IMS Audit checklist | Internal IMS Audit checklist | Audit Checklist

                            IMS Audit checklist | Internal IMS Audit checklist | Audit Checklist

Internal IMS audit checklist

Audit Date(s):

Company Name:

Site Address:                                                                                                 

Audit Criteria: ISO 9001:2015, 14001:2015 and ISO 45001:2018 (IMS)

Lead Auditor:                                                                                                                                          

Audit Team:

Requirements	Yes/No	Evidence
4 Context of the Organisation
4.1 Understanding the Organization & Its Context
Are you able to show the way that your company identifies external and internal issues that are relevant to your organization’s purpose and your ability to achieve the intended outcomes of your Quality, Environment & Occupational Health & Safety management system?
Does your organization monitor and review information about these external and internal issues?
4.2 Understanding the Needs & Expectations of Interested Parties
Has your organization determined:
a) The interested parties that are relevant to the IMS?
b) The relevant needs and expectations of these interested parties?
c) Which of these needs and expectations it chooses to accept so they become part of the compliance obligations that your company subscribes to?
4.3 Determining the Scope of the IMS
When determining the scope of your Quality, Environment & Occupational Health & Safety, were the following issues considered:
a) The boundaries and applicability of the Quality, Environment & Occupational Health & Safety Management System
b) The compliance obligations identified in response to clause 4.2?
c) The relevant external and internal issues?
d) The relevant requirements of interested parties?
e) The products and services provided?
Once your scope has been defined, did you make sure that all activities, products, and services within that scope were included in your Quality, Environment & Occupational Health & Safety?
Can you demonstrate that your organization has documented the scope and made it available to all interested parties & throughout the organization?
4.4 Quality, Environment & Occupational Health & Safety Management System
Does your organization shall establish, implement, maintain and continually improve the quality & environmental management system, including the processes to achieve the intended outcomes, including enhancing its Quality & Environmental performance?
Has your organization got a simple way to describe the interactions between the processes of your Quality, Environment & Occupational Health & Safety?
Does your organization retain documentation to give and prove that the processes are being carried out as planned?
5. Leadership
5.1 Leadership & Commitment
Responsibility can be delegated but Accountability cannot. Does top management take accountability for the effectiveness of your Quality, Environment & Occupational Health & Safety?
Were your policy and objectives set by top management and are they compatible with the strategic direction and context of your organization?
Does top management ensure that you’re Quality, Environment & Occupational Health & Safety requirements are integrated into your business processes?
Are the resources needed for your Quality, Environment & Occupational Health & Safety made available by top management?
Does top management communicate the importance of effective environmental management and conforming to the Quality, Environment & Occupational Health & Safety?
Does top management ensure you’re Quality, Environment & Occupational Health & Safety achieves its intended outcomes?
Are employees encouraged to contribute to the effectiveness of your Quality, Environment & Occupational Health & Safety?
Is the continual improvement of your Quality, Environment & Occupational Health & Safety promoted by top management?
Do top management support other management roles related to the Quality, Environment & Occupational Health & Safety Management System?
5.2 Policy
Can you see how your IMS policy is appropriate to the purpose and context of your organization, including the nature, scale, and environmental impacts of your activities, products, and services?
Does your policy provide a framework for setting IMS objectives?
Does your policy include a commitment to the protection of the Quality, Environment & Occupational Health & Safety relevant to the context of your organization?
Does your policy include a commitment to fulfill its compliance obligations?
Includes a commitment to eliminate hazards and reduce OH&S risks?
Does your policy include a commitment to continual improvement of your IMS?
Includes a commitment to consultation and participation of workers, and, where they exist workers representative?
Does your policy include a commitment to enhancing your IMS performance?
5.3 Organisational Roles, Responsibilities, and Authorities
Are roles and responsibilities assigned by top management and communicated within your organization?
Have people been assigned to report to top management on the IMS performance
Do workers assume responsibility for those aspects of the OH&S management system for which they have control?
5.4 Consultation of workers
Has your organization established, implemented, and maintained a process (es) for consultation and participation of workers at all applicable levels and functions, and where they exist, workers' representatives, in the development, performance evaluation, and actions for improvement of the OH&S system?
Does the organization:
a.   Provide mechanisms, time, training, and resources necessary for consultation and participation.
b.   Provide timely access to clear, understandable, and relevant information about the OS&H management system.
c.   determine and remove obstacles or barriers to participation and minimize those that cannot be removed
d.   emphasize the consultation of non-managerial workers on the following: 1.   Determining the needs and expectations of interested parties? 2.   Establishing the OH&S policy? 3.   Assigning organizational roles, responsibilities, and authorities, as applicable? 4.   Determining how to fulfill legal and other requirements? 5.   Establish and plan to achieve OH&S objectives. 6.   Determining applicable controls for outsourcing, procurement, and contractors? 7.   Determining what needs to be monitored, measured, and evaluated? 8.   Planning, establishing, implementing, and maintaining an audit program? 9.   Ensuring continual improvement?
e.   emphasize the participation of non-managerial workers in the following: 1.   Determining the mechanisms for their consultation and participation? 2.   Identifying hazards and assessing risks and opportunities? 3.   Determining actions to eliminate hazards and reduce OH&S risks? 4.   Determining competence requirements, training needs, training, and evaluating training? 5.   Determining what needs to be communicated and how it is to be done? 6.   Determining control measures and their effective implementation and use? 7.   Investing incidents and nonconformities and determining corrective action?
6. Planning
6.1 Actions to Address Risks & Opportunities
6.1.1 General
When planning for your Quality, Environment & Occupational Health & Safety, has your organization considered the following:
a)       External and internal issues that are relevant to its purpose and strategic direction?
b)       The needs and expectations of interested parties?
c)       The scope of your IMS was determined when you addressed the requirements of clause 4.3.
d)       Does your organization plan, implement and evaluate actions to deal with relevant risks and opportunities?
e)       Hazards, compliance obligations, and Legal and other requirements?
f)        The risks and opportunities identified that need to be addressed to give assurance that your Quality, Environment & Occupational Health & Safety management system can achieve its intended outcomes?
g)       How to prevent, or reduce, undesired effects, including the potential for external environmental conditions that may affect your organization?
h)       How to achieve continual improvement?
Within the scope of your IMS, does your organization determine potential emergencies, including those that may have a Quality, Environment & Occupational Health & safety impact?
Does your organization maintain documented information on:
a)       The risks and opportunities that need to be addressed?
b)       The processes needed as a result of considering clauses 6.1.1 to 6.1.4 to the extent necessary to have confidence they are carried out as planned?
Are the actions taken to address risks and opportunities determined and prioritized based on their potential impact on product and service conformity?
6.1.2 Environmental Aspects, Hazards identification, and Assessment of Risks and Opportunities
6.1.2.1 Environmental Impact
Within the defined scope of your QEMS, does your organization identify the environmental aspects of its activities, products, and services that it can control?
Within the defined scope of your EMS, does your organization identify the environmental aspects of its activities, products, and services that it can influence?
Do you understand how to take into account the life-cycle perspective of your activities, products, and services?
When determining environmental aspects, does your organization take into account:
a) Change, including planned or new developments and new or modified activities, products, or services?
b) Abnormal conditions and reasonably foreseeable emergencies?
Does your organization use clear criteria for determining those aspects that can have a significant environmental impact?
Does your organization document its:
Environmental aspects and associated environmental impacts?
The criteria used to determine its significant environmental aspects?
Significant environmental aspects?
6.1.2.2 Hazards identification and Assessment of Risks and Opportunities
Has the organization established, implemented, and maintained a process(s) for hazard identification that is ongoing and proactive? Do the processes take into account, but not be limited to?
a) How work is organized, social factors (including workload, work hours, victimization, and harassment and bullying) leadership, and the culture of the organization?
b) routine and non-routine activities and situations, including hazards arising from: 1. Infrastructure, equipment, materials, substances, and the physical conditions of the workplace? 2. Product and service design, research, development, testing, production, assembly, construction, service delivery, maintenance, and disposal? 3. Human factors? 4. How work is performed?
c) Past relevant incidents, internal or external to the organization, including emergencies, and their causes?
d) Potential emergencies?
e)  people, including consideration of: 1.   Those with access to the workplace and their activities, including workers, contractors, visitors, and other persons? 2.   Those in the vicinity of the workplace who can be affected by the activities of the organization? 3.   Workers at a location not under the direct control of the organization?
f)  Other issues, including consideration of: 1.   The design of work areas, processes, installations, machinery/equipment, operating procedures, and work organization, including their adaptation to the needs and capabilities of the workers involved. 2.   Situations occurring in the vicinity of the workplace caused by work-related activities under the control of the organization? 3.   Situations not controlled by the organization and occurring in the vicinity of the workplace that can cause injury and ill health to persons in the workplace?
g) Actual or proposed changes in organization, operations, processes, activities, and the OH&S management system?
h) Changes in knowledge of, and information about, hazards?
6.1.2.3 Assessment of OH&S & Other Risks & Opportunities to OH&S Management system
Has the organization established implemented and maintained a process to:
a) Assess OH&S risks & opportunities from the identified hazards, while taking into account the effectiveness of existing controls?
b) Determine and assess the other risks & opportunities related to the establishment, implementation, operation, and maintenance of the OH&S management system?
c) Opportunities to adapt work, work for the organization and work environment to workers? Opportunities to eliminate hazards and reduce OH&S risks?
Has the organization’s methodologies and criteria for the assessment of OH&S risks been defined concerning the scope, nature, and timing to ensure they are proactive rather than reactive and are used systematically?
Does the organization maintain and retain documented information on the methodologies and criteria?
6.1.3 Determination of Legal Requirements and Other Requirements & Compliance Obligations
Does your organization:
Determine and have access to the compliance obligations, Legal Requirements, and Other Requirements & related to its Quality, environmental aspects & Occupational Health & Safety Management.
Determine how compliance obligations & legal & other legal requirements are applicable to your organization.
Take these compliance obligations into account when establishing, implementing, maintaining, and continually improving your IMS.
Does your organization keep its compliance obligations & legal & other legal requirements in documented form?
6.1.4 Planning Action
Does your organization plan to take action to address its:
a) Significant environmental aspects?
b) Actions to address these risks and opportunities, address compliance obligations, legal and other requirements and prepare for and respond to emergencies?
Does your organization plan how to
a) Integrate and implement the actions into your IMS processes or other business processes?
b) Evaluate the effectiveness of these actions?
When planning these actions, does your organization consider its technological options and its financial, operational, and business requirements?
6.2 Quality, Environment & Occupational Health & Safety Objectives and Planning to Achieve Them
Has your organization established IMS objectives at relevant functions, and levels that are needed to maintain and continually improve the IMS management system
Are your IMS objectives:
a) Consistent with the requirements of your policy?
b) Measurable?
c) Address applicable requirements within your IMS?
d) Relevant to the conformity of your products and services and the enhancement of customer satisfaction?
e) Monitored?
f) Communicated?
g) Updated when required?
Are your IMS objectives documented?
Were the following factors determined when you were planning the achievement of your Quality, Environment & Occupational Health & Safety objectives:
a) What needs to be done?
b) What resources will be required?
c) Who will be responsible?
d) When it will be completed?
e) How the results will be evaluated?
Do you maintain and retain documented information on the OH&S plans?
How the actions to achieve IMS objectives will be integrated into the organization's business processes?
6.3 Planning of Changes
When changes are required within your IMS, are these changes carried out in a planned and systematic manner?
When changes are required, does your organization consider the following:
a) The purpose of the changes and their potential consequences?
b) The integrity of your IMS?
c) The availability of resources?
d) The allocation or reallocation of responsibilities and authorities?
7. Support
7.1 Resources
7.1.1 General
Does your organization determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of your QEMS?
When resource planning, does your organization consider the following:
a) The capabilities of, and constraints on, existing internal resources?
b) What needs to be obtained from external providers?
7.1.2 people
Does the organization determine and provide persons necessary for the effective implementation of your QEMS and the operation and control of its processes?
7.1.3 Infrastructure
Does your organization determine, provide and maintain the infrastructure necessary for the implementation of its processes and the achievement of product and service conformity, i.e., buildings and associated utilities, equipment, including hardware and software, transportation resources, information and communication technology, etc.?
7.1.4 Environment for the Operation Processes
Does your organization determine, provide and maintain the environment necessary for the operation of its processes and the achievement of product and service conformity?
7.1.5 Monitoring and Measuring Resources
Does your organization determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements?
Does your organization ensure that your resources for monitoring and measurement are suitable and maintained?
Does your organization retain appropriate documentation to prove the fitness for purpose of the monitoring and measurement resources?
When measurement traceability is a requirement or is considered by your organization to be an essential part of providing confidence in the validity of measurement results, is your measuring equipment:
a) Calibrated or verified, or both, at specified intervals, or before use, against measurement standards traceable to international or national measurement standards?
b) If no such standard exists, is the basis for calibration or verification recorded in a documented format?
c) Identified to determine their status?
d) Safeguarded from adjustments, damage, or deterioration that would invalidate the calibration status and subsequent measurement results?
When measuring equipment is found to be unfit for its intended purpose, does your organization determine the previous measurement results and take appropriate action as necessary?
7.1.6 Organisational Knowledge
Does your organization determine, maintain and ensure the availability of the knowledge necessary for the operation of its processes and to achieve conformity of your products and services?
Are current knowledge and the need for new knowledge considered when addressing changing needs and trends within your organization?
7.2 Competence
In respect of competence, does your organization complete the following:
a) Determine the necessary competence of persons doing work that affects the performance and effectiveness of your IMS?
b) Ensure that these persons are competent ((including the ability to identify hazards) based on appropriate education, training or experience?
c) Determine training needs associated with your organization’s IMS?
d) Where applicable, take actions to acquire the necessary competence and evaluate the effectiveness of the actions taken.
e) Retain appropriate records as evidence of competence?
7.3 Awareness
Does your organization ensure that persons doing work under your organization’s control are aware of the following:
a) The Quality & Environmental policy?
b) The significant environmental aspects and related actual or potential environmental impacts associated with their work?
c) Relevant Quality & Environment & OHS objectives?
d) Their contribution to the effectiveness of your IMS, including the benefits of improved performance?
e) The implications of not conforming to the requirements of the IMS?
f) the ability to remove themselves from work situations that they consider presenting an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so?
7.4 Communication
Does your organization determine the internal and external communications relevant to your IMS, including the following:
a) On what it will communicate?
b) When to communicate?
c) With whom to communicate?
d) How to communicate?
7.4.2 Internal Communications
Does your organization:
a) Internally communicate information relevant to your IMS among the various levels and functions of your organization, including changes to the IMS.
b) Ensure its communication processes enables persons doing work under your organization’s control to contribute to continual improvement.
7.4.3 External Communication
Does your organization externally communicate information relevant to your IMS, as established by your organization’s communication processes and as required by its compliance obligations?
7.5 Documented Information
7.5.1 General
Does your organization’s IMS include:
a) The Documentation required by QMS, EMS & OHSMS?
b) The Documentation determined by your organization as being necessary for the effectiveness of your IMS?
7.5.2 Creating and Updating
When creating and updating documentation, does your organization ensure appropriately:
a) Identified and described?
b) Formatted?
c) Reviewed and approved for suitability and adequacy?
7.5.3 Control of Documented Information
Is documented information required by QMS & EMS controlled to ensure:
a) That it is available and suitable for use, where and when it is needed?
b) That it is adequately protected?
In respect of documentation, does your organization address and control the following practices:
a) Distribution, access, retrieval and use?
b) Storage and preservation, including preservation of legibility?
c) Control of changes?
d) Retention and disposition?
Do you have methods in place to ensure that documentation of external origin determined by your organization necessary for the planning operation of your IMS is identified as appropriate, and is controlled?
Does your organization retain documentation as evidence of conformity and is it protected from unintended alterations?
8 Operation
8.1 Operational Planning and Control
8.1.1 General
Does your organization plan, implement and control the processes needed to meet the requirements for the provision of products and services, and to implement the actions determined when planning and completing the following:
a) Determining the IMS requirements for the products and services?
b) Establishing criteria for the processes and the acceptance or products and services?
c) Determining the resources needed to achieve product and service conformity?
d) Implementing control of the processes following the criteria?
e) Determining and keeping documentation to the extent necessary to give confidence that processes have been completed as planned and to demonstrate products and services?
Is the output of operational planning suitable for your organization’s operations?
Does your organization control planned changes and review the consequences of unintended changes and when required take action to mitigate any adverse effects?
Does your organization ensure that the outsourced processes are controlled?
How does your organization coordinate the relevant parts of the IMS management system with other organizations in multi-employer situations?
8.1.2 Eliminating Hazards and Reducing OH&S Risks
Has the organization established, implemented, and maintained processes for the elimination of hazards and reduction of OH&S risks using the following hierarchy of controls:
a) Eliminate the hazard?
b) Substitute with the less hazardous process, operations, materials or equipment?
c) use engineering controls and reorganization of work?
d) Use administration controls, including training?
e) Use adequate personal protective equipment?
8.1.3 Management of Change
Has the organization established processes for the implementation and control of planned temporary and permanent changes that impact performance including:
a) new products, services, and processes, or changes to existing products, services, and processes, including: ·     Workplace locations and surroundings? ·     Working organization? ·     Working conditions? ·     Equipment? ·     Workforce?
b) Changes to legal requirements and other requirements?
c) Changes to knowledge or information about hazards and OH&S risks?
d) Developments in Knowledge and technology?
Does the organization review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary?
8.1.4 Procurement
Has the organization established, implemented, and maintained processes to control the procurement of products and services to ensure their conformity to its IMS management system?
Does the organization coordinate its procurement processes with its contractors, to identify hazards and assess and control the OH&S risks arising from:
a) The contractors’ activities and operations that impact the organization?
b) The organization’s activities and operations that impact the contractor’s workers?
c) The contractors’ activities and operations that impact other interested parties in the workplace?
How does the organization ensure that the requirements of its Quality Environment & OH&S management system are met by contractors and their workers?
Does the organization`s procurement processes define and apply occupational health and safety criteria for the selection of contractors?
How does the organization ensure outsourced functions and processes are controlled?
Does the organization ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended outcomes of the Integrated management system?
8.2 Requirements for Products and Services
8.2.1 Customer Communication
Do you have suitable processes in place to communicate with customers in respect of the following:
a) Provision of information relating to products and services?
b) Handling of inquiries, contracts, or orders, including changes?
c) Obtaining customer feedback relating to products and services, including customer complaints?
d) Handling or controlling customer property?
e) Establishing specific requirements for contingency actions, when relevant?
8.2.2 Determining the requirements related to products and services
When selecting the products and services to be offered to customers, do you ensure that:
a) Requirements for the products and services are defined, including those considered necessary by your organization and any applicable statutory and regulatory requirements.
b) Your organisation can meet the claims for the products and services it offers?
8.2.3 Review of requirements related to products and services
Does your organization ensure that it can meet the requirements for products and services that are offered to customers?
Does your organization conduct a review before committing to supply products and services to customers that include:
a) Requirements specified by the customer, including the requirements for delivery and post-delivery activities?
b) Requirements not stated by the customer, but necessary for the specified or intended use, when known?
c) Requirements specified by the organization?
d) Statutory and regulatory requirements applicable to the products and services?
e) Contract or order requirements differing from those previously expressed?
Does your organization ensure that contract or order requirements that differ from those previously defined, are resolved?
Are your customer requirements confirmed by your organization before acceptance, when the customer does not provide a documented statement of their requirements?
Does your organization retain documented information on:
a) The results of the review?
b) Any new requirements for the products and services?
8.2.4 Changes to Requirements for Products and Services
Does your organization ensure that relevant documented information is amended and that relevant persons are made aware of the changed requirements when the requirements for products and services are changed?
8.3 Design and Development of Products and Services
8.3.1 General
Does your organization establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services?
8.3.2 Design and Development Planning
In determining the stages and controls for design and development, does your organization consider:
a) The nature, duration, and complexity of the design and development activities?
b) The required process stages, including applicable design and development reviews?
c) The required design and development verification and validation activities?
d) The responsibilities and authorities involved in the design and development process?
e) The internal and external resource needs for the design and development of products and services?
f) The need to control interfaces between persons involved in the design and development process?
g) The need for involvement of customers and users in the design development process?
h) The requirements for the subsequent provision of products and services?
i) The level of control expected for the design and development process by customers and other relevant interested parties?
j) The documented information needed to demonstrate that design and development requirements have been met?
8.3.3 Design and Development Inputs
Does your organization determine the requirements essential for the specific types of products and services to be designed and developed?
Does your organization consider:
a) Functional and performance requirements?
b) Information derived from previous similar design and development activities?
c) Statutory and regulatory requirements?
d) Standards or codes of practice that the organization has committed to implementing?
e) Potential consequences of failure due to the nature of the products and services?
Are your organisation’s inputs adequate for design and development purposes and are they complete and unambiguous?
Does your organization resolve your conflicting design and development issues?
Does your organization retain documented information on design and development inputs?
8.3.4 Design and Development Controls
Does your organization apply controls to the design and development process to ensure that:
a) The results to be achieved are defined?
b) Reviews are conducted to evaluate the ability of the results of design and development to meet requirements.
c)  Verification activities are conducted to ensure that the design and development outputs meet the input requirements?
d) Validation activities are conducted to ensure the resulting products and services meet the requirements for the specified application or intended use.
e)   Any necessary actions taken on problems determined during the reviews, or verification and validation activities?
f) Documented information on these activities is retained?
8.3.5 Design and Development Outputs
Does your organization ensure that design and development outputs:
a) Meet the input requirements?
b) Are adequate for the subsequent processes for the provision of products and services?
c) Include or reference monitoring and measuring requirements, as appropriate and acceptance criteria?
d) Specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision?
Does your organization retain documented information on design and development outputs?
8.3.6 Design and Development Changes
Does your organization identify, review and control changes made during, or after, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on the conformity to requirements?
Does your organization retain documented information on:
a) Design and development changes?
b) The results of reviews?
c) The authorization of the changes?
d) The actions are taken to prevent adverse impacts?
8.4 Control of Externally Provided Processes, Products & Services
8.4.1 General
Does your organization ensure that externally provided processes, products and services conform to requirements?
Does your organization determine the controls to be applied to externally provided processes, products and services when:
a) Products and services from external providers intended for incorporation into your organization’s products and services?
b) Products and services are provided directly to the customer by external providers on behalf of your organization?
c) A process, or part of a process, is provided by an external provider as a result of a decision by your organization?
Does your organization determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services following requirements?
Does your organization retain documented information on these activities and any necessary actions arising from the evaluations?
8.4.2 Type and Extent of Control
Does your organization ensure that externally provided processes, products, and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers?
Does your organization:
a) Ensure that externally provided processes remain within the control of your QEMS?
b) Define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output?
c) Take into consideration:
1) The potential impact of the externally provided processes, products, and services on your organization’s ability to consistently meet customer and applicable statutory and regulatory requirements?
2) The effectiveness of the controls applied by the external provider?
d) Determine the verification, or other activities, necessary to ensure that the externally provided processes, products, and services meet requirements?
8.4.3 Information for external providers
Does your organization ensure the adequacy of requirements before their communication to the external provider?
Does your organization communicate to external providers its requirements for:
a) The processes, products, and services to be provided?
b) The approval of:
1) Products and services?
2) Methods, processes, and equipment?
3) The release of products and services?
c) Competence, including any required qualification of persons?
d) The external providers’ interactions with your organization?
e) Control and monitoring of the external providers’ performance to be applied by the organization?
f) Verification or validation activities that the organization, opt its customers, intends to perform at the external providers’ premises?
8.5 Production and Service Provision
8.5.1 Control of Production and Service Provision
Does your organization implement production and service provision under controlled conditions?
Does your organization’s controlled conditions include:
a) The availability of documented information that defines:
1) The characteristics of the products to be produced, the services to be provided, or the activities to be performed?
2) The results are to be achieved?
b) The availability and use of suitable monitoring and measuring resources?
c) The implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met?
d) The use of suitable infrastructure and environment for the operation of processes?
e) The appointment of competent persons, including any required qualification?
f) The validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurements?
g) The implementation of actions to prevent human error?
h) The implementation of release, delivery, and post-delivery activities?
8.5.2 Identification and traceability
Does your organization use suitable means to identify outputs when it is necessary to ensure the conformity of products and services?
Does your organization identify the status of outputs concerning monitoring and measurement requirements throughout production and service provision?
Does your organization control the unique identification of the outputs when traceability is a requirement and does your organisation retain the documented information necessary to enable traceability?
8.5.3 Property Belonging to Customers or External Providers
Does your organization exercise care with property belonging to customers or external providers while it is under your organization’s control or being used by your organization?
Does your organization identify, verify, protect, and safeguard customers’ or external providers’ property provided for use or incorporated into the products or services?
When the property of a customer or external provider is lost, damaged, or otherwise found to be unsuitable for use, does your organization report this to your customer or external provider and retain documented information on what has occurred?
8.5.4 Preservation
Does your organization preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements?
8.5.5 Post-Delivery Activities
Does your organization meet requirements for post-delivery activities associated with the products and services?
In determining the extent of post-delivery activities that are required, do you consider:
a) Statutory and regulatory requirements?
b) The potential undesired consequences associated with its products and services?
c) The nature, use, and intended lifetime of its products and services?
d) Customer requirements?
e) Customer feedback?
8.5.6 Control of Changes
Does your organization review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements?
8.6 Release of Products and Services
Does your organization implement planned arrangements, at appropriate stages to verify that the product and service requirements have been met?
Does your organization make sure the release of products and services to the customer does not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer?
Does your organization retain documented information on the release of products and services?
Does your organization's documented information include:
a) Evidence of conformity with the acceptance criteria?
b) Traceability to the person(s) authorising the release?
8.7 Control of Non-Conforming Outputs
8.7.1 Does your organization ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery?
Does your organization take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services? Does this also apply to nonconforming products and services detected after delivery of products, during or after the provision of services?
Does your organization deal with nonconforming outputs in one or more of the following ways:
a) Correction?
b) Segregation, containment, return, or suspension of the provision of products and services?
c) Informing the customer?
d) Obtaining authorization?
Does your organization ensure conformity to the requirements is verified when nonconforming outputs are corrected?
8.7.2 Does your organization retain documented information that:
a) Describes the nonconformity?
b) Describes the actions taken?
c) Describes any concessions obtained.
d) Identifies the authority deciding the action in respect of the nonconformity?
8.8 Emergency Preparedness and Response
Have you established, implemented, and maintained a procedure(s): a) To identify the potential for emergencies? b) To respond to such emergency systems?
Does your organization respond to actual emergencies and prevent or mitigate adverse associated Quality, Environmental impact & QHS consequences?
When you are planning your emergency response, do you take account of the needs of the relevant interested parties, e.g. emergency services and neighbors?
Do you periodically test your procedure(s) to respond to emergencies and where practicable, do you involve relevant interested parties as appropriate?
Do you review and where necessary, revise your emergency preparedness and response procedure(s), in particular, after periodical testing and after the occurrence of emergencies?
Has the organization maintained documented information on the process and on the plans for responding to potential emergencies?
9 Performance Evaluation
9.1 Monitoring, Measurement, Analysis, and Evaluation
9.1.1 General
Does your organization determine:
a)       What needs to be monitored and measured?
b)       The methods for monitoring, measurement, analysis and evaluation are needed to ensure valid results?
c)       When the monitoring and measuring shall be performed?
d)       When the results from monitoring and measurement are analyzed and evaluated?
Does your organization evaluate the performance and effectiveness of your IMS?
Does your organization retain appropriate documented information as evidence of the results?
9.1.2 Customer Satisfaction
Does your organization monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled?
Does your organization determine the methods for obtaining, monitoring, and reviewing this information?
9.1.3 Analysis and Evaluation
Does your organization analyze and evaluate appropriate data and information arising from monitoring and measurement?
Are the results of your analysis used to evaluate:
a) Conformity of products and services?
b) The degree of customer satisfaction?
c) The performance and effectiveness of your IMS?
d) If planning had been implemented effectively?
e) The effectiveness of actions taken to address risks and opportunities?
f) The performance of external providers?
g) The need for improvements to your IMS?
9.1.2 Evaluation of Compliance
Does your organization establish, implement and maintain the processes needed to evaluate the fulfillment of its compliance obligations & Legal & other requirements?
Does your organization:
a) Determine the frequency that compliance will be evaluated?
b) Evaluate compliance and take action if needed?
c) Maintain knowledge and understanding of its compliance status?
Does your organization retain documented information as evidence of the compliance evaluation results?
9.2 Internal Audit
9.2.1 Does your organization conduct internal audits at planned intervals to provide information on whether your IMS:
a) conforms to:
1) Your organization’s requirements for your IMS?
2) The requirements of the standard?
B) is effectively implemented and maintained?
9.2.2 Internal Audit Programme
Does your organization:
a) Plan, establish, implement and maintain an audit program including the frequency, methods, responsibilities, planning requirements, and reporting, which take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits.
b) Define the audit criteria and scope for each audit?
c) Select auditors and conduct an audit to ensure objectivity and impartiality of the audit process?
d) Ensure that the results of the audits are reported to relevant management?
e) Take appropriate correction and corrective actions without undue delay?
f) Retain documented information as evidence of the implementation of the audit program and the audit results?
9.3 Management review
9.3.1 General
Do top management review your organization’s IMS, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of the organization?
9.3.2 Management Review Inputs
Is the management review planned and carried out taking into consideration:
a)   The status of actions from previous management reviews?
b)   Changes in external and internal issues that are relevant to your IMS?
c)   Changes in the needs and expectations of interested parties, including compliance obligations?
d)   Changes in its significant environmental aspects?
e)   Changes in the risks and opportunities
f)    Information on the performance and effectiveness of your IMS, including trends in:
1) Customer satisfaction and feedback from relevant interested parties?
2) The extent to which Quality & Environmental objectives have been met?
3) Process performance and conformity of products and services?
4) Nonconformities and corrective actions?
5) Monitoring and measurement results?
6) Audit results?
7) The performance of external providers?
g)       The adequacy of resources?
h)       The effectiveness of actions taken to address risks and opportunities?
i)         Opportunities for improvement?
9.3.3 Management Review Outputs
Do the outputs of your management review include decisions and actions related to:
a) Conclusions on the continuing suitability, adequacy, and effectiveness of your EMS?
b) Decisions related to continual improvement opportunities?
c) Decisions related to any need for changes to your EMS, including resources?
d) Actions, if needed, when environmental objectives have not been achieved?
e) Opportunities to improve integration of your EMS with other business processes if needed?
f) Any implications for the strategic direction of the organization
Does your organization retain documented information as evidence of the results of your management reviews?
10 Improvement
10.1 General
Does your organization determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction?
Do these include:
a) Improving products and services to meet requirements as well as to address future needs and expectations?
b) Correcting, preventing, or reducing undesired effects?
c) Improving the performance and effectiveness of your IMS?
10.2 Incident, Non-Conformity, and Corrective Action
10.2.1 When a nonconformity occurs, including any arising from complaints, does your organization:
a) React to the nonconformity and, as applicable:
1) Take action to control and correct it?
2) Deal with the consequences
b) Evaluate the need for action to eliminate the cause of the nonconformity, so that it does not recur or occur elsewhere, by:
1) Investigate the incident by reviewing and analyzing the nonconformity?
2) Determining the causes of the incident & or nonconformity?
3) Determining if a similar incident occurs, nonconformities exist, or could potentially occur.
c) Implement any action needed?
d) Review the effectiveness of any corrective action taken?
e) Assess OH&S risks & opportunities and that relate to new or changed hazards, before taking action. if necessary?
f) Make changes to the Quality, Environment & Occupational Health & Safety management system, if necessary?
Do you ensure corrective actions are appropriate to the effects of the nonconformities encountered?
Does your organization retain documented information evidence of:
a) The nature of the incidents or nonconformities and any subsequent actions that were taken?
b) The results of any action and corrective action including their effectiveness?
How is this information communicated to relevant workers, and, where applicable, workers' representatives, and other interested parties?
10.3 Continual Improvement
Does your organization continually improve the suitability, adequacy, and effectiveness of your IMS?
Does your organization consider the results of your analysis and evaluation, and the outputs from management review, to determine if some needs or opportunities are addressed as part of continual improvement?