ISO 9001:2015 Audit Checklist

  • Audit Title

  • Location
  • Client / Site

  • Conducted on

  • Prepared by

4 Context of the organization

4.1 Understanding the organization and its context

  • Verify how the internal and external issues that affect the ability to achieve the intended result of the IMS have been identified? <br>

  • Verify how the organization monitors and reviews information about these internal and external issues.

4.2 Understanding the needs and expectations of interested parties

  • Verify how the organization monitors and reviews information about interested parties and their relevant requirements.

4.3 Determining the scope of the quality management system

  • Verify IMS scope is documented.

4.4 Quality management system and its processes

  • How are processes for the business determined?

  • Verify how risks & opportunities for the IMS and its processes are determined.

  • How are the inputs, outputs and the required resources for each process identified? How do they interact with each other?

5 Leadership

5.1 Leadership and commitment

  • How do Top management demonstrate leadership, commitment and accountability with respect to the IMS?

  • Ensuring the QMS policy and objectives are established.

  • Promoting the use of the process approach and risk-based thinking.

  • Ensuring adequate resources are available.

  • customer and applicable statutory and regulatory requirements are determined, understood and consistently met.

  • Ensuring the organisation establishes and implements a process for consultation and participation of workers

  • Supporting the establishment and functioning of health and safety committee

  • The focus on enhancing customer satisfaction is maintained

5.2 Policy

  • Verify the IMS Policies are established, communicated, understood, applied and available to relevant interested parties both internally and externally.

5.3 Organizational roles, responsibilities and authorities

  • Verify responsibilities and authorities for relevant roles are assigned and communicated within the organization.

5.4 Consultation and Participation of Workers

  • Has the organisation established a process for Consultation and Participation?

  • Timely access to clear, understandable and relevant information about the OHS system

  • Ensuring there are no barriers for participation (ALARP)

  • Emphasize the consultation and participation of non-managerial workers in OHS related matters

6 Planning

6.1 Actions to address risks and opportunities

  • Verify how the internal and external issues and interested parties needs and expectations are considered when planning for the IMS?

  • Is there an ongoing and proactive hazard identification process?

  • How are identified hazards assessed?

  • Have legal and other applicable requirements been determined?

  • Verify how risks and opportunities are planned, actioned and reviewed

  • Verify how the organization evaluates the effectiveness of the actions. Is corrective actions revisited and effectiveness checked?

6.2 Quality objectives and planning to achieve them

  • Verify the quality objectives. <br>1. Are they consistent with the IMS Policies?<br>2. Are they S.M.A.R.T objectives

6.3 Planning of changes

  • Verify how IMS changes are planned systematically. Is there meetings held? Is this done in interval time frames? Who is responsible for doing this? Are risks identified first for any changes carried out?

7 Support

7.1 Resources

  • Are all measuring equipment, tooling and machinery maintained and logged with service records and proof of calibrations?

  • Verify how the organization determines, provides and maintains the infrastructure for the operation of processes to achieve products and services conformity.

  • How do you ensure all organizational knowledge is up to date, maintained and communicated in order to achieve conformity of products and services.

7.2 Competence

  • How do you determine the necessary competence of people doing work under your control that affects quality & safety performance.

7.3 Awareness

  • Verify people doing work under the organization's control are aware of the below. C

  • the IMS policies.

  • the relevant quality objectives.

  • their contribution to the effectiveness of the IMS, including the benefits of improved performance.

  • Incident and outcomes of investigations, hazards and determination of risks relevant to them

  • the implications of not conforming with the IMS requirements.

  • being able to remove themselves from a high risk or volatile work situation

7.4 Communication

  • Verify internal and external communication process (what, when, with whom and how to communicate).

7.5 Documented information

  • How is documented information created, reviewed and approved for suitability and adequacy? How is the information controlled and maintained and distributed?

  • How is the documentation / intellectual property safeguarded internally?

8 Operation

8.1 Operational planning and control

  • Verify how the organization has planned, implemented and controlled processes needed to meet the requirements of products and services.

8.1.2 Eliminating Hazards and Reducing OH&S Risks

  • Has the organisation established, implemented and maintained a process for elimination of hazards and the reduction of OH&S risks?

8.1.3 Management of Change

  • Has the organisation established a process for the implementation and control of planned changes that impact OH&S performance?

8.2 Emergency Preparedness and Response

  • Has the organisation established, implemented and maintained a preparedness plan when responding to potential emergency situations?

  • Is there adequate training provided? ie. First Aid, Fire Warden etc

  • Does testing and evaluation of the emergency response capabilities occur?

  • Is all relevant information communicated to all interested parties throughout the development, testing and evaluation of the emergency response plan?

8.2 Determination of requirements for products and services (9001)

  • Verify processes for communicating with customers on information relating to products, services and enquiries

  • Verify how processes and acceptance for products and services are determined and reviewed?

  • Verify how planned changes are controlled. Verify how unintended changes are reviewed and what actions are taken to mitigate any adverse effects, as necessary.

8.3 Design and development of products and services

  • Verify how the design and development process is established, implemented and maintained. This relates to OEM only.

8.3.2 Design and development planning

  • In determining the stages and control for design and development, verify the organization considers..

  • the nature, duration and complexity of the activities. Is there a time frame for specific orders? Are process stages including applicable reviews specified? Check Procedure Design & Development PR33.01, FM-0906.14 Drawing new request, FM-0906.13 Drawing Change Request, Master Index Fm-0904.10,

  • required verification and validation. Check procedure PR33.01 for validation procedure. Check process from order receipt till validation.

  • responsibilities and authorities. Who is responsible for making changes, validating, final sign off? Is there double signatures on production sheet?

  • How does communication take place between all parties concerned including the customer to ensure the order is delivered without any issues.

8.3.3 Design and development inputs

  • In determining requirements essential for the type of products and services being designed and developed, the organization shall consider..

  • functional and performance requirements. Check any particular specific requirements by customers.

  • information derived from previous similar design and development activities.

  • statutory and regulatory requirements including standards and codes of practice.

  • potential consequences of failure due to the nature of the products and services. Is the product design acceptable for intended use.

  • Verify documented information on design and development inputs are retained.

8.3.4 Design and development controls

  • Verify the organization applies controls to the design and development process to ensure that..

  • the results to be achieved are defined.

  • reviews are conducted to evaluate the ability of the results of design and development to meet requirements.

  • verification activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use.

  • validation activities are conducted to ensure that the resulting products and services meet the requirements of the specified application or intended use.

  • any necessary actions are taken on problems determined during the reviews, or verification and validation activities.

8.3.5 Design and development outputs

  • Verify the organization ensures the design and development outputs..

  • meet the input requirements.

  • are adequate for the subsequent processes for the provision of products and services.

  • include or reference monitoring and measuring requirements, as appropriate , and acceptance criteria.

  • specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision.

  • Verify documented information on design and development outputs are retained. Check procedure, validation documents, any inputs suggested and signed off.

8.3.6 Design and development changes

  • Verify documented information on design and development changes, the result of reviews, the authorization of changes and the actions taken to prevent adverse impacts are retained.

8.4 Control of externally provided processes, products and services

  • Verify how the organization ensures externally provided processes, products and services conform to specified quality and OH&S requirements.

  • Verify how the organization determines and applies criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers.

  • Verify documented information of activities and actions arising from the evaluations.

  • Verify how the organization considers the potential impact of the external provided processes, products and services on its ability to meet customer and applicable statutory and regulatory requirements.

  • Verify the organization communicates to external providers its requirements for..

  • the processes, products and services to be provided.

  • the approval of product and services; methods, processes and equipment; and the release of products and services.

  • verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises.

8.5 Production and service provision

8.5.1 Control of production and service provision

  • Verify the organization has documented information that defines the characteristics of the products to be produced, the services to be provided or the activities to be performed and the results to be achieved. Refer to Hose assembly process.

  • Verify the availability and use of suitable monitoring and measuring resources.

  • Verify the implementation of monitoring and measuring activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met. Check Product identification and traceability - batch/serial number and is this suffiicent for customer requirement. Is end user able to trace this back for any defect recalls?

  • Verify the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement.

  • Verify the implementation of actions to prevent human error (i.e. poke yoke, visual locations, checklist, emergency stops, templates, document control, ...) Ensure correct procedure and forms are in use.

  • Verify the implementation of release, delivery and post-delivery activities. How do you ensure the goods are prepared, packed properly and ready for release to customer. Check picking process. RF gun scanner, Bin locations, Is customer satisfaction sourced after delivery is made or only reactive actions take place when there is a complaint.

8.5.2 Identification and traceability

  • Verify how the organization controls the unique identification of process outputs when traceability is required. Verify documented information of traceability, where required. Check batch number process, Hose marking/stamping. Tagging for specific customers.

8.5.3 Property belonging to customers or external providers

  • What care is provided to customers' or external providers' property? How do you ensure the product returned from the customer is taken care of. Does this get tagged, isolated safely. Check quarantine area. Customer goods holding area. Check how is the property avoided from getting misplaced or lost. This could relate to IT dept as well. Computers could be lent for use so where do you hold theses.

  • Verify how the organization identifies, verifies, protects and safeguards customers' or external providers' property which is provided for use or incorporation into the organization's products or services. This is as per above questions.

8.5.4 Preservation

  • Verify how the organization ensures preservation of the process outputs to ensure conformity to requirements. Check storage, temperature for environment. shelf life of hoses.

8.5.5 Post-delivery activities

  • Verify the organization considers post-delivery activities.

8.5.6 Control of changes

  • Verify how the organization reviews and controls changes for production or service provision. For example: if product fittings changes from supplier then who approves this, give permission to be sold and who notifies the customer. Is there any bulletin that is sent out or how is the done.

  • Verify retained documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review. This follows from question above. Check for proof.

8.6 Release of products and services

  • Verify retained documented information that shows evidence of conformity with acceptance criteria and traceability to person(s) authorizing the release.

8.7 Control of nonconforming outputs

  • Verify outputs that do not conform to requirements are identified , actioned and controls put in place.

  • Obtaining authorization for acceptance under concession

  • Verify retained documented information that describes the nonconformity, describes actions taken, describes any concessions obtained and identifies the authority deciding the action in respect of the nonconformity.

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

  • Verify the organization evaluates the performance and effectiveness of its IMS.

  • Verify the organization monitors customers' perceptions of the degree to which their needs and expectations have been fulfilled.

  • IMS objectives are monitored and measured

  • Legal and other requirements are fulfilled, measured and evaluated

9.1.1 Evaluation of Compliance

  • Has the organisation established a process for evaluating compliance and also adhering to legal requirements

9.2 Internal audit

  • Verify audits are conducted at planned intervals. Is there a schedule available to carry out audits

  • Review retained documented information. Audit schedule, internal/external audit report, corrective actions

9.3 Management review

  • Verify management reviews are carried out once annually. All relevant IMS inputs and outputs are covered.

  • Verify retained documented information

10 Improvement

10.1 General

  • Verify the organization determines opportunities for improvement to improve products and services, corrects, prevents or reduces undesired effects and improves the performance and effectiveness of the IMS.

10.2 Incident, Nonconformity and corrective action

  • Verify how the organization evaluates and takes action for nonconformities, incidents and complaints taking into account the consequences. How is the effectiveness evaluated?

  • Verify how organization implements necessary actions. If an issue is found and trends identified then is the process changed, procedure/Risk Register updated if there are deficiencies found. How is this communicated to interested parties?

  • Verify retained documented information that provides evidence of the nature of the nonconformity/incident and any subsequent actions taken and the results of any corrective / preventative actions.

10.3 Continual improvement

  • Verify how the organization continually improves. Does it consider the results of analysis and evaluation and the outputs.

Sign Off

Sign Off

  • I, the undersigned, have completed this audit in an accurate manner. I have attached evidence as required and declare this assessment complete.

  • Full name and signature of auditor

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.