Annex SL Cấu trúc cấp cao của Hệ thống quản lý ISO High level structure

Cấu trúc cấp cao theo quan điểm mới của ISO giành cho các hệ thống quản lý. Hight Level Structure Risk base thinking Tiêu chuẩn này quy định cấu trúc nền tảng cho các tiêu chuẩn sẽ được phát hành bởi ISO Tổ chức tiêu chuẩn hoá quốc tế

Appendix 2

(normative)

‹‰ŠŽ‡˜‡Ž•–”—…–—”‡ǡ‹†‡–‹…ƒŽ…‘”‡–‡š–ǡ…‘‘–‡”•ƒ†…‘”‡†‡ϐ‹‹–‹‘•

–Š‡†‡–‹…ƒŽ–‡š–’”‘’‘•ƒŽ•ǡა†‹•…‹’Ž‹‡•’‡…‹ϐ‹…“—ƒŽ‹ϐ‹‡”ȋ‡Ǥ‰Ǥ‡‡”‰›ǡ”‘ƒ†

–”ƒˆϐ‹…•ƒˆ‡–›ǡ•‡…—”‹–›ǡˆ‘‘†•ƒˆ‡–›ǡ•‘…‹‡–ƒŽ•‡…—”‹–›ǡ‡˜‹”‘‡–ǡ“—ƒŽ‹–›Ȍ–Šƒ–‡‡†•–‘„‡‹•‡”–‡†Ǥ

Ž—‡‹–ƒŽ‹…‹œ‡†–‡š–‹•‰‹˜‡ƒ•ƒ†˜‹•‘”›‘–‡•–‘•–ƒ†ƒ”†•†”ƒˆ–‡”•

Introduction

1 Scope

2 Normative references

͵Ǥ‡”•ƒ††‡ϐ‹‹–‹‘•

•–ƒ†ƒ”†‘”‹ƒ•‡’ƒ”ƒ–‡†‘…—‡–Ǥ‘”‡ˆ‡”‡…‡‘‘–‡”•ƒ†‘”‡†‡ϔ‹‹–‹‘•ή†‹•…‹’Ž‹‡•’‡…‹ϔ‹…

‘‡•ǤŠ‡ƒ””ƒ‰‡‡–‘ˆ–‡”•ƒ††‡ϔ‹‹–‹‘••ŠƒŽŽ„‡ƒ……‘”†‹‰–‘–Š‡…‘…‡’–•›•–‡•‘ˆ‡ƒ…Š•–ƒ†ƒ”†Ǥ

‘”–Š‡’—”’‘•‡•‘ˆ–Š‹•†‘…—‡–ǡ–Š‡ˆ‘ŽŽ‘™‹‰–‡”•ƒ††‡ϐ‹‹–‹‘•ƒ’’Ž›Ǥ

–‡š–dzˆ‘”ƒƒ‰‡‡–•›•–‡••–ƒ†ƒ”†•Ǥ††‹–‹‘ƒŽ–‡”•ƒ††‡ϔ‹‹–‹‘•ƒ›„‡ƒ††‡†ƒ•‡‡†‡†Ǥ‘–‡•

ƒ›„‡ƒ††‡†‘”‘†‹ϔ‹‡†–‘•‡”˜‡–Š‡’—”’‘•‡‘ˆ‡ƒ…Š•–ƒ†ƒ”†Ǥ

in this clause, and the number reference for the term is given in parentheses.

•Š‘—Ž†„‡‹•‡”–‡††‡’‡†‹‰‘–Š‡…‘–‡š–‹™Š‹…Š–Š‡•‡–‡”•ƒ††‡ϔ‹‹–‹‘•ƒ”‡„‡‹‰ƒ’’Ž‹‡†Ǥ ‘”

‡šƒ’Ž‡ǣDzƒ‘„Œ‡…–‹˜‡dz…‘—Ž†„‡•—„•–‹–—–‡†ƒ•Dzƒ‹ˆ‘”ƒ–‹‘•‡…—”‹–›‘„Œ‡…–‹˜‡dzǤ

3.1

organization

’‡”•‘‘”‰”‘—’‘ˆ’‡‘’Ž‡–Šƒ–Šƒ•‹–•‘™ˆ—…–‹‘•™‹–Š”‡•’‘•‹„‹Ž‹–‹‡•ǡƒ—–Š‘”‹–‹‡•ƒ†”‡Žƒ–‹‘-ships to achieve its ‘„Œ‡…–‹˜‡• (3.8)

‘–‡ͳ–‘‡–”›ǣ Š‡…‘…‡’–‘ˆ‘”‰ƒ‹œƒ–‹‘‹…Ž—†‡•ǡ„—–‹•‘–Ž‹‹–‡†–‘•‘Ž‡Ǧ–”ƒ†‡”ǡ…‘’ƒ›ǡ…‘”’‘”ƒ–‹‘ǡϐ‹”ǡ

‡–‡”’”‹•‡ǡƒ—–Š‘”‹–›ǡ’ƒ”–‡”•Š‹’ǡ…Šƒ”‹–›‘”‹•–‹–—–‹‘ǡ‘”’ƒ”–‘”…‘„‹ƒ–‹‘–Š‡”‡‘ˆǡ™Š‡–Š‡”‹…‘”’‘”ƒ–‡†‘”

‘–ǡ’—„Ž‹…‘”’”‹˜ƒ–‡Ǥ

3.2

interested party (preferred term)

stakeholder (admitted term)

person or organizationȋ͵ǤͳȌ–Šƒ–…ƒƒˆˆ‡…–ǡ„‡ƒˆˆ‡…–‡†„›ǡ‘”’‡”…‡‹˜‡‹–•‡Žˆ–‘„‡ƒˆˆ‡…–‡†„›ƒ†‡…‹•‹‘

‘”ƒ…–‹˜‹–›

3.3

requirement

‡‡†‘”‡š’‡…–ƒ–‹‘–Šƒ–‹••–ƒ–‡†ǡ‰‡‡”ƒŽŽ›‹’Ž‹‡†‘”‘„Ž‹‰ƒ–‘”›

‹–‡”‡•–‡†’ƒ”–‹‡•–Šƒ––Š‡‡‡†‘”‡š’‡…–ƒ–‹‘—†‡”…‘•‹†‡”ƒ–‹‘‹•‹’Ž‹‡†Ǥ

‘–‡ʹ–‘‡–”›ǣ •’‡…‹ϐ‹‡†”‡“—‹”‡‡–‹•‘‡–Šƒ–‹••–ƒ–‡†ǡˆ‘”‡šƒ’Ž‡‹†‘…—‡–‡†‹ˆ‘”ƒ–‹‘Ǥ

3.4

management system

set of interrelated or interacting elements of an organization ȋ͵ǤͳȌ–‘‡•–ƒ„Ž‹•Špolicies (3.7) and

‘„Œ‡…–‹˜‡• (3.8) and processesȋ͵ǤͳʹȌ–‘ƒ…Š‹‡˜‡–Š‘•‡‘„Œ‡…–‹˜‡•

‘–‡ͳ–‘‡–”›ǣ ƒƒ‰‡‡–•›•–‡…ƒƒ††”‡••ƒ•‹‰Ž‡†‹•…‹’Ž‹‡‘”•‡˜‡”ƒŽ†‹•…‹’Ž‹‡•Ǥ

‘–‡ʹ–‘‡–”›ǣ Š‡•›•–‡‡Ž‡‡–•‹…Ž—†‡–Š‡‘”‰ƒ‹œƒ–‹‘ǯ••–”—…–—”‡ǡ”‘Ž‡•ƒ†”‡•’‘•‹„‹Ž‹–‹‡•ǡ’Žƒ‹‰ and operation.

‘–‡͵–‘‡–”›ǣ Š‡ •…‘’‡ ‘ˆ ƒ ƒƒ‰‡‡– •›•–‡ ƒ› ‹…Ž—†‡ –Š‡ ™Š‘Ž‡ ‘ˆ –Š‡ ‘”‰ƒ‹œƒ–‹‘ǡ •’‡…‹ϐ‹… ƒ†

‹†‡–‹ϐ‹‡† ˆ—…–‹‘• ‘ˆ –Š‡ ‘”‰ƒ‹œƒ–‹‘ǡ •’‡…‹ϐ‹… ƒ† ‹†‡–‹ϐ‹‡† •‡…–‹‘• ‘ˆ –Š‡ ‘”‰ƒ‹œƒ–‹‘ǡ ‘” ‘‡ ‘” ‘”‡

ˆ—…–‹‘•ƒ…”‘••ƒ‰”‘—’‘ˆ‘”‰ƒ‹œƒ–‹‘•Ǥ

3.5

top management

’‡”•‘‘”‰”‘—’‘ˆ’‡‘’Ž‡™Š‘†‹”‡…–•ƒ†…‘–”‘Ž•ƒorganization (3.1) at the highest level

‘–‡ͳ–‘‡–”›ǣ ‘’ ƒƒ‰‡‡– Šƒ• –Š‡ ’‘™‡” –‘ †‡Ž‡‰ƒ–‡ ƒ—–Š‘”‹–› ƒ† ’”‘˜‹†‡ ”‡•‘—”…‡• ™‹–Š‹ –Š‡

‘”‰ƒ‹œƒ–‹‘Ǥ

‘–‡ʹ–‘‡–”›ǣ ˆ –Š‡ •…‘’‡ ‘ˆ –Š‡ management system ȋ͵ǤͶȌ …‘˜‡”• ‘Ž› ’ƒ”– ‘ˆ ƒ ‘”‰ƒ‹œƒ–‹‘ǡ –Š‡ –‘’

ƒƒ‰‡‡–”‡ˆ‡”•–‘–Š‘•‡™Š‘†‹”‡…–ƒ†…‘–”‘Ž–Šƒ–’ƒ”–‘ˆ–Š‡‘”‰ƒ‹œƒ–‹‘Ǥ

3.6

effectiveness

‡š–‡––‘™Š‹…Š’Žƒ‡†ƒ…–‹˜‹–‹‡•ƒ”‡”‡ƒŽ‹œ‡†ƒ†’Žƒ‡†”‡•—Ž–•ƒ…Š‹‡˜‡†

3.7

policy

intentions and direction of an organization ȋ͵ǤͳȌǡƒ•ˆ‘”ƒŽŽ›‡š’”‡••‡†„›‹–•top management (3.5)

3.8

objective

”‡•—Ž––‘„‡ƒ…Š‹‡˜‡†

‘–‡ͳ–‘‡–”›ǣ ‘„Œ‡…–‹˜‡…ƒ„‡•–”ƒ–‡‰‹…ǡ–ƒ…–‹…ƒŽǡ‘”‘’‡”ƒ–‹‘ƒŽǤ

‘–‡ʹ–‘‡–”›ǣ „Œ‡…–‹˜‡• …ƒ ”‡Žƒ–‡ –‘ †‹ˆˆ‡”‡– †‹•…‹’Ž‹‡• ȋ•—…Š ƒ• ϐ‹ƒ…‹ƒŽǡ Š‡ƒŽ–Š ƒ† •ƒˆ‡–›ǡ ƒ†

‡˜‹”‘‡–ƒŽ‰‘ƒŽ•Ȍƒ†…ƒƒ’’Ž›ƒ–†‹ˆˆ‡”‡–Ž‡˜‡Ž•ȋ•—…Šƒ••–”ƒ–‡‰‹…ǡ‘”‰ƒ‹œƒ–‹‘Ǧ™‹†‡ǡ’”‘Œ‡…–ǡ’”‘†—…–ƒ†

process (3.12)).

‘–‡͵–‘‡–”›ǣ ‘„Œ‡…–‹˜‡…ƒ„‡‡š’”‡••‡†‹‘–Š‡”™ƒ›•ǡ‡Ǥ‰Ǥƒ•ƒ‹–‡†‡†‘—–…‘‡ǡƒ’—”’‘•‡ǡƒ‘’‡”ƒ–‹‘ƒŽ …”‹–‡”‹‘ǡƒ•ƒ‘„Œ‡…–‹˜‡ǡ‘”„›–Š‡—•‡‘ˆ‘–Š‡”™‘”†•™‹–Š•‹‹Žƒ”‡ƒ‹‰ȋ‡Ǥ‰Ǥƒ‹ǡ‰‘ƒŽǡ‘”–ƒ”‰‡–ȌǤ

‘–‡Ͷ–‘‡–”›ǣ –Š‡…‘–‡š–‘ˆƒƒ‰‡‡–•›•–‡•ǡ‘„Œ‡…–‹˜‡•ƒ”‡•‡–„›–Š‡‘”‰ƒ‹œƒ–‹‘ǡ…‘•‹•–‡–

™‹–Š–Š‡’‘Ž‹…›ǡ–‘ƒ…Š‹‡˜‡•’‡…‹ϐ‹…”‡•—Ž–•Ǥ

3.9

risk

‡ˆˆ‡…–‘ˆ—…‡”–ƒ‹–›

‘–‡ͳ–‘‡–”›ǣ ‡ˆˆ‡…–‹•ƒ†‡˜‹ƒ–‹‘ˆ”‘–Š‡‡š’‡…–‡†Ȅ’‘•‹–‹˜‡‘”‡‰ƒ–‹˜‡Ǥ

‘–‡ʹ–‘‡–”›ǣ …‡”–ƒ‹–›‹•–Š‡•–ƒ–‡ǡ‡˜‡’ƒ”–‹ƒŽǡ‘ˆ†‡ϐ‹…‹‡…›‘ˆ‹ˆ‘”ƒ–‹‘”‡Žƒ–‡†–‘ǡ—†‡”•–ƒ†‹‰‘”

‘™Ž‡†‰‡‘ˆǡƒ‡˜‡–ǡ‹–•…‘•‡“—‡…‡ǡ‘”Ž‹‡Ž‹Š‘‘†Ǥ

‘–‡Ͷ–‘‡–”›ǣ ‹•‹•‘ˆ–‡‡š’”‡••‡†‹–‡”•‘ˆƒ…‘„‹ƒ–‹‘‘ˆ–Š‡…‘•‡“—‡…‡•‘ˆƒ‡˜‡–ȋ‹…Ž—†‹‰

3.10

competence

ƒ„‹Ž‹–›–‘ƒ’’Ž›‘™Ž‡†‰‡ƒ†•‹ŽŽ•–‘ƒ…Š‹‡˜‡‹–‡†‡†”‡•—Ž–•

3.11

documented information

‹ˆ‘”ƒ–‹‘”‡“—‹”‡†–‘„‡…‘–”‘ŽŽ‡†ƒ†ƒ‹–ƒ‹‡†„›ƒorganizationȋ͵ǤͳȌƒ†–Š‡‡†‹—‘

which it is contained

‘–‡ͳ–‘‡–”›ǣ ‘…—‡–‡†‹ˆ‘”ƒ–‹‘…ƒ„‡‹ƒ›ˆ‘”ƒ–ƒ†‡†‹ƒǡƒ†ˆ”‘ƒ›•‘—”…‡Ǥ

‘–‡ʹ–‘‡–”›ǣ ‘…—‡–‡†‹ˆ‘”ƒ–‹‘…ƒ”‡ˆ‡”–‘ǣ

— the management system ȋ͵ǤͶȌǡ‹…Ž—†‹‰”‡Žƒ–‡†processes (3.12);

Ȅ‹ˆ‘”ƒ–‹‘…”‡ƒ–‡†‹‘”†‡”ˆ‘”–Š‡‘”‰ƒ‹œƒ–‹‘–‘‘’‡”ƒ–‡ȋ†‘…—‡–ƒ–‹‘ȌǢ

Ȅ‡˜‹†‡…‡‘ˆ”‡•—Ž–•ƒ…Š‹‡˜‡†ȋ”‡…‘”†•ȌǤ

3.12

process

•‡–‘ˆ‹–‡””‡Žƒ–‡†‘”‹–‡”ƒ…–‹‰ƒ…–‹˜‹–‹‡•™Š‹…Š–”ƒ•ˆ‘”•‹’—–•‹–‘‘—–’—–•

3.13

performance

‡ƒ•—”ƒ„Ž‡”‡•—Ž–

‘–‡ͳ–‘‡–”›ǣ ‡”ˆ‘”ƒ…‡…ƒ”‡Žƒ–‡‡‹–Š‡”–‘“—ƒ–‹–ƒ–‹˜‡‘”“—ƒŽ‹–ƒ–‹˜‡ϐ‹†‹‰•Ǥ

‘–‡ʹ–‘‡–”›ǣ ‡”ˆ‘”ƒ…‡…ƒ”‡Žƒ–‡–‘–Š‡ƒƒ‰‡‡–‘ˆƒ…–‹˜‹–‹‡•ǡprocessesȋ͵ǤͳʹȌǡ’”‘†—…–•ȋ‹…Ž—†‹‰

•‡”˜‹…‡•Ȍǡ•›•–‡•‘”organizations (3.1).

3.14

outsourceȋ˜‡”„Ȍ

ƒ‡ƒƒ””ƒ‰‡‡–™Š‡”‡ƒ‡š–‡”ƒŽorganizationȋ͵ǤͳȌ’‡”ˆ‘”•’ƒ”–‘ˆƒ‘”‰ƒ‹œƒ–‹‘ǯ•ˆ—…–‹‘

or process (3.12)

‘–‡ͳ–‘‡–”›ǣ  ‡š–‡”ƒŽ ‘”‰ƒ‹œƒ–‹‘ ‹• ‘—–•‹†‡ –Š‡ •…‘’‡ ‘ˆ –Š‡ management system ȋ͵ǤͶȌǡ ƒŽ–Š‘—‰Š –Š‡

‘—–•‘—”…‡†ˆ—…–‹‘‘”’”‘…‡••‹•™‹–Š‹–Š‡•…‘’‡Ǥ

3.15

monitoring

†‡–‡”‹‹‰–Š‡•–ƒ–—•‘ˆƒ•›•–‡ǡƒprocessȋ͵ǤͳʹȌ‘”ƒƒ…–‹˜‹–›

‘–‡ͳ–‘‡–”›ǣ ‘†‡–‡”‹‡–Š‡•–ƒ–—•ǡ–Š‡”‡ƒ›„‡ƒ‡‡†–‘…Š‡…ǡ•—’‡”˜‹•‡‘”…”‹–‹…ƒŽŽ›‘„•‡”˜‡Ǥ

3.16

measurement

processȋ͵ǤͳʹȌ–‘†‡–‡”‹‡ƒ˜ƒŽ—‡

3.17

audit

•›•–‡ƒ–‹…ǡ‹†‡’‡†‡–ƒ††‘…—‡–‡†processȋ͵ǤͳʹȌˆ‘”‘„–ƒ‹‹‰ƒ—†‹–‡˜‹†‡…‡ƒ†‡˜ƒŽ—ƒ–‹‰‹–

‘„Œ‡…–‹˜‡Ž›–‘†‡–‡”‹‡–Š‡‡š–‡––‘™Š‹…Š–Š‡ƒ—†‹–…”‹–‡”‹ƒƒ”‡ˆ—Žϐ‹ŽŽ‡†

‘–‡ͳ–‘‡–”›ǣ ƒ—†‹–…ƒ„‡ƒ‹–‡”ƒŽƒ—†‹–ȋϐ‹”•–’ƒ”–›Ȍ‘”ƒ‡š–‡”ƒŽƒ—†‹–ȋ•‡…‘†’ƒ”–›‘”–Š‹”†’ƒ”–›Ȍǡ

ƒ†‹–…ƒ„‡ƒ…‘„‹‡†ƒ—†‹–ȋ…‘„‹‹‰–™‘‘”‘”‡†‹•…‹’Ž‹‡•ȌǤ

‘–‡ʹ–‘‡–”›ǣ ‹–‡”ƒŽƒ—†‹–‹•…‘†—…–‡†„›–Š‡‘”‰ƒ‹œƒ–‹‘‹–•‡Žˆǡ‘”„›ƒ‡š–‡”ƒŽ’ƒ”–›‘‹–•„‡ŠƒŽˆǤ

‘–‡͵–‘‡–”›ǣ Dz—†‹–‡˜‹†‡…‡dzƒ†Dzƒ—†‹–…”‹–‡”‹ƒdzƒ”‡†‡ϐ‹‡†‹ͳͻͲͳͳǤ

3.18

conformity

ˆ—Žϐ‹Ž‡–‘ˆƒ”‡“—‹”‡‡– (3.3)

3.19

nonconformity

‘Ǧˆ—Žϐ‹Ž‡–‘ˆƒ”‡“—‹”‡‡– (3.3)

3.20

corrective action

ƒ…–‹‘–‘‡Ž‹‹ƒ–‡–Š‡…ƒ—•‡‘ˆƒnonconformityȋ͵ǤͳͻȌƒ†–‘’”‡˜‡–”‡…—””‡…‡

3.21

continual improvement

”‡…—””‹‰ƒ…–‹˜‹–›–‘‡Šƒ…‡performance (3.13)

4 Context of the organization

4.1 Understanding the organization and its context

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ†‡–‡”‹‡‡š–‡”ƒŽƒ†‹–‡”ƒŽ‹••—‡•–Šƒ–ƒ”‡”‡Ž‡˜ƒ––‘‹–•’—”’‘•‡ƒ†–Šƒ–

ƒˆˆ‡…–‹–•ƒ„‹Ž‹–›–‘ƒ…Š‹‡˜‡–Š‡‹–‡†‡†‘—–…‘‡ȋ•Ȍ‘ˆ‹–•ƒƒ‰‡‡–•›•–‡Ǥ

4.2 Understanding the needs and expectations of interested parties

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ†‡–‡”‹‡ǣ

Ȅ –Š‡‹–‡”‡•–‡†’ƒ”–‹‡•–Šƒ–ƒ”‡”‡Ž‡˜ƒ––‘–Š‡ƒƒ‰‡‡–•›•–‡Ǣ

Ȅ –Š‡”‡Ž‡˜ƒ–”‡“—‹”‡‡–•‘ˆ–Š‡•‡‹–‡”‡•–‡†’ƒ”–‹‡•Ǥ

4.3 Determining the scope of the XXX management system

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ†‡–‡”‹‡–Š‡„‘—†ƒ”‹‡•ƒ†ƒ’’Ž‹…ƒ„‹Ž‹–›‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡–‘

‡•–ƒ„Ž‹•Š‹–••…‘’‡Ǥ

Š‡†‡–‡”‹‹‰–Š‹••…‘’‡ǡ–Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ…‘•‹†‡”ǣ

Ȅ –Š‡‡š–‡”ƒŽƒ†‹–‡”ƒŽ‹••—‡•”‡ˆ‡””‡†–‘‹ͶǤͳǢ

Ȅ –Š‡”‡“—‹”‡‡–•”‡ˆ‡””‡†–‘‹ͶǤʹǤ

4.4 XXX management system

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ‡•–ƒ„Ž‹•Šǡ‹’Ž‡‡–ǡƒ‹–ƒ‹ƒ†…‘–‹—ƒŽŽ›‹’”‘˜‡ƒƒƒ‰‡‡–

•›•–‡ǡ‹…Ž—†‹‰–Š‡’”‘…‡••‡•‡‡†‡†ƒ†–Š‡‹”‹–‡”ƒ…–‹‘•ǡ‹ƒ……‘”†ƒ…‡™‹–Š–Š‡”‡“—‹”‡‡–•‘ˆ

–Š‹•–‡”ƒ–‹‘ƒŽ–ƒ†ƒ”†Ȁ–Š‹•’ƒ”–‘ˆȀ–Š‹•‡…Š‹…ƒŽ’‡…‹ϐ‹…ƒ–‹‘Ǥ

5 Leadership

5.1 Leadership and commitment

‘’ƒƒ‰‡‡–•ŠƒŽŽ†‡‘•–”ƒ–‡Ž‡ƒ†‡”•Š‹’ƒ†…‘‹–‡–™‹–Š”‡•’‡…––‘–Š‡ƒƒ‰‡‡–

•›•–‡„›ǣ

Ȅ ‡•—”‹‰ –Šƒ– –Š‡  ’‘Ž‹…› ƒ†  ‘„Œ‡…–‹˜‡• ƒ”‡ ‡•–ƒ„Ž‹•Š‡† ƒ† ƒ”‡ …‘’ƒ–‹„Ž‡ ™‹–Š –Š‡

•–”ƒ–‡‰‹…†‹”‡…–‹‘‘ˆ–Š‡‘”‰ƒ‹œƒ–‹‘Ǣ

Ȅ ‡•—”‹‰ –Š‡ ‹–‡‰”ƒ–‹‘ ‘ˆ –Š‡  ƒƒ‰‡‡– •›•–‡ ”‡“—‹”‡‡–• ‹–‘ –Š‡ ‘”‰ƒ‹œƒ–‹‘ǯ•

„—•‹‡••’”‘…‡••‡•Ǣ

Ȅ ‡•—”‹‰–Šƒ––Š‡”‡•‘—”…‡•‡‡†‡†ˆ‘”–Š‡ƒƒ‰‡‡–•›•–‡ƒ”‡ƒ˜ƒ‹Žƒ„Ž‡Ǣ

Ȅ …‘—‹…ƒ–‹‰ –Š‡ ‹’‘”–ƒ…‡ ‘ˆ ‡ˆˆ‡…–‹˜‡  ƒƒ‰‡‡– ƒ† ‘ˆ …‘ˆ‘”‹‰ –‘ –Š‡ 

ƒƒ‰‡‡–•›•–‡”‡“—‹”‡‡–•Ǣ

Ȅ ‡•—”‹‰–Šƒ––Š‡ƒƒ‰‡‡–•›•–‡ƒ…Š‹‡˜‡•‹–•‹–‡†‡†‘—–…‘‡ȋ•ȌǢ

Ȅ †‹”‡…–‹‰ƒ†•—’’‘”–‹‰’‡”•‘•–‘…‘–”‹„—–‡–‘–Š‡‡ˆˆ‡…–‹˜‡‡••‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡Ǣ Ȅ ’”‘‘–‹‰…‘–‹—ƒŽ‹’”‘˜‡‡–Ǣ

Ȅ •—’’‘”–‹‰‘–Š‡””‡Ž‡˜ƒ–ƒƒ‰‡‡–”‘Ž‡•–‘†‡‘•–”ƒ–‡–Š‡‹”Ž‡ƒ†‡”•Š‹’ƒ•‹–ƒ’’Ž‹‡•–‘–Š‡‹”

ƒ”‡ƒ•‘ˆ”‡•’‘•‹„‹Ž‹–›Ǥ

 ‡ˆ‡”‡…‡ –‘ Dz„—•‹‡••dz ‹ –Š‹• –‡”ƒ–‹‘ƒŽ –ƒ†ƒ”†Ȁ–Š‹• ’ƒ”– ‘ˆ  Ȁ–Š‹• ‡…Š‹…ƒŽ

’‡…‹ϐ‹…ƒ–‹‘…ƒ„‡‹–‡”’”‡–‡†„”‘ƒ†Ž›–‘‡ƒ–Š‘•‡ƒ…–‹˜‹–‹‡•–Šƒ–ƒ”‡…‘”‡–‘–Š‡’—”’‘•‡•‘ˆ–Š‡‘”‰ƒ‹œƒ–‹‘ǯ• existence.

5.2 Policy

‘’ƒƒ‰‡‡–•ŠƒŽŽ‡•–ƒ„Ž‹•Šƒ’‘Ž‹…›–Šƒ–ǣ

ƒȌ ‹•ƒ’’”‘’”‹ƒ–‡–‘–Š‡’—”’‘•‡‘ˆ–Š‡‘”‰ƒ‹œƒ–‹‘Ǣ

„Ȍ ’”‘˜‹†‡•ƒˆ”ƒ‡™‘”ˆ‘”•‡––‹‰‘„Œ‡…–‹˜‡•Ǣ

…Ȍ ‹…Ž—†‡•ƒ…‘‹–‡––‘•ƒ–‹•ˆ›ƒ’’Ž‹…ƒ„Ž‡”‡“—‹”‡‡–•Ǣ

†Ȍ ‹…Ž—†‡•ƒ…‘‹–‡––‘…‘–‹—ƒŽ‹’”‘˜‡‡–‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡Ǥ

Š‡’‘Ž‹…›•ŠƒŽŽǣ

Ȅ „‡ƒ˜ƒ‹Žƒ„Ž‡ƒ•†‘…—‡–‡†‹ˆ‘”ƒ–‹‘Ǣ

Ȅ „‡…‘—‹…ƒ–‡†™‹–Š‹–Š‡‘”‰ƒ‹œƒ–‹‘Ǣ

Ȅ „‡ƒ˜ƒ‹Žƒ„Ž‡–‘‹–‡”‡•–‡†’ƒ”–‹‡•ǡƒ•ƒ’’”‘’”‹ƒ–‡Ǥ

5.3 Organizational roles, responsibilities and authorities

‘’ƒƒ‰‡‡–•ŠƒŽŽ‡•—”‡–Šƒ––Š‡”‡•’‘•‹„‹Ž‹–‹‡•ƒ†ƒ—–Š‘”‹–‹‡•ˆ‘””‡Ž‡˜ƒ–”‘Ž‡•ƒ”‡ƒ••‹‰‡†

ƒ†…‘—‹…ƒ–‡†™‹–Š‹–Š‡‘”‰ƒ‹œƒ–‹‘Ǥ

‘’ƒƒ‰‡‡–•ŠƒŽŽƒ••‹‰–Š‡”‡•’‘•‹„‹Ž‹–›ƒ†ƒ—–Š‘”‹–›ˆ‘”ǣ

ƒȌ ‡•—”‹‰ –Šƒ– –Š‡  ƒƒ‰‡‡– •›•–‡ …‘ˆ‘”• –‘ –Š‡ ”‡“—‹”‡‡–• ‘ˆ –Š‹• –‡”ƒ–‹‘ƒŽ

–ƒ†ƒ”†Ȁ–Š‹•’ƒ”–‘ˆȀ–Š‹•‡…Š‹…ƒŽ’‡…‹ϐ‹…ƒ–‹‘Ǣ

„Ȍ ”‡’‘”–‹‰‘–Š‡’‡”ˆ‘”ƒ…‡‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡–‘–‘’ƒƒ‰‡‡–Ǥ

6 Planning

6.1 Actions to address risks and opportunities

Š‡’Žƒ‹‰ˆ‘”–Š‡ƒƒ‰‡‡–•›•–‡ǡ–Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ…‘•‹†‡”–Š‡‹••—‡•”‡ˆ‡””‡†–‘

‹ͶǤͳƒ†–Š‡”‡“—‹”‡‡–•”‡ˆ‡””‡†–‘‹ͶǤʹƒ††‡–‡”‹‡–Š‡”‹••ƒ†‘’’‘”–—‹–‹‡•–Šƒ–‡‡†–‘„‡

ƒ††”‡••‡†–‘ǣ

Ȅ ‰‹˜‡ƒ••—”ƒ…‡–Šƒ––Š‡ƒƒ‰‡‡–•›•–‡…ƒƒ…Š‹‡˜‡‹–•‹–‡†‡†‘—–…‘‡ȋ•ȌǢ

Ȅ ’”‡˜‡–ǡ‘””‡†—…‡ǡ—†‡•‹”‡†‡ˆˆ‡…–•Ǣ

Ȅ ƒ…Š‹‡˜‡…‘–‹—ƒŽ‹’”‘˜‡‡–Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ’Žƒǣ

ƒȌ ƒ…–‹‘•–‘ƒ††”‡••–Š‡•‡”‹••ƒ†‘’’‘”–—‹–‹‡•Ǣ

„Ȍ Š‘™–‘ǣ

Ȅ ‹–‡‰”ƒ–‡ƒ†‹’Ž‡‡––Š‡ƒ…–‹‘•‹–‘‹–•ƒƒ‰‡‡–•›•–‡’”‘…‡••‡•Ǣ

Ȅ ‡˜ƒŽ—ƒ–‡–Š‡‡ˆˆ‡…–‹˜‡‡••‘ˆ–Š‡•‡ƒ…–‹‘•Ǥ

6.2 XXX objectives and planning to achieve them

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ‡•–ƒ„Ž‹•Š‘„Œ‡…–‹˜‡•ƒ–”‡Ž‡˜ƒ–ˆ—…–‹‘•ƒ†Ž‡˜‡Ž•Ǥ

Š‡‘„Œ‡…–‹˜‡••ŠƒŽŽǣ

ƒȌ „‡…‘•‹•–‡–™‹–Š–Š‡’‘Ž‹…›Ǣ

„Ȍ „‡‡ƒ•—”ƒ„Ž‡ȋ‹ˆ’”ƒ…–‹…ƒ„Ž‡ȌǢ

…Ȍ –ƒ‡‹–‘ƒ……‘—–ƒ’’Ž‹…ƒ„Ž‡”‡“—‹”‡‡–•Ǣ

†Ȍ „‡‘‹–‘”‡†Ǣ

‡Ȍ „‡…‘—‹…ƒ–‡†Ǣ

ˆȌ „‡—’†ƒ–‡†ƒ•ƒ’’”‘’”‹ƒ–‡Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ”‡–ƒ‹†‘…—‡–‡†‹ˆ‘”ƒ–‹‘‘–Š‡‘„Œ‡…–‹˜‡•Ǥ

Š‡’Žƒ‹‰Š‘™–‘ƒ…Š‹‡˜‡‹–•‘„Œ‡…–‹˜‡•ǡ–Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ†‡–‡”‹‡ǣ

Ȅ ™Šƒ–™‹ŽŽ„‡†‘‡Ǣ

Ȅ ™Šƒ–”‡•‘—”…‡•™‹ŽŽ„‡”‡“—‹”‡†Ǣ

Ȅ ™Š‘™‹ŽŽ„‡”‡•’‘•‹„Ž‡Ǣ

Ȅ ™Š‡‹–™‹ŽŽ„‡…‘’Ž‡–‡†Ǣ

Ȅ Š‘™–Š‡”‡•—Ž–•™‹ŽŽ„‡‡˜ƒŽ—ƒ–‡†Ǥ

7 Support

7.1 Resources

Š‡ ‘”‰ƒ‹œƒ–‹‘ •ŠƒŽŽ †‡–‡”‹‡ ƒ† ’”‘˜‹†‡ –Š‡ ”‡•‘—”…‡• ‡‡†‡† ˆ‘” –Š‡ ‡•–ƒ„Ž‹•Š‡–ǡ

‹’Ž‡‡–ƒ–‹‘ǡƒ‹–‡ƒ…‡ƒ†…‘–‹—ƒŽ‹’”‘˜‡‡–‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡Ǥ

7.2 Competence

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽǣ

Ȅ †‡–‡”‹‡–Š‡‡…‡••ƒ”›…‘’‡–‡…‡‘ˆ’‡”•‘ȋ•Ȍ†‘‹‰™‘”—†‡”‹–•…‘–”‘Ž–Šƒ–ƒˆˆ‡…–•‹–• performance;

Ȅ ‡•—”‡ –Šƒ– –Š‡•‡ ’‡”•‘• ƒ”‡ …‘’‡–‡– ‘ –Š‡ „ƒ•‹• ‘ˆ ƒ’’”‘’”‹ƒ–‡ ‡†—…ƒ–‹‘ǡ –”ƒ‹‹‰ǡ ‘” experience;

Ȅ ™Š‡”‡ƒ’’Ž‹…ƒ„Ž‡ǡ–ƒ‡ƒ…–‹‘•–‘ƒ…“—‹”‡–Š‡‡…‡••ƒ”›…‘’‡–‡…‡ǡƒ†‡˜ƒŽ—ƒ–‡–Š‡‡ˆˆ‡…–‹˜‡‡••

‘ˆ–Š‡ƒ…–‹‘•–ƒ‡Ǣ

Ȅ ”‡–ƒ‹ƒ’’”‘’”‹ƒ–‡†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ƒ•‡˜‹†‡…‡‘ˆ…‘’‡–‡…‡Ǥ

 ’’Ž‹…ƒ„Ž‡ƒ…–‹‘•…ƒ‹…Ž—†‡ǡˆ‘”‡šƒ’Ž‡ǡ–Š‡’”‘˜‹•‹‘‘ˆ–”ƒ‹‹‰–‘ǡ–Š‡‡–‘”‹‰‘ˆǡ‘”–Š‡”‡Ǧ

ƒ••‹‰‡–‘ˆ…—””‡–Ž›‡’Ž‘›‡†’‡”•‘•Ǣ‘”–Š‡Š‹”‹‰‘”…‘–”ƒ…–‹‰‘ˆ…‘’‡–‡–’‡”•‘•Ǥ

7.3 Awareness

‡”•‘•†‘‹‰™‘”—†‡”–Š‡‘”‰ƒ‹œƒ–‹‘ǯ•…‘–”‘Ž•ŠƒŽŽ„‡ƒ™ƒ”‡‘ˆǣ

Ȅ –Š‡’‘Ž‹…›Ǣ

Ȅ –Š‡‹”…‘–”‹„—–‹‘–‘–Š‡‡ˆˆ‡…–‹˜‡‡••‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡ǡ‹…Ž—†‹‰–Š‡„‡‡ϐ‹–•‘ˆ

‹’”‘˜‡†’‡”ˆ‘”ƒ…‡Ǣ

Ȅ –Š‡‹’Ž‹…ƒ–‹‘•‘ˆ‘–…‘ˆ‘”‹‰™‹–Š–Š‡ƒƒ‰‡‡–•›•–‡”‡“—‹”‡‡–•Ǥ

7.4 Communication

Š‡ ‘”‰ƒ‹œƒ–‹‘ •ŠƒŽŽ †‡–‡”‹‡ –Š‡ ‹–‡”ƒŽ ƒ† ‡š–‡”ƒŽ …‘—‹…ƒ–‹‘• ”‡Ž‡˜ƒ– –‘ –Š‡ 

ƒƒ‰‡‡–•›•–‡ǡ‹…Ž—†‹‰ǣ

Ȅ ‘™Šƒ–‹–™‹ŽŽ…‘—‹…ƒ–‡Ǣ

Ȅ ™Š‡–‘…‘—‹…ƒ–‡Ǣ

Ȅ ™‹–Š™Š‘–‘…‘—‹…ƒ–‡Ǣ

Ȅ Š‘™–‘…‘—‹…ƒ–‡Ǥ

7.5 Documented information

7.5.1 General

Š‡‘”‰ƒ‹œƒ–‹‘ǯ•ƒƒ‰‡‡–•›•–‡•ŠƒŽŽ‹…Ž—†‡ǣ

ƒȌ †‘…—‡–‡† ‹ˆ‘”ƒ–‹‘ ”‡“—‹”‡† „› –Š‹• –‡”ƒ–‹‘ƒŽ –ƒ†ƒ”†Ȁ–Š‹• ’ƒ”– ‘ˆ  Ȁ–Š‹•

‡…Š‹…ƒŽ’‡…‹ϐ‹…ƒ–‹‘Ǣ

„Ȍ †‘…—‡–‡†‹ˆ‘”ƒ–‹‘†‡–‡”‹‡†„›–Š‡‘”‰ƒ‹œƒ–‹‘ƒ•„‡‹‰‡…‡••ƒ”›ˆ‘”–Š‡‡ˆˆ‡…–‹˜‡‡••‘ˆ

–Š‡ƒƒ‰‡‡–•›•–‡Ǥ

 Š‡‡š–‡–‘ˆ†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ˆ‘”ƒƒƒ‰‡‡–•›•–‡…ƒ†‹ˆˆ‡”ˆ”‘‘‡‘”‰ƒ‹œƒ–‹‘

–‘ƒ‘–Š‡”†—‡–‘ǣ

Ȅ–Š‡•‹œ‡‘ˆ‘”‰ƒ‹œƒ–‹‘ƒ†‹–•–›’‡‘ˆƒ…–‹˜‹–‹‡•ǡ’”‘…‡••‡•ǡ’”‘†—…–•ƒ†•‡”˜‹…‡•Ǣ

Ȅ–Š‡…‘’Ž‡š‹–›‘ˆ’”‘…‡••‡•ƒ†–Š‡‹”‹–‡”ƒ…–‹‘•Ǣ

— the competence of persons.

7.5.2 Creating and updating

Š‡…”‡ƒ–‹‰ƒ†—’†ƒ–‹‰†‘…—‡–‡†‹ˆ‘”ƒ–‹‘–Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ‡•—”‡ƒ’’”‘’”‹ƒ–‡ǣ Ȅ ‹†‡–‹ϐ‹…ƒ–‹‘ƒ††‡•…”‹’–‹‘ȋ‡Ǥ‰Ǥƒ–‹–Ž‡ǡ†ƒ–‡ǡƒ—–Š‘”ǡ‘””‡ˆ‡”‡…‡—„‡”ȌǢ

Ȅ ˆ‘”ƒ–ȋ‡Ǥ‰ǤŽƒ‰—ƒ‰‡ǡ•‘ˆ–™ƒ”‡˜‡”•‹‘ǡ‰”ƒ’Š‹…•Ȍƒ†‡†‹ƒȋ‡Ǥ‰Ǥ’ƒ’‡”ǡ‡Ž‡…–”‘‹…ȌǢ

Ȅ ”‡˜‹‡™ƒ†ƒ’’”‘˜ƒŽˆ‘”•—‹–ƒ„‹Ž‹–›ƒ†ƒ†‡“—ƒ…›Ǥ

7.5.3 Control of documented information

‘…—‡–‡†‹ˆ‘”ƒ–‹‘”‡“—‹”‡†„›–Š‡ƒƒ‰‡‡–•›•–‡ƒ†„›–Š‹•–‡”ƒ–‹‘ƒŽ–ƒ†ƒ”† Ȁ–Š‹•’ƒ”–‘ˆȀ–Š‹•‡…Š‹…ƒŽ’‡…‹ϐ‹…ƒ–‹‘•ŠƒŽŽ„‡…‘–”‘ŽŽ‡†–‘‡•—”‡ǣ

ƒȌ ‹–‹•ƒ˜ƒ‹Žƒ„Ž‡ƒ†•—‹–ƒ„Ž‡ˆ‘”—•‡ǡ™Š‡”‡ƒ†™Š‡‹–‹•‡‡†‡†Ǣ

„Ȍ ‹–‹•ƒ†‡“—ƒ–‡Ž›’”‘–‡…–‡†ȋ‡Ǥ‰Ǥˆ”‘Ž‘••‘ˆ…‘ϐ‹†‡–‹ƒŽ‹–›ǡ‹’”‘’‡”—•‡ǡ‘”Ž‘••‘ˆ‹–‡‰”‹–›ȌǤ ‘”–Š‡…‘–”‘Ž‘ˆ†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ǡ–Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽƒ††”‡••–Š‡ˆ‘ŽŽ‘™‹‰ƒ…–‹˜‹–‹‡•ǡƒ•

ƒ’’Ž‹…ƒ„Ž‡ǣ

Ȅ †‹•–”‹„—–‹‘ǡƒ……‡••ǡ”‡–”‹‡˜ƒŽƒ†—•‡Ǣ

Ȅ •–‘”ƒ‰‡ƒ†’”‡•‡”˜ƒ–‹‘ǡ‹…Ž—†‹‰’”‡•‡”˜ƒ–‹‘‘ˆŽ‡‰‹„‹Ž‹–›Ǣ

— control of changes (e.g version control);

— retention and disposition

‘…—‡–‡† ‹ˆ‘”ƒ–‹‘ ‘ˆ ‡š–‡”ƒŽ ‘”‹‰‹ †‡–‡”‹‡† „› –Š‡ ‘”‰ƒ‹œƒ–‹‘ –‘ „‡ ‡…‡••ƒ”› ˆ‘” –Š‡

’Žƒ‹‰ƒ†‘’‡”ƒ–‹‘‘ˆ–Š‡ƒƒ‰‡‡–•›•–‡•ŠƒŽŽ„‡‹†‡–‹ϐ‹‡†ǡƒ•ƒ’’”‘’”‹ƒ–‡ǡƒ†…‘–”‘ŽŽ‡†Ǥ

 ……‡••…ƒ‹’Ž›ƒ†‡…‹•‹‘”‡‰ƒ”†‹‰–Š‡’‡”‹••‹‘–‘˜‹‡™–Š‡†‘…—‡–‡†‹ˆ‘”ƒ–‹‘‘Ž›ǡ‘”–Š‡

’‡”‹••‹‘ƒ†ƒ—–Š‘”‹–›–‘˜‹‡™ƒ†…Šƒ‰‡–Š‡†‘…—‡–‡†‹ˆ‘”ƒ–‹‘Ǥ

8 Operation

8.1 Operational planning and control

DRAFTING INSTRUCTION This subclause heading will be deleted if no additional subclauses are added to Clause 8.

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ’Žƒǡ‹’Ž‡‡–ƒ†…‘–”‘Ž–Š‡’”‘…‡••‡•‡‡†‡†–‘‡‡–”‡“—‹”‡‡–•ǡƒ†–‘

‹’Ž‡‡––Š‡ƒ…–‹‘•†‡–‡”‹‡†‹͸Ǥͳǡ„›ǣ

Ȅ ‡•–ƒ„Ž‹•Š‹‰…”‹–‡”‹ƒˆ‘”–Š‡’”‘…‡••‡•Ǣ

— implementing control of the processes in accordance with the criteria;

Ȅ ‡‡’‹‰†‘…—‡–‡†‹ˆ‘”ƒ–‹‘–‘–Š‡‡š–‡–‡…‡••ƒ”›–‘Šƒ˜‡…‘ϐ‹†‡…‡–Šƒ––Š‡’”‘…‡••‡•

Šƒ˜‡„‡‡…ƒ””‹‡†‘—–ƒ•’Žƒ‡†Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ…‘–”‘Ž’Žƒ‡†…Šƒ‰‡•ƒ†”‡˜‹‡™–Š‡…‘•‡“—‡…‡•‘ˆ—‹–‡†‡†…Šƒ‰‡•ǡ

–ƒ‹‰ƒ…–‹‘–‘‹–‹‰ƒ–‡ƒ›ƒ†˜‡”•‡‡ˆˆ‡…–•ǡƒ•‡…‡••ƒ”›Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ‡•—”‡–Šƒ–‘—–•‘—”…‡†’”‘…‡••‡•ƒ”‡…‘–”‘ŽŽ‡†Ǥ

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ†‡–‡”‹‡ǣ

Ȅ ™Šƒ–‡‡†•–‘„‡‘‹–‘”‡†ƒ†‡ƒ•—”‡†Ǣ

Ȅ –Š‡‡–Š‘†•ˆ‘”‘‹–‘”‹‰ǡ‡ƒ•—”‡‡–ǡƒƒŽ›•‹•ƒ†‡˜ƒŽ—ƒ–‹‘ǡƒ•ƒ’’Ž‹…ƒ„Ž‡ǡ–‘‡•—”‡˜ƒŽ‹†

”‡•—Ž–•Ǣ

Ȅ ™Š‡–Š‡‘‹–‘”‹‰ƒ†‡ƒ•—”‹‰•ŠƒŽŽ„‡’‡”ˆ‘”‡†Ǣ

Ȅ ™Š‡–Š‡”‡•—Ž–•ˆ”‘‘‹–‘”‹‰ƒ†‡ƒ•—”‡‡–•ŠƒŽŽ„‡ƒƒŽ›•‡†ƒ†‡˜ƒŽ—ƒ–‡†Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ”‡–ƒ‹ƒ’’”‘’”‹ƒ–‡†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ƒ•‡˜‹†‡…‡‘ˆ–Š‡”‡•—Ž–•Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ‡˜ƒŽ—ƒ–‡–Š‡’‡”ˆ‘”ƒ…‡ƒ†–Š‡‡ˆˆ‡…–‹˜‡‡••‘ˆ–Š‡ƒƒ‰‡‡–

•›•–‡Ǥ

9.2 Internal audit

9.2.1 Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ…‘†—…–‹–‡”ƒŽƒ—†‹–•ƒ–’Žƒ‡†‹–‡”˜ƒŽ•–‘’”‘˜‹†‡‹ˆ‘”ƒ–‹‘‘

™Š‡–Š‡”–Š‡ƒƒ‰‡‡–•›•–‡ǣ

ƒȌ …‘ˆ‘”•–‘ǣ

Ȅ –Š‡‘”‰ƒ‹œƒ–‹‘ǯ•‘™”‡“—‹”‡‡–•ˆ‘”‹–•ƒƒ‰‡‡–•›•–‡Ǣ

Ȅ –Š‡ ”‡“—‹”‡‡–• ‘ˆ –Š‹• –‡”ƒ–‹‘ƒŽ –ƒ†ƒ”†Ȁ–Š‹• ’ƒ”– ‘ˆ  Ȁ–Š‹• ‡…Š‹…ƒŽ

’‡…‹ϐ‹…ƒ–‹‘Ǣ

„Ȍ ‹•‡ˆˆ‡…–‹˜‡Ž›‹’Ž‡‡–‡†ƒ†ƒ‹–ƒ‹‡†Ǥ

9.2.2 Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽǣ

ƒȌ ’Žƒǡ‡•–ƒ„Ž‹•Šǡ‹’Ž‡‡–ƒ†ƒ‹–ƒ‹ƒƒ—†‹–’”‘‰”ƒ‡ȋ•Ȍ‹…Ž—†‹‰–Š‡ˆ”‡“—‡…›ǡ‡–Š‘†•ǡ

”‡•’‘•‹„‹Ž‹–‹‡•ǡ ’Žƒ‹‰ ”‡“—‹”‡‡–• ƒ† ”‡’‘”–‹‰ǡ ™Š‹…Š •ŠƒŽŽ –ƒ‡ ‹–‘ …‘•‹†‡”ƒ–‹‘ –Š‡

‹’‘”–ƒ…‡‘ˆ–Š‡’”‘…‡••‡•…‘…‡”‡†ƒ†–Š‡”‡•—Ž–•‘ˆ’”‡˜‹‘—•ƒ—†‹–•Ǣ

„Ȍ †‡ϐ‹‡–Š‡ƒ—†‹–…”‹–‡”‹ƒƒ†•…‘’‡ˆ‘”‡ƒ…Šƒ—†‹–Ǣ

…Ȍ •‡Ž‡…–ƒ—†‹–‘”•ƒ†…‘†—…–ƒ—†‹–•–‘‡•—”‡‘„Œ‡…–‹˜‹–›ƒ†–Š‡‹’ƒ”–‹ƒŽ‹–›‘ˆ–Š‡ƒ—†‹–’”‘…‡••Ǣ

†Ȍ ‡•—”‡–Šƒ––Š‡”‡•—Ž–•‘ˆ–Š‡ƒ—†‹–•ƒ”‡”‡’‘”–‡†–‘”‡Ž‡˜ƒ–ƒƒ‰‡‡–Ǣ

‡Ȍ ”‡–ƒ‹†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ƒ•‡˜‹†‡…‡‘ˆ–Š‡‹’Ž‡‡–ƒ–‹‘‘ˆ–Š‡ƒ—†‹–’”‘‰”ƒ‡ƒ†–Š‡

ƒ—†‹–”‡•—Ž–•Ǥ

9.3 Management review

‘’ ƒƒ‰‡‡– •ŠƒŽŽ ”‡˜‹‡™ –Š‡ ‘”‰ƒ‹œƒ–‹‘ǯ•  ƒƒ‰‡‡– •›•–‡ǡ ƒ– ’Žƒ‡† ‹–‡”˜ƒŽ•ǡ –‘

‡•—”‡‹–•…‘–‹—‹‰•—‹–ƒ„‹Ž‹–›ǡƒ†‡“—ƒ…›ƒ†‡ˆˆ‡…–‹˜‡‡••Ǥ

ƒȌ –Š‡•–ƒ–—•‘ˆƒ…–‹‘•ˆ”‘’”‡˜‹‘—•ƒƒ‰‡‡–”‡˜‹‡™•Ǣ

„Ȍ …Šƒ‰‡•‹‡š–‡”ƒŽƒ†‹–‡”ƒŽ‹••—‡•–Šƒ–ƒ”‡”‡Ž‡˜ƒ––‘–Š‡ƒƒ‰‡‡–•›•–‡Ǣ

…Ȍ ‹ˆ‘”ƒ–‹‘‘–Š‡’‡”ˆ‘”ƒ…‡ǡ‹…Ž—†‹‰–”‡†•‹ǣ

— nonconformities and corrective actions;

Ȅ ‘‹–‘”‹‰ƒ†‡ƒ•—”‡‡–”‡•—Ž–•Ǣ

Ȅ ƒ—†‹–”‡•—Ž–•Ǣ

†Ȍ ‘’’‘”–—‹–‹‡•ˆ‘”…‘–‹—ƒŽ‹’”‘˜‡‡–Ǥ

Š‡ ‘—–’—–• ‘ˆ –Š‡ ƒƒ‰‡‡– ”‡˜‹‡™ •ŠƒŽŽ ‹…Ž—†‡ †‡…‹•‹‘• ”‡Žƒ–‡† –‘ …‘–‹—ƒŽ ‹’”‘˜‡‡–

‘’’‘”–—‹–‹‡•ƒ†ƒ›‡‡†ˆ‘”…Šƒ‰‡•–‘–Š‡ƒƒ‰‡‡–•›•–‡Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ”‡–ƒ‹†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ƒ•‡˜‹†‡…‡‘ˆ–Š‡”‡•—Ž–•‘ˆƒƒ‰‡‡–”‡˜‹‡™•Ǥ

10 Improvement

10.1 Nonconformity and corrective action

Š‡ƒ‘…‘ˆ‘”‹–›‘……—”•ǡ–Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽǣ

ƒȌ ”‡ƒ…––‘–Š‡‘…‘ˆ‘”‹–›ƒ†ǡƒ•ƒ’’Ž‹…ƒ„Ž‡ǣ

Ȅ –ƒ‡ƒ…–‹‘–‘…‘–”‘Žƒ†…‘””‡…–‹–Ǣ

Ȅ †‡ƒŽ™‹–Š–Š‡…‘•‡“—‡…‡•Ǣ

„Ȍ ‡˜ƒŽ—ƒ–‡–Š‡‡‡†ˆ‘”ƒ…–‹‘–‘‡Ž‹‹ƒ–‡–Š‡…ƒ—•‡•‘ˆ–Š‡‘…‘ˆ‘”‹–›ǡ‹‘”†‡”–Šƒ–‹–†‘‡•‘–

”‡…—”‘”‘……—”‡Ž•‡™Š‡”‡ǡ„›ǣ

Ȅ ”‡˜‹‡™‹‰–Š‡‘…‘ˆ‘”‹–›Ǣ

Ȅ †‡–‡”‹‹‰–Š‡…ƒ—•‡•‘ˆ–Š‡‘…‘ˆ‘”‹–›Ǣ

Ȅ †‡–‡”‹‹‰‹ˆ•‹‹Žƒ”‘…‘ˆ‘”‹–‹‡•‡š‹•–ǡ‘”…‘—Ž†’‘–‡–‹ƒŽŽ›‘……—”Ǣ

…Ȍ ‹’Ž‡‡–ƒ›ƒ…–‹‘‡‡†‡†Ǣ

†Ȍ ”‡˜‹‡™–Š‡‡ˆˆ‡…–‹˜‡‡••‘ˆƒ›…‘””‡…–‹˜‡ƒ…–‹‘–ƒ‡Ǣ

‡Ȍ ƒ‡…Šƒ‰‡•–‘–Š‡ƒƒ‰‡‡–•›•–‡ǡ‹ˆ‡…‡••ƒ”›Ǥ

‘””‡…–‹˜‡ƒ…–‹‘••ŠƒŽŽ„‡ƒ’’”‘’”‹ƒ–‡–‘–Š‡‡ˆˆ‡…–•‘ˆ–Š‡‘…‘ˆ‘”‹–‹‡•‡…‘—–‡”‡†Ǥ

Š‡‘”‰ƒ‹œƒ–‹‘•ŠƒŽŽ”‡–ƒ‹†‘…—‡–‡†‹ˆ‘”ƒ–‹‘ƒ•‡˜‹†‡…‡‘ˆǣ

Ȅ –Š‡ƒ–—”‡‘ˆ–Š‡‘…‘ˆ‘”‹–‹‡•ƒ†ƒ›•—„•‡“—‡–ƒ…–‹‘•–ƒ‡Ǣ

Ȅ –Š‡”‡•—Ž–•‘ˆƒ›…‘””‡…–‹˜‡ƒ…–‹‘Ǥ

10.2 Continual improvement

Š‡ ‘”‰ƒ‹œƒ–‹‘ •ŠƒŽŽ …‘–‹—ƒŽŽ› ‹’”‘˜‡ –Š‡ •—‹–ƒ„‹Ž‹–›ǡ ƒ†‡“—ƒ…› ƒ† ‡ˆˆ‡…–‹˜‡‡•• ‘ˆ –Š‡ 

ƒƒ‰‡‡–•›•–‡Ǥ