ISO 9001 Management Checklist

About ASQ's Ask the Standards Expert program and blog


Is there a list of duties for implementing ISO 9001:2008 for the management representative? I am interested in a checklist of responsibilities for that individual to use as a guide to help a company prepare for an ISO 9001:08 external audit leading to certification.


Thank you for your question.

In answer to your question, I must mention section 5.5.2 of the ISO 9001:2008 Standard. Here is the first place you will see a list of duties and responsibilities for the Management Representative (MR). While the points noted in 5.5.2 a, b, and c cover a lot of areas, I think you are looking for an expanded list and one with more specifics.

One important beginning step is a Gap Analysis. This will help your organization and your MR to see where you are at and where you need to go. From the results of your Gap Analysis, your MR and the Planning Team (if you have one) can generate a Gantt Chart. This will be a good guide to help everyone involved recognize where your company is during the implementation process.

The management representative (MR) has the responsibility of getting the quality management system (QMS) put in place. He/she must also keep the QMS effective and up to date. Your MR must report the current status of your QMS to top management.

The MR must also be well aware of management concerns and be capable of representing the company. I remember reading somewhere that a good MR is;

  1. A member of management (not necessarily a QC Manager).
  2. Willing to learn.
  3. Willing to teach.

All three of these items require capability. Capability to manage, learn, and teach.

As a final point on this question; I would advise that you acquire a book or more than one which can be used as a guide. ASQ has numerous publications which would help you to generate a list of your MR’s duties. The list can be long or short, depending on your company. It is always necessary for a management representative to be good at communicating, learning, researching, training, standing firm when necessary, and recognizing the importance of team work.

Bud Salsbury, CQT, CQI

Some additional resources available through ASQ:

ISO 9001:2008 Explained and Expanded
Optimizing your QMS Success
Charles A. Cianfrani and John E. “Jack” West
Print Book:

A Practical Field Guide for ISO 9001:2008
Erik Valdemar Myhrberg
Print Book:

ISO Lesson Guide 2008
Pocket Guide to ISO 9001:2008, Third Edition
J.P. Russell and Dennis Arter
Print Book:

ASQ Gantt Chart:

ISO 9001 Quality Policy

Audit, audit by exception


ISO 9001:2008 clause 5.3 regarding quality policy requires that it should include commitment to continually improve the effectiveness of quality management system. Our Registrar is saying that for compliance these same words should be included in the quality policy. Our opinion is that our policy includes commitment to continually improve the standard of services to that client which in real terms is how the effectiveness of QMS would be measured. We feel that copying words from the standard will not add any value. Any suggestions on how we should respond to the Registrar.


Good Morning,

I read your question and can understand why you might be somewhat confused. Please notice that the words in the standard say that you are to “continually improve the effectiveness of the quality management system.” I’m sure that your quality management system (QMS) covers all parts of your organization, not just your ‘standard of service.’ The intent of the standard is not to insist that your quality policy is copied word-for-word from the standard itself. Nonetheless, the word “shall” at the beginning of 5.3 indicates a requirement. You are required to include those main points in your policy, which will help your entire organization remain compliant.

Consider this-it is common practice that companies generate their Corporate Quality Policy first. Everything after that, the procedures, the work instructions, etc. fall in line under the main points delivered in that policy (5.3c “provides a framework for establishing and reviewing quality objectives”). If your organization’s quality policy only suggests improving your ‘standard of service’, then is the rest of your QMS to be left on its own as “good enough”? That question is just to make a point. I hope you see the point I’m making. Your registrar can be a valuable member of your team. You would be wise to consider what that particular team mate has to contribute.

Thank you very much for sending your good question to Ask The Experts.

Bud Salsbury, CQT, CQI

For more on this topic, please visit ASQ’s website.

ISO/TS 29001:2010 Standard in Oil and Gas Production

Oil and gas industry, petroleum industry

We are an Oil & Gas production testing, frac flow back, and trucking company and while in the beginning stages of instituting ISO 9001:2008 standards, we ran across Oil & Gas industry specific standards ISO/TS 29001:2010 and we are curious as to whether or not we have to apply TS 29001:2010, ISO 9001:9008, and maybe some ISO standards for trucking to receive our ISO certification.

All of the TS should include ISO as the back bone with Industry specifics. The customers dictate which is required. For Auto Industry it is TS 16949 and for Aerospace AS9004. The technical specifications shall include ISO 9001 and the company is registered to the ISO with a TS. A little confusing but eliminates a vast set of international standards. The QMS is ISO 9001. I will always go on the side of using the industry specifics if that is the only industry that they work within as most TS requirements require the use of core tools. If you have these particular TS requirements I will review them but I very sure about this answer.

Ron Berglund
Global Quality Coach

For more on this topic, please visit ASQ’s website.

ISO 9001 SOPs for HR and IT Departments

Mr. Pareto Head and IT

Q: My company wants to become certified to ISO 9001:2008 Quality management systems–Requirements by the end of this year. We have nearly all of our common standard operating procedures (SOPs) identified and written. But some of our departments—HR and IT in particular—are proving to be a little more difficult as far as identifying activities we might need to document.

Could you provide a few examples of procedures that might be available for  an IT and HR department? More specifically, I’m looking for examples of what others may have done with ISO 9001:2008 in conjunction with corresponding SOPs.

A: ISO 9001:2008 specifically requires the organization to have documented procedures for the following six activities:

4.2.3 Control of documents.
4.2.4 Control of records.
8.2.2 Internal audit.
8.3 Control of nonconforming product.
8.5.2 Corrective action.
8.5.3 Preventive action.

From an ISO 9001:2008 perspective, there are no mandatory procedures required for HR or IT departments as supporting functions for an organization. It is recommended, however, that you have your processes documented to ensure accountability for actions, consistency and standardization.

When there are many employees involved in various organizational functions, the hand-offs between the functions and employees can blur, with little to no accountability for the final outcome. In addition, having processes undocumented is not scalable, repeatable and reproducible as the organization grows larger.

The ISO 9001 website guideline further clarifies that the extent of the quality management system’s documentation can differ from one organization to another based on:

The size of organization and type of activities.
The complexity of processes and their interactions.
The competence of personnel.

While this may not be the right forum to share examples of SOPs, I can provide a typical list of ISO 9001:2008 procedures that may be applicable to HR and IT functions.

A better way to develop procedures for the listed processes is to bring the stakeholders and experts together, map the process in its current state, brainstorm, identify and remove nonvalue-added activities, and then reissue a new value-added procedure.

Typical SOPs in HR

  •     HR planning process.
  •     New employee orientation process, including mandatory training and certifications.
  •     Training needs analysis.
  •     Employee training and development process, which also includes training, skill competency assessments, periodic evaluations and certifications.

Typical SOPs in IT

  •     IT resource planning process.
  •     Data archival, retention, backup and disaster recovery process.
  •     IT hardware and software maintenance and information security management process.
  •     Quality information systems, including infrastructure planning, implementation and improvement.

Govind Ramu
Senior manager, quality systems
SunPower Corp.
San Jose, CA

ISO 9001 Clause 8.2.3 and 8.4

Checklist, Conformity, Go/No Go, Inspection, ISO 9001


Our quality management department, of which I am the lead internal auditor, has a question that we have been debating for some time:

How do we apply ISO 9001:2008 Quality Management systems-Requirements, clause 8.2.3 Monitoring and measurement of processes and 8.4 Analysis of data, in a non manufacturing organization?

Our organization is primarily software, software modification of COTS that is implemented into our products, and applications modified for our business unit’s use.

My specific questions are:

1. How is the effectiveness of process improvements measured?

2. What methods of measurement do we use to capture the effectiveness?

3. Is there a check sheet or report form available that would guide us on how to apply these two requirements?

Thank you for your assistance in this matter. We want to implement a methodology for capturing measurement and effectiveness of process improvement data, but are at a loss as to how and where to start.


You posed several questions about ISO 9001 compliance.

1. How is the effectiveness of process improvements measured?

In a service environment there are typically many process characteristics that can be monitored or measured to assess whether the process has been planned and is being carried out under controlled conditions. Without knowing details of your service offering, it is difficult to comment explicitly.

Possible examples of metrics that may be appropriate include on time completion of a project, after-release detected “bugs,” time required to maintain “released” software modules, and etc.

Also, such metrics can be graphed and cost can be tied to each metric so that when process improvements are made, the benefits can be presented to management in management review in terms of the financial benefits of aggressive measuring and monitoring initiatives.

2. What methods of measurement do we use to capture the effectiveness?

See #1 above.

3. Is there a check sheet or report form available that would guide us on how to apply these two requirements?

Any check sheet or form would have to be developed by you to suit your processes.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

For more on this topic, please visit ASQ’s website.