Guidance
About this Checklist
Summary of Key Changes
Process Approach
Context of the Organization
Scope of the Quality Management System
Leadership
Risks and Opportunities
Products and Services
Control of Externally Provided Products & Services
Documented Information
Non-conforming Processes
How to Make the Changes
Existing ISO 9001:2008 Documentation
Self-assessment Checklist
Context of the Organisation
Leadership
Planning
Support
Operation
Performance Evaluation
Improvement
This gap analysis checklist highlights the new requirements contained in ISO 9001:2015, and is not intended to cover all of the requirements from ISO 9001:2015 comprehensively. The unique knowledge obtained about the status your existing quality management system will be a key driver of the subsequent implementation approach. Armed with this knowledge, it allows you to establish accurate budgets, timelines and expectations which are proportional to the state of your current management system when directly compared to the requirements of the standards.
Your organization may already have in place an ISO 9001:2008 compliant quality management system or you might be running an uncertified system. If this is the case, you will want to determine how closely your system conforms to the requirements ISO 9001:2015. The results of a gap analysis exercise will help to determine the differences, or gaps, between your existing management system and the new requirements. Not only will this analysis template help you to identify the gaps, it will also allow you to recommend how those gaps should be filled.
The gap analysis output provides a valuable baseline for the implementation process as a whole and for measuring progress. Try to understand each business process in the context of each of the requirements by comparing different activities and processes with what the standard requires. At the end of this activity you will have a list of activities and processes that comply and ones that do not comply. The latter list now becomes the target of your implementation plan.
The process approach was promoted by ISO 9001:2008 and is now a requirement in its own right, which sets out the specific requirements for the adoption of a process approach.
A new clause and sub clauses are being introduced relating to the context of the organization. Your organization is now required to identify and asses all internal and external issues that could impact upon your quality management system’s ability to deliver its intended results. You will need to develop a methodology to understand the needs and expectations of all interested parties.
Greater emphasis has been placed on the definition of scope of the quality management system. The scope of quality management system should be determined in consideration to your organization’s context.
The previously titled Management Responsibility from ISO 9001:2008 has been replaced with ‘Leadership’. Top management are now required to be actively involved in the operation of the quality management system. The removal of the role of ‘management representative’ reinforces a need to see the quality management system embedded into routine business operations, rather than operating as an independent system in its own right with its own dedicated management structure.
All references to preventive action have been removed from the ISO 9001:2015 and replaced with Clause 6.1 - Actions to Address Risks and Opportunities. Your organization is now required to determine, consider and, where necessary, take action to address any risks or opportunities that might impact your quality management system’s ability to deliver conformance, or which might adversely impact customer satisfaction.
The term ‘product’ is being replaced by ‘products and services’. By including specific reference to services as well as products, ISO 9001:2015 reinforces the idea that quality management systems are applicable to all types of business and not just to are manufacturing or supplying products.
ISO 9001:2008 Clause 7.4 – Purchasing has been replaced with clause 8.4 ‘Control of externally provided products and services’. This clause addresses all types of external provision, purchasing from a supplier, or through the outsourcing of processes. Your organization is now required to take a risk-based approach to determine the type and extent of controls that are appropriate for each external provider and all outsourced processes.
Requirements for a documented quality manual, documented procedures and records have been removed and replaced with the term ‘Documented Information’. This is the information your organization is required to control, retain and maintain.
The Control of non-conforming products now includes non-conforming processes. Your organization is now required to evaluate whether a process is not conforming to planned arrangements and, where necessary, investigate the cause and take action to prevent recurrence.
Purchase copies of ISO 9000:2015 and ISO 9001:2015. Read them both and make yourself familiar with their language and concepts. Although it is written in a dense, formal language, the clause titles in ISO 9001:2015 are fairly self-explanatory. We suggest that you use the familiar Plan-Do-Check-Act (PDCA) methodology to manage your organization’s transition from the old to the new requirements. The following guidance provides nine simple steps to make the transition, using the PDCA approach:
The extent of the documented information will differ from your organization to another because of to the size of organization and its activities, processes, products and services; the complexity of processes and their interactions, and the competence of personnel. In ISO 9001:2008, the quality manual helped to establish and document the framework of your organization's quality management system while articulating those aspects of the QMS to any interested parties.
While there is no requirement for a quality manual or any documented procedures in ISO 9001:2015, it is suggested that if they add value, then they should not simply be binned. You will be expected to maintain the integrity of the QMS during the transition process. You do not need to renumber your existing documentation to correspond to the new clauses. It is down to each organization to determine whether the benefits gained from renumbering will exceed the effort involved.
Neither do you need to restructure your management system to follow the sequence of and titles of the requirements. Providing all of the requirements contained in ISO 9001:2015 are met, your organization’s quality management system will be compliant.
The type and extent of documented information that your organization should retain and maintain, in order to be compliant with ISO 9001:2015, clearly depends on the nature of your organization’s products and processes. The following criteria can be used to assess the different types of ISO 9001:2008 documents and information that your organization should retain and maintain as documented information by determining whether the information:
If any of the above criteria apply to any type of document or information within your organization's domain, then it should be retained and maintained as a form of 'documented information' as per Clause 7.5 of ISO 9001:2015.
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
1 |
Have all external and internal issues that are relevant to your organisation’s purpose and the achievement of customer satisfaction and the organisation’s strategic direction been determined? |
|
|
|
|
|
|
|
2 |
Are these issues reviewed and monitored on a regular basis? |
|
|
|
|
|
|
|
3 |
Have the needs and expectations of interested parties that are relevant to the QMS been determined? |
|
|
|
|
|
|
|
4 |
Was the scope of your QMS determined whilst taking into account of all the external and internal issues, the needs of interested parties and the scope your products and services? |
|
|
|
|
|
|
|
5 |
Is your QMS established, and does it include a description of the processes required and their sequence and interaction? |
|
|
|
|
|
|
|
6 |
Have the criteria for managing these processes and their interaction been established? |
|
|
|
|
|
|
|
7 |
Have all responsibilities, methods, measurements and related performance indicators, needed to ensure the effective operation and control, been established? |
|
|
|
|
|
|
|
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
8 |
Has top management taken accountability for the effectiveness of the QMS? |
|
|
|
|
|
|
|
9 |
Have the policy and objectives for the QMS, which are compatible with the strategic direction of the organisation, been established and communicated? |
|
|
|
|
|
|
|
10 |
Have the objectives been established at relevant departmental and individual levels with the business? |
|
|
|
|
|
|
|
11 |
Have the requirements for the QMS been integrated into the business processes and have management promoted awareness of the process approach? |
|
|
|
|
|
|
|
12 |
Have customer requirements and applicable statutory and regulatory requirements been determined, met and communicated throughout the organisation? |
|
|
|
|
|
|
|
13 |
Have the risks and opportunities that are relevant to the QMS been established? |
|
|
|
|
|
|
|
14 |
Has the organisation established and communicated the responsibilities and authorities for the effective operation of the QMS? |
|
|
|
|
|
|
|
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
15 |
Have the risks and opportunities that need to be addressed to give assurance that the QMS can achieve its intended result(s) been established? |
|
|
|
|
|
|
|
16 |
Has the organisation planned actions to address these risks and opportunities and integrated them into the system processes? |
|
|
|
|
|
|
|
17 |
Is there a defined process for the determining the need for changes to the QMS and managing their implementation? |
|
|
|
|
|
|
|
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
18 |
Has the organisation determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the QMS (including people, environmental and infrastructure requirements)? |
|
|
|
|
|
|
|
19 |
If monitoring or measuring is used for evidence of conformity of products and services to specified requirements, has the organisation determined the resources needed to ensure valid and reliable monitoring and measuring of results? |
|
|
|
|
|
|
|
20 |
Has the organisation determined the knowledge necessary for the operation of its processes and achievement of conformity of products and services and implemented a lessons learnt process? |
|
|
|
|
|
|
|
21 |
Has the organisation ensured that those persons who can affect the performance of the QMS are competent on the basis of appropriate education, training, or experience or taken action to ensure that those persons can acquire the necessary competence? |
|
|
|
|
|
|
|
22 |
Has the documented information required by the standard and necessary for the effective implementation and operation of the QMS been established? |
|
|
|
|
|
|
|
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
23 |
Is there a defined process for the provision of products and services that meet requirements defined by the customer? |
|
|
|
|
|
|
|
24 |
When changes are planned are they carried out in a controlled way and actions taken to mitigate any adverse effects? |
|
|
|
|
|
|
|
25 |
Are any outsourced processes managed and controlled? |
|
|
|
|
|
|
|
26 |
Is there a defined process for reviewing and communicating with customers in relation to information relating to products and services, enquiries, contracts or order handling? |
|
|
|
|
|
|
|
27 |
Is this review conducted prior to the organisation’s commitment to supply products and services? |
|
|
|
|
|
|
|
28 |
If you design and develop products or services, are these processes established and implemented in line with the requirements of the standard? |
|
|
|
|
|
|
|
29 |
Do you ensure that externally provided processes, products, and services conform to specified requirements? |
|
|
|
|
|
|
|
30 |
Do you have criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers? |
|
|
|
|
|
|
|
31 |
Is the provision of products and services carried out in controlled conditions which include: |
|
|
|
|
|
|
|
32 |
Do you have effective methods of ensuring traceability during the operation process? |
|
|
|
|
|
|
|
33 |
Where property belonging to customers or external providers is used in the provision of the product or service, is this controlled effectively? |
|
|
|
|
|
|
|
34 |
If there is a requirement for post-delivery activities associated with the products and services such as warranty, maintenance services, recycling or final disposal, are these defined and managed? |
|
|
|
|
|
|
|
35 |
Are any nonconforming process outputs managed so as to prevent their unintended use? |
|
|
|
|
|
|
|
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
36 |
Has the organisation determined what needs to be monitored and measured and the methods for monitoring, measurement, analysis and evaluation, to ensure valid results? |
|
|
|
|
|
|
|
37 |
Has it established when the results from monitoring and measurement shall be analyzed and evaluated? |
|
|
|
|
|
|
|
38 |
Have methods of monitoring customer perceptions of the provision of products and services been established? |
|
|
|
|
|
|
|
39 |
Has it determined the need or opportunities for improvements within the QMS and how these will be fed into management reviews? |
|
|
|
|
|
|
|
40 |
Has the organisation established a process for an internal audit of the QMS? |
|
|
|
|
|
|
|
41 |
Has an approach to perform management reviews been established and implemented? |
|
|
|
|
|
|
|
Ref |
Gap Analysis Question |
Finding |
Implementation Plan (if No) |
|||||
Yes |
No |
ISO Clause |
Process Owner |
Action Needed |
Date Planned |
Date Actual |
||
42 |
Has the organisation determined and selected opportunities for improvement and implemented the necessary actions to meet customer requirements and enhance customer satisfaction? |
|
|
|
|
|
|
|
43 |
Does the organisation operate appropriate processes for managing nonconformities and the related corrective actions? |
|
|
|
|
|
|
|
44 |
Has the organisation decided on how it will address the requirement to continually improve the suitability, adequacy, and effectiveness of the QMS? |
|
|
|
|
|
|
|
Source: https://www.iso9001help.co.uk/free%20templates/ISO%209001-2015%20Gap%20Analysis%20Checklist.docx
Web site to visit: https://www.iso9001help.co.uk
Author of the text: indicated on the source document of the above text
If you are the author of the text above and you not agree to share your knowledge for teaching, research, scholarship (for fair use as indicated in the United States copyrigh low) please send us an e-mail and we will remove your text quickly. Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders. Examples of fair use include commentary, search engines, criticism, news reporting, research, teaching, library archiving and scholarship. It provides for the legal, unlicensed citation or incorporation of copyrighted material in another author's work under a four-factor balancing test. (source: http://en.wikipedia.org/wiki/Fair_use)
The information of medicine and health contained in the site are of a general nature and purpose which is purely informative and for this reason may not replace in any case, the council of a doctor or a qualified entity legally to the profession.
The texts are the property of their respective authors and we thank them for giving us the opportunity to share for free to students, teachers and users of the Web their texts will used only for illustrative educational and scientific purposes only.
All the information in our site are given for nonprofit educational purposes