03 Day's Internal Auditor Training Content On ISO 9001 2015

THREE DAY’S
INTERNAL AUDITOR TRAINING COURSE

ON ISO 9001 2015(QMS)-VIRTUAL CLASS ROOM
System Certification-Business Assurance
Tamal Kumar Saha
Manager, BA
OUR GLOBAL NETWORK AND CAPABILITIES
Global ATIC Business with over 47,000 Employees
Global Global
Market Market
Leader in Leader
Assurance in TIC
3,000 1,000+
laboratories
auditors
and offices
100,000 100+
audits countries
2
OUR HERITAGE
Virginius Daniel Moody establishes

Caleb Brett founds a marine Moody Engineering for construction
surveying and cargo certification and engineering projects in the US,
business in the UK later moving into oil and gas testing
and certification
1886 2011
1885 1911 2017
Thomas Edison sets up the Lamp

Testing Bureau in the US (this later
Intertek and Moody International
becomes the Electrical Testing
join forces
Laboratories or ETL – a mark that
Intertek still applies today)
3
OUR ORGANISATION
Global Business Lines Industries What we do

Analytical Assessment Aerospace & automotive
Testing
Building Products Building products
Chemical
Business Assurance
Consumer goods & retailers Inspection
Cargo
Electrical & electronic
Chemicals & Pharmaceuticals
Energy Certification
Electrical Food & agriculture
Exploration & Production Government & institutions
Auditing
Food Services IT & telecom
Government & Trade Services Industrial

Outsourcing
Medical & pharmaceutical
Industry Services
Petroleum
Softlines
Toys, games & hardlines Advisory
Toys & Hardlines Textile, apparel & footwear
Transportation Technologies
Training
Wireless
Quality Assurance
RULES FOR LIVE VIRTUAL CLASSROOM
• Microphones- Please keep in mute mode/silent mode

while session is running.
• Phones – Keep in mute mode and avoid interruptions.
• Video- Switch off videos.
• Recording Devices - not allowed.
• Breaks – Prayer Breaks will be provided for 15 minutes.

THREE DAYS INTERNAL AUDITOR TRAINING COURSE ON
ISO 9001 2015(QMS)- VIRTUAL CLASS ROOM
Concept of quality
01 06 Audit Program & Planning
02 Principles 07 Preparing Checklist
03 High level structure 08 Onsite Audit Techniques
04 Overview of QMS 09 Raising NCRs & Report writing
05 QMS Requirements 10 Question & Answer
Intertek Academy 6
01
CONCEPT OF QUALITY
WHAT IS QUALITY
J M Juran – “Fitness for use ”
W. Edward Deming – “Continuous Improvement “
Philip Crossby – “Conformance to specifications”
Dr. Kaoru Ishikawa – “Most Economical, useful and always satisfactory to the customer
or audience”
Intertek Academy 8
WHAT IS QUALITY
• An organization focused on quality promotes a culture that
results in the behavior, attitudes, activities and processes that
deliver value through fulfilling the needs and expectations of
customers and other relevant interested parties.
• The quality of an organization’s products and services is

determined by the ability to satisfy customers and the
intended and unintended impact on relevant interested
parties.
• The quality of products and services includes not only their

intended function and performance, but also their perceived
value and benefit to the customer.
Intertek Academy 9
A QMS comprises activities by which the organization
identifies its objectives and determines the processes
and resources required to achieve desired results.
The QMS manages the interacting processes and

WHAT IS resources required to provide value and realize results
for relevant interested parties.
QUALITY
MANAGEMENT The QMS enables top management to optimize the
SYSTEM use of resources considering the long and short terms
consequences of their decision.
A QMS provides the means to identify actions to

address intended and unintended consequences in
providing products and services.
Intertek Academy 10
REMEMBER!
The Quality Management System is not It IS the management system.

a part of the management system.
Intertek Academy 11
QMS BENEFITS
Promotes improved industrial

Provides activity/ service/
Motivates staff towards pride in relations through interfaces and
product performance data
carrying out job interdepartmental co-operation
through feedback analysis
and input
Provides historical records to

confirm levels of quality/system
Controls all activity/ service/ Identifies and controls training effectiveness and activity/
product changes need service/ product achievement
and assist with product liability
claims
Intertek Academy 12
QUALITY
MANAGEMENT
PRINCIPLES
02
QUALITY MANAGEMENT PRINCIPLES
Engagement
of People
Leadership
Process Approach
Customer Focus Management
Relationship
Improvement management
Evidence-based
decision making
Intertek Academy 14
HIGH LEVEL STRUCTURE
03
KEY CHANGES IN STRUCTURE
Adopts the high- Requirements

There are now
level structure of 1-3 as before; set out in clauses
10 main clauses;
Annex SL; 4-10;
PDCA- ALSO KNOWN AS THE DEMING CIRCLE/CYCLE/WHEEL
Intertek Academy 17
P-D-C-A
— Plan: establish the objectives of the system and its processes, and the resources needed to
deliver results in accordance with customers’ requirements and the organization’s policies, and
identify and address risks and opportunities;
— Do: implement what was planned;
— Check: monitor and (where applicable) measure processes and the resulting products and
services against policies, objectives, requirements and planned activities
-Act: Take actions to improve performance, as necessary
Intertek Academy 18
OVERVIEW OF
QMS
04
IMPORTANT!
Legal Requirements Conformance to ISO Standards

Failure to comply with legal requirements may Failure to comply with ISO Standard 3rd Party
result in a fine or imprisonment Certification requirement may lead to loss of
registration
Failure to comply with ISO Standard where the
requirements are contractually binding may
result in being fined by the Civil Court
Intertek Academy 20
AUDITABLE CLAUSES OF ISO 9001:2015 AND THEIR
INTERRELATION TO PDCA
Intertek Academy 21
• Unlike ISO 9001:2008, any clause of ISO
9001:2015 may be considered for exclusion if
EXCLUSIONS there is sufficient and clear justification for the
exclusion.
Intertek Academy 22
PROCESS APPROACH
Process- “Set of interrelated or interacting activities that use inputs to deliver an intended results. “
This International Standard promotes the adoption of a process approach when developing,
implementing and improving the effectiveness of QMS, to enhance customer satisfaction by meeting
customer requirements.
Understanding and managing interrelated processes as a system contributes to the organization’s
effectiveness and efficiency in achieving its intended results. This approach enables the organization to
control the interrelationships and interdependencies among the processes of the system, so that overall
performance of the system can be enhanced.
Management of the processes and the system as whole can be achieved using P-D-C-A cycle with an
overall focused on risk based thinking aimed at taking advantages of opportunities and preventing
undesirable results.
The application of the process approach in the QMS system enables:
a)Understanding and consistency in meeting requirements
b) The consideration of processes in terms of added value
c) The achievement of effective process performance.
d)Improvement of processes based on evaluation of data
Intertek Academy 23
SCOPE
This International Standard specifies requirements for a quality management system when an
organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer
and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including
processes for improvement of the system and the assurance of conformity to customer and applicable
statutory and regulatory requirements.
All the requirements of this International Standard are generic and are intended to be applicable to any
organization, regardless of its type or size, or the products and services it provides.
NOTE 1 In this International Standard, the terms “product” or “service” only apply to products and
services intended for, or required by, a customer.
NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements.
Intertek Academy 24
RISK BASED THINKING
Risk-based thinking (see Clause A.4) is essential

for achieving an effective quality management To conform to the requirements of this
system. The concept of risk-based thinking has International Standard, an organization needs to
been implicit in previous editions of this plan and implement actions to address risks and
International Standard including, for example, opportunities. Addressing both risks and
carrying out preventive action to eliminate opportunities establishes a basis for increasing
potential non-conformities, analyzing any non- the effectiveness of the QMS, achieving
conformities that do occur, and taking action to improved results and preventing negative
prevent recurrence that is appropriate for the effects.
effects of the non-conformity.
QMS
REQUIREMENTS
05
4. CONTEXT OF THE ORGANIZATION
The requirement of this clause is to considered the ‘external and internal

issues’, ‘interested parties’ and their requirements to ensure that the
QMS is relevant to the organization's activity and its stakeholders needs
and expectations.
The objectives and concerns of external stakeholders shall be considered

when developing the QMS.
The term ‘issue’ covers problems and important matters related to the
QMS which need to be addressed.
Intertek Academy 27
4. CONTEXT OF THE ORGANIZATION (CONT.)
The needs and expectations of interested parties have to

be understood and the QMS of the organization has to be
aligned with its interested parties’ expectations in a
balanced way.
Intertek Academy 28
Examples for interested parties:

• Organizations: the decision-makers within;
• Customers, end-users, etc.
• Suppliers, providers of a product/service/information;
• MSS service provider - certification/accreditation bodies or
consultants;
• Regulatory bodies;
• Non-governmental organizations.
Intertek Academy 29
EXTERNAL & INTERNAL INTERESTED PARTIES
Reference: ISO 22313:2012

Intertek Academy 30
Example of processes that may be used for this purpose:

• Identification of the interested parties and their requirement’;
• Identification of internal and external issues/context;
• Assessment of internal and external environment /issues and of interested parties;
• Monitor and manage interested parties relationships;
• Internal and external communication, etc.
Intertek Academy 31
ISSUES WITH INTERESTED PARTIES
Auditors to verify if the organization
has followed following approach towards Context
Sample Internal Interested Sample External Interested Issues or Points of Conflict:

Parties: Parties: • What are the situations in which the rights or
obligations of the interested parties are in
• Owners of the Company • Authorities of various sections, like
conflict?
construction, social, import/export,
• Top Management taxation, work safety, labour,
environment, etc.
Interested Parties:
• Line Functions, such as Marketing,
Production, Maintenance, etc • Financing sources like banks, stock • Who other than those directly presented in
holders, public finance, etc. the conflict have an interest?
• Quality Assurance Organisation
• Safety Organisation • The Press Consequences of Action:
• Internal Personnel Groups • Politicians • Identify those that have the highest probability
of occurring or the greatest impact first
• Workers • Trade unions
• Representatives of Trade Unions • Church Consequences of Action:
• Reference Groups • Competitors • What are the responsibilities of each individual
to other interested parties?
• Other Projects • Suppliers
• Are these grounded in moral considerations or
• Cooperative Parties are they a rationalization?
• Families of the Personnel
Intertek Academy 32
Practice Session:
Work with your team and give example of audit evidence that auditors could gather
and evaluate to determine conformity/nonconformity with this requirement
ISO 9001:2015 gives no practical approach to organizational context analysis
It’s not mandatory but any of the following methods could be deployed: SWOT
analysis, PEST or PESTLE analysis, SOAR, Porter’s Five Forces Analysis, Value Chain
Analysis, etc.
Intertek Academy 33
SECTION 4.3 DETERMINING THE SCOPE OF THE QUALITY
MANAGEMENT SYSTEM
The scope must be made available and be maintained as documented information.
The scope needs to state the products and services covered by the quality management
system and must also include any justifications or instances where specific elements of
ISO 9001:2015 cannot be applied (for example, where a required process is not
undertaken).
Intertek Academy 34
SECTION 4.4 QUALITY MANAGEMENT SYSTEM
“The organization shall establish, implement, maintain and continually improve a

quality management system, including the processes needed and their interactions, in
accordance with the requirements of this International Standard. “
(ISO 9001:2015)
Intertek Academy 35
LEADERSHIP,
PLANNING AND
SUPPORT
(CLAUSE 5, 6 AND 7)
Purpose of this session: To understand the
changes made to the standard ISO 9001
5. LEADERSHIP
What are the differences between a Boss and a Leader?

The term Leadership has been introduced (previously ‘Management responsibility’).
Intertek Academy 37
LEADERSHIP AND MANAGEMENT
CHECK that the organization perceives the concept of leadership and

clarity is there that Leadership is different than Management
Intertek Academy 38
5. LEADERSHIP (CONT.)
CHECK if the organization:
• has established a management system policy and objectives
compatible with the strategic direction of the organization;
• has integrated the requirements of the management system
(MS) into the organization’s processes;
• has assigned and communicated responsibilities and
authorities relevant to MS conformance and reporting on MS
performance;
• has communicated the importance of effective management
and conforming to the MS;
• supports persons to contribute to the effectiveness of the MS.
Intertek Academy 39
6. PLANNING
CHECK the Main requirements are available:
• consider the external and internal issues, requirements,

needs and expectations of interested parties;
• determine the risks and opportunities that need to be
addressed and plan, integrate and implement actions to
address them and evaluate the effectiveness of these
actions;
• establish objectives at relevant functions and levels and
plan how to achieve them.
Intertek Academy 40
AUDITING RISKS & OPPORTUNITIES
CHECK following in Audit of Risk Assessment • Design Failure Risk

• Product Failure Risk
• All risks in relations of all Interested Parties in
business considered in Risk Assessment – impacting • Process Failure Risk
products or services; • IT Failure Risk
• Risk Evaluation Criteria is suitable to nature of • Environmental Risk
business; • Health & Safety Risk
• Probability and Severity is part of Risk Evaluation • IT Security Risk
Criteria; • Business Continuity Risk
• The scenarios of probability and severity are • Resource Shortage Risk
considered (Probability Changing or Impact Changes • Natural Calamity Risk
due to implementing of Controls to bring down the
risk); • Other Risks
• Residual Risks are approved by process owners /

authority;
• Risk Assessments are validated w.r.t Incidents (NC’s,
Complaints etc.)
Intertek Academy 41
RISKS & OPPORTUNITIES
Any risk arising from any positive step taken is an opportunity

(can have a cascading –ve impact from a positive step)
Intertek Academy 42
AUDITING RISKS & OPPORTUNITIES
CHECK Overall Risk Management is Justified to the Business
Intertek Academy 43
AUDITING RISK TREATMENTS IN QMS RISK ASSESSMENTS
Risk Mitigation – Sequence in Selection:
Practically in Normal Life, you use the same sequence in treating any risk.
•If this is not

1. Avoid possible,
then:
•If this is not

2. Treat possible,
then:
3. •If this is not

possible,
Accept then:
First Step should to be “Avoid “, 4.

which is rare in official treatments,
rather straight go for Treating
Transfer
Intertek Academy 44
AUDITING INTENT OF RISK MANAGEMENT
MORE INVESTMENT in HIGH

Controls (Treatments) – Implementing Risk Control Bring DOWN Risk
Better Risk Mitigation better 71 - 100 From to
- Brings DOWN the
Implementing Risk Control

RESIDUAL RISKS Medium R Bring DOWN Risk From
E to
BUT DON’T FORGET > 41 - 70 S
RISK LEVEL
• No control can make risk I
R
to ZERO D E
U S
Low
• Risk is under control as A
I
D
long as CONTROLS ARE
R
1 - 40 L U E
S
A
EFFECTIVE L
I
D
U
A
L
RISK MITIGATION ( Risk Reduction )
Intertek Academy 45
VERIFY RISK VISION IS PERSISTING
THE COMPANY
ISO 9001:2015
Risk Based Thinking (Risk Management) &
Corrective Actions require BIGGER VISION.
“Vision without execution is hallucination.” ~

Thomas A. Edison
Intertek Academy 46
6.2 QUALITY OBJECTIVES AND PLANNING TO ACHIEVE THEM
“The organization shall establish quality objectives at relevant functions, levels and processes. The quality
objectives shall
•a) be consistent with the quality policy,
•b) be measurable (if practicable),
•c) take into account applicable requirements,
•d) be relevant to conformity of products and services and the enhancement of customer satisfaction,
•e) be monitored,
•f) be communicated, and
•g) be updated as appropriate.
The organization shall Maintain documented information on the quality objectives.
When planning how to achieve its quality objectives, the organization shall determine
•a) what will be done,
•b) what resources will be required (see 7.1),
•c) who will be responsible,
•d) when it will be completed, and
•e) how the results will be evaluated. “
Intertek Academy 47
6.3 PLANNING OF CHANGES
“The organization shall determine the needs and opportunities for change to maintain and improve
the performance of the QMS.
The organization shall undertake change in a planned and systematic manner, identifying risks and
opportunities and reviewing the potential consequences of change.
▪NOTE Specific requirements on control of changes are included in clause 8.”
Intertek Academy 48
7. SUPPORT
CHECK Main requirements: Sample Requirements:

• IT
• organizations to determine and provide • Human Resources
the necessary resources to establish,
implement, maintain and continually • Infrastructure & Administration
improve the MS;
• Etc.
• the need for internal and external
communications relevant to the MS
shall be determined;
Intertek Academy 49
7. SUPPORT
Cl. 7.1.2- People

CHECK that the organization
determines and provides the
persons necessary for the effective
implementation of its QMS and for
the operation and control of its
processes – is effective
Intertek Academy 50
7. SUPPORT (CONTD..)
Cl. 7.1.3 – Infrastructure
CHECK that the organization determines,
provides and maintains
the infrastructure necessary for the
operation of its processes and to achieve
conformity of products and services – is
justified to the business
NOTE Infrastructure can include:

• buildings and associated utilities;
• equipment, including hardware and
software;
• transportation resources;
• information and communication
technology
Intertek Academy 51
7. SUPPORT (CONTD.… )
Cl.7.1.4 Environment for operation of processes
CHECK that the organization determines, provides
Negative Work Environment:
and maintains the environment necessary for the • Dog Eat Dog – Everyone fighting to get
operation of its processes and to achieve ahead
conformity of products and services.
• No one appreciates your contributions
NOTE A suitable environment can be a • Toom much work, Not enough help
combination of human and physical factors, such • Deadlines are unrealistic
as:
• social (e.g. non-discriminatory, calm, non-confrontational); • Longer Hours/Additional work
• psychological (e.g. stress-reducing, burnout prevention, • Budget Constraints
emotionally protective);
• physical (e.g. temperature, heat, humidity, light, airflow, • Competition is eating us alive
hygiene, noise).
• Poor Management/Direction
These factors can differ substantially depending on
the products and services provided. • Job Insecurity
Intertek Academy 52
7.1.5 MONITORING AND MEASURING RESOURCES
“Where monitoring or measuring is used for evidence of conformity of products and services to specified
requirements the organization shall determine the resources needed to ensure valid and reliable
monitoring and measuring results.
The organization shall ensure that the resources

a) are suitable for the specific type of monitoring and measurement activities being undertaken;
b) are maintained to ensure their continued fitness for their purpose.
The organization shall retain appropriate documented information as evidence of fitness for purpose of
monitoring and measurement resources.”
Intertek Academy 53
7.1.5 MONITORING AND MEASURING DEVICES
“Where measurement traceability is: a statutory or regulatory requirement; a customer or relevant interested
party expectation; or considered by the organization to be an essential part of providing confidence in the
validity of measurement results; measuring instruments shall be:
verified or calibrated at specified intervals or prior to use against measurement standards traceable to
international or national measurement standards. Where no such standards exist, the basis used for calibration
or verification shall be retained as documented information;
identified in order to determine their calibration status;
safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and
subsequent measurement results.
The organization shall determine if the validity of previous measurement results has been adversely affected
when an instrument is found to be defective during its planned verification or calibration, or during its use, and
take appropriate corrective action as necessary.”
Intertek Academy 54
7. SUPPORT (CONT.)
7.1.6 Organizational knowledge
CHECK the knowledge necessary for the operation

of its processes and to achieve conformity of
products and services in retained and maintained.
Also CHECK, the change needs and trends

considers its current knowledge and determine
how to acquire or access any necessary additional
knowledge and required updates to improve the
degree of compliance to enhance the business
Knowledge is of no value unless it is put into

practice
Intertek Academy 55
7. SUPPORT (CONT.)
7.1.6 Organizational knowledge (Cont..)
CHECK
NOTE 1 Organizational knowledge is knowledge
specific to the organization; it is generally gained
by experience. It is information that is used and
shared to achieve the organization’s objectives.
NOTE 2 Organizational knowledge can be based
on:
• internal sources (e.g. intellectual property;
knowledge gained from experience; lessons learned
from failures and successful projects; capturing and
sharing undocumented knowledge and experience;
the results of improvements in processes, products
and services);
• external sources ( e.g. standards; academia;
conferences; gathering knowledge from customers
or external providers).
Intertek Academy 56
7.2 COMPETENCE
“The organization shall:

•a) determine the necessary competence of person(s) doing work under its control that affects its
quality performance, and
•b) ensure that these persons are competent on the basis of appropriate education, training, or
experience;
•c) where applicable, take actions to acquire the necessary competence, and evaluate the
effectiveness of the actions taken, and
•d) retain appropriate documented information as evidence of competence.
NOTE Applicable actions may include, for example: the provision of training to, the mentoring of, or the re-
assignment of currently employed persons; or the hiring or contracting of competent persons. “
Intertek Academy 57
7.3 AWARENESS
“Persons doing work under the organization‘s control shall be aware of

•a) the quality policy,
•b) relevant quality objectives,
•c) their contribution to the effectiveness of the quality management system, including the
benefits of improved quality performance, and
•d) the implications of not conforming with the quality management system requirements.”
Intertek Academy 58
7.4 COMMUNICATION
“The organization shall determine the internal and external communications relevant to
the quality management system including
•a) on what it will communicate,
•b) when to communicate, and
•c) with whom to communicate.
•d) how to communicate "
Intertek Academy 59
7. SUPPORT (CONT.)
Cl. 7.5 Documented information

CHECK that the organization’s QMS includes:
• documented information is justified for the
effectiveness of the QMS
NOTE The extent of documented information for a

quality management system can differ from
one
organization to another due to:
• the size of organization and its type of
activities, processes, products and services
• the complexity of processes and their
interactions;
• the competence of persons.
Intertek Academy 60
7. SUPPORT (CONT.)
7.5.2 Creating and updating

CHECK while creating and updating documented information following
is implemented and justified:
• identification and description (e.g. a title, date, author, or reference

number);
• format (e.g. language, software version, graphics) and media (e.g.
paper, electronic);
• review and approval for suitability and adequacy.
Intertek Academy 61
AUDITOR’S FOCUS FOR DOCUMENTS MAPPING WITH PROCESSES
Intertek Academy 62
7.5.3 CONTROL OF DOCUMENTED INFORMATION
7.5.3.1 CHECK
Identity
Documented information required Management
by the QMS and Standard is Compliance

controlled to ensure: Control &
Management
Endpoint
Security
• it is available and suitable for use, Information

(confidentiality,
where and when it is needed; availability,
integrity)
• it is adequately protected (e.g. Unified Data &
from loss of confidentiality, Threat

Message
Application
Security
improper use, or loss of

integrity). Email & Web
Security
Intertek Academy 63
7.5.3 CONTROL OF DOCUMENTED INFORMATION (CONTD..)
CHECK the control of documented information, the organization addresses the

following activities, as applicable:
• distribution, access, retrieval and use;

• storage and preservation, including preservation of legibility;
• control of changes (e.g. version control);
• retention and disposition.
Intertek Academy 64
7.5.3 CONTROL OF DOCUMENTED INFORMATION (CONTD..)
CHECK the documented information of external origin determined by the organization

to be necessary for the planning and operation of the quality management system
shall be identified as appropriate, and be controlled.
Documented information retained as evidence of conformity shall be protected from

unintended alterations.
NOTE
Access can imply a decision regarding the permission to view the documented
information only, or the permission and authority to view and change the documented
information
Intertek Academy 65
REMEMBER!
The Quality Management System is not a part of the management system.
It IS the management system.
Intertek Academy 66
PROCESS DOCUMENTATION
Includes flow charts/process maps that define the operating sequence

and interaction at each stage for all management and operational
processes.
All flow charts are subject to the same number and issue status controls
as for other quality system procedures.
Intertek Academy 67
DOCUMENTED INFORMATION TO BE MAINTAINED
Intertek Academy 68
DOCUMENTED INFORMATION TO BE RETAINED
Documented information to the extent necessary to have confidence that

the processes are being carried out as planned (clause 4.4.2(b)).
Evidence of fitness for purpose of monitoring and measuring resources
(clause 7.1.5.1).
Evidence of the basis used for calibration of the monitoring and
measurement resources (when no international or national standards
exist) (clause 7.1.5.2).
Evidence of competence of person(s) doing work under the control of the
organization that affects the performance and effectiveness of the QMS
(clause 7.2).
Results of the review and new requirements for the products and services
(clause 8.2.3).
Intertek Academy 69
Records needed to demonstrate that design and development

requirements have been met (clause 8.3.2)
Records on design and development inputs (clause 8.3.3).
Records of the activities of design and development controls (clause
8.3.4).
Records of design and development outputs (clause 8.3.5).
Design and development changes, including the results of the review and
the authorization of the changes and necessary actions (clause 8.3.6).
Records of the evaluation, selection, monitoring of performance and re-
evaluation of external providers and any and actions arising from these
activities (clause 8.4.1)
Intertek Academy 70
Evidence of the unique identification of the outputs when traceability is a

requirement (clause 8.5.2).
Records of property of the customer or external provider that is lost,
damaged or otherwise found to be unsuitable for use and of its
communication to the owner (clause 8.5.3).
Results of the review of changes for production or service provision, the
persons authorizing the change, and necessary actions taken (clause
8.5.6).
Records of the authorized release of products and services for delivery to
the customer including acceptance criteria and traceability to the
authorizing person(s) (clause 8.6).
Intertek Academy 71
Records of nonconformities, the actions taken, concessions obtained and the

identification of the authority deciding the action in respect of the nonconformity
(clause 8.7).
Results of the evaluation of the performance and the effectiveness of the QMS (clause
9.1.1)
Evidence of the implementation of the audit programme and the audit results
(clause 9.2.2).
Evidence of the results of management reviews (clause 9.3.3).
Evidence of the nature of the nonconformities and any subsequent actions taken
(clause 10.2.2).;
Results of any corrective action (clause 10.2.2).
Intertek Academy 72
PROCESSES
The definition:
The transformation of a set of inputs into outputs.
Intertek Academy 73
PROCESS MAPPING
When faced with a large or difficult task the simplest way to proceed is to
break it down into manageable stages
Process mapping is a way of identifying sequentially each stage of the

process
Once charted, the process is discussed with the people doing the job and
their confirmation
Intertek Academy 74
EXAMPLE PROCESS MAP
Start
NO
A Watch TV
YES
Refer to TV Guide
Select Program
Turn on TV
Select Channel
NO
Like Prog
YES
Enjoy
Performance
Intertek Academy 75
Drill Down
Buy in Raw Manufacture & manage stock

materials Assemble Test & Pack and despatch
A Wood G Nash Ann Jakes P Keen
Raise invoice
Customer Allocate stock
Receive Orders despatch notes
and confirm order
etc
Customer
J Staples M Curtis S Forrest
Show
ownership
Administration Finance IT & Plant Quality
Show
J Staples Peter Ward G Nash Tracey Jorden supporting
functions
Intertek Academy 76
OPERATION
(CLAUSE 8)
Purpose of this session: To understand the

changes made to the standard ISO 27001
SECTION 8.1 OPERATIONAL PLANNING AND CONTROL
“The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for
the provision of products and services and to implement the actions determined in 6.1, by
a) determining requirements for the product and services;
•b) establishing criteria for the processes and for the acceptance of products and services
•c) determining the resources needed to achieve conformity to product and service requirements;
•b) implementing control of the processes in accordance with the criteria, c) retaining documented information
to the extent necessary to have confidence that the processes have been carried out as planned and to
demonstrate conformity of products and services to requirements.”
ISO 9001:2015
•
SECTION 8.1 OPERATIONAL PLANNING AND CONTROL
“The output of this planning shall be suitable for the organization's operations.
The organization shall control planned changes and review the consequences of unintended
changes, taking action to mitigate any adverse effects, as necessary.
The organization shall ensure that the outsourced processes are controlled in accordance with
8.4. “
8.2 DETERMINATION OF REQUIREMENTS FOR PRODUCTS AND
SERVICES. 8.2.1. CUSTOMER COMMUNICATION
“The organization shall establish a process for communicating with customers in relation to
a) information relating to products and services;

b) enquiries, contracts or order handling, including changes;
c) obtaining customer views and perceptions, including customer complaints;
d) the handling or treatment of customer property, if applicable;”
8.2.2 DETERMINATION OF REQUIREMENTS RELATED TO
PRODUCTS AND SERVICES
“The organization shall establish, implement and maintain a process to determine the
requirements for the products and services to be offered to potential customers.
The organization shall ensure that:
a) product and service requirements (including those considered necessary by the

organisation), and applicable statutory and regulatory requirements, are defined;
b) it has the ability to meet the defined requirements and substantiate the claims for the
products and services it offers.”
8.2.3 REVIEW OF REQUIREMENTS RELATED TO THE PRODUCTS AND
SERVICES
“The organization shall review as applicable
•a) requirements specified by the customer including the requirements for delivery and post-
delivery activities,
•b) requirements not stated by the customer but necessary for the customers‘ specified or
intended use, where known,
•c) Additional statutory and regulatory requirements applicable to the products and services, and
•d) contract or order requirements differing from those previously expressed.
Note: Requirements can also include those arising from relevant interested parties”
8.3 DESIGN AND DEVELOPMENT OF PRODUCTS AND SERVICES;
8.3.1 GENERAL
“Where the detailed requirements of the organization’s products and services are not already
established or not defined by the customer or by other interested parties, such that they are adequate
for subsequent production or service provision, the organization shall establish, implement and
maintain a design and development process.
NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes
for production and services provision
NOTE 2 For services, design and development planning can address the whole service delivery process.
The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 together”
8.3.2 DESIGN AND DEVELOPMENT PLANNING
“In determining the stages and controls for design and development, the organization shall consider:
a) the nature, duration and complexity of the design and development activities;
b) requirements that specify particular process stages, including applicable design and development reviews;
c) the required design and development verification and validation;
d) the responsibilities and authorities involved in the design and development process;
e) the need to control interfaces between individuals and parties involved in the design and development
process;
f) the need for involvement of customer and user groups in the design and development process;
g) the necessary documented information to confirm that design and development requirements have been
met.”
ISO 9001:2015
8.3.3 DESIGN AND DEVELOPMENT INPUTS
“The organization shall determine:
a) requirements essential for the specific type of products and services being designed and developed,
including, as applicable, functional and performance requirements;
b) applicable statutory and regulatory requirements;
c) standards or codes of practice that the organization has committed to implement;
d) internal and external resource needs for the design and development of products and services;
e) the potential consequences of failure due to the nature of the products and services;
f) the level of control expected of the design and development process by customers and other relevant
interested parties.
Inputs shall be adequate for design and development purposes, complete, and unambiguous. Conflicts
among inputs shall be resolved.”
ISO 9001:2015
8.3.4 DESIGN AND DEVELOPMENT CONTROLS
“The controls applied to the design and development process shall ensure that:
a) the results to be achieved by the design and development activities are clearly defined;
b) design and development reviews are conducted as planned;
c) verification is conducted to ensure that the design and development outputs have met the design
and development input requirements;
d) validation is conducted to ensure that the resulting products and services are capable of meeting
the requirements for the specified application or intended use (when known).”
ISO 9001:2015
8.3.5 DESIGN AND DEVELOPMENT OUTPUTS
“The organization shall ensure that design and development outputs:

a) meet the input requirements for design and development;
b) are adequate for the subsequent processes for the provision of products and services;
c) include or reference monitoring and measuring requirements, and acceptance criteria, as
applicable;
d) ensure products to be produced, or services to be provided, are fit for intended purpose and
their safe and proper use.
The organization shall retain the documented information resulting from the design and
development process.”
ISO 9001:2015
8.3.6 DESIGN AND DEVELOPMENT CHANGES
“The organization shall review, control and identify changes made to design inputs and design
outputs during the design and development of products and services or subsequently, to the
extent that there is no adverse impact on conformity to requirements.
Documented information on design and development changes shall be retained.”

ISO 9001:2015
8.4 CONTROL OF EXTERNALLY PROVIDED PRODUCTS AND SERVICES.
8.4.1. GENERAL
“The organization shall ensure that externally provided processes, products and services conform to
specified requirements.
The organization shall apply the specified requirements for the control of externally provided products
and services when:
a) products and services are provided by external providers for incorporation into the organization’s own
products and services;
b) products and services are provided directly to the customer(s) by external providers on behalf of the
organization;”
ISO 9001:2015
8.4 CONTROL OF EXTERNALLY PROVIDED PRODUCTS AND SERVICES. 8.4.1.
GENERAL
“c) a process or part of a process is provided by an external provider as a result of a decision by the
organization to outsource a process or function.
The organization shall establish and apply criteria for the evaluation, selection, monitoring of
performance and re-evaluation of external providers based on their ability to provide processes or
products and services in accordance with specified requirements.
The organization shall retain appropriate documented information of the results of the evaluations,
monitoring of the performance and re-evaluations of the external providers.”
ISO 9001:2015
8.4 CONTROL OF EXTERNALLY PROVIDED PRODUCTS AND SERVICES - KEY
CHANGES
▪To replace Section 7.4.1 and 7.4.3 from ISO 9001:2008.
▪Extended platform adopted by DIS: 2014. The requirement now now explicitly sets out those instances in
which the organisation must apply controls to external providers
▪The new requirement here is to establish criteria to monitor the performance of external providers and
to have the results of the evaluation, re-evaluation and performance as documented information.
▪ In ISO 9001:2008 sub-clause 7.4.1, it is required to keep records of the “criteria” for selection, evaluation
and re-evaluation of the suppliers. Whereas, in ISO 9001:2015, organisations are required to record not
only the criteria, but also the results of these activities, including performance.
▪Note: an “external provider” is a provider external to the scope of the quality management system. As
such, if a scope of registration covers a single plant in a wider group structure then anything sourced from
other members of the group would be “externally provided” and hence subject to the requirements of
clause 8.4
8.4.2 TYPE AND EXTENT OF CONTROL OF EXTERNAL PROVISION
“In determining the type and extent of control to be applied to the external provision of processes,
products and services, the organization shall take into consideration:
a) the potential impact of the externally provided processes, products and services on the,
organization’s ability to consistently meet customer and applicable statutory and regulatory
b) the perceived effectiveness of the controls applied by the external provider. “

•ISO 9001:2015
8.4.2 TYPE AND EXTENT OF CONTROL OF EXTERNAL PROVISION
“The organization shall establish and implement verification or other activities necessary to
ensure the externally provided processes, products and services do not adversely affect the
organisation's ability to consistently deliver conforming products and services to its customers.
Processes or functions of the organization which have been outsourced to an external provider
remain within the scope of the organization’s quality management system; accordingly, the
organization shall consider a) and b) above and define both the controls it intends to apply to
the external provider and those it intends to apply to the resulting process output.”
ISO 9001:2015
8.4.3 INFORMATION FOR EXTERNAL PROVIDERS
“The organization shall communicate to external provider applicable requirements for the following:
•a) the products and services to be provided or the process to be performed, on behalf of the
organization
•b) approval or release of products and services, methods, processes or equipment,
•c) competence of personnel, including necessary qualification,
•d) their interactions with organization’s quality management system,
•e) the control and monitoring of the external provider’s performance to be applied by the
organization,
•f) verification activities that the organization, or its customer, intends to perform at the external
provider’s premises.
The organization shall ensure the adequacy of specified requirements prior to their communication to the
external provider. ”
ISO 9001:2015
8.5 PRODUCTION AND SERVICE PROVISION 8.5.1 CONTROL OF
PRODUCTION AND SERVICE PROVISION
“The organization shall implement controlled conditions for production and service provision, including delivery
and post-delivery activities.
Controlled conditions shall include, as applicable:
a) the availability of documented information that describes the characteristics of the products and services;
b) the availability of documented information that describes the activities to be performed and the results
achieved, as necessary;
c) monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and
process outputs, and acceptance criteria for products and services, have been met.
d) the use and control of suitable infrastructure and process environment;
e) the availability, and use of monitoring and measuring resources;
f) the competence and, where applicable, required qualification of persons;
g) the validation and periodic revalidation, of the ability to achieve planned results of any process for production
of service provision where the resulting output cannot be verified by subsequent monitoring or measurement;
h) the implementation of products and services release, delivery and post-delivery activities; “
ISO 9001:2015
8.5.2 IDENTIFICATION AND TRACEABILITY
“Where necessary to ensure conformity of products and services, the organization shall use suitable
means to identify process outputs.
The organization shall identify the status of process outputs with respect to monitoring and
measurement requirements throughout the production of products and services.
Where traceability is a requirement, the organization shall control the unique identification of the
process outputs, and retain any documented information necessary to maintain traceability..
Note: Process outputs are the results of any activities which are ready for delivery to the
organization’s customer (e.g. receiver of the inputs to the next process). They can include products,
services, intermediate parts, components, etc. “
ISO 9001:2015
8.5.3 PROPERTY BELONGING TO CUSTOMERS OR EXTERNAL PROVIDERS
“The organization shall exercise care with property belonging to the customer or external providers while it is
under the organization's control or being used by the organization. The organization shall identify, verify,
protect and safeguard the customer or external provider’s property provided for use or incorporation into the
products and services.
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to
be unsuitable for use, the organization shall report this to the customer or external provider
NOTE Customer property can include material, components, tools and equipment, customer premises,
intellectual property and personal data..”
ISO 9001:2015
8.5.4 PRESERVATION
“The organization shall ensure preservation of process outputs during production and service provision to
the extent necessary to maintain conformity to requirements.
NOTE Preservation can include identification, handling, packaging, storage, transmission or

transportation, and protection.”
ISO 9001:2015
8.5.5 POST DELIVERY ACTIVITIES
“As applicable, the organization shall meet requirements for post delivery activities associated with the
In determining the extent of post-delivery activities that are required, the organisation shall consider:
a) the risks associated with the products and services,
b) the nature, use and intended lifetime of the products and services;
• b) customer feedback, and
•c) statutory and regulatory requirements.
NOTE Post-delivery activities can include, actions under warranty provisions, contractual obligations such as
maintenance services, and supplementary services such as recycling or final disposal.”
ISO 9001:2015
8.5.6 CONTROL OF CHANGES
“The organization shall review and control unplanned changes essential for production and service
provision to the extent necessary to ensure continuing conformity with specified requirements
The organization shall retain documented information describing the results of the review of changes,
the personnel authorizing the change, and any necessary actions.”
ISO 9001:2015
8.6 RELEASE OF PRODUCTS AND SERVICES
“The organization shall implement the planned arrangements at appropriate stages to verify that products
and services requirements have been met. Evidence of conformity with the acceptance criteria shall be
maintained.
The release of products and services to the customer shall not proceed until the planned arrangements for
verification of conformity have been satisfactorily completed, unless otherwise approved by a relevant
authority and, where applicable, by the customer. Documented information shall provide traceability to
the person(s) authorizing release of products and services for delivery to the customer”
ISO 9001:2015
8.7 CONTROL OF NONCONFORMING PROCESS OUTPUTS,
“The organization shall ensure process outputs, products and services that do not conform to
requirements are identified and controlled to prevent their unintended use or.
The organization shall take appropriate corrective actions, based to the nature of the
nonconformity and its impact on the conformity of products and services. This applies also to
nonconforming products and services detected after delivery of the products or during the
provision of the service.”
ISO 9001:2015
8.7 CONTROL OF NONCONFORMING PROCESS OUTPUTS,
“As applicable, the organization shall deal with nonconforming process outputs, products and services in one or more
of the following ways.
a) correction;
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for:
- use “as-is’;
- release, continuation or re-provision of the products and services;
- acceptance under concession.
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be
verified.
The organization shall retain documented information of actions taken on nonconforming process outputs, products
and services, including on any concessions obtained and on the person or authority that made the decision regarding
dealing with the nonconformity.”
9. PERFORMANCE EVALUATION
9.1 MONITORING, MEASUREMENT, ANALYSIS AND EVALUATION
“The organization determine:

•a) what needs to be monitored and measured;
•b) what methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid
results;
•c) when the monitoring and measuring shall be performed;
•d) when the results from monitoring and measurement shall be analysed and evaluated; “
•ISO 9001:2015
9.1 MONITORING, MEASUREMENT, ANALYSIS AND EVALUATION (CONT’D)
“The organization shall ensure that monitoring and measurement activities are implemented in
accordance with the determined requirements and shall retain appropriate documented
information as evidence of the results.
The organization shall evaluate the quality performance and the effectiveness of the quality
management system. “
Note Operation of a function or process of the organization by an external provider is often
referred to as outsourcing.”
ISO 9001:2015
9.1.2 CUSTOMER SATISFACTION
“The organization shall monitor customer perceptions of the degree to which requirements have been met.
The organization shall obtain information relating to customer views and opinions of the organization and its
The methods for obtaining and using this data shall be determined.
Note: Information related to customer views can include customer satisfaction or opinion surveys, customer
data on delivered products or services quality, market-share analysis, compliments, warranty claims and
dealer reports.”
ISO 9001:2015
9.1.3 ANALYSIS & EVALUATION
“The organization shall analysis and evaluate appropriate data and information arising from monitoring and
measurement.
The results of analysis shall be used to evaluate:
a)Conformity of products and services
b) The degree of customer satisfaction
c) The performance and effectiveness of the QMS
d) If planning has been implemented effectively
e) The effectiveness of the action taken to address risk and opportunities
f) The performance of external providers
g) The needs for improvement to the QMS.
INTERNAL AUDITS & MANAGEMENT REVIEW
Internal audits shall be conducted at planned intervals

Top Management shall review QMS at planned intervals
10. IMPROVEMENT
Improvements
Nonconformity & corrective actions
Continual improvement
06
AUDIT PROGRAM &
PLANNING
AUDIT PROCESS – BIRD’S EYE VIEW
audit Audit Samples

PROCESSES DOCUMENTS PEOPLE
systematic,
independent and
documented process
for obtaining objective
evidence and Audit Criteria
evaluating it objectively 1. ISO 9001:2015 &

2. Customer Requirements &
to determine the extent Corrective Actions 3. Legal Requirements &
to which the audit 4. QMS Complete Documents
criteria are fulfilled

Non-Compliances Audit Finding Compliances
After the audit the details of the samples become evidences
➢ If evidences are complying to audit criteria, they become evidences of compliance
➢ If evidences are not complying to audit criteria, they become evidences of non-compliances
Evidence Sample >
PROCESS> Prod. Line # 2 & 5 DOCUMENTS > Production WI WI-LINE-040 Ver. 2.1 PEOPLE> Line Supervisor
Intertek Academy 111

Audit Process – Fundamentals
Audit Objective >
To verify the degree of

compliance of QMS towards
the Audit Criteria
Compliance >
When QMS Documentation

& Implementation
both are met, towards the
Audit Criteria
AUDIT PROGRAM VS AUDIT PLAN
Audit program
An audit program (or programme)
is a set of arrangements that are
intended to achieve a specific
audit purpose within a specific
time frame. It includes all of the
activities and resources needed
to plan, organize, and conduct
one or more audits.
Audit plan
An audit plan specifies how you
intend to conduct a particular
audit. It describes the activities
you intend to carry out in order to
achieve your audit objectives.
REASONS FOR CONDUCTING INTERNAL AUDITS
To examine the system for improvements

To determine compliance or non-compliance with the
requirements of the standard or applicable legal requirements
To make a decision, if there is any gap or raising NC
To establish continued conformity of the system to the
management standard

07
PREPARING CHECK LIST
CHECKLISTS
Used by the auditor as an Aide Memoir and an audit trace record
Are compiled from the results of a detailed study of the processes,

documented information and the standard
Used to ensure that all elements and relevant requirements contained in the
standard are covered and nothing is omitted

CHECKLISTS
Used to reference each question to the relevant clauses of the

standard
Are valuable aid when writing the audit report.
Space should be left on the checklist so that answers to the questions
can be noted for later use.

SAMPLING
Considerations
Scope  Previous Problems

 Important Aspects
Duration of Audit  Sample size and its significance
Requirements of the standard  Corporate Issues
Level of potential risk
Sampling Benefits - more efficient use of time
Sampling Limitations – not all items are checked

SAMPLE CHECKLIST
Standard: Type of Audit:

Client: Auditor: Date:
Requirements OK CAR Obs N/A Objective Evidence

08
ONSITE AUDIT TECHNIQUES
AUDIT TECHNIQUES
• Interview
• Review of documented information
• Examine Objective Evidence
• Observe Activities
• Listen to Reactions
• Record Findings

THE AUDITORS SIX FRIENDS
When asking questions….. YES / NO Questions

• Who ? • Often elicit dead end answers - you gain
• What ? nothing –
• Where ? • Only useful as a leader question.
• When ? How - What - Why - When - Where - Who
?
• Why ?
• Direct questions - will achieve more
• How ? detailed
• and the seventh ….. Ok Show Me ? • answers.
Explanation Questions
• Useful for comparing interfaces.

AUDITS – SOURCES OF COLLECTING EFFECTIVE EVIDENCES
OBSERVATIONS DOCUMENTS AUDITEE
VERIFICATIONS INTERVIEW
INTERVIEW IS
MOST
CHALLENGING
Based on situations, all these sources be used during audits, to arrive at evidences
Evidences in Audits – Samples (Clause B.2.2 of ISO 19011:2015)
Correct Sampling = Effective Audit Conclusions
Process as Document as
Samples > Samples >
People as
Samples >

Evidences in Audits – Samples In Audit Trial
Process > Set of interacting activities which transforms inputs and outputs

09
RAISING NCRS AND REPORT
WRITING
Contents of Nonconformity (best practices)
Nonconformity
One out of Fifteen Measuring Instrument

(Instrument #: TF 303), in Quality Laboratory,
no evidence Provided by Lab In-charge, for its
adequate calibration as per defined procedure was Without
not calibrated since last one year (Calibration Evidences, NC is
procedure TF-CP-004 Ver.3.2 Dt. Jan.2014 & Incomplete !
previous Calibration Cert. No; QPQ 122 Dt. June
2013, from external agency).

Audit Findings – Nonconformity Format
Finding Detail
GT002, rev. 2 Document # F103-21 Release Date: 04-feb-2013 Page 1 of 1
SECTION 1: BASIC DATA - AUDIT
Client: Client ID#:
Audit Criteria: Date(s) of audit:
to give details of the NC
SECTION 2: FINDING DATA

Finding # :
Finding classification Action required

Major Nonconformity Submit corrective action plan by (date):
Minor Nonconformity Submit corrective action by (date):
Opportunity for improvement No response required
Minor Area of concern for Stage II No response required. Action to be taken prior to Stage II
Major Area of concern for Stage II
Audit Criteria reference # : Management system documentation reference # :
Finding:
Requirement:
Auditor
Objective Evidence: (Evidence recorded at, if multi site: )
Issued by:

Audit Findings – Nonconformity Format
SECTION 3: CORRECTIVE ACTION PLAN (To be completed by the client)

Root Cause (Required in all cases)
to give Proposed action & actual action

to address the causes of the NC – Correction &
Correction (if not required, please justify)
Corrective action plan (Required in all cases)

Corrective Action
Plan for verification of effectiveness (Required in all cases)

Auditee
Target date for completion: Signature: Date:

NONCONFORMITY REPORTING
What is the Problem ?

• describe clearly, concisely and factually
Why is it a noncompliance ?
• i.e. against what requirement
Where did it occur ?
• i.e. which department or activity
Who ? - avoid apportioning blame
• (i.e. naming individuals)

NONCONFORMITY REPORT
Used to report nonconformity audit findings

Must be factual
Must be understandable and traceable
Raise formal notification of any issues at the time of
finding
Allow the auditee to implement corrective action
prior to the closing meeting
The auditee is requested to sign signifying an
understanding and acceptance of the non-
compliance

WORDING OF NCR’S
It is important when preparing NCR’s to take care and ensure it is justified.
Failure to achieve clear factual information will invite challenge of the findings at
the closing meeting.
This will be particularly important in areas where the emphasis is placed on the
following
• Management Commitment
• Competence
• Communication
• Continual improvement

OBSERVATIONS
Notes made by an auditor during assessment may lead to non-

compliances being raised or to provide information for the audit
report
Notes provide Objective Evidence back up

WRITTING AUDIT REPORT
Description of audit objectives, scope, criteria and exclusions (as appropriate)

Number and details of non-conformities
Summary of audit findings (both positive and opportunities for improvement)
Recommendations made as a result of audit findings
Signature by the Internal Auditor and Auditee

AUDIT FILE
Audit plan
Audit report
Open/closing meeting attendance list
Copies of non-conformity reports and objective evidence
provided
Assignment of the audit teams
Confidentiality statements of the audit team

REVIEWING CORRECTIVE ACTIONS
To ensure actions corrective actions requested are being

implemented by auditee
The agreed timescales are achieved
Corrective actions are effective

REVIEWING CORRECTIVE ACTIONS
Corrective Action implementation can be verified off-site based

on documentary evidence provided
Follow-up visits may be as necessary to verify actions have
been taken and were effective
Non-conformities should be closed out at each visit or further
corrective actions agreed

10
QUESTION & ANSWER

03 Day's Internal Auditor Training Content On ISO 9001 2015

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

03 Day's Internal Auditor Training Content On ISO 9001 2015

Uploaded by

Copyright:

Available Formats

THREE DAY’S

INTERNAL AUDITOR TRAINING COURSE

Virginius Daniel Moody establishes

1885 1911 2017

Thomas Edison sets up the Lamp

Global Business Lines Industries What we do

Government & Trade Services Industrial

• Microphones- Please keep in mute mode/silent mode

• Phones – Keep in mute mode and avoid interruptions.

• Video- Switch off videos.

• Recording Devices - not allowed.

• Breaks – Prayer Breaks will be provided for 15 minutes.

02 Principles 07 Preparing Checklist

03 High level structure 08 Onsite Audit Techniques

04 Overview of QMS 09 Raising NCRs & Report writing

05 QMS Requirements 10 Question & Answer

J M Juran – “Fitness for use ”

W. Edward Deming – “Continuous Improvement “

Philip Crossby – “Conformance to specifications”

• The quality of an organization’s products and services is

• The quality of products and services includes not only their

The QMS manages the interacting processes and

A QMS provides the means to identify actions to

The Quality Management System is not It IS the management system.

Promotes improved industrial

Provides historical records to

Customer Focus Management

Adopts the high- Requirements

-Act: Take actions to improve performance, as necessary

Legal Requirements Conformance to ISO Standards

Risk-based thinking (see Clause A.4) is essential

The requirement of this clause is to considered the ‘external and internal

The objectives and concerns of external stakeholders shall be considered

The needs and expectations of interested parties have to

Examples for interested parties:

Reference: ISO 22313:2012

Example of processes that may be used for this purpose:

Sample Internal Interested Sample External Interested Issues or Points of Conflict:

ISO 9001:2015 gives no practical approach to organizational context analysis

“The organization shall establish, implement, maintain and continually improve a

What are the differences between a Boss and a Leader?

CHECK that the organization perceives the concept of leadership and

CHECK the Main requirements are available:

• consider the external and internal issues, requirements,

CHECK following in Audit of Risk Assessment • Design Failure Risk

• Residual Risks are approved by process owners /

Any risk arising from any positive step taken is an opportunity

CHECK Overall Risk Management is Justified to the Business

Risk Mitigation – Sequence in Selection:

•If this is not

•If this is not

3. •If this is not

First Step should to be “Avoid “, 4.

MORE INVESTMENT in HIGH

Implementing Risk Control

RISK MITIGATION ( Risk Reduction )

“Vision without execution is hallucination.” ~

▪NOTE Specific requirements on control of changes are included in clause 8.”

CHECK Main requirements: Sample Requirements:

Cl. 7.1.2- People

NOTE Infrastructure can include:

The organization shall ensure that the resources