ISO 14001:2015 Audit Plan

Audit No. ________________ Audit Date___________

Audit Department ____________________ / Area ____________

Auditee(s)
1. _________________________
2. _________________________
3. _________________________
4. _________________________
Auditor(s)
1. ___________________________
2. ___________________________
3. ___________________________
4. ___________________________

This methodology should be uniformly applied to all types of internal audit (gap analysis, system audits and process audits) that your organization will likely
undertake.
Findings Definition/Impact Action/Mitigation

Compliant means adherence with the requirements of the standard and the QMS. The process is implemented and documented and
COMPLIANT Continue to monitor trends/indicators.
records exist to verify this.

Review and implement actions to

OFI A low risk issue that offers an opportunity to improve current practice. Processes may cumbersome or overly complex but meet their improve the process(s). Monitor
targets and objectives. Unresolved OFIs may degrade over time to become non-compliant. trends/indicators to determine if
improvement was achieved.

A medium risk, minor non-conformance resulting in deviation from process practice not likely to result in the failure of the Investigate root cause(s) and implement
MINOR N/C management system or process that will not result in the delivery of non-conforming products nor reduce the effectiveness of the corrective action by next reporting
QMS. period or next scheduled audit.

Implement immediate containment

A high risk, major non-conformance which directly impacts upon customer requirements, likely to result in the customer receiving action, investigate root cause(s) and
MAJOR N/C non-conforming products or services, or which may reduce the effectiveness of the QMS. apply corrective action. Re-audit in 4
weeks to verify correction.
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

Documented Information & QMS Scope

4.3 Determining scope of QMS This requirement was related to the Quality Manual in the previous version. The Quality Manual is not
shall determine the boundaries and applicability of the quality management system mandatory anymore, but the requirement for determining and documenting the scope remains.
to establish its scope.
When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organization.
The organization shall apply all the requirements of this International Standard if
they are applicable within the determined scope of its quality management system.
Conformity to this International Standard may only be claimed if the requirements
1 determined as not being applicable do not affect the organization's ability or MINOR N/C
responsibility to ensure the conformity of its products and services and the
enhancement of customer satisfaction.

5.3 Organizational roles, responsibilities and authorities The main difference is that the new standard does not require appointing a management representative;
Top management shall ensure that the responsibilities and authorities for relevant however, the new clause describes in more detail the roles, responsibilities and authorities within the QMS,
roles are assigned, communicated and understood within the organization. implying that they can be allocated to different persons.
2 MINOR N/C

7.5 Documented Information Documents and records now belong to the same category – documented information. The requirements of both
7.5.1 General versions are equivalent.
The organization's quality management system shall
include:
a) documented information required by this International Standard;
3 b) documented information determined by the organization as being necessary for COMPLIANT
the effectiveness of the quality management system.

7.5.2 Creating and updating Documents and records now belong to the same category – documented information. The requirements of both
When creating and updating documented information, the organization shall ensure versions are equivalent.
appropriate:
a) identification and description (e.g. a title, date, author, or reference number);
b) format (e.g. language, software version, graphics) and media (e.g. paper,
electronic);
4 c) review and approval for suitability and adequacy. COMPLIANT

7.5.3 Control of documented information Documents and records now belong to the same category – documented information. The requirements of both
7.5.3.1 Documented information required by the quality management system and by versions are equivalent.
this International
Standard shall be controlled to ensure:
a) it is available and suitable for use, where and when it is needed;
5 b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss COMPLIANT
of integrity).
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

7.5.3.2 For the control of documented information, the organization shall address Documents and records now belong to the same category – documented information. The requirements of both
the following activities, as applicable: versions are equivalent. NOTE Access can imply a decision regarding the permission to view the documented
a) distribution, access, retrieval and use; information only, or the
b) storage and preservation, including preservation of legibility; permission and authority to view and change the documented information
c) control of changes (e.g. version control);
d) retention and disposition.
Documented information of external origin determined by the organization to be
necessary for the planning
and operation of the quality management system shall be identified as appropriate,
and be controlled.
Documented information retained as evidence of conformity shall be protected from
unintended alterations.
6 COMPLIANT

Maintain Documented Information

4.3 The scope of the organization's quality management This requirement was related to the Quality Manual in the previous version. The Quality Manual is not
system shall be available and be maintained as mandatory anymore, but the requirement for determining and documenting the scope remains.
documented information.
4.4.2 (a) Quality Management System and its processes
To the extent necessary, the organization shall:
7 a) maintain documented information to support the operation of its processes; COMPLIANT

5.2.2(a) The quality policy shall: a) be available and be maintained as documented The requirements remain the same.
information;
8 COMPLIANT

6.2.1 Quality Objectives and Planning to achieve them: The requirements remain the same, but are further elaborated in the new version.
The organization shall maintain documented information on the quality objectives.
9 COMPLIANT

8.1.(e) Operational planning and control The requirements of both clauses are equivalent.
Determining, maintaining and retaining documented information to the extent
necessary:
10 1) to have confidence that the processes have been carried out as planned; COMPLIANT
2) to demonstrate the conformity of products and services to their requirements.

8.5.1(a) Control of production and service provision: The requirements are almost the same, but the new standard points out that the implemented controlled
The organization shall implement production and service provision under controlled conditions are for delivery and post-delivery activities.
conditions. Controlled
conditions shall include, as applicable:
a) the availability of documented information that defines:
1) the characteristics of the products to be produced, the services to be provided, or
11 the activities to be performed; OFI
2) the results to be achieved;

Retain Documented Information

4.4.2(b) QMS and its processes The requirements from the previous version remain; the new requirements are related to determining the risks
To the extent necessary, the organization shall: b) retain documented information and opportunities, as well as assigning responsibilities and authorities for the
to have confidence that the processes are being carried out as planned. processes.
12 OFI
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

7.1.5.1 Monitoring and measuring
shall determine and provide the resources needed to ensure valid and reliable
results when monitoring or measuring is used to verify the conformity of products
and services to requirements. shall retain appropriate documented information as
13 evidence of fitness for purpose of the monitoring and measurement resources
The new version of the standard emphasizes the provision of resources for monitoring and measurement. The
organization must retain the documented information as evidence of fitness for
purpose of monitoring and measurement resources. The old standard only focuses on the measuring equipment.
OFI

7.1.5.2 Measurement traceability...the basis used for calibration or verification shall The new version of the standard emphasizes the provision of resources for monitoring and measurement. The
be retained as documented information; organization must retain the documented information as evidence of fitness for
14 purpose of monitoring and measurement resources. The old standard only focuses on the measuring equipment. OFI

7.2(d) Competence Competence and awareness are split into different clauses to emphasize their importance and provide more
retain appropriate documented information as evidence of detailed requirements.
15 competence. MAJOR N/C

7.5.3.2 Control of documented information Documents and records now belong to the same category – documented information. The requirements of both
Documented information retained as evidence of versions are equivalent.
16 conformity shall be protected from unintended alterations OFI

8.1(e) Operational Planning and Control The requirements of both clauses are equivalent.
determining, maintaining and retaining documented
information to the extent necessary:
17 1) to have confidence that the processes have been carried out as planned; OFI
2) to demonstrate the conformity of products and services to their requirements.

8.2.3.2 Review of requirements for products and services shall retain documented The requirements are almost the same, but the new version emphasizes communication about treatment of
information, as applicable: customer property.
a) on the results of the review;
18 b) on any new requirements for the products and services. OFI

8.3.3 Design and development inputs shall retain documented information on design The requirements of both clauses are pretty much the same.
and
19 development inputs OFI

8.3.4(f) Design and development controls documented information of these The new clause sublimates the requirements of the three old clauses, keeping the old requirements and
activities is retained. emphasizing the consideration of nature, duration, and complexity of design and development activities.
20 OFI

8.3.5 Design and development outputs The requirements of both clauses are pretty much the same.
shall retain documented information on design and development outputs.
21 OFI

8.3.6 Design and development changes shall retain documented information on: The requirements of both clauses are pretty much the same.
a) design and development changes;
b) the results of reviews;
c) the authorization of the changes;
22 d) the actions taken to prevent adverse impacts. OFI

8.4.1 Control of externally provided processes, products and services shall retain Although the name of the clause has changed, the requirements are pretty much the same.
documented information of these activities and any necessary actions arising from
23 the evaluations. OFI

8.5.2 Identification and traceability shall control the unique identification of the The requirements of both clauses are pretty much the same.
outputs when
traceability is a requirement, and shall retain the documented information necessary
24 to enable traceability OFI
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

8.5.3 Property belonging to customers or external providers The requirements of both clauses are the same, but in the new standard the requirements are extended to
When the property of a customer or external provider is lost, damaged or otherwise property belonging to external providers as well.
found to be unsuitable for use, the organization shall report this to the customer or
25 external provider and retain documented information on what has occurred. OFI

8.5.6 Control of changes shall retain documented information describing the results The control of changes is mentioned in several places in the old version; however, the importance of controlling
of the review of changes, the person(s) authorizing the change, and any necessary changes is stressed in the new standard by defining a separate sub clause.
actions arising from the review.
26 OFI

8.6 Release of products and services Shall retain documented information on the This is a new requirement, dealing with verification of product and ensuring that product or service meets
release of requirements.
products and services. The documented information shall include:
a) evidence of conformity with the acceptance criteria;
27 b) traceability to the person(s) authorizing the release. OFI

8.7.2 Control of nonconforming outputs shall retain documented information that: The requirements are equivalent.
a) describes the nonconformity;
b) describes the actions taken;
c) describes any concessions obtained;
d) identifies the authority deciding the action in respect of the nonconformity.
28 OFI

9.1.1. Monitoring, measurement, analysis and evaluation The new clause sublimates all requirements for processes and products or services monitoring and
The organization shall determine: measurement.
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation needed to
ensure valid results;
c) when the monitoring and measuring shall be performed;
d) when the results from monitoring and measurement shall be analyzed and
evaluated.
29 The organization shall evaluate the performance and the effectiveness of the quality OFI
management system. The organization shall retain appropriate documented
information as evidence of the results.

9.2.2(f) Internal Audit retain documented information as evidence of the The requirements are equivalent. The main difference is that the new standard does not require a documented
30 implementation of the audit program and the audit results. procedure. OFI

9.3.3 Management review outputs shall retain documented information as evidence The requirements are equivalent.
of the
31 results of management reviews. OFI

Risk & Opportunities, Planning Accomplished During Audit (Audit ID):

Identification of Risk and Opportunities (includes consequences)

4.1 Understanding the organization and its content This is a completely new requirement; the organization will need to determine the external and internal context
The organization shall determine external and internal issues that are relevant to its that affects the organization.
purpose and its strategic direction and that affect its ability to achieve the intended
32 result(s) of its quality management system. The organization shall monitor and COMPLIANT
review information about these external and internal issues.
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

4.4.1 QMS and its processes The requirements from the previous version remain; the new requirements are related to determining the risks
The organization shall establish, implement, maintain and continually improve a and opportunities, as well as assigning responsibilities and authorities for the processes.
quality management system, including the processes needed and their interactions,
in accordance with the requirements of this International Standard
f) address the risks and opportunities as determined in
33 accordance with the requirements of 6.1; MAJOR N/C

5.1.1(d) Leadership, General The clauses are very similar; the emphasis in the new version is on promoting awareness and support of other
Top management shall demonstrate leadership and commitment with respect to persons who contribute to the effectiveness of the QMS. The main difference between the clauses is that the
the quality management system by: new version requires the top management to take accountability for the effectiveness of the QMS.
34 d) promoting the use of the process approach and risk-based thinking; MAJOR N/C

5.1.2(b) Leadership, Customer Focus
Top management shall demonstrate leadership and commitment with respect to
customer focus by ensuring that:
b) the risks and opportunities that can affect conformity of products and services
35 and the ability to enhance customer satisfaction are determined and addressed;
The old requirements remain the same. Determination of the risks and opportunities regarding conformity of
products and services is a new requirement, as well as the consideration of the statutory and regulatory
requirements.
MAJOR N/C

6.3(a) Planning of changes

When the organization determines the need for changes to the quality)
management system, the changes shall be carried out in a planned manner (see 4.4).
a) the purpose of the changes and their potential consequences;
36 MAJOR N/C

Planning-Actions to address risks and

opportunities (includes consequences)
6.1.1 When planning for the quality management system, the organization shall This is a completely new requirement. When planning the QMS, the
consider the issues referred to in 4.1 and the requirements referred to in 4.2 and organization will need to determine the risks and opportunities
determine the risks and opportunities that need to be addressed to: affecting the organization.
a) give assurance that the quality management system can
achieve its intended result(s);
b) enhance desirable effects;
37 c) prevent, or reduce, undesired effects; COMPLIANT
d) achieve improvement.

6.1.2 The organization shall plan: This is a completely new requirement. When planning the QMS, the organization will need to determine the risks
a) actions to address these risks and opportunities; and opportunities affecting the organization.
b) how to:
1) integrate and implement the actions into its
quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
38 Actions taken to address risks and opportunities shall be proportionate to the COMPLIANT
potential impact on the conformity of products and services.

6.3(a) Planning of changes

When the organization determines the need for changes to the quality)
management system, the changes shall be carried out in a planned manner (see 4.4).
a) the purpose of the changes and their potential consequences;
39 COMPLIANT

Implementation of Risk/Opportunities
(also consequences, adverse effects)
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

8.1 Operational planning and control The requirements of both clauses are equivalent.
The organization shall plan, implement and control the processes (see 4.4) needed to
meet the requirements for the provision of products and services, and to implement
the actions determined in Clause 6,The organization shall control planned changes
and review the consequences of unintended changes, taking action to mitigate any
40 adverse effects, as necessary. MAJOR N/C

8.3.3(e) Design & development inputs The requirements of both clauses are pretty much the same.
The organization shall determine the requirements essential for the specific types of
products and services to be designed and developed. The organization shall
41 consider: e) potential consequences of failure due to the nature of the products and MAJOR N/C
services.

8.3.6 Design and development changes shall identify, review and control changes The requirements of both clauses are pretty much the same.
made during, or subsequent to, the design and development of products and
services, to the extent necessary to ensure that there is no adverse impact on
42 conformity to requirements. MAJOR N/C

8.4.2 Type and extent of control The requirements of both clauses are pretty much the same.
The organization shall ensure that externally provided processes, products and
services do not adversely affect the organization's ability to consistently deliver
43 conforming products and services to its customers. MAJOR N/C

8.5.5 Post-delivery activities The post-delivery activities are mentioned in several places in the old version, but in the new standards they are
The organization shall meet requirements for post-delivery activities associated with set apart as a separate sub clause.
the products and services.
44 b) the potential undesired consequences associated with its products and services; MAJOR N/C

9.1.3 Analysis & Evaluations The requirements are equivalent.

The organization shall analyze and evaluate appropriate data and information arising
from monitoring and measurement.
45 e) the effectiveness of actions taken to address risks and opportunities; MAJOR N/C

9.3.2 Management Review Inputs

The management review shall be planned and carried out taking into consideration:
e) the effectiveness of actions taken to address risks and opportunities (see 6.1);
46 MAJOR N/C

Other ISO 9001:2015 New Requirements Accomplished During Audit (Audit ID):

4.2 Understanding the needs and expectations of interested parties Interested parties are introduced in the new version of the standard. The previous version was only focused on
Due to their effect or potential effect on the organization's ability to consistently the customer.
provide products and services that meet customer and applicable statutory and
regulatory requirements, the organization shall determine:
a) the interested parties that are relevant to the quality management system;
47 b) the requirements of these interested parties that are relevant to the quality MINOR N/C
management system. The organization shall monitor and review information about
these interested parties and their relevant requirements.
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

5.1 Leadership and Commitment The clauses are very similar; the emphasis in the new version is on promoting awareness and support of other
Top management shall demonstrate leadership and commitment with respect to the persons who contribute to the effectiveness of the QMS. The main difference between theclauses is that the new
quality management system by: version requires the top management to take accountability for the effectiveness of the QMS.
a) taking accountability for the effectiveness of the quality management system;
b) ensuring that the quality policy and quality objectives are established for the
quality management system and are compatible with the context and strategic
direction of the organization;
c) ensuring the integration of the quality management system requirements into the
organization's business processes;
d) promoting the use of the process approach and risk-based thinking;
e) ensuring that the resources needed for the quality management system are
available;
f) communicating the importance of effective quality management and of
conforming to the quality management system requirements;
g) ensuring that the quality management system achieves its intended results;
h) engaging, directing and supporting persons to contribute to the effectiveness of
48 the quality management system; MINOR N/C
i) promoting improvement;
j) supporting other relevant management roles to demonstrate their leadership as it
applies to their areas of responsibility.

7.1 Resources The old requirements remain, but new version emphasizes consideration of capabilities and constraints of the
7.1.1 General organization, as well as resources obtained from external providers.
The organization shall determine and provide the resources needed for the
establishment, implementation, maintenance and continual improvement of the
quality management system. The organization shall consider:
a) the capabilities of, and constraints on, existing internal
49 resources; MINOR N/C
b) what needs to be obtained from external providers.

7.1.2 People The requirements of both clauses are pretty much the same.
The organization shall determine and provide the persons necessary for the effective
implementation of
its quality management system and for the operation and control of its processes.

50 MINOR N/C

7.1.3 Infrastructure The requirements of both clauses are pretty much the same.
The organization shall determine, provide and maintain the infrastructure necessary
for the operation
of its processes and to achieve conformity of products and services.
NOTE Infrastructure can include:
a)   buildings and associated utilities;
b)   equipment, including hardware and software;
51 c)   transportation resources; MINOR N/C
d)   information and communication technology
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

7.1.4 Environment for the operation of processes The requirements of both clauses are pretty much the same.
The organization shall determine, provide and maintain the environment necessary
for the operation of its processes and to achieve conformity of products and
services.
NOTE A suitable environment can be a combination of human and physical factors,
such as:
a)   social (e.g. non-discriminatory, calm, non-confrontational);
b)   psychological (e.g. stress-reducing, burnout prevention, emotionally protective);
c)   physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise).
52 These factors can differ substantially depending on the products and services MINOR N/C
provided.

Quality Objectives
6.2 Objectives and Planning The requirements remain the same, but are further elaborated in the new version.
6.2.1 The organization shall establish quality objectives at relevant functions, levels
and processes needed for the quality management system. The quality objectives
shall:
a) be consistent with the quality policy;
b) be measurable;
c) take into account applicable requirements;
d) be relevant to conformity of products and services and to enhancement of
customer satisfaction;
53 e) be monitored; MINOR N/C
f) be communicated;
g) be updated as appropriate. The organization shall maintain documented
information on the quality objectives.

6.2.2 When planning how to achieve its quality The requirements remain the same, but are further elaborated in the new version
objectives, the organization shall determine:
a) what will be done;
b) what resources will be required;
c) who will be responsible;
54 d) when it will be completed; MINOR N/C
e) how the results will be evaluated.

5.1.1(b) Leadership and commitment, General The clauses are very similar; the emphasis in the new version is on promoting awareness and support of other
b) ensuring that the quality policy and quality objectives are established for the persons who contribute to the effectiveness of the QMS. The main difference between the clauses is that the
quality management system and are compatible with the context and strategic new version requires the top management to take accountability for the effectiveness of the QMS.
55 direction of the organization MINOR N/C

5.2.1 Establishing the quality policy The requirements remain the same.
56 b) provides a framework for setting quality objectives; MINOR N/C

7.3 Awareness Competence and awareness are split into different clauses to emphasize their importance and provide more
The organization shall ensure that persons doing work under the organization's detailed requirements.
control are aware of:
57 b) relevant quality objectives; MINOR N/C

9.3.2 Management Review Inputs

c) information on the performance and effectiveness of the quality management
system, including trends in:
58 2) the extent to which quality objectives have been met; MINOR N/C
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

7.1.6 Organizational Knowledge This is a completely new requirement, which acknowledges the organizational knowledge as an important
The organization shall determine the knowledge necessary for the operation of its resource. The organization will need to determine the knowledge necessary to run its processes and achieve
processes and to achieve conformity of products and services. This knowledge shall conformity of products and services.
be maintained and be made
available to the extent necessary. When addressing changing needs and trends, the
organization shall consider its current knowledge and
59 determine how to acquire or access any necessary additional knowledge and MINOR N/C
required updates.

Other Changes
7.4 Communication-external only The new clause includes both external and internal communication and requires definition of responsibility and
The organization shall determine the internal and external communications relevant methods of communication.
to the quality management system, including:
a) on what it will communicate;
b) when to communicate;
60 c) with whom to communicate; MINOR N/C
d) how to communicate;
e) who communicates.

8.2.3 Review of requirements for products and services The requirements of both clauses are pretty much the same.
8.2.3.1 The organization shall ensure that it has the
ability to meet the requirements for products and services to be offered to
customers. The organization shall conduct a review before committing to supply
products and services to a customer, to include:
a) requirements specified by the customer, including the requirements for delivery
and post-delivery activities;
b) requirements not stated by the customer, but necessary for the specified or
intended use, when known;
c) requirements specified by the organization;
d) statutory and regulatory requirements applicable to the products and services;
e) contract or order requirements differing from those
previously expressed. The organization shall ensure that contract or order
61 requirements differing from those previously defined are MINOR N/C
resolved. The customer's requirements shall be confirmed by the organization
before acceptance, when the customer does
not provide a documented statement of their requirements.

8.2.4 Changes to requirements for products and The requirements of both clauses are pretty much the same.
services The organization shall ensure that relevant documented information is
amended, and that relevant persons are made aware of the changed requirements,
62 when the requirements for products and services are changed MINOR N/C

8.3.1 Design and development of products and services This clause defines when the design and development process is necessary.
The organization shall establish, implement and maintain a design and development
process that is appropriate to ensure the subsequent provision of products and
63 services. MINOR N/C

8.3.2 Design and development planning The requirements of both clauses are pretty much the same.
i) the level of control expected for the design and development process by
64 customers and other relevant interested parties; MINOR N/C

9.2 Internal Audit The requirements are equivalent. The main difference is that the new standard does not require a documented
Confirm that an Internal Audit has been conducted to ISO 9001:2015 procedure.
65 MINOR N/C
 Audit Checklist

Compliance level Audit Evidence Opportunities for

Improvement (OFI)
Provide reference to documented
Item No Aspects to assess Notes (Changes to take note of) Observation information to justify the finding Any other information
Provide suggestions for
Findings
process improvement

9.3 Management Review The requirements are equivalent.

Confirm that a Management Review has been conducted to ISO 9001:2015.
66 MINOR N/C

Improvement
10.2.1 Nonconformity and corrective action The requirements in the new standard explain what should be considered in the process of improvement.
When a nonconformity occurs, including any arising from complaints, the
organization shall:
a) react to the nonconformity and, as applicable:
1) take action to control and correct it;
2) deal with the consequences;
e) update risks and opportunities determined during planning, if necessary;

67 OFI

10.2.2 Nonconformity and corrective action shall retain documented information as The requirements are equivalent.
evidence of:
68 a) the nature of the nonconformities and any subsequent actions taken; COMPLIANT
b) the results of any corrective action.

10.3 Continual improvement The new standard points out the need to use all available information for continually improving the QMS.
The organization shall continually improve the suitability, adequacy and
effectiveness of the quality management system. The organization shall consider the
results of analysis and evaluation, and the outputs from management review, to
determine if there are needs or opportunities that shall be addressed as part of
continual improvement.
69 MINOR N/C

TOTAL
COMPLIANT 13
OFI 21
MINOR N/C 23
MAJOR N/C 12
69
 COMPLIANT MINOR N/C

13 23

OFI MAJOR N/C

21 12