Clause#
|
Title
|
Comment & Guidance
|
ISO 9001:2008 Reference
|
4
|
Context of the Organization
|
The whole section addresses the planning phase of P-D-C-A approach
|
|
4.1
|
Understanding the organization and its context
|
-
Determine external and internal issues
-
Monitor and review information about issues
|
None
|
4.2
|
Understanding the needs and expectations of interested parties
|
-
Identify the interested parties relevant to the quality management system
-
Determine the requirements of interested parties
-
Monitor and review information about interested parties and their requirements
|
None
|
4.3
|
Determining the scope of the quality management system
|
-
Define the scope of the QMS
-
Take into account the external and internal issues
-
Take into account the requirements of interested parties
-
Take into account the products and services. All products and services proposed by the company without exception
-
Apply any requirement of the ISO 9001 standard applicable within the scope of the QMS
-
Maintain the scope of the QMS as documented information
-
Include in the scope of the QMS justification for any requirements which cannot be met
-
Every requirement of the ISO 9001 standard which cannot be applied in the company implies a justification
|
1.2
|
4.4
|
Quality management system and its processes
|
The Organization is free to decide how to apply the QMS without forgetting the issues (see clause 4.1) and requirements (see clause 4.2)
-
Establish, implement, maintain and improve a process-based QMS
-
Determine the needed processes and their application
-
Determine process inputs and outputs
-
Determine the sequence and interaction of processes
-
Determine the criteria and methods to control processes
-
Determine and provide the resources
-
Assign process responsibilities and authorities, Consider the risks and opportunities for each process
-
Evaluate processes and if necessary modify them
-
Determine the improvement opportunities of processes and the QMS
-
Maintain documented information on process operation
-
Retain documented information on process operation
|
4.1
|
4.15
|
Leadership
|
Section title. Top Management needs to demonstrate involvement in the establishing QMS covering requirements of all the phases of P-D-C-A approach
|
None
|
5.1
|
Leadership and commitment
|
|
5.1
|
5.1.1
|
General
|
Top management demonstrates leadership (assumes its responsibility and commitment). Focus on quality and customers
-
Demonstrate accountability for effectiveness of QMS
-
Establish a quality policy and quality objectives. Ensure policy and the objectives are compatible with strategic direction and context of the company
-
Integrate QMS requirements in the internal process requirements
-
Raise awareness of the process approach and process approach and risk-based thinking
-
Provide the necessary resources for the QMS
-
Raise awareness on the importance of an effective and conforming QMS
-
Ensure the achievement of intended results of the QMS
-
Support the staff contribution to the effectiveness of the QMS
-
Promote continual improvement
-
Support the leadership of managers
-
Responsibility and authority of managers are backed at all times by top management
|
5.1
|
5.1.2
|
Customer focus
|
-
Determine and meet customer, statutory and regulatory requirements
-
Determine and address the potential risks and opportunities. Any risk and opportunity that may influence the conformity of products and services and customer satisfaction.
-
Maintain the objective of better satisfying the customer
|
5.2
|
5.2
|
Policy
|
|
5.3
|
5.2.1
|
Developing
the quality policy
|
Policy shall be appropriate to the purpose, strategic direction, culture and business context
-
Establish, implement and maintain a suitable quality policy
-
Provide a framework to define and review the quality objectives
-
Include meeting the applicable requirements
-
Include a commitment to continuously improve the QMS
|
5.3
|
5.2.2
|
Communicating the quality policy
|
-
Maintain the quality policy as documented information
-
Communicate the quality policy
-
Keep the quality policy available to interested parties
|
5.3
|
5.3
|
Organizational roles, responsibilities and authorities
|
Define and communicate the responsibilities and authorities
- Assign all relevant roles in the QMS
- Assign all relevant roles according to the requirements of the ISO 9001 standard
- Assign all relevant roles so that processes deliver expected results
- Assign all relevant roles so that reporting on the performance of the QMS and improvement opportunities is done, (clause 10.1 )
- Assign all relevant roles so that customer focus is ensured (first quality management principle)
- Assign all relevant roles so that implemented changes to the QMS do not affect its integrity
|
5.5.1
|
6
|
Planning
|
Section title. The whole section addresses the planning phase of P-D-C-A approach
|
Not Available
|
6.1
|
Actions to address risks and opportunities
|
In order to ensure that the QMS can achieve its expected results, (Clauses 4.1 (context) and 4.2 (interested parties).
-
Take into account risks and opportunities
-
Take into account opportunities, to increase the desirable effects (positive impact)
-
Take into account risks, to reduce the undesirable effects (negative impacts)
-
Take into account risks and opportunities, to confirm the approach of continual improvement, (Clause 10.3)
-
Plan actions to address risks and opportunities
-
Define how to integrate actions in the QMS processes, (Clause 4.4)
-
Plan and implement actions
-
Plan and evaluate actions
-
Adapt actions to risks and opportunities, considering the potential impact on the conformity of products and services
|
None (Though this new requirement borrows ideas previously found in 8.5.3, 5.4.2 and 7.1)
|
6.2
|
Quality objectives and planning to achieve them
|
-
Establish quality objectives at relevant functions, levels and processes
-
Define measurable objectives
-
Consider applicable requirements
-
Adopt relevant objectives
-
Monitor objectives
-
Communicate objectives
-
Update objectives
-
Maintain documented information on the quality objectives
-
Define plan
-
Determine necessary resources
-
Plan responsibilities
-
Plan deadlines
- Plan the way to evaluate results
|
5.4.1
|
6.3
|
Planning of changes
|
Determine need for changes and Plan the changes of the QMS
-
Consider the purpose of the change and the possible consequences
-
Consider the maintenance of the integrity of the QMS
-
Consider the available resources
-
Consider the assigned responsibilities and authorities
|
5.4.2
|
7
|
Support
|
Section title. The whole section addresses the Do phase of P-D-C-A approach
|
Not Available
|
7.1
|
Resources
|
|
6.1
|
7.1.1
|
General
|
-
Provide the necessary resources to achieve effectiveness in performance of QMS
-
Take into account existing resources and their capabilities and constrains
-
Take into account the need for the use of external providers, to provide necessary services not available inside the company
|
6.1
|
7.1.2
|
People
|
-
determine and provide the persons necessary for the operation and control of its processes
|
6.2
|
7.1.3
|
Infrastructure
|
-
Provide and maintain the infrastructure necessary to the functioning of processes to achieve conformity of products and services.
-
Example: buildings, equipment, transportation, hardware, software etc
|
6.3
|
7.1.4
|
Environment for the operation of processes
|
-
Provide and maintain the suitable environment necessary to the functioning of processes to achieve conformity of products and services.
-
Can be defined in combination of human and physical factors such as Social, psychological, physical, as applicable to organization
-
Example: Work culture, work atmosphere, temperature, ergonomics etc
|
6.4
|
7.1.5
|
Monitoring and measuring resources
|
-
Determine the need for monitoring and measuring resources
-
Provide adequate resources for monitoring & measurements (Clause 7.2)
-
Maintain resources (calibrated or verified, or both, at specified intervals, or prior to use)
-
Identification and fitness for use
-
In order to ensure fitness for their purpose
-
Retain documented information on the adequacy of inspection resources (Clause 7.5)
-
Initiate actions, when measuring equipment is found to be unfit for its intended purpose
|
7.6
|
7.1.6
|
Organizational knowledge
|
-
Determine the necessary knowledge to control the processes and the conformity of products and services
-
Acquire, maintain and make organizational knowledge available to maintain the performance of the QMS
-
Take into account the need for additional knowledge
-
When needs and trends have changed
|
None
|
7.2
|
Competence
|
-
Determine the necessary competence
-
Identify people who have an influence on the performance & effectiveness of QMS
-
Ensure the competence, based on appropriate training or experience
-
Undertake activities to acquire the necessary competence and evaluate the effectiveness of these activities
-
Retain documented information on staff competence (Clause 7.5)
|
6.2.2
|
7.3
|
Awareness
|
-
Ensure the staff is aware of the quality policy
-
Including people who carry out work under the company's control.(Clause 5.2
-
Ensure the staff is aware of the quality objectives
-
(Clause 6.2
-
Ensure the staff is aware of its contribution
-
In order to improve the performance of the QMS
-
Ensure the staff is aware of negative impacts
-
If QMS requirements are not met
|
6.2
|
7.4
|
Communication
|
-
Determine the internal and external communications.
-
Define methodology for internal and external communications
-
Define with whom to communicate Communication
-
Define responsibility for internal and external communications
|
6.2
|
7.5
|
Documented
information
|
|
|
7.5.1
|
Control of Documented Information
|
-
Determine documented information required by the ISO 9001 standard
-
Determine documented information necessary for the effectiveness of QMS
|
4.2.3, 4.2.4
|
7.5.2
|
Creating and updating
|
-
Create, identify and describe the documented information
-
Choose the format and the media of the documented information
-
Review and approve the adequacy of the documented information
|
4.2.3, 4.2.4
|
7.5.3
|
Control of documented information
|
-
Management of availability of the documented information
-
Management of distribution, access and use of the documented information
-
Management of storage of the documented information
-
Management of changes of the documented information
-
Management of retention time and the removal of the documented information
-
Management of documented information of external origin
-
Protect the documented information
|
4.2.3,
4.2.4
|
8
|
Operation
|
Section title. The whole section addresses the Do phase of P-D-C-A approach
|
Not Available
|
8.1
|
Operational planning and control
|
-
Plan and determine the requirements for the products and services
-
Establish the criteria for control of process
-
Determine necessary resources
-
Plan and Control the processes
-
Determine, maintain and retain the documented information on process control
-
Determine, maintain and retain the documented information on product and service conformity
-
Control planned and unplanned changes
-
Analyze the consequences of unplanned changes, actions to limit the effects
-
Control the outsourced processes
|
7.1
|
8.2
|
Requirements for products and services
|
|
7.2
|
8.2.1
|
Customer communication
|
-
Provide information to customers, related to products and services
-
Control communication with customers related to contracts, orders, changes and consultations
-
Control communication with customers regarding the perception, opinions, complaints and recommendations.
-
Control communication with customers regarding their property.
-
Establish communication with customers regarding specific requirements for contingency actions
|
7.2.3
|
8.2.2
|
Determination of requirements related to products and services
|
-
Determine the requirements for the products and services
-
Develop specific activities for products and services, to determine statutory and regulatory requirements
-
Define internal requirements, Related to processes, products and services.
-
Determine the feasibility to meet customer requirements
-
Determine process to respond to claims, in a relevant way (with facts)
|
7.2.1
|
8.2.3
|
Review of requirements related to products and services
|
-
Determine ability to meet the requirements for products and Services
-
Review explicit customer requirements, Before order acceptance,
including delivery and post-delivery activities requirements
-
Review implicit customer requirements, Before order acceptance (unformulated requirements but necessary for specified use or use intended by the customer)
-
Review internal requirements identified by organization
-
Review statutory and regulatory requirements applicable to the products and services
-
Review gaps, Between requirements of an order (or contract) and those previously expressed
-
Resolve gaps, Before order acceptance and commitment to provide products and services
-
Confirm requirements before accepting an order, when requirements are not documented
-
Retain the documented information on the results of the reviews of requirements, (Clause 7.5)
-
Retain the documented information on any new or changed requirement for the products and services, (Clause 7.5)
|
7.2.2
|
8.2.4
|
Changes to requirements for products and services
|
-
Communicate changes to relevant persons, After changing requirements in the documented information
|
7.2.2
|
8.3
|
Design and development of products and services
|
|
|
8.3.1
|
General
|
-
Establish, implement and maintain a process of design and development
|
7.3.1
|
8.3.2
|
Design and development planning
|
-
Plan the design and development stages
-
Consider the specificity of design and development activities
-
Consider the process requirements and applicable reviews
-
Consider the verification and validation activities
-
Consider the necessary responsibilities and authorities
-
Consider the needs of internal and external resources
-
Consider the relations between persons participating in the design and development
-
Consider the need for involvement of customers and users
-
Consider the requirements for subsequent products and services
-
Consider the level of control expected by interested parties
-
Consider the documented information meeting design and development requirements. (Clause 8.3.3, 8.3.5 and 8.3.6)
|
7.3.1
|
8.3.3
|
Design and development inputs
|
-
Determine essential requirements, regarding specific types of products and services from design and development
-
Determine functional requirements, Consider also the performance requirements
-
Consider the information from similar activities
-
Consider the statutory and regulatory requirements
-
Consider the corporate culture, internal rules of art
-
Consider the potential consequences of product and service failure
-
Check that the inputs are complete and unambiguous, In order to realize suitable design and development process
-
Resolve potential conflicts between inputs, In order to obtain complete and unambiguous inputs
-
Retain the documented information on design and development inputs, (Clause 7.5)
|
7.3.2
|
8.3.4
|
Design and development controls
|
-
Define clearly the expected results, Regarding processes, products and services
-
Conduct reviews as planned , Regarding processes, products and services
-
Check that outputs meet input requirements, (Clause 8.3.5)
-
Validate products and services , To ensure that the specified application requirements or those for the intended use are satisfied
-
Take actions in response to identified problems, during reviews, verifications and validations
-
Ensure that the documented information is retained (Clause 7.5, 8.3.3, 8.3.5 and 8.3.6)
|
7.3.4, 7.3.5, 7.3.6
|
8.3.5
|
Design and development outputs
|
-
Ensure that outputs meet input requirements, (Clause 8.3.3)
-
Ensure that outputs are in line with the subsequent processes, processes regarding the products and services
-
Ensure that outputs include monitoring and measuring requirements, including acceptance criteria is defined
-
Ensure that outputs are suitable for their intended use, proper use or planned by the customer in complete safety
-
Retain the documented information on outputs, (Clause 7.5 )
|
7.3.3
|
8.3.6
|
Design and development changes
|
-
Identify, review and control the changes made to inputs and outputs, ensure that the changes have no impact on meeting the requirements
-
Retain the documented information on changes (Clause 7.5)
-
Retain the documented information on results of reviews (Clause 7.5
-
Retain the documented information on who authorized the changes (Clause 7.5)
-
Retain the documented information on actions, in order to prevent negative impacts. (Clause 7.5)
|
7.3.7
|
8.4
|
Control of externally provided processes, products and services
|
|
4.1
|
8.4.1
|
General
|
-
Ensure that the outputs of external providers meet specified requirements
-
Apply the requirements for the control of products and services provided by external providers
-
When the products and services are integrated internally, apply the requirements for the control of products and services
-
When the products and services are provided directly to customers by external providers on behalf of the company, apply the requirements for the control of process done by external providers
-
determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers
-
Retain the documented information on the results of the evaluation and monitoring(Clause 7.5)
|
7.4
|
8.4.2
|
Type
and extent of control
|
-
Determine & apply the level of control of external providers on meeting the requirements
-
Ensure that the processes of external providers are controlled
-
Define how to control the external provider and its process outputs
-
Consider the potential impact of the outputs of the external provider
-
Consider the control of the external provider, and effectiveness of this control
-
Define how to control the outputs of externally provided processes
-
Verification and other activities necessary to ensure that the provision of external providers does not affect the conformity of products and services delivered to the customer
|
4.1,
7.4
|
8.4.3
|
Information for external providers
|
-
Verify the adequacy of the requirements, prior to communication to the external provider
-
Communicate the requirements to the external provider,
-
regarding the processes, products and services to provide
-
regarding the approval of products and services
-
regarding the approval of methods, processes and equipment
-
regarding the approval of the release of products and services
-
regarding the competence (including required qualifications)
-
regarding the relations between the external provider and the company
-
regarding the control and monitoring of the external provider's performance
-
regarding the verification or validation activities that the organization or its customer intends to realize at the external provider's premises
|
None
|
8.5
|
Production and service provision
|
|
7.5
|
8.5.1
|
Control of production and service provision
|
-
Apply controlled conditions of production and service provision including delivery and post-delivery activities
-
Maintain documented information of specifications of products and services and the expected activities (Clause 7.5)
-
Save the documented information of results to be achieved (Clause 7.5)
-
Include in the controlled conditions
-
the inspection resources (Clause 7.1.5)
-
the inspection activities, to verify that the appropriate stages of the processes' outputs meet the criteria
-
Include in the controlled conditions adequate infrastructure and environment (Clauses 7.1.3 et 7.1.4
-
the staff competence,
-
the necessary qualification, (Clause 7.2
-
the validation of the ability of a process to achieve the expected results, when the outputs cannot be checked ,
-
the actions to prevent human error
-
the activities of release, delivery and post-delivery (Clause 8.6 and paragraph 8.5.5
|
7.5.1
|
8.5.2
|
Identification
and traceability
|
-
Use appropriate means to control the unique identification of process outputs, to ensure the conformity of products and services when needed
-
Inspect processes throughout the production and service provision
-
Control the traceability of process outputs, When traceability is a requirement, the unique identification is used
-
Retain the documented information on traceability
|
7.5.3
|
8.5.3
|
Property belonging to customers or external providers
|
-
Exercise care with property owned by customer or external provider
-
Identify, check, protect, monitor and safeguard customer or external provider property
-
Notify the customer or external provider when his property has been damaged or lost and maintain the documented information on the situation
|
7.5.4
|
8.5.4
|
Preservation
|
-
Preserve the process outputs throughout production and service provision activities, Ensure: identification, packaging, handling, storage, transport, protection
|
7.5.5
|
8.5.5
|
Post-delivery
activities
|
-
Meet the requirements for post-delivery activities
-
Consider statutory and regulatory requirements
-
Consider negative impacts related to products and services
-
Consider the nature, the intended use and lifetime of products and services
-
consider the requirements of interested parties
-
Consider customer feedback
|
7.5.1, 7.2.1
|
8.5.6
|
Control of changes
|
-
Review and control unplanned changes
-
Retain the documented information on unplanned changes
|
4.2.3, 5.4.2, 7.3.7
|