Welcome to the 4Z-Pedia. Many people are asking how to get an ISO certification. We explained in another 4Z-Pedia document, the various steps of ISO 9001:2015 certification. But before thinking in contacting a certifying body, it is helpful to know how close you are from the qualification to a formal ISO 9001:2015 certification.
We prepared the following checklist as a guide for that purpose. Please note that this checklist is composed of questions and three possible answers.
Questions are based on the clauses of the international ISO 9001:2015 standard. They cover both mandatory and commonly used clauses required by any ISO certifying body.
Answers are divided into three distinct categories:
- Ready: means that you can proof your fulfilment of these clauses by appropriate documentation, thereby ready for the visit of the external audit by the certifying body.
- Almost Ready: means that you are ready for the visit of the external audit by the certifying body to inspect you. But you need a small support to complete the required documentation.
- Not Really: means that you need extensive preparation before getting ready for the visit of the external audit by the certifying body to inspect you.
At the end of this checklist, you will find further guidance on what to do depending on your answers.
In each question you will be asked whether you think you have fulfilled the criteria of the standard. You have the choice to answer as: Ready, Almost Ready, or Not Really
Readiness Checklist
Please note that cells in (Red) are mandatory documents, while cells in (Blue) are commonly used non-mandatory documents.
(For mobile devices, please use landscape mode for a better experience, or swipe fingers right and left to see the whole table).
| Clause | Question | Ready | Almost Ready | Not Really |
|---|---|---|---|---|
| 4 | Have you determined the interested parties that are relevant to the QMS? | |||
| 4.1 | Have you determined external and internal issues relevant to the purpose and strategic direction of your QMS that can affect your ability to achieve the intended results? | |||
| Are you monitoring and reviewing information about these external and internal issues? | ||||
| 4.2 | Have you determined the interested parties that are relevant to the QMS? | |||
| Have you determined the requirements of these interested parties that are relevant to the QMS? | ||||
| Do you monitor and review the information about these interested parties and their relevant requirement? | ||||
| 4.3 | Have you established the scope of your QMS? | |||
| Does the scope state the types of products and services covered? | ||||
| While determining the scope, have you determined the external and internal issues, requirements of your relevant interested parties, products and services? | ||||
| Is your scope made available and maintained as a documented information? | ||||
| 5 | Leadership: top Management are now required to demonstrate a greater direct involvement in your QMS: | |||
| 5.2 | Have the policy and objectives for the QMS, which are compatible with the strategic direction of the organization, been established and communicated? | |||
| 6 | Planning: you are required to consider both your context and interested parties when planning and implementing the QMS. You are also required to identify those risks and opportunities that have the potential to impact (positively or negatively) on the operation and performance of the QMS: | |||
| 6.1 | While planning for the QMS, do you consider the internal and external issues and the requirements of interested parties? | |||
| Have you taken actions to address risks and opportunities that are proportionate to the potential impact on the conformity of products and services? | ||||
| 6.2 | Have you established quality objectives at relevant functions, levels and processes needed for the QMS? | |||
| Have you developed quality objectives that are consistent with the quality policy? are they measurable? do they take into account applicable requirements? are they relevant to conformity of products and services and to the enhancement of customer satisfaction? are they monitored? are they communicated? are they updated as appropriate? | ||||
| When planning how to achieve quality objectives, have you determined what will be done? what resources will be required? who will be responsible? when it will be completed? how the results will be evaluated? | ||||
| 7 | Resources: you need to consider both internal and external resource requirements and capabilities to be able to meet customer and regulatory requirements: | |||
| 7.1.5.1 | Have you determined and provided the resources needed to ensure valid and reliable results when monitoring and measuring is used to verify the conformity of products and services to requirements? | |||
| Have you ensured that the resources provided are suitable for the specific type of monitoring and measurement activities being undertaken? are they maintained to ensure their continuing fitness for their purpose? | ||||
| Have you retained documented information as evidence of fitness for purpose of the monitoring and measurement resources? | ||||
| 7.2 | Have you determined the necessary competence of persons doing work under its control that affects the performance and effectiveness of the QMS? | |||
| Have you ensured that these persons are competent on the basis of appropriate education, training, or experience? | ||||
| Have you ensured where applicable, taken actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken? | ||||
| Have you retained appropriate documented information as evidence of competence? | ||||
| 7.3 | Have you ensured that the persons doing work are aware of the quality policy? are they aware of relevant quality objectives? are they aware of their contribution to the effectiveness of the QMS, including benefits of improved performance? are they aware of the implications of not conforming with the QMS requirements? | |||
| 7.5 | Have your QMS included documented information that is required by the ISO 9001:2015 international standard? | |||
| Is documented information determined by you, as being necessary for the effectiveness of the QMS? | ||||
| When creating and updating documented information have you ensured the documented information has an appropriate identification and description? has it an appropriate format? has it been reviewed and approved for suitability and adequacy? | ||||
| Have you ensured that documented information required by the QMS and by the ISO 9001:2015 standard is controlled to ensure that it is available and suitable for use, where and when it is needed? is it adequately protected (from loss of confidentiality, improper use, or loss of integrity)? | ||||
| Have you, in order to control documented information, addressed its distribution, access, retrieval, use, storage and preservation, including preservation of legibility, and its control of changes (e.g., version control)? its retention and disposition? | ||||
| Have you determined documented information of external origin necessary for the planning and operation of the QMS be identified as appropriate, and be controlled? | ||||
| Have you retained documented information as evidence of conformity and protected it from unintended alterations? | ||||
| 8 | Operation: You are required to control not only implementation and planned changes to processes, but also to unintended, unplanned changes. Where unintended changes are made, you will have to demonstrate that you have identified any actual or potential adverse effects and have taken action to mitigate them: | |||
| 8.2 | Have you ensured that communication with customers includes information relating to products and services, handling enquiries, contracts or orders, including changes, customer feedback relating to products and services, including customer complaints, specific requirements for contingency actions, when relevant? | |||
| 8.2.3.2 | Have you ensured that you have the ability to meet the requirements for products and services? | |||
| Have you conducted a review before committing to supply product and services? | ||||
| Have you reviewed the requirements specified by the customer, including the requirements for delivery and post-delivery activities? | ||||
| Have you reviewed the requirements not stated by the customers but necessary for the specified or intended use when know? | ||||
| Have you reviewed the legal and regulatory requirements applicable to the products and services, and the requirements specified by you? | ||||
| Have you reviewed and resolved contract or order requirements differing for those previously defined? | ||||
| When the customer does not provide a documented statement of their requirement, do you conform to the customer's requirements before acceptance? | ||||
| Do you retain documented information on the results of the review and on any new requirements for the products and services? | ||||
| 8.3 | Have you established, implemented and maintain a design and development process that is appropriate to the subsequent provision of products and services? | |||
| 8.3.3 | Have you determined the requirements essential for the specific types of products and services to be designed and developed by considering functional and performance requirements, information derived from previous similar design and development activities, legal and regulatory requirements, standards or codes of practice that the organization has committed to implement, potential consequences of failure due to the nature of the products and services? | |||
| 8.3.4 | Have you applied the necessary controls to design and development processes to ensure that the result to be achieved are defined? | |||
| 8.3.5 | Do you ensure that design and development outputs meet the input requirements? | |||
| 8.3.6 | Have you identified, reviewed and controlled changes made during, or subsequent to the design and development of the products and services to ensure that there is no impact on conformity to requirement? | |||
| 8.4.1 | Do you ensure that the externally provided processes, products and services conform to the requirements? | |||
| Do you determine the controls needed when the products and services from the external providers are incorporated into your own products and services? | ||||
| Do you determine the controls needed when the products and services from the external providers are provided directly to the customer by external providers? | ||||
| Do you determine the controls needed when the process or part of the process is provided by the external providers? | ||||
| 8.5 | Have you implemented production and service provision under controlled conditions? | |||
| 8.5.1 | Are there any documented information available that defines the characteristics of the products, services or activities to be performed and the results to be achieved? | |||
| Are monitoring and measuring activities being performed at appropriate stages? | ||||
| Are competent persons (including qualification) being appointed? | ||||
| Is the infrastructure and environment being used suitable for the operation of processes? | ||||
| Have you implemented any actions to prevent human error? | ||||
| Have you implemented any release, delivery and post-delivery activities? | ||||
| 8.5.3 | When property belonging to customers or external providers is under your control or being used by you, do you exercise adequate care? | |||
| When the property or the customer or external provider is lost, damaged or otherwise, found to be unsuitable for use, do you report this to the customer or external provider? | ||||
| Do you retain documented information on what has occurred? | ||||
| 8.5.4 | Do you preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements? | |||
| 8.5.6 | Do you conduct review and control changes for production or service provision to ensure continuing conformity with requirements? | |||
| Do you retain documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review? | ||||
| 8.6 | Have you implemented planned arrangements, at appropriate stages, to verify that the product and service requirements have been met? | |||
| Do you ensure that the release of product and service proceed only after the planned arrangement is satisfactorily completed or approved by the relevant authority and as applicable by the customer? | ||||
| Do you retain the documented information on the release of products and services that includes information relating to the evidence of conformity with the acceptance criteria; traceability of the person authorizing the release? | ||||
| 8.7.2 | Do you ensure that the outputs which do not conform to their requirements are identified and controlled to prevent their unintended use or delivery? | |||
| Is the action appropriate to the nature of the nonconformity and its effect on the conformity of products and services? | ||||
| Do you also consider nonconforming products and services detected after delivery of products, or during and after the provision of services? | ||||
| When non-conforming products and services are detected do you take corrective action and/or segregation, containment, return, or suspension of the provision of products and services and/or informing the customer and/or obtaining authorization for acceptance under concession? | ||||
| Do you retain documented information that describes the nonconformity; the actions taken; any concession obtained; the authority deciding the action in respect of the nonconformity? | ||||
| 9 | Performance Evaluation: requirements are better defined when monitoring and measuring are performed and when the results are analyzed and evaluated: | |||
| 9.1.1 | Have you determined what needs to be monitored and measured, methods for monitoring, measurement, analysis and evaluation needed to ensure valid results, when the monitoring and measuring shall be performed, and when the results from monitoring and measurement are analyzed and evaluated? | |||
| Are you evaluating the performance and the effectiveness of the QMS? | ||||
| Have you retained appropriate documented information as evidence of the results? | ||||
| 9.1.2 | Can you demonstrate that you have sought out information relating to how customers view your organization as well as your products and services? | |||
| 9.2 | Are you conducting internal audits at planned intervals to provide information on whether the QMS conforms to your own requirements, and the requirements of the ISO 9001:2015 international standard, and is effectively implemented and maintained? | |||
| 9.2.2 | Have you planned, established, implemented and maintained an audit program(s) including the frequency, methods, responsibilities, planning requirements and reporting which takes into consideration the importance of processes concerned, changes affecting you, and the results of previous audits? | |||
| Have you defined the audit criteria and scope for each audit? | ||||
| Have you selected auditors and conducted audits to ensure objectivity and impartiality of the audit process? | ||||
| Have you ensured that the results of audits are reported to relevant management? | ||||
| Have you taken appropriate corrective actions without undue delay? | ||||
| Have you retained documented information as evidence of the implementation of the audit program and the audit results? | ||||
| 9.3 | Has top management reviewed your QMS, at planned intervals, to ensure its continuing stability, adequacy, effectiveness and alignment with the strategic direction of your organization? | |||
| 10 | Improvement: this section emphasizes the general need to improve processes, products and services, as well as QMS results, in order to meet customer requirements and enhance customer satisfaction: | |||
| 10.2 | When a nonconformity occurs, including any arising from complaints have you reacted to the nonconformity as applicable and taken action to control and correct it and also deal with the consequences? have you evaluated the need for action to eliminated the cause(s) of the nonconformity, to ensure that it does not recur or occur elsewhere? | |||
| 10.2.2 | Have you retained documented information as evidence of the nature of the nonconformities, any subsequent actions taken, and the results of any corrective action? |
We hope that this "Readiness Checklist" for the ISO 9001:2015, has given you an evaluation of your current business situation. Now you want to know what is the next step upon your own results of the above checklist:
(For mobile devices, please use landscape mode for a better experience, or swipe fingers right and left to see the whole table).
| If all, or the majority of the answers have been “Ready”, with “Almost Ready” making up the minority: | If the majority of the answers are “Almost Ready”, with a mix of “Ready” and “Not Really” making up the minority: | If the majority of the answers are “Not Really”, with “Ready” or “Almost Ready” making up the minority: |
|---|---|---|
| Congrats! you are ready to book your external audit with the certifying body. Please get in touch with us for guidance. | In this case, you should consider a gap analysis to identify the issues that need to be addressed. If you seek support on how to do it, please contact us, we are here to help you. | In this case, it looks like there is still some work to be done. This can be achieved through our training programs that cover ISO requirements. In addition, our numerous consulting packages will enhance your knowledge of the ISO standards; ideally preparing you for your ISO certification. You could also consider a gap analysis to identify areas that deserve your attention and get support on how to solve them. Plase call or email us for help. |
Now, if you have any more questions about auditing, checklists, ISO qualification and certification, email us today at: support@the4z.com. We will be pleased to answer all your questions about ISO certification, or call 4Z for Quality today at (also on WhatsApp): +973 3399 5807 or +90 5050 3040 16.
Further Readings:
- Quality Management System
- Concepts of QMS
- Principles of QMS
- ISO Standards
- Steps of ISO Certification
- Educational Accreditation
- Strategic Planning
Videos:
External Links:
Quality Quote:
- Start doing what you have to do; then do what you can do; suddenly you will find yourself doing what you couldn't do even in your dreams
