ISO 9001:2015 STANDARD

REQUIREMENTS
REFRESHER COURSE FOR THE OFFICE OF CIVIL DEFENSE
01 & 05 OCTOBER 2020 / VIA ZOOM
OBJECTIVE
To provide the OCD Personnel with an in-depth awareness and
understanding on the ISO 9001:2015 Standard requirements.
ISO 9001:2015 STANDARD CLAUSES
Frequently-used verbs in the ISO 9001:2015

• Shall – requirement
• Should – recommendation
• May – permission
• Can – possibility or capability
• Note – for guidance and clarification
PDCA Cycle
CLAUSE 4
CONTEXT OF
THE
ORGANIZATION
ISO CLAUSE 4.1 Understanding the Organization and its context
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
4.1 Understanding the a. Determination of internal and All OCD
organization and its context external issues / factors Offices/Divisions/
• SWOT Analysis Sections
1. The organization shall • PESTLE
determine external and
internal issues that are b. Internal and external factors assessed
relevant to its purpose and as critical shall be considered or
its strategic direction and included in the Risk Register and
that affect its ability to Action Plan
achieve the intended
results of its QMS.
ISO CLAUSE 4.1 Understanding the Organization and its context
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
4.1 Understanding the c. Review and monitoring of information on All OCD
organization and its internal and external issues / factors (SWOT Offices/Divisions/
context Analysis/PESTLE) Sections
• Should be conducted once a year
2. The organization • To determine if there are updates or
shall monitor and changes on the internal and external factors
review information • To determine if there are changes in the
about these assessment of the factors
external and • Documented information to support any
internal issues. changes in the assessment of the factors
may be helpful
 ISO CLAUSE 4.2 Understanding the needs and expectations of interested parties
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
4.2 Understanding the needs and a. Determination of Interested Parties and their All OCD
expectations of interested parties requirements/expectations Offices/Divisions/
• Interested Party Assessment (IPA) Tool / Matrix Sections
1. Due to their effect or potential • Interested parties that have an effect or
effect on the organization’s ability potential effect on QMS process (employees,
to consistently provide products customers, suppliers, etc.)
and services that meet customer • Requirements/expectations of interested parties
and applicable statutory and relevant to QMS process
regulatory requirements, the • Risks (threats or opportunities) that have impact
organization shall determine: on your office’s ability to fulfill the
requirements/expectations of the interested
a. The interested parties that are parties
relevant to the QMS;
b. Risks on IP’s requirements/expectations assessed
b. The requirements of these as critical in the IPA Tool/Matrix shall be
interested parties that are considered or included in the Risk Register and
relevant to the QMS Action Plan
 ISO CLAUSE 4.2 Understanding the needs and expectations of interested parties
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
4.2 Understanding the c. Review and monitoring of Interested Parties All OCD
needs and expectations and their requirements/expectations (IPA Offices/Divisions/
of interested parties Tool/IP Matrix) Sections
• Should be conducted once a year
2. The organization shall • To determine if there are updates on the
monitor and review interested parties and their requirements
information about • To determine if there are changes in the
these interested assessment of the identified risks in the
parties and their fulfillment of the IP’s
relevant requirements/expectations
requirements. • Documented information to support any
changes in the assessment of the risks may
be helpful
 ISO CLAUSE 4.3 Determining the scope of the QMS
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
4.3 Determining the scope of the QMS a. Documented information OCD
on the following:
The scope of the organization’s QMS • Scope of OCD QMS
shall be available and be maintained as • Exclusion/s to ISO 9001
documented information. Standard as well as the
justifications for such
The scope shall state the types of exclusion/s
products and services covered, and • QMS Process
provide justification for any
requirement of this International b. May be documented in
Standard that the organization the Quality Manual
determines is not applicable to the
scope of its QMS.
 ISO CLAUSE 4.4 QMS and its processes
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
4.4 QMS and its processes a. Documented information All OCD
4.4.1 The organization shall determine the processes on the QMS Process Offices/Divisions/
needed for the QMS and their application throughout the (flowchart/narrative) Sections
organization, and shall: • Inputs to the process
a. Determine the inputs required and the outputs • Process steps
expected from these processes; • Outputs of the process
b. Determine the sequence and interaction of these • Monitoring process
processes;
c. Determine and apply the criteria and methods b. May be documented in
(including monitoring, measurements, and related the Office Work
performance indicators) needed to ensure the effective Instructions
operation and control of these processes.
c. Records of
4.4.2 To the extent necessary, the organization shall: implementation and
a. Maintain documented information to support the conformance to the
operation of its processes; established processes
b. Retain documented information to have confidence
that the processes are being carried out as planned.
CLAUSE 5
LEADERSHIP
 ISO CLAUSE 5.1 Leadership and Commitment
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
5.1.1 General Top management to be much Top Management
Top management shall demonstrate leadership and commitment with more “hands on” with
respect to the QMS by: respect to their QMS
a. Taking accountability for the effectiveness of the QMS;
processes.
b. Ensuring that the quality policy and quality objectives are
established for the QMS and are compatible with the context and
strategic direction of the organization; • “Ensuring” – top
c. Ensuring the integration of the QMS requirements into the management may still
organization’s business process; assign this task to others
d. Promoting the use of the process approach and risk-based thinking; for completion
e. Ensuring that the resources needed for the QMS are available;
f. Communicating the importance of effective quality management • “Promoting”, “Taking”,
and of conforming to the QMS requirements;
“Engaging”. Or
g. Ensuring that the QMS achieves its intended results;
h. Engaging, directing and supporting persons to contribute to the “Supporting” – these
effectiveness of the QMS; activities cannot be
i. Promoting improvement; and delegated to others
j. Supporting other relevant management roles to demonstrate their
leadership as it applies to their areas of responsibility.
 ISO CLAUSE 5.2.1 Establishing the Quality Policy
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
5.2.1 Establishing the Quality Policy • OCD Quality Policy Statement Top Management

Top management shall establish, implement,

and maintain a quality policy that:
a. Is appropriate to the purpose and context
of the organization and supports its
strategic direction;
b. Provides framework for setting quality
objectives;
c. Includes commitment to satisfy applicable
requirements;
d. Includes a commitment to continual
improvement of the QMS.
 ISO CLAUSE 5.2.2 Communicating the Quality Policy
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
5.2.2 Communicating the Quality • Documented Quality Policy Statement OCD
Policy (may be included in the Quality
Manual)
The Quality Policy shall:
a. Be available and be maintained • Latest QP Statement be All OCD
as documented information; communicated to all personnel (i.e. Offices/Divisions/
b. Be communicated, understood postings in conspicuous places) Sections
and applied within the
organization; • Be available to relevant interested IT Department
c. Be available to relevant parties (i.e. posted in website)
interested parties, as
appropriate. • Be understood and applied by All OCD personnel
employees in their respective
functions
 ISO CLAUSE 5.3 Organizational roles, responsibilities, and authorities
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
5.3 Organizational roles, responsibilities and authorities • Organizational chart OCD
/ structures
Top management shall ensure that the responsibilities and • Department OCD Offices/
authorities for relevant roles are assigned, communicated, and Circulars Divisions/Sections
understood within the organization. • Department Orders
• Office Orders
Top management shall assign the responsibility and authority for:
a. Ensuring that the QMS conforms to the requirements of this
International Standard;
b. Ensuring that the processes are delivering their intended outputs;
c. Reporting on the performance of the QMS and on opportunities
for improvement, in particular to top management;
d. Ensuring the promotion of customer focus throughout the
organization;
e. Ensuring that the integrity of the QMS is maintained when
changes to the QMS are planned and implemented.
CLAUSE 6
PLANNING
 ISO CLAUSE 6.1 Actions to address risks and opportunities
WHAT IS REQUIRED BY
ISO STANDARD?
6.1 Actions to address risks and opportunities
6.1.1 When planning for the QMS, the organization shall
consider the issues referred to in 4.1 and the
requirements referred to in 4.2 and determine the risks
and opportunities that need to be addressed to:
a. Give assurance that the QMS can achieve its intended
results
b. Enhance desirable effects
c. Prevent, or reduce, undesired effects
d. Achieve improvement
WHO WILL DO
KEY REQUIREMENTS THE
REQUIREMENT?
a. Determination of risks and opportunities need All OCD
to be addressed and plan of actions to address Offices/Divisions/
those risks and opportunities Sections
• Risk Register and Action Plan
• Considering the internal and external factors
(SWOT Analysis/PESTLE), and the risks on the
fulfillment of IP requirements/expectations
(IP matrix)
• Covers the risks in the step by step
procedures of the QMS processes (4.4)

6.1.2 The organization shall plan: b. A root-cause analysis shall be done to properly
a. Actions to address these risks and opportunities; identify the actions
b. How to: (1) integrate and implement the actions into
its QMS processes (see 4.4) and (2) evaluate the • Review of the Risk Register and Action Plan
effectiveness of these actions. should be at least once a year
Actions taken to address risks and opportunities shall be
proportionate to the potential impact on the conformity • Evaluation on the effectiveness of identified
of products and services. actions to address the risks
 ISO CLAUSE 6.2 Quality Objectives and planning to achieve them
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
6.2 Quality Objectives and planning to achieve • Establishment of Quality Objectives that are: All OCD
them • Relevant to QMS process being implemented Offices/Divisions/
• Relevant to enhancement of customer satisfaction Sections
6.2.1 The organization shall establish quality
objectives at relevant functions, levels and • Establishment of parameters to measure the Quality
processes needed for the QMS. Objectives and determination of targets

The quality objectives shall: • Monitoring and measurement of Quality Objectives at

a. Be consistent with the quality policy
b. Be measureable
c. Take into account applicable requirements
d. Be relevant to conformity of products and
services and to enhancement of customer
satisfaction
e. Be monitored
f. Be communicated
g. Be updated as appropriate
The organization shall maintain documented
information on the quality objectives.
the end of every year.
• To determine whether the set targets for the year
were attained
• The results shall be documented (i.e. Quality
Metrics Scorecard)
• The results shall be supported by documented
information/evidences
• Development and implementation of Action Plans if the
targets set were not achieved
 ISO CLAUSE 6.2 Quality Objectives and planning to achieve them
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
6.2 Quality Objectives and planning to Documented evidences All OCD
achieve them containing the required Offices/Divisions/
information: Sections
6.2.2 When planning how to achieve its
quality objectives, the organization • It can be the Annual Plan and
shall determine: Budget (APB) and Office
Performance Commitment
a. What will be done; Review (OPCR) Report
b. What resources will be required;
c. Who will be responsible;
d. When it will be completed;
e. How the results will be evaluated.
CLAUSE 7
SUPPORT
 ISO CLAUSE 7.1 Resources
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.1 Resources • Fund: Top Management
➢ Approved Annual Plan and Budget; All OCD Offices
7.1.1 The organization shall ➢ Notice of Cash Allocation;
determine and provide the ➢ Other supporting documents related to actual provision of
finances/fund needed;
resources needed for the
establishment, implementation, • People/Manpower:
maintenance and continual ➢ Authorized plantilla position vs actual fill-up
improvement of the QMS. • Infrastructure/ Property and Equipment
➢ Physical Inventory of PPEs (buildings, facilities, ICT,
The organization shall consider: Vehicles, etc)
a. The capabilities of, and
constraints on, existing • Supplies
➢ Annual Procurement Plan;
internal resources;
➢ Bidding Documents, Purchase Request, Property
b. What needs to be obtained Acknowledgment Receipts, etc.
from external providers ➢ Other supporting documents related to actual provision of
needed supplies
• Outsourced processes - consultants, pest control services,
job orders, contractors, janitorial services, etc.
 ISO CLAUSE 7.1.2 People
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.1 Resources • Authorized plantilla positions HRMO
All OCD Offices
7.1.2 People • Qualification Standards

The organization shall determine and • Hiring and Selection Process

provide the persons necessary for the
effective implementation of its QMS and
for the operation and control of its
processes.
 ISO CLAUSE 7.1.3 Infrastructure
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.1 Resources • Physical inventory of Property and All OCD Offices
Equipment;
7.1.3 Infrastructure General Services
• Conduct of 5S Inspection Division/Maintenance
The organization shall determine, provide, • Submission of accomplished 5S Division/ICT
and maintain the infrastructure necessary for Inspection Checklist to Workplace
the operation of its processes and to achieve Organization Team
conformity of products and services.
• Provision of needed office supplies and
Infrastructure can include: equipment
a. Buildings and associated utilities
b. Equipment, including hardware and • Maintenance of buildings and facilities
software
c. Transportation resources • Preventive Maintenance and repair of
d. Information and communication vehicles
technology
• Preventive and corrective maintenance of
ICT equipment
 ISO CLAUSE 7.1.6 Organizational Knowledge
WHAT IS REQUIRED BY
ISO STANDARD?
7.1 Resources
7.1.6 Organizational Knowledge
The organization shall determine the knowledge
necessary for the operation of its processes and to
achieve conformity of products and services.
This knowledge shall be maintained and be made
available to the extent necessary.
Organizational knowledge can be based on:
a. Internal sources (e.g. intellectual property;
knowledge gained from experience; lessons
learned from failure and successful projects;
capturing and sharing undocumented knowledge
and experience; the results of improvements in
processes; products and services);
b. External sources (e.g. standards, academia,
conferences, gathering knowledge from
customers or external providers)
WHO WILL DO THE
KEY REQUIREMENTS
REQUIREMENT?
✓ Documented information regarding a All OCD Offices
process, product or service;
✓ Manuals, Work instructions;
✓ The experience of skilled people operating
the processes;
✓ Mentoring and coaching by more
experienced employees;
✓ Knowledge of technologies and infrastructure
relevant to our organization, etc.
✓ Lessons learnt from non-conformities,
corrective actions, and the results of
improvement;
✓ Gathering knowledge from customers,
suppliers and partners, benchmarking of best
practices;
✓ Capturing knowledge existing within the
organization, e.g. through
mentoring/succession planning;
✓ Sharing knowledge with relevant interested
parties to ensure sustainability of the
organization;
✓ Knowledge from conferences, conventions,
workshops, or other external events.
 ISO CLAUSE 7.1.6 Organizational Knowledge
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.1 Resources ✓Quality policy (Clause 5.2); All OCD Offices
✓Quality Objectives (Clause 6.2.1);
7.1.6 Organizational Knowledge
✓Demonstrate the operation of processes (maintain &
The organization shall determine the
retain documented information) (Clause 4.4.2);
knowledge necessary for the operation of its
✓QMS performance and effectiveness (Clause 9.1.1)
processes and to achieve conformity of
Quality Objectives, Metrics;
products and services.
✓Contract review requirements (Clause 8.2.3);
This knowledge shall be maintained and be ✓Records of monitoring and measuring resources (Clause
made available to the extent necessary. 7.1.5);
✓Competence records of personnel, training records, cross
Organizational knowledge can be based on:
training, training feedback (Clause 7.2);
a. Internal sources (e.g. intellectual property;
✓Operational planning and control process documents and
knowledge gained from experience; lessons
records (Clause 8.1);
learned from failure and successful
✓Supplier evaluation records (Clause 8.4.1);
projects; capturing and sharing
✓Change control records (Clause 8.5.6);
undocumented knowledge and experience;
✓Product non-conformity records (Clause 8.7);
the results of improvements in processes;
✓Corrective action records (Clause 10.2);
products and services);
✓Identification and traceability records (Clause 8.5.2);
b. External sources (e.g. standards, academia,
✓Records of the release of products/services (Clause 8.6);
conferences, gathering knowledge from
✓Internal audit programmes and reports (Clause 9.2.2);
customers or external providers)
✓Management review minutes (Clause 9.3.3).
 ISO CLAUSE 7.2 Competence
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.2 Competence • Qualification Standards HRMS
• Records of Recruitment and
The organization shall: Selection Process All OCD Offices
• Training Needs Assessment
a. Determine the necessary competence of persons (LNA/ILDP)
doing work under its control that affects the • Training Plan
performance and effectiveness of the QMS • Learning Application Plan and
b. Ensure that these persons are competent on the its evaluation by the
basis of appropriate education, training, or Supervisors / Evaluation of
experience personnel whether the training
c. Where applicable, take actions to acquire the provided is effective for his/her
necessary competence, and evaluate the improvement at work
effectiveness of the actions taken • Updated and complete 201 files
d. Retain appropriate documented information as
evidence of competence
 ISO CLAUSE 7.3 Awareness
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.3 Awareness • Awareness of the top All OCD Offices
management and employees
The organization shall ensure that persons doing work
under the organization’s control are aware of:
a. The quality policy
b. Relevant quality objectives
c. Their contribution to the effectiveness of the QMS
including the benefits of improved performance
d. The implication of not conforming with the QMS
requirements
 ISO CLAUSE 7.4 Communication
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.4 Communication Internal communication: All OCD Offices
✓Communicating objectives and targets to
The organization shall determine the employees.
internal and external communications ✓Raising awareness of issues to employees;
relevant to the QMS, including: ✓Communicating the policies to employees;
a. On what it will communicate ✓Advising of nonconformance to relevant
b. When to communicate requirements;
c. With whom to communicate ✓Reporting incidents arising from abnormal or
d. How to communicate emergency operation to senior management;
e. Who communicates
External communications:
✓Dealing with complaints;
✓Obtaining views from community groups and
customers, partner agencies;
✓Responding to media inquiries, especially in the
event of an incident
 ISO CLAUSE 7.5 Documented Information
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.5 Documented Information • Documents and records / All OCD Offices
documented evidences to
7.5.1 The organization’s QMS shall include: justify conformance to the
a. Documented information required by the requirements
International Standard
b. Documented information determined by the
organization as being necessary for the effectiveness
of the QMS
 ISO CLAUSE 7.5 Documented Information
1) The scope of the quality management system (4.3);
2) Information necessary to support the operation of QMS processes (4.4);
3) The quality policy (5.2);
4) The quality objectives (6.2);
5) Evidence of fitness for purpose of monitoring and measuring resources
(7.1.5.1);
6) Evidence of the basis used for calibration of the monitoring and
measurement resources (7.1.5.2);
7) Evidence of competence of people doing work under the control of the
organization that affects the performance and effectiveness of the QMS
(7.2);
8) Documented information required by the QMS (7.5.1b);
9) Results of the review and requirements for the products and services
(8.2.3);
10)Records to demonstrate compliance with design and development
requirements (8.3.2);
11)Records of design and development inputs (8.3.3);
12)Records of the activities of design and development controls (8.3.4);
13)Records of design and development outputs (8.3.5);
14)Design and development changes, including the results of the review and
the authorization of the changes and necessary actions (8.3.6);
15)Records of the evaluation, selection, monitoring of performance and re-
evaluation of external providers and any actions arising (8.4.1);
16)Evidence of the unique identification of outputs when traceability is a
requirement (8.5.2);
17)Records of property of the customer or external provider that is lost,
damaged or non-conforming and of its communication to the owner
(8.5.3);
18)Results of the review of changes for production or service provision, the
persons authorizing the change, and necessary actions taken (8.5.6);
19)Records of authorized release of products for delivery to the customer
including acceptance criteria and traceability to the authorizing person(s)
(8.6);
20)Records of non-conformities, actions taken, concessions and the identity
of the authority deciding the action in respect of the nonconformity (8.7);
21)Results of the evaluation of the performance and the effectiveness of the
QMS (9.1.1);
22)Evidence of the implementation of the audit programme and the audit
results (9.2.2);
23)Evidence of the results of management reviews (9.3.3);
24)Evidence of the nature of the nonconformities and any subsequent actions
taken (10.2);
25)Results of any corrective actions (10.2).
 ISO CLAUSE 7.5.2 Creating and updating
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.5.2 Creating and updating • Review and approval, and All OCD Offices
proper labelling and
When creating and updating documented information, identification of documents
the organization shall ensure appropriate: based on the established
a. Identification and description (e.g. title, date, author, procedure
or reference number)
b. Format (e.g. language, software version, graphics)
and media (e.g. paper, electronic)
c. Review and approval for suitability and adequacy
 ISO CLAUSE 7.5.2 Creating and updating
WHAT IS REQUIRED BY WHO WILL DO THE
KEY REQUIREMENTS
ISO STANDARD? REQUIREMENT?
7.5.3 Control of documented information • Control of documented All OCD Offices
7.5.3.1 Documented information required by the QMS and the International information (distribution,
Standard shall be controlled to ensure: control of changes) based
a. It is available and suitable for use, where and when it is needed on the established
b. It is adequately protected (e.g. from loss of confidentiality, improper system/procedure
use, or loss of integrity)
• Proper filing system
7.5.3.2 For the control of documented information, the organization shall
address the following activities:
• NAP Form 2 (Inventory of
a. Distribution, access, retrieval and use
Documents)
b. Storage and preservation, including preservation of legibility
c. Control of changes (e.g. version control)
d. Retention and disposition
Documented information of external origin determined by the organization
to be necessary for the planning and operations of the QMS shall be
identified as appropriate and be controlled..
Documented information retained as evidence of conformity shall be
protected from unintended alterations.
CLAUSE 8
OPERATION
 ISO CLAUSE 8.1 Operational planning and control
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.1 Operational and planning control a. Quality objectives for the product or All OCD
The organization shall plan, implement and control the service are determined; Offices/Divisions/
processes (see 4.4) needed to meet the requirements for Sections
the provision of products and services, and to implement b. Requirements for the product or service
actions determined in Clause 6 by: are determined;

(a) Determining the requirements for the products and c. Processes required to achieve
services. conformance are identified and
(b) Establishing criteria for (1) the processes; and (2) the established;
acceptance of products and services;
(c) Determining the resources needed to achieve d. Criteria for the processes are
conformity to the product and service requirements; established;
(d) Implementing control of the processes in accordance
with the criteria; and e. Resources required to achieve
(e) Determining, maintaining, and retaining documented conformance are identified;
information to the extent necessary (1) to have
confidence that the processes have been carried out as f. Documents to demonstrate
planned; and (2) to demonstrate the conformity of conformance are identified; and
products and services to their requirements.
g. Documented information are
maintained and retained.
 ISO CLAUSE 8.2.1 Customer Communication
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.2.1 Customer communication Proper and timely communication of the All OCD
following to the customers: Offices/Divisions/
Communication with customers shall Sections
include: a. Product and service information, including
a. Providing information relating to customer requirements;
products and services;
b. Handling enquiries, contracts or b. Documented agreements with the customer,
orders, including changes; such as contracts, orders, changes, and other
c. Obtaining customer feedback relating information needed to meet customer
to products and services, including requirements;
customer complaints
d. Handling or controlling customer c. Customer feedback including complaints;
property;
e. Establishing specific requirements for d. Handling and treatment of customer
contingency actions, when relevant properties; and

e. Any contingency actions that are relevant.

 ISO CLAUSE 8.2.2 Determining the requirements for
products and services
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.2.2 Determining the requirements for a. The requirements for products and All OCD
products and services services are determined: Offices/Divisions/
• Requirements of the customer; Sections
When determining the requirements for • Requirements from applicable statutes
products and services to be offered to and regulations; and
customers, the organization shall ensure • Requirements considered necessary by
that: the organization;
a. The requirements for the products and
services are defined, including (1) any b. The requirements for products and
applicable statutory and regulatory services are defined (work instruction,
requirements; and (2) those considered process flowcharts, etc.); and
necessary by the organization;
c. For the QMS process owners to ensure
b. The organization can meet the claims that they have the ability to meet the
for the products and services it offers. requirements related to its products and
services.
 ISO CLAUSE 8.2.3 Review of the requirements for products and services
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.2.3 Review of the requirements for products and services Conduct of review of the All OCD
8.2.3.1 The organization shall ensure that it has the ability to meet the customer’s requirements prior Offices/Divisions/
requirements for products and services to be offered to customers. The to the commitment to produce Sections
organization shall conduct a review before committing to supply products or deliver such.
and services to a customer, to include:
a. Requirements specified by the customer, including the requirements
for delivery and post-delivery activities
b. Requirements not stated by the customer, but necessary for the
specified or intended use, when known
c. Requirements specified by the organization
d. Statutory and regulatory requirements applicable to the products and
services
e. Contract or order requirements differing from those previously
expressed

The organization shall ensure that contract or order requirements differing

from those previously defied are resolved. The customer’s requirements
that shall be confirmed by the organization before acceptance, when the
customer does not provide a documented statement of their requirements
 ISO CLAUSE 8.2.3 Review of the requirements for products and services
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.2.3 Review of the requirements for a. Documented information on All OCD
products and services the results of the review Offices/Divisions/
conducted; Sections
8.2.3.2 The organization shall retain
documented information, as applicable: b. Documented information on
a. On the results of the review; any new requirements for the
b. On any new requirements for the products and services;
products and services.
c. Communication of the results
of the review and any new
requirements to the
customers.
 ISO CLAUSE 8.2.4 Changes to requirements for products and services
WHAT IS REQUIRED BY ISO WHO WILL DO THE
KEY REQUIREMENTS
STANDARD? REQUIREMENT?
8.2.4 Changes to requirements for When any of the determined All OCD
products and services requirements for products and Offices/Divisions/
services are changed: Sections
The organization shall ensure that
relevant documented information is a. Update all relevant
amended, and that relevant persons documented information to
are made aware of the changed reflect these changes;
requirements, when the
requirements for products and b. Inform all concerned
services are changed. personnel, customers, and
interested parties on such
changes.
 ISO CLAUSE 8.3 Design and development of products and services
WHAT IS REQUIRED BY ISO WHO WILL DO THE
KEY REQUIREMENTS
STANDARD? REQUIREMENT?
8.3.1 General Establishment, All OCD
implementation, and Offices/Divisions/
The organization shall establish, maintenance of the design Sections
implement, and maintain a design and development process
and development process that is where such activity is
appropriate to ensure the required.
subsequent provision of products
and services.
 ISO CLAUSE 8.3.2 Design and development planning
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.3.2 Design and development planning The following shall be considered in All OCD
In determining the stages and controls for design and development, the determining the stages and controls for design Offices/Divisions/
organization shall consider: and development process: Sections
a. The nature, duration and complexity of the design and development a. Nature, duration and complexity of
activities; activities;
b. The required process stages, including applicable design and b. Required process stages, including
development reviews; reviews;
c. The required design and development verification and validation c. Required design and development
activities; verification and validation activities;
d. The responsibilities and authorities involved in the design and d. Responsibilities and authorities involved
development process; in the process;
e. The internal and external resource needs for the design and e. Internal and external resource needs;
development of products and services; f. Control interfaces between persons
f. The need to control interfaces between persons involved in the design involved;
and development process; g. Involvement of customers and users in the
g. The need for involvement of customers and users in the design and process;
development process; h. Requirements for subsequent provision of
h. The requirements for subsequent provision of products and services; products and services;
i. The level of control expected for the design and development process i. Level of control expected by customers
by customers and other relevant interested parties; and other relevant interested parties;
j. The documented information needed to demonstrate that design and j. Documented information to demonstrate
development requirements have been met. that the requirements have been met.
 ISO CLAUSE 8.3.3 Design and development inputs
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.3.3 Design and development inputs a. Determination of All OCD
The organization shall determine the requirements essential for the inputs/requirements essential for Offices/Divisions/
specific types of products and services to be designed and developed. the specific types of products and Sections
The organization shall consider: services to be designed and
a. Functional and performance requirements; developed;
b. Information derived from previous similar design and
development activities; b. Documented information on
c. Statutory and regulatory requirements; design and development inputs.
d. Standards or codes of practice that the organization has
committed to implement;
e. Potential consequences of failure due to the nature of the
products and services;

Inputs shall be adequate for design and development purposes,

complete and unambiguous.

Conflicting design and development inputs shall be resolved.

The organization shall retain documented information on design and

development inputs.
 ISO CLAUSE 8.3.4 Design and development controls
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.3.4 Design and development controls Implementation of controls to the design and All OCD
development process to ensure that: Offices/Divisions/
The organization shall apply controls to the design and Sections
development process to ensure that: a. Results to be achieved are defined;
a. The results to be achieved are defined;
b. Reviews are conducted to evaluate the ability of the b. Reviews are conducted;
results of design and development to meet
requirements; c. Verification and validation activities are
c. Verification activities are conducted to ensure that the conducted;
design and development outputs meet the input
requirements; d. Actions are taken on problems determined
d. Validation activities are conducted to ensure that the during the reviews, verification, and
resulting products and services meet the requirements validation activities; and
for the specified application or intended use;
e. Any necessary actions are taken on problems e. Documented information of these activities
determined during the reviews, or verification and are retained.
validation activities;
f. Documented information of these activities is retained.
 ISO CLAUSE 8.3.5 Design and development outputs
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.3.5 Design and development outputs a. Design and development outputs All OCD
shall: Offices/Divisions/
The organization shall ensure that design and - Meet the input requirements; Sections
development outputs: - Adequate for the subsequent
a. Meet the input requirements; processes in the QMS;
b. Are adequate for the subsequent processes for the - Include or reference monitoring
provision of products and services; and measuring requirements
c. Include or reference monitoring and measuring and acceptance criteria;
requirements, as appropriate, and acceptance - Specify the characteristics of
criteria; the products and services
d. Specify the characteristics of the products and
services that are essential for their intended purpose b. Documented information on
and their safe and proper provision. design and development outputs

The organization shall retain documented information

on design and development outputs.
 ISO CLAUSE 8.3.6 Design and development changes
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.3.6 Design and development changes a. Identification, review and All OCD
The organization shall identify, review and control of changes made to Offices/Divisions/
control changes made during, or subsequent ensure that there is no adverse Sections
to, the design and development of products impact on conformity to
and services, to the extent necessary to requirements.
ensure that there is no adverse impact on
conformity to requirements. b. Documented information on the
following:
The organization shall retain documented - Design and development
information on: changes;
a. Design and development changes; - Results of reviews;
b. The results of reviews; - Authorization of the changes;
c. The authorization of the changes; - Actions taken to prevent
d. The actions taken to prevent adverse adverse impacts.
impacts.
 ISO CLAUSE 8.4 Control of externally provided processes, products and services
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.4.1 General • Ensure that the external All concerned OCD
The organization shall ensure that externally provided processes, providers conform to the Offices/Divisions/ Sections
products and services conform to requirements. organization’s requirements;
The organization shall determine the controls to be applied to
• Determination and application of
externally provided processes, products, and services when:
controls to external providers in
a. Products and services from external providers are intended
certain cases;
for incorporation into the organization’s own products and
services;
• Determination and application of
b. Products and services are provided directly to the customers
criteria in the evaluation,
by external providers on behalf of the organization;
selection, monitoring of
c. A process, or part of a process, is provided by an external
performance, and re-evaluation
provider as a result of a decision by the organization.
of external providers;
The organization shall determine and apply criteria for the
evaluation, selection, monitoring of performance, and re- • Documented information of such
evaluation of external providers, based on their ability to provide activities.
processes or products and services in accordance with
requirements.
The organization shall retain documented information of these
activities and any necessary actions arising from the evaluations.
 ISO CLAUSE 8.4.2 Type and Extent of Control
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.4.2 Type and Extent of Control Controls to ensure that the external All concerned OCD
The organization shall ensure that externally provided processes, providers conform to the Offices/Divisions/ Sections
products and services do not adversely affect the organization’s requirements of the organization
ability to consistently deliver conforming products and services to (e.g. Accomplishment Report, other
its customers. activities to monitor their
performance)
The organization shall:
a. Ensure that externally provided processes remain within the
control of its QMS
b. Define both the controls that it intends to apply to an
external provider and those it intends to apply to the
resulting output;
c. Take into consideration: (1) the potential impact of the
externally provided process, products and services on the
organization’s ability to consistently meet customer and
applicable statutory and regulatory requirements; and (2)
effectiveness of the controls applied by the external provider
d. Determine the verification, or other activities, necessary to
ensure that the externally provided processes, products, and
services meet requirements.
 ISO CLAUSE 8.4.3 Information for external providers
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.4.3 Information for external providers Communicate the following information All concerned OCD
The organization shall ensure the adequacy of requirements to the external providers: Offices/Divisions/ Sections
prior to their communication to the external provider.
a. Requirements of the
The organization shall communicate to external providers its organization/office to them,
requirements for: including the required qualifications
a. The processes, products and services to be provided (Terms of Reference, Specifications
b. The approval of (1) products and services; (2) methods, etc.);
processes, and equipment; (3) the release of products
and services b. Criteria and mechanism to be applied
c. Competence, including any required qualification of in the monitoring of external
persons provider’s performance and in the re-
d. The external providers’ interactions with the evaluation of external providers;
organization
e. Control and monitoring of the external providers’ c. Verification or validation activities
performance to be applied by the organization needed to perform at the external
f. Verification or validation activities that the organization, providers’ premises, as applicable.
or its customer, intends to perform at the external
providers’ premises
 ISO CLAUSE 8.5 Production and service provision
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.5.1 Control of production and service provision a. Documented information of QMS All concerned OCD
The organization shall implement production and service provision under process (i.e. work instructions, Offices/Divisions/ Sections
controlled conditions. operations manual);
b. Availability and use of suitable
Controlled conditions shall include, as applicable: monitoring and measuring
a. The availability of documented information that defines (1) the resources;
characteristics of the products to be produced, the services to be c. Monitoring and measurement
provided, or the activities to be performed; activities at appropriate stages;
b. The availability and use of suitable monitoring and measuring resources; d. Necessary infrastructure and
c. The implementation of monitoring and measurement activities at environment for the operation of
appropriate stages to verify that criteria for control of processes or output, processes;
and acceptance criteria for products and services, have been met; e. Appointment of competent
d. The use of suitable infrastructure and environment for the operation of persons;
processes; f. Validation and periodic
e. The appointment of competent persons, including any required revalidation;
qualification; g. Implementation of actions to
f. The validation and periodic revalidation, of the ability to achieve planned prevent human error;
results of the processes for production and service provision, where the h. Implementation of release,
resulting output cannot be verified by subsequent monitor or delivery and post-delivery
measurement; activities
g. The implementation of actions to prevent human error;
h. The implementation of release, delivery and post-delivery activities.
 ISO CLAUSE 8.5.2 Identification and traceability
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.5.2 Identification and traceability Tracking the clients, the All concerned OCD
The organization shall use suitable means to identify services being provided, Offices/Divisions/
outputs when it is necessary to ensure the conformity of the products being Sections
products and services. produced. (backlogs)

The organization shall identify the status of outputs with

respect to monitoring and measurement requirements
throughout production and service provision.

The organization shall control the unique identification of

the outputs when traceability is a requirement, and shall
retain the documented information necessary to enable
traceability.
 ISO CLAUSE 8.5.3 Property belonging to customers or external providers
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.5.3 Property belonging to customers or external • The properties belonging to All concerned OCD
providers customers and external providers Offices/Divisions/
that are under the custody of the Sections
The organization shall exercise care with property organization (information,
belonging to customers or external providers while it equipment, document, etc.)
is under the organization’s control or being used by
the organization. • Safekeeping of properties belonging
to customers and external providers.
The organization shall identify, verify, protect, and
safeguard customers’ or external providers’ property • Process of reporting to and informing
provided for use or incorporation into the products the customer or external provider in
and services. cases that their properties are lost,
damaged, etc.
When the property of a customer or external
provider is lost, damaged, or otherwise found to be • Retain documented information on
unsuitable for use, the organization shall report this what has occurred (including actions
to the customer or external provider and retain taken)
documented information on what has occurred.
 ISO CLAUSE 8.5.4 Preservation
WHAT IS REQUIRED BY ISO WHO WILL DO THE
KEY REQUIREMENTS
STANDARD? REQUIREMENT?
8.5.4 Preservation Preservation of outputs to All concerned OCD
ensure conformity to Offices/Divisions/
The organization shall preserve requirements (may include Sections
the outputs during production identification, handling,
and service provision, to the contamination control,
extent necessary to ensure packaging, storage, transmission
conformity to requirements. or transportation, and
protection).
 ISO CLAUSE 8.5.5 Post-delivery activities
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.5.5 Post-delivery activities Post-delivery activities All concerned OCD
The organization shall met requirements for post- must take into account: Offices/Divisions/
delivery activities associated with the products a. Statutory and Sections
and services. In determining the extent of post- regulatory
delivery activities that are required, the requirements;
organization shall consider b. Things that could go
a. statutory and regulatory requirements; wrong (i.e.
b. potential undesired consequences associated backlogs);
with its products and services; c. How outputs should
c. the nature, use and intended lifetime of its be used and how
products and services; long they should
d. customer requirements; last (i.e. warranty)
e. customer feedback. d. Customer feedback;
 ISO CLAUSE 8.5.6 Control of Changes
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.5.6 Control of Changes • Regular review of All concerned OCD
The organization shall review and control changes for processes and Offices/Divisions/
production or service provision, to the extent necessary to procedures Sections
ensure continuing conformity with requirements.
• Documented
The organization shall retain documented information information on the
describing the results of the review of changes, the persons results of the review
authorizing the change, and any necessary action arising from and the changes in the
the review. process
 ISO CLAUSE 8.6 Release of products and services
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.6 Release of products and services Documented information All concerned OCD
on the release of products Offices/Divisions/
The organization shall implement planned arrangements, at and services: Sections
appropriate stages, to verify that the product and service
requirements have been met. a. Evidence of conformity
with the acceptance
The release of products and services to the customer shall not criteria;
proceed until the planned arrangements have been
satisfactorily completed, unless otherwise approved by a b. Traceability to the
relevant authority and, as applicable, by the customer. persons authorizing the
release
The organization shall retain documented information on the
release of products and services. The documented information
shall include (a) evidence of conformity with the acceptance
criteria; and (b) traceability to the persons authorizing the
release
 ISO CLAUSE 8.7 Control of Nonconforming Outputs
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
8.7 Control of Nonconforming Outputs Actions shall be undertaken to All concerned OCD
8.7.1 The organization shall ensure that outputs that do not conform to prevent the intended use or Offices/Divisions/
their requirements are identified and controlled to prevent their delivery of nonconforming outputs. Sections
unintended use or delivery.
Verification of conformity to the
The organization shall take appropriate action based on the nature of the requirements, when
nonconformity and its effect on the conformity of products and services. nonconforming outputs are
This shall also apply to nonconforming products and services detected corrected;
after delivery of products, during or after the provision of services.
Documented information
The organization shall deal with nonconforming outputs in one or more (Corrective Action Request) that:
of the following ways: (a) correction; (b) segregation, containment, a. Describes nonconformity
return or suspension of provision of products and services; (c) informing b. Describes the actions taken
the customer; (d) obtaining authorization for acceptance under c. Describes any concessions
concession. Conformity to the requirements shall be verified when obtained;
nonconforming outputs are corrected. d. Identifies the authority
deciding the action in respect
8.7.2 The organization shall retain documented information that (a) of the nonconformity
describes the nonconformity; (b) describes the actions taken; (c)
describes any concessions obtained; (d) identifies the authority deciding
the action in respect of the nonconformity.
CLAUSE 9
PERFORMANCE
EVALUATION
ISO CLAUSE 9.1 Monitoring, measurement, analysis and evaluation
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.1 Monitoring, measurement, analysis and evaluation • Quality Objectives All OCD Offices
• Customer Satisfaction
9.1.1 The organization shall determine • Documented information of the
a. What needs to be monitored and measured monitoring, measurement, analysis
b. The methods for monitoring, measurement, analysis and evaluation
and evaluation needed to ensure valid results
c. When the monitoring and measuring shall be
performed
d. When the results from monitoring and measurement
shall be analyzed and evaluated

The organization shall evaluate the performance and the

effectiveness of the QMS.

The organization shall retain appropriate documented

information as evidence of the results.
 ISO CLAUSE 9.1.2 Customer Satisfaction
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.1.2 Customer satisfaction • Customer/Interested Parties All OCD Offices
feedback mechanism relevant
The organization shall monitor to the QMS process
customers’ perceptions of the degree to
which their needs and expectations have
been fulfilled. The organization shall
determine the methods for obtaining,
monitoring and reviewing this
information.
 ISO CLAUSE 9.1.3 Analysis and Evaluation
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.1.3 Analysis and Evaluation • Measurement of Quality All OCD Offices
Objectives
The organization shall analyze and evaluate • Customer Feedback Analysis
appropriate data and information arising from • Review of processes
monitoring and measurement. • Plan versus actual
• Risk Register Review
The results of analysis shall be used to evaluate: • Performance of External
a. Conformity of products and services Providers (Suppliers,
b. The degree of customer satisfaction Contractors, Outsource Service,
c. The performance and effectiveness of the QMS Contract of Service, etc.)
d. If planning has been implemented effectively • Number of improvements that
e. The effectiveness of actions taken to address are still open and/or closed
risks ad opportunities
f. The performance of external providers
g. The need for improvements to the QMS
 ISO CLAUSE 9.2 Internal Audit
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.2 Internal Audit • Conduct of Internal IQA Team and Pool
Quality Audit of IQAs in
9.2.1 The organization shall conduct internal coordination with all
audits at planned intervals to provide OCD Offices
information on whether the QMS: (auditees)
a. Conforms to (1) the organization’s own
requirements for its QMS and (2) the
requirements of the International Standard
b. Is effectively implemented and maintained
 ISO CLAUSE 9.2 Internal Audit
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.2 Internal Audit • IQA Plan IQA Team and Pool
• Audit Itinerary of IQAs in
9.2.2 the organization shall: • Audit Checklist coordination with
a. Plan, establish, implement, and maintain an audit programme • IQA Opening Meeting all OCD Offices
including the frequency, methods, responsibilities, planning, • Audit Execution (auditees)
requirements and reporting, which shall take into consideration • IQA Closing Meeting
the importance of the processes concerned, changes affecting • IQA Findings Report
the organization, and the results of the previous audits • Corrective Action Request
b. Define the audit criteria and scope for each audit (CAR)
c. Select auditors and conduct audits to ensure objectivity and the • CAR Register
impartiality of the audit process • Verification Audit Results
d. Ensure that the results of the audits are reported to relevant • Documents and records
management related to the conduct of
e. Take appropriate correction and corrective actions without undue IQA
delay
f. Retain documented information as evidence of the
implementation of the audit programme and the audit results
 ISO CLAUSE 9.3 Management Review
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.3 Management Review • Conduct of QMR and all
Management Review concerned OCD
9.3.1 Top management shall review the once a year Offices/Officers
organization’s QMS, at planned intervals, to
ensure its continuing suitability, adequacy,
effectiveness and alignment with the strategic
direction of the organization.
 ISO CLAUSE 9.3 Management Review
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.3 Management Review • PowerPoint Presentation QMR in
9.3.2 Management Review Inputs with the required cooperation with
The management review shall be planned and carried out taking into agenda the ISO Secretariat
consideration: and all OCD Offices
a. Status of actions from previous management reviews
b. Changes in external and internal issues that are relevant to the QMS
c. Information on the performance and effectiveness of the QMS,
including trends in (1) customer satisfaction and feedback from
relevant interested parties; (2) the extent to which quality
objectives have been met; (3) process performance and conformity
of products and services; (4) nonconformities and corrective
actions; (5) monitoring and measurement results; (6) audit results.
d. The adequacy of resources
e. The effectiveness of actions taken to address risks and
opportunities
f. OFIs
 ISO CLAUSE 9.3 Management Review
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
9.3 Management Review • Minutes of the QMR / ISO
9.3.3 Management Review Outputs Management Secretariat
The outputs of the management review shall include Review
decision and actions related to:
a. Opportunities for improvement
b. Any need for changes to the QMS
c. Resource needs

The organization shall retain documented

information as evidence of the results of
management reviews.
CLAUSE 10
IMPROVEMENT
 ISO CLAUSE 10 Improvement
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
10.1 General • Corrective Action All OCD Offices
10.1.1 The organization shall determine and select • Demonstration of
opportunities for improvement and implement continual
necessary actions to meet customer requirements improvement
and enhance customer satisfaction. • Step
change/breakthroug
10.1.2 This shall include, as appropriate: h
a) improving processes to prevent • Innovation
nonconformities; • Re-organization or
b)improving products and services to meet known transformation
and predicted requirements;
c) improving quality management system results.
 ISO CLAUSE 10.2 Nonconformity and corrective action
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
10.2 Nonconformity and corrective action • Implementation of IQA Team
10.2.1 When a nonconformity occurs, including any arising from Control of NC and
complaints, the organization shall: Corrective Action Concerned OCD
a. React to the nonconformity and, as applicable: (1) take action to Procedures , if there’s an Offices
control and correct it; and (2) deal with the consequences established procedure
b. Evaluate the need for action to eliminate the causes of the
nonconformity, in order that it does not recur or occur elsewhere, • Corrective Action
by: reviewing and analysing the nonconformity, determining the Request
causes of the nonconformity, and determining if similar
nonconformities exist, or could potentially occur • Correction, Corrective
c. Implement any action needed Action, RCA
d. Review the effectiveness of any corrective action taken
e. Update risks and opportunities determined during planning, if • Verification / Follow up
necessary activity
f. Make changes to the QMS, if necessary
• Documented
Corrective actions shall be appropriate to the effects of the information
nonconformities encountered.
 ISO CLAUSE 10.2 Nonconformity and corrective action
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
10.2 Nonconformity and corrective action Documented information Concerned OCD
10.2.2 the organization shall retain Offices
documented information as evidence of:
a. The nature of the nonconformities and any
subsequent actions taken
b. The results of any corrective action
 ISO CLAUSE 10.3 Continual Improvement
WHO WILL DO THE
WHAT IS REQUIRED BY ISO STANDARD? KEY REQUIREMENTS
REQUIREMENT?
10.3 Continual Improvement • Results of analysis and Concerned OCD
10.3.1 The organization shall continually improve the evaluation Offices
suitability, adequacy, and effectiveness of the quality • Outputs of Management
management system. Review
• Internal Quality Audit
10.3.2 The organization shall consider the outputs of Results
analysis and evaluation, and the outputs from • Result of other audits
management review, to confirm if there are areas of • Performance indicators
underperformance or opportunities that shall be ✓ quality objectives
addressed as part of continual improvement. ✓ improved efficiency
in the use of
10.3.3 Where applicable, the organization shall select and resources
utilise applicable tools and methodologies for investigation ✓ Enhanced customer
of the causes of underperformance and for supporting satisfaction
continual improvement.
Thank you!