Full ISO 9001:2015 & ISO 45001:2018 Audit Checklist

Title Page

Site conducted
Conducted on
Prepared by
Location

4.0 Context of the Organization

4.1 Understanding the organization and its context

Has your organization determined external and internal issues relevant to its purpose and its strategic direction that affect its ability to achieve the intended result(s) of its IMS?
Does your organization monitor and review information about these external and internal issues?

4.2 Understanding the needs and expectations of interested parties

Does the organisation determine the interested parties that are relevant to the IMS and the requirements of those identified?
Does your organization monitor and review information about these interested parties and their relevant requirements?

4.3 Determining the scope of the quality and OH&S management system

Does your organization determine the boundaries and applicability of the IMS to establish its scope?
When determining this scope, has your organization considered the external and internal issues referred to in 4.1 and 4.2?
When determining this scope, has your organization considered the products and services of your organization?
Has your organization applied all the requirements of this International Standard if they are applicable within the determined scope of its IMS?
Is the scope of your organization’s IMS available and maintained as documented information? (See 7.5.1a) and state the types of products and services covered, and provide justification for any requirement of this International Standard that your organization determines is not applicable to the scope of its IMS?

4.4 Quality and Health & Safety management system and its processes

Has your organization established, implemented, maintained and continually improved a IMS, including the processes needed and their interactions, in accordance with the requirements of this International Standard?
Has your organization determined the processes needed for the IMS and their application throughout your organization, inputs required and the outputs expected from these processes and the sequence and interaction of these processes? (See 4.4)
Has your organization determined and applied the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes? (See 9.0)
Has your organization determined the resources needed for these processes and ensure their availability? (See 7.1) and responsibilities and authorities for these processes? (See 5.3)
Has your organization addressed the risks and opportunities as determined in accordance with the requirements of 6.1?
Has your organization evaluated these processes and implement any changes needed to ensure that these processes achieve their intended results?
Does your organization improve the processes and the IMS as per the requirements of 10?
To the extent necessary, does your organization maintain and retain documented information to support the operation of its processes and have confidence that the processes are being carried out as planned? (See 7.5.1b)

5.0 Leadership

5.1.1 Leadership and commitment general

Does Top management demonstrate leadership and commitment with respect to the IMS by taking accountability for the effectiveness of the IMS ensuring that the quality policy and quality objectives are established for the IMS and are compatible with the context and strategic direction of your organization? Does Top management demonstrate the prevention of work-related injury and ill health as well as the provision of safe and healthy workplaces and activities?
Does Top management demonstrate leadership and commitment with respect to the IMS by ensuring the integration of the IMS requirements into your organization’s business processes and promoting the use of the process approach and risk-based thinking, resources needed are available?
Does Top management demonstrate leadership and commitment with respect to the IMS by communicating the importance of effective quality management and of conforming to the IMS requirements and achieves its intended results by engaging, directing and supporting persons to contribute to the effectiveness of the IMS?
Does Top management demonstrate leadership and commitment with respect to the IMS by promoting improvement and supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?

5.2 Quality & H&S Policy

Does Top management demonstrate leadership and commitment with respect to customer focus by ensuring that customer and applicable statutory and regulatory requirements are determined, understood and consistently met and ensuring that the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed and ensuring that the focus on enhancing customer satisfaction is maintained?
Does Top management establish, implement and maintain a quality and OH&S policy is appropriate to the purpose and context of your organization and supports its strategic direction and provides a framework for setting quality and health & safety objectives and achieves its intended results and by engaging, directing and supporting persons to contribute to the effectiveness of the IMS? Including a commitment to provide safe and healthy working conditions to prevent work related injury and ill health which is appropriate to the nature of the organization of its OH&S risks and opportunities.
Does Top management establish, implement and maintain an OH&S policy that includes a commitment to satisfy applicable legal and other requirements and consultation and participation of workers and where they exist workers’ representatives? Does the OH&S policy include a commitment to eliminate hazards and reduce OH&S risks? (See 8.1.2) and continual improvement of the OH&S MS?
Does Top management establish, implement and maintain a quality policy that includes a commitment to satisfy applicable requirements and to continual improvement of the IMS??

5.2.2 Communicating the quality and OH&S policy

Is the policy available, communicated, understood and applied within the organization and maintained as documented information? (See 7.5.1a)
Is the policy available to relevant interested parties, as appropriate?

5.3 Organizational roles, responsibilities and authorities

Does Top management ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within your organization at each level and that the IMS conforms to the requirements of this International Standard?
Has Top management assigned the responsibility and authority for ensuring that the processes are delivering their intended outputs?
Has Top management assigned the responsibility and authority for reporting on the performance of the IMS and on opportunities for improvement (see 10.1), in particular to top management and ensuring that the integrity of the IMS is maintained when changes to the IMS are planned and implemented?

5.4 Consultation and participation of workers

Does the organization establish, implement and maintain a process for consultation and participation of workers at all levels and functions and where they exist, workers’ representatives in the development, planning, implementation, performance evaluation and actions for improvement of the OH&S MS?
Does the organization provide mechanisms, time, training and resources necessary for consultation and participation and timely access to clear, understandable, and relevant information about the OH&S MS?
Does the organization determine and remove obstacles or barriers to participation and minimize those that cannot be removed?
Does your organization emphasize the consultation of non-managerial workers when - Determining the needs and expectations of interested parties (See 4.2) and establishing the OH&S policy? (See 5.2), Assigning organizational roles, responsibilities and authorities? (See 5.3), Determining how to fulfil legal requirements and other requirements? (See 6.1.3), Establishing OH&S objectives and planning to achieve them? (See 6.2), Determining applicable controls for outsourcing, procurement and contractors? (See 8.1.4), Determining what needs to be monitored, measured and evaluated? (See 9.1), Planning, establishing, implementing and maintaining an audit programme(s)? (See 9.2.2), Ensuring continual improvement? (See 10.3).
Does your organization emphasize the participation of non-managerial workers when - Determining the mechanisms for their consultation and participation, Identifying hazards and assessing risks and opportunities? (See 6.1.1 and 6.1.2), Determining actions to eliminate hazards and reduce OH&S risks? (See 6.1.4), Determining competence requirements, training needs, training and evaluating training? (See 7.2), Determining what needs to be communicated and how this will be done? (See 7.4).
Does your organization emphasize the participation of non-managerial workers when determining control measures and their effective implementation and use? (See 8.1, 8.1.3 and 8.2) and investing incidents and non-conformities and determining corrective actions? (See 10.2).

6.0 Planning

6.1.1 Actions to address risks and opportunities

Has your organization considered the issues referred to in 4.1 and the requirements referred to in 4.2 and determined the risks and opportunities that need to be addressed to give assurance that the IMS can achieve its intended results and enhance desirable effects and reduce undesired effects and can achieve improvement?
Does your organization plan the actions to address these risks and opportunities? Does your organization maintain documented information on risks and opportunities?
Does your organization determine the risks and opportunities for the OH&S MS and its intended outcomes that need addressed by taking into account hazards? (See 6.1.2.1), OH&S risks and other risks? (See 6.1.2.2), OH&S opportunities and other opportunities? (See 6.1.2.3), legal requirements and other requirements? (See 6.1.3).
Does your organization in its planning process determine and assess the risks and opportunities that are relevant to the intended outcomes of the OH&S MS associated with any planned changes to the nature of the organization or OH&S MS be undertaken before the change is implemented? (See 8.1.3).
Does your organization maintain documented information on the processes and actions needed to determine and address its risks and opportunities (see 6.1.2 to 6.1.4) to the extent necessary to have confidence that they are carried out as planned?

6.1.2 How the organisation plan to address risks and opportunities

Does your organization plan how to integrate and implement the actions into its IMS processes (see 4.4)?
Does your organization plan how to evaluate the effectiveness of these actions and are actions taken to address risks and opportunities proportionate to the potential impact on the conformity of products and services?

6.1.2.1 Hazard identification

Does your organization establish, implement and maintain a process(es) for hazard identification that is ongoing and proactive?
Does your organization take into account when identifying hazards - How work is organized, social factors (including workload, work hours, victimization, harassment and bullying), leadership and the culture in the organization? Routine and non-routine activities and situations? Past relevant incidents, internal or external to the organization, including emergencies, and their causes? Potential emergency situations? People? Other issues?
Does your organization take into account when identifying hazards actual or proposed changes in organization, operations, processes, activities and the OH&S management system (see 8.1.3)?
Does your organization take into account when identifying hazards, changes in knowledge of, and information about, hazards?

6.1.2.2 Assessment of OH&S risks and other risks to the IMS

Does your organization establish, implement and maintain a processes to assess OH&S risks from the identified hazards, while taking into account the effectiveness of existing controls?
Does your organization establish, implement and maintain a processes to determine and assess the other risks related to the establishment, implementation, operation and maintenance of the OH&S MS?
Does your organization use methods and criteria for the assessment of OH&S risks, with respect to their scope, nature and timing to ensure they are proactive rather than reactive and are used in a systematic way?
Does your organization maintain and retain documented information on the methods and criteria used?

6.1.3 Determination of legal requirements and other requirements

Does your organization establish, implement and maintain a process to determine and have access to up-to-date legal requirements and other requirements that are applicable to its hazards, OH&S risks and OH&S MS and how these legal requirements and other requirements apply to the organization and what needs to be communicated?
Does your organization establish, implement and maintain a process to take these legal requirements and other requirements into account when establishing, implementing, maintaining and continually improving its OH&S MS?
Does your organization maintain and retain documented information on its legal requirements and other requirements and ensure that it is updated to reflect any changes?
Does your organization plan action to address these risks and opportunities (see 6.1.2.2 and 6.1.2.3) and legal requirements and other requirements (see 6.1.3) and prepare for and respond to emergency situations?

6.1.4 Planning action

Does your organization plan action to address these risks and opportunities (see 6.1.2.2 and 6.1.2.3) and legal requirements and other requirements (see 6.1.3) and prepare for and respond to emergency situations?
Does your organization plan action on how to integrate and implement the actions into its OH&S management system processes or other business processes and evaluate the effectiveness of these actions?
Does the organization take into account the hierarchy of controls (see 8.1.2) and outputs from the OH&S MS when planning to take action?
Does the organization when planning actions consider best practices, technological options and financial, operational and business requirements?

6.2.1 OH&S Objectives and planning to achieve them

Has your organization established quality objectives at relevant functions, levels and processes needed for the continual improvement of the IMS and performance?
Are the quality objectives consistent with the quality policy while also being measurable, take into account applicable requirements, relevant to conformity of products and services and used to enhance customer satisfaction?
Are the OH&S and quality objectives monitored, communicated, updated and kept as documented information? (See 7.5.1a)
Are the OH&S objectives consistent with the OH&S policy and measurable or capable of performance evaluation?
Do the OH&S objectives take into account applicable requirements, the results of the assessment of risks and opportunities? (See 6.1.2.2 and 6.1.2.3) and the results of consultation with workers (see 5.4) and where they exist, workers’ representatives?

6.2.2 Quality objectives and planning to achieve them

When planning how to achieve its objectives, does your organization determine what will be done, resources required, who is responsible, when it will be completed and how the results will be evaluated, including indicators for monitoring as well as how actions to achieve objectives will be integrated into the organization’s business processes?
Does your organization maintain documented information on the OH&S objectives?

6.3 Planning of changes

When your organization determines the need for changes to the IMS, are the changes carried out in a planned manner? (see 4.4).
Does your organization consider the purpose of the changes and their potential consequences, integrity of the IMS, availability of resources and the allocation or reallocation of responsibilities and authorities?

7.0 Support

7.1.1 Resources general

Does your organization determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the IMS?
Does your organization consider the capabilities of, and constraints on, existing internal resources and what needs to be obtained from external providers?

7.1.2 Resources people

Does your organization determine and provide the staff necessary for the effective implementation of its IMS and for the operation and control of its processes?

7.1.3 Resources infrastructure

Does your organization determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services.

7.1.4 Environment for the operation of processes

Does organization determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services?

7.1.5.1 Monitoring and measuring resources general

Does your organization determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements.
Does your organization ensure that the resources provided are suitable for the specific type of monitoring and measurement activities being undertaken and maintained to ensure their continuing fitness for their purpose?
Does your organization retain appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources?

7.1.5.2 Measurement traceability

When measurement traceability is a requirement, or is considered by your organization to be an essential part of providing confidence in the validity of measurement results, is measuring equipment calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; when no such standards exist, is the basis used for calibration or verification retained as documented information?
When measurement traceability is a requirement, or is considered by your organization to be an essential part of providing confidence in the validity of measurement results is measuring equipment identified in order to determine their status?
When measurement traceability is a requirement, or is considered by your organization to be an essential part of providing confidence in the validity of measurement results safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results?
Does your organization determine if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose and previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, does your organization take appropriate action as necessary?

7.1.6 Organizational knowledge

Does your organization determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services and this knowledge is maintained and made available to the extent necessary?
When addressing changing needs and trends, does your organization consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates?

7.2 Competence

Does your organization determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the IMS?
Does your organization ensure that these persons are competent on the basis of appropriate education, training, or experience?
Does your organization where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken whilst retaining appropriate documented information as evidence of competence? (See 7.5.1b)

7.3 Awareness

Does your organization ensure that persons doing work under your organization’s control are aware of the quality and H&S policy and objectives?
Does your organization ensure that persons doing work under your organization’s control are aware of their contribution to the effectiveness of the IMS, including the benefits of improved performance and also the implications of not conforming to the IMS requirements?
Does your organization ensure that persons doing work under your organization’s control are aware of incidents, hazards, OH&S risks and actions determined and the outcomes of the investigations that are relevant to them?
Does your organization ensure that persons doing work under your organization’s control are aware of the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health as well as the arrangements for protecting them from undue consequences for doing so?

7.4 Communication

Does your organization determine the internal and external communications relevant to the IMS, including what, when, with whom, how and who it will communicate?

7.4.1 Communication General

Does your organization taken into account the internal and external communications relevant to the OH&S of diversity aspects (gender, language, culture, literacy, disability) when considering its communication needs?
Does your organization ensure that the views of external interested parties are considered in establishing its communication processes?
Does your organization when establishing its communication processes take into account its legal requirements and other requirements and ensure that OH&S information to be communicated is consistent with information generated within the OH&S MS is reliable?
How does your organization respond to relevant communications on its OH&S MS?
Does your organization retain documented information as evidence of its communications as appropriate?

7.4.2 Internal communication

Does your organization internally communicate information relevant to OH&S MS among various levels and functions including changes to OH&S MS?
Does your organization ensure its communication processes enables workers to contribute to continual improvement?

7.4.3 External communication

Does your organization externally communicate information relevant to the OH&S MS as established by the organizations’ communication process and taking into account its legal requirements and other requirements?

7.5.1 Documented information general

Does your organization’s IMS include documented information required by this International Standard determined by your organization as being necessary for the effectiveness of the IMS?

7.5.2 Creating and updating

When creating and updating documented information, does your organization ensure appropriate identification and description (e.g. a title, date, author, or reference number), format (e.g. language, software version, graphics) and media (e.g. paper, electronic) and appropriate review and approval for suitability and adequacy?

7.5.3.1 Control of documented information

Is documented information (required by the IMS, ISO 9001 and ISO 45001) controlled to ensure it is available and suitable for use, where and when it is needed and adequately protected from loss of confidentiality, improper use, or loss of integrity?

7.5.3.2 Control of documented information

For the control of documented information, does your organization address the distribution, access, retrieval and use while addressing the storage and preservation, including preservation of legibility?
For the control of documented information, does your organization address control of changes (e.g. version control), retention and disposition?
Is documented information of external origin determined by your organization to be necessary for the planning and operation of the IMS identified as appropriate, and be controlled?
Is documented information retained as evidence of conformity protected from unintended alterations? (e.g. documented control register).

8.0 Operations

8.1 Operational planning and control

Does your organization plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6 by determining the requirements for the products and services, establishing criteria for processes and control, acceptance of products and services and achieving the conformity to products and services?
Does your organization plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6 by determining, maintaining and retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and demonstrate the conformity of products and services to their requirements?
Are the outputs of the planning process suitable for your organization’s operations and have controlled planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary?
Does your organization ensure that outsourced processes are controlled (see 8.4)?

8.1.2 Eliminating hazards and reducing OH&S risks

Does your organization establish, implement and maintain a process for the elimination of hazards and reduction of OH&S risks using the hierarchy of controls to eliminate the hazard?
Does your organization establish, implement and maintain a process for the elimination of hazards and reduction of OH&S risks using the hierarchy of controls to substitute with less hazardous processes, operations, materials or equipment?
Does your organization establish, implement and maintain a process for the elimination of hazards and reduction of OH&S risks using the hierarchy of controls to use engineering controls and reorganization of work?
Does your organization establish, implement and maintain a process for the elimination of hazards and reduction of OH&S risks using the hierarchy of controls to use administrative controls, including training?
Does your organization establish, implement and maintain a process for the elimination of hazards and reduction of OH&S risks using the hierarchy of controls to use adequate personal protective equipment?

8.1.3 Management of change

Does your organization establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance to include new products, services and processes, or changes to existing products, services and processes?
Does your organization establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance to include changes to legal requirements and other requirements?
Does your organization establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance to include changes in knowledge or information about hazards and OH&S risks?
Does your organization establish a process(es) for the implementation and control of planned temporary and permanent changes that impact OH&S performance to include developments in knowledge and technology?

8.1.4.1 Procurement

Does your organization establish, implement and maintain a process(es) to control the procurement of products and services in order to ensure their conformity to its OH&S MS?

8.1.4.2 Contractors

Does your organization ensure it coordinates its procurement process(es) with its contractors, in order to identify hazards and to assess and control the OH&S risks arising from the contractors’ activities and operations that impact the organization?
Does your organization ensure it coordinates its procurement process(es) with its contractors, in order to identify hazards and to assess and control the OH&S risks arising from the organization’s activities and operations that impact the contractors’ workers?
Does your organization ensure it coordinates its procurement process(es) with its contractors, in order to identify hazards and to assess and control the OH&S risks arising from the contractors’ activities and operations that impact other interested parties in the workplace?
Does your organization ensure that the requirements of its OH&S MS are met by contractors and their workers?
Does your organization ensure its procurement process(es) defines and apply occupational health and safety criteria for the selection of contractors?

8.1.4.3 Outsourcing

Does your organization ensure that outsourced functions and processes are controlled?
Does your organization ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended outcomes of the OH&S MS?
Does your organization ensure the type and degree of control to be applied to these functions and processes is be defined within the OH&S MS?

8.2 Emergency preparedness and response

Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include establishing a planned response to emergency situations, including the provision of first aid?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include providing training for the planned response?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include periodically testing and exercising the planned response capability?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include evaluating performance and, as necessary, revising the planned response, including after testing and, in particular, after the occurrence of emergency situations?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include communicating and providing relevant information to all workers on their duties and responsibilities?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include communicating relevant information to contractors, visitors, emergency response services, government authorities and, as appropriate, the local community?
Does your organization establish, implement and maintain a process(es) needed to prepare for and respond to potential emergency situations, as identified in 6.1.2.1 to include taking into account the needs and capabilities of all relevant interested parties and ensuring their involvement, as appropriate, in the development of the planned response?
Does your organization maintain and retain documented information on the process(es) and on the plans for responding to potential emergency situations?

8.2.1 Requirements for products and services - Customer Communication

Does communication with customers include providing information relating to products and services, handling enquiries, contracts or orders, including changes, obtaining customer feedback relating to products and services, including customer complaints, handling or controlling customer property and establishing specific requirements for contingency actions, when relevant?

8.2.2 Requirements for products and services - Determining the requirements for products and services

When determining the requirements for the products and services to be offered to customers, does your organization ensure that the requirements for the products and services are defined, including any applicable statutory and regulatory requirements, considered necessary by your organization and your organization can meet the claims for the products and services it offers?

8.2.3.1 Review of the requirements for products and services

Does your organization ensure that it has the ability to meet the requirements for products and services to be offered to customers?
Does your organization conduct a review before committing to supply products and services to a customer, including requirements specified by the customer, including the requirements for delivery, post-delivery activities and those not stated by customer but are necessary?
Does your organization conduct a review before committing to supply products and services to a customer, including requirements specified by your organization, statutory and regulatory requirements, contract or order requirements differing from those previously expressed?
Are customer’s requirements confirmed by your organization before acceptance, when the customer does not provide a documented statement of their requirements?

8.2.3.2 Review of the requirements for products and services

Does your organization retain documented information, as applicable on the results of the review and any new requirements for the products and services? (See 7.5.1b)

8.2.4 Changes to requirements for products and services

Does your organization ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed? (See 7.5.2)

8.3.1 Design and development of products and services general

Does your organization establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services?

8.4.1 Control of externally provided processes, products and services general

Does your organization ensure that externally provided processes, products and services conform to requirements?
Does your organization determine the controls to be applied to externally provided processes, products and services when products and services from external providers are intended for incorporation into your organization’s own products and services and provided directly to the customer(s) by external providers on behalf of your organization?
Does your organization determine the controls to be applied to externally provided processes, products and services when a process, or part of a process, is provided by an external provider as a result of a decision by your organization?
Does your organization determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements?
Does your organization retain documented information of these activities and any necessary actions arising from the evaluations? (See 7.5.1b)

8.4.2 Type and extent of control

Does your organization ensure that externally provided processes, products and services do not adversely affect your organization’s ability to consistently deliver conforming products and services to its customers?
Does your organization ensure that externally provided processes remain within the control of its IMS and define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output?
Does your organization take into consideration the potential impact of the externally provided processes, products and services on your organization’s ability to consistently meet customer and applicable statutory and regulatory requirements and effectiveness of the controls applied by the external provider?
Does your organization determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements?

8.4.3 Information for external providers

Does your organization ensure the adequacy of requirements prior to their communication to the external provider?
Does your organization communicate to external providers its requirements for the processes, products and services to be provided, approval of products and services, approval of methods, processes and equipment and including any required competence and qualification of persons?
Does your organization communicate to external providers its requirements for the external providers’ interactions with your organization?
Does your organization communicate to external providers its requirements for the control and monitoring of the external providers’ performance to be applied by your organization?
Does your organization communicate to external providers its requirements for the verification or validation activities that your organization, or its customer, intends to perform at the external providers’ premises?

8.5.1 Control of production and service provision

Does your organization implement production and service provision under controlled conditions that include the availability of documented information that defines the characteristics of the products to be produced, the services to be provided, or the activities to be performed?
Has your organization implemented controlled conditions that include the availability of documented information that defines the results to be achieved?
Has your organization implemented controlled conditions that include the availability and use of suitable monitoring and measuring resources to include the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met?
Has your organization implemented controlled conditions that include the use of suitable infrastructure and environment for the operation of processes and appointment of competent persons, including any required qualification?
Has your organization implemented controlled conditions that include validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement?
Has your organization implemented controlled conditions that include the implementation of actions to prevent human error and implementation of release, delivery and post-delivery activities?

8.5.2 Identification and traceability

Does your organization use suitable means to identify outputs when it is necessary to ensure the conformity of products and services?
Does your organization identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision?
Does your organization control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability? (See 7.5.1b)

8.5.3 Property belonging to customers or external providers

Does your organization exercise care with property belonging to customers or external providers while it is under your organization’s control or being used by your organization?
Does your organization identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services?
When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, does your organization report this to the customer or external provider and retain documented information on what has occurred? (See 7.5.1b)

8.5.4 Preservation

Does your organization preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements?

8.5.5 Post-delivery activities

Does your organization meet requirements for post-delivery activities associated with the products and services?
In determining the extent of post-delivery activities that are required, does your organization consider statutory and regulatory requirements, potential undesired consequences associated with its products and services, nature, use and intended lifetime of its products and services, customer requirements and feedback obtained?

8.5.6 Control of changes

Does your organization review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements?
Does your organization retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review? (See 7.5.1b)

8.6 Release of products and services

Does your organization implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met?
Does your organization ensure that the release of products and services to the customer does not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer?
Does your organization retain documented information on the release of products and services including evidence of conformity with the acceptance criteria and traceability to the person(s) authorizing the release? (See 7.5.1b).

8.7.1 Control of nonconforming outputs

Does your organization ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery?
Does your organization take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services taking into consideration after delivery of products, during or after the provision of services?
Does your organization take appropriate action based on the nature of nonconforming products and services detected and also when nonconforming outputs by correction; segregation, containment, return or suspension of provision of products and services; informing the customer; obtaining authorization for acceptance under concession?

8.7.2 Control of nonconforming outputs documented information

Does your organization retain documented information that describes the nonconformity, actions taken, concessions obtained and the authority deciding the action in respect of the nonconformity? (See 7.5.1b)

9.0 Performance Evaulation

9.1.1 Monitoring, measurement, analysis and evaluation

Does your organization determine what needs to be monitored and measured and the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results?
Does your organization determine when the monitoring and measuring shall be performed, when results from monitoring and measurement shall be analysed and evaluated?
Does your organization determine the criteria against how it will evaluate its OH&S performance?
Does your organization ensure that monitoring and measuring equipment is calibrated or verified as applicable, and is used and maintained as appropriate?
Does your organization evaluate the performance and the effectiveness of the IMS and retain appropriate documented information as evidence of the results? (See 7.5.1b)?

9.1.2 Evaluation of compliance (ISO 45001)

Does your organization establish, implement and maintain a process(es) for evaluating compliance with legal requirements and other requirements (see 6.1.3)?
Does your organization determine the frequency and methods for the evaluation of compliance?
Does your organization evaluate compliance and take action if needed (see 10.2)?
Does your organization maintain knowledge and understanding of its compliance status with legal requirements and other requirements and is documented information retained of the compliance evaluation results?

9.1.2 Customer satisfaction (ISO 9001)

Does your organization monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled?
Does your organization determine the methods for obtaining, monitoring and reviewing this information?

9.1.3 Analysis and evaluation

Does your organization analyse and evaluate appropriate data and information arising from monitoring and measurement.
Does your organization ensure that the results of analysis are used to evaluate conformity of products and services and degree of customer satisfaction and evaluate the performance and effectiveness of the IMS?
Does your organization ensure that the results of analysis are used to evaluate if planning has been implemented effectively, the effectiveness of actions taken to address risks and opportunities, performance of external providers and need for improvement to the IMS?

9.2.1 Internal audit

Does your organization conduct internal audits at planned intervals to provide information on whether the IMS conforms to your organization’s own requirements for its IMS, the requirements of ISO 9001:2015 and ISO 45001:2018 and whether the IMS is effectively implemented and maintained?

9.2.2 Internal audit programme

Does your organization plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting your organization, and the results of previous audits?
Does your organization define the audit criteria and scope for each audit?
Does your organization select auditors and conduct audits to ensure objectivity and the impartiality of the audit process and the results are reported to relevant management for appropriate correction and corrective actions without undue delay?
Does your organization retain documented information as evidence of the implementation of the audit programme and the audit results? (See 7.5.1b)

9.3.1 Management review general

Does Top management review your organization’s IMS, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of your organization?

9.3.2 Management review input

Does the management review planned and carried out taking into consideration the status of actions from previous management reviews and external and internal issues that are relevant to the IMS?
Does the management review planned and carried out taking into consideration information on the performance and effectiveness of the IMS, including trends in customer satisfaction and feedback from relevant interested parties, extent to which quality objectives have been met and process performance and conformity of products and services?
Does the management review planned and carried out taking into consideration information on the performance and effectiveness of the IMS, including trends in nonconformities and corrective actions, monitoring and measurement results, audit results and performance of external providers?
Does the management review planned and carried out taking into consideration the adequacy of resources, effectiveness of actions taken to address risks and opportunities (see 6.1) for improvements?

9.3.3 Management review outputs

Do the outputs of the management review include decisions and actions related to opportunities for improvement, decisions and actions related to any changed to the IMS and resources needs?
Does your organization retain documented information as evidence of the results of management reviews? (See 7.5.1b)

10.0 Improvement

10.1 Improvement general

Does your organization determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction and any necessary actions to improving products and services to meet requirements as well as to address future needs and expectations which will help in correcting, preventing or reducing undesired effects?
Does your organization determine and select opportunities for improvement and implement any necessary actions to improving the performance and effectiveness of the IMS?

10.2.1 Nonconformity and corrective action

When nonconformities occur, including any arising from complaints, does your organization react to the nonconformity take action to control and correct it and deal with the consequences?
When nonconformities occur, including any arising from complaints, does your organization evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere by assessing OH&S risks that relate to new or changed hazards, prior to taking action and by reviewing and analysing, determining the cause and identifying trends occurring the nonconformity?
When nonconformities occur, including any arising from complaints, does your organization implement any action needed, conduct review, update risks and opportunities as necessary?
When nonconformities occur, including any arising from complaints, does your organization make changes to the IMS, if necessary?
Does your organization ensure that corrective actions are appropriate to the effects of the nonconformities encountered?

10.2.2 Nonconformity and corrective action documented information

Does your organization retain documented information as evidence of the nature of the nonconformities and any subsequent actions taken and keep a retain documented information as evidence or results of any corrective actions? (See 7.5.1b)

10.3 Continual Improvement

Does your organization continually improve the suitability, adequacy and effectiveness of the IMS by enhancing OH&S performance, promoting a culture that supports an OH&S MS, promoting the participation of workers in implementing actions for the continual improvement of the OH&S MS, communicating the relevant results of continual improvement to workers and where they exist, workers’ representatives and maintaining and retaining documented information as evidence of continual improvement?
- Compliant
- OFI
- Minor NC
- Major NC
Does your organization consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement?

Full ISO 9001:2015 & ISO 45001:2018 Audit Checklist

Free Full ISO 9001:2015 & ISO 45001:2018 Audit Checklist Checklist

Go digital today!

Convert your paper checklists into digital forms

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of interested parties

4.3 Determining the scope of the quality and OH&S management system

4.4 Quality and Health & Safety management system and its processes

5.1.1 Leadership and commitment general

5.2 Quality & H&S Policy

5.2.2 Communicating the quality and OH&S policy

5.3 Organizational roles, responsibilities and authorities

5.4 Consultation and participation of workers

6.1.1 Actions to address risks and opportunities

6.1.2 How the organisation plan to address risks and opportunities

6.1.2.1 Hazard identification

6.1.2.2 Assessment of OH&S risks and other risks to the IMS

6.1.3 Determination of legal requirements and other requirements

6.1.4 Planning action

6.2.1 OH&S Objectives and planning to achieve them

6.2.2 Quality objectives and planning to achieve them

6.3 Planning of changes

7.1.1 Resources general

7.1.2 Resources people

7.1.3 Resources infrastructure

7.1.4 Environment for the operation of processes

7.1.5.1 Monitoring and measuring resources general

7.1.5.2 Measurement traceability

7.1.6 Organizational knowledge

7.2 Competence

7.3 Awareness

7.4 Communication

7.4.1 Communication General

7.4.2 Internal communication

7.4.3 External communication

7.5.1 Documented information general

7.5.2 Creating and updating

7.5.3.1 Control of documented information

7.5.3.2 Control of documented information

8.1 Operational planning and control

8.1.2 Eliminating hazards and reducing OH&S risks

8.1.3 Management of change

8.1.4.1 Procurement

8.1.4.2 Contractors

8.1.4.3 Outsourcing

8.2 Emergency preparedness and response

8.2.1 Requirements for products and services - Customer Communication

8.2.2 Requirements for products and services - Determining the requirements for products and services

8.2.3.1 Review of the requirements for products and services

8.2.3.2 Review of the requirements for products and services

8.2.4 Changes to requirements for products and services

8.3.1 Design and development of products and services general

8.4.1 Control of externally provided processes, products and services general

8.4.2 Type and extent of control

8.4.3 Information for external providers

8.5.1 Control of production and service provision

8.5.2 Identification and traceability

8.5.3 Property belonging to customers or external providers

8.5.4 Preservation

8.5.5 Post-delivery activities

8.5.6 Control of changes

8.6 Release of products and services

8.7.1 Control of nonconforming outputs

8.7.2 Control of nonconforming outputs documented information

9.1.1 Monitoring, measurement, analysis and evaluation

9.1.2 Evaluation of compliance (ISO 45001)

9.1.2 Customer satisfaction (ISO 9001)

9.1.3 Analysis and evaluation

9.2.1 Internal audit

9.2.2 Internal audit programme

9.3.1 Management review general

9.3.2 Management review input

9.3.3 Management review outputs

10.1 Improvement general

10.2.1 Nonconformity and corrective action

10.2.2 Nonconformity and corrective action documented information

10.3 Continual Improvement

Related checklists