How to use this resource

This resource aims to help you manage your ISO 9001:2015

requirements. We still recommend you read the standard and
consult your certification body. Businesses are welcome to share
this tool on their website, but we ask that you provide a link to
our website www.qualsys.co.uk from your own website and
mention @QualsysEQMS on Twitter. Please note, this resource
aims to help you make your transition easier. It is not exhaustive
with all the requirements of the Standard.
 Proportion of
Status Progress
requirements

Unknown Hasn't even been checked yet 17%

Complete lack of recognisable policy,

Nonexistent 2%
procedure, control etc.

Development has barely started and will

Initial require significant work to fulfil the 13%
requirements

Limited Progressing nicely but not yet complete 9%

Development is more or less complete

although detail is lacking and/or it's not
Defined 33%
yet implemented, enforced and actively
supported by top management

Development is complete, the

Managed process/control has been implemented 10%
and recently started operating

The requirement is fully satisfied, is

operating fully as expected, is being
Optimised actively monitored and improved, and 10%
there's substantial evidence to prove all
that to the auditors

ALL requirements in the main body of

ISO 9001:2015 are mandatory IF your
Not applicable 1%
qms is to be certified. Otherwise,
management can ignore them.

Total 97%
 ISO 9001:2015 gap analysis
Clause ISO 9001 requirement Status Further reading

4 Context of the organisation

4.1 Organisational context

Determine the aims of your organisation's quality management system and any issues that might affect its
4.1 Initial 5 tips for tackling context of the organisation
effectiveness
4.2 Interested parties

4.2 Identify interested parties including applicable laws, regulations, contracts etc. Unknown Tackling Context of the Organisation

4.3 Scope of the quality management system

4.3 Determine and document the scope of your quality management system. Managed Tackling Context of the Organisation

4.4 Quality management system and its processes

Establish, implement, maintain and continually improve your quality management system according to the
4.4.1 Not applicable Video: What is context of the organisation?
standard.

Determine required process inputs and expected outputs, assign responsibilities and authorities for
4.4.1 Limited Video: What is context of the organisation?
processes and identify risks and opportunities for processes.

Process methods and criteria for effective operation and control, including monitoring, measurements and
4.4.1 Managed Video: What is context of the organisation?
related performance indicators.

4.4.2 Plan, control, operate, monitor, measure and improve the quality management system processes. Defined Video: What is context of the organisation?

5 Leadership

5.1 Leadership and commitment

5.1 Top management must demonstrate leadership and commitment to the quality management system. Defined Demonstrating leadership for ISO 9001:2015

5.1 Top management are accountable for the effectiveness of the organisation's quality management system. Defined Leadership battles: Advice from peers

Top management ensure their organisation's quality policy ad quality objectives are consistent with the
5.1 Defined Leadership battles: Advice from peers
organisation's overall strategic direction and the context in which the organisation is operating.

5.1 Top management work alongside their people in order to ensure that the quality objectives are achieved. Defined Leadership battles: Advice from peers

Top management ensure the quality policy is communicated, understood and applied across the
5.1 Defined Leadership battles: Advice from peers
organisation.

Top management ensure the quality management system requirements are integral to the organisation's
5.1 Defined Leadership battles: Advice from peers
business processes i.e. it's not a bolt on.

Top management promote awareness and the adoption of the use of both the process approach and risk
5.1 Defined What is the process approach
based thinking.

Top management ensure the resources required for the effective operation of the quality management
5.1 Defined Leadership battles: Advice from peers
system are made available.

Top management stress the importance of effective quality management and of conforming to the
5.1 Defined Leadership battles: Advice from peers
requirements of the quality management system.

5.1 Top management make sure the quality management system is achieving the intended results. Defined How leadership can demonstrate commitment to the quality management system

5.1 Top management drive continual improvement and develop leadership in their managers. Defined How leadership can demonstrate commitment to the quality management system

5.1.2 Top management to lead in demonstrating the organisation's commitment to its customers. Defined How leadership can demonstrate commitment to the quality management system

Top management must ensure the customer and applicable statutory and regulatory requirements are
5.1.2 Defined How leadership can demonstrate commitment to the quality management system
identified, understood and consistently met.

Top management must consider and address any risks that threaten the ability of the organisation to
5.1.2 Defined How leadership can demonstrate commitment to the quality management system
provide conforming products and/or services which may negatively impact customer satisfaction.

Top management must also ensure the organisation remains focused on delivering conforming products
5.1.2 Defined How leadership can demonstrate commitment to the quality management system
and services, on meeting its statutory regulatory obligations, and on enhancing its customers' satisfaction.

5.2 Policy

Top management must establish a quality policy that is appropriate to the purpose and context of the
5.2.1 Optimised Policy management best practices
organisation and supports its strategic direction.

Top management to provide a framework for setting and review of quality objectives and include
5.2.1 commitments to satisfy any applicable requirements and to continually improve their quality management Managed Policy management best practices
system.

5.2.1 It is the responsibilities of top management to implement and maintain the quality policy. Managed Policy management best practices

The policy must be available as documented information, communicated, understood and applied inside
5.2.2 Optimised Policy management best practices
the organisation and must be available to relevant interested parties as appropriate.

5.3 Organisational roles, responsibilities and authorities

Top management of the organisation need to ensure assignment of the necessary responsibilities and
5.3 Managed Leadership and risk
authorities to the organisational roles within the organisation to carry out quality-related activities.

Authority and responsibility is assigned for ensuring ISO 9001:2015 requirements are met, quality
management system processes are delivering their intended outputs, reporting on the operation of the
5.3 quality management system and identifying any opportunities for improvement is taking place, a customer Managed Leadership and risk
focus is promoted throughout the organisation, whenever changes to the quality management system are
planned and implemented, the integrity of the system is maintained.

6 Planning

6.1 Actions to address risks and opportunities

Design / plan the quality management system to satisfy the requirements, addressing risks and
6.1.1 Initial 9 pieces of awful ISO 9001:2015 advice you should completely ignore
opportunities.

6.1.1 Not essential, but you may want to apply ISO 31000 to the business. Initial Introduction to ISO 31000

6.1.2 Define and apply how the business will address risks. Limited Risk based thinking for ISO 9001:2015

6.2 Quality objectives and planning to achieve them

Set quality objectives for relevant functions, levels and processes within its quality management system,
6.2.1 Unknown KPIs for ISO 9001:2015
including those associated with externally provided processes, products and services.

6.2.2 Plans are in place to determine how quality objectives will be achieved. Optimised Planning your QMS with our software

6.3 Planning of changes

The impact of any changes to the quality management system are planned and can be managed in a
6.3 Limited Clause by clause ISO 9001:2015 - using software to manage our quality management system
systematic manner.

6.3 Documented information relating to planned changes that impact its quality management system. Defined Clause by clause ISO 9001:2015 - using software to manage our quality management system

7 Support

7.1 Resources

Determine and allocate necessary resources for the quality management system. Including: People,
7.1 infrastructure, the environment for the operation of processes, monitoring and measuring resources, and Managed Clause by clause ISO 9001:2015 - using software to manage our quality management system
organisational knowledge.

7.2 Competence
7.2 Determine, document and make available necessary competences. Limited Why businesses choose to manage training records in EQMS

7.3 Awareness

Establish a quality management awareness program relevant to personnel who are under the
7.3 Unknown Why businesses choose to manage training records in EQMS
organisation's control.

7.4 Communication

Determine the need for internal and external communications relevant to the quality management system.
7.4 Unknown Why businesses choose to manage training records in EQMS
Must include what, who, how, why, and when it will be communicated.

7.5 Documented information

7.5.1 Provide documentation required by the standard plus that required by the organisation Unknown Why businesses choose to manage training records in EQMS

7.5.2 Provide document titles, authors etc., format them consistently, and review and approve them Unknown Why businesses choose to manage training records in EQMS

Control the documentation properly to protect against improper use, loss of integrity and loss of
7.5.3 Managed Why businesses choose to manage training records in EQMS
confidentiality.
Determine how to store, distribute, access, retrieve, use and manage change to both internal and external
7.5.3.2 Managed Why businesses choose to manage training records in EQMS
documentation.

8 Operation

8.1 Operational planning and control

8.1 Determine requirements for the products and services. Unknown ISO 9001 myth busting presentation

8.1 Establish criteria for the processes and for the acceptance of products and services. Unknown ISO 9001 myth busting presentation

8.1 Determine the resources needed to achieve conformity to product and service requirements. Unknown ISO 9001 myth busting presentation
8.1 Implement control of the processes in accordance with the criteria. Unknown ISO 9001 myth busting presentation
Determine and keep documented information to the extent necessary to have confidence that the
8.1 processes have been carried out as planned and to demonstrate conformity of products and services to Unknown ISO 9001 myth busting presentation
requirements.
Control and plan changes and review the consequences of unintended changes taking action to mitigate
8.1 Unknown ISO 9001 myth busting presentation
any adverse effects as necessary.
8.1 The organisation shall ensure that outsourced processes are controlled in accordance with 8.4. Unknown ISO 9001 myth busting presentation

8.1 Plan, implement, control and document quality processes to manage risks (i.e. a risk treatment plan) Unknown ISO 9001 myth busting presentation

8.2 Requirements for products and services

8.2 Reassess and document information security risks regularly and on changes Initial ISO 9001:2015 quiz

Determine the requirements for the products and services offered to customers and ensure it can meet the
8.2.2 Initial ISO 9001:2015 quiz
claims made.

8.2.3.1 Review product and service requirements for customer offerings before committing to supply. Initial ISO 9001:2015 quiz

8.2.3.2 Documented information is kept relating to requirement reviews. Initial ISO 9001:2015 quiz

8.2.4 Change to requirements for products and services are provided as documented information. Initial ISO 9001:2015 quiz

8.3 Design and development of products and services

8.3 Implement the risk treatment plan (treat the risks!) and document the results Defined Risk treatment plan
8.3.2 Plan the design and development of products and services Defined Software for this
Determine the essential requirements for the types of products and services your organisation designs and
8.3.3 Defined Software for this
develops.

8.3.4 Apply control to design and development processes. Defined Software for this

8.3.5 Outputs from design and development meet the input requirements for design and development. Defined Software for this

Changes that make an adverse impact on conformity to requirements are identified, reviewed and
8.3.6 Defined Software for this
controlled.

8.4 Control of externally provided processes, products and services

8.4.1 Ensure externally provided processes, products or services meet requirements. Limited Control of external provisions ISO 9001:2015

8.4.2 Determine the types and extent of controls to be applied to external providers. Defined Control of external provisions ISO 9001:2015

8.4.3 Review for adequacy the requirements of information communicated to external providers. Defined Control of external provisions ISO 9001:2015

8.5 Production and service provision

8.5.1 Control how the business produces and provides products and services. Optimised ISO 9001:2015 dashboard

8.5.2 Identify the status of outputs in respect of any monitoring and measurement. Defined ISO 9001:2015 dashboard

8.5.3 Property provided for the organisation's use are identified, verified, protected and safeguarded. Defined ISO 9001:2015 dashboard

The organisation takes appropriate measures during production and service provision to safeguard and
8.5.4 Limited ISO 9001:2015 dashboard
preserve outputs, in order to maintain their conformity to requirements.

8.5.5 Determine the nature and extent of any post-delivery activities to be undertaken. Optimised ISO 9001:2015 dashboard

Control changes necessary to ensure products or services continue to meet their specified requirements.
8.5.6 Documented information must include results of the review of the changes, person authorised for Limited ISO 9001:2015 dashboard
managing changes and any necessary actions arising from the review.

8.6 Release of products and services

Verify that products and services meet all requirements are carried out before released to customer.
8.6 Documented information must evidence acceptance criteria conformity and traceability to the individual Optimised Software for this
who who authorised release.

8.7 Control of nonconforming outputs

Controls are in place to ensure nonconforming products are not delivered to the customer. Nonconforming
8.7.1 outputs are either corrected, contained, returned, suspended, informing the customer, obtaining Limited Software for this
authorisation for acceptance under a concession.

8.7.2 Records of nonconformities, authority of deciding the action, and resultant actions are retained. Defined Software for this

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

Monitor, measure, analyse and evaluate the quality management system and the controls, including the
9.1 Nonexistent 6 quality KPIs your CEO cares about most
frequency.

Put in place arrangements to monitor the degree to which customers believe their requirements for
9.1.2 Initial 6 quality KPIs your CEO cares about most
products and services have been met.

Analyse and evaluate appropriate data and information that has been obtained internally or externally,
9.1.3 Optimised 6 quality KPIs your CEO cares about most
including performance of external providers and customer satisfaction.
9.2 Internal audit

Plan and conduct internal audits of the quality management system. Identify whether the quality
9.2 Defined Internal audit: Emerging trends
management system is being effectively implemented and maintained.

9.2.2 Audits have a scope and criteria, and results are fed back to the relevant management. Initial Internal audit: Emerging trends

9.3 Management review

9.3 Reviews of the quality managmeent system are undertaken by top management at planned intervals. Unknown Implementing a QMS best practice

Top management revisit the status of actions identified in previous reviews, consider any changes to the
organisation's context, and must consider qms performance and effectiveness. Management must
consider trends relating to nonconformities and corrective action, monitor and measurement results, audit
9.3.2 results, customer satisfaction, feedback from interested parties, conformity of products, external provider Optimised Implementing a QMS best practice
performance, how quality objectives are achieved. Management reviews consider information on
improvement opportunities, adequancy of resources, and if actions to address risk and opportunity is
effective.

9.3.3 Management review records are maintained as documented information. Initial Implementing a QMS best practice

10 Improvement

10.1 General
Actively seek out and realise improvement opportunities that will enable the organisation to meet
10.1 Optimised Culture of quality
customer requirements and enhance their customers' satsifaction.
10.2 Nonconformity and corrective action
10.2 Action is taken to control and correct nonconformities, and consider whether further action is still required. Nonexistent Culture of quality

Nonexistent Culture of quality

Page4 of 4 08/08/2019