ISO 9001-2015 Gap Analysis Checklist

This ISO 9001-2015 self-assessment form is an auditing tool that will help you to identify gaps between your existing Quality Management System and the requirements of ISO 9001:2015. Assess your existing policies, processes or procedures and flag key non-conformance areas. Understanding the status of your existing QMS will be a key driver for the subsequent implementation approach.

ISO 9001-2015 Gap Analysis Checklist



Understanding The Organisation

1. Does your company determine the external and internal issues that are relevant to your purpose and strategic direction?


Photo Comment

2. Do you consider the relevant issues that affect your ability to achieve the intended results of the QMS?


Photo Comment

3. Does your company monitor and review the information related to the external and internal issues?


Photo Comment

4. With consideration given to their impact or potential impact on your company's ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, do you determine: The interested parties that are relevant to the QMS? The requirements of these interested parties that are relevant to the QMS?


Photo Comment

5. Does your company monitor and review the information about these interested parties and their relevant requirements?


Photo Comment

6. To establish the scope of the QMS, does your company determine the boundaries and applicability of the QMS?


Photo Comment

7. When determining the scope of the QMS, do you consider the: External and internal issues; Requirements of relevant interested parties; The products and services of your company?


Photo Comment

8. When a requirement of ISO 9001:2015 can be applied, is the requirement applied by your company?


Photo Comment

9. When requirements cannot be applied and in order to claim conformity to ISO 9001:2015, how do you determine if your ability or responsibility to ensure conformity of products and services are not affected?


Photo Comment

10. Is the scope of the QMS available and maintained as documented information?


Photo Comment

11. Does the scope state the products and services covered by the QMS?


Photo Comment

12. Does your company provide justification for any instance where a requirement of the standard cannot be applied?


Photo Comment

13. As required by the standard, do you establish, document, implement, maintain, and continually improve the QMS?


Photo Comment

14. Does your company determine the processes needed for the QMS, their interactions and applications throughout your company?


Photo Comment

15. That is, for the QMS processes do you determine the: Inputs required and the outputs expected from the processes? Sequence and interaction of the processes? Criteria, methods, including measurements and related performance indicators needed to ensure the effective operation and control of the processes? Resources needed and ensure their availability? Assignment of the responsibilities and authorities for these processes? Risk and opportunities and plans to implement the appropriate actions to address them? Methods for monitoring, measuring and evaluation of processes and if needed, the changes to processes to ensure that they achieve intended results? Opportunities for improvement of the processes and the QMS?


Photo Comment

16. Does your company maintain the necessary documented information to support the operation of processes?


Photo Comment

17. Does your company retain the necessary documented information to provide the confidence that the processes are being carried out as planned?


Photo Comment
Leadership

1. Does top management demonstrate leadership and commitment with respect to the QMS by: Taking accountability of the effectiveness of the QMS? Ensuring that the quality policy and quality objectives are established for the QMS and are compatible with the strategic directions direction and the contact of the organisation? Ensuring that the quality policy is communicated, understood and applied within the company? Ensuring the integration of the QMS requirements into the company's business processes? Promoting awareness of the process approach? Ensuring that the resources needed for the QMS are available?


Photo Comment

2. Communicating the importance of effective quality management and of conforming to the QMS requirements?


Photo Comment

3. Ensuring that the QMS achieves its intended results?


Photo Comment

4. Engaging, directing and supporting persons to contribute to the effectiveness of the QMS?


Photo Comment

5. Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?


Photo Comment

6. Does top management demonstrate leadership and commitment with respect to customer focus by ensuring that the: Customer requirements and applicable statutory and regulatory requirements are determined and met? Risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed? Focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements are maintained? Focus on enhancing customer satisfaction is maintained?


Photo Comment

7. Has your top management established, implemented and maintained a quality policy that: Is appropriate to the purpose and context of the organisation? Provides a framework for setting and reviewing quality objectives? Includes a commitment to satisfy applicable requirements? Includes a commitment to continual improvement of the QMS?


Photo Comment

8. Is your quality policy: Communicated, understood and applied within your company? Available as documented information? Available to relevant interested parties?


Photo Comment

9. Does the top management ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the company?


Photo Comment

10. Does top management assign the responsibility and authority for: Ensuring that the QMS conforms to the requirements of ISO 9001:2015 standards? Ensuring that the processes are delivering their intended outputs? Reporting on the performance of the QMS on opportunities for improvement and for reporting to the top management? Ensuring the promotion of customer focus throughout your company? Ensuring that the integrity of the QMS is maintained when changes to the QMS are planned and implemented?


Photo Comment
Planning

1. When planning for the QMS, does your company consider the issues referred to earlier in the audit as well as determining the risks and opportunities that need to be addressed?


Photo Comment

2. Is this performed to: Give assurance that the QMS can achieve its intended results? Enhance desirable effects? Prevent, or reduce undesired effects? Achieve improvement?


Photo Comment

3. Does the company plan: Actions to address these risks and opportunities? How to integrate, implement the actions into the QMS processes and evaluate the effectiveness of these actions?


Photo Comment

4. Do you take actions to address risks and opportunities that are proportionate to the potential impact on the conformity of products and services?


Photo Comment

5. Does your company establish quality objectives at relevant functions, levels and processes?


Photo Comment

6. Do you consider the following: Are the quality objectives consistent with the quality policy? Are the objectives measurable? Do they take into account applicable requirements? Are they relevant to conformity of products and services and the enhancement of customer satisfaction? Are they monitored, communicated and updated as required? Do you retain documented information for the quality objectives?


Photo Comment

7. When planning how to achieve the quality objectives, does your company determine: What will be done? What resources will be required? Who will be responsible? When it will be completed? How the results will be evaluated?


Photo Comment

8. When your company determines the need for changes to the QMS, do you carry out the changes in a planned and systematic manner?


Photo Comment

9. Do you consider the: Purpose of the changes and any of its potential consequences? Integrity of the QMS? Availability of resources? Allocation or reallocation of the responsibilities and authorities?


Photo Comment
Support

1. Does your company determine and provide the resources needed to establish, implement, maintain and continually improve the QMS?


Photo Comment

2. Do you consider: The capabilities of, and constraints on, existing internal resources? What needs to be obtained from external providers?


Photo Comment

3. To ensure that your company can consistently meet customer and applicable statutory and regulatory requirements, do you determine and provide the persons necessary for the effective operation of the QMS, including the processes needed?


Photo Comment

4. To achieve conformity of products and services, does your company determine, provide and maintain the infrastructure for the operation of the processes?


Photo Comment

5. Is the following considered as infrastructure: Buildings and associated utilities? Equipment including hardware and software? Transportation? Information and communication technology?


Photo Comment

6. Does your company determine, provide and maintain the environment necessary for the operation of the processes and to achieve conformity of products and services?


Photo Comment

7. For the environment for the operation of processes, do you consider the applicable physical, social and psychological factors?


Photo Comment

8. When measuring or monitoring is used for the evidence of the conformity of products and services, does your company determine the resources needed to ensure valid and reliable monitoring and measuring results?


Photo Comment

9. Do you ensure that resources provided are: Suitable for the type of monitoring and measurement activities being undertaken? Maintained to ensure their continued fitness for their purpose?


Photo Comment

10. What documented information does your company retain as evidence of fitness for purpose of monitoring and measurement resources?


Photo Comment

11. When measurement traceability is a requirement, such as with a statutory or regulatory requirement, a customer or relevant interested party expectation; or considered by your company to be an essential part of the providing confidence I the validity of measurement results, do you manage the measuring instruments as follows: Verified or calibrated at specified intervals or prior to use against measurement standards traceable to international or national measurement standards? Where no such standards exist, do you retain documented information for the basis used for calibration or verification? Identified in order to determine their calibration status? Safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results? When an instrument is found to be out of calibration, does your company determine if the validity of previous measurement results has been adversely affected?


Photo Comment

12. Does your company determine the knowledge necessary for the operation of the processes and to achieve conformity of products and services?


Photo Comment

13. Is this knowledge maintained and made available as necessary?


Photo Comment

14. When addressing changing needs and trends, does your company consider its current knowledge and determine how to acquire or access the necessary additional knowledge?


Photo Comment

15. For organisational knowledge do you consider information such as intellectual property and lessons learned?


Photo Comment

16. To obtain needed knowledge do you consider: Internal sources, such as learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the company? External sources, such as standards, academia, conferences, gathering knowledge with customers or providers?


Photo Comment

17. Does your company determine the necessary competence of the personnel doing work that affects quality performance?


Photo Comment

18. Do you ensure that these persons are competent on the basis of appropriate education, training or experience?


Photo Comment

19. Does your company take actions to acquire the necessary competence?


Photo Comment

20. Do you consider, for example, the provision of training to, the mentoring of, or the reassignment of employees, or the hiring or contracting of competent persons, as relevant actions?


Photo Comment

21. Do you evaluate the effectiveness of the actions taken?


Photo Comment

22. Does your company retain documented information as evidence of competence?


Photo Comment

23. Does your company ensure that personnel performing work under your control are aware of: The quality policy and the relevant quality objectives? Their contribution to the effectiveness of the QMS, including the benefits of improved quality performance? The implications of not conforming to the QMS requirements?


Photo Comment

24. Does your company determine the internal and external communications relevant to the QMS that include: On what it will communicate? When to communicate? With whom to communicate? How to communicate?


Photo Comment

25. Does your QMS include: Documented information required by the ISO 9001:2015 standard? Documented information determined by your company as necessary for the effectiveness of the QMS?


Photo Comment

26. For the documented information of the QMS, do you consider the: Size of your company and the type of activities, processes, products and services? Complexity of processes and their interactions? Competence of personnel?


Photo Comment

27. When creating and updating documented information does the company ensure: Identification and description, such as a title, date, author, or reference number? Format, such as language, software version, graphics and media, such as paper, electronic? Review and approval for suitability and adequacy?


Photo Comment

28. Do you control the documented information required by the QMS and by ISO 9001:2015 to ensure that it is: Available and suitable for use, where and when it is needed? Adequately protected, such as from loss of confidentiality, improper use, or loss of integrity?


Photo Comment

29. For the control of documented information, does your company address the following: Distribution, access, retrieval and use? Storage and preservation, including preservation of legibility? Control of changes? Retention and disposition?


Photo Comment

30. Does your company identify and control the documented information from external origin and determined by your company to be necessary for the planning and operation of the QMS?


Photo Comment
Operation

1. Does your company plan, implement and control the processes needed to meet requirements for the provision of products and services and to implement the actions to address risks and opportunities by: Determining requirements for the product and services? Establishing criteria for the processes and for the acceptance of products and services? Determining the resources needed to achieve conformity to product and service requirements? Implementing control of the processes in accordance with the criteria? Retaining documented information to provide the confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements?


Photo Comment

2. Do you provide the output of the planning in a format that is suitable to your operations?


Photo Comment

3. Does your company control planned changes and review the consequences of unintended changes?


Photo Comment

4. When required, do you take action to mitigate any adverse effects?


Photo Comment

5. Does your company ensure that outsourced processes are controlled?


Photo Comment

6. Does your company establish the processes for communicating with customers in relation to: Information relating to products and services? Enquiries, contracts or order handling, including changes? Obtaining customer feedback, including customer complaints? The handling or treatment of customer property, when applicable? Specific requirements for contingency actions, when relevant?


Photo Comment

7. Does your company establish, implement and maintain a process to determine the requirements for the products and services to be offered to customers?


Photo Comment

8. Do you ensure that product and service requirements (including those considered necessary by your company), and applicable statutory and regulatory requirements, are defined?


Photo Comment

9. Do you ensure that your company has the ability to meet the defined requirements and substantiate the claims for the products and services offered?


Photo Comment

10. To ensure that you have the ability to meet requirements, does your company review: Requirements specified by the customer, including the requirements for delivery and post-delivery activities? Requirements not stated by the customer, but necessary for the customers' specified or intended use, when known? Requirements specified by your company? Additional statutory and regulatory requirements applicable to the products and services? Contract or order requirements differing from those previously expressed?


Photo Comment

11. Do you conduct the review prior to your company's commitment to supply products and services to the customer?


Photo Comment

12. Does the review ensure that contract and order requirements differing from those previously defined are resolved?


Photo Comment

13. When the customer does not provide a documented statement of their requirements, do you confirm the customer requirements before accepting an order?


Photo Comment

14. Does your company retain documented information describing the results of the review, including any new or changed requirements for the products and services?


Photo Comment

15. When requirements for products and services are changed, does your company ensure that relevant documented information is amended?


Photo Comment

16. Do you make the relevant personnel aware of the changed requirements?


Photo Comment

17. Has your company established, implemented, and maintained a design and development process to ensure the subsequent provision of products and services?


Photo Comment

18. In determining the stages and controls for design and development, does your company consider the: Nature, duration and complexity of the design and development activities? Requirements that specify particular process stages, including applicable design and development reviews? Required design and development verification and validation? Responsibilities and authorities involved in the design and development process? Internal and external resources needed for the design and development process? Need to control interfaces between individuals and parties involved in the design and development process? Need for involvement of customer and user groups in the design and development process? Requirements for subsequent provision of products and services? Level of control expected by customers or other interested parties? Necessary documented information to confirm that design and development requirements have been met?


Photo Comment

19. Does your company determine the: Requirements essential for the specific type of products and services being designed and developed, including, as required, functional and performance requirements? Applicable statutory and regulatory requirements? Information derived from previous similar design and development? Standards or codes of practice that your company is committed to implement? Internal and external resource needs for the design and development of products and services? Potential consequences of failure due to the nature of the products and services? Level of control expected of the design and development process by customers and other relevant interested parties?


Photo Comment

20. Do you ensure that the inputs for design and development purposes are complete and not ambiguous and resolve conflicts in inputs?


Photo Comment

21. Has your company retained documented information on design and development inputs?


Photo Comment

22. Do the controls you apply to the design and development process ensure that the: Results to be achieved by the design and development activities are clearly defined? Design and development reviews are conducted as planned to evaluate the ability of results of design and development to meet requirements? Verification is conducted to ensure that the design and development outputs have met the design and development input requirements? Necessary actions taken on problems determined during the reviews, verifications, validations?


Photo Comment

23. Do you retain documented information on design and development control activities?


Photo Comment

24. As suitable to your products and services, how do you conduct reviews, verifications and validations?


Photo Comment

25. Does your company ensure that design and development outputs: Meet the input requirements for design and development? Are adequate for the subsequent processes for the provision of products and services? Include or reference monitoring and measuring requirements, and acceptance criteria, as applicable? Specify products or service characteristics essential for their intended purpose and their safe and proper provision?


Photo Comment

26. Does your company retain the documented information on the design and development outputs?


Photo Comment

27. Does your company review control and identify changes made during, or subsequent to the design and development of products and services?


Photo Comment

28. Do you review, control and identify the changes to ensure that there are no adverse impacts on the conformity to requirements?


Photo Comment

29. Have you retained documented information on: Design and development changes? Results of reviews? Authorization of changes? Actions taken to prevent adverse impacts?


Photo Comment

30. Does your company ensure that externally provided processes, products and services conform to specified requirements?


Photo Comment

31. Do you apply the specified requirements for the control of externally provided products and services when: Products and services are provided by external providers for incorporation into your own products and services? Products and services are provided directly to the customers by external providers on behalf of your company? A process or part of a process is provided by an external provider as a result of your decision to outsource a process or function?


Photo Comment

32. Do you establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements?


Photo Comment

33. Does your company retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers?


Photo Comment

34. How does your company ensure that externally provided processes, products and services do not adversely affect your ability to consistently deliver conforming products and services to customers?


Photo Comment

35. Does your company: Ensure that externally provided processes remain within the control of the QMS? Define both the controls that are intended to be applied to external providers and those are intended to be applied to the resulting output?


Photo Comment

36. When determining the type and extent of controls to be applied, do you consider: The potential impact of the externally provided processes, products and services on your ability to consistently meet customer and applicable statutory and regulatory requirements? The effectiveness of the controls applied by the external provider?


Photo Comment

37. Has your company determined the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements?


Photo Comment

38. How does your company ensure the adequacy of specified requirements prior to their communication to the external provider?


Photo Comment

39. Does your company communicate to external providers the following requirements: The products and services to be provided or the processes to be preformed? Approval or release of products and services, methods, processes or equipment? Competence or personnel, including necessary qualifications; their interactions with your QMS? The control and monitoring of the external provider's performance to be applied by your company? Verification activities that your company or your customer intends to perform at the external provider's premises?


Photo Comment

40. Does your company implement the controlled conditions for production and service provision?


Photo Comment

41. Do the controlled conditions include the: Availability of documented information that defines the characteristics of the products and services? Availability of documented information that defines the activities to be preformed and the results to be achieved? Monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met? Use and control of suitable infrastructure and process environment? Availability and use of suitable monitoring and measuring resources? Appointment of competent personnel, including any required qualifications? Validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement? Implementation of actions to prevent human errors? Implementation of products and services release, delivery and post-delivery activities?


Photo Comment

42. When required to ensure conformity of products and services, does your company use suitable means to identify process outputs?


Photo Comment

43. Do you identify the status of process outputs with respect to monitoring and measurement requirements throughout production and service provision?


Photo Comment

44. When traceability is required, do you control the unique identification of process outputs?


Photo Comment

45. Do you retain the documented information needed to maintain traceability?


Photo Comment

46. Do you consider process outputs as the results of any activities which are ready for delivery to the customer or to an internal customer, such as a receiver of the inputs to the next process?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists