Get compliant with ISO 9001 and simplify compliance for your organisation.
Ensure that your organisation has identified and supplied the resources necessary for establishing, implementing, maintaining, and continuously improving the quality management system (QMS).
Verify that your organisation has determined which resources are required to ensure the QMS operates effectively. These resources may include raw materials, infrastructure, finances, personnel, and information technology, which can be sourced internally or externally.
Ensure that your organisation has considered the need for external resources, in addition to internal resources, and provide documented evidence to support this. Typically, organisations determine resource requirements during management review meetings.
The success of any QMS depends largely on the competencies, skills, and knowledge of the personnel involved in its operation and control. Therefore, organisations need to identify and provide the people necessary to carry out the processes and ensure the effective implementation of the management system.
To achieve this, organisations must determine the roles and responsibilities required for the effective operation and control of the QMS. This includes the identification of the necessary knowledge, skills, and experience required for each role. The organisation should also ensure that personnel are appropriately trained, and their competence verified, to carry out their responsibilities effectively.
Organisations must also provide the necessary resources to support personnel in their roles. This includes providing access to equipment, tools, and information to enable them to carry out their duties effectively
Infrastructure plays a crucial role in ensuring that processes are carried out effectively, efficiently, and reliably, and that products or services are produced to meet customer requirements.
Organisations must determine and provide the necessary infrastructure to support the effective operation of the QMS. This includes identifying the physical facilities, such as buildings and workspaces, and ensuring they are designed, constructed, and maintained to support the processes involved in the QMS.
Equipment and utilities needed to support the operation and control of processes must be identified and provided, including machinery, tools, and energy sources. Additionally, software necessary for the control, monitoring, and analysis of process data must be identified and provided.
Organisations must ensure that infrastructure is suitable for its intended use, regularly maintained and calibrated, and accessible to the personnel who need it. This includes ensuring that equipment is regularly inspected, tested, and calibrated to ensure it is operating within its intended specifications.
Organisations must ensure that the environment in which their processes are carried out is appropriate, safe, and conducive to achieving conformity, this also includes a healthy environment for the wellbeing of the employees.
The suitability of the environment should be evaluated concerning the processes being carried out, and measures should be taken to manage and control the environment to prevent any adverse impacts on product and service quality.
The environment can include factors such as temperature, humidity, lighting, noise, cleanliness, and other relevant conditions that can influence the performance of personnel or equipment used in the process. For example, in the food industry, maintaining appropriate temperatures and cleanliness is crucial for ensuring the safety and quality of the products produced.
Organisations must determine and provide the necessary resources for monitoring and measuring processes to ensure that they conform to the requirements of the QMS.
The resources used for monitoring and measuring could be physical, such as measuring instruments and equipment, or software-based, such as computer systems used for data collection and analysis.
The monitoring and measuring resources must be accurate, reliable, and capable of providing data that is relevant to the QMS’s performance and effectiveness. Additionally, the resources must be maintained and calibrated at appropriate intervals to ensure their accuracy and effectiveness.
As part of this clause, any documented information should be kept as evidence of monitoring.
By having appropriate monitoring and measuring resources in place, organisations can identify non-conformances, track the performance of processes, and take corrective actions to improve the QMS.
Organisations must identify the measurement standards or systems that they will use as reference points and establish a process for calibration and verification of monitoring and measuring equipment.
This process should include documenting the calibration status of equipment and keeping records of measurement results.
In addition, organisations must also ensure that their monitoring and measuring resources are used and maintained according to the manufacturer’s instructions and industry standards. This includes establishing procedures for the use, handling, and storage of equipment, as well as conducting regular maintenance and calibration to ensure the accuracy and reliability of the equipment.
Organisations must determine the knowledge necessary to support their processes and products and ensure that this knowledge is maintained and made available to the relevant personnel.
This involves identifying and capturing critical knowledge and expertise, documenting it, and making it available to personnel who need it to perform their work effectively.
Organisations can maintain organisational knowledge in a variety of ways, such as creating and maintaining knowledge databases, conducting training and development programs, capturing and sharing lessons learned, and establishing communities of practice.
By maintaining organisational knowledge, organisations can ensure that they have the expertise and information necessary to continually improve their processes and products and adapt to changing customer needs and market conditions.
This clause requires organisations to determine the necessary competence required for personnel to effectively operate and manage their QMS processes. The competence of personnel should be assessed in terms of their education, training, skills, experience, and knowledge.
Organisations should determine the necessary competence by taking into account the requirements of their processes, products, and services. This includes identifying any specific competencies required for particular roles within the organisation.
Competency requirements may differ based on the level of responsibility or job function.
Once the necessary competencies are identified, organisations must provide training or take other actions to ensure that personnel have the required competence. This may include formal training, on-the-job training, coaching, mentoring, or other methods to develop and enhance the necessary skills and knowledge. Organisations must also ensure that personnel are aware of the importance of their roles in achieving the QMS objectives and the potential consequences of not meeting those objectives.
The effectiveness of their training programs must be evaluated to ensure that they are achieving the desired results. This may involve measuring the performance of personnel against established objectives or assessing the effectiveness of the training program through feedback mechanisms.
All employees within the organisation must be aware of the importance of the QMS and their role in contributing to its effectiveness. It requires organisations to establish and maintain a process for ensuring that employees are aware of the quality policy and relevant quality objectives, and that they understand the consequences of not conforming to QMS requirements.
To achieve this, organisations may use a variety of methods to communicate the necessary information to their personnel.
The clause also requires organisations to ensure that employees are aware of any changes made to the QMS, as well as any relevant legal and regulatory requirements that affect their work.
Clause 7.4 of ISO 9001 outlines the requirement for organisations to establish and maintain effective communication. This includes both internal communication among employees and external communication with relevant parties.
Effective communication ensures that everyone in the organisation understands their roles and responsibilities and is aware of the QMS requirements. It also helps to identify and address issues and problems before they become serious.
Internal communication refers to communication within the organisation. This can include communication about policies, procedures, instructions, work instructions, and objectives related to the QMS.
External communication refers to communication with external parties, such as customers, suppliers, regulators, and other stakeholders. The organisation should communicate with these parties to ensure that they are aware of the QMS requirements, and to obtain feedback on the performance of the QMS. Communication with external parties should be consistent with its QMS policy and objectives.
To comply with this clause, organisations should establish communication procedures and methods that are appropriate to their size, complexity, and activities.
In order to do that they should have in count:
They should also monitor and evaluate the effectiveness of their communication processes and take corrective action when necessary.
Clause 7.5 of ISO 9001:2015 sets out the requirements for documented information, which is the information that the organisation needs to provide and maintain in order to support the operation of its quality management system (QMS).
Documented information can take various forms, such as policies, procedures, plans, records, and other types of documents.
ISO 9001:2015 requires organisations to establish and maintain documented information to support the effective operation of the QMS. However, the amount of documented information required may vary based on the size and complexity of the organisation’s processes and the competence of its personnel.
It’s important to note that the organisation must still ensure that the necessary documented information is in place to support the effective operation of the QMS, regardless of its size and complexity. Additionally, the organisation should ensure that its documented information is appropriate, accurate, and up-to-date.
To ensure that your organisation’s documented information is appropriate and effective, you should verify that it is properly identified, described, and formatted when created or updated (e.g. title, date, author, reference number, language, software version, graphics, paper or electronic media). Additionally, you should check that all documented information is reviewed and approved for suitability and adequacy to ensure its quality and reliability.
Document control is important for all businesses, regardless of their size. It helps prevent unauthorised use of documents and ensures that changes are properly incorporated and not lost over time.
While it may seem unnecessary for small and medium-sized enterprises (SMEs), it is still important to establish clear document control processes to maintain the integrity and reliability of the documented information.
Demonstrate your organisation’s arrangements for controlling documented information by showing the availability, suitability, and protection of the documents. This includes document accessibility (hard copy, electronic media), format, media suitable to the environment, ease of understanding, language, interpretation, document authentication, document markings (official, secret, restricted, confidential, private, sensitive, classified, unclassified), access controls (individual, role specific), physical and IT security (User ID, password, servers, download, back up, encryption, ‘read only’, ‘read/write’), and protection from corruption and unintended alterations.
Your organisation should also have arrangements for document retention, including organisation/legal/contractual retention periods, storage, preservation, back up, retention of knowledge, disposal, obsolescence, and suitable identification (‘for information only’, ‘not to be used after…’, ‘uncontrolled copy’, ‘for reference purposes only’, etc.).
It is important to protect electronic data by having a security policy, system access profiles, password rules, storage and back-up policy, and protection from loss, unauthorised changes, unintended alteration, corruption, physical damage. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
Departmental managers should be responsible for promoting good documented information practices in their area while supporting overall compliance with the requirements. Individuals and their line managers should be responsible for the information they create, as well as being responsible for their retention and disposal in line with legislative requirements and organisational needs.