Welcome to Our ISO 9001 Readiness Tool!

You should be able to demonstrate that you have considered internal and external issues, and that they are monitored and reviewed. These issues can include both positive and negative factors, and can be (e.g.): legal, technological, competitive, market trends and industry, cultural, social, political and economic environments, international, national, regional or local (etc).

You may have done this by completing exercises such as a SWOT analysis or a PESTLE analysis, or you may have listed them or maintained them in an internal document.

You must be able to demonstrate that you have considered interested parties, and their needs and expectations.

Interested parties are people or entities that have an interest in your organisation - for example, customers are an interested party, and their needs and expectations include value for money, on time delivery, and quality products/services. The Government and Industry Regulators are also interested parties, and their needs and expectations include compliance with regulations and other statutory requirements.

You may have done this as part of exercises such as a SWOT analysis or a PESTLE analysis, or you may have listed them or maintained them in an internal document.

The scope of your management system will be recorded on your ISO certificate, and identifies what areas your certification covers (i.e. the 'boundaries' of your certification). This scope needs to state the types of products and services that are covered by your management system, and justify any non-applicability (e.g. clauses and/or locations that are not included).

You must be able to demonstrate that you have determined the processes that are needed to support your management system, and identified how these interact with each other. You must also be able to demonstrate how these processes have been applied throughout your organisation.

You must be able to demonstrate that you have a quality policy that is appropriate to the purpose and context of your organisation, that provides a framework for setting quality objectives, and that includes commitments to continual improvement and to satisfying applicable requirements. Your quality policy must be available, documented, and be communicated both internally and to relevant interested parties.

Top management must ensure that responsibilities and authorities for all relevant roles are assigned, communicated, and understood within your organisation. Sometimes this is completed using an organisational chart or similar document.

You must be able to demonstrate that you have determined any risks and opportunities that need to be addressed to ensure that your management system can:

- Achieve its intended results;
- Continually improve;
- Enhance desirable effects; and
- Reduce or prevent undesirable effects.

These risks and opportunities should consider relevant internal and external issues, interested parties, and all areas that are in scope of your management system.

You can address risks by (e.g.):
- Avoiding the risk;
- Taking the risk in order to pursue an opportunity;
- Eliminating the risk source;
- Changing the likelihood or consequences;
- Sharing the risk;
- Retaining risk by informed decision (etc).

You can address opportunities by:
- Adopting new practices;
- Launching new products;
- Opening new markets;
- Addressing new customers;
- Building partnerships;
- Using new technology (etc).

You must be able to demonstrate in a document that your organisation has determined appropriate quality objectives that consider all relevant functions, levels, and processes needed for your quality management system.

Quality objectives must:

- Be consistent with the quality policy; - Be measurable; - Take into account applicable requirements; - Be relevant to conformity of products and services and to enhancement of customer satisfaction; - Be monitored; - Be communicated; and - Be updated as appropriate.

You must be able to demonstrate that where the need for changes to the management system are determined, changes are planned and take into consideration: - Potential consequences arising from the change; - Maintenance of the integrity of the management system; - The availability of resources to manage and implement the change; and - The allocation of responsibilities and authorities.

You must be able to demonstrate that your have sufficient resources in place to establish, implement, maintain and continually improve your organisation's management system.

You must be able to demonstrate that your have sufficient resources in place to establish, implement, maintain and continually improve your organisation's management system. In particular, the people resources you have in place should ensure appropriate control of your operations and process.

You must be able to demonstrate that your organisation has determined, provides, and maintains its infrastructure and any monitoring/measurement equipment that it uses.

Infrastructure can include:

- Buildings and associated utilities;
- Equipment, including hardware and software;
- Transportation resources;
- Information and communication technology.

Monitoring/Measuring equipment includes equipment that requires regular calibration such as:

- Torque wrenches;
- Electrical testing equipment;
- Thermometers etc.

You must be able to demonstrate that measures are in place to ensure the required organisational knowledge is maintained and additional knowledge is acquired where necessary.

You must be able to demonstrate that you ensure that persons doing work for your organisation have the competence to do so. This competence could come from education, training, or experience. You must also keep up-to-date records of competence required for and held by anyone that can affect your management system.

You must be able to demonstrate that you have determined all internal and external communications that are relevant to the management system, and that you control:

- What will be communicated;
- When and to whom it will be communicated;
- How information is communicated; and
- Who communicates it.

You must also ensure that all persons working under your organisation are aware of the policy, its objectives, and their contribution to the effectiveness of the management system, and that they are aware of any relevant compliance obligations and of the implications of not conforming to the policy.

You must be able to demonstrate that you have a documented process for managing all information that is necessary to support the effectiveness of the management system. This policy/procedure must include:

- How documented information is created and updated;
- How documented information is controlled to ensure it is available and suitable for use;
- How documented information is protected (e.g. from improper use, loss, damage, or illegibility);
- How documented information is distributed and accessed;
- How documented information is retrieved and stored;
- How long documented information is stored for and when documented information is deleted; and
- How documented information is preserved, handled, and disposed of.

You must be able to demonstrate that such processes are in place and they ensure that they: - Maintain consistency of output; - Establish criteria for determining whether products or services offered are acceptable or not; - Ensure sufficient resources are available to provide any products or services offered; and - Ensure appropriate documented information is retained.

You must be able to demonstrate that where products and services are offered: - The requirements for the provision are defined, and understood by the customer, including any requirements for delivery/post delivery activities; - A thorough review of the requirements is completed before the offer is confirmed so that your organisation can be sure that it has the ability and resources to fulfill the requirement; - The organisation can conform with any relevant contractual or statutory and regulatory requirements; and - Where a change to the provision is made, relevant information is amended and relevant persons made aware of the changes.

To conform to ISO 9001, your organisation must consider how it will design and develop any products/services that it intends to supply. This requirement encompasses:

- The manufacturing of any product;
- The supply of any services;
- The introduction of any new product/service; and
- The modification of any current products/services.

Your process must include:

- All relevant inputs (e.g. what you want to achieve, drawings, specifications, etc);
- Controls (periodic checks to verify that things are going the right way); and
- All relevant outputs (how you will ensure that the products/services meet your standards and inputs).

You must be able to demonstrate that you have a process in place that ensures that, when you use external resources (e.g. contractors, suppliers, subcontractors), these resources conform with your management system processes. You should have established establish criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their abilities, capability and performance.

Controlled conditions should ensure that: - Identification and traceability are maintained as necessary; - Property belonging to customers or external providers is handled with care; - Outputs are preserved to ensure conformity to requirements; - Any post delivery activities and requirements are met; - Any changes to the production or service provision are reviewed, controlled and authorised; and - Confirmation that products and service requirements have been met is documented prior to release to the customer.

You must be able to demonstrate that your organisation utilises information gathered from monitoring and measurement to evaluate the performance and effectiveness of its management system.

You must be able to demonstrate how your organisation monitors, measures, and reviews customer perception to determine if their needs and expectations have been fulfilled.

You can monitor customer perceptions using (e.g.) customer surveys, feedback on delivered products/services, meetings with customers, market-share analysis, compliments, warranty claims, and dealer reports (etc). This information should be used to analyse and evaluate the conformity of your products/services, to measure the degree of customer satisfaction, and to measure the performance of your quality management system to determine if planning has been effective.

You must carry out internal audits of your management system to ensure that it conforms to both its own requirements, and the requirements of the ISO standard. You must have also developed a programme/plan that outlines how these audits will be carried out. Internal audits must be carried out in accordance with your internal audit plan, and the results from each audit must be retained as documented information.

A 'management review' is a meeting held at planned intervals (at least annually). It must contain specific agenda points required under the ISO standard, and include both inputs and outputs.

You must record the minutes of your Management Review Meetings and keep these as documented information.

You must be able to demonstrate that you maintain documented information about risks, nonconformities, and opportunities for improvement for both your management system and your products/services. This documentation must include:
- The nature of any risks/nonconformities/opportunities;
- Any actions taken to correct/enhance them; and
- Assessments of the effectiveness of corrections/enhancements.

Note that: a ˜Nonconformity is an issue, problem, or the identification of a failure to meet the standards or requirements that have been imposed by either your organisation, your ISO Standard, or relevant third parties. These can relate to a product, a service, or an activity that your organisation provides or undertakes. When a nonconformity occurs, actions must be taken to control, correct, and deal with the consequences of the nonconformity. You must also take action to identify and (where possible) eliminate the root cause to prevent reoccurrence, make updates to any relevant risks and opportunities, and make changes to the management system as necessary.