Information
ISO 9001:2015 Internal Audit
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
-
Summary
4 Context of the organization
4.1 Understanding the organization and its context
-
Verify how the organization has determined external and internal issues relevant to its purpose and strategic direction.
-
Verify how these issues affect the ability to achieve the intended result of the QMS.
-
Verify how the organization monitors and reviews information about these internal and external issues.
4.2 Understanding the needs and expectations of interested parties
-
Verify how organization determined relevant interested parties to QMS.
-
Verify how the organization has determined the relevant needs and expectations of interested parties.
-
Verify how the organization has determined the impact or potential impact of the interested parties.
-
Verify how the organization monitors and reviews information about interested parties and their relevant requirements.
4.3 Determining the scope of the quality management system
-
Verify the QMS scope considers the following:
-
External and internal issues.
-
The requirements of relevant interested parties.
-
The products and services of the organization.
-
Verify how the organization has determined how the ISO 9001:2015 standard is applied within the organization.
-
If the organization has determined any of the requirements of the ISO 9001:2015 standard not to be applicable, show me how conformity of products and services are not affected by this.
-
Verify QMS scope is documented.
-
Verify scope states what products and services are covered by the QMS and how it justifies instances where requirements cannot be applied.
4.4 Quality management system and its processes
-
Show me how the processes have been determined and how they interact.
-
Verify how the processes for the QMS were determine. Verify the inputs and outputs to the processes.
-
Verify the sequence and interaction of of the processes.
-
Verify the criteria, methods, measurement and related performance indicators needed to operate and control the processes.
-
Verify how resources are determined and allocated.
-
Verify how responsibilities and authorities are determined.
-
Verify how risks and opportunities are considered and what actions are taken to address them.
-
Verify what methods are used to monitor, measure and evaluate processes. Verify changes, if needed, are implemented to achieve intended results.
-
Verify how opportunities for improvement for the QMS and its processes are determined.
-
Reviewed documented information created to support the operation of its processes.
-
Verify documented information is established and maintained for:
-
General description of relevant interested parties
-
QMS scope, including boundaries and applicability
-
QMS process descriptions and their application
-
Sequence and interaction of these processes
-
Assignment of the responsibilities and authorities for these processes
5 Leadership
5.1 Leadership and commitment
-
Top management is identified
-
Verify top management demonstrates leadership and commitment by
-
Taking accountability for QMS effectiveness
-
Ensuring the QMS policy and objectives are established and are compatible with strategic direction and context of organization
-
Ensuring the QMS is integrated into organization's business processes
-
Promoting the use of the process approach and risk-based thinking
-
Ensuring resources are available
-
Communicating the importance of effective QMS and of conforming to its requirements
-
Ensuring intended outcomes
-
Engaging, directing and supporting persons to contribute to the effectiveness of the QMS
-
Promoting continuous improvement
-
Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of respsonsibility
-
Verify how top management demonstrates leadership and commitment with respect to customer focus by ensuring that
-
customer and applicable statutory and regulatory requirements are determined, understood and consistently met.
-
the risks and opportunities that affect product and service conformity and the ability to enhance customer satisfaction are determined and addressed.
-
the focus of enhancing customer satisfaction is maintained.
-
product and service conformity and on-time delivery performance are measured and appropriate action is taken if planned results are not, or will not be, achieved
5.2 Policy
-
Verify the quality policy ...
-
is appropriate to the purpose and context of the organization and supports its strategic direction.
-
provides a framework for setting quality objectives.
-
includes a commitment to satisfy applicable requirements.
-
includes a commitment to continual improvement of the QMS.
-
Verify QMS Policy is maintained as documented information.
-
Verify QMS Policy is communicated, understood and applied within the organization.
-
Verify QMS Policy is available to relevant interested parties.
5.3 Organizational roles, responsibilities and authorities
-
Verify responsibilities and authorities for relevant roles are assigned and communicated within the organization
-
Verify top management assigns responsibility and authority for..
-
ensuring the QMS conforms to the ISO 9001:2015 standard.
-
ensuring that processes are delivering their intended outputs.
-
reporting on the performance of the QMS and on opportunities for improvement, in particular to top management.
-
ensuring the promotion of customer focus throughout the organization.
-
ensuring the integrity of the QMS is maintained when changes to the QMS are planned and implemented.
-
Verify top management has identified a management representative and has access to top management to resolve quality management issues
6 Planning
6.1 Actions to address risks and opportunities
-
Verify how the internal and external issues and interested parties are considered when planning for the QMS?
-
Verify how risks and opportunities are determined and addressed so the QMS can achieve its intended results, prevent and reduce undesired effects and achieve continual improvement
-
Verify how actions are planned to address risks and opportunities.
-
Verify how actions are integrated and implemented into the QMS processes.
-
Verify how the organization evaluates the effectiveness of the actions.
-
Verify how actions are taken to address risks and opportunities determined as being appropriate to the potential impact on the conformity of products and services.
6.2 Quality objectives and planning to achieve them
-
Verify quality objectives are established at relevant functions, levels and processes.
-
Verify the quality objectives are..
-
consistent with the quality policy.
-
measurable.
-
taking into account applicable requirements.
-
relevant to the conformity of products and services and to the enhancement of customer satisfaction.
-
moinitored.
-
communicated.
-
updated as appropriate.
-
Verify objectives are documented.
-
Verify how the organization determines what will be done, with what resources, when completed and how the results will be evaluated for quality objectives.
6.3 Planning of changes
-
Verify how QMS changes are planned systematically.
-
Verify how the organization demonstrates the purpose and potential consequences of changes.
-
Verify how the organization considers the integrity of the QMS.
-
Verify how resources are made available.
-
Verify how responsibility and authority is allocated and reallocated.
7 Support
7.1 Resources
-
Verify how resources are determined for the organization.
-
Show me how the capabilities and constraints on internal resources are considered.
-
Show me how needs from external providers are considered.
-
Verify how the organization provides persons necessary to consistently meet customer, applicable statutory and regulatory requirements for the QMS including the necessary processes.
-
Verify how the organization determines, provides and maintains the infrastructure for the operation of processes to achieve products and services conformity.
-
Verify how the organization determines, provides and maintains the environment for the operation of processes to achieve products and service conformity.
-
Verify how resources are determined to ensure valid and reliable monitoring and measuring results.
-
Verify how the organization ensures that the resources provided are suitable for the specific type of monitoring and measurement activities being undertaken and that they are maintained to ensure continued fitness of purpose.
-
Verify documented information that shows evidence of fitness for purpose of monitoring and measurement resources.
-
Show me how measurement instruments are verified or calibrated at specific intervals against national or international standards. If no standards, show me documented information which is used as the basis for calibration or verification.
-
Show me how measurement instruments are identified.
-
Show me how measurement instruments are safeguarded from adjustments, damage and deterioration.
-
Verify process for recall of monitoring and measuring equipment requiring calibration or verification.
-
Verify monitoring and measuring equipment register includes:
-
equipment type
-
unique identification
-
location
-
calibration/verification method
-
frequency
-
acceptance criteria
-
Verify calibration or verification of monitoring and measuring equipment is carried out under suitable environmental conditions
-
Verify how the organization determines the validity of previous measurements if you find an instrument to be defective during verification or calibration. Verify any actions taken.
-
Verify how the organization determines the necessary knowledge for the operation of processes and achieves conformity of products and services.
-
Verify how knowledge is maintained and made available to the extent necessary.
-
Verify how the organization determines current knowledge and how its acquires additional knowledge when addressing changing needs and trends.
7.2 Competence
-
Show me how you determine the necessary competence of people doing work under your control that affects quality performance.
-
Show me how you determine competence on the basis of appropriate education, training or experience.
-
Show me how you take actions to acquire necessary competence where applicable and how do you evaluate the effectiveness of those actions.
-
Verify documented information as evidence of competence where appropriate.
7.3 Awareness
-
Verify people doing work under the organization's control are aware of
-
the quality policy.
-
the relevant quality objectives.
-
their contribution to the effectiveness of the QMS, including the benefits of improved performance.
-
the implications of not conforming with the QMS requirements.
-
relevant QMS documented information and changes to it.
-
their contribution to product or service conformity.
-
their contribution to product safety.
-
the importance of ethical behavior.
7.4 Communication
-
Verify internal and external communication process (what, when, with whom and how to communicate).
7.5 Documented information
-
Verify documented information required by the ISO 9001:2015 standard.
-
Verify documented information that shows the effectiveness of the QMS.
-
Show me that your documented information contains appropriate identification, format (language, software version, graphics, ...) and media (paper, electronic, ...).
-
Show me how the documented information is reviewed and approved for suitability and adequacy.
-
Show me how you control documented information and make it available and suitable for use. Tell me how you protect your documented information.
-
Verify how the organization controls the distribution, access, retrieval, use, storage, preservation, legibility, control of changes, retention and disposition of documented information.
-
Verify how the organization prevents the unintended use of obsolete documented information by removal or by application of suitable identification or controls if kept for any purposes
-
Verify documented information of external origin is identified, as appropriate, and controlled.
-
Verify data protection process is defined if documented information is managed electronically
8 Operation
8.1 Operational planning and control
-
Verify how the organization has planned, implemented and controlled processes needed to meet the requirements of products and services.
-
Verify how requirements for products and services are determined.
-
Consider the following:
1. personal/product safety
2. producibility and inspectability
3. reliability, availability and maintainability
4. suitability of parts and materials used in the product
5. selection and development of embedded software
6. product obsolescence
7. prevention, detection and removal of foreign objects
8. handling, packaging and preservation
9. recycling or final disposal of the product at the end of its life -
Verify how criteria for processes and acceptance for products and services are determined.
-
Consider the following:
1. design verification
2. process control
- selection and verification of key characteristics
- process capability measurements
- SPC
- DOE
3. verification
4. FMEA -
Verify how resources are determined to achieve product/service conformity and meet on-time delivery
-
Verify how process control is implemented.
-
Show me documented information that demonstrates processes have been carried out as planned and can demonstrate conformity of products and services.
-
Verify processes and controls to manage critical items, including production process controls when key characteristics have been identified, are determined.
-
Verify representatives of affected functions have been engaged.
-
Verify processes and resources to support the use and maintenance of the product/service have been determined.
-
Verify products/services to be obtained from external providers have been determined.
-
Verify controls have been established to prevent delivery of nonconforming products/services to the customer.
-
Verify the organization plans and manages the product/service provision in a structure and controlled manner (i.e. project planning, project management or program management).
-
Determine how output from the planning process is suitable for operations.
-
Quality plan can be the documented information showing the QMS processes and the resources to be applied.
-
Verify how planned changes are controlled. Verify how unintended changes are reviewed and what actions are taken to mitigate any adverse effects, as necessary.
-
Verify how outsourced processes are controlled.
8.1.1 Operational Risk Management
-
Verify process for managing operational risks which includes:
-
assignment of responsibilities for operational risk management.
-
definition of risk assessment criteria (i.e. likelihood, consequences, risk acceptance).
-
identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria.
-
acceptance of risks remaining after implementation of mitigating actions.
8.1.2 Configuration Management
-
Verify configuration management process is planned, implemented and controlled throughout the product life cycle.
-
Verify configuration process controls product identity and traceability to requirements, including the implementation of identified changes.
-
Verify documented information (i.e. requirements, design, verification, validation and acceptance documentation) is consistent with actual attributes of the products and services.
8.1.3 Product Safety
-
Verify process is planned, implemented and controlled to assure product safety during the entire product life cycle, as appropriate.
-
Potential examples could include:
1. assessment of hazards and management of associated risks.
2. management of safety critical items.
3. analysis and reporting of occurred events affecting safety.
4. communication of these events and training of persons.
8.1.4 Prevention of Counterfeit Parts
-
Verify process is planned, implemented and controlled to prevent counterfeit or suspect part use and their inclusion in product(s) delivered to the customer.
-
Counterfeit part prevention processes should consider:
1. training of appropriate persons in the awareness and prevention of counterfeit parts.
2. application of a parts obsolescence monitoring program.
3. controls for acquiring externally provided product from original or authorized manufactures, authorized distributors or other approved sources.
4. requirements for assuring traceability of parts and components to their original or authorized manufacturers.
5. verification and test methodologies to detect counterfeit parts.
6. monitoring of counterfeit parts reporting from external sources.
7. quarantine and reporting of suspect or detected counterfeit parts.
8.2 Determination of requirements for products and services
-
Verify processes created for communicating with customers on information relating to products, services, enquiries, contracts, order handling, customer views, perceptions and complaints, handling or treatment of customer property and specific requirements for contingency actions.
-
Verify process to determine the requirements for products and services to be offered to potential customers and how the process is established, implemented and maintained.
-
Verify how product and service requirements including statutory and regulatory requirements are defined. Verify that the organization has the ability to meet the defined requirements and substantiate any claims for its products and services.
-
Verify special requirements of the products and services are determined.
-
Verify organizational risks (i.e. new technology, ability and capacity to provide, short delivery time frame) have been identified
-
Verify how the organization reviews..
-
customer requirements for delivery and post-delivery.
-
requirements necessary for customer's specified or intended use, where known.
-
statutory and regulatory requirements applicable to the products and services.
-
other contract or order requirements.
-
Verify review is coordinated with applicable functions throughout the organization
-
Verify mutual agreement was negotiated with the customer if some customer requirements cannot be met or can only partially be met.
-
Show me that the review is conducted prior to the organization's commitment to supply products and services to the customer.
-
Verify how the organization resolves differences in the contract or order requirements from those previously defined.
-
Verify how the organization confirms customer requirements where the customer doesn't provide a documented statement.
-
Verify documented information of reviews describing new or changed requirements to products and services.
-
Verify documented information of amended reviews and how relevant personnel are made aware of those changes.
8.3 Design and development of products and services
-
Verify how the design and development process is established, implemented and maintained.
8.3.2 Design and development planning
-
In determining the stages and control for design and development, verify the organization considers..
-
the nature, duration and complexity of the activities.
-
the requirements that specify particular process stages including applicable reviews.
-
required verification and validation.
-
responsibilities and authorities.
-
how interfaces are controlled between individuals and parties.
-
the need for involvement of customer and user groups.
-
Verify documented information that confirms design and development requirements have been met.
-
Verify the design and development effort is divided into distinct activities and that for each activity, the tasks, necessary resources, responsibilities, design content and inputs/outputs are defined (when appropriate)
-
Verify planning considers the ability to provide, verify, test and maintain products and services (reference output of 8.1.a)
8.3.3 Design and development inputs
-
In determining requirements essential for the type of products and services being designed and developed, the organization shall consider..
-
functional and performance requirements.
-
information derived from previous similar design and development activities.
-
statutory and regulatory requirements.
-
standard or codes of practice that the organization has committed to implement.
-
potential consequences of failure due to the nature of the products and services.
-
potential consequences of obsolescence, when applicable (i.e. materials, processes, components, equipment, products)
-
Verify that the inputs are complete and unambiguous.
-
Verify documented information on design and development inputs are retained.
8.3.4 Design and development controls
-
Verify the organization applies controls to the design and development process to ensure that..
-
the results to be achieved are defined.
-
reviews are conducted to evaluate the ability of the results of design and development to meet requirements.
-
verification activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use.
-
validation activities are conducted to ensure that the resulting products and services meet the requirements of the specified application or intended use.
-
any necessary actions are taken on problems determined during the reviews, or verification and validation activities.
-
progression to the next stage is authorized.
-
Verify documented information of these activities are retained.
-
Verify participants in design and development reviews are representatives of functions concerned stages being reviewed.
-
Verify verification and validation tests are planned, controlled, reviewed, and documented to ensure and prove the following:
-
test plans or specifications identify the test item being tested and the resources being used, define test objectives and conditions, parameters to be recorded and relevant acceptance criteria.
-
test procedures describe the test methods to be used, how to perform the test and how to record the results.
-
the correct configuration of the test item is submitted for the test.
-
the requirements of the test plan and the test procedures are observed.
-
the acceptance criteria are met.
-
Verify monitoring and measuring used for testing are controlled per section 7.1.5
-
Review completed design/development to verify that reports, calculations, test results, etc. demonstrate that the design for the product/service meets the specification requirements for all identified operational conditions.
8.3.5 Design and development outputs
-
Verify the organization ensures the design and development outputs..
-
meet the input requirements.
-
are adequate for the subsequent processes for the provision of products and services.
-
include or reference monitoring and measuring requirements, as appropriate , and acceptance criteria.
-
specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision.
-
specify, as applicable, any critical items, including any key characteristics, and specific actions to be taken for these items.
-
are approved by authorized person(s) prior to release.
-
Verify data required to allow the product to be identified, manufactured, verified, used and maintained is defined.
-
Data can include:
1. drawings, part lists and specifications necessary to define the configuration and the design features of the product.
2. material, process, manufacturing, assembly, handling, packaging and preservation data needed to provide and maintain a conforming product or service.
3. technical data and repair schemes for operating and maintaining the product. -
Verify documented information on design and development outputs are retained.
8.3.6 Design and development changes
-
Verify the organization identifies, reviews and controls changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.
-
Verify process to notify customer prior to its implementation about changes that affect customer requirements.
-
Verify documented information on design and development changes, the result of reviews, the authorization of changes and the actions taken to prevent adverse impacts are retained.
8.4 Control of externally provided processes, products and services
8.4.1 General
-
Verify how the organization ensures externally provided processes, products and services conform to specified requirements.
-
Verify that the organization is responsible for the conformity of all externally provided processes, products and services, including those from sources defined be the customer.
-
Verify customer-designated or approved external providers, including process sources (i.e. special processes), are used, when required.
-
Verify risks associated with the external provision of processes, products and services as well as the selection and use of external providers are identified and managed.
-
Verify external providers apply appropriate controls to their direct and sub-tier external providers to ensure requirements are met.
-
Verify controls applied to externally provided processes, products and services when products and services are intended for incorporation into the organization's own products and services, products and services are provided directly to the customer or a process, or part of a process, is provided by an external provider as a result of a decision by the organization.
-
Verify how the organization determines and applies criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers.
-
Verify documented information of activities and actions arising from the evaluations.
-
Verify the process, responsibilities and authority for the approval status decision, changes of the approval status and conditions for a controlled use of external providers depending on their approval status.
-
Verify external provider register that includes, approval status and scope of approval.
-
Verify external provider performance including conformity and on-time delivery performance is reviewed periodically.
-
Verify actions required when external providers do not meet requirements are defined.
-
Verify requirements for controlling documented information created by/retained by external providers are defined.
8.4.2 Type and extent of control
-
Verify how the organization determines controls applied to the external provision of processes, products and services and the resulting output.
-
Verify how the organization considers the potential impact of the external provided processes, products and services on its ability to meet customer and applicable statutory and regulatory requirements.
-
Verify the effectiveness of the controls applied by the external provider.
-
Verify the results of the periodic review of external provider performance (see 8.4.1.1.c)
-
Verify how the organization determines the verification, or other activities, necessary to ensure the externally provided processes, products and services meet requirements.
-
Verify that verification activities (inspection or periodic testing when there is a high risk of NC including counterfeit parts) are based on risks identified by the organization.
-
Verification activities can include:
1. review of objective evidence from the external provider.
2. inspection and audit at the external provider's premises.
3. review of the required documentation.
4. review of PPAP data.
5. inspection of products or verification of services upon receipt.
6. review of delegations of product verification to the external provider. -
Verify externally provided product pending completion of required verification activities is identified and recorded to allow for recall and replacement, if required.
-
Verify scope and requirements are defined and a register is maintained when verification activities are delegated to the external provider. This process shall be periodically monitored.
-
Verify process to validate the accuracy of test reports used to confirm that the product meets requirements.
8.4.3 Information for external providers
-
Verify the organization communicates to external providers its requirements for..
-
the processes, products and services to be provided including the identification of relevant technical data (i.e. specifications, drawings, process requirements, work instructions).
-
the approval of product and services; methods, processes and equipment; and the release of products and services.
-
competence, including any required qualification of persons.
-
the external providers' interactions with the organization.
-
control and monitoring of the external providers' performance to be applied by the organization.
-
verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises.
-
design and development control.
-
special requirements, critical items or key characteristics.
-
test, inspection and verification (including production process verification).
-
the use of statistical techniques for product acceptance and related instructions for acceptance by the organization.
-
the need to implement a quality management system.
-
the need to use customer-designated or approved external providers, including process sources (i.e. special processes).
-
the need to notify the organization of nonconforming processes, products or services and obtain approval for their disposition.
-
the need to prevent the use of counterfeit parts (see 8.1.4).
-
the need to notify the organization of changes to processes, products or services, including changes of their external providers or location of manufacture, and obtain the organization's approval.
-
the need to flow down to external providers applicable requirements including customer requirements.
-
the need to provide test specimens for design approval, inspection/verification, investigation or auditing.
-
the need to retain documented information, including retention periods and disposition requirements.
-
the right of access by the organization, their customer and regulatory authorities to the applicable areas of the facilities and to applicable documented information, at any level of the supply chain.
-
ensuring that persons are aware of their contribution to product or service conformity.
-
ensuring that persons are aware of their contribution to product safety.
-
ensuring that persons are aware of the importance of ethical behavior.
8.5 Production and service provision
8.5.1 Control of production and service provision
-
Verify the organization has documented information that defines the characteristics of the products to be produced, the services to be provided or the activities to be performed and the results to be achieved.
-
1. Documented information that defines characteristics of products and services can include digital product definition data, drawings, parts lists, materials and process specifications.
2. Documented information for activities to be performed and results to be achieved can include process flow charts, control plans, production documents (i.e. manufacturing plans, travelers, routers, work orders, process cards) and verification documents. -
Verify the availability and use of suitable monitoring and measuring resources.
-
Verify the implementation of monitoring and measuring activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met.
-
Verify documented information for monitoring and measuring activity for product acceptance includes:
-
criteria for acceptance and rejection.
-
where in the sequence verification operations are to be performed.
-
measurement results to be retained (at a minimum an indication of acceptance or rejection).
-
any specific monitoring and measurement equipment required and instructions associated with their use.
-
Verify sampling plan is justified on the basis of recognized statistical principles and appropriate for use if sampling is used for product acceptance.
-
Verify the use of suitable infrastructure (i.e. jigs, fixtures, molds) and environment for the operation of processes.
-
Verify the appointment of competent persons, including any required qualification.
-
Verify the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement. (these processes could be referred to as special processes)
-
Verify the implementation of actions to prevent human error (i.e. poke yoke, visual locations, checklist, emergency stops, templates, document control, ...)
-
Verify the implementation of release, delivery and post-delivery activities.
-
Verify the establishment of criteria for workmanship (i.e. written standards, representative samples, illustrations)
-
Verify all products (i.e. parts quantities, split orders, nonconforming product) during production are accounted for
-
Verify identified critical items, including key characteristics, are controlled and monitored.
-
Verify methods are determined to measure variable data (i.e. tooling, on-machine probing, inspection equipment)
-
Verify in-process inspection/verification points have been identified when adequate verification of conformity cannot be performed at later stages.
-
Verify the availability of evidence that all production and inspection/verification operations have been completed as planned, or as otherwise documented and authorized.
-
Verify the provision for the prevention, detection and removal of foreign objects.
-
Verify the control and monitoring of utilities and supplies (i.e. water, compressed air, electricity, chemical products) to the extent they affect conformity to product requirements.
-
Verify products are identified and recorded before being released for subsequent production use pending the completion of all required measuring and monitoring activities (allow for recall and replacement)
8.5.1.1 Control of Equipment, Tools and Software Programs
-
Verify equipment, tools and software programs used to automate, control, monitor or measure production processes are validated prior to final release for production and are maintained.
-
Verify storage requirements for production equipment or tooling (include any periodic preservation or condition checks) are defined.
8.5.1.2 Validation and Control of Special Processes
-
Verify output of processes that cannot be verified by subsequent monitoring or measurement have established arrangements including, as applicable:
-
definition of criteria for the review and approval of the processes.
-
determination of conditions to maintain the approval.
-
approval of facilities and equipment.
-
qualification of persons.
-
use of specific methods and procedures for implementation and monitoring the processes.
-
requirements for documented information to be retained.
8.5.1.3 Production Process Verification
-
Verify production process verification activities that ensure the production process is able to produce products that meet requirements are implemented.
-
These activities can include risk assessments, capacity studies, capability studies and control plans.
-
Verify First Article Inspection (FAI) process.
-
Verify retained documented information for FAI.
8.5.2 Identification and traceability
-
Verify how organization identifies outputs from the process to ensure conformity.
-
Verify that the organization maintains the identification of the configuration of the products and services in order to identify any differences between the actual configuration and the required configuration.
-
How does the organization identify the status of process outputs.
-
Verify how the organization controls the unique identification of process outputs when traceability is required. Verify documented information of traceability, where required.
-
Verify stamps, electronic signatures, passwords, etc. are controlled.
-
Traceability requirements can include:
1. Identification to be maintained throughout the product life
2. Ability to trace products manufactured from the same batch of raw materials or manufacturing batch to delivery
3. Ability to trace components in assembly to the next higher assembly
4. Ability to sequentially record a product's production
8.5.3 Property belonging to customers or external providers
-
What care is provided to customers' or external providers' property?
-
Verify how the organization identifies, verifies, protects and safeguards customers' or external providers' property which is provided for use or incorporation into the organization's products or services.
-
Verify retained documented information for property that is damaged or otherwise found to be unsuitable for use.
8.5.4 Preservation
-
Verify how the organization ensures preservation of the process outputs to ensure conformity to requirements.
-
Verify that preservation of outputs, when applicable in accordance with specifications and applicable statutory and regulatory requirements, provisions for:
-
cleaning
-
prevention, detection and removal of foreign objects
-
special handling and storage for sensitive products
-
marking and labeling, including safety warnings and cautions
-
shelf life control and stock rotation
-
special handling and storage for hazardous materials
8.5.5 Post-delivery activities
-
Verify the organization considers the following to meet post-delivery activities.
-
statutory and regulatory requirements
-
potential undesired consequences associated with its products and services
-
the nature, use and intended lifetime of its products and services
-
customer requirements
-
customer feedback
-
collection and analysis of in-service data (i.e. performance, reliability, lessons learned)
-
control, updating and provision of technical documentation relating to product use, maintenance, repair and overhaul
-
controls required for work undertaken external to the organization (i.e. off-site work)
-
product/customer support (i.e. queries, training, warranties, maintenance, replacement parts, resources, obsolescence)
-
Verify organization takes appropriate action when problems are detected after delivery.
8.5.6 Control of changes
-
Verify how the organization reviews and controls changes for production or service provision.
-
Verify retained documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review.
-
Verify persons authorized to approve production or service changes (i.e. changes affecting processes, production equipment, tools, or software programs) are identified.
8.6 Release of products and services
-
Verify at appropriate stages product and service requirements have been met.
-
Verify products and services are not released to the customer until the planned arrangements have been satisfactorily completed, unless otherwise approved by relevant authority and, as applicable, by the customer.
-
Verify retained documented information that shows evidence of conformity with acceptance criteria and traceability to person(s) authorizing the release.
-
Verify retained documented information shows evidence that the products and services meet defined requirements when required to demonstrate product qualification.
-
Verify the organization provides all documented information required to accompany the products and services are present at delivery.
8.7 Control of nonconforming outputs
-
Verify that outputs that do not conform to requirements are identified and controlled.
-
Verify appropriate action is taken for nonconforming products and services (also include after delivery of product or during/after the provision of services).
-
Correction.
-
Segregation, containment, return or suspension of provision of products and services.
-
Informing the customer.
-
Obtaining authorization for acceptance under concession by a relevant authority and, when applicable, by the customer.
-
Verify documented information for the nonconformity control process includes provisions for:
-
defining the responsibility and authority for the review and disposition of nonconforming outputs and the process for approving persons making these decisions.
-
taking actions necessary to contain the effect of the nonconformity on other processes, products or services.
-
timely reporting of nonconformities affecting delivered products and services to the customer and to relevant interested parties.
-
defining corrective actions for nonconforming products and services detected after delivery, as appropriate to their impacts.
-
Dispositions of use-as-it or repair of the acceptance of nonconforming products shall only be implemented:
-
after approval by an authorized organization representative responsible for design or by persons delegated authority form the design organization.
-
after authorization by the customer, if the nonconformity results in a departure from the contract requirements.
-
Verify product dispositioned for scrap is conspicuously and permanently marked, or positively controlled, until physically rendered unusable.
-
Verify counterfeit, or suspect counterfeit, parts are controlled to prevent reentry into the supply chain.
-
Verify conformity to the requirements when nonconforming outputs are corrected.
-
Verify retained documented information that describes the nonconformity, describes actions taken, describes any concessions obtained and identifies the authority deciding the action in respect of the nonconformity.
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
-
Verify the organization has determined what needs to be monitored and measured, the methods to be used, when it will be performed, analyzed and evaluated.
-
Verify the organization evaluates the performance and effectiveness of its QMS.
-
Review retained appropriate documented information
-
Verify the organization monitors customers' perceptions of the degree to which their needs and expectations have been fulfilled.
-
Verify following minimum information used to monitor customer satisfaction:
-
product and service conformity.
-
on-time delivery.
-
customer complaints.
-
corrective action requests.
-
Verify plans have been developed and implemented to addresses identified deficiencies and evaluate their effectiveness.
-
Verify the organization analyzes and evaluates (can include information from external sources (i.e. government/industry alerts, advisories):
-
conformity of products and services.
-
the degree of customer satisfaction.
-
the performance and effectiveness of the QMS.
-
if planning has been implemented effectively.
-
the effectiveness of actions taken to address risks and opportunities.
-
the performance of external providers.
-
the need for improvements the the QMS.
9.2 Internal audit
-
Verify audits are conducted at planned intervals
-
Verify organization has established, implemented, and maintains an internal audit program
-
Verify the importance of the process, changes affecting the organization and the results of previous audits are considered
-
Verify audit criteria and scope are created for each audit
-
Auditors are objective and impartial
-
Audit results reported to relevant management
-
Verify appropriate correction and corrective actions are taken without delay
-
Review retained documented information
9.3 Management review
-
Verify management reviews QMS at planned intervals
-
Verify inputs to management review includes:
-
status of actions from previous management reviews
-
changes in external and internal issues relevant to the QMS
-
customer satisfaction and feedback from relevant interested parties
-
the extent to which quality objectives have been met
-
process performance and conformity of products and services
-
nonconformities and corrective actions
-
monitoring and measurement results
-
audit results
-
the performance of external providers
-
on-time delivery performance
-
adequacy of resources
-
effectiveness of actions taken to address risks and opportunities
-
opportunities for improvement
-
Verify outputs to management review includes:
-
opportunities for improvement
-
any need for changes to the QMS
-
resource needs
-
risks identified
-
Verify retained documented information
10 Improvement
10.1 General
-
Verify the organization determines and selects opportunities for improvement to improve products and services, corrects, prevents or reduces undesired effects and improves the performance and effectiveness of the QMS.
10.2 Nonconformity and corrective action
-
Verify how organization reacts to nonconformity, including complaints, by evaluating how its takes action to control and correct it and how it deals with the consequences.
-
Verify how the organization evaluates the need for action to eliminate the cause(s) (including, as applicable, those related to human factors) of the nonconformity, in order that it does not recur or occur elsewhere.
-
Verify how organization implements necessary actions.
-
Verify how organization evaluates the effectiveness of actions taken.
-
Verify the organization updates risks and opportunities determined during planning, if necessary.
-
Verify any changes made to the QMS, if necessary.
-
Verify corrective action requirements are flowed down to external providers when it is determined that the external provider is responsible for the nonconformity.
-
Verify specific actions are taken when timely and effective corrective actions are not achieved.
-
Verify the organization maintains documented information that defines the nonconformity and corrective action management process.
-
Verify retained documented information that provides evidence of the nature of the nonconformity and any subsequent actions taken and the results of any corrective actions
10.3 Continual improvement
-
Verify how the organization continually improves. Does it consider the results of analysis and evaluation and the outputs from management review to determine if there are needs or opportunities that shall be addressed as part of continual improvement?
-
Verify how the organization monitors the implementation of improvement activities and evaluates the effectiveness of the results.
-
Examples of continual improvement opportunities can include lessons learned, problem resolutions and the benchmarking of best practices.