Audit planning for ISO 9001:2015

Recently I was asked about how to plan audits in preparation for transitioning to the 2015 version of ISO 9001.

Your registrar will probably expect evidence that the complete standard has been covered in internal audits before converting your certificate to the revised standard. Some will want to see it’s been done, plus a management review that includes results of these audits, before the audit takes place.

There is an expectation that the process audit be used for these audits. That means Plan-Do-Check-Act. It also means some clauses will be included many times throughout this cycle of process audits.  Some auditors are being told not to accept a single annual run-through of all the elements, in what amounts to a yearly gap analysis.

Some suggestions for what to include in a manufacturing process audit include:

4.2 Internal and/or external interested parties
4.4.1, 5.1.2, 6.1, 8.1 The process’s inputs and outputs, what happens with the process, criteria, resources etc.; the risks identified, and what has changed since last audit; regulatory requirements, customer requirements.
4.4.2, 7.5 The documented information associated with the process, and their controls.
5.2.2, 5.3, 7.3 How the auditee(s) understands his/her role in supporting the Quality Policy and ensuring the customers’ needs are met.
5.3, 7.4 The auditee(s) responsibilities and how they are made known.
6.2, 10.1, 10.2 The process objectives, are they being met; and if not, what is being done about it.
7.1, 7.2, 8.5 Training needed and accomplished for the tasks; competency. Infrastructure provided, maintenance is scheduled and done as planned. Environment is suitable and maintained for the process’s intended outcomes. Measurement instruments as needed, calibration. Preservation, traceability of product/service.
8.4 Externally supplied products and services, if any.
8.7 Control of nonconforming outputs.
9.1 How the auditee(s) know if things are going well (monitoring and measurement)

The turtle diagram can be used to collect, sort and record data/samples for most of this information.

The support processes, such as document control, would not include many of these clauses. Information Technology processes would include a lot more of them than simple document control.

Don’t forget: QMS processes like Internal Audit and Management Review must also be audited.