ISO 9001 Audit Checklists

Evaluate effectiveness of your organization’s Quality Management System (QMS) through digital ISO 9001 internal audits

organization discussing about iso 9001 audits and implementation

What is an ISO 19001 Audit Checklist?

An ISO 9001 Audit Checklist is used to assess the effectiveness of an organization’s Quality Management System (QMS). The audit helps organizations identify and address issues, and discover potential improvements they can make with their QMS to ensure best practice processes are in place as preparation for a third-party ISO 9001:2015 certification audit.

Types of ISO 9001 Audit

An ISO Audit is an official assessment sanctioned by the International Organization for Standardization (ISO) to determine if a company fulfills set criteria, usually for developing a product or rendering a service. An ISO certification gives merit to companies and protects consumers by ensuring that international safety, reliability, and quality standards are met. An ISO 9001 audit is conducted in two methods:

Internal Audit

This type of audit is conducted by an assigned member of the organization to compare existing QMS with industry regulations and relevant standards such as industry, internal, and ISO 9001. Performing internal ISO 9001 audits helps organizations prepare for the actual certification audit by identifying and resolving signs of non-conformance, checking progress against goals and objectives, evaluating conformance to regulation and legislation, discovering areas for improvement, and conducting a management review to ensure that QMS processes meet requirements for certification.

External Audit

This type of audit is performed prior to obtaining ISO certification. An external auditor will do the assessment and will verify and ensure that the organization’s documentation meets the requirements of the ISO 9001 standard. At the end of the audit, the auditor will recommend whether you’ll be granted a certification or require corrective actions before you can be accredited. Should an organization be granted certification, after the three-year period, they would have to renew their certification by going through the same external audit.

ISO 9001: 2008 vs 2015 comparison

ISO 9001:2015 intends to focus on the PDCA (Plan, Do, Check, Act) management method; therefore, the updated version of any ISO 9001 template is structured according to PDCA. The purpose of this change was to guard against complacency and give momentum to continuous improvements in quality management systems.

Refer to the table below in order to spot the main differences between the ISO 9001:2008 and ISO 9001:2015 structures:

ISO 9001:2008 Structure

ISO 9001:2015 Structure

0. Introduction 0. Introduction
1. Scope 1. Scope
2. Normative Reference 2. Normative Reference
3. Terms and Definitions 3. Terms and Definitions
4. Quality Management Systems 4. Context of the Organization
5. Management Responsibility 5. Leadership
6. Resource Management 6. Planning
7. Product Realization 7. Support
8. Measurement, Analysis, and Improvement 8. Operation
9. Performance Evaluation
10. Improvement

Furthermore, ISO 9001:2015 focuses on risk-based thinking rather than preventative measures. Therefore, the most recent ISO 9001 checklist reflects this by focusing on analyzing situations that are specific to your organization and deciding individual actions based on that risk analysis.

How to Prepare the Checklist

Preparing an audit checklist doesn’t need to be difficult; you can either create it from scratch or use a template. Below is an example of what a typical ISO 9001 audit checklist might look like, along with some example questions that can be considered to properly assess compliance with ISO 9001 standards:

Clause 4: Context of the Organization

  • Understanding the organization and its context
  • Understanding the needs and expectations of interested parties
  • Determining the scope of the QMS
  • The Quality Management System and its processes

Example questions:

  • Have all external and internal issues that are relevant to your organization’s purpose and the achievement of customer satisfaction and the organization’s strategic direction been determined?
  • Are these issues reviewed and monitored on a regular basis?
  • Have the needs and expectations of interested parties that are relevant to the QMS been determined?
  • Was the scope of your QMS determined whilst taking into account all the external and internal issues, the needs of interested parties and the scope your products and services?
  • Is your QMS established, and does it include a description of the processes required and their sequence and interaction?
  • Have the criteria for managing these processes and their interaction been established?
  • Have all responsibilities, methods, measurements and related performance indicators, needed to ensure the effective operation and control, been established?

Clause 5: Leadership

  • Leadership and commitmentQuality policy
  • Organizational roles, responsibilities, and authorities

Example questions:

  • Has top management taken accountability for the effectiveness of the QMS?
  • Have the policy and objectives for the QMS, which are compatible with the strategic direction of the organization, been established and communicated?
  • Have the objectives been established at relevant departmental and individual levels with the business?
  • Have the requirements for the QMS been integrated into the business processes and have management promoted awareness of the process approach?
  • Have customer requirements and applicable statutory and regulatory requirements been determined, met and communicated throughout the organization?
  • Have the risks and opportunities that are relevant to the QMS been established?
  • Has the organization established and communicated the responsibilities and authorities for the effective operation of the QMS?

Clause 6: Planning

  • Actions to address risks and opportunities
  • Quality objectives
  • Planning of changes

Example questions:

  • Have the risks and opportunities that need to be addressed to give assurance that the QMS can achieve its intended result(s) been established?
  • Has the organization planned actions to address these risks and opportunities and integrated them into the system processes?
  • Is there a defined process for the determining the need for changes to the QMS and managing their implementation?

Clause 7: Support

  • Resources (general, people, infrastructures, environment for the operation of processes, monitoring and measuring resources, and organization knowledge)
  • Competence
  • Awareness
  • Communication
  • Documented information

Example questions:

  • Has the organization determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the QMS (including people, environmental and infrastructure requirements)?
  • Is monitoring or measuring is used for evidence of conformity of products and services to specified requirements?
  • Has the organization determined the resources needed to ensure valid and reliable monitoring and measuring of results?
  • Has the organization determined the knowledge necessary for the operation of its processes and the achievement of conformity of products and services and implemented a lessons learned process?
  • Has the organization ensured that those persons who can affect the performance of the QMS are competent on the basis of appropriate education, training, or experience or taken action to ensure that those persons can acquire the necessary competence?
  • Has the documented information required by the standard and necessary for the effective implementation and operation of the QMS been established?

Clause 8: Operation

  • Operational planning and control
  • Determination of requirements for products and services (market needs and interactions with customers)
  • Design and development of goods and services
  • Control of externally provided goods and services
  • Production of goods and provision of services
  • Release of goods and services
  • Control of nonconforming process outputs, products, and services

Example questions:

  • Is there a defined process for the provision of products and services that meet the requirements defined by the customer?
  • Are there any changes planned?Are they carried out in a controlled way and actions taken to mitigate any adverse effects?
  • Are any outsourced processes managed and controlled?
    Is there a defined process for reviewing and communicating with customers in relation to information relating to products and services, enquiries, contracts or order handling?
  • Is this review conducted prior to the organization’s commitment to supply products and services?
  • Do you design and develop products or services?
  • Are these processes established and implemented in line with the requirements of the standard?
  • Do you ensure that externally provided processes, products, and services conform to specified requirements?
  • Do you have criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers?
  • Is the provision of products and services carried out in controlled conditions which include: the availability of documented information that defines the characteristics of the products and services?  the availability of documented information that defines the activities to be performed and the results to be achieved? monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met? the people carrying out the tasks are competent?
  • Do you have effective methods of ensuring traceability during the operation process?
  • Is property belonging to customers or external providers used in the provision of the product or service?
  • Is this controlled effectively?
  • Is there a requirement for post-delivery activities associated with the products and services such as warranty, maintenance services, recycling or final disposal?
  • Are these defined and managed?
  • Are any nonconforming process outputs managed so as to prevent their unintended use?

Clause 9: Performance Evaluation

  • Monitoring, measurement, analysis, and evaluation
  • Internal audit
  • Management review
  • ISO 9001 Clause 10: Improvement
  • Continual improvement
  • Nonconformity and corrective action

Example questions:

  • Has the organisation determined what needs to be monitored and measured and the methods for monitoring, measurement, analysis and evaluation, to ensure valid results?
  • Has it established when the results from monitoring and measurement shall be analyzed and evaluated?
  • Have methods of monitoring customer perceptions of the provision of products and services been established?
  • Has it determined the need or opportunities for improvements within the QMS and how these will be fed into management reviews?
  • Has the organisation established a process for an internal audit of the QMS?
  • Has an approach to perform management reviews been established and implemented?

ISO 9001 Audit Checklist Example PDF

Here is an example of an ISO 9001 PDF in the context of a QMS gap analysis. This upgrade in ISO 9001 form ensures that potential risks can be identified and acted on accordingly, long before preventative measures become apparent.

This internal audit checklist PDF for ISO 9001 lets users visualize the report of an already answered audit for an organization’s QMS.

SafetyCulture Content Team
Article by
SafetyCulture Content Team
The SafetyCulture content team is dedicated to providing high-quality, easy-to-understand information to help readers understand complex topics and improve workplace safety and quality. Our team of writers have extensive experience at producing articles for different fields such as safety, quality, health, and compliance.

Explore more templates

ISO 9001 Internal Audit Checklist
This ISO 9001 Internal Audit checklist can be used as an internal audit to assess your organization’s QMS and your readiness for third-party ISO 9001:2015 certification. The audit checklist includes the following 7 main categories: Context of the Organization Leadership Planning Support Operation Performance evaluation Improvement Modify this template to suit your business requirements and the objectives of your QMS and certification requirements. Use SafetyCulture (iAuditor) to record and keep track of your internal audit scores. Perform regular inspections to ensure you continue meeting your ISO 9001:2015 certification requirements.
ISO 9001:2015 Corrective Action Report Template
This ISO 9001:2015 Corrective Action Report Template is a detailed set of steps which aim to eliminate process discrepancies, identify root cause/s or problems, and ultimately prevent their recurrence. They are implemented to identify, resolve, and prevent issues of quality non-conformity. Use this template to collaborate with cross-functional teams and have a well-documented, risk-based corrective action process that is compliant with ISO 9001:2015.
QMS Audit Checklist
A QMS audit checklist is used for evaluating an organization’s quality management system (QMS) conformance with: policies; contract commitments; and regulatory requirements.