ISO Digital Solutions Get the QMS Framework

SGRII Insights  ·  ISO 9001:2015  ·  2026

Support — The Calibration Gap and the Documentation Myth

Clause 7.1.5 is a top-five Major NC source in SME Stage 2 audits. And most documented information systems solve a problem that doesn’t exist while ignoring the ones that do.

Clause 7.1.5 — Monitoring and Measuring Resources: The Silent Major NC

If there is a single clause that generates disproportionate audit findings in SMEs, it is 7.1.5. The requirement is deceptively straightforward: where monitoring and measurement is used to verify conformity of products and services, the organisation must ensure the resources provide valid and reliable results, and those resources must be calibrated or verified at specified intervals against measurement standards traceable to international or national standards.

The failure mode is not exotic. It’s a torque wrench that hasn’t been calibrated in eighteen months. A temperature probe used for incoming goods inspection with no calibration certificate. A software system that performs calculations affecting product conformity with no validation record. Scales used for weighing components with a calibration sticker that expired six months ago. Each of these is a Major NC — because the organisation cannot demonstrate that the measurement used to verify conformity is valid.

The corrective action implications cascade: if a measuring device is found to be out of calibration, the organisation must determine whether the validity of previous measurement results has been adversely affected and take appropriate action. That can mean re-inspecting every batch measured since the last valid calibration — a costly, disruptive exercise that most organisations cannot reconstruct because they didn’t maintain the traceability records.

Clause 7.2 — Competence Beyond Training Records

Clause 7.2 requires the organisation to determine the necessary competence of persons doing work that affects quality performance, ensure those persons are competent on the basis of appropriate education, training, or experience, take actions to acquire necessary competence and evaluate the effectiveness of those actions, and retain documented information as evidence.

Most organisations interpret this as “maintain training records.” A training matrix is produced, courses are logged, and certificates are filed. But the standard doesn’t ask whether training was delivered — it asks whether the person is competent. These are not the same thing. An operator who attended a two-day course and returned to the production line with no change in error rate is trained but not necessarily competent.

The critical missing step is effectiveness evaluation. After competence development actions are taken, the organisation must evaluate whether those actions worked. Did error rates decrease? Did process outputs improve? Can the person now demonstrate the required skill independently? Without this evaluation, the organisation has evidence of training activity, not evidence of competence — and the distinction matters at audit.

Clause 7.3 — Awareness Is Not an Induction Slide

Clause 7.3 requires persons doing work under the organisation’s control to be aware of the quality policy, relevant quality objectives, their contribution to QMS effectiveness, and the implications of not conforming with QMS requirements. Most organisations address this through induction training and assume the requirement is met permanently.

An auditor testing this clause won’t ask whether awareness training was delivered. They’ll approach a machine operator and ask: “What is the quality policy?” “What quality objectives are relevant to your role?” “What happens if this process doesn’t meet its acceptance criteria?” If the operator cannot answer — regardless of what the training records show — the requirement is not met. Awareness must be demonstrable at the point of work, not documented at the point of hire.

Clause 7.5 — Documented Information: Less Is More, If It’s the Right Less

The 2015 revision replaced “documents” and “records” with the unified term “documented information.” This was intended to give organisations flexibility in how they control information. Instead, many interpreted it as permission to reduce documentation — sometimes eliminating critical procedures that the standard doesn’t explicitly require but that the system needs to function.

The opposite extreme is equally destructive: organisations that maintain fifty procedures, two hundred forms, and a document control system so complex that no one uses it. Documents are created, approved, distributed, and ignored. The quality manual runs to eighty pages. Each procedure has a twelve-step approval workflow. Revision histories are maintained meticulously for documents that haven’t been read since they were issued.

The SGRII philosophy is direct: the documented information system should contain exactly what the organisation needs to operate its processes consistently, demonstrate conformance to requirements, and provide evidence of effective operation. No more, no less. Every document must be usable by the person who needs it, at the point where they need it. If a procedure exists but isn’t used in practice, it’s either unnecessary or poorly designed — and either condition should be addressed.

Clause 7.5.3 requires documented information to be available and suitable for use where and when needed, and adequately protected. For an SME, this might mean a shared drive with clear naming conventions and version control. It doesn’t require a dedicated document management system, electronic signature workflows, or ISO-branded templates. It requires that the right person can find the right version of the right document when they need it. That’s the test.

Clause 7.1 — Resources, Infrastructure, and the Environment Nobody Audits

Clauses 7.1.3 (Infrastructure) and 7.1.4 (Environment for the operation of processes) are often treated as facilities management requirements with minimal QMS relevance. In reality, they address the physical and environmental conditions necessary for product and service conformity. A cleanroom with uncontrolled temperature. A welding workshop without adequate ventilation. A software development environment without version-controlled build infrastructure. Each represents a condition that can directly affect output quality — and each is within the scope of Clause 7.

The connection to other standards is direct: ISO 45001 addresses workplace environment from a health and safety perspective. ISO 14001 addresses it from an environmental impact perspective. ISO 27001 addresses it from a physical and environmental security perspective. An organisation implementing multiple standards that fails to connect Clause 7 infrastructure requirements across all applicable systems is creating redundant controls — or worse, conflicting ones.