National Security Inspectorate Sentinel House, 5 Reform Road Maidenhead SL6 8BY Website: nsi.org.uk Page 1 of 31 © NSI 2016 Quality Schedule FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 14 June 2016 FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 2 of 31 14 June 2016 © NSI 2016 Compliance with BS EN ISO 9001, the British, European and International Standard for Quality Management Systems, is mandatory for any UKAS Accredited Quality Management Systems (QMS) Certification. The Standard can be applied to virtually any organisation whether they are manufacturing a product or supplying a service. NSI Fire Gold is UKAS Accredited for both QMS and Product Certification (PC). Consequently organizations holding NSI Fire Gold approval must demonstrate they operate a QMS effective in supplying and maintaining fire systems compliant with the relevant British, European or International Product Standards required by end users and other relevant stakeholders. NSI Fire Gold is also accredited under the BAFE Fire Protection Industry Schemes SP 203-1 and SP 203-3 for the design, installation, commissioning and handover, verification and maintenance of fire detection & fire alarm systems and fixed gaseous fire suppression systems. The BAFE schemes require that systems are designed, installed, commissioned and handed over, verified and maintained by trained and, where required, security screened personnel, to the appropriate product standards such as BS 5839-1. This Quality Schedule provides guidance and clarification on the application of BS EN ISO 9001 in relation to the BAFE Scheme requirements and the relevant Product Standards such as BS 5839-1. Compliance with BS EN ISO 9001 and this Quality Schedule is a condition of any Fire Gold approval. Issue 8 of this Quality Schedule has been issued to reflect changes that have taken place with the introduction of BS EN ISO 9001:2015. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 3 of 31 14 June 2016 © NSI 2016 1 Introduction 1.1. Quality Schedules are designed for particular sectors of industry and are used to amplify the requirements of the QMS Standard (BS EN ISO 9001) and provide an agreed basis for audit. 1.2. The 2015 standard is based on the quality management principles described in ISO 9000, which are customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making and relationship management. There is a stronger focus on leadership and commitment to the quality management system (see BS EN ISO 9001:2015 Clause 5). The concept of risk-based thinking has been implicit in previous editions of ISO 9001. However the risk-based thinking applied to the 2015 edition has enabled greater flexibility to be applied to the requirements for processes, documented information and organizational responsibilities. 1.3. The requirement to maintain six documented procedures has been removed and is replaced with a requirement to maintain documented information required by the Standard and documented information determined to be necessary to ensure the effectiveness of the quality management system (see BS EN ISO 9001:2015 Clause 7.5). 1.4. The terms ‘documented procedure’ and ‘record’ have been replaced throughout by the term, ‘documented information’. Where BS EN ISO 9001:2008 would have referred to ‘documented procedures’ to define control or support a process, this is now expressed as the requirement to ‘maintain’ documented information Where BS EN ISO 9001:2008 would have referred to ‘records’ this is now expressed as the requirement to ‘retain’ documented information. Documented information required by the 2015 standard includes: (1) the scope of the of the quality management system, (2) information necessary to support the operation of processes, which will probably require maintained information (documented procedures) and retained information (records), (3) the quality policy and (4) where appropriate organisational knowledge. More detailed information on the structure, terminology and concepts introduced by the new standard can be found in BS EN ISO 9001:2015 Annex A. 1.5. Use of a NSI Fire Gold approved company (called “you” or “organization” in this Quality Schedule) provides a high level of assurance that: a) fire detection and fire alarm (FD&A) systems and fixed gaseous fire suppression systems (also known as Fixed Extinguishing Systems – FES) are designed, installed, FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 4 of 31 14 June 2016 © NSI 2016 commissioned and handed over, verified and maintained by technically competent and, where required, security screened personnel, to the appropriate Product Standards (such as BS 5839-1) and contractual service agreements are fulfilled; b) there is a commitment to customer satisfaction and continual business improvement derived from the implementation of a QMS designed specifically to meet the needs of the fire safety industry, such needs having been agreed in consultation with insurers, fire and rescue services, building control, installers, trade associations and professional institutions. 1.6. The scope of the organization ’s approval is detailed on the NSI Certificate of Approval, and is referenced to the Quality Schedule. 2 Scope 2.1 Compliance with this Quality Schedule is a condition of Fire Gold approval. 2.2 This Quality Schedule sets out the criteria for auditing the QMS of organizations engaged in the design, installation, commissioning, handover, verification and maintenance of FD&A systems and FES and does not in any way diminish the NSI Regulations or the defined scheme criteria. 2.3 The full requirements of BS EN ISO 9001:2015 apply and, additionally, you must adhere to the requirements of this Quality Schedule. 2.4 In common with previous practice, this Schedule retains the alignment with the main clause numbers of the BS EN ISO 9001 Standard. Certain requirements are included from the Standard for emphasis and they do not detract from the need for you to comply with all of the requirements of the Standard. Where there are no additional requirements this is stated. 2.5 Requirements of this Quality Schedule you must satisfy are shown in normal text and are further emphasised by the use of “shall” or “must”. Where additional guidance is given it is reproduced in italics and often further emphasised by the use of “may” or “can” within the text. 3 Definitions In addition to the definitions in BS EN ISO 9000 the following definitions also apply: 3.1 complaint means an expression of dissatisfaction made to an organization, related to its product or service, or the complaints-handling process itself, where a response or resolution is explicitly or implicitly expected FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 5 of 31 14 June 2016 © NSI 2016 3.2 security screened means having been adjudged suitable for working in the fire systems industry, following completion of security screening See BS 7858 regarding completion of limited security screening, pending completion of full security screening. 3.3 sub-contractor means an individual or company external to the organization that enters into an agreement or contract with the organization to supply processes, products and/or services This definition applies, irrespective of the contractual arrangements or parties involved, to all individuals performing work for your organization who are not staff personnel. BS EN ISO 9001 (see clause 8.4) uses the term “external provider” and this includes “sub – contractors ”. 3.4 Staff personnel means the managing partners of the organization, the sole-proprietor of the organization, or (in the case of a limited company) the directors of the organization and employees from whose remuneration the organization deducts Income Tax and National Insurance contributions. 4 Context of the organisation 4.1 Understanding the organization and its context No additional requirements apply to this clause of BS EN ISO 9001:2015. 4.2 Understanding the needs and expectations of interested parties No additional requirements apply to this clause of BS EN ISO 9001:2015. 4.3 Determining the scope of the quality management system Whilst there is no requirement in BS EN ISO 9001:2015 to hold a quality manual there is a requirement to maintain documented information that describes the scope of the QMS. When determining the scope the following must be considered: a) the internal and external issues affecting the QMS (clause 4.1), Issues to consider are for example, changes in technology, the introduction or changes to standards, new legislation and personnel changes. b) the requirements of any relevant interested parties affecting the QMS (clause 4.2), Interested parties may include shareholders, trade bodies, certification bodies, police forces and insurers. and FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 6 of 31 14 June 2016 © NSI 2016 c) the organization ’ s products and services affected by the QMS. plus d) any justifications where the organization has determined that requirements of the standard are not applicable to the scope of the QMS (clause 4.3). BS EN ISO 9001:2008 permitted organizations to apply exclusions to parts of clause 7 (Product realization) if the requirements could not be applied to the organization’s QMS due to the nature of the product or service. Therefore p revious issues of FSQS 121 accepted the exclusion of the development aspects of clause 7.3 but not the design aspects. When determining the scope of the QMS to meet the requirements of BS EN ISO 9001:2015 organizations may omit ANY requirement, which is not applicable to the determined scope of the quality management system and does not affect the organisation’s ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction. Where an organization determines that a specific requirement does not apply to the scope of their QMS the justification is to be included within the scope of the QMS. NSI will continue to permit organizations to omit requirements relating to the development aspects of BS EN ISO 9001:2015 Clause 8.3 Design and development of products and services provided the organization does not undertake these development activities” after the word “services . Where other requirements are not determined to be applicable these are to be justified within the scope of the QMS. 4.4 Quality management system and its processes No additional requirements apply to this clause of BS EN ISO 9001:2015. 5 Leadership 5.1 Leadership and commitment 5.1.1 General No additional requirements apply to this clause of BS EN ISO 9001:2015. 5.1.2 Customer focus No additional requirements apply to this clause of BS EN ISO 9001:2015. 5.2 Policy 5.2.1 Establishing the quality policy FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 7 of 31 14 June 2016 © NSI 2016 In addition to the requirements of this clause of BS EN ISO 9001:2015, the Quality Policy must include a commitment to comply with this Quality Schedule, with industry agreed Codes of Practice, any relevant Product Standards, local fire & rescue service policies on response to fire alarms and applicable legal and/or statutory requirements. Accredited Certification Bodies (CBs) for any management systems certification must comply with UKAS requirements to withhold or withdraw approval from companies if any breaches of applicable legislation are found. This is reflected in BS EN ISO 9001:2015 where an organization is required to identify and comply with all relevant statutory requirements applicable to product(s) and/or service(s) provided (also expressed as legal requirements). NSI, as a United Kingdom Accreditation Service (UKAS) accredited CB, does not recommend approval (or continued approval) to BS EN ISO 9001 if there are known breaches of legal requirements that relate directly to the product or service provided. You must include a commitment in your Quality Policy that it is your intention to comply with applicable legal requirements and periodically to evaluate compliance with the same as an input to management review. Appropriate management must also demonstrate they are generally aware of the prime legislation that impinges on their area of responsibility and authority. For example if an operations manager deploying installation engineers was unaware of the health & safety legislation relating to working at height then it could hardly be argued they are competent to perform their duties. This would not only be an issue in terms of the potential for legal nonconformity, but also in terms of compliance with clause 7.2 Competence. Where you incorporate the requirements of BAFE Scheme Documents SP 203-1 and/or SP 203-3, the Policy Statement must also include a reference to the modules of work that the QMS covers. 5.2.2 Communicating the quality policy No additional requirements apply to this clause of BS EN ISO 9001:2015. 5.3 Organisational roles, responsibilities and authorities As detailed within the ISO 9001 Standard, you must define and communicate responsibilities and authorities within your organization. The size and complexity of an organization has a bearing on how such responsibilities and authorities are defined. In a large organization with various departmental interfaces, responsibilities and authorities can be defined through documented job descriptions, a schedule of key personal responsibilities in the quality manual and/or inclusion within the documented procedures. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 8 of 31 14 June 2016 © NSI 2016 In a very small family run organization, provided management and staff can demonstrate on interview a common understanding of everyone’s prime responsibilities and authorities, it may not be necessary to have them fully documented. Notwithstanding the above, Fire Gold specifically requires certain responsibilities are clearly assigned: a) for the ‘Nominated Designer(s)’ see clause 8.3 Design b) for the ‘Nominated Design Technician(s)’ see clause 8.3 Design c) for the Systems Performance Executive(s) – SPE The Nominated Designer(s) is(are) responsible for authorising all fire system designs and the SPE is responsible for all aspects of fire system performance such as the monitoring and analysis of unwanted fire alarms and troublesome fire systems. BS EN ISO 9001 :2008 required that an individual from within the organisation’s management team be nominated to act as the Quality Management Representative (QMR). The 2015 revision does not make the appointment of a QMR a specific requirement but there remains a need for top management to assign the responsibility and authority for maintaining the quality management. Whilst this does not forbid the organisation from appointing a sub-contracted quality consultant into this role, top management within the organisation should consider the risks associated with managing the appointment in this way and identify the means to mitigate the potential impact. 6 Planning 6.1 Actions to address risks and opportunities No additional requirements apply to this clause of BS EN ISO 9001:2015. 6.2 Quality objectives and planning to achieve them No additional requirements apply to this clause of BS EN ISO 9001:2015. 6.3 Planning of changes No additional requirements apply to this clause of BS EN ISO 9001:2015. However the following are examples of situations where changes to the quality management system should be considered: acquisitions and joint ventures introduction of new technologies organisational restructuring FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 9 of 31 14 June 2016 © NSI 2016 use of sub-contractors 7 Support 7.1 Resources 7.1.1 General Whilst you must maintain adequate and competent resources, you may not always be able to provide a complete service using your staff personnel and you may have to use sub-contractors. Clause 8.4.1 of BS EN ISO 9001:2015 requires you to be able to demonstrate you have established criteria for selection, evaluation and re-evaluation of suppliers of both product and services including sub-contractors. 7.1.2 People You must adopt a documented policy statement in relation to the security screening of personnel who visit customers ’ premises for the purpose of selling, designing, installing, commissioning, handing over or maintaining FD&A & FES systems or who have access to confidential information regarding such systems or the premises in which such systems are installed or are to be installed. The documented policy statement must cover staff personnel and also sub-contract personnel. A copy must be available to customers and prospective customers on request. Fire Gold is not prescriptive as to the content of the policy statement. However, it must be clear to a reader of the policy statement whether or not you ensure all personnel visiting customer’s premises , or having access to confidential information, are security screened in accordance with BS 7858 or to another security screening standard as may be required under contractual obligations. Your internal procedures and practices must ensure that any contractual obligations regarding use of security screened personnel are met. Identity cards All staff coming into contact with customers and their representatives must carry an identity card or other equivalent means of identification. Such identity cards must as a minimum include a current photograph of the individual, the name of the organization represented and a contact telephone number for verification purposes. You must have evidence of control in respect of issue, control and withdrawal of identity cards. Dependent upon the client base and the type of sites visited the organization may also need to consider incorporating additional information on their identity cards, for example FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 10 of 31 14 June 2016 © NSI 2016 issue and expiry dates, signature and so on and have clearly defined procedures to recover identity cards from leavers. If you permit another company to issue identity cards for the sub-contractors they are supplying, you must ensure (for example through written agreement with the other company and subsequent audit) that identity cards are properly issued, controlled and withdrawn. 7.1.3 Infrastructure No additional requirements apply to this clause of BS EN ISO 9001:2015. 7.1.4 Environment for the operation of processes No additional requirements apply to this clause of BS EN ISO 9001:2015. However we draw your attention to the following note in the standard: The environment for the operation of processes can include physical, social, psychological, environmental and other factors (such as temperature, humidity, ergonomics and cleanliness). 7.1.5 Monitoring and measuring resource Where you engage sub-contractors (whether they are directly or indirectly engaged) you must seek assurance that all measuring devices are and remain appropriately calibrated and retain sufficient documented information to evidence this. 7.1.6 Organisational knowledge No additional requirements apply to this clause of BS EN ISO 9001:2015. 7.2 Competence BS EN ISO 9001:2015 states “the organization shall determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the quality management system’ and ‘ensure that these persons are competent on the basis of appropriate education, training or experience’. The above text makes it much clearer that competency is not achieved just by providing training. The fact someone receives training does not guarantee they will be competent in carrying out their duties and therefore there has to be a system for confirming competency. It is not our intention to be too prescriptive, but we suggest you should consider a probationary period for all new employees and review their competency formally before granting confirmed employment. The objective here is to identify and address any areas where competency is not immediately indicated and which could indicate a need for further training/development. Thereafter, you should have a process of verifying on-going competency which could include feedback from internal and external audit, formal staff appraisal/evaluation and so on. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 11 of 31 14 June 2016 © NSI 2016 You must define and document your processes for determining both initial and on-going competency and ensure that such processes are subject to periodic internal audit. In determining and being able to demonstrate the availability of the necessary competence within your organization a training programme must be established that includes, where relevant: surveying skills installation skills inspection and test skills (commissioning and handover) maintenance and service skills quality procedures and/or documentation appropriate to business processes company standards for quality and in particular control over requirements internal auditing skills product specific training. You must be able to demonstrate the effective operation of the above training programme and provide assurance as to who attended the training. It is not mandatory for personnel to attend external training courses. However, we recommend that selected personnel should attend such courses if the organization does not possess the necessary skills in a given area. Sub-contractors You must use sub-contractors only as permitted by the relevant BAFE scheme documents and only where the individuals involved are adequately skilled, experienced, trained, briefed, organised, supervised and monitored. If you engage one or more sub- contractors directly, or you engage an individual or other company to supply sub- contractors, you must ensure there are suitable and adequate procedures and controls in place within the QMS to ensure adequate skill, experience, training and so on. You must have written agreements with the sub-contractors covering confidentiality of information, training and assignment to agreed tasks. You must retain sufficient in-house expertise to verify an acceptable service has been provided and have evidence to show the adequacy of sub- contractors’ work is validated periodically. By adequacy we mean compliance with all the relevant Product Standards and with all your organization’s procedures and requirements. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 12 of 31 14 June 2016 © NSI 2016 7.3 Awareness No additional requirements apply to this clause of BS EN ISO 9001:2015. 7.4 Communication No additional requirements apply to this clause of BS EN ISO 9001:2015. 7.5 Documented information 7.5.1 General No additional requirements apply to this clause of BS EN ISO 9001:2015. 7.5.2 Creating and updating No additional requirements apply to this clause of BS EN ISO 9001:2015. 7.5.3 Control of documented information Within the general practices of controlling documented information: a) you must make provision to list the issue status of external documents including those called up in the NSI Regulations and Scheme Criteria, Fire and Rescue Service Policies and other applicable standards and regulations. b) you must make provision to list the issue status of internal documents pertinent to your QMS, including procedures, process maps and so on. c) if documented information is held electronically, you must observe the following safeguards and protocols: (1) Where a documents includes a customer signature, the document must be held electronically as a facsimile copy, including a facsimile copy of the signature. Alternatively, traceability from a customer signature on a hard copy to an electronically held document will be acceptable. Where documents held electronically require authorisation (say customer specification) then issue status must be allocated and access rights controlled by password entry at appropriate levels of authorisation. If you introduce other arrangements, you must demonstrate that the above principles of authorisation and agreement are upheld. It is your responsibility to determine whether specific contractual documents are required legally to be originals. (2) You must have robust and secure backup arrangements and you must keep to these arrangements. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 13 of 31 14 June 2016 © NSI 2016 (3) You must hold backups of retained information securely (preferably in a fire-resistant container or at a secure off-site location). We draw your attention to the Data Protection Act (DPA). For companies considering the use of cloud computing services we draw your attention to the Information Commissioner’s Office (ICO) guidance on the use of cloud computing in relation to compliance with the DPA. (4) You must have ready access to all documentation and records for the purposes of our Fire Gold inspections/audits/surveillance visits and so on Control of retained documents You must include information security policies for the protection of retained information held on portable electronic devices (such as laptops, tablets, PDAs, memory sticks) and you must ensure your personnel, including any sub-contractors, keep to these policies. For example devices should be password protected and/or have their hard drives encrypted. Also there should be restrictions on leaving devices unattended in vehicles and/or in premises that are not alarmed. Contract information You must hold records in respect of contracts (including survey, design, quotations, amendments, installation, commissioning, verification, handover, modification and ‘as fitted drawings’) for a minimum of twelve (12) years from the date of handover or until some other organisation, for example the owner of the installation, takes formal responsibility for their on-going storage and maintenance. You must hold system records for maintenance, disconnection, historical and false alarm records for the life of the contract plus a minimum of two (2) years, except where permitted otherwise in the relevant product standard Complaint information You must hold records of complaints for the life of the contract plus a minimum of two (2) years and you must ensure these records are readily available to our auditors. Training information See BS EN ISO 9001:2015 clause 7.2 for training information. Security screening information For security screening information see clause 7.1.2 of this schedule. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 14 of 31 14 June 2016 © NSI 2016 8 Operation 8.1 Operational planning and control You must develop processes for the design, installation, commissioning and handover, verification and maintenance of FD&A systems and/or FES to take account of the need for the QMS to incorporate all the product and regulatory requirements of the fire industry. The extent and form of documented information required must take account of the need to provide evidence: a) contractual obligations are agreed and understood by all parties b) system design specifications reflect the level of life safety and/or building protection required c) of the competency of staff personnel and sub-contractors d) components used on installations meet the technical requirements of the industry e) of in process commissioning and handover inspections including regulatory handover and maintenance documentation f) of adequate planning and monitoring of installation work and commissioning work including project management techniques where appropriate g) of adequate administrative and technical support to installation personnel on site h) of the appropriate level of on-site supervision, particularly on long running contracts Activities for process control must be consistent with the specified requirements for Fire Detection and Fire Alarm (FD&A) Systems. Typical documents that can apply for FD&A and FES systems are BS 5839 Parts 1 & 6 (Part 8 for Voice Alarms), BS EN 15004, BS 7273- 1, BS 6266, relevant HTM-05 Technical Memorandum (for example for hospitals and care residences). The requirements set out in European Standards will apply when called up by the contract or additionally advised by NSI. 8.2 Requirements for products and services 8.2.1 Customer communications The following requirements apply in addition to the requirements of this clause of BS EN ISO 9001:2015: Management of complaints FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 15 of 31 14 June 2016 © NSI 2016 You must deal promptly with all complaints and in an appropriate manner including sending the complainant an acknowledgment the matter is receiving timely attention. You must have a suitable register of complaints, which must include the date of receipt, complainant details, summary of the complaint, and a complaint reference number or code. You must register all complaints promptly and then investigate and action them at an appropriate level of seniority. You must find the root causes of complaints so that corrective actions are effective in preventing further occurrences. The decision on the appropriate course of action (or actions) must be documented. When all reasonable steps have been taken to restore confidence, complaints must be closed down by entering a date of closure in the complaint register. Complaints must be included in the review of nonconformities (see 9.3.2) and consequently clauses 10.1 and 10.2 of BS EN ISO 9001:2015. We draw your attention to the guidelines in BS ISO 10002:2014 – Quality management – Customer satisfaction – Guidelines for complaints handling in organizations, including guidance for small businesses given in Annex A of BS ISO 10002:2014. BS ISO 10002 defines “complaint” as “expression of dissatisfaction made to an organization, related to its products, or the complaints-handling process itself, where a response or resolution is explicitly or implicitly expected”. Such expressions of dissatisfaction could be made in a number of different ways for example in writing, including email, or orally on the telephone. We draw your attention to the guiding principles given in clause 4 of BS ISO 10002:2014, which are recommended for effective handling of complaints: visibility (well publicised information about where to complain) accessibility (easily accessible to all complainants) responsiveness (immediate acknowledgement and addressed promptly) objectivity (equitable, objective and unbiased) charges (free of charge) confidentiality (protected from disclosure except where consented) customer-focused approach (open to feedback and commitment to resolve) FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 16 of 31 14 June 2016 © NSI 2016 accountability (for and reporting on the organisation’s actions and decisions) continual improvement (permanent objective of the organization) 8.2.2 Determining the requirements related to products and services No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.2.3 Review of requirements related to products and services The formal contract review process is set out below. We remind you that associated practices in respect of the agreement for the system design specification are set out in clause 8.3. For guidance, relevant requirements may be found in British Standards associated with FD&A systems and FES such as BS 5839, BS EN 15004, BS 7273-1 and BS 6266. a) General The identity of the persons allocated responsibility and authority to carry out contract reviews must be clearly defined and communicated within the organization (clause 5.3 of BS EN ISO 9001:2015 refers). b) Review Reviews must be undertaken: (1) Before submission of any tender or quotation, to confirm the requirements are adequately defined and documented and your organization has the capability and resources to meet the requirements including any statutory and regulatory requirements. (2) After receipt of the customer’s reply to any tender or quotation, or on receipt of purchase order; to ensure any changes requested by the customer are resolved. There must be evidence, by means such as stamp, signature or electronic authorisation, of all reviews. You must make clear in appropriate documentation whether or not your organization accepts oral confirmation of orders and, if so, your policy must require you to send a written statement to the customer stating your understanding of the agreement and confirming that this will be taken as the agreement unless the customer notifies otherwise in writing. c) Amendment to contract On completion of the installation (or the relevant module of the work), your procedures must ensure all amendments are agreed, recorded and authorized FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 17 of 31 14 June 2016 © NSI 2016 and the requirements of the contract (including, if appropriate, a remote signalling connection and notifications to third parties) are completed. d) Documented information You must retain documented evidence of contract reviews for the life of the contract plus a minimum of two (2) years. Certain contract information may need to be held for a longer period to satisfy HM Revenue and Customs and VAT requirements and so on. e) Customer liaison You must maintain effective customer liaison through the life of the contract. Clause 8.2.2 of BS EN ISO 9001:2015 makes it clear that statutory and regulatory requirements shall be determined and a new NOTE in the Standard references that supplementary services such as recycling or final disposal are post-delivery activities and must also be considered. With any accredited management system certification there is increasing recognition that certification ought to give a level of assurance that the approved organization is aware of relevant legislation and is essentially compliant. The reference to recycling or final disposal is a useful pointer to the increasing raft of environmental legislation that applies to organizations whether or not they choose to implement an Environmental Management System. For example electronic and electrical equipment can no longer be sent to landfill (the WEEE Regulations apply) and manufacturers of certain types of equipment are obliged to have or participate in a take back scheme for the old equipment. We recommend you should maintain a consolidated list of the legislation you believe is relevant to your organization (see also clause 7.5.1). 8.2.4 Changes to requirements for products and services No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.3 Design and development of products and services 8.3.1 General We consider the detailed selection, placement and configuration of products and the interconnection to meet the specified requirements for a particular installation is application design rather than development (such as conceptual design of new products). For this reason the word ‘development’ has been excluded from the sub – headings of this section on design (and therefore differs in this respect from the corresponding clauses in BS EN ISO 9001). FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 18 of 31 14 June 2016 © NSI 2016 If you sub-contract design work you must retain sufficient in-house expertise to verify that all designs, and all subsequent installations, meet the relevant Product Standards. 8.3.2 Design and development planning In the case of FD&A systems, we draw your attention to British Standard Code of Practice BS 5839-1:2013 and in particular to Section 2, Design Considerations. Where other British Standards or Industry Codes of Practice are called up within the contract the relevant design requirements must be considered. We will consider Design Planning arrangements differing from those set out in 8.3.2 below (for any organization wishing to adopt differing arrangements) provided there is evidence the arrangements adopted ensure the provisions of BS EN ISO 9001:2015, this Quality Schedule and the relevant technical and other Standards, Codes of Practice, regulatory requirements and so on are met. Any organization wishing to adopt alternative arrangements should write to us giving details. a) You must adopt controls to ensure: (1) The appropriate stages of system design specification development (viz. design planning, design inputs, design outputs, design review, design verification, design validation, and control of design changes; see 8.3 of BS EN ISO 9001:2015) are followed. (2) The customer is made aware of and agrees to the limitation (if any) of the demands of the appropriate technical Standard and regulatory requirements of other interested parties (for example local authority building control, fire & rescue services, insurers). (3) The customer is made aware of and agrees to any other limitations to the design (or to the proposed design) in terms of adequacy of detection/control and warning/signalling capability. (4) The requirements of the customer are translated into a system design specification that is appropriate to the premises (or site) where the FD&A system and/or FES is to be installed and that lists the equipment and components to be supplied, detailing their proposed locations and containing a general indication of their coverage and purpose. (5) The system design specification contains within it a Design Statement, which includes information on any limitations to the design in terms of adequacy of detection/control and warning/signalling capability. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 19 of 31 14 June 2016 © NSI 2016 (Alternatively, the Design Statement may be a separate document, provided it is clearly referenced within the system design specification). (6) There is consideration of any variations and amendments in the customer requirements as installation proceeds (or arising from practicalities coming to notice as installation proceeds), and recorded agreement of such variations or amendments between customer and the organization, in the system design specification, or in properly issued amendments to the system design specification , or in an “as – fitted” system record. (7) The “as fitted” system record shall include “as fitted” drawings and, where appropriate, to scale. Agreed variations (agreed by you with the customer) to the requirements of the relevant standard (for example BS 5839-1) shall be documented. b) In discharging your responsibility (see 8.3.2 of BS EN ISO 9001:2015) to define the responsibilities and authorities for design and to manage the interfaces between different groups involved in design: (1) You must designate one or more suitably competent individual(s) as “Nominated Designer(s)”. (2) Each individual designated by you as a “Nominated Designer” must be competent to undertake tasks including: i. acting as the focal point for matters of design of the fire system. ii. assessing the fire risk factors (for example relating to adequacy of detection/control and warning/evacuation and signalling capability influencing the design). iii. being conversant with the products and systems specified, and with any significant limitations inherent in such products and systems. iv. ensuring that the content of quotations and system design specifications is compatible with the requirements of the applicable Product Standards, regulatory standards, and Fire Gold Codes of Practice. v. “Signing Off” designs on behalf of the organization. vi. being conversant with and up-to-date in respect of new technologies, technical Standards, regulatory standards, and national implementation of EU Directives and so on relevant to the design process. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 20 of 31 14 June 2016 © NSI 2016 vii. being conversant with installation requirements such that system design specifications are professionally compiled and finalised in a manner which gives clear and unambiguous information to the customer and to the technicians who install and commission. c) There should be evidence that “Nominated Designers” are willing to seek advice and guidance as required from other companies (such as equipment manufacturers) and organisations, and to develop and to keep up-to-date their skills by such means as reading security magazines and journals, attending conferences and workshops. (1) You may choose to designate one or more suitably competent individual(s) as “Nominated Design Technician(s)”. (2) In respect of all functions relevant to the design process (but not necessarily in respect of his/her other functions), each individual designated by you as a “Nominated Design Technician” must be responsible to and must work under the authority and supervision of a named “Nominated Designer”. (3) Each individual designated by you as a “Nominated Design Technician” must be competent (within the range of type(s) of work where he/she acts as a “Nominated Design Technician”) to undertake tasks that include those listed in (ii), (iii), (iv), (v), (vi) and (vii) of 8.3.2 (b)(2) above, except that competence in respect of (vi) is not necessary where there is evidence the effects of new technologies, regulatory standards, national implementation of EU Directives and so on relevant to the design processes of the organization have been adequately considered by a “Nominated Designer” a nd evidence that the constraints within which the “Nominated Design Technician” operates are such as to ensure these matters are adequately taken into account in the designs prepared and/or “signed off” by the “Nominated Design Technician”. d) In all cases, a site survey (preferably at initial enquiry stage, or at some other stage prior to issue of a quotation and system design proposal, but always at a stage prior to actual commencement of installation) must be undertaken by a “Nominated Designer” or by a “Nominated Design Technician”. Final “sign off” of a system design proposal on behalf of the organization must not occur until such a site survey has been completed. This does not apply to new builds on green or brown field sites. It does apply to retrofit to existing buildings. 8.3.3 Design and development inputs No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.3.4 Design and development controls FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 21 of 31 14 June 2016 © NSI 2016 No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.3.5 Design and development outputs Throughout the installation, commissioning and handover process the original design and any subsequent changes to that original design must be verified in order that the completed FD&A system and/or FES is confirmed “fit for purpose”. T his must be an ongoing process for systems contracted to one Company or for systems contracted to more than one Company (i.e. a modular approach). In the latter scenario the organisation responsible for verification should be identified prior to the commencement of the installation work. In-process inspection and testing (for example during commissioning), and final inspection and testing (for example at handover), must be consistent with the requirements of the appropriate Standards (for example BS 5839-1) and with specific contract requirements. The following processes are also applicable to the “commissioning and handover module” (as outlined in the relevant BAFE SP203 scheme document). a) Commissioning engineers must have a good working knowledge of the design of FD&A systems and FES in order that design verification can be carried out during the commissioning process. b) Particular attention must be given to the issue of NSI/BAFE Certificates of Compliance, Modular Certificates and Modification Certificates. The criteria for issuing Certificates can be found on the certificate itself and on the inside cover accompanying the book of blank certificates. c) Documentation related to the inspection and test status of FD&A systems shall include and provide information as follows: (1) The “as fitted drawings” preferably to scale. (2) Loop resistance and cable insulation readings. (3) Theoretical standby battery capacity calculations together with the verified current readings taken at commissioning. (4) Sounder audibility readings. (5) Cause and effect verification checks – to include call point/detector operation, staged evacuation requirements, shutdowns such as HVAC, gas, plant, lifts and so on. (6) Customer log books. (7) M & E manuals where appropriate. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 22 of 31 14 June 2016 © NSI 2016 (8) Zone diagrams. Documentation related to the inspection and test status of FES must be in accordance with BS EN 15004-1, Clause 8.3 and Annex A. Commissioning, testing and handover will normally fulfil validation requirements. 8.3.6 Design and development changes No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.4 Control of externally provided processes, products and services 8.4.1 General In accordance with clause 8.4.1 of BS EN ISO 9001:2015, you must evaluate and select suppliers (including sub-contractors and companies who provide sub-contractors) based on their ability to supply product or service in accordance with your requirements and the requirements of this Quality Schedule, which includes the requirements of the relevant Product Standards. You must establish criteria for selection, evaluation and re- evaluation of suppliers and keep records of the results including any necessary actions arising from evaluation and re-evaluation. 8.4.2 Type and extent of control You may use sub-contractors only as permitted by the relevant BAFE scheme documents. You must: a) Maintain a register of all sub-contractors, which must clearly show the services they can supply; b) Record clearly the basis of selection of all sub-contractors; c) Conclude formal agreements that adequately cover the services to be provided and make it clear services can only be delivered by named individual sub- contractors who have been security screened (where required) and whose competency is demonstrated; d) Audit and monitor sub-contractors on the same basis as staff personnel; e) Brief sub- contractors on the organization’s policies, procedures, work instructions and records to be completed to verify completion of assigned tasks or service delivery; f) Retain overall responsibility for all sub-contracted services even if extensive use is made of sub-contractors; g) Allow us to have the right to audit the work carried out by sub-contractors and interview such sub-contractors to confirm their competence; FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 23 of 31 14 June 2016 © NSI 2016 h) Retain sufficient in-house expertise, if system design is sub-contracted, to enable you to verify the designs are compliant with the relevant Product Standards. If you carry out component and equipment repairs, you must carry out these repairs in accordance with UK Regulations covering Electromagnetic Compatibility and then only if yo u are the component manufacturer, the manufacturer’s appointed repair agent, or you have a facility that has been assessed satisfactorily against BS EN ISO 9001 (or an equivalent specification) by a recognised, third-party certification body. 8.4.3 Information for external providers No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.5 Production and service provision 8.5.1 Control of production and service provision Use of sub-contractors You must require your sub-contractors to allow our auditors to examine and inspect vehicles, office premises, workshops and so on used in the course of sub-contract work, and to co-operate in and facilitate such examinations and inspections. You must ensure the tool kits used by sub-contractors are adequate for purpose and are consistent with your requirements. We remind you that electrical wiring and installation must be in accordance with good safety practice and in compliance with applicable standards and regulations (see Fire Gold criteria for approval). If you enter into contracts to supply the monitoring of fire alarms, you must use only Alarm Receiving Centres (ARCs) approved by NSI (or other ARCs approved by an independent third-party approvals organization acceptable to NSI and complying with the requirements of BS EN ISO 9001 and BS 5979 or BS 8591). 8.5.2 Identification and traceability Unless customers impose special contractual conditions, your procedures must reflect the extent of traceability of equipment and/or components, required for your own purposes, such as for reasons of a warranty. Where applicable, each business process must contain provision for identifying specific traceability requirements, that is, installation historical log, false alarm history, security screening in progress and so on. 8.5.3 Property belonging to customers or external providers FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 24 of 31 14 June 2016 © NSI 2016 Procedures for the takeover of installations must be consistent with the requirements of NSI Regulations and Codes of Practice. BS EN ISO 9001 inclu des a useful note to remind organizations that “customer property can include intellectual property and personal data”. 8.5.4 Preservation No additional requirements apply to this clause of BS EN ISO 9001:2008. It is important you should follow manufactu rers’ instructions particularly in relation to the use of batteries and to the use of electronic components sensitive to electrostatic charge. The “first in, first out” system of stock control is recommended for batteries and other items with a limited shelf life. 8.5.5 Post-delivery activities Maintenance must be carried out in accordance with published requirements (for example for FD&A systems, BS 5839-1: Clause 45). You must provide adequate administrative and technical support to service personnel including any sub-contractors engaged in maintenance and service). For component and equipment repairs see 8.4.2 of this Quality Schedule. The following specific requirements apply to servicing (maintenance) of FD&A systems and FES. The following processes are also applicable to the Maintenance Module (as applicable through the relevant BAFE SP203 scheme document). a) Corrective maintenance (1) For FD&A systems, you must have a documented process for the management of troublesome systems (those generating false alarms or unwanted fire signals). This process must identify provisions for escalating response; the identification and resolution of troublesome systems; the ongoing performance review by the Systems Performance Executive; and the following requirements: (2) There must be a record of the date and time of receipt of every emergency call, together with the date and time of the engineer’s arrival on site and of any necessary corrective action. This information must be kept for at least two (2) years after the event to which it refers and the customer provided with a copy. (3) Authorisation from the customer for temporary disconnection must be kept for at least three (3) months after reconnection. (4) There must be adequate access to spares at all times. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 25 of 31 14 June 2016 © NSI 2016 (5) You must audit all technicians’ holdings of spares to ensure continued adequate provision (see also 8.2.2 of this Quality Schedule). b) Preventive maintenance You must have a documented process for the planning, scheduling and implementation of preventive maintenance and also for the review of preventive maintenance performance. We draw your attention to the recommendations contained in NSI Technical Memorandum NATM.7 “Guidelines Concerning Routine Maintenance Performance of Installers / Maintainers of Intruder Alarms.” The principles here are applicable to maintenance of FD&A systems and FES. 8.5.6 Control of changes No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.6 Release of products and services No additional requirements apply to this clause of BS EN ISO 9001:2015. 8.7 Control of nonconforming outputs Your retained documentation for control of nonconforming product must provide for the identification of: FD&A systems giving repeated problems (troublesome systems) inadequate periodic servicing (preventative maintenance) performance temporary disconnections non-conforming FD&A systems and/or FES defective components complaints from any parties any other type of nonconforming product as determined by the organization Means for identifying nonconforming product may be found in other parts of the QMS, for example through technical auditing of systems and through investigation of customer complaints. Non-conformance may be identified by a modular contractor with work carried out by an earlier modular contractor. This may arise through the verification process. The nonconformity should be documented and resolved through a process of consultation. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 26 of 31 14 June 2016 © NSI 2016 Corrective action forms under a corrective action procedure may be used as a means for recording the existence of nonconforming product and ensuring appropriate corrective action is taken. 9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General You must have a process for the management of complaints (see clause 8.2.1). This process must cover all complaints whether they are from directly contracted customers or from stakeholders including the fire and rescue services and the insurers. This process (or a separate one) must also cover situations where we contact you about a complaint made to us about your organization. The process for management of complaints can be included in the process(es) for the control of nonconforming product (see 8.7) or can be a stand-alone process. 9.1.2 Customer satisfaction You must monitor customer perceptions of the degree to which requirements have been met. Sources of information on customer perception could include: the outcome of customer satisfaction surveys the number of sales arising from recommendations the number of installations taken over by competitors the number of installations deemed as “troublesome” for reasons attributable to your organization (including shortcomings in sub-contracting arrangements) complaints against your organization letters of commendation received from satisfied customers other sources as determined by you trends in false alarm performance warranty claims The maintenance of good relationships with customers is a significant factor affecting the success and growth of any business. Concern for the customer should be part of the overall business strategy. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 27 of 31 14 June 2016 © NSI 2016 You should set out to avoid complaints. When complaints do occur, the objective should be to come out of each situation with a strengthened relationship with whoever is complaining. 9.1.3 Analysis and evaluation Your analysis of data must include provision of information relating to: customer satisfaction (see clause 8.2.1 ) suppliers of products (including services) (see clause 8.4) core business processes In relation to customer satisfaction, you must analyse the causes of complaints. The analysis must form part of the input to management review (see clause 9.3.2). The main purpose of the analysis is to assist you in deciding on appropriate corrective action with a view to improving customer satisfaction and reducing future incidence of complaints. The following analysis of rectified complaints by cause code is suggested: a) unsatisfactory work (relating to fixing and finishing) b) unsatisfactory installation (relating to performance or safety) c) disputed service charge d) failure to meet service contract (including corrective maintenance) e) lack of timely response to enquiries and complaints f) dispute over rental/maintenance charge g) behaviour of organization’s personnel h) behaviour of sub-contractors (if used) i) accounts dispute (not emanating from one of the items listed above) j) other (use text) You must examine causes of complaints at appropriate intervals and make (and record) suitable decisions or recommendations regarding corrective action (for example in relation to common causes of complaint). For the installation and maintenance of FD&A systems and/or FES the following must be followed: FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 28 of 31 14 June 2016 © NSI 2016 Unwanted or false fire alarm statistics reviewed by the Systems Performance Executive on an ongoing basis. Such statistics and trends must also form part of the Management Review. The level of achievement for preventive (routine) maintenance performance. The information recorded must also form part of Management Review (as well as providing the information necessary to deliver any corrective actions that may arise). The level of achievement in respect of eight (8) hour response to requests for corrective (emergency) maintenance. The information recorded must also form part of Management Review (as well as providing the information necessary to deliver any corrective actions that may arise). 9.2 Internal audit The requirements are as specified within BS EN ISO 9001:2015, with the clarification that the audit programme must include: a) Technical auditing of the work of each installing technician (including any sub- contractors) using appropriate installation checklists encompassing the specific requirements of the standards and codes of practice for the fire detection and alarm systems installed. This also applies for companies approved for just the installation module (as applied by the relevant BAFE SP203 scheme document). b) Technical auditing of each commissioning technician (if such technicians are used solely for commissioning work) using appropriate commissioning checklists encompassing the specific requirements of the standards and codes of practice for FD&A systems and/or FES installed. c) Technical auditing of the work of each maintenance technician using appropriate maintenance schedules encompassing the specific requirements of the standards and codes of practice for the FD&A systems and/or FES maintained, and using checklists as detailed in the two bullet points immediately above this one. You must plan, establish, implement and maintain an internal audit programme, which must include a statement (or statements) of the frequency at which audits shall be undertaken (a minimum of one per technician over a twelve (12) month period) and the person(s) nominated by the organization to undertake the audits. You must also define the steps to be taken if the systems selected fail to meet the specified criteria and you must include a reference to possible training needs and/or an increase in the frequency and number of audits. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 29 of 31 14 June 2016 © NSI 2016 Your capability to monitor standards of design, installation, commissioning and maintenance is an auditable element of Fire Gold and you must be able to demonstrate you are capable of identifying all your own nonconformities. Selection, auditing and review of sub-contractors In accordance with BS EN ISO 9001, thorough and effective procedures must exist for the selection, auditing and periodic review of sub-contractors. The level of auditing of sub-contracted work must not be less than the level of auditing that is applied to work undertaken by the organization’s own staff personnel. Where the auditing of the work of sub-contractors is undertaken by a sub-contractor company by, through or under which the sub-contractor is engaged, you must inspect the audit records and carry out audits of installations to verify the standard of the sub- contracted audits and periodically you must accompany the sub- contractor’s auditor on witnessed audits. You must maintain records of the audits and checks you carry out. 9.3 Management review 9.3.1 General The general requirements set out in clause 9.3.1 of BS EN ISO 9001:2015 apply. We recognise there are different views as to who are the top management personnel who should carry out the management review. Each case has to be considered on its own merit, particularly in large multi- layered organizations such as PLC’s. For example it may not be practical or necessary for all Directors to be present at the management review meetings, if when interviewed on actual audit, they can demonstrate awareness of all significant issues raised at the meetings. 9.3.2 Management review inputs Top management must review the organisation’s quality management system, which must include, but not be limited to, the following areas as appropriate to the type of security systems installed: the status of actions from previous management reviews; changes in internal and external issues that are relevant to the quality management system (including changes in legislation, changes to fire and rescue service policies (CFOA); information on the performance and effectiveness of the quality management system, including trends in: customer satisfaction and feedback from relevant interested parties (including the analysis of complaints); FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 30 of 31 14 June 2016 © NSI 2016 the extent to which quality objectives have been met; process performance and conformity of products and services (including performance and trend analysis for routine maintenance, response to emergency call outs and false alarms(where applicable); non-conformities and corrective actions; monitoring and measurement results; audit results; the performance of external providers (including suppliers, sub- contractors and alarm receiving centres); effectiveness of continual improvement initiatives adequacy of resources (including human, equipment and facilities); the effectiveness of actions taken to address risks and opportunities; opportunities for improvement (including assessment of new software and hardware); review adequacy of Quality Policy and Quality Objectives training needs and requirements infrastructure (when appropriate) evaluation of legal compliance 9.3.3 Management review outputs No additional requirements apply to this clause of BS EN ISO 9001:2015. 10 Improvement 10.1 General No additional requirements apply to this clause of BS EN ISO 9001:2015. 10.2 Nonconformity and corrective action You must have effective process(es) for the development and implementation of appropriate corrective actions where a nonconforming process output, product or service is identified, including false alarms, substandard installations, poor service performance and customer complaints to prevent the recurrence of the non-conformity. FSQS 121 – The NSI Quality Schedule for the application of BS EN ISO 9001:2015 to Fire Gold Approval Issue 8.0 Page 31 of 31 14 June 2016 © NSI 2016 Clause 10.2 of BS EN ISO 9001 makes it clear the organization must take action to eliminate the causes of nonconformities in order to prevent recurrence and that nonconformities include customer complaints. You must carry out root cause analysis to find the causes of nonconformities in order to support the corrective actions taken in response to nonconformities. You must retain sufficient documentation to provide evidence of the nature of any nonconformities identified and subsequent corrective actions and you must retain evidence of the results of this corrective action. As a minimum this retained information must include evidence of the review of audit results, service reports, false alarm statistics, and customer complaints. 10.3 Continual improvement No additional requirements apply to this clause of BS EN ISO 9001:2015. Measures in 10.2 and 10.3 are not exhaustive. Corrective actions and opportunities for continual improvement may apply to other areas of the quality management system.