Title Page
-
Audit Date
-
Client / Site
-
Prepared by
-
Location
-
specify location of auditor
-
Auditor
Context of the Organization
Context of the Organization
4.1 Understanding the organization and its context
-
External and internal issues have been determined.
-
The identified external and internal issues are relevant to the purpose and strategic direction of the organization.
-
The identified external and internal issues affect the ability of the organization to achieve the intended results of its QMS.
-
Information about the identified external and internal issues are monitored and reviewed.
4.2 Understanding the needs and expectations of interested parties
-
Interested parties that are relevant to the QMS are determined.
-
The requirements of these interested parties are determined.
-
Information about these interested parties and their relevant requirements are monitored and reviewed.
4.3 Determining the scope of the QMS
-
The boundaries and applicability of the QMS to establish its scope have been determined.
-
In determining the scope, the organization has considered<br> a) the external and internal issues, b) the requirements of relevant interested parties, c) the products and services of the organization.
-
The scope of the QMS is available and maintained as documented information.
-
The scope states the types and products and services covered and provide justification for any requirements that are deemed by the organization to be not applicable to the scope of the QMS
QMS and its processes
-
Note: Statements for NCs can be taken from here; cite the applicable clause
-
The organization has established, implements, maintains, and continually improves a quality management system.
-
The processes needed by the QMS and the interaction of these processes are established, implemented, maintained, and continually improved.
-
The organization has determined the processes needed for the QMS and how these processes apply throughout the organization.
-
The inputs required and the outputs expected have been determined.
-
The sequence and interaction of these processes have been determined.
-
The criteria and methods (i.e., monitoring, measurements, and related performance indicators) needed to ensure the effective operation and control of these processes have been determined.
-
The criteria and methods determined are applied.
-
The resources needed for the processes are determined and the availability of these resources are ensured.
-
The responsibilities and authorities for these processes have been assigned.
-
The risks and opportunities determined per 6.1 have been addressed.
-
The processes are evaluated and any changes needed are implemented to ensure that these processes achieve their intended results.
-
The processes and the QMS are improved.
-
TO THE EXTENT NECESSARY, documented information are maintained to support the operation of the processes.
-
TO THE EXTENT NECESSARY, documented information is retained to have confidence that the processes are being carried out as planned.
Leadership
5.1 Leadership and Commitment
5.1.1 General
-
Top management demonstrates leadership and commitment with respect to the QMS by:
-
taking accountability for the effectiveness of the QMS
-
ensuring that quality policy and the quality objectives are established for the QMS and are compatible with the context and strategic direction of the organization.
-
ensuring that the QMS is integrated into the organization's (core) business processes.
-
promoting the use of process approach and risk-based thinking.
-
ensuring that the resources needed for the QMS are available
-
communicating the importance of effective quality management and of conforming to the QMS requirements
-
ensuring that the QMS achieves its intended results
-
engaging, directing, and supporting persons to contribute to the effectiveness of the QMS
-
promoting improvement
-
supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
5.1.2 Customer Focus
-
Top management demonstrates leadership and commitment with respect to customer focus by ensuring that applicable statutory and regulatory requirements are determined, understood, and consistently met.
-
Top management ensures that risk and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined.
-
Top management ensures that risks and opportunities that affect the conformity of products and services and the ability to enhance customer satisfaction are addressed.
-
The focus on enhancing customer satisfaction is maintained.
5.2 Policy
5.2.1 Establishing the quality policy
-
Top management established, implemented, and maintains a quality policy that is appropriate to the purpose and context of the organization and supports the organization's strategic direction.
-
The quality policy provides a framework for setting quality objectives
-
The quality policy provides a framework for setting quality objectives
-
The quality policy includes a commitment to satisfy applicable requirements
-
The quality policy includes a commitment to continually improve the quality management system
5.2.2 Communicating the quality policy
-
The quality policy is available and maintained as documented information
-
The quality policy is communicated, understood, and applied within the organization.
-
The quality policy is available to relevant, interested parties as appropriate.
5.3 Organization roles, responsibilities, and authorities
-
Top management ensures that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.
-
Top management has assigned the responsibility and authority for ensuring that the QMS conforms to the requirements of the standard
-
Top management has assigned the responsibility and authority for ensuring that the processes are delivering their intended outputs
-
Top management has assigned the responsibility for reporting on the performance of the QMS and on opportunities for improvement, in particular, to top management
-
Top management has assigned the responsibility for ensuring the promotion of customer focus throughout the organization.
-
Top management has assigned the responsibility and authority for ensuring that the integrity of the QMS is maintained when changes to the QMS are planned and implemented
Planning
6.1 Actions to address risks and opportunities
-
Issues referred to in 4.1 and the requirements in 4.2 have been considered during planning.
-
Risks and opportunities that need to be addressed to give assurance that the QMS can achieve intended results have been determined.
-
Risks and opportunties that need to be addressed to achieve improvement have been determined.
-
Risks and opportunities that need to be addressed to prevent, or reduce undesired effects have been determined.
-
Risks and opportunities that need to be addressed to enhance desirable effects have been determined.
-
Planned actions to address risks and opportunities are in place.
-
The organization has planned how to integrate and implement the actions into the QMS processes (see 4.4)
-
The organization has planned how to evaluate the effectiveness of the actions.
-
Actions to address risks and opportunities are proportionate to the potential impact on the conformity of products and services.
-
Options to address risks: avoiding risks, taking risks in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining the risk by informed decision.
-
Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology, and other desirable and viable possibilities
6.2 Quality Objectives and planning to achieve them
-
Quality objectives are established at relevant functions, levels, and processes needed for the QMS
-
The quality objectives are consistent with the quality policy...
-
...measurable
-
...take into account applicable requirements
-
...relevant to the conformity of products and services and the enhancement of customer satisfaction
-
...monitored
-
...communicated
-
...updated as appropriate
-
...maintained as documented information.
-
When planning how to achieve the quality objectives, the organization has determined what will be done...
-
...what resources will be required
-
...who will be responsible
-
...when it will be completed
-
...how the results will be evaluated
6.3 Planning of changes
-
Changes to the QMS are carried out in a planned manner
-
Changes to the QMS takes into account the purpose of the changes and their potential consequences...
-
...the integrity of the QMS
-
...the availability of resources
-
the allocation or reallocation of responsibilities and authorities
Support
7.1 Resources
7.1.1 General
-
The resources needed for the establishment, implementation, maintenance, and continual improvement of the QMS have been determined and provided.
-
The capabilities of, and constraints on, existing internal resources have been considered.
-
...what needs to be obtained from external providers have been considered
7.1.2 People
-
Persons necessary for the effective implementation of the QMS and for the operation and control of its processes have been determined and provided
7.1.3 Infrastructure
-
The infrastructure necessary for the operation of the processes and to achieve conformity of products and services have been determined, provided, and maintained
-
Infrastructure include buildings and associated utlities; equipment, including hardware and software; transportation resources; ICT
7.1.4 Environment for the operation of processes
-
The environment necessary for the operation of the processes and to achieve conformity of products and services has been determined, provided, and maintained.
7.1.5 Monitoring and measuring resources
-
The resources needed to ensure valid and reliable results when monitoring or measuring is used to verify that the products and services conform to requirements have been determined and provided.
-
The organization ensures that the resources provided are suitable for the specific type of monitoring and measurement activities that are being undertaken
-
...the resources provided are maintained to ensure their continuing fitness for purpose
-
Appropriate documented information are retained (records) as evidence of fitness for purpose of the monitoring and measuring resources
7.1.5.2 Measurement traceability
-
WHERE CONSIDERED A REQUIREMENT or an essential part of providing confidence on the validity of the measurement results, measuring equipment are calibrated or verified, or both; and where no standards exist, the basis used for calibration or verification are retained as documented information (record)
-
...measuring equipment are identified in order to determine their status
-
...measuring equipment are safeguarded from adjustments, damage, or deterioration that would invalidate the calibration status and subsequent measurement results
-
When the measuring equipment is found unfit for its intended purpose, the organization determines if the validity of the previous measurement has been affected and takes the necessary appropriate action.
7.1.6 Organizational knowledge
-
The knowledge necessary for the operation of the processes and to achieve conformity of products and services have been determined.
-
The knowledge is maintained and made available to the extent necessary.
-
When addressing changing needs and trends, the organization considers current knowledge and determines how to acquire or access any necessary additional knowledge and required updates.
7.2 Competence
-
The necessary competence of persons that affects the performance and effectiveness of the QMS has been determined
-
The organization ensures that persons are competent on the basis of appropriate education, training, or experience.
-
WHERE APPLICABLE, the organization takes actions to acquire the necessary competence, and evaluates the effectiveness of actions taken
-
Appropriate documented information are retained as evidence of competence.
7.3 Awareness
-
The organization ensures that its personnel are aware of the quality policy...
-
...of the relevant quality objectives
-
...of their contribution to the effectiveness of the QMS, including the benefits of improved performance
-
...of the implications of not conforming with the QMS requirements
7.4 Communication
-
The internal and external communications relevant to the QMS have been determined
-
The organization has determined what it will communicate
-
...when to communicate
-
...with whom to communicate
-
...how to communicate
-
...who communicates
7.5 Documented Information
7.5.1 General
-
The QMS includes documented information required by the standard,
-
...documented information determined by the organization as necessary
7.5.2 Creating and updating
-
The organization ensures that documented information have appropriate identification and description (e.g., title, date, author, reference number)
-
...format (e.g., language, software version, graphics) and media (e.g. paper, electronic)
-
...review and approval for suitability and adequacy
7.5.3 Control of documented information
-
Documented information are controlled to ensure that it is available and suitable for use, where and when it is needed
-
Documented information is controlled to ensure that it is adequately protected (e.g., loss of confidentiality, improper use, loss of integrity)
-
Control of documented information involves, as applicable, distribution, access, retrieval, and use
-
...storage and preservation, including preservation of legibility
-
...control of changes (e.g., version control)
-
...retention and disposition
-
DI of external origin that are determined as necessary are identified as appropriate and are controlled.
-
DI retained as evidence of conformity are protected from unintended alterations
Operation
8.1 Operational planning and control
-
Processes needed to meet the requirements for the provision of products and services and to implement the actions determined in clause 6 are planned, implemented, and controlled by determining the requirements for the products and services
-
...by establishing the criteria for the processes<br>
-
...and the criteria for the acceptance of products and services
-
...determining the resources needed to achieve conformity to the product and service requirements<br>
-
...implementing control of the processes in accordance with the criteria
-
...determining, maintaining, and retaining Documented Information TO THE EXTENT NECESSARY
-
provide confidence that the processes are carried out as planned
-
...demonstrate the conformity of products and services to requirements
-
The output of the planning is suitable for the organization's operations
-
Planned changes are controlled, consequences of unintended changes are reviewed, and actions are taken to mitigate any adverse effects as necessary
-
Outsourced processes are controlled (8.4)
8.2 Requirements for products and services
8.2.1 Customer communication
-
Communication with customers include provision of information relating to products or services
-
...handling enquiries, contracts or orders, including changes
-
...obtaining customer feedback relating to products and services, including customer complaints
-
...handling or controlling customer property
-
...establishing specific requirements for contingency action, where relevant
8.2.2 Determining the requirements for products and services
-
The organization ensures that requirements for products and services are defined when determining the products and services to be offered to customers
-
...includes applicable statutory and regulatory requirements
-
...those considered necessary by the organization
-
The organization can meet the claims for the products and services it offers
8.2.3 Review of the requirements for products and services
-
The organization ensures that it has the ability to meet the requirements for products and services to be offered to the customers
-
The organization conducts a review before committing to supply products and services to a customer
-
...specified requirements including the requirements for delivery and post-delivery activities
-
...requirements not stated by the customer but necessary for the specified or intended use, when known
-
...requirements specified by the organization
-
...statutory and regulatory requirements applicable to the products and services
-
...contract or order requirements that are different from those previously expressed
-
Contract order or requirements that differ from those previously defined are resolved
-
The customers' requirements are confirmed by the organization before acceptance, when the customers do not provide a documented statement of their requirements
-
Documented Information are retained on the results of the review or on any new requirements for the products or services, as applicable
8.2.4 Changes to requirements for products and services
-
Relevant Documented Information is amended and relevant persons are made aware of the changed requirements when the requirements for products and services are changed
8.3 Design and development of products and services
8.4 Control of externally provided processes, products, and services
8.4.1 General
-
Externally provided processes, products, and services conform to requirements.
-
Controls to be applied to externally provided processes, products, and services are determined when these are intended for incorporation into the organization's products and services; when these services are provided directly to the customers in behalf of the organization; when a process or part of a process is provided as decided upon by the organization
-
Criteria for the evaluation, selection, monitoring of peformance, and re-evaluation of external providers are determined and applied,
-
Documented Information is retained for these activities and any necessary actions arising from the evaluations.
8.4.2 Types and extent of control
-
The organization ensures that externally provided Products, Processes, and Services do not adversely affect the ability of the organization to consistently deliver conforming products and services to its customers
-
The organization ensures that externally provided processes remain within the control of the QMS
-
The organization defines both the controls it intends to apply to the external provider and those it intends to apply to the resulting output
-
The organization takes into consideration the potential impact of the externally provided Processes, Products, and Services on its ability to meet customer and applicable statutory and regulatory requirements...
-
...and the effectiveness of the controls applied by the external providers
-
The organization determines the verification and other activities necessary to ensure that the externally provided PPS meet requirements
8.4.3 Information for external providers
-
The organization ensures the adequacy of requirements prior to their communication to the external provider
-
The organization communicates its requirements for the processes, products, and services to be provided
-
...the approval of products and services
-
...methods, processes, and equipment
-
...the release of products and services
-
...competence including any required qualification of personnel
-
...the external providers' interactions with the organization
-
...control and monitoring of the external providers' performance to be applied by the organization
-
...verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises
8.5 Production and service provision
8.5.1 Control of production and service provision
-
The organization ensures that production and service provision are implemented under controlled conditions, that includes, AS APPLICABLE
-
...the availability of Documented Information that defines the characteristics of the products to be produced, the services to be provided, or the activities to be performed
-
...or the results to be achieved
-
...the availability and use of suitable monitoring and measuring resources
-
...the implementation of monitoring and measurement activities at appropriate stages
-
...the use of suitable infrastructure and environment for the operation of processes
-
...the appointment of competent persons, including any required qualifications
-
...the validation and periodic revalidation of the ability to achieve planned results..., where the resulting output cannot be verified by subsequent monitoring or measurement
-
...the implementation of actions to prevent human error
-
...the implementation of release, delivery, and post-delivery activities
8.5.2 Identification and traceability
-
The organization uses suitable means to identify outputs when it is necessary to ensure the conformity of products and services.
-
The organization identifies the status of outputs with respect to monitoring and measurement requirements
-
The organization controls the unique identification of outputs WHEN TRACEABILITY IS A REQUIREMENT, and retains DI necessary to enable traceability
8.5.3 Property belonging to customers or external providers
-
The organization exercises care with property belonging to customers or external providers while it is under the organization's control or being used by the organization
-
The organization identifies, verifies, protects, and safeguard customers' or external providers' property provided for use or incorporated into the products and services
-
The organization reports to the customer or external provider any property that is lost, damaged, or otherwise found to be unsuitable for use, and retain DI on what has occurred.
8.5.4 Preservation
-
The organization preserves the outputs during production and service provision, to the extent necessary to ensure conformity to requirements
8.5.5 Post-delivery activities
-
The organization meets the requirements for post-delivery activities associated with the products and services
-
The organization considers the statutory and regulatory requirements in determining the extent of post-delivery activities
-
...potential undesired consequences associated with its products and services
-
...the nature, use and intended lifetime of its products and services
-
...customer requirements
-
...customer feedback
8.5.6 Control of changes
-
The organization reviews and controls changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements
-
The organization retains documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review
8.6 Release of products and services
-
The organization implements planned arrangements, at appropriate stages, to verify that the product and service requirements have been met
-
The release of products and services does not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority, and, as applicable, by the customer
-
The organization retains documented information on the release of products or services.
-
The documented information includes evidence of conformity with the acceptance criteria
-
...and traceability to the person(s) authorizing the release
8.7 Control of nonconforming outputs
-
Outputs that do not conform to requirements are identified and controlled to prevent unintended use or delivery
-
The organization takes action based on the nature of nonconformity and its effect on the nonconformity of products and services. This applies as well to nonconforming products and services detected after delivery of products, during or after the provision of services.
-
The organization deals with nonconforming outputs in one or more of the following ways: correction; segregation, containment, return or suspension of provision of products and services; informing the customer; obtaining authorization for acceptance under concession.
-
Conformity to the requirements are verified when nonconforming outputs are corrected
-
The organization retains documented information that describes the nonconformity...
-
...describes the action taken
-
...describes any concessions obtained
-
...identifies the authority deciding the action in respect to the nonconformity
Design and development of products and services
8.3.1 General
Performance Evaluation
9.1 Monitoring, measurement, analysis, and evaluation
9.1.1 General
-
The organization determines what needs to be monitored and measured
-
...the method for monitoring, measurement, analysis, and evaluation needed to ensure valid results
-
...when to perform monitoring and measurement
-
...when to analyze and evaluate the results of monitoring and measurement
-
The organization evaluates the performance and effectiveness of the QMS
-
Appropriate Documented Information are retained as evidence of the results
9.1.2 Customer satisfaction
-
Customers' perceptions of the degree to which their needs and expectations have been fulfilled, are monitored.
-
The method for obtaining, monitoring, and reviewing this information is determined.
9.1.3 Analysis and evaluation
-
Appropriate data arising from monitoring and measurement are analyzed and evaluated.
-
The results of analysis are used to evaluate conformity of products and services
-
...the degree of customer satisfaction
-
...the performance and effectiveness of the QMS
-
...if planning has been effectively implemented
-
...the effectiveness of actions taken to address risks and opportunities
-
...the performance of external providers
-
...the need for improvements to the QMS
9.2 Internal Audit
-
Internal audits are conducted at planned intervals
-
Internal audits provide information if the QMS conforms to its own requirements for its QMS
-
...the requirements of the standard
-
Internal audits provide information if the QMS is effectively implemented and maintained
-
The organization plans, establishes, implements, and maintains an audit programme including the frequency, methods, responsibilities, planning requirements, and reporting
-
...takes into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits.
-
The audit criteria and scope of each audit are defined
-
auditors are selected and audits are conducted to ensure objectivity and the impartiality of the audit process
-
results of the audits are reported to relevant management
-
Appropriate correction and correction actions are taken without undue delay
-
Documented Information are retained as evidence of the implementation of the audit programme and the audit results
9.3 Management Review
9.3.1 General
-
Top management reviews the QMS at planned intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization
9.3.2 Management review inputs
-
The MR is planned and carried out taking into consideration ... the status of actions from previous management review
-
...changes in external and internal issues that are relevant to the QMS
-
...information on the performance and effectiveness of the QMS, including trends in customer satisfaction and feedback from relevant interested parties
-
...the extent to which quality objectives have been met
-
...process performance and conformity of products and services
-
...nonconformities and corrective actions
-
...monitoring and measurement results
-
...audit results
-
...the performance of external providers
-
...the adequacy of resources
-
...the effectiveness of actions taken to address risks and opportunities
-
...opportunities for improvement
9.3.3 Management review outputs
-
The MR outputs include decisions and actions related to opportunities for improvement...
-
...any need for changes to the QMS
-
...resource needs
-
Documented Information are retained as evidence of the results of MR
Improvement
10.1 General
-
Opportunities for improvement to meet customer requirements and enhance customer satisfaction are determined and implemented
-
...improving products and services to meet the requirements as well as to address future needs and expectations
-
...correcting, preventing or reducing undesired effects
-
...improving the performance and effectiveness of the QMS
10.2 Nonconformity and corrective action
-
10.2.1 The organization reacts to the NC, and as applicable, take action to control and correct it
-
...deal with the consequences
-
The organization evaluates the need for action to eliminate the cause(s) of nonconformity so that it will not recur or occur elsewhere by reviewing and analyzing the NC
-
...determining the cause of the NC
-
...determining if similar NCs exist or could potentially occur
-
The organization implements any action needed
-
The effectiveness of any corrective action taken are reviewed
-
Risks and opportunities determined during planning are updated as necessary
-
changes are made to the QMS, if necessary
-
Corrective actions are appropriate to the effects of the NCs encountered
-
10.2.2 Documented Information are retained as evidence of the nature of the NCs and any subsequent actions taken
-
...the results of any corrective action
10.3 Continual improvement
-
The organization continually improves the suitability, adequacy, and effectiveness of the QMS
-
The organization considers the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that need to be addressed as part of continual improvement.