A checklist on where to start, and what to do first

Whether you are freshly minted into the QMS position or you are a founder of a Medical Device Startup or a product manager with a new project, you’re reading this because your strategy requires QMS oversight and your first question is likely “where to start” and “what to do”. 

There is a lot of information on the Web, but not all very helpful. The danger resides in fluff internet info pieces, written for promotional purposes. Look for the conscientious experts, the topic has been discussed in the article Expert vs Expert.

If you do QMS right, it’s not a burden, not an added layer of management that gets in the way.


This article will cover the following topics:

•    Steps of implementation ISO 9001 - 2015 Quality Management System

•    Implementation steps in practice:



▪    Organizing and Documenting Your Quality System




Steps of implementation ISO 9001-2015 Quality Management System


  1. Context of the organization
    • Context of the organization Understanding the organization and its context Understanding the needs and expectations of interested partiesUnderstanding the organization and its context
    • Understanding the needs and expectations of interested parties
    • Determining the scope of the quality management system
    • Quality management system
  1. Leadership
    • Leadership and commitment
      • General
      • Customer Focus
    • Policy
      • Developing Quality Policy
      • Communicating the Quality Policy
    • Organizational roles, responsibility, and authorities
  2. Planning
    • Actions to address risk and opportunities
    • Quality objectives and planning to achieve them
    • Planning of changes
  3. Support
    • Support Resources Competence Awareness CommunicationResources
    • Competence
    • Awareness
    • Communication
    • Documented information
      • General
      • Creating and updating documented information
      • Control of documented information
  4. Operation
    • Operational planning and control
    • Requirements for products and services
      • Customer communication
      • Determining requirements related to products or services
      • Review of requirements related to products and services
      • Changes to requirements for products and services
    • Design and development
      • General
      • Design and development planning
      • Design and development General Design and development planning Design and development inputsDesign and development inputs
      • Design and development controls
      • Design and development outputs
      • Design and development changes
    • Control of externally provided services
    • Production and service provision
    • Release of products and services
    • Control of nonconforming process outputs
  5. Performance evaluation
    • Monitoring, measurement, analysis and evaluation
      • General
      • Customer Satisfaction
      • Analysis and evaluation
    • Internal Audit
    • Management Review
  6. Improvement
    • General
    • Nonconformity and corrective action
    • Continual improvement


Implementation steps in practice:



Step 1: Top management commitment

The top management should show a commitment and determination to implement ISO 9001 or one of the associated standards (for example ISO 13485) quality management system in the organization. They must be convinced that registration and certification will enable the organization to show its commitment to quality to their customers.


Step 2: Establish an implementation team

Establish your implementation team and a Management Representative (MR).

Management Representative should be a person who coordinates and oversees the progress of implementation. He/she should be a key person between the top management and ISO register and also become an expert on ISO 9001. Responsibilities of MR are:

  1. Quality system maintenance - establishment + implementation + maintenance of QMS
  2. Reporting on Quality system performance – reporting to top management about QMS performance
  3. Promoting customer requirements – ensuring all employees are aware of customer requirements.

The implementation team should consist of employees from all organizational functions (marketing, design, development, quality control…).


Iso 9001: Implementation team


Step 3. Start ISO 9001 awareness training

The training should be structured for different categories of employees (managers, supervisors…) and should cover:

1. the basic concepts of quality systems and standard

2. the overall impact on the company’s strategic goals

3. the changed work processes, and likely work culture implications of the quality system

As an additional training about writing quality manuals, procedures and work instructions would be also necessary.


Step 4: Perform a Gap Analysis

In this step, you should compare your existing quality system with the requirements of the ISO 9001 standard. It has a goal of determining what processes and procedures your company already meet ISO 9001 requirements, what needs to be modified and what needs to be created to meet ISO 9001 requirements.

Steps of gap assessment:

1. determining the present operations/processes which already exists

2. analyzing the relevant part of the sections of ISO 9001 standard to determine what is actually required

3. documenting the “gaps”

This can be performed internally or externally by an experienced ISO 9000 consulting firm.


Create a document implementation plan


Step 5. Create a documented implementation plan

Elements of implementation plan should be thorough and specific, detailing:

1. quality documentation to be developed

2. the relevant ISO 9001 standard section

3. person/team responsible

4. approvals required

5. training required

6. resources required

7. estimated completion date

A gantt chart should be made, reviewed and approved by the top management. After approval, the Management Representative should control, review and update the plan as documentation and the implementation process proceeds.




Step 6: Documentation and development

There are 6 documented procedures required to create ISO 9001 QMSThere are 6 documented procedures required to create ISO 9001 QMS:

1. Document control

2. Control of records

3. Internal Audit

4. Non-Conforming Product

5. Corrective Action

6. Preventive Action

There are always some additional documented procedures that will be needed for your staff while they are working on the company’s various processes.


Step 7. Review and release documents

Management should check all documentation to ensure it meets the operational needs of the company and ISO 9001 requirements. If it is all done, documentation is ready to use after the final approval of management.



Organizing and Documenting Your Quality System


Documentation hierarchy:

Quality Manual – is a key document written early in QMS implementation. It gives an organization profile by presenting its relationships and responsibilities of persons whose work quality and outlines are the main procedures. The Quality Manual should include:

  • a statement explaining the scope of the Quality Management System, including exclusions and details for their justification
  • a description of the Quality System processes and their interactions
  • the company’s quality policy and quality objectives
  • an overview of the system-level procedures

Documentation hierarchy ISO 9001Quality Manual should be always up to date and ensure that the correct process interfaces are defined and responsibilities and authorities documented.

Procedures describe the activities of individual departments, how quality is controlled in each department and the checks that are carried out.

Work Instructions are specific and contain the necessary instructions needed to perform a task.

Records must be maintained to show compliance to quality system requirements. Records must be kept up to date to prove compliance during registration or subsequent surveillance audits.

Processes used in the quality framework should be mapped and updated to meet the requirements of the ISO 9001 standard.

Templates should be developed for all of the controlled document types you intend to use. Templates should have consistent styles and formats so that documents are easy to read and navigate. Each template must meet controlled document requirements. Procedures and Work Instructions should have Purpose, Scope and Responsibilities sections. A company logo can also be included with the document header.

Quality Policy contains Quality Objectives of organization which are present at all level and which establish measurable processes to assure your product or service meets stated requirements.

Document control
A Documentation Control System must be created to manage the creation, approval, distribution, revision, storage, and disposal of the various types of documentation that your company develops. Your document control systems should be as simple and as easy to operate as possible but sufficient to meet ISO 9001 requirements (it should contain unique ID, revision control, change history summary, signatures & verification signature, date of versions and revisions).

The principle of ISO 9001 document control is that employees should have access to the documentation and records needed to fulfill their responsibilities.




Step 8. Implementation and employee training

The Quality System should be put into practice.


Step 9. Quality system registrar selection

 Implementation and employee trainingSelect an independent Registration Body that is officially accredited to issue Quality System certifications. They make audit the company’s Quality System and if it’s successful, it gets certified.


Step 10. Internal quality audit

As the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:

  • Conform to the planned arrangements, to the requirements of the standard (ISO

9001:2015) and to the quality management system requirements established by

your organization, and

  • It is effectively implemented and maintained.

Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.


Step 11. Management review

Management reviewAfter 3 to 6 months of Quality System operating, an internal audit and management review should be conducted (in purpose to assure suitability, adequacy, and effectiveness of the QMS) and corrective measures implemented. These reviews and corrective measures should help improve the Quality System (quality policy and quality objectives included).

The input to management review should include information on:

  • Results of audits,
  • Customer feedback,
  • Process performance and product conformity,
  • Status of preventive and corrective actions,
  • Follow-up actions from previous management reviews,
  • Changes that could affect the quality management system, and
  • Recommendations for improvements.


Step 12. Pre-assessment audit

A pre-assessment audit should be done by the registration body you selected after your Quality System has been in operation for a few months. This audit should be done in 2 stages:

  • Stage 1: includes the audit of documentation (if documents meet the requirements of the standard) and making a management review (Step 11.)
  • Stage 2: ensures that all applicable ISO 9001 or related standard requirements have been met and all non-conformances found in stage 1 have been corrected.


Step 13. Certification and registration

If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generally for a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.


Step 14: Continual Improvement

Certification shouldn’t be the end. The effectiveness and suitability of the quality management system should be continually improved through the use of:

  • Quality policy
  • Quality objectives
  • Audit results
  • Analysis of data
  • Corrective and preventive actions
  • Management review



Comments (1)

*your email will not be published

Hi :) do you provide QMS consultancy in case of purchasing a software?