ISO 9001-2015 Gap Analysis Checklist

This ISO 9001-2015 self-assessment form is an auditing tool that will help you to identify gaps between your existing Quality Management System and the requirements of ISO 9001:2015. Assess your existing policies, processes or procedures and flag key non-conformance areas. Understanding the status of your existing QMS will be a key driver for the subsequent implementation approach.

Download as free PDF

Library
ISO Standards
ISO 9001-2015 Gap Analysis Checklist

Understanding The Organisation

4. With consideration given to their impact or potential impact on your company's ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, do you determine: The interested parties that are relevant to the QMS? The requirements of these interested parties that are relevant to the QMS?

Photo Comment

15. That is, for the QMS processes do you determine the: Inputs required and the outputs expected from the processes? Sequence and interaction of the processes? Criteria, methods, including measurements and related performance indicators needed to ensure the effective operation and control of the processes? Resources needed and ensure their availability? Assignment of the responsibilities and authorities for these processes? Risk and opportunities and plans to implement the appropriate actions to address them? Methods for monitoring, measuring and evaluation of processes and if needed, the changes to processes to ensure that they achieve intended results? Opportunities for improvement of the processes and the QMS?

Photo Comment

Leadership

1. Does top management demonstrate leadership and commitment with respect to the QMS by: Taking accountability of the effectiveness of the QMS? Ensuring that the quality policy and quality objectives are established for the QMS and are compatible with the strategic directions direction and the contact of the organisation? Ensuring that the quality policy is communicated, understood and applied within the company? Ensuring the integration of the QMS requirements into the company's business processes? Promoting awareness of the process approach? Ensuring that the resources needed for the QMS are available?

Photo Comment

6. Does top management demonstrate leadership and commitment with respect to customer focus by ensuring that the: Customer requirements and applicable statutory and regulatory requirements are determined and met? Risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed? Focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements are maintained? Focus on enhancing customer satisfaction is maintained?

Photo Comment

7. Has your top management established, implemented and maintained a quality policy that: Is appropriate to the purpose and context of the organisation? Provides a framework for setting and reviewing quality objectives? Includes a commitment to satisfy applicable requirements? Includes a commitment to continual improvement of the QMS?

Photo Comment

10. Does top management assign the responsibility and authority for: Ensuring that the QMS conforms to the requirements of ISO 9001:2015 standards? Ensuring that the processes are delivering their intended outputs? Reporting on the performance of the QMS on opportunities for improvement and for reporting to the top management? Ensuring the promotion of customer focus throughout your company? Ensuring that the integrity of the QMS is maintained when changes to the QMS are planned and implemented?

Photo Comment

Planning

6. Do you consider the following: Are the quality objectives consistent with the quality policy? Are the objectives measurable? Do they take into account applicable requirements? Are they relevant to conformity of products and services and the enhancement of customer satisfaction? Are they monitored, communicated and updated as required? Do you retain documented information for the quality objectives?

Photo Comment

Support

11. When measurement traceability is a requirement, such as with a statutory or regulatory requirement, a customer or relevant interested party expectation; or considered by your company to be an essential part of the providing confidence I the validity of measurement results, do you manage the measuring instruments as follows: Verified or calibrated at specified intervals or prior to use against measurement standards traceable to international or national measurement standards? Where no such standards exist, do you retain documented information for the basis used for calibration or verification? Identified in order to determine their calibration status? Safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results? When an instrument is found to be out of calibration, does your company determine if the validity of previous measurement results has been adversely affected?

Photo Comment

16. To obtain needed knowledge do you consider: Internal sources, such as learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the company? External sources, such as standards, academia, conferences, gathering knowledge with customers or providers?

Photo Comment

23. Does your company ensure that personnel performing work under your control are aware of: The quality policy and the relevant quality objectives? Their contribution to the effectiveness of the QMS, including the benefits of improved quality performance? The implications of not conforming to the QMS requirements?

Photo Comment

27. When creating and updating documented information does the company ensure: Identification and description, such as a title, date, author, or reference number? Format, such as language, software version, graphics and media, such as paper, electronic? Review and approval for suitability and adequacy?

Photo Comment

28. Do you control the documented information required by the QMS and by ISO 9001:2015 to ensure that it is: Available and suitable for use, where and when it is needed? Adequately protected, such as from loss of confidentiality, improper use, or loss of integrity?

Photo Comment

Operation

1. Does your company plan, implement and control the processes needed to meet requirements for the provision of products and services and to implement the actions to address risks and opportunities by: Determining requirements for the product and services? Establishing criteria for the processes and for the acceptance of products and services? Determining the resources needed to achieve conformity to product and service requirements? Implementing control of the processes in accordance with the criteria? Retaining documented information to provide the confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements?

Photo Comment

6. Does your company establish the processes for communicating with customers in relation to: Information relating to products and services? Enquiries, contracts or order handling, including changes? Obtaining customer feedback, including customer complaints? The handling or treatment of customer property, when applicable? Specific requirements for contingency actions, when relevant?

Photo Comment

10. To ensure that you have the ability to meet requirements, does your company review: Requirements specified by the customer, including the requirements for delivery and post-delivery activities? Requirements not stated by the customer, but necessary for the customers' specified or intended use, when known? Requirements specified by your company? Additional statutory and regulatory requirements applicable to the products and services? Contract or order requirements differing from those previously expressed?

Photo Comment

18. In determining the stages and controls for design and development, does your company consider the: Nature, duration and complexity of the design and development activities? Requirements that specify particular process stages, including applicable design and development reviews? Required design and development verification and validation? Responsibilities and authorities involved in the design and development process? Internal and external resources needed for the design and development process? Need to control interfaces between individuals and parties involved in the design and development process? Need for involvement of customer and user groups in the design and development process? Requirements for subsequent provision of products and services? Level of control expected by customers or other interested parties? Necessary documented information to confirm that design and development requirements have been met?

Photo Comment

19. Does your company determine the: Requirements essential for the specific type of products and services being designed and developed, including, as required, functional and performance requirements? Applicable statutory and regulatory requirements? Information derived from previous similar design and development? Standards or codes of practice that your company is committed to implement? Internal and external resource needs for the design and development of products and services? Potential consequences of failure due to the nature of the products and services? Level of control expected of the design and development process by customers and other relevant interested parties?

Photo Comment

22. Do the controls you apply to the design and development process ensure that the: Results to be achieved by the design and development activities are clearly defined? Design and development reviews are conducted as planned to evaluate the ability of results of design and development to meet requirements? Verification is conducted to ensure that the design and development outputs have met the design and development input requirements? Necessary actions taken on problems determined during the reviews, verifications, validations?

Photo Comment

25. Does your company ensure that design and development outputs: Meet the input requirements for design and development? Are adequate for the subsequent processes for the provision of products and services? Include or reference monitoring and measuring requirements, and acceptance criteria, as applicable? Specify products or service characteristics essential for their intended purpose and their safe and proper provision?

Photo Comment

31. Do you apply the specified requirements for the control of externally provided products and services when: Products and services are provided by external providers for incorporation into your own products and services? Products and services are provided directly to the customers by external providers on behalf of your company? A process or part of a process is provided by an external provider as a result of your decision to outsource a process or function?

Photo Comment

36. When determining the type and extent of controls to be applied, do you consider: The potential impact of the externally provided processes, products and services on your ability to consistently meet customer and applicable statutory and regulatory requirements? The effectiveness of the controls applied by the external provider?

Photo Comment

39. Does your company communicate to external providers the following requirements: The products and services to be provided or the processes to be preformed? Approval or release of products and services, methods, processes or equipment? Competence or personnel, including necessary qualifications; their interactions with your QMS? The control and monitoring of the external provider's performance to be applied by your company? Verification activities that your company or your customer intends to perform at the external provider's premises?

Photo Comment

41. Do the controlled conditions include the: Availability of documented information that defines the characteristics of the products and services? Availability of documented information that defines the activities to be preformed and the results to be achieved? Monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met? Use and control of suitable infrastructure and process environment? Availability and use of suitable monitoring and measuring resources? Appointment of competent personnel, including any required qualifications? Validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement? Implementation of actions to prevent human errors? Implementation of products and services release, delivery and post-delivery activities?

Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.

ISO 9001-2015 Gap Analysis Checklist

1. Does your company determine the external and internal issues that are relevant to your purpose and strategic direction?

2. Do you consider the relevant issues that affect your ability to achieve the intended results of the QMS?

3. Does your company monitor and review the information related to the external and internal issues?

5. Does your company monitor and review the information about these interested parties and their relevant requirements?

6. To establish the scope of the QMS, does your company determine the boundaries and applicability of the QMS?

7. When determining the scope of the QMS, do you consider the: External and internal issues; Requirements of relevant interested parties; The products and services of your company?

8. When a requirement of ISO 9001:2015 can be applied, is the requirement applied by your company?

9. When requirements cannot be applied and in order to claim conformity to ISO 9001:2015, how do you determine if your ability or responsibility to ensure conformity of products and services are not affected?

10. Is the scope of the QMS available and maintained as documented information?

11. Does the scope state the products and services covered by the QMS?

12. Does your company provide justification for any instance where a requirement of the standard cannot be applied?

13. As required by the standard, do you establish, document, implement, maintain, and continually improve the QMS?

14. Does your company determine the processes needed for the QMS, their interactions and applications throughout your company?

16. Does your company maintain the necessary documented information to support the operation of processes?

17. Does your company retain the necessary documented information to provide the confidence that the processes are being carried out as planned?

2. Communicating the importance of effective quality management and of conforming to the QMS requirements?

3. Ensuring that the QMS achieves its intended results?

4. Engaging, directing and supporting persons to contribute to the effectiveness of the QMS?

5. Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?

8. Is your quality policy: Communicated, understood and applied within your company? Available as documented information? Available to relevant interested parties?

9. Does the top management ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the company?

1. When planning for the QMS, does your company consider the issues referred to earlier in the audit as well as determining the risks and opportunities that need to be addressed?

2. Is this performed to: Give assurance that the QMS can achieve its intended results? Enhance desirable effects? Prevent, or reduce undesired effects? Achieve improvement?

3. Does the company plan: Actions to address these risks and opportunities? How to integrate, implement the actions into the QMS processes and evaluate the effectiveness of these actions?

4. Do you take actions to address risks and opportunities that are proportionate to the potential impact on the conformity of products and services?

5. Does your company establish quality objectives at relevant functions, levels and processes?

7. When planning how to achieve the quality objectives, does your company determine: What will be done? What resources will be required? Who will be responsible? When it will be completed? How the results will be evaluated?

8. When your company determines the need for changes to the QMS, do you carry out the changes in a planned and systematic manner?

9. Do you consider the: Purpose of the changes and any of its potential consequences? Integrity of the QMS? Availability of resources? Allocation or reallocation of the responsibilities and authorities?

1. Does your company determine and provide the resources needed to establish, implement, maintain and continually improve the QMS?

2. Do you consider: The capabilities of, and constraints on, existing internal resources? What needs to be obtained from external providers?

3. To ensure that your company can consistently meet customer and applicable statutory and regulatory requirements, do you determine and provide the persons necessary for the effective operation of the QMS, including the processes needed?

4. To achieve conformity of products and services, does your company determine, provide and maintain the infrastructure for the operation of the processes?

5. Is the following considered as infrastructure: Buildings and associated utilities? Equipment including hardware and software? Transportation? Information and communication technology?

6. Does your company determine, provide and maintain the environment necessary for the operation of the processes and to achieve conformity of products and services?

7. For the environment for the operation of processes, do you consider the applicable physical, social and psychological factors?

8. When measuring or monitoring is used for the evidence of the conformity of products and services, does your company determine the resources needed to ensure valid and reliable monitoring and measuring results?

9. Do you ensure that resources provided are: Suitable for the type of monitoring and measurement activities being undertaken? Maintained to ensure their continued fitness for their purpose?

10. What documented information does your company retain as evidence of fitness for purpose of monitoring and measurement resources?

12. Does your company determine the knowledge necessary for the operation of the processes and to achieve conformity of products and services?

13. Is this knowledge maintained and made available as necessary?

14. When addressing changing needs and trends, does your company consider its current knowledge and determine how to acquire or access the necessary additional knowledge?

15. For organisational knowledge do you consider information such as intellectual property and lessons learned?

17. Does your company determine the necessary competence of the personnel doing work that affects quality performance?

18. Do you ensure that these persons are competent on the basis of appropriate education, training or experience?

19. Does your company take actions to acquire the necessary competence?

20. Do you consider, for example, the provision of training to, the mentoring of, or the reassignment of employees, or the hiring or contracting of competent persons, as relevant actions?

21. Do you evaluate the effectiveness of the actions taken?

22. Does your company retain documented information as evidence of competence?

24. Does your company determine the internal and external communications relevant to the QMS that include: On what it will communicate? When to communicate? With whom to communicate? How to communicate?

25. Does your QMS include: Documented information required by the ISO 9001:2015 standard? Documented information determined by your company as necessary for the effectiveness of the QMS?

26. For the documented information of the QMS, do you consider the: Size of your company and the type of activities, processes, products and services? Complexity of processes and their interactions? Competence of personnel?

28. Do you control the documented information required by the QMS and by ISO 9001:2015 to ensure that it is: Available and suitable for use, where and when it is needed? Adequately protected, such as from loss of confidentiality, improper use, or loss of integrity?

29. For the control of documented information, does your company address the following: Distribution, access, retrieval and use? Storage and preservation, including preservation of legibility? Control of changes? Retention and disposition?

30. Does your company identify and control the documented information from external origin and determined by your company to be necessary for the planning and operation of the QMS?

2. Do you provide the output of the planning in a format that is suitable to your operations?

3. Does your company control planned changes and review the consequences of unintended changes?

4. When required, do you take action to mitigate any adverse effects?

5. Does your company ensure that outsourced processes are controlled?

7. Does your company establish, implement and maintain a process to determine the requirements for the products and services to be offered to customers?

8. Do you ensure that product and service requirements (including those considered necessary by your company), and applicable statutory and regulatory requirements, are defined?

9. Do you ensure that your company has the ability to meet the defined requirements and substantiate the claims for the products and services offered?

11. Do you conduct the review prior to your company's commitment to supply products and services to the customer?

12. Does the review ensure that contract and order requirements differing from those previously defined are resolved?

13. When the customer does not provide a documented statement of their requirements, do you confirm the customer requirements before accepting an order?

14. Does your company retain documented information describing the results of the review, including any new or changed requirements for the products and services?

15. When requirements for products and services are changed, does your company ensure that relevant documented information is amended?

16. Do you make the relevant personnel aware of the changed requirements?

17. Has your company established, implemented, and maintained a design and development process to ensure the subsequent provision of products and services?

20. Do you ensure that the inputs for design and development purposes are complete and not ambiguous and resolve conflicts in inputs?

21. Has your company retained documented information on design and development inputs?

23. Do you retain documented information on design and development control activities?

24. As suitable to your products and services, how do you conduct reviews, verifications and validations?

26. Does your company retain the documented information on the design and development outputs?

27. Does your company review control and identify changes made during, or subsequent to the design and development of products and services?

28. Do you review, control and identify the changes to ensure that there are no adverse impacts on the conformity to requirements?

29. Have you retained documented information on: Design and development changes? Results of reviews? Authorization of changes? Actions taken to prevent adverse impacts?

30. Does your company ensure that externally provided processes, products and services conform to specified requirements?

32. Do you establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements?