Professional Documents
Culture Documents
QMS Checks
QMS Checks
o How have you used the boundaries and applicability of the QMS
to establish the scope for your ISO 9001 audit?
o Have you determined how to apply ISO 9001 within the scope,
and done so? How?
o How was your QMS established? Your auditor will want to see
how you implemented it, and how you maintain and improve it.
o How are risks and opportunities considered, and what plans and
actions address them?
o How do you find ways to improve your QMS and its processes?
o How do you know that the processes are being carried out as
planned?
2. Leadership
Leadership and commitment for the quality management system
o How have you integrated the requirements of the QMS into your
business processes?
o How do you ensure that necessary resources are available for the
QMS?
o How do you ensure that the QMS achieves its intended results?
o How do you determine the risks and opportunities that can affect
how your products and services conform to these requirements?
Quality policy
Where are the quality objectives kept, and do they apply at all relevant
functions, levels, and processes?
How does your organization determine what will be done, with what
resources, and how results will be evaluated for quality objectives?
Planning of changes
4. Support
Resources
o Show how you consider the capabilities of, and constraints on,
internal resources.
People
Infrastructure
o How do you determine, provide, and maintain, the infrastructure
for the operation of processes to achieve product and service
conformity?
o How do you ensure that provided resources are suitable for the
specific monitoring and measurement activities, and are
maintained to ensure that they fit their purpose?
Organizational knowledge
Competence
o Show how you determine the necessary competence of people
working under your control that affects quality performance.
Awareness
o Communication
o Documented information
Identification
Description
Media format
o Show how you make the information available and suitable for
use.
Distribution
Access
Retrieval
Use
Legibility
Control of changes
5. Operation
Operational planning and control
o How do you plan, implement, and control the processes you have
to follow to meet requirements for providing products and
services?
o How have you determined that the output from the planning
process is suitable for your operations?
Products
Services
Enquiries
Contracts
Order handling
o How do you ensure that you can meet the defined requirements
and substantiate any claims for your products and services?
o You will need to show the auditor documented evidence that you
conduct these reviews before supplying products and services to
your customers.
o How do you resolve contract or order requirements that differ from
those previously defined?
o Preservation
o How do you ensure that your process outputs get preserved
during production and while you are providing services, so that
your products and services conform to requirements?
Preservation includes identification, handling, packaging, storage,
transmission or transportation, and protection.
o Post-delivery activities
Risk?
Customer feedback?
o Control of changes
6. Performance Evaluation
Monitoring, measurement, analysis, and evaluation
o Customer satisfaction
o How do you find out what customers think of your products and
services?
o Internal audit
o Where are the audit criteria and scope for each audit?
o Be prepared to show how your selection of auditors and the
conduct of audits are objective and impartial, and that auditors
don’t audit their own work.
o Management review
o How often does top management review your QMS? Under what
circumstances does it deem the QMS suitable, adequate, and
effective?
Customer satisfaction
7. Improvement
General
o How do you determine and select opportunities for improvement?
React
o Continual improvement
When your enterprise can prove that it follows the ISO 9001 requirements, it
will receive ISO 9001 certification — a must for doing business in today’s
competitive environment.
As you can see from this checklist, ISO 9001 is a lengthy, complicated
standard. Most companies use a governance, risk, and compliance (GRC)
solution to help them comply.
Some of the world’s leading enterprises use ZenGRC for their risk
management and compliance needs.
They like Zen’s user-friendly, color-coded dashboards telling them in real time
where they’re in compliance, where they fall short, and how to fill gaps.
They like how Zen tracks and manages workflows, and our ZenConnect plug-
in’s ability to integrate our solution with any other business solution they use.
They appreciate Zen’s vendor risk management features, the unlimited self-
audits it conducts for them, and the “single source of truth” repository where
all compliance and risk management documentation is stored for easy
retrieval come audit time.