ISO 9001:2015 Quality Management System

M.G Ekanayake
BSc (Science), MBA (Mgt.), Mphil (Reading), Lead Auditor - QMS
Consulting: QMS, EMS, FSMS, 5S & Problem Solving
Objective

 Provide background knowledge on ISO 9001

 Overview of ISO 9001 QMS and certification process
 QMS Requirements
 Useful Tips for handling audit session
 How to write NCR
 How to write Audit Report
 How to write Correction & Corrective Action
 Evaluation Assignment
Background

 Established as a Non Government Organization in 1947 –

Geneva, Switzerland
 Has Membership of 160 National Standards Institute in All
region of the World
Furthermore,
 Developed more than 18000 standards for sustainable
developments in Economic, Environment & Societal
 Examples,
1. ISO 9001 Quality Management System – QMS
2. ISO 14001 Environmental Management System – EMS
3. ISO 27001 Information Security Management System -
ISMS

Srilanka Standards Institution(SLSI) is SL representative of ISO

 Other Standards of ISO 9000 Family
 ISO 9000 -Explanations of the seven quality management principles with
tips on how to ensure these are reflected in the way you work and the
terms and definitions used in ISO 9001.

 ISO 9004 - Provides guidance on how to achieve sustained success with

your quality management system.

 ISO 19011 - Gives guidance for performing both internal and external
audits to ISO 9001. This will help ensure your quality management system
delivers on promise and will prepare you for an external audit, should you
decide to seek third-party certification.
ISO 9001 Historical Roadmap
Seven Quality Management Principles
 Seven Quality Management Principles
QMP 1 – Customer focus - The primary focus of quality management is to meet customer requirements and to
strive to exceed customer expectations
QMP 2 – Leadership - Leaders at all levels establish unity of purpose and direction and create conditions
in which people are engaged in achieving the organization’s quality objectives.
QMP 3 – Engagement of people - Competent, empowered and engaged people at all levels throughout
the organization are essential to enhance its capability to create and deliver value
QMP 4 – Process approach - Consistent and predictable results are achieved more effectively and efficiently when
activities are understood and managed as interrelated processes that function as a coherent system
QMP 5 – Improvement - Successful organizations have an ongoing focus on improvement
QMP 6 – Evidence-based decision making - Decisions based on the analysis and evaluation of data and information
are more likely to produce desired results
QMP 7 – Relationship management - For sustained success, an organization manages its relationships with interested
parties, such as suppliers
ISO 9001:2008 & 2015 Clauses Mapping
Approach for Risk Base Thinking
 To improve Customer Confidence and satisfaction
 To assure consistency product and service
 To establish proactive culture for improvements

Other Significance Changes in 2015

 No requirement for a Management Representative
 No formal requirement for Preventive Action
 Outsourcing is now External Provision
 Enhanced Leadership Requirements
 Organisational Context – responsiveness to changing Business Environment
 No exclusions, only Not Applicable clauses!
PDCA Model for QMS
PDCA Model for QMS
10 Clauses
1. Scope
2. Normative References
3. Terms and Definitions
4. Context of the Organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement

CLPSOPI
Certification Process
ISO 9001:2015 Auditing Requirements
4. Context of the Organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement
Section 4 - Context of the
organization
Section 4 – Context of the Organisation
4.1 Understanding the • Started from 2015
organisation and its context version and provides a
key insight into the
4.2 Understanding the needs
organisation
and expectations of
interested parties
4.3 Determining the scope of What constitutes the
the quality management organization’s quality
system management system.
4.4 Quality management
system and its processes
Section 4 – Context of the organization
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes

Important
• Determine external and internal issues relevant to the QMS
• Must monitor these issues.
Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes

Important
• Determine interested parties relevant to the QMS
• Determine their needs and expectations
• Must monitor information about interested parties’ requirements.
 Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes

Important
• Establish scope by determining boundaries and applicability of the
QMS to consider external/internal issues, requirements of interested
parties and the organisation’s products and services
• Scope must be documented and available, justify any clauses of ISO
9001 that is not applicable
• Any N/A clauses must not effect conformity of products/services and
customer satisfaction.
 Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes

Important
• Must establish, implement, maintain and continually improve the QMS
• Interaction of processes required
• Assign responsibilities and authorities for processes
• Retain documented information to ensure in the processes

Documented procedures are not necessarily required….

except where they are needed!
Section 5 - Leadership
Section 5 – Leadership
5.1 Leadership and • top management to now
commitment have a greater involvement
in the QMS
5.2 Policy
5.3 Organisational roles, What is required by top
responsibilities and management.
authorities
Section 5 - Leadership
5.1 Leadership and commitment
5.1.1 General
5.5.1 Customer focus
5.2 Policy
5.3 Organisational roles, responsibilities and authorises

Important
• Must take accountability for the QMS’ effectiveness
• Ensure Quality Policy and quality objectives are established
• Ensure QMS is integrated into business processes
• Ensure resources are available;
Section 5 - Leadership
5.1 Leadership and commitment
5.1.1 General
5.5.1 Customer focus
5.2 Policy
5.3 Organisational roles, responsibilities and authorises
• Communicate importance of effective QMS and
conformance
• Ensure QMS achieves intended results
• Promote improvement
• Support other management to demonstrate leadership.
Section 5 - Leadership
5.1.1 General
5.5.1 Customer focus
5.2 Policy
5.3 Organisational roles, responsibilities and authorises
• Top management must ensure:
• Customer and regulatory requirements are met
• Risks and opportunities are determined and addressed
• Focused on enhancing customer satisfaction.
 Section 5 – Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organisational roles, responsibilities and authorities

• Now split into two sub-clauses to save the confusion in the previous version
of what must be in the policy and what must be done with the policy
• Must be documented
• Must be available internally and to interested parties.
• Ensures responsibilities and authorities for relevant roles are assigned,
communicated and understood
• No formal requirement for specific management representative
• Specific mention of changes to QMS.
Section 6 – Planning
Section 6 – Planning
6.1 Actions to address risks • Introduces risk based approach to
and opportunities planning
6.2 Quality objectives and • Addresses risks, opportunities and
planning to achieve quality objectives
them
6.3 Planning of changes How quality planning is achieved.
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes

• When planning, must consider external/internal issues and

interested parties
• Determine risks to ensure QMS achieves results, enhance
desirable effect and achieve improvement
• Must evaluate effectiveness of actions
• Must be risk based.
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
• Quality objectives need to be established at relevant functions, levels and
processes
• These objectives should be:
─ Consistent with the Quality Policy, measurable and take into account
applicable requirements
─ Relevant to conformity of products and services, and the enhancement of
customer satisfaction
─ Monitored, communicated and updated as appropriate
• Must determine what, how, who, when, etc
• Quality objectives must be documented.
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes

• Where change is needed, it needs to be carried out in a

planned and systemic manner
• Must ensure integrity of QMS.
Section 7 - Support
Section 7 - Support
7.1 Resources • 2015 version
7.2 Competence • Much of what was in 2008
Version Clauses 4,5 & 6
7.3 Awareness

7.4 Communication The support required to meet

the organisation’s goals.
7.5 Documented information
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge

• Must provide resources for the implementation and maintenance of the

QMS
• Must consider constraints of existing resources and what may be
provided from external providers.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge

• Must determine and provide people necessary for effective

information of QMS and operations/control of processes.
 Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge

• Essentially a company needs to consider all the things they will need in order to
deliver a service/product to the customer/client. This needs to include:
• Buildings / water / gas / electric, etc.;
• Equipment - for example computers / operating systems (e.g. alarm master);
• Vehicles – for engineers / management / sales and survey staff;
• Information – standards that have to be applied, mobile phones / tablets, etc.
 Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge

• The standard now specifically makes reference to the environment that you work
in.
• Condition of work place
• Violence at work / counselling support
• Office based risk assessment, space, noise levels
 Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
The organization needs to decide what tools it uses to measure business performance. It also needs to consider whether these
tools will give them everything they need as a result.
• Suitable measuring tools?
• Equipment that is used to test and commission systems such as multimeters, insulation testers, sound pressure level meters, etc.
• Maintained – calibration of all the test equipment that you use.
• Clause 7.1.5.2 - Measurement traceability
• You need to establish whether this is relevant to you and meeting all applicable requirements for the product and services. How
do you determine this?
• Is it required to be calibrated?
• Allocated unique reference numbers and listed on a register of some sort.
• Note: Organizations expected to check results from calibration to ensure comfortable or not.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge

• New clause required to determine, maintain and make available the

knowledge necessary for the operation of its processes and to
achieve conformity of products and services
• Particular care required for changing need and trends.
7.1.6 Organizational Knowledge
Note:
• Organizational knowledge can include information such as
intellectual property and lessons learned
• May consider:
─ Internal sources (eg learning from failures and successful
projects, capturing undocumented knowledge and expert
experience)
─ External sources (eg standards, training, conferences,
knowledge from customers or providers).
 Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
• Determining competence is a necessity in any organization. Working out the
skills your team has and skills they don’t yet have. Skills they will need to
achieve the company’s objectives.
• Skills matrix
• Training records
• Personnel files
Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information

• Specific clause for awareness

• Must be aware of Quality Policy, quality objectives, contribution
to effective QMS and implication of not conforming with QMS.
Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information

• Much expanded clause for communication

• Must now determine what will be communicated internally and
externally about the QMS, when, to whom, how and by whom.
Section 7 - Support
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information

• QMS needs documented information required by the Standard

and as determined by the organisation
Note: The extent of documented information can differ from one
organisation to another due to its size, activities, processes,
products and services, complexity of processes and their
interactions, and the competence of people.
Section 7 - Support
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information

• Documented information requires:

▫ Identification and description
▫ Format and media
▫ Review and approval.
Section 7 - Support
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information

• Document & Records controlling

• Use –where, when, adequate protection,
• distribution, access, retrieval and use;
• Storage and preservation, including preservation of legibility;
• Control of changes (e.g. version control);
• Retention and disposition.
Section 8 - Operation
 Section 8 - Operation
8.1 Operational planning and control • Covers many of the
8.2 Requirements for products and Product Realization
services requirements
contained in Clause 7
8.3 Design and development of of the 2008 version
products and services
8.4 Control of externally provided
processes, products and services The heart of the
8.5 Production and service provision
management system
(the business).
8.6 Release of products and services
8.7 Control of nonconforming outputs
Section 8 - Operation
8.1 Operational planning and control

• Businesses are expected that, once they have done their planning for what
they are going to sell, they then plan the detail of how this can be done
operationally.
• Set up supplier accounts / trade accounts.
• Purchase stock.
• Ensure staff have correct skills and understand the process.
• Purchase tools and vehicles.
• Make sure you have enough staff.
• Issue clear instructions, drawings, procedures risk assessments to enable
them to do the job.
• The organization needs to show clear control of the process. They will be
expected to check that delivery is as expected and when there are deviations
that this is managed and negative impacts controlled.
• The same control should be applied to subcontractors
 Section 8 - Operation
8.2 Requirements for products and services
8.2.1 Customer communication
8.2.2 Determining the requirements for products and services
8.2.3 Review of requirements for products and services
8.2.4 Changes to requirements for products and services
• This is essentially about what how you relate to the customer, to include:
• What you are selling;
• How they can expect to be dealt with (e.g. formal quote / email / letter / terms
you will work under/within);
• Getting feedback from the customer;
• Looking after their property (e.g. premises whilst you are in there);
• What plans you put in place for if something goes wrong.
Section 8 - Operation
8.2 Determination of requirements for products and services
8.2.1 Customer communication
8.2.2 Determining the requirements for products and services
8.2.3 Review of requirements for products and services
8.2.4 Changes to requirements for products and services

• Organizations need to be clear about what is required in order to sell their products
and services:
• For legal and industry norm;
• Elements the organization determines as necessary for their own needs.

• The organization must be able to deliver what it is selling.

 Section 8 - Operation
8.2 Determination of requirements for products and services
8.2.1 Customer communication
8.2.2 Determining the requirements for products and services
8.2.3 Review of requirements for products and services
8.2.4 Changes to requirements for products and services
• Organizations are expected to review whether they can provide what they intend to sell. This review must include taking
into account:
• a) what the customer orders, the install and any after work, e.g. maintenance / follow up / servicing;
• b) elements that need to be completed to ensure the job is fitted correctly – meter reading tests / commissioning forms /
standard operational check;
• c) anything else the company need to implement;
• d) legal and industry standards;
• Reviews must be documented. How?
• If they want to use new products and services, this should be captured. Customers should be made aware of the impact of
changing products and services, etc.
Section 8 - Operation
8.3 Design and development of products and services

• Where the detailed requirements of the organization’s products

and services are not already established or not defined by the
customer or by other interested parties, such that they are
adequate for subsequent production or service provision, the
organisation shall establish, implement and maintain a design
and development process;
Section 8 - Operation
8.3 Design and development of products and services…cont

• Changes are mainly terminology and simplified wording

• There is, however, a significantly increased focus on the role the
customer has in all stages of the design process
• The need for documented information to confirm
appropriateness of all stages is also clearly stated
• Any changes made to design inputs and design outputs during
the design and development must be clearly identified.
Section 8 - Operation
8.4 Control of externally provided processes, products and services
8.4.1 General
8.4.2 Type and extent of control
8.4.3 Information for external providers

• Changes are mainly terminology and revised wording (ie suppliers

become ‘external providers!’)
• Much as before, each stage of the purchasing process, including
evaluation, selection, performance monitoring and re-evaluation
remains a key requirement
• There is a significant increase in the steps needed to control
external provision.
 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
• Changes are mainly terminology and revised wording

• The most significant change is the move of monitoring and measuring

equipment to Section 7

• Reference to ‘changes and post delivery activities’ have been strengthened.

 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
• Documented information – must be available to record activities undertaken and results.
• Monitoring and measurement is now no longer just about test results / meter readings but checks that
personnel may undertake such as human checks.
• Should have info that describes the product – specification / manufacturers guidance / quotation.
• Define what the customer wants
• Ensuring that you have what you need to measure and test systems installed. Meter readings / paper
work for commissioning.
 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
• Define what tests should be done and when (e.g. test electric output before, during and after install).
• Make sure that you have the right support from the office and site to complete the job this could be as
simple as someone ordering the right part for you to be delivered to site.
• Competent and trained staff.
• A clear process to test and check the install is as should be during delivery so that you know that when it’s
done it was done correctly.
• Safety measures to prevent mistakes taking place.
 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes

 There is a need for all organizations to be able to track their clients, the services they provide, the
products they install. This clause is expecting organizations to apply a rationale to this and
ensure it is well applied. Companies should be able to rely on the process and be confident that it
is consistently applied.
 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
• There is an expectation that any property belonging to a client, third party, supplier, etc. the
organization is involved with they have a clear process for protecting it. This may well be that
written but it is essential that the organization regard the following as property and as such
protect it:
• Intellectual info such as data / addresses / prices.
• Materials.
• Tools equipment.
• Customer keys.
 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes

This is a requirement to ensure that the supply of services are protected so that
what is supposed to be achieved is.

Examples: Ensuring that products delivered to site are not damaged and are
delivered when an engineer is on site to receive it.
 Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes

This is about post delivery, so what a company should do after they have supplied a product or a service.
Companies need to think about things that could go wrong which could impact what they have installed.
This new requirement needs to be added into the QMS.
Must take into account:
 Legal and industry standards;
 Things that could go wrong;
 How products should be used and how long they should last;
 Customer expectations;
 Customer feedback.
 Consider risk levels
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes

 There is a clear expectation that when an organization wants to or has to

make a change to a process in the business then they document this
change. Why have they made it? What impact did it have? What are the
implications for staff and customers?
 Change control methods should be defined clearly
Section 8 - Operation
8.6 Release of products and services
• Must verify that product and service requirements have been
meet and evidence of conformity retained
• Release to customer does not proceed until the planned
verification of conformity has been satisfactorily completed,
unless otherwise approved by a relevant authority and by the
customer
• Documented information to provide traceability to the person(s)
authorising release for delivery to the customer.
Section 8 - Operation

8.7 Control of nonconforming outputs

• You do not need a documented procedure any longer to detail how you will
deal with things that go wrong but you do need to do the following:
• a) Fix it.
• b) Remove it if necessary.
• c) Tell the customer.
• d) Ask them to accept it.
Section 9 – Performance Evaluation
Section 9 – Performance Evaluation
9.1 Monitoring, Determining what is to be
measurement, analysis monitored, measured, analysed
and evaluation and evaluated will enable the
organisation to determine ‘if the
9.2 Internal audit management system suitable,
9.3 Management review adequate and effective ?’

How performance of the QMS

is evaluated.
 Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
• Must determine what needs to be monitored and measured, the methods for
monitoring, measurement, analysis and evaluation, as applicable, to ensure valid
results
• Additionally, when the monitoring and measuring is to be performed and when
the results from monitoring and measurement is to be analysed and evaluated
• Retain appropriate documented information as evidence of the results.
 Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation

 There continues to be a need to obtain feedback from customers on

whether they feel the product and service they have purchased was as
they expected. Organizations need to decide how they will do this and
record the information they receive. How are you going to gather this
information?
 Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation

• All companies already measure and carry out some form of analysis but there is now an
additional requirement to evaluate the data.
• There are some key expectations:
• Ensure the data is used to check what you sell is as it should be.
• How happy are your customers?
• How well did the company perform?
• Did it go to plan or were there hiccups along the way?
• Safety measures put in place – did they work?
• Did subcontractors perform as you expected?
• What do you need to change now to make the QMS better?
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review

• There is no need for an internal audit procedure but it may be useful to keep it. You
do need to define audit criteria.
• There is no more detail on the arrangements expected for carrying out internal
audits. Not significantly different but more emphasis on how they are done, how
they are feedback and now a clear reference to audits being corrected in a
reasonable time to fix non-conformances identified. Ensuring that all the right
people are included in the audit outcome.
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review

• Consider the QMS and ‘alignment’ with the strategic direction of the
business. This essentially means ensuring that what the organization has
determined that they want to achieve the QMS will help this happen.
• MRM Input
• MRM output
Section 10 - Improvement
Section 10 - Improvement

10.1 General • QMS must continually

improve
10.2 Nonconformity and
corrective action • nonconformities must be
identified and reacted to
10.3 Continual improvement • corrective action must be
considered
Continual improvement
remains a core focus of the
QMS.
Section 10 – Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement

• Opportunities for improvement must be determined

• Action must be taken to meet customer requirements and
enhance customer satisfaction:
▫ Improve products and service
▫ Correcting, preventing or reducing undesired effects
▫ Improve performance and effectiveness of the QMS.
 Section 10 - Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement

• Nonconformities (including complaints) must be reacted to and

applicable action taken
• Root cause analysis must be considered based on its significance
• Effectiveness of corrective action must be reviewed
• Change QMS if required
• Evidence of action taken from nonconformities must be documented
• Evidence of results of corrective action must be documented.
Section 10 – Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement

• Organisations must continually improve the suitability,

adequacy and effectiveness of the QMS
• Must consider results of analysis and evaluation, and outputs
from management review.
What is Quality Audit???
Systematic, Independent and Documented process for obtaining objective evidence and
evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Terms and Definitions
1. Combined audit
Audit carried out together at a single auditee on two or more management systems
2. Audit programme
Arrangements for a set of one or more audits planned for a specific time frame and directed towards a
specific purpose
3. Audit Scope
Extent and boundaries of an audit
4. Audit Plan - Description of the activities and arrangements for an audit
5. Audit Criteria
Set of requirements used as a reference against which objective evidence is compared
6. Existing Evidence
Data supporting the existence or verity of something
Continue,,,
Terms and Definitions
7. Audit Evidence
Records, statements of fact or other information, which are relevant to the audit criteria and verifiable
8. Audit findings
Results of the evaluation of the collected audit evidence against audit criteria
9. Audit Conclusions
Outcome of an audit after consideration of the audit objectives and all audit findings
10. Auditee
Organization as a whole or parts thereof being audited
11. Auditor
Person who conducts an audit
12. Technical Expert
Person who provides specific knowledge or expertise to the audit team
Types of Audit

 Three Types

1. First Party Audit – Internal Audit

2. Second Party Audit – External provider
Other external interested parties
3. Third party Audit - Certification and/or accreditation audit
Statutory, regulatory and similar audit
Step of the Audit process
1. Opening Meeting (Purpose)

1. Confirm the agreement of all participants (e.g. auditee, audit team) to

the audit plan
2. Introduce the audit team and their roles
3. Ensure that all planned audit activities can be performed.

Introduce:
1. Other participants, including observers and guides, interpreters and an outline of their
roles
2. The audit methods to manage risks to the organization which may result from the
presence of the audit team members.
Step of the Audit process
1. Opening Meeting (Purpose)

Other Purpose:
1. The audit plan and other relevant arrangements with the auditee, such as the date and
time for the closing meeting, any interim meetings between the audit team and the
auditee’s management, and any change(s) needed;
2. Formal communication channels between the audit team and the auditee;
3. The language to be used during the audit;
4. The auditee being kept informed of audit progress during the audit;
5. The availability of the resources and facilities needed by the audit team;
6. Matters relating to confidentiality and information security
Step of the Audit process
2. Preparing for Closing Meeting(Purpose)
The audit team should confer prior to the closing meeting in order to:
1. Review the audit findings and any other appropriate information collected during the
audit, against the audit objectives;
2. Agree on the audit conclusions, taking into account the uncertainty inherent in the audit
process;
3. Prepare recommendations, if specified by the audit plan;
4. Discuss audit follow-up, as applicable.
Step of the Audit process
3. Conducting Closing Meeting(Purpose)
A closing meeting should be held to present the audit findings and conclusions.
The closing meeting should be chaired by the audit team leader and attended by the
management of the auditee and include, as applicable:
1. Those responsible for the functions or processes which have been audited;
2. The audit client;
3. Other members of the audit team;
4. Other relevant interested parties as determined by the audit client and/or auditee.
Audit process
Audit Report
1. Audit objectives;
2. Audit scope, particularly identification of the organization (the auditee) and the functions or
processes audited;
3. Identification of the audit client;
4. Identification of audit team and auditee’s participants in the audit;
5. Dates and locations where the audit activities were conducted;
6. Audit criteria;
7. Audit findings and related evidence;
8. Audit conclusions;
9. A statement on the degree to which the audit criteria have been fulfilled;
10. Any unresolved diverging opinions between the audit team and the auditee;
11. Audits by nature are a sampling exercise; as such there is a risk that the audit evidence
examined is not representative.
Audit process
Audit follow up
1. The completion and effectiveness of these actions should be verified.
2. This verification may be part of a subsequent audit.
3. Outcomes should be reported to the individual managing the audit programme
4. Reported to the audit client for management review..
Competency of Auditor
1. Personal behavior
2. The ability to apply the knowledge
3. Skills gained through education
4. Work experience
5. Auditor training and audit experience
Audit process
Personal Behaviour of Auditor
1. Ethical, i.e. fair, truthful, sincere, honest and discreet;
2. Open-minded, i.e. willing to consider alternative ideas or points of view;
3. Diplomatic, i.e. tactful in dealing with individuals;
4. Observant, i.e. actively observing physical surroundings and activities;
5. Perceptive, i.e. aware of and able to understand situations;
6. Versatile, i.e. able to readily adapt to different situations;
7. Tenacious, i.e. persistent and focused on achieving objectives;
8. Decisive, i.e. able to reach timely conclusions based on logical reasoning and analysis;
9. Self-reliant, i.e. able to act and function independently while interacting effectively with others;
10. Able to act with fortitude, i.e. able to act responsibly and ethically, even though these actions
may not always be popular and may sometimes result in disagreement or confrontation;
11 Open to improvement, i.e. willing to learn from situations;
12. Culturally sensitive, i.e. observant and respectful to the culture of the auditee;
13. collaborative, i.e. effectively interacting with others, including audit team members and the
auditee’s personnel.
Audit process
Audit Method
Audit process
Determining Audit Findings
1. Follow-up of previous audit records and conclusions;
2. Requirements of the audit client;
3. Accuracy, sufficiency and appropriateness of objective evidence to
support audit findings;
4. Extent to which planned audit activities are realized and planned
results achieved;
5. Findings exceeding normal practice, or opportunities for improvement;
6. Sample size;
7. Categorization (if any) of the audit findings.
Audit process
Recording Conformity
1. Description of reference to audit criteria against which conformity is
shown;
2. Audit evidence to support conformity and effectiveness, if applicable;
3. Declaration of conformity, if applicable.
Audit process
Recording Non conformity
1. Description of or reference to audit criteria;
2. Audit evidence;
3. Declaration of nonconformity;
4. Related audit findings, if applicable.
Audit process
Audit Program Phase 0
Definition

Overall Planning Audit Management’s

Schedule Responsibility

Preparation
Phase 1

Opening Meeting Audit Closing Meeting

Phase 2 Phase 3 Phase 4

Closeout Management Reporting

CAPA
Phase 6 Review Phase 5
Process flow for the management of
an audit Program
Audit Program – PDCA Model
Authority for the audit
program

Establishing the audit program

· objectives & extent
· responsibilities PLAN
· resources
· procedures

Implementing the audit program Competence and evaluation

· scheduling of auditors
Improving the audit · evaluating auditors
ACT DO
program · selecting audit team
· directing audit activities
· maintaining records Audit activities

Monitoring and reviewing the audit

program
· monitor and reviewing
· identifying needs for corrective and CHECK
preventive actions
· Identifying opportunities for
improvement
Typical process of collecting and
verifying information
Thank You