ISO 29001:2020 Audit checklist
The following checklist can be used for both internal audits as well as Gap Analysis tools.

ISO 29001:2020 Checklist | |
Clause 4: | Context of the organization |
4.1 | Understanding the organization and its context |
1 | Has the organization determined the external and internal issues relevant to the Purpose & strategic direction of its QMS and that can affect its ability to achieve the intended results? |
2 | Does the organization monitor and review information about these external and internal issues? |
3 | While determining the internal and external issues has the organization considered positive and negative factors or conditions? |
4 | Was the understanding of the external context facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local? |
5 | Was the understanding of the internal context facilitated by considering issues arising from values, culture, knowledge and performance of the organization? |
6 | Does the organization retains documented information that demonstrates the understanding of its context? |
4.2 | Understanding the needs and expectations of interested parties |
1 | Has the organization determined the interested parties that are relevant to the QMS? |
2 | Has the organization determined the requirements of these interested parties relevant to the QMS? |
3 | Does the organization monitor and review the information about these interested parties and their relevant requirement? |
4 | Does the organization retains documented information that demonstrates the understanding of the needs and expectations of interested parties? |
4.3 | Determining the scope of the quality management system |
1 | Has the organization established the scope of its QMS? |
2 | Has the organization determined the boundaries and applicability of the QMS? |
3 | While determining the scope, has the organization determined the external and internal issues, requirements of relevant interested parties, product and services of the organization? |
4 | While determining Applicability, does the organization determine if it affects its ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction? |
5 | Does the scope state the types of products and services covered? |
6 | Does the scope give justification for any requirements that the organization determines and is not applicable to the scope of its QMS? |
7 | Is the organization’s scope made available and maintained as a Documented Information? |
8 | When requested, does the organization advises interested parties of any requirements of this document that the organization determines are not applicable to the scope of its quality management system? |
4.4 | Quality management system and its processes |
1 | Has the organization established, implemented, maintained and continually improved its QMS? |
4.4.1 | |
1 | Has the organization determined the processes needed for the QMS? |
2 | Has the organization determined the application of these process throughout the organization? |
3 | Has the organization determined the sequence and the interaction of these process? |
4 | Has the organization determined and applied the criteria and methods needed to ensure the effective operation and control of these processes? |
5 | Do these methods include the monitoring, measurement and related performance indicator? |
6 | Has the organization determined the resources needed for the organization? |
7 | Has the organization ensured the availability of the resources needed for these processes? |
8 | Has the organization assigned the responsibilities and authorities for these processes? |
9 | Has the organization addressed the risk and opportunities associated with these processes? |
10 | Has the organization evaluated these processes and implemented any changes needed to ensure that these processes achieve its intended results? |
11 | Has the organization made improvement in its processes and its QMS? |
4.4.2 | |
1 | Has the organization maintained documented information to support the operation of its processes? |
2 | Do the organization retain documented information as evidence that the processes have been carried out as planned? |
4.4.3 | |
1 | Has the organization defined the extent of documented information required to meet relevant interested parties’ requirements? |
Clause 5 | Leadership |
5.1 | Leadership and commitment |
5.1.1 | General |
1 | Does the top management demonstrate leadership and commitment by taking accountability for the effectiveness of its QMS? |
2 | Has the top management ensured that the quality policy and quality objective are established? |
3 | Is the quality policy and quality objective compatible with the context and strategic direction of the organization? |
4 | Has the organization integrated the requirements of QMS with the business processes? |
5 | Is the organization promoting the use of process approach and risk-based thinking throughout the organization? |
6 | Is the top management ensuring that the resources needed for the QMS are available? |
7 | Is the importance of the effectiveness of QMS and meeting QMS requirements communicated? |
8 | Does the top management ensure that the QMS is achieving its intended results? |
9 | Does Top Management engage, directs and supports the persons required to contribute to the effectiveness of the QMS requirements? |
10 | Is Top Management promoting improvements? |
11 | Is Top Management supporting other relevant management roles to demonstrate their leadership as it applies to their area of responsibilities? |
5.1.2 | Customer Focus |
1 | Does the Top Management demonstrate leadership and commitment by ensuring that customer and applicable statutory and regulatory requirements are determined, understood and are consistently meeting the requirements? |
2 | Are the risks and opportunities that can affect the conformity of products and services and the ability to enhance customer satisfaction are determined and addressed? |
3 | Is the focus of enhancing customer satisfaction maintained? |
5.2 | Policy |
5.2.1 | Establishing the Quality policy |
1 | Has the Top Management established, implemented and maintained a quality policy? |
2 | Is quality policy appropriate to the purpose and context of the organization and does it supports its strategic directions? |
3 | Does the Quality policy provide the framework for setting quality objective? |
4 | Does the Quality policy include the commitment to satisfy applicable requirements and to continually improvement of the QMS? |
5.2.2 | Communicating the quality policy |
1 | Is Quality policy maintained as documented information? |
2 | Is Quality policy communicated, understood and applied within the organization? |
3 | Is Quality policy appropriate and made available to the relevant interested parties? |
5.3 | Organizational roles, responsibilities and authorities |
1 | Has the Top management ensured that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization? |
2 | While assigning the responsibilities and authorities, do the top management ensure that the processes are meeting their intended results? |
4 | While assigning the responsibilities and authorities, do the top management ensure that there is the promotion of customer focus throughout the organization? |
5 | While assigning the responsibilities and authorities, do the top management ensure that performance of its QMS and opportunities for improvement are reported to them? |
6 | While assigning the responsibilities and authorities, do the top management ensure that integrity of QMS is maintained when changes to the QMS are planned and maintained? |
7 | Has the organization defined the relevant roles? |
8 | Has the organization maintained and retained documented information (record and procedure) covering responsibilities and authorities for these roles? |
Clause 6 | Planning |
6.1 | Actions to address risks and opportunities |
1 | While planning for QMS, does the organization considers the issues referred to in clause 4.1 and requirement referred to in clause 4.2? |
6.1.1 | |
1 | Has the organization determined the risks and opportunities that have to be addressed so that QMS can achieve its intended results, enhance desirable effects, prevent, or reduce undesired effects and achieve improvement? |
6.1.2 | |
1 | Has the organization planned actions to address these risks and opportunities? |
2 | Have these actions implemented and integrated into its QMS processes? |
3 | Has the organization evaluated the effectiveness of these actions? |
4 | Is the action proportionate to the potential impact on the conformity of product and services? |
6.1.3 | |
1 | For managing risks and opportunities has the organization defined techniques, tools and their application for identification and assessment of risks and opportunities, and prevention and mitigation of risks? |
2 | For managing risks and opportunities has the organization identified relevant interested parties? |
3 | For managing risks and opportunities has the organization identified sources of risk and opportunity, areas of impacts, events and their causes, and their potential consequences? |
4 | For managing risks and opportunities has the organization analysed potential risk and opportunity by determining consequences and their likelihood? |
5 | For managing risks and opportunities has the organization evaluated risk and opportunity and develop controls for them? |
6 | For managing risks and opportunities has the organization applied appropriate risk treatments and opportunity realization plans? |
7 | Has the organization maintained and retained documented information (records and procedure) to support and demonstrate the management of risks and opportunities? |
6.2 | Quality objectives and planning to achieve them |
6.2.1 | |
1 | Has the organization established quality objectives at relevant functions, levels and process needed for the QMS? |
2 | Are the quality objectives consistent with the quality policy? |
3 | Does the organization have quality objectives which are relevant to the conformity of product and services and enhancement of customer satisfaction? |
4 | Are the quality objective measurable and do they take account of applicable requirements? |
5 | Are the quality objectives monitored, communicated and updated as required? |
6 | Does the organization maintain documented information on the quality objectives? |
6.2.2 | |
1 | For achieving quality objectives do the organization determines what will be done, what resources are required, who will be responsible, when will it be completed and how are the result to be evaluated? |
6.3 | Planning for change |
1 | While determining changes for the QMS, are changes carried out in a planned manner? |
2 | While planning for change, does the organization consider the purpose of the change and their potential consequence; the integrity of the QMS; the availability of resources; and allocation and reallocation of responsibilities and authorities? |
3 | How does the organization manage risks and opportunities associated with proposed changes? |
4 | Has the organization maintained and retained documented information (records and procedure) to manage the process of change? |
7 | Support |
7.1 | Resources |
7.1.1 | General |
1 | Has the organization determined and provided the resources needed for the establishment, implementing, maintaining and continually improvement of the QMS? |
2 | Has the organization considered the capabilities and constraints of existing internal resources? |
3 | Has the organization considered what needs to be obtained from external providers? |
7.1.2 | People |
1 | Has the organization determined and provided the persons required for effective maintenance of QMS and for operation and control of its processes? |
7.1.3 | Infrastructure |
1 | Has the organization determined and maintained the infrastructure needed for the operation of its processes and to achieve conformity of product and services? |
7.1.3.1 | |
1 | Does the organization maintains and retains documented information of the processes for the determination and usage of its infrastructure to achieve conformity of products and services? |
2 | Does the documented Information addresses infrastructure to be maintained? |
3 | Does the documented Information addresses method of maintaining the infrastructure, including frequency and monitoring, that ensure infrastructure integrity to performance requirements? |
4 | Does the documented Information addresses outcome of maintenance, including applicable testing methods and acceptance criteria? |
5 | Does the documented Information addresses responsible personnel? |
7.1.3.2 | |
1 | For service-related infrastructure, does the documented information addresses usage history, repairs or redress, modifications, remanufacturing, inspection, and test activities that allow direct verification for reuse of infrastructure? |
2 | For service-related infrastructure, does the documented information addresses list of critical spare parts required by the customer and/or technical requirements including those recommended by the original equipment manufacturer? |
7.1.3.3 | |
1 | Does the organization applies risk-based maintenance which typically includes the concepts of preventive and predictive maintenance and /or reliability centred maintenance and /or mean time between failures and /or system, design and process failure mode and effects analysis and /or failure mode and criticality effects analysis and /or process control plans and/or others that are in context of the organization and its risks. |
7.1.4 | Environment for the operation of processes |
1 | Has the organization determined, provided and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services? |
7.1.5 | Monitoring and measuring resources |
7.1.5.1 | General |
1 | Has the organization determined and provided the necessary resources needed when monitoring and measuring are used to verify conformity to product and service requirement? |
2 | Are resources suitable for the type of monitoring and measurement activities undertaken? |
3 | Are resources maintained to ensure their continuing fitness? |
4 | Does the organization retains appropriate documented information (record) as evidence of fitness for the purpose of the monitoring and measurement resources? |
5 | Does the organization maintains documented information that defines the processes and controls employed to manage monitoring and measurement resources that meet the requirements? |
7.1.5.2 | Measurement traceability |
1 | Is there a requirement for measurement traceability? |
2 | Where measurement traceability is a requirement, is measurement equipment calibrated or verified at a specified interval or prior to use? |
3 | Is the calibration or done against measurements standards traceable to national or international standards? |
4 | Where no such standard is existing, are documented information retained for the basis used for calibration or verification? |
5 | Are the measuring equipment identified in order to determine their status? |
6 | Are the measuring equipment safeguarded from adjustments, damage or deteriorated that would invalidate the calibration and subsequent measurement results? |
7 | Does the organization maintains and retains documented information (records and procedure )demonstrating the conformance and measurement traceability of the measuring equipment used to determine product conformity to requirements? Does it includes some of the Common practice like a measuring equipment register? |
8 | Does documented information includes a unique identification, specific to each piece of equipment? |
9 | Does the organization determine and take appropriate action if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose? |
10 | Does the organization shall retain documented information of the action taken and of customer notification, if product(s) or services have been delivered? |
7.1.6 | Organizational knowledge |
1 | Does the organization determine the knowledge necessary for the operation of its processes and to achieve conformity of product and services? |
2 | Does the organization maintain this knowledge and make it available to the extent necessary? |
3 | While addressing changing needs and trends, does the organization considers its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates? |
7.2 | Competence |
1 | Does the organization determine the necessary competence of its employees whose work affects the performance and effectiveness of the QMS? |
2 | Does the organization ensure that its employees are competent on basis of appropriate education, training or experience? |
3 | Does the organization take applicable actions to acquire the necessary competence and evaluate the effectiveness of action taken? |
4 | Does the organization retain the appropriate documented information as evidence of competence? |
7.2.1 | |
1 | Does the organization validates the competence to the risk level associated with the task? |
2 | Does the organization maintains documented information that defines the practices employed to manage competence requirements of personnel whose responsibilities influence the achievement of quality objectives? |
3 | Does it includes developing a competence model that defines a competence catalogue, proficiency levels, criteria for attaining and maintaining proficiency, and resulting competence profiles which can include technical interviews, assessments and online training. |
7.3 | Awareness |
1 | Does the organization ensure that the persons doing work under the organization’s control are aware of its quality policy, relevant quality objectives, their contribution to the effectiveness of QMS including the benefits of improved performance and the implications of not meeting QMS requirements? |
2 | How does the organization ensures that persons doing work under the organization’s control, including external provider’s personnel, are aware of specified regulated and customer quality requirements, risk mitigations and conformity assessment requirements related to their work.? |
7.4 | Communication |
1 | Does the organization determine the internal and external communication relevant to the QMS including on what it will communicate, when to communicate, with whom to communicate, how to communicate, and who communicates? |
7.5 | Documented Information |
7.5.1 | General |
1 | Does the organization’s QMS include documents required by ISO 9001:2015 and documents determined by the organization necessary for the effectiveness of the QMS? |
7.5.2 | Creating and updating |
1 | While creating and updating documented information, does the organization ensure it is appropriate in terms of identification descriptions? |
2 | While creating and updating documented information does the organization ensure that it is in proper format and in the correct media? |
3 | While creating and updating documented information, does the organization ensure that there are appropriate review and approval for suitability and adequacy? |
7.5.3 | Control of documented information |
7.5.3.1 | |
1 | Does the organization control its documented information to ensure that it is available and suitable for use, whenever it is needed? |
2 | Is the documented information adequately protected? |
7.5.3.2 | |
1 | Is the distribution, access, retrieval and use of documented information adequately controlled? |
2 | Is the documented properly stored and adequately preserved and it is legible? |
3 | Is there control of changes (e.g. version control)? |
4 | Are their adequate control in place for retention and disposition? |
5 | Is external origin documented information necessary for planning and operation of QMS appropriately identified and controlled? |
6 | Are records protected for unintended alterations? |
7.5.3.3 | |
1 | The organization shall maintain documented information (Procedure) that defines the processes and controls used to meet the requirements of control of Documented Information? |
2 | When external specification requirements, including addenda, errata, and updates, are used in the design or manufacture of a product or service, does the organization maintain and retain documented information for the practices employed for the integration of these requirements into the related operating processes? |
Clause 8 | Operations |
1 | Does the organization plan, implement and control the processes needed to meet the requirement for the provision of product and services and to implement the action determined in clause 6? |
8.1 | Operation planning and control |
1 | Does the organization determine the requirements for the products and services? |
2 | Has the organization established criteria for the processes and acceptance of products and services? |
3 | How does the organization determine the resources needed to achieve conformity to the product and service requirements? |
4 | How does the organization implement controls of the processes in according with the criteria? |
5 | How does the organization determine, maintain and retain necessary documented information to have confidence that the processes have been carried out as planned and to demonstrate the conformity of products and services? |
6 | How does the organization control its planned changes and review the consequences of unintended changes? |
7 | How does the organization take action to mitigate any adverse effects of its unintended changes? |
8 | How does the organization ensure that outsourced processes are controlled? |
9 | When determining the requirements for the products and services, how does the organization take into account the customer’s scope? |
10 | Do the organization have documented information specifying the processes of the quality management system and the resources to be applied to a specific product, service, project or contract such as a quality plan, service quality plan or inspection and test plan? |
11 | How do the organization maintain documented information as the basis for operational process control and retain documented information to demonstrate conformance has established the controls? |
12 | How does the organization apply change management processes in respect to risks to the achievement of specified requirements and to the realization of improvement opportunities when planning the operations? |
13 | Has the organization established contingency plans as a risk treatment and in case it has does it include roles and responsibility for response, communication, immediate actions? |
8.2 | Requirements for products and services |
8.2.1 | Customer communication |
1 | Does the organization communicate with customers to provide information relating to products and services, handling enquiries, contracts or orders (including any changes)? |
2 | Does the organization obtain customer feedback relating to products and services including customer complaint? |
3 | Does the organization communicate with the customers relating to handling or controlling customer property? |
4 | Has the organization established requirements for contingency action, where required? |
8.2.2 | Determining the requirements for products and services |
1 | Has the organization determined the requirements for product and services to be offered the customer? |
2 | Are the requirements defined and does it includes applicable statutory regulatory requirements and those considered necessary by the organization? |
3 | Can the organization meet the claims for the product and services it offers? |
8.2.3 | Review of the requirements for products and services |
8.2.3.1 | |
1 | Has the organization ensured that it has the ability to meet the requirements for products and services? |
2 | Has the organization conducted a review before committing to supply product and services? |
3 | Has the organization reviewed the requirements specified by the customer, including the requirements for delivery and post-delivery activities? |
4 | Has the organization reviewed the requirements not stated by the customers but necessary for the specified or intended use when know? |
5 | Has the organization reviewed the statutory & regulatory requirements applicable to the product and services and requirements specified by the organization? |
6 | Have the organization reviewed and resolved contract or order requirements differing for those previously defined? |
7 | When the customer does not provide a documented statement of their requirement, does the organization conform to the customer’s requirements before acceptance? |
8.2.3.1.1 | |
1 | Does the organization maintain documented information (Procedure )that defines the process for the review of requirements related to the provision of products or services? |
8.2.3.2 | |
1 | Does the organization retain documented information on the results of the review and on any new requirements for the products and services? |
8.2.4 | Changes to requirements for products and services |
1 | Does the organization ensure that the relevant documented information is amended and the relevant persons are made aware of the changed requirements when the requirements for the products and services are changed? |
8.3 | Design and development of products and services |
8.3.1 | General |
1 | Has the organization established, implemented and maintain a D&D process that is appropriate to the subsequent provision of product and services? |
8.3.2 | Design and development planning |
1 | In determining the stages and controls for D&D, has the organization is taken into consideration the nature, duration and complexity of D&D activities? |
2 | In determining the stages and controls for D&D, has the organization taken into consideration the required process stages including D&D reviews? |
3 | In determining the stages and controls for D&D, has the organization taken into consideration the D& D verification and validation activities? |
4 | In determining the stages and controls for D&D, has the organization taken into consideration the responsibilities and authorities involved in the D&D process? |
5 | In determining the stages and controls for D&D, has the organization taken into consideration the external and internal resources needed? |
6 | In determining the stages and controls for D&D, has the organization taken into consideration the need to control interfaces between persons involved in D&D? |
7 | In determining the stages and controls for D&D, has the organization taken into consideration the need for involvement of customer and user? |
8 | In determining the stages and controls for D&D, has the organization taken into consideration the requirements of the subsequent provision of product and services? |
9 | In determining the stages and controls for D&D, has the organization taken into consideration the level of the control expected for the D&D by customers and other relevant interested parties? |
10 | In determining the stages and controls for D&D, has the organization taken into consideration the documented information needed to demonstrate that design and development requirement has been met? |
11 | How does the organization ensures that ensure that the required activities for managing risks and opportunities are incorporated in the design development process? |
12 | Has the organization maintained documented information (Procedure) that defines the processes used to plan and control design and development activities of products and/or services? |
8.3.3 | Design and Development inputs |
1 | Has the organization determined the essential requirements for the specific types of products and services to be designed and developed? |
2 | Does the organization consider the following functional and performance requirements; statutory and regulatory requirements; standards or code of practices that the organization has committed to implement; information derived from previous design and development activities; potential consequences of failure due to the nature of the product and services? |
3 | Does the organization ensure that the inputs are adequate for D&D purpose, complete and unambiguous? |
4 | Does the organization resolve the conflicting D&D inputs? |
5 | Are documented information for D&D inputs retained? |
6 | Has the organization included environmental and safety conditions as the Performance requirements? |
7 | Has the organization considered outputs of process of managing risks and opportunities? |
8.3.4 | Design and development controls |
1 | Has the organization applied the necessary controls to D & D processes to ensure that the result to be achieved are defined? |
2 | Has the organization conducted a review to evaluate the ability of the results of D& D to meet the requirements? |
3 | Has the organization conducted the verification to ensure that D&D meet input requirements? |
4 | Has the organization conducted the validation to ensure that the resulting product and service meet the requirements of the specified application or intended use? |
5 | Has the organization taken necessary action on the problems determined during reviews, verification or validation activities? |
6 | Has the organization retained documented information on the above-mentioned activities? |
8.3.5 | Design and Development outputs |
1 | Does the organization ensure that D&D outputs meet the input requirements? |
2 | Does the organization ensure that D&D outputs are adequate for the subsequent processes for the provision of product and services? |
3 | Does the organization ensure that D&D outputs include (or has reference) monitoring and measuring requirements and acceptance criteria? |
4 | Does the organization ensure that D&D outputs specify the characteristics of the products and services that are essential for their intended use? |
8.3.6 | Design and Development changes |
1 | Has the organization identified, reviewed and controlled changes made during, or subsequent to the D & D of the product and services to ensure that there is no averse to the impact on conformity to requirement? |
2 | Has the organization retained the documented information on D&D changes, the result of reviews, authorization of the changes and the action taken to prevent adverse impact? |
8.4 | Control of externally provided processes, products and services |
8.4.1 | General |
1 | Does the organization ensure that the externally provided processes, products and services conform to the requirements? |
2 | Does the organization determine the controls needed when the product and services from the external providers are incorporated into their own product and services? |
3 | Does the organization determine the controls needed when the product and services from the external providers are provided directly to the customer by external providers? |
4 | Does the organization determine the controls needed when the process or part of the process is provided by the external providers? |
5 | Has the organization determined and applied the criteria for selection, evaluation, monitoring of performance and re-evaluation of external providers? |
6 | Has the organization retained the documented information of these activities and any action arising out or evaluation/re-evaluation? |
8.4.2 | Type and extent of control |
1 | Does the organization ensure that the externally provided processes, product and services do not adversely affect its ability to consistently deliver conforming products and services to the customers? |
2 | Does the organization ensure that the externally provided process remains within the control of its QMS? |
3 | Has the organization defined the controls to be applied to an external provider and its resulting outputs? |
4 | Has the organization taken into consideration the potential impact of the organization’s ability to consistently meet customer and applicable statutory and regulatory requirement? |
5 | Has the organization taken into consideration the effectiveness of the controls applied by the external providers? |
6 | Has the organization determined the verification or other activities, necessary to ensure that the externally provided processes, products and services meet requirements? |
8.4.2.1 | |
1 | How does the organization assess external provider performance at planned intervals, and adjust the type and extent of controls to manage associated risks and opportunities? |
2 | Has the organization maintained documented Information (procedure ) that defines how the requirements of type and extent of control of externally provided processes, products and services are met? |
3 | How does the organization addresses the determination of the risks to the achievement of specified requirements and to the realization of improvement opportunities for the products and/or services to conformance to specified requirements? |
4 | Has the organization retained documented information (records) that demonstrates the effectiveness of verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements? |
8.4.3 | Information for external providers |
1 | Does the organization ensure the adequacy of requirements prior to their communication to the external provider? |
2 | Does the organization communicate to the external providers its requirements for the processes, products and services required? |
3 | Does the organization communicate to the external providers its requirements for the approval of the product and services; methods, processes and equipment; the release of product and services? |
4 | Does the organization communicate to the external providers its requirements for competence including any qualification of persons? |
5 | Does the organization communicate to the external providers its requirements for external provider’s interactions with the organizations? |
6 | Does the organization communicate to the external providers its requirements for control and monitoring of the external providers’ performance to be applied by the organization? |
7 | Does the organization communicate to the external providers its requirements for verification or validation activities that the organization or its customer intends to perform at the external providers’ premises? |
8.5 | Production and Service provision |
8.5.1 | Control of production and service provision |
1 | Has the organization implemented production and service provision under controlled conditions? |
2 | Are there any documented information available that defines the characteristics of the product, services or activities to be performed and the results to be achieved? |
3 | Are any suitable monitoring and measuring resources available? Are they being used? |
4 | Are monitoring and measuring activities being performed at appropriate stages? |
5 | Are competent persons (including qualification) being appointed? |
6 | Is the infrastructure and environment being used suitable for operation of processes? |
7 | Has the organization implemented any actions to prevent human error? |
8 | Has the organization implemented any release, delivery and post-delivery activities? |
9 | Where resulting output cannot be verified by subsequent monitoring or measurement, has the organization conducted validation and periodic revalidation of the process for production and service provision? |
8.5.1.1 | |
1 | For the validation and periodic revalidation has the organization considered required equipment, competence of personnel, use of specific methods, including identified operating parameters, identification of acceptance criteria and revalidation. |
2 | How does the organization maintains documented information that defines the controls used to meet the requirements of Control of production and service provision? |
3 | How does the organization retain documented information (records) to demonstrate the control effectiveness? |
8.5.2 | Identification and traceability |
1 | Has the organization used any suitable means to identify output when it is necessary to ensure the conformity of products and services? |
2 | Has the status of outputs with respect to monitoring and measuring requirements throughout the production and service provision being identified by the organization? |
3 | Has the organization controlled the unique identification of the outputs when traceability is a requirement? |
4 | Has the organization retain the documented information necessary to enable traceability, when traceability is a requirement? |
8.5.2.1 | |
1 | How does the organization maintains documented information that defines the processes used to meet the requirements of Identification and traceability? |
8.5.3 | Property belonging to customers or external providers |
1 | When property belonging to customers or external providers is under the organization’s control or being used by the organization, does the organization exercise adequate care? |
2 | Does the organization identify, verify, protect and safeguard customers’ or external providers’ property? |
3 | When the property or the customer or external provider is lost, damaged or otherwise, fount to be unsuitable for use, does the organization report this to the customer or external provider? Does the organization retain documented information on what has occurred? |
8.5.3.1 | |
1 | How does the organization maintains documented information that defines the processes that are used to meet the requirements of Property belonging to customers or external providers? |
8.5.4 | Preservation |
1 | Does the organization preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements? |
2 | Does the organization maintains documented information (Procedure ) for risk-based preservation? |
3 | Does the documented information defines the methods used to preserve products, including environment controls , and constituent parts throughout operations, delivery to the intended destination, and/or service delivery, in order to maintain conformity to requirements? |
Does the documented information defines the storage areas designated to prevent damage or deterioration of product and constituent parts, pending use or delivery? | |
4 | Does the documented information defines the type and frequency of assessment, appropriate to the product being assessed, to detect deterioration? |
5 | Does the documented information defines the identification and traceability marks, transportation, handling, packaging, and protection requirements, as applicable? |
Post-delivery activities | |
8.5.5 | |
1 | Does the organization meet requirements for post-delivery activities associated with the product and services? |
2 | In determining the extent of post-delivery activities does the organization considers the statutory & regulatory requirements; the potential undesired consequences associated with its product and services; customer requirement & feedback; nature, use and intended lifetime of its product and services? |
8.5.6 | Control of change |
1 | Do the organization conduct review and control changes for production or service provision to ensure continuing conformity with requirements? The changes for production or service provision includes a) the organizational structure; b) key or essential personnel; c) critical providers; d) design; e) the management system. |
2 | How does the organization notify customers where changes impact product and/or services to be delivered to the customer? |
3 | Does the organization retain documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review? |
4 | How does the organization reviews changes resulting from assessments of risks and opportunities and corrective actions? |
5 | When specified how does the the organization notifies the customer of the effect of changes on residual or new risks? |
8.6 | Release of products and services |
1 | Has the organization implemented planned arrangements, at appropriate stages, to verify that the product and service requirements have been met? |
2 | Does the organization ensure that the release of product and service proceed only after the planned arrangement is satisfactorily completed or approved by the relevant authority and as applicable by the customer? |
3 | Does the organization retain the documented information on the release of products and services and it includes information relating to the evidence of conformity with the acceptance criteria; traceability of the person authorizing the release? |
4 | How does the organization maintains documented information that defines the processes that are used to meet the requirements of Release of products and services? |
8.7 | Control of nonconforming outputs |
8.7.1 | |
8.7.1 | |
1 | Does the organization ensure that the outputs which do not conform to their requirements are identified and controlled to prevent their unintended use or delivery? |
2 | Is the action appropriate to the nature of the nonconformity and its effect on the conformity of products and services? |
3 | Do the organization also consider nonconforming product and services detected after delivery of products, during and after the provision of services? |
4 | When non-conforming products and services are detected does the organization take correction action and/or segregation, containment, return, or suspension of the provision of product & services and/or informing the customer and/or obtaining authorization for acceptance under concession? |
5 | How are the Conformity to the requirements shall be verified when nonconforming outputs are corrected? |
8.7.1.1 | |
1 | How does the organization maintains documented information that defines the processes that are used to meet the requirements of Control of nonconforming outputs? |
8.7.2 | |
1 | Does the organization retain documented information that describes the nonconformity; describes the actions taken; describes any concession obtained; identifies the authority deciding the action in respect of the nonconformity? |
Clause 9 | Performance evaluation |
9.1 | Monitoring, measurement, analysis, and evaluation |
9.1.1 | General |
1 | Did the organization plan how to monitor, measure, analyze, and evaluate its QMS? |
2 | Did the organization plan how to monitor QMS performance and effectiveness? |
3 | Did the organization figure out what needs to be monitored and select methods? |
4 | Did the organization determine its QMS monitoring requirements? |
5 | Does the organization select monitoring methods that can produce valid results? |
6 | Did the organization establish when monitoring should be done and who should do it? |
7 | Did the organization plan how to measure QMS performance and effectiveness? |
8 | Did the organization figure out what needs to be measured and did the organization select methods? |
9 | Did the organization determine its QMS measurement requirements? |
10 | Does the organization select measurement methods that can produce valid results? |
11 | Did the organization establish when measuring should be done and who should do it? |
12 | Did the organization plan how to analyze QMS performance and effectiveness? |
13 | Did the organization select analytical methods that are capable of producing valid results? |
14 | Did the organization decide when monitoring and measurement results are analyzed? |
15 | Did the organization plan how to evaluate QMS performance and effectiveness? |
16 | Did the organization select evaluation methods that are capable of producing valid results? |
17 | Did the organization decide when monitoring and measurement results are evaluated? |
18 | Do the organization monitor, measure, analyze, and evaluate the organization’s QMS? |
19 | Does the organization monitor the performance and effectiveness of the organization’s QMS? |
20 | Do the organization record monitoring results and does the organization retain and control these records? |
21 | Does the organization measure the performance and effectiveness of the organization’s QMS? |
22 | Do the organization record measurement results and does the organization retain and control these records? |
23 | Does the organization analyze the performance and effectiveness of its QMS? |
24 | Do the organization record analytical results and does the organization retain and control these records? |
25 | Does the organization evaluate the performance and effectiveness of its QMS? |
26 | Do the organization record evaluation results and does the organization retain and control these records? |
9.1.2 | Customer satisfaction |
1 | Does the organization establish methods that the organization can use to monitor customer perceptions? |
2 | Does the organization figure out how the organization is going to obtain information about how customers feel about how well it is meeting their needs and expectations? |
3 | Does the organization figure out how the organization is going to review information about how customers feel about how well it is meeting their needs and expectations? |
4 | Do the organization monitor how well customer needs and expectations are being fulfilled? |
5 | Do the organization monitor how the organization’s customers feel about how well the organization is meeting their needs and expectations (do the organization monitor the organization’s customers’ perceptions)? |
6 | How does the organization maintains documented information that defines the process employed to measure customer satisfaction? |
9.1.3 | Analysis and evaluation |
1 | Does the organization analyze its monitoring and measurement results? |
2 | Does the organization analyze and evaluate appropriate data and information? |
3 | Does the organization use its analytical results to evaluate performance? |
4 | Does the organization evaluate the performance of its QMS? |
5 | Does the organization determine if it needs to improve its performance? |
6 | Does the organization evaluate the performance of its external providers? |
7 | Does the organization use its analytical results to evaluate effectiveness? |
8 | Does the organization evaluate the effectiveness of its QMS? |
9 | Does the organization determine if it needs to improve its effectiveness? |
10 | Does the organization evaluate the effectiveness of its planning? |
11 | Does the organization determine if its plans were effectively implemented? |
12 | Does the organization evaluate the effectiveness of its actions? |
13 | Does the organization evaluate the effectiveness of actions taken to address risks? |
14 | Does the organization evaluate the effectiveness of actions taken to address opportunities? |
15 | Does the organization use its analytical results to evaluate conformity? |
16 | Does the organization evaluate the conformity of products and services? |
17 | Does the organization use its analytical results to evaluate satisfaction? |
18 | Does the organization evaluate the degree of customer satisfaction? |
19 | How does the organization maintain documented information that defines the process for the identification, collection and analysis of data to demonstrate the suitability and effectiveness of the quality management system? |
20 | Does the analysis includes include data generated from monitoring and measurement, internal audits, management reviews, and other relevant sources? |
9.2 | Internal Audit |
9.2.1 | |
1 | Does the organization conduct internal audits at planned intervals? |
2 | Did the organization plan a program that can find out if QMS meets the Organization’s own requirement and ISO 9001:2015 requirements? |
3 | Did the organization plan a program that can find out if QMS is effectively implemented and maintained? |
9.2.2 | |
1 | Did the organization plan, establish, implement, and maintain an audit program? |
2 | Did the audit program include the frequency, methods, responsibilities, planning requirements, and reporting? |
3 | Does the audit program take into consideration the importance of the process concerned, changes affecting the organization, and the results of previous audits? |
4 | Did the organization define the audit criteria and scope of each audit? |
5 | Does the organization ensure that the audit is conducted by the auditors to ensure objectivity and impartiality of the audit process? |
6 | Does the organization ensure that the results of the audits are reported to relevant management? |
7 | Does the organization take appropriate correction and corrective action without undue delays? |
8 | Does the retain documented information as evidence of the implementation of the audit program and the audit results? |
9.2.3 | |
1 | How does the planned intervals of internal audits takes into consideration the risks and opportunities associated with the process of Operational planning and control and the results of performance evaluation? |
9.3 | Management review |
9.3.1 | General |
1 | Does the Top Management review the organization QMS at planned intervals? |
2 | Does the review ensure QMS’s continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization? |
9.3.2 | Management review inputs |
1 | Does the review take into consideration the status of actions from previous management reviews? |
2 | Are the changes in external and internal issues relevant to QMS considered? |
3 | Does the review take into consideration information on the performance and effectiveness of the QMS? |
4 | Does the review take into consideration customer satisfaction and feedback from relevant interested parties? |
5 | Does the review take into consideration the extent to which the quality objectives have been met? |
6 | Does the review take into consideration the process performance and conformity of products and services? |
7 | Does the review take into consideration nonconformities and corrective actions? |
8 | Does the review take into consideration monitoring and measuring results? |
9 | Does the review take into consideration audit results? |
10 | Does the review take into consideration the performance of external providers? |
11 | Does the review take into consideration the adequacy of resources? |
12 | Does the review take into consideration the effectiveness of actions taken to address risks and opportunities? |
13 | Does the review take into consideration the opportunities for improvement? |
9.3.3 | Management review outputs |
1 | Do the outputs of the Management review include decisions and actions related to the opportunities for improvement; any need for changes to the QMS; and resources needed? |
2 | Does the organization retain documented information as evidence of the result of the management review? |
Clause 10 | Improvement |
10.1 | General |
1 | Has the organization determine and select opportunities for improvement? |
2 | Has the organization implemented any necessary action to meet customer requirements and enhance satisfaction? |
3 | Has the organization taken action for improving products & services to meet requirements as well as to address future needs and expectations? |
4 | Has the organization taken action for correcting, preventing, or reducing undesired effects? |
5 | Has the organization taken action for improving the performance and effectiveness of the QMS? |
10.2 | Nonconformity and corrective action |
1 | When any nonconformity (including complaints) occurs, does the organization take action to control and correct it and deal with the consequences? |
2 | When any nonconformity (including complaints) occurs, does the organization evaluate the need for action to eliminate the causes of the nonconformity? |
3 | Does the organization reviews and analyzes the nonconformity? |
4 | Does the organization determine the causes of the nonconformity? |
5 | Does the organization determine similar nonconformity exist or could potentially occur? |
6 | Has the organization implemented any action needed? |
7 | Has the organization reviewed the effectiveness of the corrective action taken? |
8 | Has the organization updated risk and opportunities determined during planning if necessary? |
9 | Has the organization made changes to the QMS if necessary? |
10 | Are the corrective actions appropriate to the effects of the nonconformities encountered? |
10.2.2 | |
1 | Does the organization retain documented information on the nature of the nonconformities and any subsequent actions taken; and the result of any corrective action? |
2 | How does the organization maintains documented information that defines the processes that are used to meet the requirements of Nonconformity and corrective action? |
10.3 | Continual improvement |
1 | Does the organization continually improve the suitability, adequacy, and effectiveness of the QMS? |
2 | Does the organization consider the results of analysis and evaluation, and output from management review to determine if there are needs or opportunities to be addressed as part of continual improvement? |
10.3.1 | |
1 | Does the implementation of improvements shall be subject to management of change processes in accordance with planning of change? |
2 | How does the organization maintains documented information that defines the processes that are used to meet the requirements of Continual improvement? |
3 | Does the organization retains documented information to demonstrate its effectiveness? |