ISO 9001 is a quality management system (QMS) standard that requires organizations to conduct internal audits at planned intervals to ensure conformity and effectiveness.

While ISO 9001 doesn't prescribe a specific frequency for internal audits, they should be performed at regular intervals that are appropriate for the organization's size, complexity, and identified risks. The timing and frequency of the audits should be defined in the organization's internal audit procedure or quality manual, based on a risk assessment.

Some organizations might perform internal audits quarterly, while others may choose to do them semi-annually or annually. It often depends on the previous audit findings, changes to processes, or concerns raised by customers or management.

IATF 16949 and ISO 9001 are both standards related to quality management systems, but they are designed to address different aspects and have distinct applications.

ISO 9001:

Scope: ISO 9001 is a general standard that is applicable to all industries. It outlines the criteria for a quality management system and focuses on customer satisfaction, continual improvement, and fulfillment of regulatory requirements.
Requirements: The requirements of ISO 9001 are broad and emphasize process control, customer orientation, leadership, risk management, and operational planning.
Certification: Many organizations can become ISO 9001 certified to demonstrate their commitment to quality management principles. The certification is recognized worldwide.

ISO 9001:2015 clauses 8.4.1 – 8.4.3 and requires that external providers must be controlled and their performance be evaluated.   This 9001 clause applies to IATF 16949, AS9100D, 13485, 14001 45001, and ISO 27001.  Effectively there is almost no difference between purchasing a service and outsourcing of a process.

What processes are outsourced, and how are they controlled?

Usually, outsourced processes include things like:

• component manufacturing
• accounting
• maintenance
• transportation
• IT support
• warehousing & distribution
• banking & finance
• legal
• consultant/auditor

Internal and certification audits take into account Outsourced Processes & Products.  ISO Standard 8.4.1 covers how organizations address external outsource vendors.

ISO 9001: 2015 & ISO / IATF 16949 Process Mapping / Interaction

There is quite a bit of confusion regarding the documentation of the interaction of Processes (Sometimes referred to as Customer Orientated Processes {COP’s}, Manufacturing Orientated Processes {MOP’s} and Support Orientated Processes {SOP’s} required by ISO 9001: 20015and IATF 16949 and also helpful for ISO 9001. Many companies have added additional documents to meet the requirements of documenting the process interactions including “Turtle Documents” and “Line of sight” flow diagrams. While these documents typically assist in meeting the requirements, they usually do not identify process interactions or support processes adequately. Also, and very importantly, they add yet another set of documents that need to be controlled and understood by related staff. However, if done correctly these process interaction diagrams can actually reduce the amount of documentation and increase the effectiveness.

Section 4.4.1 requires documentation of quality management processes and their “sequence and interaction.”

Now, what does that mean?

Processes have inputs and outputs and are managed by a series of activities. For instance, Verification of Purchased Product, 7.4.3, is a process (dinosaurs who wondered the earth during the ISO9000:1994 era refer to this as receiving inspection). This process has inputs such as supplier evaluation, prints and purchase orders. The outputs may include a receiving inspection log, tags, labels and routers. Activities usually include receiving, inspecting, documenting, identifying and staging.
Where do we start?

First, assign a team that represents all departments.

Next, draw a “sequence of processes flowchart.” This is simply a diagram of the major processes in your system from Quoting to Shipping. This is also called a “line-of-sight diagram.”

Now, diagram the activities associated with each step. Be sure to include all departments in this exercise.

What is in ISO 9001:2015 and what is not. Listen to Brandon Kerkstra give a brief overview in this lesson from the online ISO 9001:2015 course.

What ISO 9001:2015 DOES Include		What is NOT in ISO 9001:2015
Requires an organization to have the information (documents, procedures, etc.) and records required for effective business planning and implementation		Requiring a change in your document identification system. It is your decision.
Focus on Strategic thinking. Language is Context of Organization		Describing HOW to conduct strategic planning
Focus on risk based thinking to be initiated at the strategic level or Context of Organization		Requiring risk assessment, risk management, risk treatment, and use of formal risk tools
It is arranged so all ISO Management systems will be aligned=one system		Divergent systems are permitted at this time
		Click play to listen to brandon