IMS Documentation Guide for Key Performance Indicators

The Key Performance Indicators (KIPs) list provides you with a template list of common KPIs such as customer satisfaction, employee competency, resource capacity and security events. The list provides you with a snapshot of your IMS performance to evaluate performance of your business value drivers.



The Organisation plans its monitoring and measurement activities, including: 

  1. what needs to be monitored and measured; 
  2. the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results; 
  3. when the monitoring and measuring shall be performed; 
  4. when the results from monitoring and measurement shall be analysed and evaluated. 

Records generated by the monitoring and measurement activities are maintained as described in Step 3 controls under Documented Information. 

The performance evaluation categories embedded into the MS (Management System) Toolbox Tool are:

  • Competencies;
  • Compliance;
  • Continual improvement;
  • Infrastructure;
  • Management System;
  • Operational control.

Each category includes several monitoring and measurement activities, including frequency, responsibilities and related documents.


The customer satisfaction evaluation is included in the Performance Evaluation section and can be based on several methods:

  • Information collected directly when communicating with the client;
  • Satisfaction questionnaires;
  • Reception and analysis of complaints and praises;
  • Feedback collected in the final service report;
  • Others.

The Organisation collects information about customer satisfaction and uses the conclusions to improve the product, service, internal processes, staff competencies, suppliers and subcontractors, etc.

Analysis and Evaluation

The conclusions of the monitoring and measurement activities are used in the regular management meetings and in the Management Review as an essential source of information to review all the planning elements of the MS (Management System):

  • Interested Parties, by contributing with clarified needs and expectations and evaluation of the effectiveness of controls put in place;
  • Revised Risks and Opportunities and control measures;
  • Revised Objectives and Action Plans;
  • Revised Operational controls;
  • Identification of new training needs;
  • Evaluation of suppliers’ performance;
  • Inputs for Design and Development activities to improve products and services;
  • Internal Audit Programme, when monitoring activities demonstrate weaknesses in specific areas;
  • Others.



The auditor or persons responsible for auditing shall plan and conduct the audit by arranging the availability of the key personnel, reviewing previous audit findings and obtaining access to any applicable procedures and documented information.  Auditing may be undertaken through a variety of techniques – the auditor is to judge which audit approach best suits the situation. 

Process Auditing would consider a particular work area or activity, sampling the effectiveness of operational controls, communication, adherence to requirements and record-keeping throughout the natural sequence of events. (e.g., following audit samples through a linear chain of command) 

Compliance Auditing focuses more on the individual subject(s), raising specific questions/answers. 

System Auditing is checklist-based and is used to confirm key elements.


Audit findings shall be recorded onto a template Internal Audit Form; the header of this document includes essential detail such as; Date, Audit Title, Auditor, Auditees, Standards applicable, Reference documents and Location.  The audit record's content will vary depending upon the subject matter and audit approach used, but this could typically include a commentary of findings/samples to demonstrate compliance, objective evidence/photos, questions/answers, dialogue, or checklists. 

NB: The auditor must apply discretion within the audit record if the subject matter is sensitive/personal. 


Upon completion of the audit, a result shall be declared, and records shall indicate, if applicable… 


Nonconformities and Corrective Actions shall be followed up to confirm closure.  Internal Audit results shall form the annual management review input to verify programme completion and effectiveness.  

The results of the internal audit programme will also be considered when reviewing the Risk & Opportunity Register. 



These formal reviews involve input from appropriate management team members and are coordinated by the MS (Management System) Manager.  Based upon a discussion, a desktop collation of information and decisions based on Quantitative and Qualitative data from various sources, these reviews generate a strategic/documented overview of the management system’s performance, looking back and forward across a year.   These annual reviews are intended to complement the more frequent management meetings.

The MS (Management System) will also be reviewed and assessed in its maturity. Guidelines for this assessment will be communicated through the management review and graded at the Annual Management Review.



Other meetings undertaken at the Organisation are management meetings. These meetings are between Top Management and The Organisation’s employees. These meetings are an opportunity to highlight key issues (including corrective and preventative action) and monitor project progress. 

When important news or changes to the company are planned, these are communicated to key personnel directly at these meetings. 

The Management team are in the continual discourse regarding all elements of the business.


The Organisation will ensure that the relevant sections of the MS (Management System) are accessible at all levels within the organisation. 

The Organisation will ensure that all employees know the Quality & Environmental Policy (ISO 14001) & Health and Safety Policy (ISO 45001).. 

The Organisation will ensure that all employees are aware of the company’s significant environmental aspects, the potential impact, and the environment and their role in mitigating these.

The Organisation will ensure that all employees are aware of their responsibilities in relation to health and safety in the workplace. 

The Organisation will also ensure that workers are provided with adequate information and training to minimise risks to health and safety at work.  

The Organisation’s employees will be made aware of the Quality & Environmental objectives, the success achieved against the targets set, and their role in helping achieve them. 

The Organisation will ensure that relevant individuals are aware of compliance obligations related to their role and the responsibilities associated with these obligations. 

The Organisation will utilise:

  • Meetings 
  • Shared drives on the servers 
  • Email
  • Notice boards 

Ensure that this information is communicated, accessible, correct and regularly updated. 


Through the Management Review, the Organisation will agree annually on which areas of the MS (Management System), including Objectives and Aspects & Impacts, H&S reviews and Information security issues, are to be communicated externally. The Organisation Environmental, H&S, Information Security & Quality Policy will be made available on request. 

External communications (including complaints) will be dealt with upon receipt. All complaints relating to the MS (Management System) will be reported to MS (Management System) Manager and Top Management, who will agree on what action is to be taken. If the complaint is deemed a non-conformity, it is also treated according to the non-conformities and corrective actions procedure.


Whenever a change is planned to be introduced with an impact on the MS (Management System), the difference is discussed in meetings, and the corresponding planning is recorded in the meetings’ minutes. This way, the integrity of the MS (Management System) is ensured at all times. The change planning is used to reflect on new risks and opportunities and introduce improvements to the organisation’s processes and the system.

Each proposed change is discussed, including the following:

  • Intent of the change (meet customer requirements, new market demand, new legal requirement, a new standard, process effectiveness, brand enhancement, etc.);
  • Intended outcomes and risks
  • Action planning, with the identification of responsible people/teams, need for resources and timescales
  • Follow-up and closing of the action plans (internal audit, inspection, verification, etc.).

Different planning and control mechanisms can be put in place. The following table contains some examples.

View this step as an implementation guide

all documentation guides

Documentation Guides

Request a Demo

If you would like a demo of the ISOvA (Risk Compliance Software and) Integrated Management System (IMS) software fill out our form below:

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
Ask a Question
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.