Sr.

no. ISO 9001:2015 Clause

The organization shall determine external and
4.1 internal issues that are relevant to its purpose
q1 ability to achievedirection
and its strategic and that affect its
the intended result(s) of its
quality management system.

4.1 The organization shall monitor and review the

information about these external and internal
q2 issues.

Due to their impact or potential impact on the

organization’s ability to consistently provide
products and services that meet customer and
applicable statutory and regulatory
requirements, the organization shall determine:
4.2
q1
a) the interested parties that are relevant
to the quality management system;

b) the requirements of these interested

parties that are relevant to the quality
management system.
 The organization shall determine the
boundaries and applicability of the quality
management system to establish its
scope.Where a requirement of this
4.3 International Standard within the determined
q1 the organization.If anythen
scope can be applied, it shall be applied by
requirement(s) of this
International Standard cannot be applied, this
shall not affect the organization’s ability or
responsibility to ensure conformity of products
and services.

The scope shall be available and be maintained

as documented information stating the:

- products and services covered by

4.3 the quality management system;
q5
- justification for any instance
where a requirement of this
International Standard cannot be
applied.

The organization shall establish, implement,

maintain and continually improve a quality
4.4 management system, including the processes
q1 needed and their interactions, in accordance
with the requirements of this International
Standard.

Top management shall demonstrate leadership

and commitment with respect to the quality
management system by:
 a) taking accountability of the effectiveness of
the quality management system;

b) ensuring that the quality policy and quality

objectives are established for the quality
management system and are compatible with
the strategic direction and the context of the
organization;

c) ensuring that the quality policy is

communicated, understood and applied within
the organization;
d) ensuring the integration of the quality
management system requirements into the
5.1 organization’s business processes;
.1q
1 e) promoting awareness of the process
approach;

f) ensuring that the resources needed for the

quality management system are available;

g) communicating the importance of effective

quality management and of conforming to the
quality management system requirements;

h) ensuring that the quality management

system achieves its intended results;
i) engaging, directing and supporting persons to
contribute to the effectiveness of the quality
management system;

j) promoting continual improvement;

k) supporting other relevant management roles

to demonstrate their leadership as it applies to
their areas of responsibility.
 Top management shall demonstrate leadership
and commitment with respect to customer
focus by ensuring that:

a) customer requirements and applicable

statutory and regulatory requirements are
determined and met;
5.1
.2q b) the risks and opportunities that can affect
1 conformity of products and services and the
ability to enhance customer satisfaction are
determined and addressed;

c) the focus on consistently providing products

and services that meet customer and applicable
statutory and regulatory requirements is
maintained;
d) the focus on enhancing customer satisfaction
is maintained.
Top management shall establish, review and
maintain a quality policy that:

a) is appropriate to the purpose and context of

the organization;
5.2 b) provides a framework for setting and
.1q reviewing quality objectives;
1
c) includes a commitment to satisfy applicable
requirements;
d) includes a commitment to continual
improvement of the quality management
system.

The quality policy shall:

5.2 a) be available as documented information;

.2q b) be communicated, understood and applied
1 within the organization;
c) be available to relevant interested parties, as
appropriate.
 Top management shall ensure that the
5.3 responsibilities and authorities for relevant
q1 roles are assigned, communicated and
understood within the organization.
Top management shall assign the responsibility
and authority for:
a) ensuring that the quality management
system conforms to the requirements of this
International Standard;
b) ensuring that the processes are delivering
their intended outputs;

c) reporting on the performance of the quality

5.3 management system, on opportunities for
q2 improvement and on the need for change or
innovation, and especially for reporting to top
management;

d) ensuring the promotion of customer focus

throughout the organization;
e) ensuring that the integrity of the quality
management system is maintained when
changes to the quality management system are
planned and implemented.

The organization shall ensure that personnel

6.2 with product design responsibility are
.2. competent to achieve design requirements and
1q are skilled in applicable tools and techniques.
1
Applicable tools and techniques shall be
identified by the organization.

The organization shall determine and provide

the resources needed for the establishment,
implementation, maintenance and continual
improvement of the quality management
system.
7.1
.1q
1 The organization shall consider:
7.1
.1q
1

a) the capabilities of, and constraints on,

existing internal resources;
b) what needs to be obtained from external
providers.

To ensure that the organization can consistently

meet customer and applicable statutory and
7.1 regulatory requirements, the organization shall
.2q provide the persons necessary for the effective
1
operation of the quality management system,
including the processes needed.

7.1 The organization shall determine, provide and

.3q maintain the infrastructure for the operation of
1 and services. to achieve conformity of products
its processes

When creating and updating documented

information the organization shall ensure
appropriate:
a) identification and description (e.g. a title,
date, author, or reference number);
7.5 b) format (e.g. language, software version,
.2q graphics) and media (e.g. paper, electronic);
1
c) review and approval for suitability and
adequacy.

Documented information required by the

quality management system and by this
International Standard shall be controlled to
7.5 ensure:
.3.
1q a) it is available and suitable for use, where and
1 when it is needed;
b) it is adequately protected (e.g. from loss of
confidentiality, improper use, or loss of
integrity).
 For the control of documented information, the
organization shall address the following
activities, as applicable:
a) distribution, access, retrieval and use;
7.5 b) storage and preservation, including
.3. preservation of legibility;
2q
1 c) control of changes (e.g. version control);
d) retention and disposition.

7.5 Documented information of external origin

.3. for the planningthe
determined by organization to be necessary
and operation of the quality
2q management system shall be identified as
2 appropriate, and controlled.

Where the detailed requirements of the

organization’s products and services are not
8.3 already established or not defined by the
.1q customer or by other interested parties, such
1 production oradequate
that they are for subsequent
service provision, the
organization shall establish, implement and
maintain a design and development process.

NOTE 1 The organization can also apply the requirements given in 8.5 to the development o
NOTE 2 For
processes forservices, design
production andand development
services planning can address the whole service deliv
provision.
process. The organization can therefore choose to consider the requirements of clauses 8.3
8.5 together.
8.3.2 Design and development planning
In determining the stages and controls for
design and development, the organization shall
consider:
a) the nature, duration and complexity of the
design and development activities;
b) requirements that specify particular process
stages, including applicable design and
development reviews;

8.3
.2q
1
 c) the required design and development
verification and validation;
8.3
.2q d) the responsibilities and authorities involved
1 in the design and development process;

e) the need to control interfaces between

individuals and parties involved in the design
and development process;
f) the need for involvement of customer and
user groups in the design and development
process;
g) the necessary documented information to
confirm that design and development
requirements have been met.
8.3.3 Design and development inputs
The organization shall determine:

a) requirements essential for the specific type

of products and services being designed and
developed, including, as applicable, functional
and performance requirements;

b) applicable statutory and regulatory

requirements;
c) standards or codes of practice that the
organization has committed to implement;
8.3
.3q d) internal and external resource needs for the
1 design and development of products and
services;

e) the potential consequences of failure due to

the nature of the products and services;

f) the level of control expected of the design and

development process by customers and other
relevant interested parties.
8.3 Inputs shall be adequate for design and
.3q unambiguous.purposes,
development complete, and
Conflicts among inputs shall be
2 resolved.

8.3.4 Design and development controls

The controls applied to the design and
development process shall ensure that:

a) the results to be achieved by the design and

development activities are clearly defined;

b) design and development reviews are

conducted as planned;
8.3
.4q c) verification is conducted to ensure that the
1 design and development outputs have met the
design and development input requirements;

d) validation is conducted to ensure that the

resulting products and services are capable of
meeting the requirements for the specified
application or intended use (when known).

8.3.5 Design and development outputs

The organization shall ensure that design and
development outputs:
a) meet the input requirements for design and
development;

b) are adequate for the subsequent processes

8.3 for the provision of products and services;
.5q
1
c) include or reference monitoring and
measuring requirements, and acceptance
criteria, as applicable;
d) ensure products to be produced, or services
to be provided, are fit for intended purpose and
their safe and proper use.
8.3 The organization shall retain the documented
.5q information resulting from the design and
2 development process.

8.3.6 Design and development changes

The organization shall review, control and

8.3 identify changes made to design inputs and
.6q design outputs during the design and
1 subsequently,of
development products and services or
to the extent that there is no
adverse impact on conformity to requirements.

8.3 Documented information on design and

.6q development changes shall be retained.
2

8.4 The organization shall ensure that externally

.1q provided processes, products, and services
1 conform to specified requirements.

The organization shall apply the specified

requirements for the control of externally
provided products and services when:

a) products and services are provided by

external providers for incorporation into the
organization’s own products and services;
8.4
.1q
2 b) products and services are provided directly
to the customer(s) by external providers on
behalf of the organization;

c) a process or part of a process is provided by

an external provider as a result of a decision by
the organization to outsource a process or
function.
 The organization shall establish and apply
8.4 criteria for the evaluation, selection, monitoring
.1q of performance and re-evaluation of external
3 processes based
providers on their ability to provide
or products and services in
accordance with specified requirements.

The organization shall retain appropriate

documented information of the results of the
8.4 evaluations, monitoring of the performance and
.1q re-evaluations of the external providers.
4

In determining the type and extent of controls

to be applied to the external provision of
processes, products and services, the
organization shall take into consideration:

8.4
.2q a) the potential impact of the externally
1 provided processes, products and services on
the organization’s ability to consistently meet
customer and applicable statutory and
regulatory requirements;

b) the perceived effectiveness of the controls

applied by the external provider.

The organization shall establish and implement

verification or other activities necessary to
8.4 ensure the externally provided processes,
.2q products and services do not adversely affect
2 the organization's ability to consistently deliver
conforming products and services to its
customers.
 Processes or functions of the organization
which have been outsourced to an external
provider remain within the scope of the
8.4 organization’s quality management system;
.2q accordingly, the organization shall consider a)
3 and b) above and define both the controls it
intends to apply to the external provider and
those it intends to apply to the resulting process
output.

The organization shall determine:

a) what needs to be monitored and measured;

b) the methods for monitoring, measurement,

9.1 analysis and evaluation, as applicable, to ensure
.1q valid results;
1 c) when the monitoring and measuring shall be
performed;

d) when the results from monitoring and

measurement shall be analysed and evaluated.

The organization shall ensure that monitoring

and measurement activities are implemented in
9.1 accordance with the determined requirements
.1q and shall retain appropriate documented
2 information as

evidence of the results.

9.1 The organization shall evaluate the quality

.1q performance and the effectiveness of the
3 quality management system.

9.1 The organization shall monitor customer

.2q perceptions of the degree to which
1 requirements have been met.
9.1 The organization shall obtain information
.2q relating to customer views and opinions of the
2 organization and its products and services.

9.1 The methods for obtaining and using this

.2q information shall be determined.
3

The organization shall conduct internal audits

at planned intervals to provide information on
whether the quality management system;

9.2
.1q a) conforms to:
1
1) the organization’s own
requirements for its quality
management system;
2) the requirements of this
International Standard;

b) is effectively implemented and maintained.

9.3
.1q Top management shall review the
1 organization's quality management system, at
planned intervals, to ensure its continuing
suitability, adequacy, and effectiveness.

The outputs of the management review shall

include decisions and actions related to:
9.3
.2q a) continual improvement opportunities;
1
9.3
.2q
1
b) any need for changes to the quality
management system, including resource needs.

9.3 The organization shall retain documented

.2q information as evidence of the results of
2 management reviews.
 Reference Document name in
Audit Questions your system / Audit Evidence
How has the organization determined external
and internal issues relevant to its purpose and
strategic direction?
How do these affect the ability to achieve the
intended result of the QMS?

How do you monitor and review information

about these internal and external issues?

How have you determined what interested

parties are relevant to the QMS?

How have you determined what requirements

those parties have that are relevant to the QMS?

How has impact or potential impact been

determined?
How have the boundaries and applicability of
the QMS been used to establish the scope of the
organization?
(The external and internal issues;The
requirements of relevant interested parties
and;The products and services of the
organization been considered when
determining the scope of the organization?)
How has the application of the International
Standard within the scope been determined,
and how has it been applied by the
organization?
How have any requirements of the International
Standard been determined as not applicable?
Show me how conformity of products and
services are not affected by this.

Where is the scope available? Where is it

maintained as documented information?

Does it state what products and services are

covered by the QMS?

Does it justify how instances of requirements of

the QMS cannot be applied?

How has the QMS been established? Show me

how this is implemented. How is it maintained
and continually improved? How have the
processes been determined and how do they
interact?

Show me how top management demonstrates

leadership and commitment w.r.t. the QMS by
taking accountability of the effectiveness of the
QMS.
How is the quality policy and objectives
established for the QMS and how are they
compatible with the strategic direction and the
organizational context?

How is the quality policy communicated within

the organization? Show me how this is
understood and applied.

How are the requirements of the QMS

integrated into the business processes?

How do you promote awareness of the process

approach?

How do you ensure that resources needed for

the QMS area available?

How do you communicate the importance of

effective quality management?

How do you communicate the importance of

conforming to the QMS requirements?

How do you ensure that the QMS achieves its

intended results?

How do you engage, direct and support people

to contribute to the effectiveness of the QMS?

How do you promote continual improvement?

How do you support other relevant

management roles to demonstrate leadership in
their areas of responsibility?
Show me how top management demonstrates
leadership and commitment w.r.t. customer
focus ensuring requirements and applicable
statutory and regulatory requirements are
determined and met.

How are risks and opportunities that can affect

conformity of products and services
determined?

How is the ability to enhance customer

satisfaction determined and addressed?

How is the focus on consistently providing

products and services that meet customer and
applicable statutory and regulatory
requirements maintained?

How is customer satisfaction maintained?

How does top management establish, review

and maintain a quality policy?

How is it determined to be appropriate to the

purpose and context of the organization?

Does it provide a framework for setting and

reviewing quality objectives?
Does it contain a commitment to satisfy
applicable requirements?

Does it include a commitment to continual

improvement of the QMS?

Where is the quality policy available as

documented information?
How is it communicated?
Show me how it is understood and applied
within the organization.
How have you made it available to relevant
interested parties?
How does top management ensure that
responsibilities and authorities for relevant
roles are assigned, communicated and
understood within the organization?
How does top management assign the
responsibility and authority for:

Ensuring that the QMS conforms to the

International standard?

Ensuring processes are delivering their

intended outputs?

How is the performance of the QMS,

opportunities for improvement and the need for
change or innovation reported to top
management?

How is customer focus promoted within the

organization?

How is the integrity of the QMS maintained

when changes to the QMS are planned and
implemented?

How do you determine that personnel with

product design responsibility are competent to
achieve design requirements? How do you
determine skills required in applicable tools
and techniques? How do you identify applicable
tools and techniques?

Demonstrate how resources are determined for

the establishment, implementation,
maintenance and continual improvement of the
QMS.

Show me how the capabilities and constraints

on internal resources are considered.
Show me how needs from external providers
are considered.

How do you provide persons necessary to

consistently meet customer, applicable
statutory and regulatory requirements for the
QMS including the necessary processes?

How do you determine, provide and maintain

the infrastructure for the operation of processes
to achieve products and service conformity?

Show me that your documented information

contains:

Identification;

Description;

In what media format?

Show me how the documented information is

reviewed and approved for suitability and
adequacy.

Show me how you control documented

information.

Show me how you make it available and

suitable for use.

How do you protect your documented

information?
 When controlling documented information,
how do you address:
Distribution;
Access;
Retrieval;
Use;
Storage and preservation;
Legibility;
Control of changes;
Retention and disposition.

How do you identify as appropriate and control

documented information of external origin
which you have determined as necessary for the
QMS

How do you establish, implement and maintain

a design and development process (where
detailed requirements of your products and
services are not already established or defined
by the customer or other parties).

y the requirements given in 8.5 to the development of

pment planning can address the whole service delivery
rovision.
choose to consider the requirements of clauses 8.3 and
ing
When determining the stages and control for
design and development, show me how you
consider:
The nature, duration and complexity of the
activities;

Requirements that specify particular process

stages including applicable reviews;
 Required verification and validation;

Responsibilities and authorities;

How interfaces are controlled between

individuals and parties;

The need for involvement of customer and user

groups.

Show me documented information that

confirms design and development requirements
have been met.
s
Can you show me how you determine:

Requirements essential for the type of products

and services being designed and developed,
including as applicable:

Functional & performance requirements;

Statutory and regulatory requirements;

Standards or codes of practice where there is a

commitment to implement;

Internal and external resources needed for the

design and development of products and
services;

Potential consequences of failure;

Level of control expected of the design and

development process by customers and other
relevant parties.
 How do you determine that inputs are
adequate, complete and unambiguous for
design and development? How do you resolve
conflicts among inputs?

ols
How do controls that are applied to the design
and development process ensure:

Results achieved by design and development

activities are clearly defined?

Design and development reviews are conducted

as planned?

Outputs meet the input requirements by

verification/

Validation is conducted to ensure that the

resulting products and services are capable of
meeting the requirements for the specified
application or intended use (when known)?

ts
How do you ensure that design and
development outputs:
Meet the input requirements for design and
development?

Are adequate for the subsequent processes for

the provision of products and services?

Include or reference monitoring and measuring

requirements, and acceptance criteria, as
applicable?
Ensure products to be produced, or services to
be provided, are fit for intended purpose and
their safe and proper use?
 Show me the documented information which
results from the design and development
process.

es

How do you review, control and identify

changes made to the design inputs and outputs
during design and development of products and
services ensuring no impact on conformity to
requirements?

Show me the documented information for

design and development changes.

How do you ensure externally provided

processes, products and services conform to
specified requirements?

Show me how you apply specified requirements

for the control of externally provided products
and services when:

Products and services are provided by external

providers for incorporation into your own
products and services;

You provide products and services directly to

customers by external providers on your behalf;

A process or part-process is provided by an

external provider as a result of a decision to
outsource a process or function.
Show me how you establish and apply criteria
for evaluation, selection, monitoring of
performance and re-evaluation of external
providers. How do you assess their ability to
provide processes or products and services in
accordance with specified requirements?

What documented information do you have of

the results of evaluations, monitoring of
performance and re-evaluations of external
providers?

How do you determine the controls applied to

the external provision of processes, products
and services and take into consideration:

a) The potential impact of the externally

provided processes, products and services on
the ability to consistently meet customer and
applicable statutory and regulatory
requirements?

b) The perceived effectiveness of the controls

applied by the external provider?

What verification or other activities do you

have to ensure externally provided processes,
products and services do not adversely affect
your ability to consistently deliver conforming
products and services to your customers?
When processes or functions have been
outsourced to external providers, how do you
consider a) and b) in 8.4.1 and how do you
define the controls intended to be applied to the
external provider and to the resulting process
output?

Show me how you determine:

What needs to be monitored and measured?

Methods for monitoring, measurement, analysis

and evaluation to ensure valid results?

When to perform monitoring and measuring?

When results shall be analysed and evaluated?

What documented information can you show

me that monitoring and measurement activities
have been implemented in accordance with
determined requirements?

Show me how you evaluate the quality

performance and the effectiveness of the QMS.

How do you monitor customer perception of

the degree to which requirements have been
met?
How do you obtain information relating to
customer views and opinions of your products
and services?

What methods for obtaining and using this

information do you have?

Are internal audits being conducted at planned

intervals? Do they determine whether the QMS
conforms to the requirements of ISO 9001 and
to the other requirements established by
Organization? (Review records to demonstrate
conformance)

Do they determine whether the QMS is

effectively implemented and maintained?
(Review records)

What is the frequency that top management

reviews the organization's QMS? How is the
QMS deemed suitable, adequate and effective?

What kinds of information are reviewed in

management reviews? These must include:

Show me that management reviews include

decisions and actions relating to:

Continual improvement opportunities;

The need for changes to the QMS including
resource needs.

Show me what documented information you

have as evidence of management reviews.
Audtior
Remark
Sr.
no. ISO 9001:2015 Clause

When planning for the quality management system,

the organization shall consider the issues referred
to in 4.1 and the requirements referred to in 4.2 and
determine the risks and opportunities that
6.1.1
q1

need to be addressed to:

The organization shall plan:

a) actions to address these risks and opportunities;

6.1.2 b) how to:

q1

1) integrate and implement the actions into its

quality management system processes (see 4.4);

2) evaluate the effectiveness of these actions.

6.1.2 Actions taken to address risks and opportunities
q2 shall be proportionate to the potential impact on
the conformity of products and services.
The organization shall establish quality objectives
at relevant functions, levels and processes.

The quality objectives shall:

a) be consistent with the quality policy,
b) be measurable;

c) take into account applicable requirements;

6.2.1
q1 d) be relevant to conformity of products and
services and the enhancement of customer
satisfaction;
q1

e) be monitored;
f) be communicated;
g) be updated as appropriate.

The organization shall retain documented

information on the quality objectives.
When planning how to achieve its quality
objectives, the organization shall determine:
a) what will be done;
6.2.2 b) what resources will be required;
q1
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.
Where the organization determines the need for
change to the quality management system (see 4.4)
the change shall be carried out in a planned and
systematic manner.

The organization shall consider:

a) the purpose of the change and any of its potential

6.3q consequences;
1
b) the integrity of the quality management system;

c) the availability of resources;

d) the allocation or reallocation of responsibilities

and authorities.

The organization shall determine, provide and

7.1.4 maintain the environment necessary for the
q1 operation of its processes and to achieve conformity
of products and services.
 Where monitoring or measuring is used for
7.1.5 evidence of conformity of products and services to
q1 specified requirements the organization shall
determine the resources needed to ensure valid and
reliable monitoring and measuring results.

The organization shall ensure that the resources

provided:

7.1.5 a) are suitable for the specific type of monitoring

q2 and measurement activities being undertaken;

b) are maintained to ensure their continued fitness

for their purpose.

7.1.5 The organization shall retain appropriate

q3 documented information as evidence of fitness for
purpose of monitoring and measurement resources.

Where measurement traceability is: a statutory or

regulatory requirement; a customer or relevant
interested party expectation; or considered by the
organization to be an essential part of providing
confidence in the validity of measurement results;
measuring instruments shall be:

-verified or calibrated at specified intervals or prior

to use against measurement standards traceable to
international or national measurement standards.
Where no such standards exist, the basis used for
calibration or verification shall be retained as
7.1.5 documented information;
q4

-identified in order to determine their calibration

status;
 -safeguarded from adjustments, damage or
deterioration that would invalidate the calibration
status and subsequent measurement results.

The organization shall determine if the validity of

previous measurement results has been adversely
7.1.5 affected when an instrument is found to be
q5 defective during its planned verification or
calibration, or during its use, and take appropriate
corrective action as
The organization necessary.
shall determine the knowledge
7.1.6 necessary for the operation of its processes and to
q1 achieve conformity of products and services.

7.1.6 This knowledge shall be maintained, and made

q2 available to the extent necessary.

When addressing changing needs and trends, the

7.1.6 organization shall consider its current knowledge
q3 and determine how to acquire or access the
necessary additional knowledge.
The organization shall:
a) determine the necessary competence of
person(s) doing work under its control that affects
its quality performance;
b) ensure that these persons are competent on the
7..2q basis of appropriate education, training, or
1 experience;
c) where applicable, take actions to acquire the
necessary competence, and evaluate the
effectiveness of the actions taken;
d) retain appropriate documented information as
evidence of competence.
Persons doing work under the organization’s
control shall be aware of:
a) the quality policy;
b) relevant quality objectives;

7.3q
1
 c) their contribution to the effectiveness of the
7.3q quality management system, including the benefits
1 of improved quality performance;
d) the implications of not conforming with the
quality management system requirements.

The organization shall determine the internal and

external communications relevant to the quality
management system including:
7.4q a) on what it will communicate;
1 b) when to communicate;
c) with whom to communicate;
d) how to communicate.

The organization’s quality management system

shall include:

a) documented information required by this

7.5.1 International Standard;
q1
b) documented information determined by the
organization as being necessary for the
effectiveness of the quality management system.

When creating and updating documented

information the organization shall ensure
appropriate:
a) identification and description (e.g. a title, date,
author, or reference number);
7.5.2 b) format (e.g. language, software version, graphics)
q1 and media (e.g. paper, electronic);

c) review and approval for suitability and adequacy.

 The organization shall plan, implement and control
the processes, as outlined in 4.4, needed to meet
requirements for the provision of products and
services and to implement the actions determined
in 6.1, by:

a) determining requirements for the product and

services;
b) establishing criteria for the processes and for the
acceptance of products and services;
8.1q
1 c) determining the resources needed to achieve
conformity to product and service requirements;

d) implementing control of the processes in

accordance with the criteria;

e) retaining documented information to the extent

necessary to have confidence that the processes
have been carried out as planned and to
demonstrate conformity of products and services to
requirements.

8.1q The output of this planning shall be suitable for the

2 organization's operations.

The organization shall control planned changes and

8.1q review the consequences of unintended changes,
3 taking action to mitigate any adverse effects, as
necessary.

The organization shall establish the processes for

communicating with customers in relation to:

a) information relating to products and services;

b) enquiries, contracts or order handling, including

changes;
8.2.1 c) obtaining customer views and perceptions,
q1 including customer complaints;
8.2.1
q1
d) the handling or treatment of customer property,
if applicable;
e) specific requirements for contingency actions,
when relevant.

The organization shall establish, implement and

8.2.2 maintain a process to determine the requirements
q1 for the products and services to be offered to
potential customers.

The organization shall ensure that:

a) product and service requirements (including

8.2.2 those considered necessary by the organization),
q2 and applicable statutory and regulatory
requirements, are defined;

b) it has the ability to meet the defined

requirements and substantiate the claims for the
products and services it offers.
The organization shall review, as applicable:
a) requirements specified by the customer,
including the requirements for delivery and post-
delivery activities;
b) requirements not stated by the customer, but
8.2.3 necessary for the customers' specified or intended
q1 use, when known;

c) additional statutory and regulatory requirements

applicable to the products and services;

d) contract or order requirements differing from

those previously expressed.
 This review shall be conducted prior to the
8.2.3 organization’s commitment to supply products and
services to the customer and shall ensure contract
q2 or order requirements differing from those
previously defined are resolved.

Where the customer does not provide a

8.2.3 documented statement of their requirements, the
q3 customer requirements shall be confirmed by the
organization before acceptance.

Documented information describing the results of

8.2.3 the review, including any new or changed
q4 requirements for the products and services, shall be
retained.

Where requirements for products and services are

8.2.3 changed, the organization shall ensure that relevant
q5 documented information is amended and that
relevant personnel are made aware of the changed
requirements.

Where the detailed requirements of the

organization’s products and services are not already
established or not defined by the customer or by
8.3.1 other interested parties, such that they are
q1 adequate for subsequent production or service
provision, the organization shall establish,
implement and maintain a design and development
process.

8.4.1 The organization shall ensure that externally

q1 provided processes, products, and services conform
to specified requirements.
The organization shall apply the specified
requirements for the control of externally provided
products and services when:
a) products and services are provided by external
providers for incorporation into the organization’s
own products and services;
8.4.1
q2
8.4.1
q2 b) products and services are provided directly to
the customer(s) by external providers on behalf of
the organization;

c) a process or part of a process is provided by an

external provider as a result of a decision by the
organization to outsource a process or function.

The organization shall establish and apply criteria

for the evaluation, selection, monitoring of
8.4.1 performance and re-evaluation of external
q3 providers based on their ability to provide
processes or products and services in accordance
with specified requirements.
The organization shall retain appropriate
documented information of the results of the
evaluations, monitoring of the performance and re-
8.4.1 evaluations of the external providers.
q4

8.5.1 The organization shall implement controlled

q1 conditions for production and service provision,
including delivery and post-delivery activities.

Controlled conditions shall include, as applicable:

a) the availability of documented information that

defines the characteristics of the products and
services;
b) the availability of documented information that
defines the activities to be performed and the
results to be achieved;

c) monitoring and measurement activities at

appropriate stages to verify that criteria for control
of processes and process outputs, and acceptance
criteria for products and services, have been met.
8.5.1
q2
8.5.1
q2 d) the use, and control of suitable infrastructure
and process environment;
e) the availability and use of suitable monitoring
and measuring resources;
f) the competence and, where applicable, required
qualification of persons;

g) the validation, and periodic revalidation, of the

ability to achieve planned results of any process for
production and service provision where the
resulting output cannot be verified by subsequent
monitoring or measurement;

h) the implementation of products and services

release, delivery and post-delivery activities.

8.5.2 Where necessary to ensure conformity of products

q1 and services, the organization shall use suitable
means to identify process outputs.

The organization shall identify the status of process

8.5.2 outputs with respect to monitoring and
q2 measurement requirements throughout production
and service provision.

Where traceability is a requirement, the

8.5.2 organization shall control the unique identification
q3 of the process outputs, and retain any documented
information necessary to maintain traceability.

The organization shall exercise care with property

belonging to the customer or external providers
while it is under the organization's control or being
8.5.3 used by the organization. The organization shall
q1 identify, verify, protect and safeguard the
customer’s or external provider’s property
provided for use or incorporation into the products
and services.
 When property of the customer or external
8.5.3 provider is incorrectly used, lost, damaged or
q2 otherwise found to be unsuitable for use, the
organization shall report this to the customer or
external provider.

The organization shall ensure preservation of

8.5.4 process outputs during production and service
q1 provision, to the extent necessary to maintain
conformity to requirements.

8.5.5 As applicable, the organization shall meet

requirements for post-delivery activities associated
q1 with the products and services.

In determining the extent of post-delivery activities

that are required, the organization shall consider:

a) the risks associated with the products and

services;
8.5.5
q2 b) the nature, use and intended lifetime of the
products and services;
c) customer feedback;

d) statutory and regulatory requirements.

The organization shall review and control

8.5.6 unplanned changes essential for production or
q1 service provision to the extent necessary to ensure
continuing conformity with specified requirements.

The organization shall retain documented

8.5.6 information describing the results of the review of
q2 changes, the personnel authorizing the change, and
any necessary actions.
The organization shall implement the planned
8.6q arrangements at appropriate stages to verify that
product and service requirements have been met.
1 Evidence of conformity with the acceptance criteria
shall be retained.
 The release of products and services to the
customer shall not proceed until the planned
arrangements for verification of conformity have
8.6q been satisfactorily completed, unless otherwise
approved by a relevant authority and, as applicable,
2 by the customer. Documented information shall
provide traceability to the person(s) authorizing
release of products and services for delivery to the
customer.

The organization shall ensure process outputs,

8.7q products and services that do not conform to
1 requirements are identified and controlled to
prevent their unintended use or delivery.

The organization shall take appropriate corrective

action based on the nature of the nonconformity
8.7q and its impact on the conformity of products and
2 services. This applies also to nonconforming
products and services detected after delivery of the
products or during the provision of the service.

8.7q Where nonconforming process outputs, products

and services are corrected, conformity to the
4 requirements shall be verified.
The organization shall retain documented
information of actions taken on nonconforming
8.7q process outputs, products and services, including
5 on any concessions obtained and on the person or
authority that made the decision regarding dealing
with the nonconformity.
The organization shall determine:

9.1.1
 a) what needs to be monitored and measured;
b) the methods for monitoring, measurement,
analysis and evaluation, as applicable, to ensure
9.1.1 valid results;
q1
c) when the monitoring and measuring shall be
performed;
d) when the results from monitoring and
measurement shall be analysed and evaluated.

The organization shall ensure that monitoring and

measurement activities are implemented in
9.1.1 accordance with the determined requirements and
q2 shall retain appropriate documented information as

evidence of the results.

9.1.2 The organization shall monitor customer

perceptions of the degree to which requirements
q1 have been met.

9.1.2 The organization shall obtain information relating

q2 to customer views and opinions of the organization
and its products and services.
9.1.2 The methods for obtaining and using this
q3 information shall be determined.

9.1.3 The organization shall analyse and evaluate

q1 appropriate data and information arising from
monitoring, measurement and other sources.

9.1.3 The results of analysis and evaluation shall also be

q3 used to provide inputs to management review.

The organization shall determine and select

10.1 opportunities for improvement and implement
q1 necessary actions to meet customer requirements
and enhance customer satisfaction.

This shall include, as appropriate:

a) improving processes to prevent nonconformities;
10.1
q2
10.1
q2 b) improving products and services to meet known
and predicted requirements;

c) improving quality management system results.

When a nonconformity occurs, including those

arising from complaints, the organization shall:

a) react to the nonconformity, and as applicable:

1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the
cause(s) of the nonconformity, in order that it does
not recur or occur elsewhere, by:
10.2. 1) reviewing the nonconformity;
1q1
2) determining the causes of the nonconformity;

3) determining if similar nonconformities exist, or

could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action
taken;
e) make changes to the quality management system,
if necessary.

10.2. Corrective actions shall be appropriate to the effects

1q2 of the nonconformities encountered.

The organization shall retain documented

information as evidence of:
10.2.
2q1 a) the nature of the nonconformities and any
subsequent actions taken;
b) the results of any corrective action.

10.3 The organization shall continually improve the

suitability, adequacy, and effectiveness of the
q1 quality management system.
 The organization shall consider the outputs of
10.3 analysis and evaluation, and the outputs from
q2 management review, to confirm if there are areas of
underperformance or opportunities that shall be
addressed as part of continual improvement.
 Reference Document name in
Audit Questions your system / Audit Evidence

How are the internal and external issues and

interested parties considered when planning for the
Departmental activities?

How are risks and opportunities determined and

addressed so that the QMS can::a) achieve its
intended results;b) Prevent or reduce undesired
effects;c) Achieve continual improvement?

How are actions planned to address risks and

opportunities?
How are actions integrated and implemented into
the QMS processes?
How do you evaluate the effectiveness of the
actions?

How are actions taken to address risks and

opportunities determined as being appropriate to
the potential impact on the conformity of products
and services?
Where are the quality objectives and are these at all
relevant functions, levels and processes?

Are they consistent with the quality policy?

Are they measureable?
Do they consider applicable requirements?

Are they relevant to the conformity of products and

services and do they enhance customer satisfaction?

Are they monitored? How? How often?

How are they communicated?
How are they updated?
Where is the documented information on the
quality objectives?

How does the organization determine what will be

done, with what resources, when completed and
how will results be evaluated for quality objectives?

How are changes to the QMS planned

systematically?

Demonstrate the purpose and potential

consequences of changes;

Demonstrate the integrity of the QMS;

Demonstrate how resources are made available?

Demonstrate how responsibility and authority is

allocated or reallocated.

How do you determine, provide and maintain the

environment for the operation of processes to
achieve products and service conformity?
How are the resources determined for ensuring
valid and reliable monitoring and measuring results,
where used?

How do you ensure that resources provided are

suitable for the specific monitoring and
measurement activities and are maintained to
ensure continued fitness for purpose?

Show me the documented information which is

evidence of fitness for purpose of monitoring and
measurement resources.

Where applicable, show me how measurement

instruments are:

Verified or calibrated at specified intervals against

national or international measurement standards;

If there are no standards, show me the documented

information which is used as the basis used for
calibration or verification.
Show me how measurement instruments are
identified to determine their calibration status.

Show me how they are safeguarded from

adjustments.
Show me how they are safeguarded from damage
and deterioration.
How do you determine the validity of previous
measurements if you find an instrument to be
defective during verification or calibration?
What appropriate
How do actions
you determine can you knowledge
necessary take? for the
operation of processes? How do you determine
necessary knowledge to achieve conformity of
products and services?
How do you maintain this knowledge and how do
you make it available to the extent necessary?

How do you consider current knowledge and how

do you acquire additional knowledge when
addressing changing needs and trends?

Show me how:
You determine the necessary competence of people
doing work under your control that affects quality
performance;

How do you determine competence on the basis of

appropriate education, training or experience?

How do you take actions to acquire necessary

competence where applicable and how do you
evaluate the effectiveness of those actions?
Show me documented information where
appropriate of competence.

How are people aware of:

The quality policy?
Relevant quality objectives?
Their contribution to the effectiveness of the QMS?

The benefits of improved performance?

The implications of not conforming with the QMS

requirements?

How do you determine internal and external

communications relevant to the QMS?

How do you determine:

What?
When?
With Whom?
How?
What documented information do you have as
required by this standard?

What documented information do you have as

being necessary for the effectiveness of your QMS?

Show me that your documented information

contains:

Identification;

Description;

In what media format?

Show me how the documented information is

reviewed and approved for suitability and adequacy.
How are processes needed to meet requirements for
provision of products and services planned,
implemented and controlled?

How are requirements for products and services

determined?
How is criteria for processes and acceptance for
products and services determined?

How are resources determined?

How is process control implemented?

Show me the documented information that shows

confidence in that the processes have been carried
out as planned and can demonstrate conformity of
products and services.

How have you determined that the output from the

planning process is suitable for your operations?

How do you control planned changes? How do you

review the consequences of unintended changes?
What action is taken to mitigate any adverse effects?

What are your processes for communicating with

customers? How do you communicate information
relating to:

Products;

Services;

Enquiries;
Contracts;

Order handling;
Customer views, perceptions and complaints;
Handling or treatment of customer property;
Specific requirements for contingency actions?
What is your process to determine the requirements
for products and services to be offered to potential
customers? How do you establish, implement and
maintain this process?

How do you define product and service

requirements including statutory and regulatory
requirements?

How do you ensure that you have the ability to meet

the defined requirements and substantiate any
claims for your products and services?

How do you review:

Customer requirements for delivery and post-

delivery?

Requirements necessary for customers’ specified or

intended use, where known;

Additional statutory and regulatory requirements

applicable to products and services;

Any other contract or order requirements.

Show me that the review is conducted prior to your
commitment to supply products and services to your
customers. How do you resolve contract or order
requirements which differ from those previously
defined?

How do you confirm customer requirements where

the customer does not provide a documented
statement?

Show me where you retain documented

information which describes results of the review
including any new or changed requirements.

Show me the documented information containing

changes to products and services. How do you
ensure that relevant personnel are made aware of
those changes?

How do you establish, implement and maintain a

design and development process (where detailed
requirements of your products and services are not
already established or defined by the customer or
other parties).

How do you ensure externally provided processes,

products and services conform to specified
requirements?
Show me how you apply specified requirements for
the control of externally provided products and
services when:
Products and services are provided by external
providers for incorporation into your own products
and services;
You provide products and services directly to
customers by external providers on your behalf;

A process or part-process is provided by an external

provider as a result of a decision to outsource a
process or function.

Show me how you establish and apply criteria for

evaluation, selection, monitoring of performance
and re-evaluation of external providers. How do you
assess their ability to provide processes or products
and services in accordance with specified
requirements?
What documented information do you have of the
results of evaluations, monitoring of performance
and re-evaluations of external providers?

What controlled conditions do you have for

production and service provision, including delivery
and post-delivery activities?

Can you show me controlled conditions for:

a) the availability of documented information

defining the characteristics of the products and
services;
b) the availability of documented information
defining the activities to be performed and the
results to be achieved;

c) monitoring and measurement activities at

appropriate stages to verify that criteria for control
of processes and process outputs, and acceptance
criteria for products and services, have been met.
d) the use, and control of suitable infrastructure and
process environment;
e) the availability and use of suitable monitoring and
measuring resources;
f) the competence and, where applicable, required
qualification of persons;

g) the validation, and periodic revalidation, of the

ability to achieve planned results of any process for
production and service provision where the
resulting output cannot be verified by subsequent
monitoring or measurement;

h) the implementation of products and services

release, delivery and post-delivery activities.

What means do you use to identify process outputs

to ensure conformity of products and services?

How do you identify the status of process outputs?

How do you control the unique identification of

process outputs, where applicable? What
documented information do you retain?

What care do you provide for customer or external

provider’s property while under your control?

How do you identify, verify, protect and safeguard

that property which is provided for use or
incorporation into your products or services?
What means do you use to report to the customer or
external provider if their property is incorrectly
used, lost, damaged or found to be unsuitable for
use? Preservation can include identification,
handling, packaging, storage, transmission or
transportation, and protection.

How do you ensure preservation of process outputs

during production and service provision to maintain
conformity to product requirements?

How do you meet requirements for post-delivery

activities associated with products and services?

How do you determine:

Risk;

Nature, use and intended lifetime;

Customer feedback;
Statutory and Regulatory requirements, when
determining the extent of post-delivery activities
required with products and services?

How do you review and control unplanned changes

to ensure continuing conformity with specified
requirements?

What documented information can you show me

which describes the results of reviews of changes,
the personnel authorizing change and any necessary
actions?

Show me how planned arrangement have been

implemented at appropriate stages to verify product
and service requirements have been met. Show me
what evidence you retain.
Show me how the release of products and services is
held until planned arrangements for verification of
conformity have been satisfactorily completed,
unless approved by a relevant authority, or the
customer if applicable. Show me documented
information which shows traceability to the person
authorizing release of products and services.

How do you identify and control process outputs,

products and services that do not conform to
requirements and prevent their unintended use or
delivery?

What appropriate corrective actions are taken based

on the nature of the nonconformity and its impact
on the conformity of products and services? How do
you apply this to nonconformity detected after
delivery?How you deal with nonconforming process
outputs, products and services in terms of:
(Correction;Segregation, containment, return or
suspension of provision of products and
services,Informing the customer,Obtaining
authorization for use as-is,Release, continuation or
re-provision of the products and service,Acceptance
under concession

How do you verify conformance where process

outputs, products and services are corrected
following nonconformance?

What documented information do you keep

following actions taken to address nonconformities,
including any concessions obtained and on the
person or authority that made the decision
regarding dealing with the nonconformance.
Show me how you determine:
What needs to be monitored and measured?

Methods for monitoring, measurement, analysis and

evaluation to ensure valid results?

When to perform monitoring and measuring?

When results shall be analysed and evaluated?

What documented information can you show me

that monitoring and measurement activities have
been implemented in accordance with determined
requirements?

How do you monitor customer perception of the

degree to which requirements have been met?

How do you obtain information relating to customer

views and opinions of your products and services?

What methods for obtaining and using this

information do you have?
Show me how you analyse and evaluate data and
information arising from monitoring, measurement
and other sources.
Show me where the results of analysis and
evaluation are used to provide inputs to
management review.

How do you determine and select opportunities for

improvement? What necessary actions have you
implemented so that you have met customer
requirements and enhanced customer satisfaction?

Show me how you have:

Improved processes to prevent nonconformities;
Improved products and services to meet known and
predicted requirements;

Improved QMS results.

When nonconformities occur, show me how;You

react;Take action to control and correct it;Deal with
the consequences;Evaluate the need for action to
eliminate the cause so that it does not recur or occur
elsewhere by:Reviewing the
nonconformity;Determining the cause of the
nonconformity;Determining if similar
nonconformities exist or could potentially
occur;Actions needed are implemented;Review the
effectiveness of corrective actions taken, if any;Make
necessary changes to the QMS.

Show me how correction actions were appropriate

to the effects of the nonconformities encountered.

What documented information can you show me

as evidence of:
The nature of the nonconformities and subsequent
actions taken;
The results of any corrective action.

Demonstrate that you continually improve the

suitability, adequacy and effectiveness of the QMS.
Demonstrate that outputs of analysis and evaluation
and the outputs from management review are
considered to confirm if there are areas of
underperformance or opportunities that shall be
addressed as part of continual improvement.
Audtior Remark
Ok
Action Required
NA
Opportunity for
improvement