mention anywhere of procedures, documented or otherwise. If a discipline considers that they are required then they will appear in clause 8 – Operations. However, if they are not a requirement but the organization themselves consider they need them then that will be their decision

ISO 9001:2015 Clause 10, Improvement, has three sub-clauses:

10.1 General
10.2 Nonconformity and Corrective Action
10.3 Continual Improvement

10.1 General

The organization must determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction. These actions must include improving products and services to meet requirements, as well as, address future needs and expectations; correcting, preventing, or reducing undesired effects; improving the performance and effectiveness of the quality management system. Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation, and reorganization.

The phrase “opportunities for improvement” is only mentioned in ISO 9001:2008 at clause 5.6.1 (Management Review – General). The phrase has been repeated in ISO 9001:2015 at clause 9.3.2.f (Management Review Inputs) and added to clause 5.3.c (Organizational Roles,  Responsibilities, and Authorities) and clause 10.1 (Improvement – General). Although “meet customer requirements” and “enhance customer satisfaction” are expressed in several places in ISO 9001:2008, they aren’t mentioned in the old clause 8.5 under Improvement. Clause 10.1 in ISO 9001:2015 adds that improvement actions are taken to meet customer requirements and enhance customer satisfaction. ISO 9001:2015 adds that organizations are to not only improve products and services to meet known requirements, but also to address “future” needs and expectations.

We use the term “improvement system” to mean the approaches, methodologies, tools, and technologies that organizations use to bring about improvements in how the organization operates. These are management approaches for isolating issues and finding solutions, and they are often the catalyst for specific changes to technologies, processes, job roles or organization structures. A systemic and humane approach for improving an organization that makes a difference to the customer and provides a lasting effect has three components:

  1. how a product or service is delivered,
  2. the product or service design, and
  3. a management system to enable improvements.

Process Improvement

The reality for fulfilling the needs of the customer consists of an overwhelming number of factors. Requirements are imposed from multiple sources or customers, each with their own needs and wants. As requirements are cascaded through the organization, the requirements are translated into actionable items. Sometimes with clear connections, sometimes the connections are not obvious. Some benefits are immediately obvious and some benefits are obscure to the local workforce. Each requirement has ramifications far beyond the immediate area. Many Process Improvement methodologies are created to improve operational efficiency and effectiveness. Each provides a disciplined approach for improving how a product or service is delivered. Their primary technique is to expose incongruities in the execution of tactical plans, bringing into the open some of the assumptions and misdirected focus of dedicated professionals. Once incongruities are exposed and understood, people inherently strive to correct them. No one deliberately creates unnecessary work or bad quality. Most processes are created with the best of intentions, focusing on performing the task at hand, with the resources at hand, in the environment where they exist. It uses a structured approach to understanding the existing conditions, generates improvement ideas, then implements the changes.

Product Improvement

The design activity consumes five percent of the product cost, while it has a 70 percent influence on the final cost. On the other hand, material and labour costs can consume 65 percent of product costs, while only influencing the final cost by 25 percent. Where would you invest your capital and human resources to produce the largest return: Improving the 25 percent influence on product costs, or the 70 percent? Value Engineering (VE) has been evolving for the last 60 years as a way to remove unnecessary cost from the product design before, during, and after the fact. VE first identifies the intent or function and understands the context, then develops alternatives and implements a plan. Value Engineering studies bring marketing, finance, operation, design, customers, and suppliers together to systematically explore how the product performs the function the customer needs.

Management Practices Improvement

All human activities and efforts of any organization are based upon management practices. Practices that govern how people interact within the organization, as well as, how people interact between the organization and the rest of the world. The practices may be consciously created and based on theory or may have simply emerged as the organization grew and matured.  Management’s job in the area of improvement is to create and facilitate an environment for learning and cooperation. One area to start is to remove policies and barriers that inhibit people from doing a good job. At the same time, encourage communication between functional areas and different levels of the organization. Another aspect of management’s obligation to improvement efforts is to encourage the exploration of data and theory. Finding the context for which data is used for improvement and how it helps align improvement efforts towards the aim of the system. Data, information, and knowledge are not the same. Data is just that, data. Measurements and observation counts are two examples. When data is placed in a context, information is created. Understanding how data is classified and interpreted based on the concepts in which it was created, along with how the data is used for action are just a few factors of converting data and information into knowledge.

Creating a systemic approach to improvement

Process improvement, product improvement, and management practices improvement must work together towards improving the organization as a whole, working towards a common aim. Everybody
doing their best is not sufficient. Functional areas of a system must be aware of how their actions impact other groups and the entire system. Each group must investigate to understand how their actions will benefit the whole, and identify the dangers of how their actions introduce risks to the whole. Also, each group may have to accept less than optimal performance of their functional area in order for the entire system to improve. Selecting where to start is not a question of one area or the other. All three areas are codependent on each other. No group exists in isolation. Every organization is a system. When improvement is begun in any single area, the first issues addressed are usually the issues that can be corrected by the local workforce. However, as these immediate and local issues are corrected, new issues become visible. Issues that are beyond the scope of immediate influence. This causes conflicts as improvement efforts start to influence other areas. Between the unbridled enthusiasm of one area, and another area not understanding the reasons for the change, conflict arises. This conflict causes change efforts to have several adverse effects. First, it negatively affects the morale of people and organizations. Second, conflict leads to reduced performance of other groups in the system. People are not against change, they are against being changed. People need to understand the need for change from their perspective. Functional workgroups are not receptive to outside groups telling them how they must change. Communication and collaboration are the best way to overcome resistance. Management practices must provide an environment where people are given a voice in how change is going to happen and share operational definitions about each other’s improvement projects. Using language that is common or easily understood by most people, without jargon. The organization must learn individually and collectively. Only through cooperation and collaboration will collective learning take place. Collaboration in pairs is an interim step. Eventually, production, product design, and management practices will need to work together.

Below is a simple breakdown of the ADKAR elements for the change, “implementing a new improvement system”.

ADKAR phases Questions to consider
Awareness Awareness of the need for the new improvement system :
Why is the improvement system needed?
What are the risks of not using this improvement system?
Why is this improvement system being implemented now?
What is the general nature of this change – what does it mean to use Lean? or BPM? or Appreciative Inquiry? or Six Sigma?
Desire Desire to participate and support the new improvement system :
What are the organizational drivers causing us to bring this new improvement system into the organization?
What are my personal motivators for getting involved in Lean or BPM or Appreciative Inquiry or Six Sigma (for example)?
Knowledge Knowledge on how to use the new improvement system :
What will be my role in using the new improvement system?
What do I need to know to be successful using the new improvement system?
When will I be trained on how the new improvement system works?
Ability Ability to implement the skills and behaviours required by the new improvement system :
What exactly will I be doing differently as a result of the new system?
When will I have a chance to practice?
Where do I go for support and assistance to be successful as part of this new system?
Reinforcement Reinforcement to sustain the new improvement system :
How do I know the organization is committed to using the new improvement system?
Are senior leaders really committed to making this successful?
Will this new approach be discarded next month?

10.2 Nonconformity and Corrective Action

10.2.1 When a nonconformity occurs, including any arising from complaints, the organization must react to the nonconformity and, as applicable take action to control and correct it; and deal with the consequences. The organization must also evaluate the need for action to eliminate the causes of the nonconformity so it does not recur or occur elsewhere, by reviewing and analyzing the nonconformity,  determining the causes of the nonconformity, and determining if similar nonconformities exist, or could potentially occur. The organization must implement any action needed and review the effectiveness of any corrective action taken; It must update risks and opportunities determined during planning, if necessary, and make changes to the quality management system, if necessary. The corrective actions must be appropriate to the effects of the nonconformities encountered.

10.2.2 The organization must “retain” documented information as evidence of the nature of the nonconformities and any subsequent actions taken and results of any corrective action.

Use of “retain” indicates the documented information refers to “records” kept as evidence.

The ISO 9001:2015 requires that the organization must react to nonconformity by first controlling and correcting it, as well as, dealing with its consequences. It also adds a requirement to determine if similar nonconformities exist, or could potentially occur. A new requirement is to update the risks and opportunities determined during planning, if necessary. Another new requirement is to make changes to the quality management system, if necessary. Clause 10.2.2 adds that the documented information retained as evidence must now indicate the nature of the nonconformity and any subsequent actions taken.

Corrective action is the action taken to eliminate the cause of a detected nonconformity to prevent a recurrence, whereas preventive action is the action taken to eliminate the cause of a potential nonconformity or other undesirable situation, to prevent occurrence. The procedure  for your corrective action process must address the following control requirements:

  • Identify detected nonconformities that relate to your products, QMS processes, resources, suppliers and outsourced work, product shipped to customers, customer complaints, cost of quality reports, and Things Gone Wrong reports.
  • Define your process for identifying nonconformities and consider using appropriate problem-solving tools to determine the underlying root cause(s) of the nonconformity
  • Problem-solving tools may include analysis of failure mode, capability studies, correlation diagrams, data collection, fishbone diagram (Ishikawa diagram), histograms, Pareto analysis, probability charts, stratification of data, graphic representations, etc. Ensure that personnel applying these tools are competent and trained.

Actions taken to eliminate the cause of nonconformity must flow from your problem-solving activity. Actions may involve changes to the product, process, resources, documentation, controls, etc., or any combination of these. Conduct follow-up tests to determine whether these actions have indeed eliminated the cause(s) of the nonconformity and prevented a recurrence. You must keep appropriate records of these actions and follow-up activities. You must monitor your corrective action records on an ongoing basis, for any recurrence of the nonconformity you took corrective action on. If you found that the problem has occurred again, then perhaps your analysis of the root cause may have been incorrect or incomplete. Keep appropriate records of all corrective action steps. Ensure timely completion of any open corrective action or be prepared to provide evidence to justify its continued open status. Make your corrective action records available on request to customers and provide a summary report for management review. All nonconformities may not necessarily result in corrective action. Evaluate the significance of nonconformities in terms of their impact on operating costs, cost of nonconformity and its correction, product performance, safety, dependability, regulatory requirements, the effect on customer’s products and processes, any other risks, and customer satisfaction. Consider using cross-functional teams in such decision-making, including the involvement of your organization’s designated customer representative. Performance indicators to measure the effectiveness of the corrective action process may include a reduction in – cycle time for the correction actions, problem re-occurrence, open corrective actions, costs, and improvement in QMS productivity.

10.3 Continual Improvement

The organization must continually improve the suitability, adequacy, and effectiveness of the quality management system. The organization must consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that must be addressed as part of continual improvement.

ISO 9001:2015 requires that the results of analysis and evaluation (clause 9.1.3) and the outputs of management review (clause 9.3) are to be considered for needs or opportunities that must be addressed as part of continual improvement. Improving the “effectiveness” of the quality management system is a requirement of ISO 9001:2015, clause 8.5.1. The ISO 9001:2015 standard adds in clause 10.3 that the organization is to also improve the “suitability” and “adequacy” of the quality management system.

Continual improvement is defined as a recurring activity to increase the ability to fulfill requirements.  The ‘ability to fulfill requirements’ refers to both conforming as well as nonconforming products/processes. Conforming processes can be further improved, and nonconforming processes must be improved by taking corrective action to prevent a recurrence. Recurring activity refers to the quality improvements includes audit results, results of analysis and evaluation, and the outputs from management review, etc. The continual improvement process can be conducted by:

  • Significant breakthrough projects either revise or improve existing processes or lead to new processes. These are usually done by cross-functional teams outside routine operations (Business Process Re-engineering).
  • Small-step ongoing improvement activities conducted by personnel within existing processes (Kaizen Events).

Use of the continual improvement tools includes:

  • Audit Results – Results of product, process, and QMS audits usually provide many opportunities to improve QMS effectiveness and efficiency. Opportunities may relate to communications, information systems, processes, controls, use of resources, technology, etc. The management representative must report these opportunities to top management as included as part of the management review agenda. They can also be reported and reviewed at regular operational meetings, etc.
  • Other Audits – Besides product, process, and QMS audits, you might find it very productive to conduct financial, health and safety, environmental, technology, product profitability, social responsibility, information, and communication systems audits.
  • In using ‘result of analysis and evaluations as a tool for continual improvement, use the things gone right and Things Gone the Wrong approach to classifying your data for decision-making.
  • Examples of situations that might lead to improvement projects include machine set-up, die change, machine changeover times, cycle time, scrap, value-added use of floor space, variation in process parameters, less than 100% first run capability, process averages not centred on target values, testing requirements not justified by accumulated results, waste of labour and materials, difficult manufacture, assembly and installation of the product, excessive handling and storage, etc.

Useful tools that are often used to continually improve, include capability studies, design of experiments, risk analysis, SPC, supplier evaluation, test and measurement technology, the theory of constraints, overall equipment effectiveness, technology, benchmarking, analysis of motion/ergonomics, and error-proofing. Ensure that personnel applying these tools are competent and trained. Performance indicators to measure the effectiveness of the continual improvement process may include quality objectives being met sooner than planned, achieving and exceeding business and quality objectives, improved efficiency in the use of resources, cost reduction, improved product quality, etc.