NSI Quality Schedule FSQS121 - National Security Inspectorate

FSQS121 – THE NSI QUALITY SCHEDULE FOR THE APPLICATION OF BS EN 

ISO 9001:2008 TO THE NSI FIRE GOLD CERTIFICATION SCHEME 

Compliance with the British, European and International Standard for Quality 

Management Systems, BS EN ISO 9001 is mandatory for any UKAS Accredited 

QMS (Quality Management Systems) Certification Scheme. However the Standard is 

a generic one that is designed such that it can be applied to virtually any organization 

whether they are manufacturing a product or supplying a service. 

The NSI Fire Gold Scheme is not only a UKAS Accredited QMS scheme but it is also 

a UKAS Accredited PC (Product Certification) scheme. Consequently organizations 

approved under the scheme not only have to demonstrate that they operate an 

effective quality management system, but also that the product supplied is compliant 

with the technical or product standards demanded by the end users and other 

relevant stakeholders. 

The NSI Fire Gold Scheme is also Accredited under the BAFE (British Approvals for 

Fire Equipment) Fire Protection Industry Scheme SP203 for the design, installation, 

commissioning and maintenance of fire detection, alarm and suppression systems. 

This and the NSI requirements require that systems are designed, installed, 

commissioned and handed over by trained and, where required security screened 

personnel, to the appropriate product standards such as BS 5839. 

Some of the BAFE Scheme Requirements and the relevant technical/product 

standards such as BS 5839 directly impact on the intent and application of particular 

clauses in BS EN ISO 9001 and it is therefore essential that NSI provide further 

guidance and clarification on their application. This Quality Schedule provides such 

guidance and clarification on BS EN ISO 9001 and compliance with it is consequently 

a condition of any NSI Fire Gold Approval. 

Issue 5 of this Quality Schedule was issued to reflect the change of wording in the 

2008 edition of BS EN ISO 9001 that was published on the 15 th November 2008 (see 

also NSI Technical Bulletin 011). The opportunity has also been taken to align the 

Quality Schedule with the format recently issued for other NSI Quality schedules e.g. 

SSQS 101 for the NACOSS Gold Scheme. 

Issue 6 of this Quality Schedule has been issued to ensure Control of Records is 

compatible with BAFE scheme documents SP203-1 and SP203-3. 

NATIONAL SECURITY INSPECTORATE 

FSQS 121 Issue 6 September 2012 

Page 1 of 22



Sentinel House, 5 Reform Road, Maidenhead, Berkshire, SL6 8BY 

Telephone: 01628 637512/0845 006 3003 Fax: 01628 773367 

1. INTRODUCTION 

1.1 Quality Schedules are designed specifically for a particular sector of industry 

and are used to amplify the requirements of the Quality Management System 

Standard and thus provide an agreed basis for audit. 

1.2 Use of a NSI Fire Gold approved organization for Fire detection and Alarm 

Systems provides a high level of assurance that: 

(a) The Fire Detection and Alarm System has been designed, installed, 

commissioned and handed over by trained and, where required security 

screened personnel, to the appropriate product standard (such as BS 5839) 

and that contractual agreements are fulfilled. 

(b) there is a commitment to customer satisfaction and continual business 

improvement derived from the implementation of a Quality Management 

System specifically designed to meet the needs of the Fire Safety Industry, 

such needs having been agreed in consultation with insurers, fire & rescue 

services, building control, installers, trade associations and professional 

institutions. 

1.3 The scope of the approved company is detailed by NSI on the Certificate of 

Approval and is referenced to this Quality Schedule. 

1.4 The International and UKAS guidance associated with the latest edition of BS 

EN ISO 9001:2008 permits a two year transition period for organisations 

already approved to the 2000 edition and during this transition period NSI 

approved companies may therefore choose to continue working to BS EN ISO 

9001:2000 for a limited time. NSI will however, encourage existing approved 

companies to upgrade to BS EN ISO 9001:2008, as soon as possible. The 

transition period expires on 14 th November 2010 after which BS EN ISO 

9001:2000 certification will be invalid. 

1.5 The transition period does not apply to new applicants for NSI Fire Gold 

approval and they shall be audited against BS EN ISO 9001:2008 and this 

Issue 5 of the Quality Schedule. 

1.6 NSI has already issued Technical Bulletin 0011 explaining the general nature of 

the changes to the 2008 edition of BS EN ISO 9001 and this Quality Schedule 

takes account of the guidance within the Technical Bulletin. Organisations that 

address this Quality Schedule will therefore also generally satisfy the Technical 

Bulletin. 

1.7 The previous issue of this quality schedule focussed on the fact that since the 

2000 edition of BS EN ISO 9001 was issued there has been less emphasis on 

documented procedures and more on defining the processes and controlling 

the same. The 2008 edition to the standard makes no significant change to this 

and it is still relevant to reference the need for only six mandatory procedures. 

However, even if the Standard does not require a documented procedure, it 


Page 2 of 22



may still be the best way to define the process requirements and ensure they 

are understood and consistently applied. Note: A documented procedure may 

be a detailed written procedure or a simple process flowchart, depending on the 

complexity of the process. 

2. SCOPE 

2.1 This Quality Schedule is for use on the NSI FIRE Gold Scheme and compliance 

with the same is a condition of approval. 

2.2 This Quality Schedule sets out the criteria for auditing the Quality Management 

Systems of organizations engaged in the design, installation, commissioning, 

handover and maintenance of Fire Detection & Alarm Systems and does not in 

any way diminish the NSI Regulations or the defined Scheme Criteria. 

2.3 In common with previous practice, this Schedule retains the alignment with the 

main clause numbers of the BS EN ISO 9001 Standard. Where special 

application of the Standard is considered necessary, this is stated. 

2.4 Requirements of this Quality Schedule that must be satisfied are shown in 

normal text and are further emphasised by the use of “shall” or “must”. Where 

additional guidance is given it is reproduced in italics and often emphasised by 

the use of “may” or “can” within the text. 

3. OTHER QUALITY SCHEDULES 

SSQS 101 for the NACOSS Gold Scheme for organizations engaged in the 

design, planning, installation and maintenance of Electronic Security Systems. 

SSQS 102 for the NSI ARC Gold Scheme. 

4. QUALITY SYSTEM REQUIREMENTS 

4.1 General 

The general requirements for the quality management system set out in clause 

4.1 of BS EN ISO 9001: 2008 shall apply. 

This includes the requirement to determine the processes needed, their 

sequence and interaction, and where applicable how to monitor and measure 

them. The 2008 edition now refers to “analysis and improvement” as an actual 

process, which supports the view that continual improvement must not just be 

as a consequence of actions taken to address non-conformity. 

One of the best ways to evidence that all relevant processes have been defined 

is to produce an overall flowchart which follows the normal sequence of events. 

When determining the processes needed, organizations shall not just address 

those carried out in-house but shall clearly define and control those that are 

subcontracted or outsourced. It shall also be clear that outsourcing a process 

does not absolve the organisation of its responsibility of compliance with all 

customer, statutory and regulatory requirements. 


Page 3 of 22



In principle only the installation module of work can be subcontracted to an 

organisation that is in itself not BAFE SP203 Approved for fire detection and 

alarm work. 

4.2 Documentation requirements 

4.2.1 General 

No additional requirements apply to this sub-clause of BS EN ISO 9001: 2008 

except that the ‘structure’ of the Quality Management System shall be clearly 

described. 

The actual structure of the QMS is left to individual company preference as long 

as it can be determined that all clauses of BS EN ISO 9001:2008 and this 

Quality Schedule are clearly addressed. One approach would be to have a slim 

line policy manual addressing all clauses that then provides the linkage to the 

supporting procedures and process flowcharts which then link to any specific 

work instructions and the standard forms to be completed. 

The 2008 edition does however include a clarification that a “single document 

may address the requirements for one or more procedures and a requirement 

for a documented procedure may be covered by more than one document”. 

There have been cases in the past where interested parties have taken a view 

that for example a separate documented procedure is required for clause 8.3 

Control of nonconforming product and clause 8.5.2 Corrective action. The 2008 

edition makes it much clearer that this is not the intent and that a combined 

procedure is acceptable provided it still effectively addresses both clauses. 

4.2.2. Quality Manual 

The Quality Manual shall provide a clear audit trail to supporting 

documentation. The justification for any exclusion to the standard shall be 

detailed in the Quality Manual and although the standard in principle, allows 

exclusions to any part of section 7, NSI generally find that it is only exclusions 

to the Development aspects of clause 7.3 that can be justified (see also section 

7.3). 

4.2.3 Control of documents 

There shall be a documented Procedure for document and data control, which 

shall be intended to insure that the latest issues of all relevant documents are 

controlled under the Quality System. 

Within the procedures for document and data control: - 

 

provision shall be made to list the issue of relevant external documents 

including those called up in the NSI Regulations and Scheme Criteria, 

Fire Service Policies and other applicable Standards, Regulations, 

Codes of Practice etc. 


Page 4 of 22



 

 

provision shall be made to list the issue status of internal documents 

pertinent to the company’s own quality management system, including 

procedures and any process flow-charts. 

if documents and records are held electronically, the following 

safeguards and protocols shall be observed: - 

4.2.4 Control of records 

a) where a document includes a customer signature, the document 

shall be held electronically as a facsimile copy, including a 

facsimile copy of the signature. 

alternatively, traceability from a customer signature on a hard 

copy to an electronically held record will be acceptable. Where 

documents held electronically require authorisation (say 

customer specification) then issue status must be allocated and 

access rights controlled by password entry at appropriate levels 

of authorisation. 

Where a Firm introduces other arrangements, it shall be required 

to demonstrate that the above principles of authorisation and 

agreement are upheld. 

b) reasonable and secure backup arrangements shall be in place, 

and shall be strictly adhered to. 

c) backup records shall be securely held (preferably in a fire 

resistant container or off-site). 

d) there shall be ready access to the information for the purpose of 

NSI inspection/assessment/surveillance, etc. 

Note: It is the responsibility of the Company to determine whether 

specific contractual documents are legally required to be 

originals. 

A documented Procedure shall be established which defines the controls 

needed for identification, storage, protection, retrieval, retention time and 

disposition of the quality records developed to provide evidence of 

conformance and effective operation of the Quality Management System. 

Records in respect of Contracts (including survey, design, quotations, 

installation, commissioning, verification, handover, modification and ‘as fitted 

drawings’) shall be maintained and made readily accessible for a minimum of 

12 years from the date of handover or until some other organisation, e.g. the 

owner of the installation formally takes responsibility for their ongoing storage 

and maintenance, 

System records for maintenance, disconnection, historical and false alarm 

records shall be held for the life of the contract plus a minimum of two (2) years, 

except where permitted otherwise in the relevant product standard. 

For security screening records see clause 6.2.3 


Page 5 of 22



5. MANAGEMENT RESPONSIBILITY 

5.1 Management commitment 

No additional requirements apply to this sub-clause of BS EN ISO 9001: 2008. 

5.2 Customer focus 

No additional requirements apply to this sub-clause of BS EN ISO 9001: 2008 

5.3 Quality policy 

In addition to the requirements to this sub-clause of BS EN ISO 9001: 2008 the 

Policy Statement shall include a commitment to comply with this Quality 

Schedule, an intention to meet industry agreed Codes of Practice, any relevant 

product standards and applicable legal requirements. 

Accredited certification bodies for any management systems certification now 

have to comply with a new generation of standards that increasingly take the 

view that organisations should not be approved if there are any breaches of 

applicable legislation. This is reflected in the introduction to BS EN ISO 

9001:2008 where use of the Standard now includes assessment of an 

organisations ability to meet statutory requirements applicable to the product 

(also expressed as legal requirements). 

NSI, as a UKAS (United Kingdom Accreditation Service) Accredited 

Certification Body shall not recommend approval to BS EN ISO 9001:2008 if 

there are known breaches of legal requirements that directly relate to the 

product or service provided. 

Organisations wishing to obtain or maintain NSI Approval under the NSI Fire 

Gold Scheme shall include a commitment in their Policy Statement that it is 

their intent to comply with applicable legal requirements and periodically 

evaluate compliance with the same as an input to management review. 

Appropriate management shall also demonstrate that they are generally aware 

of the prime legislation that impinges on their area of responsibility and 

authority. 

For example if an operations manager deploying installation engineers had no 

understanding that there was any legislation that relates to working at height 

and was not aware of his health & safety obligations then it could hardly be 

argued that he is competent to perform his duties and it would not only be an 

issue in terms of potential legal nonconformity but also in terms of clause 6.2.2 

Competence, training and awareness. 

For companies who are also incorporating the requirements of the BAFE 

Scheme Document SP 203 the Policy Statement must also include a reference 

to the modules of work that the quality management system covers. 

5.4 Planning 

5.4.1 Quality objectives 


Page 6 of 22



No additional requirements apply to this sub-clause of BS EN ISO 9001: 2008. 

5.4.2 Quality management system planning 

As detailed in the standard. 

Examples of situations where changes to the quality management system are 

to be considered are: - 

- Acquisitions and joint ventures 

- Introduction of new technologies. 

- Organisational restructuring 

- The use of sub-contractors 

5.5 Responsibility, authority and communication 

5.5.1 Responsibility and authority 

As detailed within the Standard, responsibilities and authorities shall be defined 

and communicated within the organisation. 

Key factors in determining how such responsibilities and authorities shall be 

defined will be the size and complexity of the organisation. 

In a large organisation with all sorts of departmental interfaces then it shall 

either be through documented job descriptions, a schedule of key personal 

responsibilities in the quality manual and/or inclusion within the documented 

procedures. In a very small family run organisation provided management and 

staff demonstrate on interview a common understanding of everyone’s prime 

responsibilities and authorities, it may not be necessary to have them 

documented to the same extent. 

The NSI Fire Gold Scheme specifically requires that certain responsibilities and 

authorities are clearly assigned i.e. 

- for the ‘Nominated Designer(s)’ see Clause 7.3 Design 

- for any ‘Nominated Design Technician(s)’ see Clause 7.3 Design 

- for the Systems Performance Executive(s) – SPE 

The Nominated Designer(s) is responsible for authorising all fire system 

designs and the SPE is responsible for all aspects of fire system performance 

such as the monitoring and analysis of unwanted fire alarms and troublesome 

fire systems. 

5.5.2 Management representative 

As detailed within the Standard, but the 2008 edition now states that the 

management representative appointed by top management must be a member 

of the organisation’s management. 


Page 7 of 22



This makes it much clearer that it is not normally acceptable to appoint a 

subcontract quality consultant as the management representative unless there 

is a clear on-going contract which gives him/her the necessary responsibilities 

and authorities required by clause 5.5.2 and for all practical purposes they are 

almost regarded as a part-time employee. 

5.5.3 Internal Communication 

No additional requirements apply to this sub-clause of BS EN ISO 9001:2008. 

5.6 Management review 

5.6.1 General 

The general requirements set out in clause 5.6.1 of BS EN ISO 9001:2008 shall 

apply. 

NSI recognise that there are sometimes different views as to who are the top 

management personnel who should carry out the review. Each case has to be 

reviewed on its own merit, particularly in large multi-layered PLC’s. 

It also may not be practicable or necessary for all Directors to be present at the 

management review meetings, if and when interviewed on actual audit, they 

can demonstrate awareness of significant issues raised at the meetings. 

5.6.2 Review input 

The Management Review Agenda shall be determined by top management and 

shall include, but not be limited to, the following items as appropriate to the 

types of fire detection and alarm systems installed: 

 

 

 

 

 

 

 

 

 

 

 

 

follow up actions from previous management reviews 

the results from internal and external audits (administrative and 

technical) 

unwanted fire alarm performance and trends 

routine maintenance – monthly performance and trends 

response to emergency call out – performance and trends 

customer satisfaction (including complaints) 

resources 

training needs 

status of preventative and corrective actions and their effectiveness. 

performance of subcontractors (including alarm receiving centres) 

planned changes that could effect the quality management system 

continual improvement initiatives 


Page 8 of 22



 

 

 

 

 

 

adequacy of Quality Policy 

adequacy of Quality Objectives 

new legislation (when appropriate) 

infrastructure (when appropriate) 

new technology (when appropriate) 

evaluation of legal compliance 

5.6.3 Review output 


6. RESOURCE MANAGEMENT 

6.1 Provision of resources 


6.2 Human resources 

6.2.1 General 

The general requirements for human resources set out in clause 6.2.1.of BS EN 

ISO 9001:2008 shall apply i.e. that personnel performing conformity to product 

requirements shall be competent on the basis of appropriate education, 

training, skills and experience. 

It is not the intention of NSI to be too prescriptive regarding how such 

competency should be demonstrated, but this and the following clause suggest 

that it is useful in most organisations to develop job descriptions for each 

identified role and include in them a so-called person or job specification which 

can detail the required level of qualifications, experience, skills, attributes etc 

that an ideal incumbent should have. Reviewing candidates against the person 

or job specification can then enable an organisation to demonstrate that it does 

take care to recruit the right people for each identified role in the organisation. 

6.2.2 Competence, awareness and training 

It is worth emphasising that organizations “shall determine the necessary 

competence for all personnel performing work affecting conformity to product 

requirements and where applicable, provide training or take other actions to 

achieve the necessary competence. 

The quoted clause now makes it much clearer that competency is not simply 

achieved just by providing some training. The fact that someone receives 

training does not guarantee that they will thereafter demonstrate competency in 

carrying out their duties. 

Again it is not the intent of NSI to be too prescriptive, but it is suggested that 

organisations should consider a probationary period for all new employees and 

formally review their competency before granting confirmed employment. 


Page 9 of 22



The objective here is to identify and address any areas where their competency 

is not immediately indicated and which could indicate a need for further 

training/development. Thereafter, there needs to be a process of verifying ongoing 

competency which could include feedback from internal and external 

audit, formal staff appraisal/evaluation etc. 

Organisations shall clearly define and document their process(es) for 

determining both initial and on-going competency and ensure that such 

processes are subject to periodic internal audit. 

In determining and being able to demonstrate the availability of the necessary 

competence within the Company it will still be relevant to establish a training 

programme that should be in operation that includes, where relevant: - 

 

 

 

 

 

 

 

surveying skills 

installation skills 

inspection and test skills (commissioning and handover) 

maintenance and service skills 

quality procedures and/or documentation appropriate to the 

business processes 

company standards for quality and control over requirements 

internal auditing skills 

Training records shall be available for review and shall demonstrate the 

effective operation of the above programme and the signature of the person 

who has received the training. 

Training records shall include evidence to substantiate that staff have the 

technical capability to work upon the equipment or systems used. 

Note: - It is not mandatory for personnel to attend external training courses. 

However, it is recommended that certain personnel do attend such courses if 

the Company, as a whole, does not possess the necessary skills in a given 

area. 

6.2.3 Security Screening (An additional requirement of this Quality Schedule.) 

Companies shall adopt a documented policy statement in relation to the 

security screening of personnel who visit customer’s premises for the purpose 

of selling, designing, installing, commissioning, handover or monitoring fire 

detection and alarm systems or who have access to confidential information 

regarding such systems or the premises in which such systems are installed or 

are to be installed. The documented policy statement should cover staffpersonnel 

and also sub-contract personnel. A copy should be available to 

customers and prospective customers on request. 

The Fire Scheme is not prescriptive as to the content of the policy statement. 

However, it should be clear to a reader of the policy statement whether or not 

the Company ensures that all personnel visiting customer’s premises or having 


Page 10 of 22



access to confidential information are security screened in accordance with BS 

7858. 

The Company’s internal procedures and practices shall ensure that any 

contractual obligations regarding use of security screened personnel are met. 

6.3 Infrastructure 


6.4 Work environment 

No additional requirements apply to this sub-clause of BS EN ISO 9001:2008, 

but is worth emphasising that the term “work environment” now relates to 

conditions under which work is performed including physical, environmental and 

other factors (such as noise, temperature, humidity, lighting or weather). 

In some instances specific aspects of legislation may apply and if there are any 

areas of nonconformity with regard to applicable legislation; NSI Approval will 

not normally be granted. 

7. PRODUCT REALISATION 

7.1 Planning of product realisation 

Processes for the design, installation, commissioning & handover, verification 

and maintenance of fire detection and alarm systems shall be developed to 

take into account the need to integrate the technical and regulatory requirement 

of the fire industry with the requirements of the quality management system. 

The extent and form of the documentation required shall take account of the 

need to provide evidence:- 

 

 

 

 

 

 

 

 

that contractual obligations are agreed and understood by all parties. 

that system design specifications and drawings reflect the level of life 

safety and/or building protection required. 

of the competency of staff 

the components used on installations meet the technical requirements 

of the industry. 

of in-process, commissioning and handover inspections including 

regulatory handover and maintenance documentation. 

of adequate planning and monitoring of installation work and 

commissioning work including project management techniques where 

appropriate. 

of adequate administrative and technical support to installation 

personnel on site. 

of the appropriate level of on-site supervision, particularly on long 

running contracts. 


Page 11 of 22



Companies are reminded that activities for process control must be 

consistent with the specified requirements for Fire Detection and Alarm 

Systems. Typical documents that can apply for FD&A systems are BS 5839 

Parts 1 & 6 (Pt 8 for Voice Alarms), BS 6266, relevant HTM-0503 Technical 

Memorandum (e.g. for hospitals and care residences) etc. 

The requirements set out in European Standards will apply when called up 

by the contract or additionally advised by NSI. 

7.2 Customer-related processes 

The formal contract review process is set out below. Service Providers are 

reminded that associated practices in respect of the agreement for the system 

design specification are set out in clause 7.3. 

For guidance relevant requirements may be found in the British Standards 

associated with FD&A systems such as BS 5839 and BS 6266. 

(a) 

General 

The identity of the persons allocated responsibility and authority to carry 

out contract reviews shall be clearly defined and communicated within 

the Approved Company (sub clause 5.5.1. of BS EN ISO 9001:2008 

refers). 

(b) 

Review 

Contract reviews shall be undertaken: - 

(i) Before submission of any tender or quotation, to confirm that the 

requirements are adequately defined and documented and that the 

Company has the capability and resources to meet the 

requirements. 

(ii) After receipt of the customer’s reply to any tender or quotation, or on 

receipt of a purchase order, to ensure that any changes requested 

by the customer can be satisfied. 

(c) 

(d) 

There shall be evidence, by means such as stamp or signature, of all 

contract reviews. 

Organisations shall make clear in appropriate documentation whether or 

not they accept verbal confirmation of orders and, if so, policy shall 

require the Company to send a written statement to the customer stating 

its understanding of the agreement and confirming that this will be taken 

as the agreement unless the customer notifies otherwise in writing. 

Amendment to contract 

Procedures shall require the Organisations, on completion of the 

installation (or their module of the work), to ensure that all amendments 

are agreed, recorded and authorised and that the requirements of the 

contract (including, if appropriate, a remote signalling connection and 

notifications to third parties) are completed. 

Records 


Page 12 of 22



Records of contract reviews shall be held for the life of the contract plus 

two (2) years. (See also Clause 4.2.4 of BS EN ISO 9001:2008). 

Note: Certain contract information may need to be held for longer 

periods to satisfy relevant authorities e.g. HM Revenue & Customs. 

(e) 

Customer liaison 

Effective customer liaison shall be continued through the life of the 

contract. 

The 2008 edition of BS EN ISO 9001 under clause 7.2.1 makes it clear that 

statutory and regulatory requirements shall be determined and a new Note in 

the Standard references that supplementary services such as recycling or final 

disposal are post delivery activities and shall also be considered. 

With any Accredited Management System Certification there is increasing 

recognition that Certification ought to give a level of assurance that the 

approved organisation is aware of relevant legislation and that it is essentially 

compliant. The reference to recycling or final disposal is a useful pointer to the 

increasing raft of environmental legislation that applies to organizations whether 

or not they choose to implement an Environmental Management System. For 

example electronic and electrical equipment can no longer be sent to land fill 

(the WEEE Regulations apply) and manufacturers of certain types of equipment 

are obliged to have or participate in a take back scheme for the old equipment. 

It is strongly recommended that organisations should maintain a consolidated 

list of the prime legislation that they believe is relevant to their organisation 

(see also clause 5.3). 

7.3 Design 

The detailed selection, placement and configuration of products and the 

interconnection to meet the specified requirements for a particular fire detection 

and alarm system are considered to be application design rather than 

conceptual design (i.e. development design). For this reason the word 

‘development’ has been excluded from the sub-headings of this section on 

design (and therefore differs in this respect from the corresponding clauses in 

BS EN ISO 9001). 

7.3.1 Design planning 

Note 1: In the case of FD&A systems attention is drawn to British Standard 

Code of Practice BS 5839: Part 1: 2002 and in particular to Section 

2 Design Considerations. Where other British Standards or Industry 

Codes of Practice are to be called up, within the contract, those 

relevant design requirements shall be considered. 

Note 2: Design Planning arrangements differing from those set out in 7.3.1 

below will be considered by NSI for any company wishing to adopt 

differing arrangements, provided there is evidence that the 

arrangements adopted ensure that the provisions of BS EN ISO 

9001:2008 and the relevant technical and other standards, Codes of 

Practice, regulatory requirements etc., are met. Any Company 

wishing to adopt alternative arrangement should write to the NSI 

office giving details. 

a) Controls shall be established to ensure that: 


Page 13 of 22



 

 

 

 

 

 

the appropriate stages of system design specification 

development (viz. design planning, design inputs, design 

outputs, design review, design verification, design validation, 

and control of design changes; see 7.3 of BS EN ISO 

9001:2008) are followed. 

the customer is made aware of and agrees to any other 

limitations (if any) of the demands of the appropriate 

technical standard and regulatory requirements of other 

interested parties (e.g. local building control authority, fire 

brigade officers, insurers). 

the customer is made aware of and agrees to any other 

limitations of the design (or to the proposed design) in terms 

of adequacy of detection/control and warning/signalling 

capability. 

the requirements of the customer are translated into a 

system design specification that is appropriate to the 

premises (or site) where the fire detection and alarm system 

is to be installed and that lists the equipment and 

components to be supplied, detailing their proposed 

locations and containing a general indication of their 

coverage and purpose. 

the system design specification contains within it a Design 

Statement, which includes information on any limitations to 

the design in terms of adequacy of detection/control and 

warning/signalling capability. (Alternatively, the Design 

Statement may be a separate document, provided it is 

clearly referenced within the system design specification). 

there is consideration of any variations and amendments in 

the customer requirements as installation proceeds (or 

arising from practicalities coming to notice as installation 

proceeds) and the recording of such variations or 

amendments between customer and the Company, in the 

system design specification, or in properly issued 

amendments to the system design specification, or in an “as 

fitted system record. 

Note: The “as fitted” system record shall include an “as 

fitted” drawing and, where appropriate, to scale. 

Agreed variations (agreed by the customer with the 

Company) to the requirements of the relevant 

standard (e.g. BS 5839) shall be documented as a 

list. 

(b) In discharging its responsibility (see 7.3.1 of BS EN ISO 9001:2008) to 

define the responsibilities and authorities for design and to manage the 

Interfaces between different groups involved in design: 

(1) The Company shall designate one or more suitably competent 

individual(s) as “Nominated Designer(s)”. 

(2) Each individual designated by the Company as a “Nominated 

Designer” shall be competent to undertake the tasks that 

include: - 


Page 14 of 22



(i) Acting as the focal point for matters of the design of the fire 

system. 

(ii) Assessing the fire risk factors (for example relating to 

adequacy of detection/control and warning/evacuation and 

signalling capability influencing the design). 

(iii) Being conversant with the products and systems specified, 

and with any significant limitations inherent in such products 

and systems. 

(iv) Ensuring that the content of quotations and system design 

specifications is compatible with the requirements of the 

applicable Technical Standards, and NSI Gold Codes of 

Practice. 

(v) “Signing Off” designs on behalf of the Company. 

(vi) Being conversant with installation requirements such that 

system design specifications are professionally compiled and 

finalised in a manner, which gives clear and unambiguous 

information to the customer and to the technicians who install 

and commission. 

Note; There should be evidence that “Nominated Designers” are willing 

to seek advice and guidance as required from other companies 

(such as equipment manufacturers) and organisations, and to 

develop and to keep up to date their skills by such means as 

reading fire magazines and journals, attending conferences and 

workshops. 

(3) The Company may choose to designate one or more suitably 

competent individual(s) as “Nominated Design” Technician(s). 

(4) In respect to all functions relevant to the design process (but not 

necessarily in respect to his/her other functions) each individual 

designated as a “Nominated Design Technician” shall be 

responsible to and shall work under the authority and 

supervision of a “Nominated Designer”. 

(5) Each individual designated by the Company as a “Nominated 

Design Technician” shall be competent (within the range of 

type(s) of work where he/she acts as a “Nominated Design 

Technician”) to undertake tasks that include those listed in (ii), 

(iii), (iv), (v) and (vi) of 7.3.1. (b)(2) above, except that 

competence in respect of (vi) is not necessary where there is 

evidence that the effects of new technologies, technical 

standards, national implementation of EU Directives, etc. 

relevant to the design processes of the Company have been 

adequately considered by a “Nominated Designer” and evidence 

that the constraints within which the “Nominated Design 

Technician” operates are such as to ensure that these matters 

are adequately taken into account in the designs prepared 

and/or “signed off” by the “Nominated Design Technician”. 

(b) In all cases, a site survey (preferably at initial enquiry stage, or at some 

other stage, prior to issue of a quotation and system design proposal, but 

always at a stage prior to actual commencement of installation) shall be 

undertaken by a “Nominated Designer” or by a “Nominated Design 


Page 15 of 22



Technician”. Final “sign off” on behalf of the Company of a system design 

proposal shall not occur until such a site survey has been completed. 

Note. This sub paragraph would not apply to new builds on green or brown 

field sites. It applies to retrofit to existing buildings. 

7.3.2 Design inputs 

No additional requirements apply to this sub-clause of BS EN ISO 

9001:2008. 

7.3.3 Design outputs 

No additional requirements apply to this sub clause of BS EN ISO 

9001:2008 

7.3.4 Design Review 


9001:2008 

7.3.5 Design verification 

Throughout the installation, commissioning and handover process the 

original design and any subsequent changes to that original design must be 

verified in order that the completed FD&A system is confirmed as fit for 

purpose. This must be an ongoing process for systems contracted to one 

Company or for systems contracted to more than one Company (i.e. a 

modular approach). In the latter scenario the person or organisation 

responsible for verification should be identified at the commencement of the 

installation work. 

7.3.6. Design validation 

Commissioning and handover will fulfil this requirement. 

7.3.7. Control of design changes 


9001:2008 but control will be closely associated to design verification. 

7.4 Purchasing 

Activities associated with tasks or services that are subcontracted shall be 

consistent with the requirements of NSI Gold Code of Practice NACP 3 including 

those for security screening (guidelines for security screening are to be found at 

6.2.3.) 

Component and equipment repairs shall be carried out in accordance with the UK 

Regulations covering Electromagnetic Compatibility and then only by the 

component manufacturer, by his appointed repair agent, or by a facility that has 

been satisfactorily assessed against BS EN ISO 9001 (or an equivalent 

specification) by a recognised third party certification body. 

7.5 Production and service provision 

7.5.1 Control of production and service provision 

(a) No additional requirements apply to this sub-clause of BS EN ISO 

9001:2008 (but see specific requirements for Service Provision below) 


Page 16 of 22



Note: Companies are reminded that electrical wiring and installation 

must be in accordance with good safety practice and in 

compliance with applicable standards and regulations (see the 

Scheme Criteria). 

(b) Service provision 

Companies are reminded that servicing (i.e. maintenance) must be 

carried out in accordance with published requirements (e.g. for fire 

detection and alarm systems, BS 5839: Part 1: Clause 45) 

There shall be provision for adequate administrative and technical 

support to service personnel. 

For component repairs see 7.4 of this schedule. 

The following specific requirements apply to servicing (i.e. maintenance) 

of fire detection and alarm systems). The following processes are also 

applicable to the Maintenance Module (as understood by the BAFE 

SP203 Scheme Document). 

(i) Corrective maintenance 

For fire detection and alarm systems there shall be a documented 

process for false fire alarm management. This process shall identify 

provisions for escalating response; the identification and resolution 

of troublesome systems; the ongoing performance review by the 

Systems Performance Executive; and the following requirements: - 

There shall be a record of the date and time of receipt of every 

emergency call, together with the date and time of the engineer’s 

arrival and the completion of any necessary corrective action. This 

information shall be kept (for at least two years) after the event to 

which it refers and the customer provided with a copy. 

Authorisation from the customer for any temporary disconnection 

shall be kept for at least (3) months after reconnection. 

There shall be adequate access to spares at all times. 

The Company shall audit technician’s holdings of spares to ensure 

continued adequate provision (see also 8.2.2. of this Quality 

Schedule) 

(ii) Preventative maintenance 

There shall be a documented process for the planning, scheduling 

and implementation of preventative maintenance and also for the 

review of preventative maintenance performance. 

Attention is drawn to the recommendations contained in NSI 

Technical Memorandum NATM. 7 “Guidelines Concerning Routine 

Maintenance Performance of Installers/Maintainers of Intruder 

Alarms. This document will be reissued, in due course, to include 

Maintainers of Fire Detection and Alarm Systems. 

7.5.2 Validation of processes for production and service provision 

There shall be a defined process for “in-process inspection” (e.g. during 

commissioning) and “final inspection and testing” (e.g. at handover) and 


Page 17 of 22



shall be consistent with the requirements of the appropriate British 

Standard(s) (e.g. BS 5839) and NSI Codes of Practice (e.g. NACP 2) and 

with specific contract requirements. 

The following processes are also applicable to the “commissioning and 

handover module”, (as outlined in the BAFE SP203 Scheme Document). 

Commissioning engineers are required to have a good working knowledge 

of the design of fire detection and alarm systems in order that design 

verification can be carried out during the commissioning process. 

Particular attention must be given to the issue of the NSI/BAFE Certificate 

of Compliance, Modular Certificates of Compliance and Modification 

Certificates of Compliance. The criteria for issue can be found on the 

certificate and the inside cover accompanying the book of blank certificates, 

issued to Companies. 

Documentation related to the inspection and test status of fire detection and 

alarm systems shall include and provide information as follows: - 

 

 

 

 

 

 

 

 

The “as fitted drawings” preferably to scale. 

Loop resistance and cable insulation readings 

Theoretical standby battery capacity calculations together with the 

verified current readings taken at commissioning. 

Sounder audibility readings. 

Cause and effect verification checks – to include call point/detector 

operation, staged evacuation requirements, shutdowns such as 

HVAC, gas, plant, lifts etc. 

Customer log books. 

M & E Manuals where appropriate. 

A zone diagram located adjacent to the main control unit. 

7.5.3 Identification and traceability 

A system of uniquely identifying equipment and documentation shall be 

maintained to minimise the potential for miss-filing and ensure documentation 

in relation to each contract and the QMS can be readily achieved. 

Unless special contractual conditions are imposed by customers, processes 

shall reflect the extent of traceability of components required for the Company’s 

own purposes, such as for reasons of warranty etc. 

All staff who regularly come into contact with clients and their representatives 

shall carry an identity card or other equivalent means of identification. Such 

identity cards shall as a minimum include a current photograph of the individual, 

the name of the organization represented and a contact telephone number for 

verification purposes. 

Dependent upon the client base and the type of sites visited the organization 

may also need to consider incorporating additional information on their identity 

cards i.e. issue and expiry dates, signature etc and have clearly defined 

procedures to recover identity cards from leavers etc. 


Page 18 of 22



7.5.4 Customer property 

Processes for the takeover of installations shall be consistent with the 

requirements of NSI Directive NAD 3 “Rules relating to the issue of NSI 

certificates of compliance and related matters”. 

In addition to this Companies must hold an appropriate “Scope of Approval” (in 

respect to the BAFE Scheme) before a NSI/BAFE certificate can be issued. The 

BAFE Scheme Document should be read to identify the Scheme’s requirements 

on this subject. 

The 2008 edition now also includes a useful note to remind organizations that 

‘customer property can include intellectual and personal data’. 

7.5.5 Preservation of product 

No additional requirements apply to this sub-clause of BS EN ISO 9001:2008. It 

is important, however, that manufacturers’ instructions are followed particularly 

in relation to the use of batteries and to the use of electronic components that 

are sensitive to electrostatic charge. The “first in, first out” system of stock 

control is recommended for batteries etc. 

7.6 Control of monitoring and measuring devices 

No additional requirements apply to this sub-clause of BS EN ISO 9001:2008 

8 MEASUREMENT, ANALYSIS AND IMPROVEMENT 

8.1 General 

The general requirements set out in Clause 8.1 of BS EN ISO 9001:2008 shall 

apply. Other clauses are qualified as follows: - 

8.2 Monitoring and measurement 

The performance of the quality management system shall be measured through 

the monitoring of the following aspects: - 

8.2.1 Customer satisfaction 

Sources of customer perception could include: - 

the outcome of customer satisfaction surveys 

the number of sales arising from recommendations 

the number of installations taken over by competitors 

letters of recommendation received from satisfied customers 

contract retention 

trends in false alarm performance 

other sources as determined by the Company 

8.2.2 Internal auditing 

 

 

 

the number of installations deemed as troublesome for reasons 

attributable to the installing company (including subcontractor 

arrangements) 

customer complaints 

warranty claims 

As specified within BS EN ISO 9001:2008, with the clarification that the audit 

programme shall include:- 


Page 19 of 22



 

 

 

 

 

technical auditing of each installing technician using appropriate 

installation checklists encompassing the specific requirements of the 

standards and codes of practice for the fire detection and alarm 

systems installed. (This also applies for Companies Approved for 

just the module of Installation work (as understood in the BAFE 

SP203 Scheme Document)). 

technical auditing of each commissioning technician (if such 

technicians are used solely for commissioning work) using 

appropriate commissioning checklists encompassing the specific 

requirements of the standards and codes of practice for the fire 

detection and alarm systems installed. 

technical auditing of the work of each maintenance technician using 

appropriate maintenance schedules encompassing the specific 

requirements of the standards and codes of practice for the fire 

detection and alarm systems maintained and using checklists as 

detailed in the two bullet points immediately above this one. 

a documented statement (or statements) of the frequency at which 

audits shall be undertaken (i.e. a minimum of one per technician 

over a twelve (12) month period and the person(s) nominated by the 

Company to undertake the audits. The steps to be taken, if the 

installations selected fail to meet the specified criteria shall be 

defined and shall include a reference to possible training needs and 

or an increase in the frequency and number of the audits. 

the capabilities of the Company to itself monitor standards of design, 

installation, commissioning and maintenance shall be an auditable 

element of the NSI Fire Gold Product Assurance Scheme and any 

approved organisation shall be able to demonstrate that it is 

generally capable of identifying for itself all its own nonconformity. 

8.2.3 Monitoring and measurement process 


9001:2008. 

8.2.4 Monitoring and measurement of product 


9001:2008. (see also Product Realisation processes, Clause 7.1). 

8.3 Control of nonconforming product 

It is important to note that under section 3, the terms and definitions in BS EN 

ISO 9000:2008 Quality Management Systems – Requirements, the term 

“product” also includes “service”. Also the term “product” covers hardware, 

software, processed material or any combination of these. The expression 

“nonconforming product” is therefore not solely applied to defective components. 

Documented Procedures for control of nonconforming product shall provide for 

identification of: - 

 

 

fire detection and alarm systems giving repeated problems (i.e. troublesome 

systems) 

inadequate periodic servicing (i.e. preventative maintenance) performance 


Page 20 of 22



 

 

 

 

temporary disconnections 

non-conforming fire detection and alarm systems 

defective components 

any other type of non conforming product as determined by the Company 

Note 1: Means for identifying nonconforming product may be found in other 

parts of the Quality System, for example through technical auditing of 

systems and through investigation of customer complaints. 

Note 2: Non-conformance may be identified by a modular contractor with work 

carried out by an earlier modular contractor. This may arise through the 

verification process. The nonconformity should be documented and 

resolved through a process of consultation. 

Note 3: Corrective action forms under a corrective action procedure may be 

used as a means for recording the existence of nonconforming product 

and ensuring that corrective action is taken. 

8.4 Analysis of data 

Analysis of data shall provide information relating to: - 

customer satisfaction (see Clause 8.2.1.) 

suppliers of products (including services) (see Clause 7.4) 

 

core business processes 

For the installation and maintenance of fire detection and alarm systems the 

following shall be relevant: - 

8.5 Improvement 

- unwanted or false fire alarm statistics reviewed by the Systems 

Performance Executive on an ongoing basis. Such statistics and trends 

shall also form part of the management review. 

- the level of achievement for preventative (i.e. routine) maintenance 

performance. The information recorded shall also form part of 

Management Review (as well as providing the information necessary to 

deliver any corrective actions that may arise). 

- the level of achievement in respect to the eight (8) hour response to 

requests for corrective (i.e. emergency) maintenance. The information 

recorded shall also form part of Management Review (as well as providing 

the information necessary to deliver any corrective actions that may 

arise). 

- 

8.5.1 Continual improvement 

8.5.2 Corrective action 


9001:2008. 

There shall be documented Procedures for the development and 

implementation of appropriate corrective actions where a nonconformity 


Page 21 of 22



is identified, including false alarms, substandard installations, poor 

service performance and also customer complaints (for which the 

requirements of NSI Code of Practice, NACP 5, apply, or alternatively 

Annex A to BS ISO 10002) to prevent the recurrence of the nonconformity. 

8.5.3 Preventative action 

There shall be documented Procedure(s) for the review of the audit 

results, service reports, unwanted fire alarm statistics, customer 

complaints and other relevant data to identify action required to prevent 

the recurrence of any perceived problems. 

Note: 

Such measures identified in 8.5.2 and 8.5.3 immediately above 

are not exhaustive. Corrective and preventative actions may 

apply to other areas of the Quality Management System. 


Page 22 of 22

NSI Quality Schedule FSQS121 - National Security Inspectorate

Create successful ePaper yourself

Delete template?

Save as template?