9.1 Monitoring, measurement, analysis, and evaluation

9.1.1 General

The Requirement

The organization should determine what needs to be monitored and measured. It must also determine the methods for monitoring, measurement, analysis, and evaluation needed to ensure valid results. When the monitoring and measuring must be performed. Also when the results from monitoring and measurement must be analyzed and evaluated. The organization should also evaluate the performance and effectiveness of the quality management system. It must retain appropriate documented information as evidence of the results.

Checklist Questions

1. Show how does the organization determines what needs to be monitored and measured?
2. Show how does the organization determines what methods for monitoring, measurement, analysis, and evaluation to ensure valid results?
3. Show how does the organization determines what to perform monitoring and measuring?
4. Show how does the organization determines what results shall be analyzed and evaluated?
5. What documented information can you show that monitoring and measurement activities have been implemented in accordance with determining requirements?
6. Show how the organization evaluates the quality performance and the effectiveness of the QMS.

Implementation Guidelines

1. The organization must plan and implement processes that monitor, measure, analyze and evaluate the health of your QMS. The focus of these processes must be on product/service conformity, process conformity, and improving QMS effectiveness.
2. You must monitor your processes:
   a) First to determine and establish the capability of new processes to conform to requirements.
   b) And secondly, to monitor these processes over time to verify ongoing stability and capability to meet requirements.
   c) And thirdly to determine and achieve levels of continual improvement
3. The monitoring and measurement techniques, sampling plans, acceptance criteria should be documented or referenced in your quality plan, or you could use a combination of specific practices, procedures, documents and methods.

 9.1.2  Customer Satisfaction

The Requirement

The organization should monitor customer perceptions of the degree to which their needs and expectations have been fulfilled and must determine the methods for obtaining, monitoring, and using this information. Some of the methods by which monitoring of customer perceptions can include customer surveys, customer feedback on delivered products or services, meetings with customers, market-share analysis, compliments, warranty claims, and dealer reports.

Checklist Questions

1. How does the organization monitor customer perception of the degree to which requirements have been met?
2. How does the organization obtain information relating to customer views and opinions of products and services?
3. What are the methods for obtaining and using this information?

Implementation Guidelines

1. Information related to customer views can include customer satisfaction or opinion surveys, customer data on delivered products or services quality, market share analysis, compliments, warranty claims, and dealer reports.
2. Customer requirements may relate to the design, manufacture, delivery, servicing, and support of the product, QMS, communication, and financial requirements, etc.
3. The organization should consider both external as well as internal customer satisfaction. The organization must monitor trends in customer satisfaction indicators and use these as a baseline for continual improvement.

9.1.3 Analysis and Evaluation

The Requirement

The organization should analyze and evaluate appropriate data and information arising from monitoring and measurement. Use the results of the analysis to evaluate the conformity of products and services, the degree of customer satisfaction, the performance and effectiveness of the quality management system. The organization must also evaluate if planning has been effectively implemented and the effectiveness of actions taken to address risks and opportunities. The performance of external providers and the need for improvements within the quality management system must also be evaluated. Methods to analyze data can include statistical techniques.

Checklist Questions

1. Show how does the organization analyze and evaluates data and information arising from monitoring, measurement, and other sources.
2. Show how the output of analysis and evaluation is used to:
   a) Demonstrate conformity of products and services to requirements?
   b) Assess and enhance customer satisfaction?
   c) Ensure conformity and effectiveness of the QMS?
   d) Demonstrate that planning has been successfully implemented?
   e) Assess process performance?
   f) Assess the performance of external providers?
   g) Determine the need or opportunities for improvements within the QMS?
3. Show me where the results of analysis and evaluation are used to provide inputs to management review.

Implementation Guidelines

1. You must collect and analyze QMS data that relate to the performance, effectiveness, and efficiency of products, services, QMS processes, production output, external provider (supplier) performance, use of resources, cost of poor quality, customer satisfaction, etc.
2. You must sort and summarize the data you collect into things gone right and things that have gone wrong and present them separately. Management can then focus on continual improvement of things gone right and take corrective action on things gone wrong.
3. A summary of QMS performance data must be included in your periodic management review.

9.2 Internal Audit

The Requirement

9.2.1

The organization should conduct internal audits at planned intervals to provide information on whether the quality management system conforms to the organization’s own requirements, the requirement of ISO 9001:2015 standards and is effectively implemented and maintained

9.2.2

The organization must plan, establish, implement, and maintain an audit program, which must include frequency, methods, and responsibilities, planning requirements, and reporting. While making an audit program, consideration must be given to the importance of concerned processes, changes impacting the organization, and the results of previous audits. It must define audit criteria and scope for each audit. It must select auditors and conduct audits for the impartial and objective audit process. It must ensure the results of audits are reported to relevant management. it must take necessary correction and corrective actions without undue delay. It must retain evidence of audit program implementation and audit results.

Checklist Questions

1. Are internal audits being conducted at planned intervals? Do they determine whether the QMS conforms to the requirements of ISO 9001 and to the other requirements established by Organization? (Review records to demonstrate conformance)
2. Do they determine whether the QMS is effectively implemented and maintained? (Review records)
3. Can you show audit programme(s) that takes into consideration the quality objectives, importance of the processes, customer feedback, changes impacting the organization, and the results of previous audits?
4. What are the audit criteria and scope for the audit?
5. Can you demonstrate that selection of auditors and the conduct of audits are objective and impartial and that auditors don’t audit their own work?
6. How are audit results reported to relevant management?
7. Can you demonstrate that necessary correction and corrective actions are taken without undue delay?
8. Can you show documented information about the audit program and the audit results?

Implementation Guidelines

1. The audit process must address the responsibilities for conducting the audits, ensuring independence, recording results, and reporting to management.
2. Audits obtain objective evidence of conformity with requirements. The evidence must be based on fact and may be obtained through observation, measurement, test, or by other means. Evaluating the extent to which audit criteria are fulfilled involves an assessment of both implementation and effectiveness.
3. The scope of your internal audit program must cover the
   a) Audit of operation processes to determine conformity of product/services and their processes to customer and applicable regulatory requirements.
   b) Audit of the QMS to determine conformity to the ISO 9001 standard and organizational requirements.
   c) Audit of QMS processes and their interaction to determine if the QMS has been effectively implemented and maintained
4. In determining the time frame for your audit program, you should consider organization size, the complexity of product and processes, the health of the QMS, customer, registrar, and regulatory requirements, etc. The most common time frame is six months.
5. Consider adjusting the audit frequency and perhaps even the audit scope, of specific processes or group of processes, when:
   a) You experience internal or external nonconformities.
   b) Get customer complaints.
   c) Have critical or high-risk processes.
   d) Have frequent or significant changes to processes and products.
6. During the audit, auditors should ensure that the objectivity and impartiality of the audit are not compromised. Auditors cannot audit their own work.

9.3 Management Review

The Requirement

9.3.1 General 

The Top Management of the organization should review the Organization’s QMS at planned intervals to ensure its continuing suitability, adequacy,  effectiveness and it should be aligned with the strategic direction of the organization.

9.3.2 Management review inputs

Plan and carry out management review considering the status of actions from previous management reviews, changes in external and internal issues relevant to QMS, the adequacy of resources, opportunities for improvement, and the effectiveness of actions taken to address risks and opportunities as explained in clause 6.1. The organization must also consider information on quality performance and effectiveness, including trends in non-conformities and corrective actions, customer satisfaction and feedback from relevant interested parties, Monitoring and measurement results, Audit results, the extent to which quality objectives have been met, process performance, conformity of product and services, the performance of  external providers 

9.3.3 Management review outputs

Outputs from the management review must include decisions and actions related to opportunities for improvement, any need for changes to QMS, and resource needs. The organization should retain documented information as evidence of the results of management reviews.

Checklist Questions

1. What is the frequency that top management reviews the organization’s QMS? How is the QMS deemed suitable, adequate, and effective?
2. What kinds of information are reviewed in management reviews? Do they include:
   a)     actions status of previous reviews;
   b)     changes to internal/external issues relevant to the QMS;
   c)     issues that affect strategy;
   d)     KPIs for nonconformities and corrective actions;
   e)     monitor and measurement of results;
   f)      audit results;
   g)     customer satisfaction;
   h)     issues concerning external providers;
   i)      issues concerning other relevant parties;
   j)      adequacy of resources and effectiveness of QMS;
   k)     process performance;
   l)      conformity of products and services;
   m)   actions are taken to address risks and opportunities and their effectiveness;
   n)     new potential opportunities for continual improvement.
3. Show that management reviews include decisions and actions relating to:
   a)     Continual improvement opportunities;
   b)     The need for changes to the QMS including resource needs.
4. Show what documented information you have as evidence of management reviews.

Implementation Guidelines

1. Though not required by the standard, there should be a procedure for management review as it has specific requirements for management review inputs, value-adding review activities, and outputs. The procedure should address the frequency, schedule, quorum, and agenda for review meetings to be attended by top management.
2. For the management review process itself to be effective, top management must plan the review of all agenda items with some regularity and take timely action to change or improve any part of it, including the quality policy and objectives.
3. The Top Management can incorporate QMS agenda items into regular monthly or quarterly operational meetings.
4. Management review input should preferably be in summary form, showing QMS and operational performance measured against the business and quality plans, customer and regulatory objectives, and goals.
5. Review decisions and actions must relate to improving products and processes or even creating new ones, providing more resources or perhaps improving the efficiency of existing resources, improving QMS controls, objectives, improving overall QMS effectiveness and customer satisfaction.
6. Responsibilities and timelines should accompany these decisions and actions.
7. The performance of these actions must be followed up at subsequent management review meetings.
8. You must also identify what specific documents are needed for effective planning, operation, and control of this process. These documents may include – a documented information, review on, schedule, agenda, and action forms, etc., combined with unwritten practices, procedures, and methods.
9. Management review records must include topics discussed, decisions, responsibilities for corrective or improvement actions and related timelines, provision of resources, and follow-up actions from previous management reviews.

Documented Information if applicable

1. Problem Analysis Report
2. Customer Satisfaction Survey Form
3. Customer Complaint Register
4. Annual Internal Audit Plan
5. Internal Audit Schedule
6. Internal audit report
7. List of internal auditor
8. Management Review Meeting record

8.1 Operational Planning and Control

The Requirement

The Organization should plan, implement, and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1 by determining product and services requirements; establishing criteria for the processes and for the acceptance of products and services; determining the resources needed to achieve conformity to product and service requirements; implement control of the processes in accordance with the criteria; determining, maintaining and retain documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate the conformity of products and services to requirements. The output of this planning should be suitable for the organization’s operations. The organization should control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. The organization should ensure outsourced processes are controlled in accordance with 8.4.

Checklist Questions

1. How are processes needed to meet requirements for the provision of products and services planned, implemented, and controlled?
2. How are requirements for products and services determined?
3. How are the criteria for processes and acceptance for products and services determined?
4. How are resources determined?
5. How is process control implemented?
6. Show the documented information that shows confidence in that the processes have been carried out as planned and can demonstrate the conformity of products and services.
7. How the organization does determine that the output from the planning process is suitable for its operations?
8. How does the organization control planned changes? How are the consequences of unintended changes reviewed? What action is taken to mitigate any adverse effects?
9. How are outsourced processes controlled?

Implementation Guidelines

1. The focus of clause 8.1 is on controls governing the making of products to meet customer requirements and all the QMS processes that, directly or indirectly, make this happen. Operation processes may include customer-related processes (sales and marketing), design and development, production, shipping, receiving, packaging, measurement, and monitoring of product and processes, etc., whether performed onsite or off-site.
2. The output of Operation planning may be implemented in many different ways such as product /project quality plan, drawings, machine set-up, inspection criteria, process sheets, etc. These must be readily available to those performing these processes.
3. Quality plans should include the processes needed, process sequence and control parameters, specific resources needed to make, verify and deliver the product, product acceptance criteria and quality objectives, product, and process monitoring, and measurement control plans to control and correct any product or process nonconformities, reference to support processes, documents needed such as work instructions or engineering specifications, etc. and details of records to be kept.
4. You must also identify what specific documents are needed for effective planning, operation, and control of production processes. These documents may include contracts, specifications, orders, product quality plans, work instructions, a documented procedure, etc., combined with unwritten practices, procedures, and methods.
5. Quality objectives may include defect rates, scrap rates, etc. Requirements or criteria for the product may include physical properties, dimensional, functional, etc, and their related measurements, tolerances, and acceptance levels. In many instances, depending on the nature of the product, the customer may specify objectives and requirements, and criteria for the product realization processes as well.
6. Steps to Operation planning may include a)    Create a quality plan for a product or service to describe how the QMS will be modified and applied to all operations. Such a plan could include or reference procedures and records to be maintained and analyzed. b)    Consider using the product design and development process approach for designing processes. This is a requirement in the automotive industry. It has become a best practice demonstrated in many organizations even though ISO 9001 does not explicitly require adherence to the design and development requirements for internal process designs. This enhances both the effectiveness and the efficiency of processes. c)    Identify key performance measures for both products and processes and align them with your quality and business objectives.

8.2 Determination of Requirements for Products  and Services

The Requirement

8.2.1 Customer Communication

The organization must establish the processes for communicating with customers to provide information relating to products and services; inquiries, contracts, or order handling, including changes;  obtaining customer feedback relating to product and services including customer complaints; handling or controlling customer property, and establishing specific requirements for contingency actions, when relevant.

8.2.2 Determination of Requirements related to Products and Services

The organization must ensure while determining the requirements for the products and services to be offered to customers that the product and service requirements (including those considered necessary by the organization), and applicable legal requirements, are defined. The organization must also ensure that it has the ability to meet the defined requirements and substantiate the claims for the products and services it offers.

8.2.3 Review of Requirements for Product and services

8.2.3.1 The organization must ensure that it has the ability to meet the requirements for products and services to be offered to customers. The organization shall conduct a review before committing to supply products and services to a customer. The review should include the requirements specified by the customer, including the requirements for delivery and post-delivery activities; requirements not stated by the customer, but necessary for the specified or intended use, when known, requirements specified by the organization, statutory and regulatory requirements applicable to the products and services, contract or order requirements differing from those previously expressed. The organization must ensure that contract or order requirements differing from those previously defined are resolved.  When the customer does not provide a documented statement of their requirements, the organization must confirm them before accepting them.  In some situations, such as internet sales, when a formal review is impractical for each order, the review can cover relevant product information, such as catalogs.

8.2.3.2 The organization should retain documented information on the results of the review and on any new requirements for the products and services.

8.2.4 Changes to requirements for products and services

The organization should ensure that relevant documented information is amended, and those relevant persons are made aware of the changed requirements. when the requirements for products and services are changed.

Checklist Questions

1. What are the processes for communicating with customers? How does the organization communicate information relating to Products, Services, Enquiries, Contracts, Order handling, Customer views, perceptions and complaints, Handling or treatment of customer property, Specific requirements for contingency actions?
2. What is the process to determine the requirements for products and services to be offered to potential customers? How this process is established, implemented, and maintained?
3. How does the organization define product and service requirements including statutory and regulatory requirements?
4. How do you ensure that you have the ability to meet the defined requirements and substantiate any claims for your products and services?
5. How the organization does review customer requirements for delivery and post-delivery?
6. How the organization does review requirements necessary for customers’ specified or intended use, where known?
7. How the organization does review additional statutory and regulatory requirements applicable to products and services?
8. How the organization does review any other contract or order requirements?
9. Show that the review is conducted prior to your commitment to supply products and services to your customers. How do you resolve contract or order requirements which differ from those previously defined?
10. How does the organization confirm customer requirements where the customer does not provide a documented statement?
11. What documented information is retained which describes the results of the review including any new or changed requirements?
12. Show the documented information containing changes to products and services. How do you ensure that relevant personnel is made aware of those changes?

Implementation Guidelines

1. This Customer’s communication must include information related to the products or services, handling inquiries, contracts or orders, customer feedback, handling and controlling customer property, and, if needed, establishing specific requirements for contingency actions. Ensure that the customer has a clear written quotation and specification relating to the product/ services they want. Communication with customers needs to ensure is that customer requirements and other requirements for the product or service are clearly understood.
2. To avoid customer complaints or dissatisfaction, even for “requirements” that are not clearly stated (e.g., regulatory requirements or marketplace norms), the organization should consider a comprehensive understanding of customer requirements, perhaps even performing Risk assessment on the processes.
3. Clause 8.2.2 requires the organization to determine the requirements related to its products and services. This includes a) Establishing a process for determining the requirements for the products offered to potential customers. b) Determining requirements of the customer, For the organization, and from applicable statutes and regulations. c)Determining that the organization has the ability to meet the requirements and substantiate claims related to its products and services
4. It is recommended that you maintain documented information to describe the process for the determination of all aspects of product and service requirements. The documented information should include both product requirements specified by the customer and product requirements not specified by the customer but necessary for intended or specified use. Also, unique regulatory and statutory requirements should be considered as well as commercial terms and conditions.
5. The organization must review the requirements of products and services, which include:         a) Customer-specific requirements for the product or service, including any requirements for delivery or post-delivery actions. b) Requirements are known to be needed by the organization even though not specified by the customer. c) Applicable statutory and regulatory requirements applying to the product or serviced) Requirements of the final contract or order differing from those previously provided by or discussed with the customer
6. Changes are required to be controlled and documented information updated to ensure that changes are properly included in documented information. When changes to product requirements, orders, contracts, or quotations occur, the organization is required to ensure that relevant documented information is amended and communicated, as appropriate, within the organization.

 8.3 Design and Development of Products and Services

The Requirement

8.3.1 General

The organization should establish, implement, and maintain a design and development process. such that they are adequate for subsequent production or service provision.

8.3.2 Design and Development Planning

While planning for design and development, the organization must consider the following  in determining the stages and controls for design and development:

1. nature, duration, and complexity of the design and development activities;
2. the required process stages, including applicable design and development reviews;
3. the required design and development verification and validation activities; 
4. the responsibilities and authorities involved in the design and development process;
5. the internal and external resource needs for the design and development of products and services;
6. the need to control interfaces between persons involved in the design and development process;
7. the need for involvement of customers and users in the design and development process;
8. the requirements for the subsequent provision of products and services; 
9. the level of control expected for the design and development process by customers and other relevant interested parties;
10. the documented information needed to demonstrate that design and development requirements have been met

8.3.3 Design and Development Inputs

The organization must determine the requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements; applicable legal requirements; information derived from previous similar design and development activities;  standards or codes of practice the organization has committed to implement;  potential consequences of failure due to the nature of products and services;  Ensure inputs are adequate for design and development purpose, complete, and unambiguous. Resolve conflicts among Design and Development inputs.

8.3.4 Design and Development Controls

The organization should apply controls to the design and development process to ensure that results to be achieved by the design and development activities are clearly defined; Design and development reviews are conducted as planned; Verification activities are conducted to ensure that the design and development outputs have met the design and development input requirements; Validation activities are conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known). The organization must take any necessary actions on the problems determined during the reviews, or verification and validation activities. The organization must maintain any documented information of these activities. Design and development reviews, verification, and validation have distinct purposes. They can be conducted separately or in any combination. as is suitable for the products and services of the organization.

8.3.5 Design and Development Outputs

The organization must ensure that design and development outputs meet the input requirements for design and development. They should be adequate for the subsequent processes for the provision of products and services. They must include or have a reference of monitoring and measuring requirements, and acceptance criteria, as applicable. They must ensure products to be produced, or services to be provided, are fit for the intended purpose and their safe and proper use. The organization must retain the documented information resulting from the design and development process.

8.3.6 Design and Development Changes

The organization should identify, review and control changes made (during the design and development of products and services, or subsequently) to design inputs and design outputs to the extent that there is no adverse impact on conformity to requirements. The organization must retain documented information on design and development changes, the result of the review, the authorization of changes, and action is taken to prevent adverse impact.

Checklist Questions

1. Where detailed requirements of the products and services are not already established or defined by the customer or other parties, how does the organization establish, implement and maintain a design and development process?.
2. When determining the stages and control for design and development, show how does the organization consider: a) The nature, duration, and complexity of the activities;b) Requirements that specify particular process stages including applicable reviews;c) Required verification and validation; d) Responsibilities and authorities;e) How interfaces are controlled between individuals and parties; f) The need for involvement of customer and user groups.
3. Show the documented information that confirms design and development requirements have been met.
4. Can you show me how does the organization determines the requirements essential for the type of products and services being designed and developed, including Functional & performance requirements as applicable?
5. Can you show me how does the organization determine the Statutory & regulatory requirements;
6. Can you show me how does the organization determines the Standards or codes of practice where there is a commitment to implement?
7. Can you show me how does the organization determine the Internal and external resources needed for
8. Can you show me how does the organization determines the design and development of products and services?
9. Can you show me how does the organization determines the Potential consequences of failure?
10. Can you show me how does the organization determines the level of control expected of the design and development process by customers and other relevant parties?
11. How the organization does determine that inputs are adequate, complete, and unambiguous for design and development? How do you resolve conflicts among inputs?
12. How do controls that are applied to the design and development process ensure: a) Results achieved by design and development activities are clearly defined? b) Design and development reviews are conducted as planned? c) Outputs meet the input requirements by verification/ Validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use when known?
13. How do you ensure that design and development outputs meet the input requirements for design and development?
14. How do you ensure that design and development outputs are adequate for the subsequent processes for the provision of products and services?
15. How do you ensure that design and development outputs include or reference monitoring and measuring requirements, and acceptance criteria, as applicable?
16. How do you ensure that design and development outputs ensure products to be produced, or services to be provided, are fit for the intended purpose and their safe and proper use?
17. Show me the documented information which results from the design and development process.
18. How do you review, control and identify changes made to the design inputs and outputs during the design and development of products and services ensuring no impact on conformity to requirements?
19.  Show me the documented information for design and development changes.

Implementation Guidelines

1. The scope of your design and development activity must consider all aspects of the product and product realization processes to ensure its conformity to requirements. This includes product identification, handling, packaging, storage, and protection during internal processing and delivery to the customer. This clause is equally applicable for designing and developing manufacturing processes. It is required to include the following: a) Planning to determine design stages considering activities such as verification and validation, control of design interfaces, design review, resources needed for design and development, customer involvement, and the documented information needed to confirm that input requirement are met. b) Determination of the design and development inputs required, including such things as functional requirements, regulatory and statutory requirements, applicable standards or codes, information from earlier projects, and potential consequences of failure. Conflicting requirements are required to be resolved. c) Design and development controls, including clear delineation of the results to be achieved, planning and conducting design and development reviews and verification activities to ensure design outputs meet input requirements, and validation to ensure the products and services meet the requirement for the application intended.d) Design and development outputs are required to meet input requirements, to be adequate for subsequent processes in the provision of the product or service, and to ensure the products and services are fit for their intended purpose. e)Design and development changes are required to be identified, reviewed, and controlled. This includes changes to design inputs or outputs. Controls are required to ensure that changes do not have an impact on the products and service conformity. f)The organization is required to retain documented information resulting from the design and development process, including design and development changes.
2. D& D Requirements need to be established review, verification, and validation into the D & D project. The organization needs to determine how communications will be structured e.g., weekly meetings, periodic reports, or other methods.
3. One must take a multi-disciplinary approach that includes as needed, other functions (besides design) such as quality, engineering, purchasing, sales, tooling, production, etc. Your plan must clearly identify these other functions and their specific role and responsibilities regarding the project. Consider including customer and supplier personnel at appropriate stages to do work and review results or progress
4. D& D plan must specify the D & D stages, activities and tasks, responsibilities, timeline and resources, specific tests, validations, and reviews, and outcomes. There are many tools available for planning ranging from a simple checklist to complex software. The degree and details of planning may vary according to size and length of contract or project, complexity, risk, product life, customer and regulatory requirements, past experience with a similar product, etc.
5. D & D plans must be dynamic and updated as requirements and circumstances change. The organization must track progress against the D & D plan at regular intervals or project milestones and update the plan as the activity progresses. It must include methods to communicate information, responsibilities, results, discussions, reviews, and resources.
6. You must also identify what specific documents are needed for effective planning, operation, and control of production activities These documents may include contracts, technical drawings, and specifications, a documented plan for design and development, work instructions, a documented procedure, etc., combined with unwritten practices, procedures and methods.
7. The design and development project plan serves as both a document and a record as it is updated for completion for various activities.
8. There must be a process that should be part of the D & D plan to identify, document, review, deploy and use design input information such as documents coming from various sources such as customer contracts, drawings, and specifications, organization’s database of previous design and development projects, competitor analysis, industry standards, feedback from suppliers, field data.
9. The organization must identify and include any special and safety characteristics in the process control documents such as quality plans, product drawings, operator instructions, and other documents used to make or verify the product.
10. You must review all input requirements, review design and development progress, verify product design and validate developed products at various stages of your design and development process. The nature, frequency, and scope of these controls must be defined in your design and development plan or other documents. You must carry out these controls according to your plan and keep appropriate records.
11. Do design reviews at one or more milestones of the design and development project, depending on customer requirements, the size, complexity, and risks involved. The purpose of these reviews is to evaluate results to requirements, check project progress and costs to plan and take actions on any problems encountered.
12. There must be a multi-disciplinary approach for doing these reviews and keep appropriate records of issues discussed, actions to be taken, responsibilities, and the timeline for completion. All design and development reviews must be included in your design and development plan.
13. Product design Verification includes design reviews, comparing the new design to a similar proven design if available, performing alternate calculations, performing tests and simulations, reviewing the design documents before release, etc.
14. Manufacturing process design verification includes design review, process capability studies, testing various process parameters, performing tests and trials, reviewing the manufacturing process design documents before release, etc.
15. Verification is checking product or process to input requirements, whereas validation is checking product or process is suitable for its intended use does it perform/function in the way intended by your customer or your organization. Product and manufacturing process validation includes – design reviews, comparison between customer requirements and internal development plans, design and development validation against customer requirements and design and development input requirements, corrective action, and lessons learned from documented process failures and product nonconformities.
16. Any problem you have encountered during the verification and validation of identified during review must be resolved.
17. Design and development output may be product or documentation or both. Product may be a prototype or finished product and documentation could be a computerized or hard copy drawing or specification. Check design and development output against the input requirements, before you use it any further.
18. Many documents are created from the design and development output stage such as drawings, quality plans, work instructions, etc. Where any sophisticated design and development tools such as AutoCAD are used requiring specific competency or training, ensure you provide and keep appropriate records of competency and training of personnel performing design and development activities and use of these tools.
19. Provide appropriate design and development output information to a) Purchasing material or service specifications. b) Production output such as product specifications, special characteristics, drawings, diagnostics, etc. c) Service output such as product specifications; performance reliability, and maintenance criteria.
20. D & D Changes may come from the internal, customer, or regulatory sources. Get all requests for product or manufacturing process design changes in writing from your customer. The impact of the change must be evaluated on materials used, design process, manufacturing process, characteristics and use of the developed product, regulatory compliance, cost, etc.
21. Make sure your process for design and development changes follows appropriate steps ie define the plan, have inputs and outputs, verify and validate to the extent necessary to meet customer requirements, and control product, quality, and business risks.
22. Documented information on design and development changes, the result of the review, the authorization of changes, and action is taken to prevent adverse impact must be maintained.

8.4 Control of Externally Provided Products and Services

The Requirement

8.4.1 General

The organization must ensure that externally provided processes, products, and services conform to specified requirements. The organization must apply the specified requirements for control of externally provided products and services when products and services are provided by external providers for incorporation into the organization’s own products and services; products and services are provided directly to the customer by external providers on behalf of the organization;  a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function. The organization must determine and apply criteria for evaluation, selection, monitoring of performance, and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements. The organization must retain appropriate documented information of the above-mentioned activities and any necessary action arising out of the evaluation.

8.4.2 Type and Extent of Control

The organization should ensure that externally provided processes, products, and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers. The organization should ensure that externally provided processes remain within the control of its quality management system. It should define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output.  In determining the type and extent of controls to be applied to the external provision of processes, products, and services, the organization must consider the potential impact of the externally provided processes, products, and services on the organization’s ability to consistently meet customer and applicable legal requirements and effectiveness of the controls applied by the external provider. The organization must establish and implement verification or other activities necessary to ensure the externally provided processes, products, and services meet the requirements. 

8.4.3 Information on External Providers

The organization must ensure the adequacy of specified requirements prior to their communication to external providers. The organization should communicate to external providers applicable requirements for the following:

1. products and services to be provided or the processes to be performed on behalf of the organization;
2. approval or release of products and services, methods, processes, or equipment;
3. competence of personnel, including necessary qualification;
4. their interactions with the organization’s quality management system;
5. control and monitoring of the external provider’s performance to be applied by the organization;
6. verification activities that the organization, or its customer, intends to perform at the external provider’s premises.

Checklist Questions

1. How does the organization ensure externally provided processes, products and services conform to specified requirements?
2. Show how the organization applies specified requirements for the control of externally provided products and services when: a) Products and services are provided by external providers for incorporation into products and services;b) Products and services directly to customers by external providers on your behalf;c) A process or part-process is provided by an external provider as a result of a decision to outsource a process or function.
3. Show how does the organization establish and applies criteria for evaluation, selection, monitoring of performance, and re-evaluation of external providers. How do you assess their ability to provide processes or products and services in accordance with specified requirements?
4. What documented information is available as results of evaluations, monitoring of performance, and reevaluations of external providers?
5. How does the organization determine the controls applied to the external provision of processes, products, and services and take them into consideration? a) The potential impact of the externally provided processes, products, and services on the ability to consistently meet customer and applicable statutory and regulatory requirements? b) The perceived effectiveness of the controls applied by the external provider?
6. What verification or other activities does the organization have to ensure externally provided processes, products and services do not adversely affect its ability to consistently deliver conforming products and services to customers?
7. When processes or functions have been outsourced to external providers, how do you define the controls intended to be applied to the external provider and to the resulting process output?
8. Show how the organization communicates to external providers, applicable requirements for a) Products and services to be provided or the processes to be performed on behalf of the organization;b) Approval or release of products and services, methods, processes, or equipment;c) Competence of personnel, including necessary qualification; d) Their interactions with the organization’s quality management system;e) The control and monitoring of the external provider’s performance to be applied by the organization;f) Verification activities that the organization, or its customer, intends to perform at the external provider’s premises.
9. Before you communicate with external providers, how do you ensure the adequacy of specified requirements?

Implementation Guidelines

1. Externally provided processes, products, and services include purchasing from a supplier, an arrangement with an associate company, and outsourcing processes to an external provider. The organization can apply risk-based thinking to determine the type and extent of controls appropriate to particular external providers and externally provided processes, products, and services;
2. You must have specifications/criteria for the purchased product. These specifications may come from your organization, customer, regulatory bodies, supplier, or industry. The purchased product may include materials, production equipment, tooling, measuring and test equipment, facilities, transport vehicles, returnable packaging, intellectual property (drawings, specifications, or proprietary information), product returned for servicing under warranty, product sent for outsourced work, etc.
3. Many times the customer may require the use of pre-approved purchased products and suppliers. The onus is still on you to ensure that the purchased product from customer-designated sources meets all requirements.
4. You must control both, the product you buy, as well as the supplier you buy from. Your controls must primarily be based on the prevention of nonconformities in both product and supplier performance.
5. Based on how important the purchased product is to design, manufacture, assemble and maintain your end product, categorize your purchased products and services accordingly. Then determine what controls you need to ensure consistent purchased product quality and consistent supplier performance. You can then apply different controls for different purchased products. These controls must be included or referenced in your quality or inspection plans.
6. There are several ways to evaluate your suppliers. Besides product quality, your criteria for supplier selection and evaluation may include the potential supplier’s financial capability, technical and manufacturing capability, and capacity, reliability, reputation, flexibility to handle changes, support, service, cost, etc.
7. You must maintain a list of all qualified suppliers. In addition to the initial evaluation and approval of suppliers, you are required to carry out ongoing monitoring and measurement of their performance.
8. You must identify your purchasing processes whether on-site or off-site.
9. Use supplier monitoring indicators to evaluate the consistency, capability, and reliability of their performance for quality, On-time delivery, support, etc. On-time delivery is very important and disruptions (due to waiting for materials) at your customers or even your own facility must be avoided.
10. For each process, you must document the controls for purchased products and suppliers. You must also show the linkage and interaction of purchasing processes with other processes such as design, manufacturing, tooling maintenance, calibration.
11. You must keep records of all supplier evaluations (whether initial or periodic), including any corrective actions placed on them for any nonconformities. You must identify and document all processes addressing this clause as part of your QMS. For these processes, you must also identify what specific documents, controls, and resources are needed. You could use a documented procedure or other combination of specific practices, procedures, documents, and methods.
12. Consider using supplier quality plans, inspection plans, etc., to verify that the purchased product meets specified purchase (product and QMS) requirements. Your inspection process must define and document the acceptance criteria and sampling plan for product conformity and what measurement tools needed and records needed to show effective control of purchased product quality and supplier performance.
13. Where any of your controlled suppliers have gone through a significant organizational change you must verify the continuity and effectiveness of their QMS.
14. Your purchase documents such as purchase order, contract, blanket order, your organization’s supplier quality manual, etc. must specify your requirements for the purchased product, the supplier’s QMS, and any other initial or on-going controls you deem necessary for ensuring consistent supplier performance.
15. You must define how you ensure the adequacy of these documents before you communicate them to your supplier. A review of the adequacy of purchasing documents may include their completeness, accuracy, correctness, quantity, timing, cost, approval, etc.,
16. You must show evidence of carrying out (issue purchase documents) and review these documents.
17. An outsourced process is any value-adding or conversion activity related to your product or service, that is performed by an external organization such as a subcontractor, sister facility, etc.
18. You must be able to demonstrate sufficient controls over outsourced processes to ensure that such processes are performed according to the relevant requirements of ISO 9001:20015
19. Outsourced processes may be controlled in any number of ways, e.g., providing the vendor with product specifications, supplier quality manual that they must meet, asking for inspection and test results or certificates of compliance, validation of outsourced process, conducting product and QMS audits of the vendor; etc.

CLAUSE 8.5 Production and Service Provision

8.5.1 Control of Production and Service

The Requirement

The organization should implement production and service provision under controlled conditions. Include these controlled conditions, as applicable:

1. availability of documented information that defines characteristics of products and services.
2. availability of documented information that defines activities to be performed and results to be achieved.
3. availability and use of suitable monitoring and measuring resources
4. implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met.
5. use and control of suitable infrastructure and process environment for operation of the process.
6. appointment of a competent person and, where applicable, required qualification of persons;
7. validation, and periodic revalidation, of ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement.
8. implementation of products and services release, delivery, and post-delivery activities.

Checklist Questions

1. How the organization does implement the production and service provision under controlled conditions?
2. Can you show the availability of any documented information that defines the characteristics of the product, services or activities to be performed and the results to be achieved?
3. Can you show controlled conditions for monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met?
4. Can you show controlled conditions for the use and control of suitable infrastructure and process environment?
5. Can you show controlled conditions for the availability and use of suitable monitoring and measuring resources?
6. Can you show controlled conditions for the competence and, where applicable, required qualification of persons?
7. Can you show controlled conditions for the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement?
8. Can you show controlled conditions for the implementation of products and services release, delivery and post-delivery activities?

Implementation Guidelines

1. To improve your QMS, it will be very useful to draw a flow chart to link the flow and interaction of the activities and sub-processes.
2. Use your product, project, or contract quality plan to control your operational activities. Quality plans address what has to be made, how much has to be made, when it has to be made, by whom, in what sequence, how it has to be made, what equipment to use, what measurement and monitoring tools to use, what to inspect, when to inspect, how much to inspect, what to do if problems arise, etc. Your quality plan must cover all operation process steps from receipt of materials, production, packaging, storage, delivery, and even post-delivery activities such as installation or training.
3. Schedule your operations taking into consideration customer delivery requirements, production capacity and capability, material availability and usage, personnel availability and usage; storage; etc. Carefully define and document the interaction of your operation scheduling process with your logistics processes such as inventory management, customer communication, traffic and shipping control, packaging and labeling, sales, and billing.
4. Your quality plans are dynamic and must be updated for the changes in product specifications or process parameters; resources used; monitoring or measurement requirements, etc. Your quality plans should reference any work instructions specified for the process steps.
5. Work instructions may exist in many forms such as narrative, graphical, audio, video, physical display, etc.If any work instructions are needed at specific points in your process, then they must be readily available and relevant i.e. current or right version.
6. You must also identify what specific documents are needed for effective planning, operation, and control of production activities. These documents may include – a product quality plan; work instructions; documented procedure; etc., combined with unwritten practices, procedures, and methods.
7. Validation is usually required where the product cannot be verified without damaging or destroying the product, e.g. some types of welding, heat treatment, painting, electroplating, rust-proofing, etc. Validation involves conducting capability studies using a combination of resources technology, equipment, materials, environment, competent personnel, and production and testing methods that consistently result in a quality product or service. Validation requires customer or regulatory approval of the process.
8. You must keep appropriate records of process validation showing both the achievement of planned results as well as the ongoing maintenance of such capability. It is up to each organization to determine what combination of resources and methods will provide the required consistent process capability and quality of product or service. Include as appropriate, these validation controls in your quality plans.
9. If you change any part of the proven process capability for e.g. materials, equipment or personnel, etc., you must revalidate i.e re-prove the changed process.

8.5.2 Identification and Traceability

The Requirement

The organization should use suitable means to identify “process outputs” where necessary to ensure conformity of products and services. The organization should identify the status of “process outputs” with respect to monitoring and measurement requirements throughout production and service provision. The organization should control the unique identification of “process outputs” where traceability is a requirement. It should retain any documented information necessary to maintain traceability. “Process outputs” are results of any activities which are ready for delivery to the customer or to an internal customer (e.g., the receiver of inputs to the next process). “Process outputs” can include products, services, intermediate parts, components, etc.

Checklist Questions

1. What suitable means is used by the organization to identify output when it is necessary to ensure the conformity of products and services?
2. How is the status of outputs with respect to monitoring and measuring requirements throughout the production and service provision being identified by the organization?
3. How does the organization control the unique identification of the outputs when traceability is a requirement?
4. Shot the documented information necessary to enable traceability, when traceability is a requirement?

Implementation Guidelines

1. Product status: It means knowing the quality status (good or bad) of materials and products through each of the above stages. Product status can be controlled using physical and electronic methods.
2. Product identification: It means knowing the identity of your or customer-supplied product from incoming receipt of materials, raw material storage, use in production, work in progress, finished product storage, and delivery of the product to the customer. Product identification can be controlled using physical and electronic methods.
3. Unique Product Identification: This usually involves keeping detailed records of product manufacturer such as material, equipment, personnel, processes, production, inspection and test details, etc., for individual products or production batches. These records help to troubleshoot product and process problems, resolve customer complaints, and enable continual improvement of product and process. Depending on the product, the OEM may specify the degree of unique identification and traceability required.
4. Specific Documented information may be included in your Operation processes through your product quality plans, work instructions, and other specific documentation. Examples of product identification and test status include physical tags, barcode labels linked to computer records; MRP systems tracking specific production runs/lots, automated production transfer processes, etc.
5. Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc

8.5.3 Property Belonging to Customers or External Providers

The Requirement

The organization should exercise care with property belonging to customers or external providers while under the organization’s control or being used by the organization. The organization should identify, verify, protect, and safeguard the customer’s or external provider’s property provided for use or incorporation into products and services. It should report to the customer or external provider when their property is incorrectly used, lost, damaged, or otherwise found to be unsuitable for use. Customer property can include material, components, tools and equipment, customer premises, intellectual property, and personal data.

Checklist Questions

1. What care does the organization provide for customers or external provider’s property while under its control?
2. How does the organization identify, verify, protect and safeguard the customer property which is provided for use or incorporation into products or services?
3. What means does the organization use to report to the customer or external provider if their property is incorrectly used, lost, damaged, or found to be unsuitable for use?

Implementation Guidelines

1. Customer or External provider property may include material, production equipment, tooling, measuring and test equipment, facilities, transport vehicles, returnable packaging, intellectual property such as drawings, specifications or proprietary information, product returned for servicing under warranty, product sent for outsourced work, etc.
2. All customer property is exposed to the risk of being damaged, lost, misused, misplaced, stolen, become unsuitable or obsolete for use. Notify the customer/ External provider in writing if their property is lost, damaged, or otherwise found to be unsuitable such as perishable past its shelf life for use
3. Control to minimize the risks to customer/External provider property include inventory management, preservation, and storage, identification, status and traceability indicators, maintenance, notification, traffic flow, authorized use, restricted access, etc.

8.5.4 Preservation

The Requirement

The organization should ensure the preservation of “process outputs” during production and service provision, to the extent necessary to maintain conformity to requirements. Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.

Checklist Questions

1. How the organization does ensure the preservation of process outputs during production and service provision to maintain conformity to product requirements?

Implementation Guidelines

1. Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.
2. All raw materials, work in progress, finished product, supplies, customer provided materials or product, product sent for outsourced work, etc., are subject to the risk of being damaged, lost, misused, misplaced, stolen, become unsuitable, perishable, or obsolete i.e. past shelf life for use.
3. These could be controlled using identification, status and traceability indicators, inventory cycle counts and condition evaluation, stock rotation methods such as FIFO, just in time, tracking shelf life, special, controls for restricted access, handling and storage of hazardous materials, climate and environment, maintenance procedures, barcodes, training, use of special equipment for handling, condition reports, etc.
4. Documented information may be included in your product realization processes through your product quality plans, work instructions, and other specific documentation.

8.5.5 Post-Delivery Activities

The Requirement

The organization should meet requirements, as applicable, for post-delivery activities associated with products and services. In determining the extent of post-delivery activities that are required the organization should consider risks associated with products and services; Customer feedback; legal requirements; nature, use, and intended lifetime of products and services; Post-delivery activities can include actions under warranty provisions, contractual obligations (such as maintenance services) and supplementary services (such as recycling or final disposal)

Checklist Questions

1. How does the organization meet requirements for post-delivery activities associated with products and services?
2. When determining the extent of post-delivery activities required with products and services, How does the organization determine the risk, customer feedback, and Nature, use, and intended lifetime?

Implementation Guidelines

1. Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
2. Post Delivery activities mean based on customer agreement or other agreement, the organization may be responsible for providing support for their product or services after delivery. This could include technical support, routine maintenance or total recall, recycling, reusable packaging, returnable containers, etc.
3. The extent of post-delivery activity will depend on statutory and regulatory requirements, the potential undesired consequences associated with its products and services, the nature, use, and intended lifetime of its products and services, customer requirements, and customer feedback.

8.5.6 Control of Changes

The Requirement

The organization should review and control changes for production or service provision to the extent necessary to ensure continuing conformity with requirements. The organization should retain documented information describing the results of a review of changes, personnel authorizing the change, and any necessary actions arising from the review.

Checklist Questions

1. How does the organization review and control unplanned changes to ensure continuing conformity with specified requirements?
2. What documented information does the organization has which describes the results of reviews of changes, the personnel authorizing change, and any necessary actions?

Implementation Guidelines

1. Changes, in general, create instability, and a robust change management process is critical to ensure changes are fully reviewed, approved, communicated, understood, and validated when they are implemented. Records describing the results of the review of changes, personnel authorizing the change, and any necessary actions arising from the review have to be maintained.
2. The organization is required to review and control changes for all of the previously discussed “production and service provision” topics including 8.5.1 Control of production and service provision (all of the controls established in the first place), 8.5.2 Identification and traceability, 8.5.3 Property belonging to customers or external providers, 8.5.4 Preservation and 8.5.5 Post-delivery activities.

8.6 Release of Products and Services

The Requirement

The organization should implement planned arrangements at appropriate stages to verify product and service requirements have been met. Retain evidence of conformity with acceptance criteria. The release of products and services to the customer should not proceed until the planned arrangements for verification of conformity have been satisfactorily completed unless otherwise approved by a relevant authority and, as applicable, by the customer.  The organization should retain documented information for traceability to the person(s) authorizing the release of products and services for delivery to the customer. The organization should also retain documented information for evidence of conformity with the acceptance criteria. 

Checklist Questions

1. Show how planned arrangements have been implemented at appropriate stages to verify product and service requirements have been met. Show what evidence the organization retains.
2. Show how the release of products and services is held until planned arrangements for verification of conformity have been satisfactorily completed unless approved by a relevant authority, or the customer if applicable.
3. Show documented information that shows traceability to the person authorizing the release of products and services.

Implementation Guidelines

1. Before you release your product to your customer, You must plan what characteristic(s) to measure, type of measurements, what measurement device to use, how often to measure, sample size, acceptance criteria, and records needed for each product or product type. Use your quality plan to document these controls. Where practical, consider completing all missed planned inspections and measurements before product delivery.
2. If you plan on releasing during any stage of production or shipping finished product, where all planned inspections and measurements to that stage have not been completed, ensure that you obtain prior written approval/waiver from a relevant internal authority or the customer.
3. You must identify and document all product realization processes e.g. receiving, production, shipping, etc. For such processes, you must also identify what specific documents are needed for effective planning, operation, and control.
4. You could use a product quality plan, any documented information, or other combination of specific practices, procedures, and methods.

8.7 Control of Nonconforming Process Outputs, Products, and Service

The Requirement

8.7.1 

The organization should ensure process outputs, products, and services that do not conform to requirements are identified and controlled to prevent unintended use or delivery. The organization should take appropriate action based on the nature of nonconformity and its impact on the conformity of products and services. This is applicable also to nonconforming products and services detected after delivery of products during or after the provision of service. The organization should deal with nonconforming outputs in one or more of these ways:

• correction;
• segregation, containment, return, or suspension of the provision of products and services;
• informing  the customer;
• obtaining authorization for acceptance under concession. 

The organization should verify conformity to requirements when nonconforming process outputs, products, and services are corrected.

8.7.2

The organization should retain documented information that describes the nonconformity, action taken,  concessions obtained, identifies the person or authority that made the decision regarding dealing with nonconformity.

Checklist Questions

1. How the organization does identify and controls process outputs, products, and services that do not conform to requirements and prevent their unintended use or delivery?
2. What appropriate corrective actions are taken based on the nature of the nonconformity and its impact on the conformity of products and services? How the organization does apply this to nonconformity detected after delivery?
3. How the organization deals with nonconforming process outputs, products and services in terms of:

a) Correction;b) Segregation, containment, return, or suspension of the provision of products and services? c)  Informing the customer? d) Obtaining an authorization for use as-is? e) Release, continuation, or re-provision of the products and service? f) Acceptance under concession?

1. How the organization does verify conformance where process outputs, products, and services are corrected following nonconformance?
2. What documented information is kept following actions taken to address nonconformities, including any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformance?

Implementation Guidelines

1. This is applicable to processes, products, and services that do not conform to customer requirements, applicable regulatory requirements, or your own organization requirements. Nonconformities may relate to suppliers and outsourced work, organizational activities, or products shipped to customers.
2. The organization must have controls and responsibilities to identify, contain i.e. prevent further processing or use, keep records of the nature and other details of the nonconformity, notify appropriate personnel and customer, where appropriate, evaluate what disposition action needs to be taken, carry out timely disposition, determine policies for release for further processing or shipment to the customer, obtain customer concessions, rework and re-verification, establish performance indicators to measure the effectiveness of the control of nonconformance process, etc.
3. Product or material found with no identification or its quality status is not known, should be treated as a nonconforming product and controlled as mentioned above.
4. If you find that a nonconforming product has been shipped, without a customer concession, you must take appropriate action to reduce the immediate and consequential effect of the nonconformity.
5. Depending upon the seriousness and scope of the nonconformity, you might consider taking action to eliminate the nonconformity as well as a corrective action to eliminate the root causes of the nonconformity.
6. It might be appropriate in specific circumstances to notify the customer and resolve the situation to your customer’s satisfaction.
7. You need to be aware of any reporting requirements imposed by regulatory bodies and comply with them.
8. All product realization processes must show the interaction with your process for a nonconforming product.
9. A concession authorization allows you to ship nonconforming products, under controlled conditions.
10. A deviation authorization allows you to manufacture a product different from the original specification, under controlled conditions.
11. In both these situations, make sure that you obtain these authorizations in writing prior to shipping or manufacturing a nonconforming product.

Documented Information if applicable

1. Process Quality plan
2. Production plan and status
3. Contract Review Checklist
4. Risk Assessment – Business Enquiry
5. verbal order Register
6. Input Adequacy Report
7. Design Data Input Sheet
8. Design and Development plan
9. Design change record
10. Design Review Record
11. Design verification record.
12. Design validation record
13. Design output record
14. Approved Supplier List
15. Supplier Corrective Action Request (SCAR) Log
16. Supplier performance report
17. Supplier & Subcontractor Assessment Form
18. Purchase order
19. Receipt Inspection Report
20. Daily Production & Inspection Record
21. Breakdown Maintenance Report
22. Preventive Maintenance Chart
23. Tags
24. List Of Customer Drawing
25. List Of Customer Supplied Items
26. Stock Register
27. Sample Maintenance agreement
28. Pre Dispatch Inspection Report
29. Nonconforming Part Disposition
30. Nonconforming Service Report
31. Out of tolerance impact study

For more on Clause 8 Operation click here

7.1 Resources

7.1.1 General

The Requirement

The organization should determine and provide the resources needed to establish, implement, maintain, and continually improve the QMS. And should consider the capabilities of, and constraints on, existing internal resources; and what needs to be obtained from external providers.

Checklist Questions

1. How resources are determined for the establishment, implementation, maintenance, and continual improvement of the QMS.
2. Show how the capabilities and constraints on internal resources are considered.
3. Show how needs from external providers are considered.

Implementation Guidelines

1. The top management has the responsibility to ensure the availability of resources to develop and maintain your QMS. This is typically done through business and quality planning.
2. While planning for your resources needed the organization must consider what existing internal resources it has considering its capabilities and constraints and what needs to be obtained by external providers.
3. The actual amount of resources needed may vary from day to day and over time. This is one reason why top management must review QMS performance regularly

7.1.2 People

The Requirement

The organization should determine and provide the persons necessary for the effective implementation of its QMS and also for the operation and control of its processes.

Checklist Questions

1) How does the organization provide persons necessary to consistently meet customer, applicable statutory, and regulatory requirements for the QMS including the necessary processes? 

Implementation Guidelines

1) This standard expects an organization to determine and provide the appropriate number of personnel to effectively implement the QMS and for the operation and control of its processes and also the proper allocation of staff in order to achieve the required outcome.

7.1.3 Infrastructure

The Requirement

The organization should determine, provide, and maintain the infrastructure for the operation of the processes to achieve conformity of products and services. Infrastructure may include buildings and associated utilities; equipment including hardware and software; transportation resource, information and communication technology.

Checklist Questions

1) How does the organization determine, provide and maintain the infrastructure for the operation of processes to achieve products and service conformity?

Implementation Guidelines

1) Essentially a company needs to consider all the things they will need in order to deliver a service/product to the customer/client. This needs to include:

1.  buildings / water / gas / electric, etc.
2. equipment – for example, computers / operating systems (e.g. alarm master);
3. vehicles – for engineers/management/sales and survey staff;
4. information – standards that have to be applied, mobile phones/tablets, etc.

2) Any infrastructure changes related to product realization affecting customer requirements require notification to, and agreement from, the customer.

7.1.4 Environment for the Operation of Processes

The Requirement

The organization should determine, provide, and maintain the environment necessary for the operation of processes and to achieve conformity of products and services. A Suitable environment for the operation of processes can be a combination of human and physical factors such as social (for e.g. non-discriminatory, calm, non-confrontational, etc), psychological (for e.g. stress-reducing, burnout prevention, emotional protective), physical (for example, temperature, heat, humidity, light, airflow, hygiene, noise). These factors can differ depending on the type of product and service  provided by the organization

Checklist Questions

1. How does the organization determine, provide and maintain the environment for the operation of processes to achieve products and service conformity?

Implementation Guidelines

1) Environment for the operation of processes can include physical, social, psychological, environmental, and other factors (such as temperature, humidity, ergonomics, and cleanliness). It includes

1. Equality Opportunities / whistleblowing / anti-bullying policy
2. Violence at work/counseling support / lone working
3. Office-based risk assessment, space, noise levels and other environment issues

7.1.5 Monitoring and Measuring Resources

The Requirement

7.1.5.1 General

The organization should determine and provide the resources needed for valid and reliable monitoring and measuring results, where monitoring or measuring is used for evidence of conformity of products and services to specified requirements. The organization should ensure that the resources provided are suitable for the type of monitoring and measurement activities being undertaken and are maintained to ensure continued fitness for their purpose. The Organization should retain appropriate documented information as evidence of fitness for purpose of monitoring and measurement resources.

7.1.5.2 Measurement Traceability

Where measurement traceability is a requirement(statutory or regulatory or customer or relevant interested party expectation) or considered by the organization to be an essential part of providing confidence in the validity of measurement results,  measuring instruments must be verified or calibrated at specified intervals or prior to use against measurement standards traceable to international or national measurement standards. The organization must retain the basis used for calibration or verification as documented information if no such standard exists as documented information. Measuring instruments must be identified in order to determine their calibration status; It must be safeguarded from adjustments, damage, or deterioration that would invalidate calibration status and subsequent measurement results. The organization should determine if the validity of previous measurement results has been adversely affected when an instrument is found to be defective during its planned verification or calibration, or during its use, and take appropriate corrective action as necessary.

Checklist Questions

1. How are the resources determined for ensuring valid and reliable monitoring and measuring results, where used?
2. How does the organization ensure that resources provided are suitable for the specific monitoring and measurement activities and are maintained to ensure continued fitness for purpose?
3. Show the documented information which is evidence of fitness for purpose of monitoring and measurement resources.
4. Where applicable, show how measurement instruments are verified or calibrated at specified intervals against national or international measurement standards;
5. If there are no standards, show the documented information which is used as the basis used for calibration or verification.
6. Show how measurement instruments are identified to determine their calibration status.
7. Show how they are safeguarded from adjustments.
8. Show how they are safeguarded from damage and deterioration.
9. How do you determine the validity of previous measurements if you find an instrument to be defective during verification or calibration? What appropriate actions can you take?

Implementation Guidelines

1. This clause is applicable only with monitoring and measuring devices and equipment used to monitor the product (or service) and does not apply to monitoring and measuring the quality system.
2. Operation planning must determine the following what specific product and process characteristics need to be monitored and measured, the criteria for product acceptance, the type of Monitoring and Measurement Device needed, frequency i.e. at what stages of realization to do it, sample size, etc.
3. Requirements for what needs to be measured and the acceptance criteria may come from the customer, regulatory, industry, and own organization.  The organization must then determine what Monitoring and Measurement Device is appropriate for each measuring or monitoring requirement.
4. To ensure valid measurement and monitoring results, the Monitoring and Measurement Device must be controlled. A process is required, to control the identification of monitoring measurement,  selection, purchase, status, identification, calibration, verification, adjustment or readjustment, use, handling, maintenance and storage, training, handling of nonconforming  Monitoring and Measurement Device’s, etc.
5. Personnel using Monitoring and Measurement Devices must have competence and training in the use of Monitoring and Measurement Devices in terms of their function, range and precision of measurement, reliability, use, and maintenance.
6. You must keep appropriate records to demonstrate effective operation and control of your Monitoring and Measurement Device processes. These records must include calibration and verification records traceable to national, international, or other benchmarks used for calibration.
7. Customer or internal engineering changes may result in a change in product measurement, requirements, and/or the Monitoring and Measurement Device to be used.  These changes should be reflected in your quality plan.
8. Performance indicators such as the monthly trends in the number of out of calibration Monitoring and Measurement Device’s, or the number of Monitoring and Measurement Device’s past their calibration due date, number of Monitoring and Measurement Device’s being used and not controlled, reduction in untrained personnel found using Monitoring and Measurement Device’s, etc. Use these indicators to tighten and improve the effectiveness of your Monitoring and Measurement Device process.
9. Where a Monitoring and Measurement Device is found to be out of calibration, you must take appropriate corrective action to contain and re-verify the product affected, to the extent practical. This is in addition to containing, repair and recalibrating the defective Monitoring and Measurement Device.

Clause 7.1.6.  Organizational Knowledge

The organization should determine the knowledge necessary for the operation of its processes and achieve conformity of products and services. This knowledge shall be maintained and made available to the extent necessary. When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates. Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization’s objectives. Organizational knowledge can be based on: a) Internal Sources (e.g., intellectual property, the knowledge gained from experience, lessons learned from failures and successful projects, capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products, and services); b) External Sources (e.g., standards, academia, conferences, gathering knowledge from customers or external providers).

Checklist Questions

1. How does the organization determine the necessary knowledge for the operation of processes?
2. How does the organization necessary the knowledge to achieve conformity of products and services?
3. How does the organization maintain this knowledge and make it available to the extent necessary?
4. How does the organization consider current knowledge and how do you acquire additional knowledge when addressing changing needs and trends?

Implementation Guidelines

1. Organizational knowledge can include information such as intellectual property and lessons learned.
2. To obtain the knowledge required, the organization can consider internal sources (e.g. learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the organization)  and external sources (e.g. standards, academia, conferences, gathering knowledge with customers or providers).
3. The organization shall determine the knowledge necessary for the operation of the QMS, ensure conformity of products and services, enhance customer satisfaction. The organization is responsible for maintaining, protecting, and making sure the knowledge is available
4. Depending on the size and complexity of the organization, the risks and opportunities it needs to address, the need for accessibility of knowledge, the process for considering and controlling past, existing, and additional knowledge needs is to be considered.
5. Knowledge is to be considered when making changes to the organization

7.2 Competence

The organization must determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of its QMS; It must ensure that these persons are competent on the basis of appropriate education, training, or experience and where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; It must retain documented information as evidence of competence. Applicable actions can include, for example, training, mentoring, or reassignment of currently employed persons; or hiring or contracting of competent persons. “Competence” is defined in the section on terms as the ability to apply knowledge and skills to achieve intended results. Demonstrated competence is sometimes referred to as “qualification”.

Checklist Questions

1. How does the organization determine the necessary competence of its employees whose work affects the performance and effectiveness of the QMS?
2. How does the organization ensure that its employees are competent on basis of appropriate education, training, or experience?
3. How does the organization take applicable actions to acquire the necessary competence and evaluate the effectiveness of action taken?
4. Show the appropriate documented information as evidence of competence?

Implementation Guidelines

1. HR process must include determining competency criteria, skills evaluation, identification of training needs, types of training, provision of training, how training effectiveness is evaluated, methods to communicate an awareness of the importance of quality requirements, and meeting quality objectives, to all employees.
2. Applicable actions to acquire competency can include, for example, the provision of training to, the mentoring of, or the reassignment of currently employed persons; or the hiring or contracting of competent persons.
3. Criteria for competency must be developed based on appropriate education, skills, training, and experience for activities, tasks, functions, and processes. The level and detail of such qualifications, skills, training, and experience will depend upon the complexity of the product, process, technology, and customer and regulatory requirements. Appropriate record of employees skills, education, training, the experience must be maintained
4. A “Skills Matrix” is a useful tool used by organizations to determine and manage the competency levels required by different activities and functions. An organization may create a comprehensive training program based on the skill Matrix that is fully integrated with the quality management system. The appropriate record must be kept of training which must include the evaluation of the training

7.3 Awareness

Persons doing work under the organization’s control must be aware of the quality policy; relevant quality objectives; their contribution to the effectiveness of the QMS, including benefits of improved quality performance; and the implications of not conforming with system requirements.

Checklist Questions

1. How does the organization ensures that the persons doing work under the organization’s control are aware of its quality policy, relevant quality objectives, their contribution to the effectiveness of QMS including the benefits of improved performance and the implications of not meeting QMS requirements?

Implementation Guidelines

1. The process to promote quality awareness may include the use of methods such as – cross-functional teams, involvement in quality planning, quality circles, improvement suggestions, product workshops, zero defect programs, product review checklist, etc.
2. Organizational personnel must be motivated to achieve the organization’s quality objectives. The process to motivate employees may include the use of methods such as – employee recognition awards, ongoing training programs, performance reviews, employee surveys, poster campaigns, etc,.
3. Performance indicators to measure the effectiveness of the HR process in determining competency and training needs of the workforce could include – employee turnover, employee complaints, number of instances unqualified personnel was found performing QMS activity, number of instances competency criteria were not met, and number of instances no training or competency records maintained; etc.

7.4 Communication

The organization should determine the internal and external communications relevant to the QMS, including: on what it will communicate; when to communicate; with whom to communicate; how to communicate.

Checklist Questions

1. How does the organization determine the internal and external communication relevant to the QMS including what it will communicate, when to communicate, with whom to communicate, how to communicate, and who communicates?

Implementation Guidelines

1. Top management must plan for internal and external communication methods and resources at a high level using the business planning process and deploy these methods through the information technology, logistic, and HR processes.
2. Each process owner must identify the methods of communication such as a computer, documents, telephone, meetings, directives, visual, etc, used and determine whether these methods are appropriate and are they effective for the purpose intended?
3. Communication plan can include:  a) What will be communicated, b) When you will communicate, c) With whom you will communicate, d) How you will communicate, e) Who will do the communication.

7.5 Documented Information

7.5.1 General

The Organization’s QMS must include all documented information required by ISO 9001 and the documented information determined by the organization as being necessary for the effectiveness of the QMS. The extent of documented information can differ from one organization to another due to the size of the organization and its type of activities, processes, products, and services; complexity of processes and their interactions;  competence of persons.

7.5.2 Creating and Updating

When creating and updating documented information the organization must ensure appropriate identification and description (e.g., a title, date, author, or reference number); format (e.g., language, software version, graphics), and media (e.g., paper, electronic); review and approval for suitability and adequacy.

7.5.3 Control of Documented Information

7.5.3.1

Documented information required by Your QMS and by ISO 9001 must be controlled to ensure it is available and suitable for use, where and when it is needed;  It must is adequately protected from loss of confidentiality, improper use, or loss of integrity.

7.5.3.2

For the control of documented information, the organization must address, as applicable: distribution, access, retrieval, and use;  storage and preservation, including preservation of legibility; control of changes (e.g., version control); retention and disposition. Documented information of external origin determined by the organization to be necessary for the planning and operation of the system must be identified as appropriate and controlled. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

Checklist Questions

1. What documented information is included in the organization’s QMS as required by ISO 9001:2015 and determined by the organization necessary for the effectiveness of the QMS?
2. While creating and updating documented information, how does the organization ensure it is appropriate in terms of identification & descriptions?
3. Show how does the organization control documented information.
4. Show how it is made available and suitable for use.
5. How do you protect the organization’s documented information?
6. When controlling documented information, how do you address the following:
   Distribution, Access, Retrieval, Use, Legibility, Control of changes, Retention and disposition, Storage and preservation;
7. How does the organization identify as appropriate and control documented information of external origin which has been determined as necessary for the QMS?

Implementation Guidelines

1. The term “documented procedure” and “record” have both been replaced by “documented information”.“Documents”, “Documentation” and “Records” are combined to become “Documented information”. The document is expressed as maintaining documented information and the record is expressed as Retain documented information.
2. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
3. The extent of documented information for a quality management system will depend on:
   a) the size of the organization and its type of activities, processes, products, and services;
   b) the complexity of processes and their interactions;
   c) the competence of persons.

Documented Information if applicable

1. Employee Requisition Form
2. List of Machines
3. Instruments Calibration history chart
4. Calibration Schedule
5. Lesson learnt log
6. Competency matrix
7. Training Needs Identification.
8. On Job training
9. Training attendance sheet
10. Training feedback form
11. Training effectiveness form
12. Employee Satisfaction Survey Questionnaire
13. Communication plan
14. Document Matrix
15. Master list of forms and formats

For more information on Support click here

Mail us at:

6.1 Actions to address risks and opportunities

The Requirement

6.1.1

When planning for the quality management system, the organization shall consider the issues referred to in Understanding the organization and its context (4.1) and the requirements referred to in Understanding the needs and expectations of interested parties(4.2) and determine the risks and opportunities that need to be addressed to give assurance that the quality management system can achieve its intended results so as to prevent, or reduce, undesired effects and to achieve continual improvement.

6.1.2

The organization must plan actions to address the risks and opportunities determined in clause 6.1.1. The organization must also plan on how to integrate and implement the actions into its quality management system processes and evaluate the effectiveness of these actions. Actions taken to address risks and opportunities must be proportionate to the potential impact on the conformity of products and services. Options to address risks can include but not limited to avoiding, risk, taking the risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, retaining risk by informed decision, or implementing standards like ISO 31000. It is the prerogative of the management to adopt any one of the practices. Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology, and other desirable and viable possibilities to address the organization’s or its customer’s needs. 

 Checklist Questions

1. How are the internal & external issues and needs & expectations of interested parties considered when planning for the QMS?
2. Has the organization determined the risks and opportunities that have to be addressed so that QMS can achieve its intended results, enhance desirable effects, prevent, or reduce undesired effects and achieve improvement?
3. How are actions planned to address risks and opportunities?
4. How actions are integrated and implemented into the QMS processes?
5. How do you evaluate the effectiveness of the actions?
6. How are actions taken to address risks and opportunities determined as being appropriate to the potential impact on the conformity of products and services? 

Implementation Guidelines

1. Options to address risks and opportunities can include: avoiding risk, taking a risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
2. Top management must provide direction, authorization and, resources, and review for QMS planning for determining customer & regulatory requirements, design, development, manufacture, delivery, and customer support,. QMS planning requires you to identify all your QMS processes and describe their sequence and interaction.
3. When planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization to determine and address the risks and opportunities to provide conforming products and services, enhance customer satisfaction, promote desirable effects and improvement and prevent, or mitigate, undesired effects.
4. The organization must integrate the actions to address these risks and opportunities into its QMS processes. This planning must be periodically reviewed and updated as necessary when taking corrective actions or at management reviews.
5. Planning also requires monitoring and measuring these actions and gathering, analyzing, and evaluating appropriate data and information to determine the effectiveness of such actions.
6. Steps to conduct risk management
   1. Identify the risks and opportunities
   2. Analyze the Risk
   3. Prioritize (risks and opportunities)
   4. Classify (acceptable / unacceptable)
   5. If unacceptable, Plan action (How to avoid or eliminate the risk? How can I mitigate risks?)
   6. Implement the plan
   7. Check the effectiveness of action
   8. Learn from experience – continual improvement

6.2 Quality Objectives and Planning to Achieve Them

The Requirement

6.2.1

The organization must establish quality objectives at relevant functions, levels, and processes. The quality objectives must be consistent with the quality policy. If practicable it must be measurable. It must be based on application requirements. It must be relevant to the conformity of products and services and the enhancement of customer satisfaction. It must be monitored and communicated. It must be updated as appropriate. The organization should maintain a documented information on the quality objectives.

6.2.2

When planning how to achieve the quality objectives, the organization must determine what will be done; what resources will be required; who will be responsible; when it will be completed; how the results will be evaluated. 

 Checklist Questions

1. Where are the quality objectives and are these at all relevant functions, levels, and processes?
2. Are they consistent with the quality policy?
3. Are they measurable?
4. Do they consider applicable requirements?
5. Are they relevant to the conformity of products and services and do they enhance customer satisfaction?
6. Are they monitored? How? How often?
7. How are they communicated?
8. How are they updated?
9. Where is the documented information on the quality objectives?
10.  How does the organization determine what will be done, with what resources, when completed and how will results be evaluated for quality objectives?

Implementation Guidelines

1. An objective should include a description of who is responsible, what is the target, when is it planned to be achieved. Progress must be monitored.
2. Ensure that whatever objectives you implement are SMART ie Specific, Measurable, Achievable, Realistic and Time-bound
3. Quality objectives should make sure they comply with the law and industry standards and conform to the products and services requirements.
4. Top management must provide the leadership, organization, and resources to deploy and achieve planned quality objectives.
5. Quality objectives may be set at various functional levels of the organization – top management, departments, processes, functional groups, work cells, project teams, individuals, etc.
6. Employees at all of these levels must be made aware of the importance of and how they must contribute to the achievement of these objectives.
7. Quality objectives may be documented in any or all of these documents such as quality manual, QMS processes, procedures, quality plans, etc.
8. A review of the quality objectives should be part of the management review process. After the review, the Quality objectives may be updated as appropriate.

6.3 Planning of Changes

The Requirement

Where the organization determines the need for change to the quality management system, the change must be carried out in a planned and systematic manner. The organization must consider the purpose of the change and any of its potential consequences; integrity of the quality management system, availability of resources,  allocation or reallocation of responsibilities, and authorities.

Checklist Questions

1. While determining changes for the QMS, are changes carried out in a planned manner?
2. While planning for change, does the organization consider the purpose of the change and their potential consequence; the integrity of the QMS; the availability of resources; and allocation and reallocation of responsibilities and authorities?

Implementation Guidelines

1) When a business changes something, the impact of the change needs to be considered before a change is made. The organization must :

1. Define the specifics of what is to be changed
2. Have a plan (tasks, timeline, responsibilities, authorities, budget, resources, needed information, others).
3. Develop a communication plan (appropriate people within the organization, customers, suppliers, interested parties, etc. may need to be informed)
4. Use a cross-functional team to review the plan to provide feedback related to the plan and associated risks
5. Train People
6. Measure the effectiveness

Documented Information if applicable

1. Risk Register
2. Opportunity Register
3. Quality objectives
4. Changelog

For more information on Planning click here

Mail us at:

Clause 5.1 Leadership and commitment

The Requirement

5.1.1 General

The top management has to demonstrate their leadership and commitment to the quality management system. This can be done by taking accountability for the effectiveness of the organization’s quality management system. Top management needs to ensure that the organization’s quality policy and quality objectives are established for the QMS and are compatible with the organization’s overall strategic direction and also with the Organization’s context. Top management shall also ensure that the requirements of the quality management system are an integral part of the organization’s business practices and they should promote the use of risk-based thinking and the use of process approaches throughout their organization. Top management must ensure that the required resources needed for the effective implementation of QMS are available. Top Management must ensure that the importance of effective Quality management is communicated throughout the organization as well as conforming to the QMS requirements. The Top Management must ensure that the quality management system achieves its intended outcomes outputs, by engaging, directing, and supporting persons to contribute to the effectiveness of the quality management system and promoting improvement. The Top Management should be supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. The meaning of “Business” means those activities that are core to the purposes of the organization‘s existence, irrespective of the fact whether the organization is for-profit, Not for profit, public or private.

5.1.2 Customer focus

Top management is required to take the lead on demonstrating leadership and commitment to customer focus by ensuring that all applicable statutory, regulatory and customer requirements are determined, well understood by the organization, and are consistently met.  The organization has to determine all the risks and opportunities that can affect the conformity of the product and services or have the ability to affect the enhancement of customer requirements. The associated risk and opportunities must be adequately addressed. At all times the focus of enhancing customer satisfaction should be maintained. 

Checklist Questions

1. Does the top management demonstrate leadership and commitment w.r.t. the QMS by taking accountability of the effectiveness of the QMS?
2. How are the quality policy and objectives established for the QMS and how are they compatible with the strategic direction and the organizational context?
3. How is the quality policy communicated within the organization? Show how this is understood and applied.
4. How are the requirements of the QMS integrated into the business processes?
5. How do you promote awareness of the process approach?
6. How do you ensure that resources needed for the QMS are available?
7. How do you communicate the importance of effective quality management?
8. How do you communicate the importance of conforming to the QMS requirements?
9. How do you ensure that the QMS achieves its intended results?
10. How do you engage, direct and support people to contribute to the effectiveness of the QMS?
11. How do you promote continual improvement?
12. How do you support other relevant management roles to demonstrate leadership in their areas of responsibility?
13. Show me how top management demonstrates leadership and commitment w.r.t. customer focus ensuring requirements and applicable statutory and regulatory requirements are determined and met.
14. How are risks and opportunities that can affect the conformity of products and services determined?
15. How is the ability to enhance customer satisfaction determined and addressed?
16. How is the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements maintained?
17. How is customer satisfaction maintained?

Implementation Guidelines

1. The top management must establish strategic quality management policies, directives, and objectives consistent with the purpose and capabilities of the organization.
2. The top management must establish the organizational structure and internal environment that motivates personnel to achieve the organization’s quality management goals and objectives.
3. Ensuring the integration of the quality management system requirements into the organization’s business processes is the prime responsibility of the top management.
4. The responsibility of promoting the awareness of the process approach lies with the top management.
5. The top management must ensure that the quality management system achieves its intended outcomes /outputs by clear identification of key result areas for achieving the objectives, preparing the action plans, working as per that plan, reviewing the action and results, and taking suitable corrective and preventive actions.
6. The top management must provide adequate resources to develop, implement, maintain and improve the QMS.
7. The top management must periodically review QMS performance to determine its suitability, adequacy, and effectiveness.
8. Business planning, quality planning, management review, internal communication, organization structure, etc. are process required from the top Management
9. Top management must communicate regularly to the organization on the importance of meeting customer and regulatory requirements. Top management may communicate in any number of ways including meetings, documented policies, memos, directives, email, etc.
10. The organization must understand the current and future needs of customers in terms of products, price, delivery communication, service, and support. It must meet their requirements and strive to exceed their expectations.
11. The organization must have an effective communication process between  customer and  organization, for discussion, review, timing, action, and responsibility
12. Customer focus can be included in the following processes – business planning; communications; sales and marketing; and customer satisfaction feedback; etc. It must also identify what specific documents may be needed for effective planning, operation, and control of these processes. Examples of such documents may include a business plan, statement of customer-related policies and objectives, etc
13. Reference to “business”  can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence; whether the organization is public, private, for-profit, or not for profit

5.2 Policy

The Requirement

5.2.1 Establishing the Quality Policy

Top management is required to establish, implement and maintain a quality policy that is in line with the purpose and context of the organization while at the same time supporting its strategic direction. It should provide a framework for the organization’s quality objectives and must include a commitment to satisfy applicable requirements and must be the basis on which the continual improvements in the quality management system can be achieved.

5.2.2 Communicating the Quality Policy

The Quality Policy should be applied within the organization by ensuring that it communicated and understood within the organization. The Quality Policy should be maintained as documented information and as appropriate should be made available to relevant Interested parties.

 Checklist Questions

1. How does top management establish, review and maintain a quality policy?
2. How is the quality policy determined to be appropriate to the purpose and context of the organization?
3. Does the quality policy provide a framework for setting and reviewing quality objectives?
4. Does the quality policy contain a commitment to satisfy applicable requirements?
5. Does the quality policy include a commitment to continual improvement of the QMS?
6. Where is the quality policy available as documented information?
7. How is the quality policy communicated? How it is understood and applied within the organization.
8. How have you made it available to relevant interested parties?

Implementation Guidelines

1. The quality policy should provide top management’s vision on quality management for the organization. It must provide the organization with focused direction, i.e. high-level goals and objectives for quality management.
2. The quality policy must be consistent with the scope of the QMS and other business, management, and organizational strategies within the organization.
3. The quality policy must specify the commitment to ‘satisfy applicable requirements’  such as being complied with the customer, regulatory, ISO 9001, etc and   ‘continually improve the effectiveness of your QMS’
4. The quality policy must clearly state a commitment to continually improve the effectiveness of the QMS. it may also include other complementary and important policies for business growth, product or manufacturing technology, workforce competence, business flexibility, etc.
5. The quality policy must lead to establishing quality objectives, e.g. if you state in your quality policy that you will “meet customer requirements”, then from this, you might derive customer-focused objectives for – product defects; customer complaints and returns; on-time delivery, etc.
6. As and when required, the Quality policy should be made available to the relevant interested parties.
7. The quality policy is communicated throughout the organization.
8. The quality policy must be reviewed periodically by top management, for significant changes in your organization, e.g. management, ownership, relocation, product, a shift in customer base, etc.

 5.3 Organizational Roles, Responsibilities, and Authorities

The Requirement

Top management must ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization. Top Management must assign the responsibility and authority to ensure that the system conforms to the requirements of ISO 9001 and that the processes are delivering their intended outputs; Top Management must assign the responsibility and authority for the report on the performance of the system, on opportunities for improvement, and on the need for change or innovation, and especially for reporting to top management; Top Management must assign the responsibility and authority to ensure the promotion of customer focus throughout the organization and ensure that integrity of the system is maintained when changes to the system are planned and implemented.

 Checklist Questions

1. How does top management ensure that responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization?
2. How does top management assign the responsibility and authority for ensuring that the QMS conforms to the international standard?
3. How does top management assign the responsibility and authority for ensuring processes are delivering their intended outputs?
4. How are the performance of the QMS, opportunities for improvement, and the need for change or innovation reported to top management?
5. How is customer focus promoted within the organization?
6. How is the integrity of the QMS maintained when changes to the QMS are planned and implemented? 

Implementation Guidelines

1. Top Management must define the structure, hierarchy, and lines of reporting to ensure that duties, responsibilities, and authority of all personnel are defined and communicated.
2. Organization charts, job descriptions, standard operating procedures, work instructions, etc, are some of the many ways that top management may use to define and document this.
3. Organization responsibilities and authorities must be communicated and deployed, as applicable, throughout the organization. Orientation training, appointment postings, training on procedures and work instructions, etc, are some of the many ways in accomplishing this.
4. The top Management must ensure that the integrity of the management system is maintained when changes are planned and implemented.
5. Some of the tasks may be delegated, but it is the management’s responsibility to ensure they are planned, implemented, and achieved.

Documented Information if applicable

1. Sample Quality Policy
2. Job Responsibility

For more information on Leadership click here–

Mail us at:

Clause 4.1 Understanding the Organization and its context

The Requirement

The organization should determine external and internal issues for the organization relevant to its purpose, strategic planning and which affect the organization’s ability to achieve its objectives. The Organization should monitor and review the information about external and internal issues. The organization must consider issues related to values, cultural knowledge, and performance of the organization for the understanding of internal issues. The organization must consider issues related to arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local for the understanding of the external context. For considering internal context as well as external factors both positive as well as negative factors must be considered. The organization must determine whether climate change is a relevant issue.

Checklist Questions

1. How has the organization determined external and internal issues relevant to its purpose and strategic direction?
2. How do these affect the ability to achieve the intended result of the QMS?
3. How do you monitor and review information about these internal and external issues?
4. Has the organization determined whether climate change is a relevant issue?

Implementation Guidelines

1. Internal issues are all positive and negative factors related to values, culture, knowledge, and performance of the
2. External issues are all positive and negative external factors arising from the legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local.
3. An organization’s internal context is the internal environment within which the organization seeks to achieve its sustainability goals.
4. Internal and external context can also be defined as anything within the organization that may influence how the organization manages its internal and
5. Once the internal and external context is understood, one can conduct the macro-environmental external analysis using “PEST” (political, economic, social, and technological) analysis. This analysis determines which factors can influence how the organization operates. The organization cannot control these factors, but it must seek to adapt to them. The PEST factors can be classified as opportunities and threats in a SWOT (strengths, weaknesses, opportunities, and threats) analysis. Alternatively, you might use Porter’s “Five Forces Model.” These methods are used to review a strategy or position or direction of an organization. Completing a pest analysis is simple and helps the individuals involved in the organization to understand and find ways to deal with the context.
6. The organization must periodically review(min once in six months) the internal and external issues.

Clause 4.2 Understanding the needs and expectations of interested parties.

The Requirement

The organization shall determine relevant interested parties and relevant requirements of relevant interested parties. Relevant interested parties to be considered are those that could affect or potentially affect the organization’s ability to constantly provide products and services that meet customer and applicable statutory and regulatory requirements. Monitor and review information related to interested parties and relevant requirements. Relevent interested parties can have requirements related to climate changes.

Checklist Questions

1. How have you determined what interested parties are relevant to the QMS?
2. How have you determined what requirements those parties have that are relevant to the QMS?
3. How has an impact or potential impact been determined?
4. Does the organization monitor and review the information about these interested parties and their relevant requirement?

Implementation Guidelines

1. Firstly, the organization will need to determine external and internal issues that are relevant to its purpose.
2. Next, the organization has to determine relevant interested parties and relevant requirements of relevant interested parties. An interested party is a person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity that’s within the scope of the management system.
3. The organization must periodically review(min once in six months) the requirements of the relevant interested parties

Clause 4.3. Determining the scope of the quality management system

The Requirement

The organization must establish the scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1., the requirements of relevant interested parties in 4.2. and the products and services of the organization. Requirements from these International standards that can be applied by the organization shall be applied within the scope of the QMS. Requirements from this International standard that cannot be applied by the organization and which does not affect the organization’s ability or responsibility to provide product and services that meet the conformity of its product and services and enhancement of the customer satisfaction. The organization must make available the scope and must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement of this International Standard cannot be applied.

Checklist Questions

1. Has the organization established the scope of its QMS?
2. How have the boundaries and applicability of the QMS been used to establish the scope of the organization?
3. Does the scope state the types of products and services covered?
4. While determining the scope, has the organization determined the external and internal issues, requirements of relevant interested parties, products, and services of the organization?
5. How has the application of the International Standard within the scope been determined, and how has it been applied by the organization?
6. How have any requirements of the International Standard been determined as not applicable? Can you justify how instances of requirements of the QMS cannot be applied? Show me how the conformity of products and services is not affected by this.
7. Where is the scope available? Where is it maintained as documented information?

Implementation Guidelines

1) To start, there are three considerations to be included when determining the scope:

1. External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
2. Requirements of relevant interested parties
3. The product and service of the organization

2) the scope is to include any requirements of the ISO 9001 standard that can be applied, and if a requirement is determined to not apply,

Clause 4.4 Quality management system and its processes

The Requirement

Clause 4.4.1

The organization must establish, implement, maintain and continually improve its quality management system as per the requirement of this standard by determining the process needed and its application throughout the organization. While determining the processes, the organization must determine the inputs required and the outputs expected from these processes, the sequence, and interaction of these processes, The organization must control these processes to ensure its effective operation. The organization must establish the criteria and methods which include monitoring, measurements, and other related performance indicators to ensure the effective operation and control of these processes. The organization must determine and ensure the availability of the resources needed for the effective operation of these processes. The personnel having authority and responsibilities for these processes must be identified. As per clause 6.1, the organization must determine risks and opportunities, analyze them, and must take appropriate action to address them. There must be methods for monitoring, measuring, as appropriate, and evaluating these processes. The organization must make changes in its process if it fails to achieve the intended result. The organization must look for opportunities for improvement of these processes and for Quality management system as a whole.

Clause 4.4.2

The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.

Checklist Questions

1. How has the QMS been established? Show how this is implemented. How is it maintained and continually improved? How have the processes been determined and how do they interact?
2. How have the processes been determined for the QMS?
3. What are the inputs and outputs for those processes?
4. What is the sequence and interaction of the processes?
5. What are the criteria, methods, measurement and related performance indicators needed to operate and control those processes?
6. What resources are needed and how are these made available?
7. How are responsibilities and authorities assigned for those processes?
8. How are risks and opportunities considered and what plans are made to implement actions to address them?
9. What methods are used to monitor, measure and evaluate processes and, if needed, what changes are made to achieve intended results?
10. How are opportunities to improve the processes and the QMS determined?
11. What documented information exists to support the operation of processes? How is this documented information retained? How confidence that the processes are being carried out as planned determined?

Implementation Guidelines

1. Clause 4.4.1 requires the ‘Process Approach’ to be used in defining your QMS. QMS processes including  processes for operations, management(leadership) activities, Planning which includes risk assessment, support processes (such provision of resources, communication, etc), Operation, performance evaluation, and Improvement
2. Based on these factors, you must determine what processes need to be documented and how you will document them. Not all processes need to be documented; your documents must also include a description of the interaction between your QMS processes.
3. A number of different methods can be used to document processes, such as graphical representations, written instructions, checklists, flow charts, visual media, or electronic methods, etc.
4. Process flowcharts or block diagrams can show how policies, objectives, influential factors, job functions,  activities, material, equipment, resources, information, people and decision making interact and/or interrelate in a logical order.
5. Procedures may be an acceptable way to document processes provided they describe inputs and outputs, appropriate responsibilities, controls, and resources needed to satisfy customer requirements.
6. the organization shall have to ensure that adequate responsibilities and authorities are assigned
7. when planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization

Documented Information if applicable

1. Internal Issues
2. External Issues
3. PEST Format
4. SWOT Format
5.  Poter’s  5 Forces
6. Needs and expectations of Interested Parties
7. Steps to derive the scope of the organization
8. Process definition

For more information on Context of organization click here-