Friday, May 20, 2016

ISO 9001:2015 Processes Related to Customers: Contract Analysis

Contract Analysis is one of the QMS processes related to the Customers.

ISO 9001:2015 defines the requirements to the Contract analysis in sub clauses of 8.2 Requirements for products and Services (cl.8.2.2, cl.8.2.3, cl.8.2.1.b, cl.8.2.1.e)

  • Product requirements that have to be included into the contract (cl.8.2.2.a) :
           - Customer requirements (cl.
           - Safety Requirements (cl.
           - Legal requirements (cl.
           - Additional requirements have to be agreed upon (cl.
           - Force Majeure
  • Ability of the organization to meet the requirements (confirmed by the ‘Approval sheet’) (cl.
Contract Analysis Quality System Procedure regulates ‘Contract Analysis’ process operation according to the ISO 9001:2015 requirements.
QSP requirements apply to the activities of the Sales department, as well as the activity of the ‘Design and development' and ‘Production’ process owners of in terms of analysis and meeting the requirements for products (services).

‘Contract analysis’ Process model is displayed below:

‘Contract Analysis’ Process Model Flows 

Determining the requirements for products (services) includes:
  • Creation of a catalog of products (provided services) with the description and characteristics; 
  • working with customer requests; 
  • Development of the commercial offer; 
  • Development of the contract draft. 
Download the Contract Analysis Quality System Procedure Preview

Purchase the complete Contract Analysis QSP from our Site.

More ISO 9001:2015 Documents and Templates

Wednesday, May 11, 2016

Do we need to maintain a 'Risk Register'?

Q: ISO 9001:2015, does it require a documented risk register
Will it become a requirement, indirectly? 
I plan to identify and review all risks and opportunities in the MRM but still unsure about maintaining a separate register (document). 

A: 1. ISO 9001:2015 does not require neither development, nor maintenance of a Risk register. Risk register is a part of risk management methodology. Risk register development is a good practice, but not the Standard requirement.
Risk- based thinking initiates the consideration of multi-variant approach in decision-making. It may be represented as a possibility of the expected result offset into a negative or positive part of a certain ‘scale’ depending on disturbances in the result achieving process.

Usually, the ‘risk register’ development includes three stages:
1) risk formulating (naming the possible disturbances);
2) risk identification (digitization), as a rule, the negative consequences are considered;
3) risk ranking (risk value sorting, descending)

In this case, the ‘Risk register’ describes the possibility of the expected result offset to the negative part of the ‘scale’.
A good practice is to develop an ‘Opportunity Register’ - the analysis of disturbances and consequences that offset the expected result into the positive part of the ‘scale’.

This decision is fully aligned with the requirement 6.1.1 of ISO 9001:2015 to

 ‘determine the risks and opportunities that need to be addressed to
 b) enhance desirable effects;
 c) prevent, or reduce, undesired effects;’

2. Documenting the Register is also a good practice, not the requirement of the Standard. Over time, and as a result of risk treatment, the components (probability and consequences) change. A good practice is to review the Registers at the set intervals, for example every 6 months.

More on Risk management:



Reference table
Presentation, 5 slides
Presentation, 3 slides

Tuesday, May 10, 2016

Control of Personnel Quality System Procedure

Our ISO 9001:2015 Quality System Procedures collection was updated with the Control of Personnel Procedure.
The key personnel competence requirements of ISO 9001:2015 are implemented in this documented procedure based on the best field experience:
  • definition of the required competence; 
  • provision of competence; 
  • evaluation of the effectiveness of measures to ensure competence; 
  • preservation of evidence of competence; 
  • analysis of the adequacy of human resources, improvement actions. 

Download the Control of Personnel Procedure Preview.

Looking for a set of required procedures? 

Take advantage of our May 2016 offer - 30% off the bundle of 9 Quality System Procedures

Wednesday, May 4, 2016

Control of Documented Information: Documenting Plans

The revised version of ISO 9001:2015 requirements sometimes are confusing, especially regarding the 'documented information'.

What is documented information? What documented information is mandatory to keep - and what is optional?

New article by JP Russell and Denis J. Devos 'An ISO 9001:2015 Catch 22: Documenting Pans' explores this topic focusing on clause 6.1.2 requirements - plans to address risks and opportunities.

On one hand a plan is not classified as documented information and moreover the organization determines what documented information they need to maintain. On the other, when an organization documents their plans, an auditor expects the plans to be controlled and maintained as documented information and be available in some form or media. So the organization could be subject to plans being audited against documented information controls.

More on Control of Documented information

ISO 9001:2015 Quality System Procedure - Control of Documented Information

  • Describes Criteria and Risks of ‘Control of Documented Information’ Process 
  • Contains Process Model diagram with detailed inputs and output 
  • User-friendly format and professional layout - reviewed and approved by experienced ISO 9001 quality auditors.
Control of Documented Information in ISO 9001:2015 Clauses
  • Lists Documented Information requirements referencing the clauses of ISO 9001:2015 
  • Provides recommendations for Documented information maintenance for each clause. 

Control of Documented Information QnA