9001 Guidance Document For NG FG AG

9001:2015 Guidance document for
approved companies
June 2016
National Security Inspectorate

Sentinel House,
5 Reform Road
Maidenhead
SL6 8BY
Website: nsi.org.uk
Page 1 of 29
NSI 2016
9001:2015 Guidance document for approved companies
Contents
Introduction................................................................................................................................................................ 3
Basic principles of 9001:2015 .............................................................................................................................. 3
Risk based thinking ................................................................................................................................................. 4
Understanding context .......................................................................................................................................... 4
Increase in leaders involvement ........................................................................................................................ 5
Understanding needs & expectations of interested parties .................................................................... 6
Process approach ..................................................................................................................................................... 7
Documentation requirements ............................................................................................................................. 8
What do I do now? ............................................................................................................................................... 10
Step by step ............................................................................................................................................................ 11
New clauses ............................................................................................................................................................. 12
Appendix A: ISO 9001:2015 transition checklist ........................................................................................ 14
Instructions for use ........................................................................................................................................................................... 14
Part 1: ISO 9001:2015 requirements .......................................................................................................................................... 15
Appendix B: 9001: 2015 list of records required ....................................................................................... 24

Appendix C: 9001: 2015 documented information required ................................................................ 26
June 2016 Page 2 of 29

NSI 2016
Introduction
As an approved company you are already used to working to written procedures and
processes. The revised 9001 doesnt change this but places emphasis on risk management and
there is less prescriptive requirements for documented procedures.
You may decide that you will keep your current quality management system and simply amend
it where necessary. Some of you may take this as an opportunity for a complete revamp. Either
course of action is entirely reasonable and this guidance document is simply going to walk
you through what the essential elements are that you need to address in order to take you
through to becoming 9001:2015 compliant.
First you need to understand what has changed and what this means to you.
Basic principles of 9001:2015
Interested
Leadership
Parties
Process
Context
Approach
Plan
Risk Based Do Documentation
Thinking Check Requirements
Act
Plan Do Check Act is carried over as the main principle of 9001:2008 with amended
elements feeding into this. Some are new and some are enhanced ways of dealing with a
process approach.
There is less demand for prescriptive procedures but more expectations that companies will
determine their own documentation requirements.

NSI 2016
Risk based thinking

Implement risk management as part of your Quality Management System.
What does this mean?
There are risks in all processes in each business. Its understanding the impact of these
risks that needs to be considered.
Consider the opportunities that risks present too.
Identify Risks
Consider Them
Control Them
Many organizations will manage risk as part and parcel of their general management. Some
may decide to apply a specific risk model that is applied to each risk they identify. Documented
information needs to be in place to support that organizations have understood and managed
this in line with their business and their processes.
Examples of documented information regarding risk may include: A business plan, risk register,
reports on performance.
Understanding context
Approved companies will need to understand and identify all the influences that affect their
business. They must then ensure that their strategy and direction takes this into consideration,
this could be captured in a business plan.

NSI 2016
Understanding
Internal and
Process of Impact of Context and
External
Monitoring Changes the
Issues
organization
Internal issues: corporate culture, governance, structure, technologies, information

systems, decision-making process.
External issues: cultural, social, political, legal, regulatory, financial, technological,
economic, competitive environment international, national or regional influences.
Process of monitoring: How do you monitor your business? What checks and supervision
are in place?
Impact of changes: How do you manage changes in the business and ensure they do
not have a negative impact.
All organizations will already consider the context. The standard is calling for recognizing this
in a wider sense, so that the processes you develop, change and work to have considered all
the above.
How will you evidence this? Through clear processes and documented information that will
demonstrate you have considered the business in this context. There is no requirement for a
specific document. It may be captured in a business plan or strategy document.
Increase in leaders involvement

The standard continues to expect management commitment but removes one specific person
having this responsibility. It places greater ownership on the leaders spreading the
responsibility throughout the organization whilst maintaining full overall responsibility.
All
No longer specifies
areas/departments Greater Leadership
a management
will have Commitment
representative
responsibility

NSI 2016
Things to consider:
Strategic Direction: Does the business know where its headed = you may produce a
business plan to define this;
Then create a quality policy and objectives that outline your intentions;
Customer Satisfaction being key to a companys success;
Review and define what your strengths and weaknesses are;
Consider the impact on delivery of products and services;
Based on this assign QMS responsibilities and authority;
Promote risk based thinking;
Final accountability.
Key Concept
Customer Focus and Improvement
How will you evidence this? Through documented information (you may already have this) and
processes that will produce evidence.
Understanding needs & expectations of interested parties

Each business will have its own interested parties and approved companies need to be clear
on those that are relevant.
Groups or Customers/public
No longer specifies a
individuals who Shareholders/Board
management
can make an Members
representative
impact Contractors/Suppliers

NSI 2016
Needs and
What impact can
Monitor their Expectations from
they have on the
involvement both parties to be
business
understood
Review Meetings
How do you do
Review Reports
this? How often?
Feedback
Organizations will have a number of influences and each will have a varying impact on them.
For example a supplier can significantly affect the ability to deliver on time to a customer. In
this case, a clear supplier agreement process needs to be established at the beginning to
ensure that the risks are understood and well managed.
Note: Refer to Annex A: A step by step guide on how to interpret each clause for more detail.
Process approach
This standard now expects organizations to use a process approach. Each business will have
different processes so they must reflect the business itself and not be generic. What does
process approach mean?
Process = A series of actions you take in order to achieve a result
As an approved company you are already doing this.

NSI 2016
Example Processes:
Finance Determine the
Sales processes the
business needs
Recruitment/Training
Human Resources
Management/Leadership
Planning Operations For example:
Suppliers/Subcontractors Performance Indicators
Targets/Budgets
needed to manage and
Commissioning Quotes/Proposals/
control each process
Wins/Losses
For Example: For example:

Director Lose business
Decide who is
Manager Expand business
responsible
Engineer Need more resource
Admin team Lose suppliers
Give clear direction and

responsibility
Plan to manage risks and
Define the process and opportunities
way it is to be done
Train staff to ensure full

understanding
Monitor and Measure
Documentation requirements
The standard now expects an organization to determine what their own documentation
requirements are. This is based on being able to effectively plan, operate and control the
business and its processes.
It must include an overall aim to continually improve the business and its quality management
system. Documentation should be used for:

NSI 2016
Communication Evidence conformity
Staff must understand: Producing documents to

1) Their role confirm:
2) Direction of the business Product and service delivery
Large Company =
Proposals
More formal
Examples: Tenders
Newsletters / Memos / Quotes
Organization Chart / All Contracts
SMEs =
Job Descriptions / Companies
formal / informal Contract review
Business plan /
approach
Work Instructions / Specifications
Process maps Commissioning
Test results
Calibration records
Dependent on the size of the business, the structure and ethos documentation will vary. Its
essential that each organization determines their own needs as well as interested parties
(referred to earlier) documentation needs.

NSI 2016
Example: Some staff will expect or be given a formal written job description which may be
supported by key performance indicators or targets that are measured formally periodically.
Other leaders may issue verbal instructions or a letter of appointment with informal reviews
and an annual appraisal.
Clients/customers may work from a letter of appointment/email or contract with Purchase
orders or require a detailed contract for each site/installation.
Documents can also be used as a way of demonstrating how things should be done, manage
expectations and lead by example.
Documented information is any type of medium:
Paper/Magnetic/Electronic/Photograph
Note: A list of expected records is in Appendix B
What do I do now?
Review your documented procedures and amend them to clearly reflect what documentation
your business creates with the products and services that it sells. This will include processes,
documents, evidence and records.
Documented Procedures Documented information

(not mandatory but useful) - Required -
1. Control of Documents 1. Scope of the QMS

2. Control of Records 2. Quality Policy
3. Internal audit 3. Quality Objectives
4. Control of Non Conforming 4. Information needed to support
Product the operation
(e.g. sales info, operational forms
5. Corrective Action
and documents, customer
6. Preventive Action
documents)
5. Evidence of conformity (what was
planned we achieved; e.g.
commissioning paper work, data,
maintenance records)

NSI 2016
Note: The revised standard does not call for specific documented procedures BUT does insist
on evidence that those things are still in place such as internal audits and management review.
Step by step
Step 1:
Define strategy
Define context
Define interested parties
Define risk & opportunities
Step 2: Review current QMS

Does it reflect the needs of Step 1?
Step 3: Amend processes (process flow

charts) to reflect Step 1
Step 4: Review procedures, update and

either:
Keep and update; or
Amalgamate principles into
processes
Step 5: Define all documented

information needed
Step 6:
Update QMS
Complete the checklist supplied
Communicate changes to the
staff

NSI 2016
New clauses
The new standard has additional clauses and these are detailed below with a description of
what these are.
Additionally, a step by step guide on how to interpret each clause is given in the separate
Annex A to this document.
Clause Title Meaning

4.1 Understanding the organization and This is about knowing what affects the organization both
its context internally and externally (see above)
4.2 Understanding the needs and Ensure you identify, capture what other parties need from
expectations of interested parties you in order to deliver a service or a product e.g. a
supplier/customer.
4.3 Determining the scope of the QMS Scope must set out what the company does and deliver. It
should include products and services. It must now be done
with consideration to the context.
For example: Operating in the fire industry, supply and
maintenance of fire extinguishers.
4.4 QMS and its processes Organizations need to establish a process based QMS. For
example: process maps/overview of how things are done
with inputs and outputs.
You will already have these as part of your QMS.
5.1 Leadership and commitment Accountability expected for the QMS and ensuring it is
integral to the business.
More emphasis on not allocating this to one person.
5.3 Organizational roles, responsibilities Top Management need to ensure that all roles are well
and authorities understood and communicated.
6 Planning Title only
6.1 Actions to address risks and Title only

opportunities
6.1.1 Actions to address risks and This relates to the principle of context and thinking about
opportunities the internal and external issues a business has to deal with.
6.1.2 Planning for the QMS There is a necessity that companies will have a planned
approach which incorporates risk principles.
6.2 Quality objectives and planning to Title only

achieve them
7.1.2 People There is a continued expectation that organizations will

provide the right people with the right knowledge.
7.1.6 Organizational knowledge Knowledge and learning needs to be captured.
7.3 Awareness Staff need to be aware as well as competent.
8.3.1 General A design and development process needs to be developed

for all products and services. You cannot opt out.
8.5.5 Post Delivery Activities A clear understanding of all post delivery requirements.

NSI 2016
Clause Title Meaning

8.5.6 Control of Changes Make changes in a controlled way.
9.1.1 General (Under monitoring and Decide what you are measuring and how it is done.
measurement, analysis and Organizations must evaluate the results and analyze these
evaluation) for the QMS.
10.1 General (Improvement) Seek out improvement opportunities and find ways of
making things better e.g. processes/documents/training.
10.2.2 Non Conformity and corrective Retention of documents recording Non Conformities
action accurately.

NSI 2016
Appendix A: ISO 9001:2015 transition checklist
Instructions for use

This document is intended to provide a framework to assist you make the transition to
BS EN ISO 9001:2015 (ISO 9001:2015). It will help you to evaluate your readiness to undergo
your transition audit. The questions relate to where the standard has been changed either with
a new clause or an amended clause.
The document is to ensure you have asked and answered all the relevant questions for the
transition to take place.
Please complete each table, recording brief details of the evidence you would show to your
auditor to demonstrate how you have addressed the clauses.

NSI 2016
Part 1: ISO 9001:2015 requirements

Please ensure you can evidence each requirement of ISO 9001:2015 has been addressed within
your Quality Management System (QMS).
Clause Y/N Evidence / Documents

4.1 Context of the Organisation
Need to establish context and identify interested
parties. These groups can include shareholders,
customers, regulatory groups etc.
Have you identified the internal and external issues?
Have you identified and implemented ways of

monitoring these issues?
Have you considered the impact of any changes to

these issues?
Comments:
4.2 Understanding the needs and expectations of

interested parties
Have you identified interested parties who could

affect the QMS?
Have you understood their needs and expectations?
How will you monitor and review this?
Comments:
4.3 Determining the scope of the quality

management system
Youll need to identify any boundaries and include
whats relevant to the business. This could include
the whole organisation or specific functions.
Have you been clear on whats relevant in the

scope?
Have you included the products and/or services

included in your management system?
Have you amended the scope and highlighted the

change?
Comments:

NSI 2016

4.4 Quality Management System
There is a requirement is for you to establish,
implement, maintain and continually improve your
QMS. Although every organisation is different,
documented information such as process diagrams
and/or written procedures could support this.
Have you identified all your processes?
Have you defined a sequence of how these

processes interact?
Do you have the resources to support the

processes?
Have you allocated responsibilities to each process?
Have you identified all risks and opportunities

associated with each risk?
Comments:
5. Leadership
Top management are now required to have a
greater involvement in the QMS and ultimate
responsibility.
Are the policy and objectives compatible with the

strategic direction of the organisation?
Does top management have customer satisfaction

as part of their strategy?
Are the strengths and weaknesses of the

organisation understood?
Have QMS responsibilities been allocated to all the

team?
Comments:
5.1 Leadership and Commitment

Is the QMS compatible with the strategic direction?
Risk Based thinking understood and implemented?
Customer Focus methods in place?
Improvement Processes in place?

NSI 2016

Comments:
5.2 Policy
Top management need to establish, implement and
maintain a quality policy.
Do you have a clear quality policy that considers

interested parties?
When was your policy reviewed/amended?
Is it effectively communicated to the organization

and interested parties?
Comments:
5.3 Organisational roles, responsibilities and

authorities
Are all roles defined and allocated in the

organization?
Are all roles effectively communicated and

understood?
Are responsibilities and authorities for QMS

understood?
Comments:
6. Planning
Planning has an increased focus on ensuring it is
considered with the context of the organisation
and interested parties.
Have you identified risk and opportunities across

the organization for the product and service you
offer?
Have you considered how to manage these risks

and opportunities?
Have you identified the impact of interested parties?
Has planning being considered in a systematic way?

NSI 2016

Comments:
6.1 Actions to address risks and opportunities
Does the organization understand risk based

thinking and has this been introduced?
Have the organizations risks been identified and

managed?
Is there a contingency plan in place?
Comments:
6.2 Quality Objectives and planning to achieve

them
Are the quality objectives in line with the Quality

Policy?
Are the objectives relevant to the products and

services?
Do the objectives include customer focus and

satisfaction?
Are the objectives defined, monitored,

communicated and updated?
Comments:
6.3 Planning of changes
How do you manage and implement change?
Have you considered consequences, resourced and

responsibilities when making the change?
Comments:
7.1 Resources
How are internal and external resource requirements

considered?
How has knowledge been determined for the

product and services being offered?

NSI 2016

Comments:
7.2 Competence
Have you determined competencies for your

organizations team?
Do they have the necessary education, training or

experience?
Has the competency of contractors been

determined and understood?
Have you determined how the QMS will be

implemented and managed effectively?
Do you have the necessary documented information

to support this?
Comments:
7.3 Awareness
How you have raised awareness of the policy and

QMS requirements?
Comments:
7.4 Communication
Have you considered all communication methods to

include internal and external parties?
Comments:
7.5 Documented information
How do you control the distribution of necessary

documentation?
Comments:
8.1 Operational planning and control
How is operational planning achieved?

NSI 2016

How are operations controlled?
Where this is outsourced e.g. subcontractors how is

this managed and controlled?
Comments:
8.2 Requirements for products and services
Have you determined contingency plans for

products and services offered?
Are measures in place to manage and preserve

customer property?
How do you communicate with new/potential

customers? Has this been determined?
Comments:
8.3 Design and development of products and

services
Have you determined a design and development

process for your products and services?
Are the standards and codes of practice identified,

understood and implemented?
Have the appropriate resources been allocated?
Have the potential consequences been understood

if the products and services are not delivered as
required?
How is design and development monitored and

measured?
Comments:
8.4 Control of externally provided processes,

products and service
Have you determined competencies for external

providers? e.g. Subcontractors
Have you established methods of managing and

monitoring the performance of subcontractors?

NSI 2016

Comments:
8.5 Production and service provision
Has a process been determined for property

belonging to external providers? To include:
Verifying it
Protection and safeguards
In the event of damage /
unsuitability / loss
Comments:
8.6 Release of products and services
How do you verify that the products and services

have met the customer requirements?
Have you determined the appropriate

documentation to evidence this?
Comments:
8.7 Control of nonconforming output
Do you determine nonconformities that include

outputs and services?
Do you ensure that the results of these are

documented?
Comments:
9 Performance Evaluation &

9.1 Monitoring, measurement, analysis and
evaluation
Have you determined what and how you will

monitor and measure performance?
Have you implemented analysis and evaluation

methods?
Have you determined what evidence you will retain

relating to performance?

NSI 2016

Comments:
9.2 Internal Audit
Has the audit criteria been defined?
Are results reported to relevant management?
Comments:
9.3 Management review
Does your management review take into

consideration the external and internal issues?
Comments:
10 Improvement and
10.1 General
How does the organization actively look for

opportunities to improve processes/products and
services?
How does the organization consider future needs

and expectations?
How does the organization meet existing customer

requirements?
How does the organization correct or reduce

undesired effects of the QMS?
Comments:
10.2 Nonconformity and corrective action
Does the organization make changes to the QMS

when a nonconformity identifies a change is
needed?
Comments:

NSI 2016

10.3 Continual improvement
Does the organization understand that they need to

ensure the QMS remains suitable and adequate?
Comments:

NSI 2016
Appendix B: 9001: 2015 list of records required

Below is a table relating to all the records you may keep as part of the management system
that relate to documented information. These are examples and you are not limited to this.
Each organization must determine the records that they require to support their processes.
General Business Business Plan
Accounts
Contracts
Complaints
Insurances/claims
Finance Invoices
Credit Notes
Statements
Payroll records
Purchase ledger/Sales Ledger etc.
Sales Schematics/Drawings
Contract Review
Data Sheet
Quotes/Proposals/Tenders
Quote register/Conversion rates
Operations Site Survey
Risk Assessment/Work Instructions/Method

Statements/Assignment Instructions
Incident Reports
Accident Reports
Approved Supplier/Subcontractor list
Subcontractor Approval Documents
Commissioning paperwork
Welfare visits
Test Results/Meter readings/PAT testing/Calibration information
Human Resources Letters of Appointments
Contracts of Employment/Policies signed/Employee Handbook
Screening file/personnel file
Job Description
Training Records/Certificates

NSI 2016
Appraisals
QMS Internal audit Schedule
Internal audit reports
External audit reports
Management Review Minutes
Nonconformance reports
Nonconformance register
Legal and British Standards List

NSI 2016
Appendix C: 9001: 2015 documented information required

Below is a table relating to all the clauses that specify documented information. These are
examples and you are not limited to this. Each organization must determine the documented
information that they require to support their processes in addition to the minimum
requirements listed below.
Clause no Clause title Explanation Example of document

4.3 Determining the Scope must set out Quality policy
scope of the what the company Statement of intent
QMS does and deliver. It
Quality Management System
should include
products and services. Website
It must now be done
with consideration to
the context.
4.4.2 QMS and its The processes that Process Maps covering core and support
processes explain how the processes e.g. sales/install/finance/HR
company operates.
5.2.1 Quality Policy Detail the Quality Policy

organizations key
objectives and
intentions.
6.2.1 Quality Define what you want Business Plan

Objectives the business to Critical Success Factors
achieve.
Objectives
Quality Policy
6.3 Planning of Keep information on Process Maps/procedures

changes what you change Amended Job Roles
affecting the QMS
Amended work instructions
New quote template
Revised tender template
7.1.5.1 Monitoring and Evidence to be kept Calibration records

measuring to demonstrate that Meter reading results
resources these resources are fit
for purpose.
7.1.5.2 Measurement Calibration evidence Define controls in a procedure

Traceability or other means used
to check a product is
working as expected.
7.2 Competence Keep evidence of staff Training Records

training and One to One meeting notes
assessment of
Reports
competence. Also
should be able to Results of performance
demonstrate that staff Appraisals

NSI 2016

are acting under Emails
supervision. Memos
7.5.1 Documented Necessary documents This shall be determined by the organization. It

Information: for the maintenance will include processes, procedures, forms, records
General of the QMS etc.
7.5.3.1 Control of Available and suitable Any documents that the organization determines
documented for use are necessary have to be available and also
information protected from being divulged to third parties.
7.5.3.2 No Title Integrity of This is similar to the requirement in 9001:2008

documented that an organization needs to determine how it
information will control documents. Ideally review and amend
your current control of document procedure to
documented information.
8.1 (e) 2 Operational Keep information on Site Surveys

planning and processes to ensure Schematics
control they are being carried
Contract Review
out including risks
and opportunities Contracts
Commissioning paperwork
Maintenance Dockets
8.2.3.2 Review of Retain evidence of Contract Review

requirements reviews Variation control on
related to quotes/proposals/schematics/drawings/data
products and sheets/product listing
services
8.2.4 Changes to When something is Revised versions of the above being issued to
requirements for amended as part of staff and customers of those it affects.
products and delivering the service
services and or product the
change must be
documented.
8.3.2 j Design and Need to ensure that Drawings/proposals/schematics/ordering of

development you have understood, products/parts/customer contact (emails)
planning planned and designed contract review
in a controlled
manner/stages and
that the criteria has
been met.
8.3.3 Design and Information on design Proposals/tenders

Development and development
Inputs inputs needs to be
documented.
8.3.4 Design and Verification and Contract Review (this may be detailed on
Development validation activities. documentation and/or software/databases etc)
Controls Define product and
service/ and variances

NSI 2016

8.3.5 Design and Information on design Proposals/tenders/contract review
Development and development
Outputs outputs needs to be
documented.
8.3.6 Design and Design and Contract Review/Internal process/documents

Development development used to manage changes to jobs.
Changes changes, results of
reviews, authorization
of changes and
actions taken to
prevent adverse
impacts.
8.4.1 Control of The organization shall Subcontractor Approval process/forms

externally retain appropriate Order forms
provided documented
Delivery forms
processes, information of the
products and results of the Stock Control
services evaluations, Management of Subcontractors
monitoring of the Commissioning paperwork
performance re-
evaluation of external
providers. This can
include products used
to fulfil a contract,
products/services
delivered direct to the
client or use of
subcontractors.
8.5.2 Identification and When an organization Commissioning paperwork

Traceability has determined that Test results
there is a specific
Meter readings
output that enables
them to verify what
has been carried out
e.g. installed and
maintained, they must
identify this and
ensure its traceable.
8.5.3 Property This is about Clear process for managing equipment on site,
belonging to safeguarding handover forms, bespoke customer forms to
customer or customer property ensure accountability of property.
external and also deciding
providers what action to take if
something gets lost,
damaged or
otherwise found to be
unsuitable for use.
8.5.6 Control of Results of reviews of This should be part of the forms and documents
Changes changes to product or that you use.
service provisions, the Contract Review

NSI 2016

person authorizing Amended Specification or quote.
the change & any
necessary actions
arising from the
review
8.6 Release of The release of Commissioning paperwork

products and products and services Customer Acceptance
services including evidence of
conformity with the
acceptance criteria
and traceability to the
person(s) authorizing
the release.
8.7.2 Control of Details of non- Nonconformance Register

nonconforming conformities in Customer Acceptance forms
outputs products and services,
actions taken,
concessions &
authority deciding on
the action.
9.1.1 Monitoring, Results of any Preventative & Maintenance figures

measurement, monitoring, Corrective Action Response times
analysis and measurements,
False Alarm Management Information
evaluation analysis and
evaluation from the Sales to Contract Data
business processes.
9.2.2 Internal audit Evidence of Internal audit reports

implementation of the Internal audit schedule
audit program &
Evidence of corrective action
audit results
9.3.3 Management Evidence of the Management Review Minutes

review outputs results of
management review
10.2.2 Nonconformity Evidence of the Nonconformance register and reports

and corrective nature on non-
action conformities,
subsequent actions
taken & the results of
action taken

NSI 2016

9001 Guidance Document For NG FG AG

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

9001 Guidance Document For NG FG AG

Uploaded by

Copyright:

Available Formats

9001:2015 Guidance document for

National Security Inspectorate

Part 1: ISO 9001:2015 requirements .......................................................................................................................................... 15

Appendix B: 9001: 2015 list of records required ....................................................................................... 24

June 2016 Page 2 of 29

Basic principles of 9001:2015

June 2016 Page 3 of 29

Risk based thinking

June 2016 Page 4 of 29

Internal issues: corporate culture, governance, structure, technologies, information

Increase in leaders involvement

June 2016 Page 5 of 29

Understanding needs & expectations of interested parties

June 2016 Page 6 of 29

June 2016 Page 7 of 29

For Example: For example:

Give clear direction and

Train staff to ensure full

Monitor and Measure

June 2016 Page 8 of 29

Communication Evidence conformity

Staff must understand: Producing documents to

2) Direction of the business Product and service delivery

June 2016 Page 9 of 29

Documented Procedures Documented information

1. Control of Documents 1. Scope of the QMS

June 2016 Page 10 of 29

Step 2: Review current QMS

Step 3: Amend processes (process flow

Step 4: Review procedures, update and

Step 5: Define all documented

June 2016 Page 11 of 29

Clause Title Meaning

6 Planning Title only

6.1 Actions to address risks and Title only

6.2 Quality objectives and planning to Title only

7.1.2 People There is a continued expectation that organizations will

7.1.6 Organizational knowledge Knowledge and learning needs to be captured.

7.3 Awareness Staff need to be aware as well as competent.

8.3.1 General A design and development process needs to be developed

June 2016 Page 12 of 29

Clause Title Meaning

June 2016 Page 13 of 29

Appendix A: ISO 9001:2015 transition checklist

Instructions for use

June 2016 Page 14 of 29

Part 1: ISO 9001:2015 requirements

Clause Y/N Evidence / Documents

Have you identified the internal and external issues?

Have you identified and implemented ways of

Have you considered the impact of any changes to

4.2 Understanding the needs and expectations of

Have you identified interested parties who could

Have you understood their needs and expectations?

How will you monitor and review this?

4.3 Determining the scope of the quality

Have you been clear on whats relevant in the

Have you included the products and/or services

Have you amended the scope and highlighted the

June 2016 Page 15 of 29

Clause Y/N Evidence / Documents

Have you identified all your processes?

Have you defined a sequence of how these