





























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
How have the processes been determined and how do they interact? Q#. ISO 9001:2015 Clause. Audit Question. Audit Evidence. Page 2 ...
Typology: Schemes and Mind Maps
1 / 37
This page cannot be seen from the preview
Don't miss anything!






























4.1q1 (^) The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. How has the organization determined external and internal issues relevant to its purpose and strategic direction? How do these affect the ability to achieve the intended result of the QMS? 4.1q2 (^) The organization shall monitor and review the information about these external and internal issues. How do you monitor and review information about these internal and external issues? NOTE 1 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional or local. NOTE 2 Understanding the internal context can be facilitated by considering issues related to values, culture knowledge and performance of the organization.
4.2q1 (^) Due to their impact or potential impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine: a) the interested parties that are relevant to the quality management system; b) the requirements of these interested parties that are relevant to the quality management system. How have you determined what interested parties are relevant to the QMS? How have you determined what requirements those parties have that are relevant to the QMS? How has impact or potential impact been determined? 4.2q2 (^) The organization shall monitor and review the information about these interested parties and their relevant requirements. How do you monitor and review the information about interested parties and their relevant requirements?
4.3q1 (^) The organization shall determine the boundaries and applicability of the quality management system to establish its scope. How have the boundaries and applicability of the QMS been used to establish the scope of the organization?
4.3q2 (^) When determining this scope, the organization shall consider: a) the external and internal issues referred to in 4.1; b) the requirements of relevant interested parties referred to in 4.2; c) the products and services of the organization. How have: The external and internal issues; The requirements of relevant interested parties and; The products and services of the organization been considered when determining the scope of the organization? 4.3q3 Where a requirement of this International Standard within the determined scope can be applied, then it shall be applied by the organization. How has the application of the International Standard within the scope been determined, and how has it been applied by the organization? 4.3q4 (^) If any requirement(s) of this International Standard cannot be applied, this shall not affect the organization’s ability or responsibility to ensure conformity of products and services. How have any requirements of the International Standard been determined as not applicable? Show me how conformity of products and services are not affected by this. 4.3q5 (^) The scope shall be available and be maintained as documented information stating the:
4.4q1 (^) The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard. How has the QMS been established? Show me how this is implemented. How is it maintained and continually improved? How have the processes been determined and how do they interact?
5.1.1q1 (^) Top management shall demonstrate leadership and commitment with respect to the quality management system by: a) taking accountability of the effectiveness of the quality management system; b) ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the strategic direction and the context of the organization; c) ensuring that the quality policy is communicated, understood and applied within the organization; d) ensuring the integration of the quality management system requirements into the organization’s business processes; e) promoting awareness of the process approach; f) ensuring that the resources needed for the quality management system are available; g) communicating the importance of effective quality management and of conforming to the quality management system requirements; h) ensuring that the quality management system achieves its intended results; i) engaging, directing and supporting persons to contribute to the effectiveness of the quality management system; j) promoting continual improvement; k) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. Show me how top management demonstrates leadership and commitment w.r.t. the QMS by taking accountability of the effectiveness of the QMS. How is the quality policy and objectives established for the QMS and how are they compatible with the strategic direction and the organizational context? How is the quality policy communicated within the organization? Show me how this is understood and applied. How are the requirements of the QMS integrated into the business processes? How do you promote awareness of the process approach? How do you ensure that resources needed for the QMS area available? How do you communicate the importance of effective quality management? How do you communicate the importance of conforming to the QMS requirements? How do you ensure that the QMS achieves its intended results? How do you engage, direct and support people to contribute to the effectiveness of the QMS? How do you promote continual improvement? How do you support other relevant management roles to demonstrate leadership in their areas of responsibility? NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence; whether the organization is public, private, for profit or not for profit. 5.1.2 Customer focus
5.1.2q1 (^) Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that: a) customer requirements and applicable statutory and regulatory requirements are determined and met; b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed; c) the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements is maintained; d) the focus on enhancing customer satisfaction is maintained. Show me how top management demonstrates leadership and commitment w.r.t. customer focus ensuring requirements and applicable statutory and regulatory requirements are determined and met. How are risks and opportunities that can affect conformity of products and services determined? How is the ability to enhance customer satisfaction determined and addressed? How is the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements maintained? How is customer satisfaction maintained? 5.2 Quality policy
5.2.1q1 Top management shall establish, review and maintain a quality policy that: a) is appropriate to the purpose and context of the organization; b) provides a framework for setting and reviewing quality objectives; c) includes a commitment to satisfy applicable requirements; d) includes a commitment to continual improvement of the quality management system. How does top management establish, review and maintain a quality policy? How is it determined to be appropriate to the purpose and context of the organization? Does it provide a framework for setting and reviewing quality objectives? Does it contain a commitment to satisfy applicable requirements? Does it include a commitment to continual improvement of the QMS?
5.2.2q1 (^) The quality policy shall: a) be available as documented information; b) be communicated, understood and applied within the organization; c) be available to relevant interested parties, as appropriate. Where is the quality policy available as documented information? How is it communicated? Show me how it is understood and applied within the organization. How have you made it available to relevant interested parties?
5.3 Organizational roles, responsibility and authorities 5.3q1 (^) Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization. How does top management ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization?
6.2.2.1q 1 The organization shall ensure that personnel with product design responsibility are competent to achieve design requirements and are skilled in applicable tools and techniques. Applicable tools and techniques shall be identified by the organization. How do you determine that personnel with product design responsibility are competent to achieve design requirements? How do you determine skills required in applicable tools and techniques? How do you identify applicable tools and techniques? NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. 6.2 Quality objectives and planning to achieve them
6.2.1q1 (^) The organization shall establish quality objectives at relevant functions, levels and processes. The quality objectives shall: a) be consistent with the quality policy, b) be measurable; c) take into account applicable requirements; d) be relevant to conformity of products and services and the enhancement of customer satisfaction; e) be monitored; f) be communicated; g) be updated as appropriate. The organization shall retain documented information on the quality objectives. Where are the quality objectives and are these at all relevant functions, levels and processes? Are they consistent with the quality policy? Are they measureable? Do they consider applicable requirements? Are they relevant to the conformity of products and services and do they enhance customer satisfaction? Are they monitored? How? How often? How are they communicated? How are they updated? Where is the documented information on the quality objectives?
6.2.2q1 When planning how to achieve its quality objectives, the organization shall determine: a) what will be done; b) what resources will be required; c) who will be responsible; d) when it will be completed; e) how the results will be evaluated. How does the organization determine what will be done, with what resources, when completed and how will results be evaluated for quality objectives? 6.3 Planning of changes
6.3q1 (^) Where the organization determines the need for change to the quality management system (see 4.4) the change shall be carried out in a planned and systematic manner. The organization shall consider: a) the purpose of the change and any of its potential consequences; b) the integrity of the quality management system; c) the availability of resources; d) the allocation or reallocation of responsibilities and authorities. How are changes to the QMS planned systematically? Demonstrate the purpose and potential consequences of changes; Demonstrate the integrity of the QMS; Demonstrate how resources are made available? Demonstrate how responsibility and authority is allocated or reallocated.
7.1.1q1 (^) The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system. The organization shall consider: a) the capabilities of, and constraints on, existing internal resources; b) what needs to be obtained from external providers. Demonstrate how resources are determined for the establishment, implementation, maintenance and continual improvement of the QMS. Show me how the capabilities and constraints on internal resources are considered. Show me how needs from external providers are considered.
7.1.2q1 (^) To ensure that the organization can consistently meet customer and applicable statutory and regulatory requirements, the organization shall provide the persons necessary for the effective operation of the quality management system, including the processes needed. How do you provide persons necessary to consistently meet customer, applicable statutory and regulatory requirements for the QMS including the necessary processes?
7.1.5q4 (^) Where measurement traceability is: a statutory or regulatory requirement; a customer or relevant interested party expectation; or considered by the organization to be an essential part of providing confidence in the validity of measurement results; measuring instruments shall be: -verified or calibrated at specified intervals or prior to use against measurement standards traceable to international or national measurement standards. Where no such standards exist, the basis used for calibration or verification shall be retained as documented information; -identified in order to determine their calibration status; -safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results. Where applicable, show me how measurement instruments are: Verified or calibrated at specified intervals against national or international measurement standards; If there are no standards, show me the documented information which is used as the basis used for calibration or verification. Show me how measurement instruments are identified to determine their calibration status. Show me how they are safeguarded from adjustments. Show me how they are safeguarded from damage and deterioration.
7.1.5q5 (^) The organization shall determine if the validity of previous measurement results has been adversely affected when an instrument is found to be defective during its planned verification or calibration, or during its use, and take appropriate corrective action as necessary. How do you determine the validity of previous measurements if you find an instrument to be defective during verification or calibration? What appropriate actions can you take?
7.1.6q1 (^) The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. How do you determine necessary knowledge for the operation of processes? How do you determine necessary knowledge to achieve conformity of products and services? 7.1.6q2 (^) This knowledge shall be maintained, and made available to the extent necessary. How do you maintain this knowledge and how do you make it available to the extent necessary? 7.1.6q3 (^) When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access the necessary additional knowledge. How do you consider current knowledge and how do you acquire additional knowledge when addressing changing needs and trends?
NOTE 1 Organizational knowledge can include information such as intellectual property and lessons learned. NOTE 2 To obtain the knowledge required, the organization can consider: a) internal sources (e.g. learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the organization); b) external sources (e.g. standards, academia, conferences, gathering knowledge with customers or providers). 7.2 Competence 7..2q1 The organization shall: a) determine the necessary competence of person(s) doing work under its control that affects its quality performance; b) ensure that these persons are competent on the basis of appropriate education, training, or experience; c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; d) retain appropriate documented information as evidence of competence. Show me how: You determine the necessary competence of people doing work under your control that affects quality performance; How do you determine competence on the basis of appropriate education, training or experience? How do you take actions to acquire necessary competence where applicable and how do you evaluate the effectiveness of those actions? Show me documented information where appropriate of competence.
NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re- assignment of currently employed persons; or the hiring or contracting of competent persons. 7.3 Awareness 7.3q1 (^) Persons doing work under the organization’s control shall be aware of: a) the quality policy; b) relevant quality objectives; c) their contribution to the effectiveness of the quality management system, including the benefits of improved quality performance; d) the implications of not conforming with the quality management system requirements. How are people aware of: The quality policy? Relevant quality objectives? Their contribution to the effectiveness of the QMS? The benefits of improved performance? The implications of not conforming with the QMS requirements? 7.4 Communication
7.5.3.2q 1 For the control of documented information, the organization shall address the following activities, as applicable: a) distribution, access, retrieval and use; b) storage and preservation, including preservation of legibility; c) control of changes (e.g. version control); d) retention and disposition. When controlling documented information, how do you address: Distribution; Access; Retrieval; Use; Storage and preservation; Legibility; Control of changes; Retention and disposition.
7.5.3.2q 2 Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and controlled. How do you identify as appropriate and control documented information of external origin which you have determined as necessary for the QMS
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
8.1q1 (^) The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1, by: a) determining requirements for the product and services; b) establishing criteria for the processes and for the acceptance of products and services; c) determining the resources needed to achieve conformity to product and service requirements; d) implementing control of the processes in accordance with the criteria; e) retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements. How are processes needed to meet requirements for provision of products and services planned, implemented and controlled? How are requirements for products and services determined? How is criteria for processes and acceptance for products and services determined? How are resources determined? How is process control implemented? Show me the documented information that shows confidence in that the processes have been carried out as planned and can demonstrate conformity of products and services.
8.1q2 The output of this planning shall be suitable for the organization's operations. How have you determined that the output from the planning process is suitable for your operations? 8.1q3 (^) The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. How do you control planned changes? How do you review the consequences of unintended changes? What action is taken to mitigate any adverse effects? 8.1q4 (^) The organization shall ensure that outsourced processes are controlled in accordance with 8.4. How do you control outsourced processes? 8.2 Determination of requirements for products and services
8.2.1q1 (^) The organization shall establish the processes for communicating with customers in relation to: a) information relating to products and services; b) enquiries, contracts or order handling, including changes; c) obtaining customer views and perceptions, including customer complaints; d) the handling or treatment of customer property, if applicable; e) specific requirements for contingency actions, when relevant. What are your processes for communicating with customers? How do you communicate information relating to: Products; Services; Enquiries; Contracts; Order handling; Customer views, perceptions and complaints; Handling or treatment of customer property; Specific requirements for contingency actions?
8.2.3q5 (^) Where requirements for products and services are changed, the organization shall ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements. Show me the documented information containing changes to products and services. How do you ensure that relevant personnel are made aware of those changes?
8.3 Design and development of products and services
8.3.1q1 (^) Where the detailed requirements of the organization’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organization shall establish, implement and maintain a design and development process. How do you establish, implement and maintain a design and development process (where detailed requirements of your products and services are not already established or defined by the customer or other parties). NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes for production and services provision. NOTE 2 For services, design and development planning can address the whole service delivery process. The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 together.
8.3.2q1 (^) In determining the stages and controls for design and development, the organization shall consider: a) the nature, duration and complexity of the design and development activities; b) requirements that specify particular process stages, including applicable design and development reviews; c) the required design and development verification and validation; d) the responsibilities and authorities involved in the design and development process; e) the need to control interfaces between individuals and parties involved in the design and development process; f) the need for involvement of customer and user groups in the design and development process; g) the necessary documented information to confirm that design and development requirements have been met. When determining the stages and control for design and development, show me how you consider: The nature, duration and complexity of the activities; Requirements that specify particular process stages including applicable reviews; Required verification and validation; Responsibilities and authorities; How interfaces are controlled between individuals and parties; The need for involvement of customer and user groups. Show me documented information that confirms design and development requirements have been met.
8.3.5q1 (^) The organization shall ensure that design and development outputs: a) meet the input requirements for design and development; b) are adequate for the subsequent processes for the provision of products and services; c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable; d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use. How do you ensure that design and development outputs: Meet the input requirements for design and development? Are adequate for the subsequent processes for the provision of products and services? Include or reference monitoring and measuring requirements, and acceptance criteria, as applicable? Ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use? 8.3.5q2 The organization shall retain the documented information resulting from the design and development process. Show me the documented information which results from the design and development process.
8.3.6q1 (^) The organization shall review, control and identify changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements. How do you review, control and identify changes made to the design inputs and outputs during design and development of products and services ensuring no impact on conformity to requirements? 8.3.6q2 Documented information on design and development changes shall be retained. Show me the documented information for design and development changes.
8.4 Control of externally provided products and services
8.4.1q1 (^) The organization shall ensure that externally provided processes, products, and services conform to specified requirements. How do you ensure externally provided processes, products and services conform to specified requirements? 8.4.1q2 The organization shall apply the specified requirements for the control of externally provided products and services when: a) products and services are provided by external providers for incorporation into the organization’s own products and services; b) products and services are provided directly to the customer(s) by external providers on behalf of the organization; c) a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function. Show me how you apply specified requirements for the control of externally provided products and services when: Products and services are provided by external providers for incorporation into your own products and services; You provide products and services directly to customers by external providers on your behalf; A process or part-process is provided by an external provider as a result of a decision to outsource a process or function.
8.4.1q3 (^) The organization shall establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements. Show me how you establish and apply criteria for evaluation, selection, monitoring of performance and re-evaluation of external providers. How do you assess their ability to provide processes or products and services in accordance with specified requirements? 8.4.1q4 The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re- evaluations of the external providers. What documented information do you have of the results of evaluations, monitoring of performance and re- evaluations of external providers?
8.4.2q1 (^) In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organization shall take into consideration: a) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements; b) the perceived effectiveness of the controls applied by the external provider. How do you determine the controls applied to the external provision of processes, products and services and take into consideration: a) The potential impact of the externally provided processes, products and services on the ability to consistently meet customer and applicable statutory and regulatory requirements? b) The perceived effectiveness of the controls applied by the external provider? 8.4.2q2 The organization shall establish and implement verification or other activities necessary to ensure the externally provided processes, products and services do not adversely affect the organization's ability to consistently deliver conforming products and services to its customers. What verification or other activities do you have to ensure externally provided processes, products and services do not adversely affect your ability to consistently deliver conforming products and services to your customers? 8.4.2q3 (^) Processes or functions of the organization which have been outsourced to an external provider remain within the scope of the organization’s quality management system; accordingly, the organization shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resulting process output. When processes or functions have been outsourced to external providers, how do you consider a) and b) in 8.4.1 and how do you define the controls intended to be applied to the external provider and to the resulting process output?