Tags Posts tagged with "ISO 9001"

ISO 9001

by -
ISO Implementation Process

Preparing for an ISO implementation process of any ISO standard can be overwhelming and stressful for organizations of any size. How an organization prepares for an ISO implementation process will depend on factors such as size and complexity of its processes, the current knowledge and culture related to the standard; i.e., quality, environmental, safety, etc; the maturity of any other existing systems related to the standard wishing to implement, and many others.

6 Tips to Facilitate the ISO Implementation Process

Despite the differences there may be between organizations, there are a few tips that will facilitate the ISO implementation process of any management system.

Know the Standard

It is essential that some personnel knows the management system’s requirements. Everyone does not need to be an expert on the requirements of the specific standard that will be implemented, but key workers need to fully know and understand all of the requirements of the standard.

Keep Everyone Informed

The implementation process is not a task of just a few chosen ones. Everyone needs to be involved in this process. Every worker needs to know what is being implemented, why is it being implemented, which are the benefits for the organization and for themselves, and how they will be involved in the process. When people are informed, they will be more open and willing to collaborate in the implementation.

Analyze the Organization’s Current Situation

Before starting to implement any ISO management system, an organization needs to know its level of compliance with the standard. This will allow the organization to understand beforehand its strengths and weaknesses regarding the ISO management system wishing to implement and estimate the time needed for implementation.

Map Your Processes

Establish and record current processes in order to know the relationships between departments and how the processes flow within the organization. This will allow organizations to plan their implementation by processes and not just by areas and departments.

Review Existing Procedures and Work Instructions

Many processes need written and documented information that will guarantee that activities are carried out in the correct manner. Organizations need to review which processes are documented and how many work instructions there are. It is not the same to develop a few documents and just review work instructions than to develop them from scratch. Organizations need to have an idea of how much time they will have to invest in developing and reviewing documents.

Review Current Training Programs

Evaluate existing training and awareness programs. Training and awareness are an important part in the implementation process and if an organization has not considered training its workers, it would be best to redefine these programs to make sure that a large percentage of workers are trained and informed about policies, procedures, regulations, etc that will be a part of their daily activities.

These are some recommendations that will help your organization prepare for the ISO implementation process of any ISO management system.

Note: Make sure that the whole organization is working for the same objectives and pulling in the same direction.

by -

Improving your Quality Management System is simpler than you think. By learning about ways to improve, you are already well on your way to achieving success with your organization or auditor training. Follow these 10 simple suggestions and you will see changes.

10 Simple Ways to Improve your Quality Management System

1. Commit to improvement

For any QMS to improve, it is essential that everyone is committed to seeking problems, evaluating efficiency and effectiveness of processes and implementing better and improved ideas. Management should be the first to make this commitment and if management “walks the talk” then everyone will follow.

2. Analyse and assess current QMS

Organizations need to take a closer look at their current practices in order to identify any gaps between what is being done and what should be done. This can be achieved by interviewing workers in critical control points, reviewing procedures and records and observing how processes are occurring. Any steps that are not adding value to the process, the system or the organization must be identified, removed or improved.

3. Include everyone in training programs

A QMS is not the responsibility of one person or one department. Everyone must be involved in improving the quality of products, services and processes.

Organizations should establish a training program for new employees and existing ones.  These programs should promote knowledge, produce skills and capacities and reduce resistance when implementing new ideas for improvement.

4. Define clear goals and objectives

QMS should aim at achieving specific goals. If a clear path is not drawn, there’s a risk that people will be working real hard but in different directions. Time should be spent in assuring everyone knows these goals, how they’ll be achieved, how they’re measured and periodically they should be informed of where the organization is standing in relation to these goals.

5. Use the correct key performance indicators

Organizations need to carefully select and review their KPI’s (Key Performance Indicators). KPI’s let an organization know how efficient and effective processes are, and indicate where possible problems could be. If they are not giving a real overall picture of where the organization is at regarding quality, then another look should be taken to change or improve what and how performance is being measured.

6. Listen to the suggestion

Create a system that will promote workers and customers to share improvement ideas. Many great improvement ideas come directly from the people processing a product or the people that actually use it.

7. Give credit

Giving credit to those who deserve it encourage participation throughout the organization and motivates workers by recognizing their work and their ideas. Compensation or recognition should not necessarily be monetary, a simple public recognition in working meetings to can have great effects in lifting workers morale.

8. Make the system simple

A QMS that is extremely complex and overloaded with documents is not necessarily the best one. If documents and procedures are long and complicated, it is very likely that people will never use them.

Evaluate the system and make sure that it makes sense and that it’s as simple as possible.

9. Create quality groups

Some organizations face difficulty with workers from different departments or areas that are reluctant with sharing information. By bringing together people from different areas to evaluate processes and recommend improvements, an open and more effective communication can be achieved between areas that operationally seem to be apart.

10. Have a quality attitude

In order to reach the goals that have been set, organizations need to identify and detect problems and weaknesses but they must focus on improvements. If managers are constantly focusing on failures and defects and not on how to remove or improve them, the right attitude and mindset for quality will never be achieved.

Learn how to prepare your company for the ISO Implementation Process.

by -
Top 10 Mistakes Made in Managing an ISO 9001 System - ISOUpdate.com

Here are some of the most common mistakes made by organizations when managing an ISO 9001 system:

Mistake 1. Top management is not committed to the ISO 9001 system.  If top management is not involved in quality, if they don’t provide the resources and mechanism to plan, control and improve their products, services and processes, ISO 9001 can not be sustained over time. It’s essential for top management to take decisions that demonstrate that quality, improvement and customer satisfaction are an important issue.



Mistake 2. Not training key personnel in ISO 9001. Not knowing what ISO 9001 is all about can be a big mistake. It is important for organizations to train key personnel (someone who has a decision-making role) in ISO 9001, in order to understand what ISO 9001 really is and what it requires. Not knowing nor understanding ISO 9001 can take organizations through a path of disappointment and despair.

Mistake 3. Not training all personnel. Everyone must receive training on the important quality aspects of the activities and processes they work in. Everyone must understand the importance of quality and how they can achieve it. The training must be consonant with their responsibilities and the activities they perform.

Mistake 4. Making the system complex. If the organization is working to keep the system alive, it is a sign that it is too complex and all the work of filling out forms and documenting procedures is not adding value to the organization. The system must be kept simple and practical, and it should focus on results and improvements, and not on documents.

Mistake 5. Not using the corrective action process properly. Organizations need to take the time to investigate their problems and involve the right people in the investigation process. Most problems are recurrent, so using the corrective action process correctly will reduce or eliminate their recurrence.

Mistake 6. Not knowing what customers want. One of the objectives of ISO 9001 is to improve or increase customer satisfaction, and if organizations do not take the time to listen to their customers, they will not be able to reach this goal. A long and complicated survey is not necessary nor recommended, just by asking a few key questions will give organizations enough information to determine and plan for changes that will aim to fulfill this goal.

Mistake 7. Rushing into the implementation process. To build a solid ISO 9001 management system takes work and time.Trying to implement the system in a short time will be counterproductive. Organizations need to take the necessary time to plan, do, check and act in order to implement a system that will improve their products, services and processes.

Mistake 8. Not having a trained and experienced internal auditor. In many cases, internal auditors lack the necessary training and experience to distinguish small details from big issues in the QMS. Auditors need to focus on the issues that will help organizations improve their processes and the system itself.

Mistake 9. Believing that what works for one organization will work for their own. Every organization is different and what may work for one, may not work for another. Organizations need to focus on their specific context in order to build and develop their management system around it.

Mistake 10. Leaving the responsibility of the QMS to one person. ISO 9001 needs to be the work of an entire organization. If people do not take ownership of the QMS, it will not work out. People need to incorporate quality in their work and activities and an outsider will not achieve that. Guidance and training is needed, but if quality is not done on a daily basis in every process then the system will never add value to the organization.



by -
Procedures for ISO 9001:2015

ISO 9001:2015 does not identify any required documented procedures, at least not as it was required in the 2008 version of the standard. The new standard refers to requirements of “documented information” and in the clause 7.5 it states that:

The organization’s quality management system must include:

  1. Documented information required by this International Standard;
  2. Documented information determined by the organization as being necessary for the effectiveness of the quality management system.



Throughout the new version of the standard, there are a number of references for organizations to maintain and retain documented information. It can be inferred that where the standard states that the organization is required to maintain documented information sufficient to support the operation of processes it is implying the need of documented procedures.

The specific procedures required for the quality management system will depend on the organization itself. The standard also states that:

The extent of documented information for a quality management system can differ from one organization to another due to the:

  1. Size of organization and its type of activities, processes, products, and services;
  2. Complexity of processes and their interactions;
  3. Competence of persons

Each organization will need to identify which procedures are essential for the correct operation of their processes in order determine which ones they’ll need to create. If an organization does not have any documented procedures, it will need to demonstrate how people know what to do and show acceptable evidence to support that their processes are carried out effectively without them.

Organizations that have already implemented ISO 9001 will not need to throw away the procedures that are in place. If these procedures serve as a useful tool within the organization, they should be maintained. However, the new standard presents an opportunity for organizations to take a second look at the procedures that are part of their management system in order to determine which add value to the system and which don’t.

Organizations wishing to be certified with ISO 9001:2015 must meet all of the requirements within a standard, including those regarding documented information, and they must be able to show evidence that they have all the necessary procedures in place.



by -
Difference Between Stage 1 & Stage 2 Audits - ISOUpdate.com

Small and large organizations recognize that the implementation of an ISO 9001 quality management system (QMS) in their processes gives them a competitive value. However, the task of implementing and successfully obtaining the certification requires time and money. Therefore, a popular question when deciding to implement is “What is the Cost to Implement ISO 9001?”

2 Costs of Implementing ISO 9001

There are 2 kinds of costs associated with the implementation of ISO 9001

These are:

  1. The costs for the implementation.
  2. The costs for the certification.



Costs of Implementing ISO 9001

In order to effectively estimate the cost for implementation, an organization will have to go through a gap analysis or assessment.

However, there are 3 main factors that an organization should take into account when estimating cost:

  1. The size and complexity of the organization. Is it a small single location organization? or is it a large company  with processes such as design, manufacture, installation, test, etc.?
  2. The type of quality system that is currently in use. Does it have a structured and disciplined system in place? Is the system documented, and how well?
  3. The time that staff and other members of the organization have to devote to the project. Will the organization create everything with its current members? Will it hire someone to guide them? Or, will it hire an ISO consultant to complete the entire process?

The major cost items that every organization needs to consider when implementing ISO 9001 are:

  • Training managers to get them to understand the requirements of ISO 9001
  • Assessment of current quality control practices and creating additional testing facilities routine if necessary
  • Renew the workspace, equipment, machines, public services, supporting facilities, etc, if necessary
  • Review and revamping arrangements for the handling and storage of raw materials, semi-finished and finished products, as appropriate necessary and safe
  • Review existing procedures / practices and listing of new procedures, checklists and records to be prepared
  • Development of QMS related documents
  • Conduct outreach activities of everyone who has roles and responsibilities for implementing the QMS
  • The various expenses such as word processing, stationery and other supplies necessary for the production of manuals, procedures and the like

Costs of ISO 9001 Certification

Regarding the cost of initial certification and costs associated with maintaining certification the main cost items are:

  • Registration and certification fee payable to the certification for a period of three years
  • Fees for the two-stage audit visit nominated by the certification body
  • Audit Committees regularly monitored by the certification agency nominated
  • Travel, accommodation and meals for auditor(s) of certification

The implementation and consequent maintenance of a QMS based on ISO 9001 is an investment of time and money for any organization. The success of the system will rely mainly in the commitment of all its members, especially on how senior management is committed to making ISO 9001 an effective tool to integrate their processes, continuously improve their QMS, and satisfy their customer’s expectations.



by -
How to Prepare for a Successful ISO 9001:2015 Audit - ISOUpdate.com

No matter how many audits someone has gone through, knowing that someone will be auditing your work always generates some tension and anxiety. Here are some recommendations from The Registrar Company, a North American Certification Body with over 20 years of auditing experience, to help your organization prepare for a successful ISO 9001:2015 audit.

Prepare Employees

  • Quality Policy – Review the quality policy, refresh it if needed, and make sure everyone understands it. There is no need for workers to memorize the policy, but they should have a clear understanding of what the organization has committed to in terms of quality.
  • Quality Objectives – Workers should know what the organization’s quality objectives are and how they themselves contribute to achieving them. Employees should know and be able to explain how their day to day activities can influence these objectives.
  • Training – Ensure that everyone has been properly trained to perform their tasks.
  • Documented Information – Make sure everyone knows where to find current copies of procedures, work instructions, and forms that are relevant to their position.
  • Audit Schedule – Let everyone know the scope of the audit, when they will be audited, and what the auditor may be checking in their areas.
  • Interviews – Workers should have the confidence to answer what they know, and have the same confidence to say ‘’I don’t know” when they are not sure how to respond during an audit.

Review Documented Information

  • Make sure document and record listings are up-to-date.
  • Check that all documents have been reviewed, approved, communicated, and followed by everyone involved in the process or activity.
  • Ensure obsolete documents have been removed from circulation and are no longer in use.
  • Verify that all records are being used correctly.

Ensure all Processes are Being Performed Correctly

  • Make sure that all procedures (whether they are documented or not) are being followed.
  • Ensure that critical processes are being performed in the same way (the correct way) by everyone.

Review Corrective Action Process

  • Review the findings from previous audits and make sure they have been addressed.
  • All non-conformities must be properly recorded, investigated, and actions need to be in place or concluded by the time of the audit.
  • Corrective actions that have been executed and closed should also have been verified for effectiveness.

Organize the Workplace

  • It is difficult for quality control and assurance to take place in an untidy, dirty, or unorganized workplace. Take time to organize the workplace (offices, desks, warehouse, workshop floor, etc.).
  • Make sure records, forms, procedures, and any relevant documents are on-hand or easy to access.

Practice Positivity and Professionalism

  • Make a good first impression – treat auditors professionally and with respect.
  • Do not be predisposed. Auditors are not enemies, they are there to establish conformance and to help your organization uncover any weaknesses so that you can take the necessary actions to improve.

The Registrar CompanyTRC is internationally recognized and trusted. With a large network of auditors, TRC is an international certification body with local benefits. With dedicated Client Services Managers and family-owned and entrepreneurial values, our clients are family. We take the time to understand your business and your unique needs. TRC audits are more than a checklist, we highlight your corporate strengths, and find opportunities for improved processes to ensure you stay competitive and thriving. TRC works with you to ensure minimal disruptions so you receive the highest benefits from the auditing process.



by -

In many organizations (manufacturing or services) the processes present variability, this means they are not completely stable. The ISO 10017 standard seeks to help organizations in the identification of statistical techniques which can be useful in the development, implementation, maintenance and improvement of a quality management system, in compliance with the ISO 9001:2015 standard requirements.

Variability can be confirmed in those quantifiable characteristics of the products and processes, and can be observed at the exit of various stages in the total life cycle of the products.

The main benefit of the application of statistical techniques is they facilitate the measurement, description, analysis and interpretation of variability in the processes, even with a relatively limited amount of data. In fact, statistical analysis of this data can provide a greater understanding of the nature, extent, and causes of variability. This contributes to solve and even prevent problems that could result from such variability.

This is how statistical techniques become tools for the proper handling and use of data available for decision-making, which undoubtedly contributes to the continuous improvement of the quality of products and processes to achieve Customer Satisfaction. These techniques can be applied in various activities, such as market research, design, development, production, verification, installation and service.



ISO 10017: Guidance on statistical techniques for the ISO 9001 standard

The ISO 10017 standard is a technical report that aims to guide and assist any organization in the consideration and selection of statistical techniques appropriate to their needs. It should be noted that the criteria for determining the need for statistical techniques, and the appropriateness of the techniques selected, is a decision subject to each company. The aforementioned techniques can be useful in the development, implementation, maintenance and improvement of a quality management system in compliance with the ISO 9001 standard.

To this end, it is essential that the requirements of the ISO 9001 standard which involve the use of quantitative data are examined, and in this way, the statistical techniques that are useful in applying them to these data are identified and described.

The ISO 10017 standard clarifies that its content of statistical techniques is not complete or exhaustive, and does not exclude the use of any other technique which may be considered beneficial for the organization. It does not try to establish which techniques should be used, nor does it advise on how to implement them. Even this standard specifies that statistical techniques can be applied from qualitative data as long as they can be transformed into quantitative data.

Major statistical techniques that can be used by organizations

  • Descriptive statistics
  • Design of experiments
  • Hypothesis test
  • Measurement analysis
  • Process capacity analysis;
  • Regression analysis
  • Reliability analysis
  • Sampling
  • Simulation
  • Statistical process Control charts (CEP);
  • Fixation of statistical tolerances;
  • Time-series analysis.

From this group of techniques, descriptive techniques (including graphical methods) are an important aspect of many of these techniques.

Application of statistical techniques in accordance with ISO 9001:2015 standard

The chapters in which statistical techniques are required to be applied in accordance with ISO 9001:2015 are as follows:

Chapter 6: Planning, in number 6.1. Actions to address risks and opportunities

Chapter 7: Support, in the numeral 7.1.5. Monitoring and measuring resources

Chapter 9: Performance evaluation, in numeral 9.1. Monitoring, measurement, analysis and evaluation

Definitively, the use and application of statistical techniques is essential for organizations, because decision-making must be based on objective data.

by -

The Benefits of Integrated Management Systems: Guest article from Steve Tyler, CEO & Founder of BusinessDocsOnline

Are your Business Management Systems still operating in Silos?

If so then you may want to think about adopting a more integrated approach…


Working in Silos?

There comes a point in the development of many organisations when they need to obtain some form of certification, and for the majority they will probably implement a management system for either Quality or Health & Safety.

There then follows a period of time where their requirements for certification will be covered with a single management system.

However, once an organisation grows to a point where it requires more than one management system, then that is the time for top management to step back and consider adopting a more integrated approach.

Yet too many organisations miss this opportunity and implement their management systems as stand-alone platforms. They then end up with individual management systems being used in silos.

For some organisations, working in silos may be the most suitable way to function, and there may be operational reasons why this approach works best for them.

But working in silos also has a downside…

Silo Mentality (as defined by the Business Dictionary):

“a mind-set present when certain departments or sectors do not wish to share information with others in the same company. This type of mentality will reduce efficiency in the overall operation, reduce moral, and may contribute to the demise of a productive company culture.”
Whilst an integrated management system may not work for every organisation, for many the long-term benefits will far outweigh the short-term effort required to move forward.

So why not integrate your management systems and eliminate all the inefficiencies and duplication of activities that are part and parcel of having individual systems and working in silos?

But how easy is this to achieve?

The PDCA Cycle: – Plan – Do – Check – Act

With the latest release of ISO 9001:2015, this revised standard aims to further develop the “Risk Based Thinking” approach within an organisations. It also brings two other aspects into the management system arena that are going to redefine the future of management systems. One of these is Annex SL and the other is the PDCA cycle.

Lets come back to Annex SL later, and deal with the PDCA cycle first. Within ISO 9001:2015 this functions as follows:

Plan

Top Management must assess the risks & opportunities that may impact on the organisation and carry out the planning required to ensure these risks do not affect the organisations ability to deliver its “desired outputs”. Exploiting any opportunities that have been identified must also be planned.

Do

Process activities must be carried out in such a way as to ensure they are aligned with the outputs of the planning processes.

Check

Top Management must review & measure the organisations performance against their objectives.

Act

Top Management must also plan & implement any actions that will deliver continual improvement.

Whilst the “desired outputs” of each organisation are quite unique, one way or another they all lead back to Customer Satisfaction. Once Customer Satisfaction can be monitored, it can be measured. And as the saying goes – “What gets measured gets done….”

So we can see how the PDCA cycle works for a Quality Management System, but this is really just the tip of the iceberg.

This PDCA cycle can now be applied to just about every other ISO standard, including Health & Safety [45001]*, Environmental [14001:2015] and Information Security Management [27001], and every system you implement can follow the same structure.

The net result here is that it is now possible to implement an integrated management system that combines Quality, Environmental, Health & Safety and Information Security.

But can they be that much more effective if they are integrated?

The Benefits of Integrated Management Systems

Once an organisation has decided to integrate their management systems then it’s at this point they can start to see the real benefits.

Organisations that have already implemented a single management system based around the PDCA cycle will find it up to 50% quicker when they come to implement their next management system.

The PDCA Cycle means it is possible to integrate your management systems into one platform, and organisations can now implement a single solution that controls all of the following:

  • Risks & Opportunities for Product & Services
  • Customer Requirements & Satisfaction
  • Environmental Impacts
  • Health & Safety Hazards
  • Information Security Integrity

With this integrated approach, much of what is needed from the management team can now be done under one umbrella, and top management can now take a broader view of their organisation whilst undertaking the following activities:-

  • Planning
  • Assessments of Risk & Opportunities
  • Internal Audits
  • Management Reviews
  • Continual Improvement

The end result is that:

  • The organisation can now be managed using joined-up thinking.
  • Auditing models can be revised to provide a much broader remit, but with fewer audits.
  • KPI’s & SMART objectives can now become more aligned.

But just how well are all the different standards able to interact, and how easy is it to implement a single integrated platform across 2, 3 or 4 different management systems?

That’s where Annex SL comes in…

What is Annex SL?

Annex SL is an ISO document that defines a high level structure [HSL] for the framework of a generic management system.

It was first published by ISO’s Technical Management Board (TMB) in 2012 and the recent release of ISO 9001:2015 has been revised to align with Annex SL.

Annex SL has arrived with a vengeance with the latest version of ISO 9001:2015, and is now here to stay.

In the future, all new ISO management system standards will adhere to the Annex SL framework and all current management system standards will migrate to it at their next revision.

As a result of the introduction of Annex SL, all ISO management system standards will become more consistent, and hence more compatible. They will share the same look and feel, having been built on a common foundation. The structure of all management systems will now include the following sections:

  • Context of the Organisation
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

There are common core definitions too; the following words will have the same interpretations across all Annex SL standards:

  • organisation
  • interested party (preferred term)
  • stakeholder (admitted term)
  • requirement
  • management system
  • top management
  • effectiveness
  • policy
  • objective
  • risk
  • competence
  • documented information

  • process
  • performance
  • outsource (verb)
  • monitoring
  • measurement
  • audit
  • conformity
  • nonconformity
  • correction
  • corrective action
  • continual improvement

Annex SL represents the beginning of the end of the conflicts, duplication, confusion and misunderstanding arising from subtly different requirements across the various management system standards.

Auditors now face the challenge of focusing their own, and their clients’, thinking on viewing organisations’ management systems holistically.


About BusinessDocsOnline

by -
What Does Schedule 16 of Bill 70 Really Mean for Companies in Ontario?

On the 8th of December in 2016 Schedule 16 of Bill 70, the Building Ontario Up for Everyone Act (Budget Measures), 2016, gained royal assent and its amendments to the Occupational Health and Safety Act came into effect:

Schedule 16 – Occupational Health and Safety Act – says:

“The Schedule amends the Occupational Health and Safety Act to give the Chief Prevention Officer the power to accredit health and safety management systems, and to give recognition to employers who use accredited health and safety management systems. The Chief Prevention Officer may also establish standards and criteria that must be met by health and safety management systems or employers in order to receive accreditation or recognition. Related amendments are also made.”

What Schedule 16 Means

What this means in a nutshell is that once the CPO (Chief Prevention Officer) has defined the requirements through bill 70 for an accredited health and safety management system, companies could then become certified to that system. Certified companies that are then able to demonstrate their commitment to using a coordinated system to improve their OHAS would then be able to benefit from things such as reduced routine inspections through the MOL.

In addition, the CPO will need to put in place a system that will recognize and incentivize companies to become certified. Details of those companies and their performance can then be made publicly available through the CPO.

Currently the CPO has not yet released any standards for accredited health and safety management systems and has said that they will be holding an “extensive consultation” to develop an “accreditation standard and employer recognition program”. Until the CPO actually defines the standards for accredited health and safety systems, the changes implemented by this act will have no real effect on anyone.



ISO 45001 as a Framework for OHS Standards in Ontario

Of course, an accredited standard is currently on the verge of being released should the CPO want to use the framework provided by ISO. The new standard ISO 45001 Occupational health and safety management system – requirements will follow a similar framework to that of ISO 9001 and 14001 giving companies an accredited standard against which they can be certified by a third party. This new worldwide standard will become available hopefully towards the end of 2017.

Assuming that this will meet the expectations of the CPO and interested parties then this would be a perfect way for companies to start putting in place processes, procedures, and other measures to drive continuous improvement in occupational health and safety.

by -

Documented Information for ISO 9001:2015

As we move into the final months for transitioning to ISO 9001:2015, many companies are still asking themselves what documentation is required. Back with the 2008 release, most companies were comfortable with the six mandatory procedures that were expected of them as well as the need for a quality policy and manual. The update to 2015 has however removed the requirement for a quality manual and blurred the distinction between procedures and records.



With the new release, both documents and records are termed “documented information” and must be controlled and maintained. This is what will form the evidence required to show that you are conforming to the requirements of your quality management system.

Clause 4.4 of ISO 9001 requires your organization to maintain the documented information that is required to support the operation of your processes and to retain that information to be able to have confidence that those processes are being completed as planned.

So what is required by the standard?

The following is a clause-by-clause breakdown of what is required by the standard. However, some of these clauses can be excluded if the company does not perform the relevant processes:

Mandatory records:

  • 7.1.5.1 – Monitoring and measuring equipment calibration records
  • 7.2 – Records of training, skills, experience and qualifications
  • 8.2.3.2 – Product/service requirements review records
  • 8.3.2 – Record about design and development outputs review
  • 8.3.3 – Records about design and development inputs
  • 8.3.4 – Records of design and development controls
  • 8.3.5 – Records of design and development outputs
  • 8.3.6 – Design and development changes records
  • 8.5.1 – Characteristics of product to be produced and service to be provided
  • 8.5.3 – Records about customer property
  • 8.5.6 – Production/service provision change control records
  • 8.6 – Record of conformity of product/service with acceptance criteria
  • 8.7.2 – Record of nonconforming outputs
  • 9.1.1 – Monitoring and measurement results
  • 9.2 – Internal audit program
  • 9.2 – Results of internal audits
  • 9.3 – Results of the management review
  • 10.1 – Results of corrective actions

Other Mandatory Documents:

  • 4.3 – Scope of the QMS
  • 5.2 – Quality policy
  • 6.2 – Quality objectives
  • 8.4.1 – Criteria for evaluation and selection of suppliers

So what does this mean?

You should still tailor your quality management system to meet the requirements of your own business and all of the interested stakeholders. This can be done in any way that your organization sees fit; although a quality manual is still one of the easiest methods. As long as these processes and associated records can be shown to meet the requirements of ISO 9001:2015 effectively then that is fine. If not then the relevant action should be taken to ensure that all of the required clauses are covered.