Doxonomy ISO 9001:2015 Documentation Toolkit

Implementation Guide

1 Introduction
Thank you for purchasing the Doxonomy ISO 9001:2015 Documentation Toolkit.
Whether you are updating your documentation, moving on from 9001:2008 to 9001:2015 or
Implementing ISO 9001 for the first time, using our document toolkit will make it far less
painful than you might expect!
While our 9001 Step-by-Step implementation guide (you can also find this is the “Guidance”
folder) provides step-by-step guidance on the overall steps you will need to take to
implement ISO 9001:2015 in your organisation, this guide focuses on how to tailor the
documents we have provided to the specific needs of your organisation.
Implementing ISO 9001:2015 is of course far more than great documentation, but
documentation is a key element as it is the ‘glue’ which binds the whole together, so these
two guides are complimentary and should be used side-by-side.

2 Accessing Your Documents

You have been supplied with a ZIP file containing the Doxonomy 9001:2015 Documentation
Toolkit and you should keep this safely on your hard drive.
Unzip the files, making sure that you maintain the directory structure.
Keep the ZIP file safe, in case you need it again.
We will advise you via our newsletter of any changes and additions we make in the future
and provide you with link to download the updated ZIP file.

3 Content
The documents provided include these Instructions, an over-arching Quality Manual, a
series of supporting Procedures, a range of related Forms, Templates and Checklists,
comprehensive Guidance and more.
 Instructions - Doxonomy ISO 9001 2015 Toolkit
9001 Documentation:

 Quality Manual
 Table of Responsibilities and Authorities
Core1 Management System Procedures (file prefix CMS):
 Control of Calibration, Verification and Validation

1
These core procedures are common to each of our management system toolkits, 9001, 14001 etc.
Doxonomy ISO 9001:2015 Toolkit Page 1 of 13
  Control of Competency

 Control of Corrective and Preventative Actions (CPAR)

 Control of Internal Auditing

 Control of Management System Documentation

 Control of Management System Records
Quality Management System Procedures (file prefix QMS):
 Control of Customer Satisfaction
 Control of Design and Design Changes

 Control of Equipment Validation and Maintenance

 Control of Non-conforming Product

 Control of Non-conforming Service

 Control of Purchasing and Supply

 Control of Management Reviews
 Control of Risks and Opportunities
 Identification of Quality Context
Forms, Templates, Logs and Registers:
 Approved Supplier List

 Calibration, Monitoring and Production Software Validation Register

 Calibration Register
 Controlled QMS Documents Register
 Controlled QMS Records Register
 Corrective and Preventative Action Request (CPAR) Form
 Corrective and Preventative Action Request (CPAR) Log

 Customer Feedback Form

 Design Change Request Form

 Design Software Validation Register

 Document Change Request Form

 Management Review Agenda Template

 Management Review Meeting Minutes Template

 Non-conforming Product Report and Resolution (NPRR) Form

 Non-conforming Service Report and Resolution (NSRR) Form

Doxonomy ISO 9001:2015 Toolkit Page 2 of 13

  PESTLE Template

 Preventative Maintenance Log

 Preventative Maintenance Register

 Process Definition Template

 Quality Context Log

 Receiving Inspection Log

 Risk Register

 Role Profile Form

 Role Profile Register

 Routine Maintenance Register

 Supplier Corrective Action Log

 Supplier Corrective Action Request (SCAR) Form

 Supplier Corrective Action Request (SCAR) Log
 Supplier Evaluation Form
 Supplier Questionnaire

 SWOT Template
 Training Evaluation Form
Internal Audit:
 Auditing Step-by-Step
 Auditor Code of Conduct
 Internal Audit Feedback Form
 Internal Audit Report Template
 Internal Audit Template - Process

 Internal Audit Questions - Process

 Internal Audit Questions - QMS

 Internal Audit Questions – Supplier

 Knowledge Requirements for QMS Auditors
9001 Training (PowerPoint Presentations)
 9001 Training Module 1 - An introduction to Quality Management

 9001 Training Module 2 - Quality Management Terminology

 9001 Training Module 3 - Cl1 to Cl7 In Detail

Doxonomy ISO 9001:2015 Toolkit Page 3 of 13

  9001 Training Module 4 - Cl8 to Cl10 In Detail
Auditor Training (To ISO19011:2011) (PowerPoint Presentations)
 Auditor Training Module 1 - Auditing Concepts
 Auditor Training Module 2 - Audit Management

 Auditor Training Module 3 - Conducting the Audit

 Auditor Training Module 4 - Competence and Training of Auditors
9001 Guidance:
 9001 Step-by-Step

 Gap Analysis ISO 9001-2008 to 9001-201

 Glossary of Terms ISO 9001-2015
 Mandatory Documents and Records ISO 9001-2015
 Risk Based Thinking ISO 9001-2015
 Quality Risk Management ISO 9001-2015
Example Process Maps:
 Example - Delivery of Services Process Map
 Example - Hiring Process Map

 Example - Ordering Process Map

 Example – Overall High Level Process Map
Selected Third Party Guidance:
 ISO 9001-2015 Debunking the Myths
 ISO 9001-2015 How to Use It
 ISO 9001-2015 Introduction to Documented Information

 ISO 9001-2015 Process Approach

 ISO 9001-2015 Quality Management Principles

 ISO 9001-2015 Reaping the Benefits

 ISO 9001:2015 Revision – FAQs

 ISO 9001-2015 Technical Guide

Abacre:
 Instructions – Replacing Placeholders
 Placeholders
We have worked hard to create a “generic” document set that requires the minimum of
tailoring to individual organisations. However, all businesses are different and you will

Doxonomy ISO 9001:2015 Toolkit Page 4 of 13

inevitably, as described below, need to make changes to the documents we have provided
and to fill in some “gaps”.

4 Toolkit Scope
The documentation we provide covers the provision of both services and products, including,
where relevant, design and manufacturing.
Clearly, not many organisations undertake all of these activities, and where your
organisation’s business is more limited you will need to edit out the extraneous content. We
have structured the content to make this step as straightforward as possible and have often,
for example, split “services” and “product” processes into separate procedures / forms so
that leaving out one or the other is relatively straightforward.
Some activities referred to specifically by 9001, for example “design”, must be specifically
excluded from the scope of the quality management system (as explained in the template
Quality Manual), if they do not apply.

5 Doxonomy’s Approach
ISO 9001:2015 is a high level international standard that utilises language which can
sometimes confuse as it tries to find terms and concepts which span multiple cultures and
versions of English.
While we could strictly follow the terms used in the standard, we have decided to improve
clarity and ease of use by sometimes using more ‘common’ language. The standard itself
explicitly states that other terminological approaches may be used, and we are confident that
our documentation remains compliant with ISO 9001.
Some authors create an entirely different structure (in terms of clause numbering) to that
used in the standard, presumably because they think their approach is superior. However,
we consider it best to adopt the numbering scheme of ISO 9001:2015, so that linking the
quality management system content to the standard remains straightforward and does not
require the complex cross-reference table which is otherwise necessary. If you are going for
third party certification in due course, this approach makes it easy for auditors, and anything
that makes it easier for them makes it easier for you!
Other points of note include:
 We have not utilised document numbers or reference systems, which in our view are
unnecessary and just add another level of confusion and complexity. We recommend
clear and meaningful document titles which aid use-ability.
 ISO 9001:2015 uses a new term “Documented Information” to refer to both
“Documents” and “Records”. We find this confusing, given that different controls are
required for each in the standard, and so have kept the previous (ISO 9001:2008)
terminology of “Documents” and “Records”. As noted above, ISO does not require
you to adopt the standard’s built in terminology to be compliant with the standard.
 We have assumed, that at least initially; finance, accounting, legal, health and safety,
insurance, employment etc. fall outside of the scope of the 9001 quality management
system. Once the system is fully established you can, of course, bring these
processes within the system although many, if not most, organisations choose not to
do so on the basis that they do not impact on product or service quality.

Doxonomy ISO 9001:2015 Toolkit Page 5 of 13

  Similarly, we have made it clear, in the Quality Manual, that the “social and
psychological” factors referred to in the standard are managed outside of the quality
management system unless they impact on product or service quality.
 ISO 9001 requires that both quality objectives be set and processes monitored and
measured. Doxonomy has taken the lead from others, and combined these
requirements into a single requirement that each top-level process has at least one
measurable objective. More of that later.
 While we have worded procedures on the basis that documents are all distributed
and controlled via an intranet or similar, and thereby all documents referred to on-line
by operatives are automatically up-to-date and thus “controlled”, we have also
included in each controlled document the facility for it to be printed.
 If printed, controlled documents can either remain controlled, that is distributed
formally to named targets by the “Documentation Controller”, or they become
‘uncontrolled’. How you manage document distribution and control is ultimately your
decision, so long as you do not permit the circumvention of ISO 9001’s document
control requirements.

6 Documentation Overview
ISO 9001:2015 documentation usually follows the following hierarchy:
6.1 Quality Manual
The Quality Manual is a high‐level document that includes:
 a statement explaining the scope of the Quality Management System (QMS),
including exclusions and details for their justification

 a description of the QMS processes and their interactions

 the company’s Quality Policy and Quality Objectives

 an Organisation Chart showing the relationships and responsibilities of persons

whose work affects quality

 an overview of the system level procedures

The Quality Manual we provide is mostly complete, with only limited (but nevertheless
important!) additions required which are specific to your organisation.

6.2 Procedures
Procedures are “high‐level” documents that detail how the organisation’s QMS processes
are designed and controlled and the checks that are carried out.
Doxonomy have provided you with drafts of all of the procedures necessary to meet the
requirements of ISO 9001:2015. Most organisations will only need to make limited
changes/additions to finalise these drafts.

6.3 Processes Definitions

These are definitions of the high level processes, such as; Marketing & Sales, Customer
Order Handling, Selection and Control of Suppliers/Supplies, Production and/or Service
Provision, Packing and Shipping Product etc. which collectively constitute your operations.

Doxonomy ISO 9001:2015 Toolkit Page 6 of 13

Only you can know what your high level processes are and how they operate. Once your
process definitions and their interactions have been developed (see advice on this below),
the processes will need to be listed and their interactions described in the Quality Manual.

6.4 Work Instructions

Work instructions (sometimes also called “operating procedures” or “management
instructions”) describe in detail how particular tasks must be performed and are typically
written by the people who perform the actual work. For this reason your Doxonomy toolkit
doesn’t contain work instructions.
Work instructions are not even mentioned in ISO 9001:2015. Nonetheless there are few
quality management tools that are either simpler or more effective. Work instructions also
directly address the new requirement for preventing human error (8.5.1(g)).
It is, however, a common misconception that every task in the company needs to be
documented in a work instruction. Work instructions are only required where there is not
enough information at the procedure level to ensure the quality system is effective or where
training is not sufficient to ensure the operator has enough knowledge to do their job
consistently and correctly.
However, if you do add work instructions to your QMS then they become part of the QMS
and controlled documents and must be maintained and managed as such!
Work instructions can come in many forms; flowcharts, checklists, text procedures,
diagrams, photographs etc.
Here are some criteria that might help you decide if/when/where work instructions are
necessary:
 infrequent tasks – if a job is performed very infrequently, it is possible that staff will
require work instructions
 important tasks – if a job is very important or high risk, it may need to be defined in a
work instruction
 complicated tasks – if a job requires many or complicated steps it may require a work
instruction
 tasks where any of the following characteristics are present would probably benefit
from a work instruction:
- staff are unsure
- errors are frequent
- regular inspection is required
- novices could not do the work
- consistency is important
- supervision is required
- mistakes are time consuming and difficult to fix
- specialised training is required

Doxonomy ISO 9001:2015 Toolkit Page 7 of 13

However, complexity of itself is not an indicator of the need for a work instruction, bear in
mind that:
 low complexity - baking a cake where every box of cake mix has the recipe (work
instructions) printed on it
 medium complexity - driving a car where there are no work instructions, but instead
rules and training
 high complexity - brain surgery where you would not want to hear your doctor ask for
work instructions as you were going under anaesthetic, but instead want a highly
trained individual who can think through any problems rather than looking to a
manual

6.5 Forms & Records

Forms capture records for data/information required to support or confirm processes. Forms
can be separately controlled documents and/or included within the appropriate procedure.

7 Document Customisation
While we strive to make our documents suitable for most organisations, all organisations are
different and you will inevitably need to do some customisation.
There are many consultancies who provide services to help you obtain ISO 9001 but they
are of differing quality and can be expensive. In our experience, if you are committed to
understanding how 9001 works and put in the time and effort required, their involvement
need only be limited (and often they are not required). In many ways it is best done by you,
as you will need to understand how 9001 works, and explaining your business to a
consultant can take just as long!
If you do get stuck remember that Google is your friend and that it is often sufficient to halt
work on a tricky issue and come back to it later!
For additional help, not just when setting up your systems but also subsequently there are
online open forums where you can interact with others to solve problems / get answers,
including:

 qualityforumonline.com/
 qualityrecord.com/
We recommend that, having downloaded your document set from the internet, you
customise them in two phases.

7.1 Phase 1 – Replace the ‘text placeholders’ with specific titles

Scattered throughout the documents are generic textural “placeholders” (separated from
normal text like this “<placeholder>”) where titles and other items specific to your
organisation need to be inserted.
For example, we don’t know what title you are going to give the manager with overall
responsibility for managing ISO 9001 and achieving quality outcomes. So we have used a
placeholder, “<Quality Manager>”, throughout the templates.

Doxonomy ISO 9001:2015 Toolkit Page 8 of 13

You may want to give this person the title “9001 Manager” or “Quality Director”, or, if you are
a small office based business, 9001 may become a responsibility of the “Office Manager” or
you may have some entirely different title in mind.
There are multiple titles and almost 200 substitutions to be made, so, to make this step easy,
we have set up a conversion process for you which allows all of these placeholder
substitutions to be made in a single step.
In the folder “Abacre” you will find detailed instructions that lead you step-by-step through
competing this important first phase of tailoring the template documents to your organisation.

7.2 Phase 2 – Customise the detail

Assuming you have replaced the placeholders with actual titles you are now ready to get into
the detail.
Three types of customisation may be required in this phase:
1. Your organisation may not design or manufacture and may only deliver products and
not services and so on. Read carefully through the documents and decide, on the
basis of what your actual activities are, which parts of the documentation you need
and which parts you don’t. Be careful though, for example you may only deliver
services but those services may still include third party products. In this case, much
of the ‘product’ related content may still be required to ensure that such products are
specified, purchased, handled etc. in ways which don’t affect the quality of customer
outcomes.
2. Your organisation may not ‘fit’ our generic documents and you may need to re-draft
various parts of them until they do. You will only know what changes of this type you
need to make by carefully reading through the documents and noting where such
changes are required. In general, we find that changes of this type tend to be quite
limited.
3. There are some areas where we know that you will definitely need to add or amend
to the text because the wording that is required will be specific to your organisation.
Where this is the case we have indicated that in bright blue text which also explains
what you need to do. Don’t forget to remove all of the blue text once you have made
the required inputs!
4. The addition of work instructions as necessary.
We recommend that you work systematically, starting with the Quality Manual and
Procedures.
The three most difficult things/concepts that you are likely to encounter are:
1. “risk management” – where only you know the risks that your processes and
organisation faces and where you may well not have systematically documented and
addressed them previously
We provide a guidance document on Quality Risk Management to help you better
understand how risk can be assessed in terms of quality systems.
2. “context of the organisation” – where you need to think in depth about your
organisation/operations and how they relate either directly or indirectly to both your
internal and external stakeholders

Doxonomy ISO 9001:2015 Toolkit Page 9 of 13

 We provide an “Identification of Operational Context” procedure and its related tools
to guide you through undertaking this important task.
3. your “high level processes” – which are often unique to you and which you will need
to identify, including their detail and how they inter-relate
These are the tricky issues where organisations often do “call in the consultants”. However,
we have provided guidance on each of these below and would recommend that you try to do
the work yourselves in the first instance.
Once the Quality Manual and Procedures are complete (at least the first pass edit, it is likely
that there will be a degree of iteration and review as you progress) we recommend that you
next do the heavy lifting of defining your high level processes (see below).
Once the system is approaching full definition, move on to the forms, templates, logs and
registers etc. We have hopefully provided the majority of such documents that you will need.
However, it is usual that you will need to create more and adjust some to realise a fully
working system which meets all of the requirements of ISO 9001 as applied to your
particular circumstances.

Remember, wherever you see hypertext (blue underlined text) or a symbol in a document
it is a hyperlink to our on-line knowledge base or other third party advice, where you can find
help and guidance.

8 Process Definitions
Once the procedures are complete, you should move on to the Process Definition
documents. Process definitions include more detailed information on the processes you
identified in your Quality Manual.
You can use process maps, turtle diagrams, text, or whatever you like, there’s no wrong way
to do it but neither can any template kit do this for you!
The ISO 9001 “process approach” asks that you consider your company as a set of
interrelated processes rather than a typical approach of an organisation being a set of
departments. As a result, organisations often have to look at their organisation afresh.
First, think about what your organisation provides, and how that provision progresses from
the receipt of an order, to design activities, through manufacturing or service provision, until
delivery and any post-delivery activities. The specific things you do, and their sequence, will
be very different to other organisations.
Then, place these activities into logical groupings (such as sales, procurement, manufacture
etc.) which are actually “processes”. However, bear in mind that in ISO 9001 terms, a
process has certain defined characteristics:

 it must be identified and have clear boundaries, which of course may be interfaces to
other defined processes

 its interaction with other processes must be defined (usually mapped)

 you must provide adequate resources for the process

 you must manage the process through the definition of measurable process controls
 you must then measure and monitor the process, using those controls

Doxonomy ISO 9001:2015 Toolkit Page 10 of 13

  you should, generally but not necessarily, audit by process
So you need to be careful what you label as a “process”. For example, for most
organisations “answering phones” is not a process, because you would not want to measure
it. However, if you operate a call centre, it is your primary function and you would want to
measure how well it was done.
Typically, organisations will have some processes addressing the following activities:
 “Design” - of products or services (engineering)

 “Marketing & Sales” - sales, lead generation, intake of customer requirements,

contract review
 “Procurement“– of materials and products
 “Receiving” - but might be part of Procurement

 “Production” - manufacturing, assembly, fabrication, producing reports etc. – usually

includes QC or QA within in it
 “Service Provision” (if your company is not a manufacturer)

 “Delivery” - shipping
 “Training” - HR related activities

 “QMS Management” itself - document control, record control, audits, corrective

actions, improvements, etc.
 “Auditing” - sometimes treated as a process by itself
Complicated manufacturers may divide their production operations into a number of
separate processes, rather than lump them together under one. This is entirely up to you,
and it should be based on what you want to measure to ensure consistently high quality
across all of those processes which impact on your customers and stakeholders.
For each process you identify you will need to:
1. Enter the process into the list of processes in the Quality Manual.
2. Add the process to the overall process map (flow chart, which you will need to
create) in the appropriate Quality Manual Appendix, to show where it fits into the
overall sequence, and how it interacts with the other high level processes.
This process map only needs to represent a typical process flow at high level.
3. Create a Process Definition Document for the process using, for example, the
Process Definition Template provided with this toolkit.
Each Process Definition should include detail on its objectives, the metrics applied to
the objectives (there must be at least one objective/metric), how each process is
carried out, who is responsible for it, inputs and outputs, a process map, risks,
relevant ISO 9001 clauses etc.
4. Create an audit template for the process, based on the Internal Audit Template -
Process.

Doxonomy ISO 9001:2015 Toolkit Page 11 of 13

This template is a ‘skeleton’ only. Those ISO 9001 clauses that have been identified to be
relevant to the process should be entered into Part A and Part C can draw on the “Internal
Audit Checklist Questions – Process” document provided.
Once all processes have been defined:
1. Compile a table listing each process (including the QMS / Quality Manual) and the
ISO 9001 clauses that are associated with it. Check that all processes are associated
with at least one ISO clause and that overall, all the of the relevant ISO clauses
appear in the table. If not then either a key process is missing or any missing clause
references should occur at least once in one of your defined processes.
Once complete this table can be used to ensure that Internal Audits are appropriately
targeted.
2. Have top management, in consultation with process owners, assign a target for each
metric set out in your Process Definition Documents.
Before the QMS becomes operative process owners must be set the task of collecting data
for each process objective / metric pair listed in the Process Definition Documents and
reporting on them to top management during the periodic Management Reviews.

9 Risk Management
Risk management activities and methodologies are highly dependent on the issue and
context.
Our Quality Risk Management primer introduces you to the concepts and techniques of
assessing risk in the context of achieving high quality outcomes.
Some recommend Failure Mode Effects Analysis (FMEA) for everything, but that approach
only works for a very limited set of applications.
The included risk management approach is generic, and may require some customisation
once the appropriate risk methods are determined.

10 Working with Word

Microsoft Word
Doxonomy H&S is designed to be used with Microsoft ‘Word’ or any ‘Word’ compatible word
processor / viewer. If your staff don’t have Word they can download a free copy for Windows
here:
Download Word 2016 for Free
Creating Hyperlinks in Microsoft Word
Doxonomy relies on hyperlinks for navigation between documents and web pages.
Here is a short introduction on creating hyperlinks in word.
How to follow hyperlinks in Word without holding down the Ctrl key
By default, live hyperlinks in Word are opened in the default browser by pressing and holding
the “Ctrl” button and clicking the link. If you would rather just single click to follow a hyperlink,
you can easily disable the “Ctrl+Click” by following these instructions.

Doxonomy ISO 9001:2015 Toolkit Page 12 of 13

Viewing Word Files on an Apple device, such as an iPad
By default an iPad downloads a word file into its own ‘Pages’ software which makes a
complete mess of the formatting! To view a properly formatted Word document first add the
free Word App to your device. Then when the document downloads into ‘Pages’ tap the top
left of the document and choose to view it in the Word App.
If you want to edit a Word file on the iPad then this is best achieved by subscribing to Word
365.
Viewing Word Files on an ‘Android’ device
You can use the free ‘Google Docs’ App or the free Microsoft Word App to view word files on
an ‘Android’ device.

Doxonomy ISO 9001:2015 Toolkit Page 13 of 13