ISO 9001:2015 Requirement Auditing. (Clause 9)

Clause 9 in ISO 9001:2015 is titled "Performance Evaluation" and focuses on monitoring, measuring, analyzing, and evaluating the organization's processes to ensure conformity and achieve continual improvement.

The key areas covered in Clause 9 of ISO 9001:2015 include:

1. Performance monitoring: Verify that the organization has established processes to monitor key performance indicators (KPIs) and other relevant metrics to assess the performance of the QMS. This may include tracking customer satisfaction, process performance, and product/service conformity.

2. Internal audits: Verify that the organization conducts regular internal audits of its QMS to determine its conformity with ISO 9001 requirements and the organization's own policies and procedures. This includes verifying that internal audits are planned, conducted, and documented effectively.

3. Management review: Verify that top management conducts periodic management reviews of the QMS. This involves reviewing the QMS's performance, suitability, adequacy, and effectiveness. Auditors should verify that management reviews are conducted according to planned intervals and include appropriate inputs and outputs.

4. Non-conformity and corrective action: Verify that the organization has processes in place to identify, document, and address non-conformities. This includes verifying that non-conformities are investigated, root causes are determined, and appropriate corrective actions are taken to prevent recurrence.

5. Continual improvement: Verify that the organization is actively pursuing opportunities for improvement within the QMS. This includes verifying that processes are established to collect and analyze data, identify improvement opportunities, and implement actions to enhance the QMS's performance.

6. Data analysis: Verify that the organization collects and analyzes relevant data to assess the performance of the QMS. This may include data related to customer satisfaction, process performance, product/service conformity, and other performance indicators. Auditors should check that data analysis methods are appropriate and effective.

7. Risk management: Verify that the organization has implemented processes to identify and address risks and opportunities related to the QMS. This includes identifying risks and opportunities, assessing their impact, and implementing appropriate actions to mitigate risks and seize opportunities.

8. Documented information: Verify that the organization maintains appropriate documented information related to performance evaluation. This includes records of internal audits, management reviews, non-conformities, corrective actions, and improvement initiatives.

Here are some examples of evidence you can look for during an audit

(Clause 9:

1. Performance monitoring:

- Records of key performance indicators (KPIs) and metrics being tracked and monitored.

- Reports or dashboards showing trends and data related to customer satisfaction, process performance, and product/service conformity.

- Documentation of monitoring processes, including frequency, methods, and responsibilities.

2. Internal audits:

- Audit schedules and plans indicating the frequency and scope of internal audits.

- Audit reports documenting findings, non-conformities, and opportunities for improvement.

- Evidence of corrective actions taken in response to audit findings.

- Competence records of internal auditors.

3. Management review:

- Meeting agendas, minutes, and attendance records for management review meetings.

- Documentation of inputs considered during the management review, such as performance data, customer feedback, and internal audit results.

- Records of decisions, actions, and resource allocations resulting from the management review.

- Evidence of follow-up actions and their implementation.

4. Non-conformity and corrective action:

- Records of identified non-conformities and their documentation.

- Evidence of investigations conducted to determine root causes of non-conformities.

- Corrective action requests or reports outlining the actions taken to address non-conformities.

- Records of verification activities to ensure the effectiveness of corrective actions.

5. Continual improvement:

- Documentation of improvement initiatives, including action plans, timelines, and responsible parties.

- Records of improvement projects, their objectives, and outcomes.

- Data analysis reports highlighting trends, patterns, and areas for improvement.

- Evidence of lessons learned and best practices shared and implemented within the organization.

6. Data analysis:

- Data collection and analysis methods used, such as statistical techniques, control charts, or customer surveys.

- Analysis reports showing trends, variations, or correlations in performance data.

- Records of data sources, sampling methods, and data integrity checks.

- Evidence of data-driven decision-making and actions taken based on data analysis.

7. Risk management:

- Risk registers or matrices identifying potential risks and opportunities.

- Documentation of risk assessments, including risk identification, analysis, and evaluation.

- Evidence of risk mitigation or exploitation actions taken.

- Records of risk reviews and updates to risk management plans.

8. Documented information:

- Documented procedures and instructions related to performance evaluation processes.

- Records of documented information, such as performance reports, analysis results, and improvement plans.

- Document control records, including document revisions, approvals, and distribution lists.

Auditors should evaluate these types of evidence to ensure that the organization has effectively implemented the requirements of Clause 9 of ISO 9001. The specific evidence required may vary depending on the organization's context and the scope of its quality management system.