ISO 9001:2015 Audit Checklist

Information

Audit Number
Conducted on
Completed by

4 Context of the organisation

Introduction

Please complete all sections starting immediately below. This internal self-assessment will evaluate the compliance of your Quality Management System with ISO 9001:2015. Remember to attach evidence to items where required, and to sign off and complete this assessment in the final section.

4.1 Understanding the organisation and its context

Has the organisation determined external and internal issues relevant to its purpose and strategic direction?
How do these issues affect the ability to achieve the intended result of the QMS?
Does the organisation monitor and review information about these internal and external issues?

4.2 Understanding the needs and expectations of interested parties

Does the organisation determine relevant interested parties to QMS?
Does the organisation determine the relevant needs and expectations of interested parties?
Does the organisation determine the impact or potential impact of the interested parties?
Does the organisation monitor and review information about interested parties and their relevant requirements?

4.3 Determining the scope of the quality management system

Does the QMS scope consider the following:
External and internal issues.
The requirements of relevant interested parties.
The products and services of the organisation.
Does the organisation determine how the ISO 9001:2015 standard is applied within the organisation?
If the organisation has determined any of the requirements of the ISO 9001:2015 standard not to be applicable, show me how conformity of products and services are not affected by this.
Is the QMS scope documented?
Verify scope states what products and services are covered by the QMS and how it justifies instances where requirements cannot be applied.

4.4 Quality management system and its processes

How have the organisation's processes have been determined and how do they interact?
How were the processes for the QMS determined? Verify the inputs and outputs to the processes.
Does the organisation have a sequence and interaction of of the processes?
Does the organisation have criteria, methods, measurement and related performance indicators needed to operate and control the processes?
Does the organisation have resources that are determined and allocated?
Does the organisation ensure responsibilities and authorities are determined?
Does the organisation ensure risks and opportunities are considered and what actions are taken to address them?
Does the organisation use methods to monitor, measure and evaluate processes? What changes, if needed, are implemented to achieve intended results?
Does the organisation ensure opportunities for improvement for the QMS and its processes are determined?
Does the organisation review documented information created to support the operation of its processes?

5 Leadership

5.1 Leadership and commitment

Top management is identified.
Does top management demonstrates leadership and commitment by meeting the required criteria:
Taking accountability for QMS effectiveness
Ensuring the QMS policy and objectives are established and are compatible with strategic direction and context of organisation
Ensuring the QMS is integrated into organisation's business processes
Promoting the use of the process approach and risk-based thinking
Ensuring resources are available
Communicating the importance of effective QMS and of conforming to its requirements
Ensuring intended outcomes
Engaging, directing and supporting persons to contribute to the effectiveness of the QMS
Promoting continuous improvement
Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of respsonsibility
Does top management demonstrate leadership and commitment with respect to customer focus by meeting the required criteria:
customer and applicable statutory and regulatory requirements are determined, understood and consistently met.
the risks and opportunities that affect product and service conformity and the ability to enhance customer satisfaction are determined and addressed.
the focus of enhancing customer satisfaction is maintained.

5.2 Policy

Does top management establish, implement and maintain a quality policy that meets the required criteria:
is appropriate to the purpose and context of the organization and supports its strategic direction.
provides a framework for setting quality objectives.
includes a commitment to satisfy applicable requirements.
includes a commitment to continual improvement of the QMS.
Is the QMS Policy is maintained as documented information?
Is the QMS Policy is communicated, understood and applied within the organisation?
Is the QMS Policy is available to relevant interested parties?

5.3 Organisational roles, responsibilities and authorities

Verify responsibilities and authorities for relevant roles are assigned and communicated within the organization
Does top management assign responsibility and authority for the following:
ensuring the QMS conforms to the ISO 9001:2015 standard.
ensuring that processes are delivering their intended outputs.
reporting on the performance of the QMS and on opportunities for improvement, in particular to top management.
ensuring the promotion of customer focus throughout the organization.
ensuring the integrity of the QMS is maintained when changes to the QMS are planned and implemented.

6 Planning

6.1 Actions to address risks and opportunities

How are internal and external issues and interested parties considered when planning for the QMS?
How are risks and opportunities determined and addressed so the QMS can achieve its intended results, prevent and reduce undesired effects and achieve continual improvement?
How are actions are planned to address risks and opportunities?
Does the organisation ensure actions are integrated and implemented into the QMS processes?
Does the organisation evaluate the effectiveness of the actions?
Does the organisation take actions to address risks and opportunities determined as being appropriate to the potential impact on the conformity of products and services?

6.2 Quality objectives and planning to achieve them

Has the organisation established quality objectives that are at relevant functions, levels and processes?
Do the quality objectives meet the required criteria:
consistent with the quality policy.
measurable.
taking into account applicable requirements.
relevant to the conformity of products and services and to the enhancement of customer satisfaction.
moinitored.
communicated.
updated as appropriate.
Does the organisation ensure objectives are documented?
Does the organisation determine what will be done, with what resources, when completed and how the results will be evaluated for quality objectives?

6.3 Planning of changes

Does the organisation have QMS changes that are planned systematically?
Does the organisation demonstrate the purpose and potential consequences of changes?
Does the organisation consider the integrity of the QMS?
Does the organisation ensure resources are made available?
Does the organisation ensure responsibility and authority is allocated and reallocated?

7 Support

7.1 Resources

Does the organisation determine resources needed for the IMS?
Does the organisation consider the capabilities and constraints on internal resources?
Does the organisation consider the needs from external providers?
Does the organisation provide persons necessary to consistently meet customer, applicable statutory and regulatory requirements for the QMS including the necessary processes?
Does the organisation determine, provide and maintain the infrastructure for the operation of processes to achieve products and services conformity?
Does the organisation determine, provide and maintain the environment for the operation of processes to achieve products and service conformity?
Does the organisation determine and ensure resources are valid and reliable for monitoring and measuring results?
Does the organisation ensure that the resources provided are suitable for the specific type of monitoring and measurement activities being undertaken and that they are maintained to ensure continued fitness of purpose?
Does the organisation document information that shows evidence of fitness for purpose of monitoring and measurement resources?
Does the organisation have measurement instruments that are verified or calibrated at specific intervals against national or international standards. If no standards, does the organisation have documented information which is used as the basis for calibration or verification?
Does the organisation identify measurement instruments?
Does the organisation ensure measurement instruments are safeguarded from adjustments, damage and deterioration?
Does the organisation determine the validity of previous measurements if you find an instrument to be defective during verification or calibration. Verify any actions taken.
Does the organisation determine the necessary knowledge for the operation of processes and achieves conformity of products and services?
Does the organisation ensure knowledge is maintained and made available to the extent necessary?
Does the organisation consider current knowledge and determine how its acquires additional knowledge when addressing changing needs and trends?

7.2 Competence

Does the organisation determine the necessary competence of people doing work under your control that affects quality performance?
Does the organisation ensure competence of the people doing work on the basis of appropriate education, training or experience?
Does the organisation take actions to acquire necessary competence where applicable and evaluate the effectiveness of those actions?
Does the organisation document information as evidence of competence where appropriate?

7.3 Awareness

Does the organisation ensure that people doing work under the organisation's control are aware of the following criteria required:
the quality policy.
the relevant quality objectives.
their contribution to the effectiveness of the QMS, including the benefits of improved performance.
the implications of not conforming with the QMS requirements.

7.4 Communication

Does the organisation determine internal and external communication process (what, when, with whom and how to communicate)?

7.5 Documented information

Does the organisation document the information required by the ISO 9001:2015 standard?
Does the organisation document information that shows the effectiveness of the QMS?
Show me that your Does the organisation's documented information contain appropriate identification, format (language, software version or graphics,) and media (paper or electronic)?
Does the organisation ensure the documented information is reviewed and approved for suitability and adequacy?
Does the organisation control documented information and make it available and suitable for use? Does the organisation protect your documented information?
Does the organisation control the distribution, access, retrieval, use, storage, preservation, legibility, control of changes, retention and disposition of documented information?
Does the organisation document information of external origin is identified, as appropriate, and controlled?

8 Operation

8.1 Operational planning and control

Does the organisation plan, implement and control the processes needed to meet the requirements of products and services?
Does the organisation determine the requirements for products and services?
Does the organisation determine the criteria for processes and acceptance for products and services?
Does the organisation determine resources that are used?
Does the organisation ensure the process control is implemented?
Does the organisation document information that demonstrates processes have been carried out as planned and can demonstrate conformity of products and services?
Are the outputs from the planning process suitable for the organisation's operations?
Does the organisation ensure planned changes are controlled? Does the organisation ensure unintended changes are reviewed and what actions are taken to mitigate any adverse effects, as necessary?
Does the organisation ensure that outsourced processes are controlled?

8.2 Determination of requirements for products and services

Does the organisation have processes created for communicating with customers on information relating to products, services, enquiries, contracts, order handling, customer views, perceptions and complaints, handling or treatment of customer property and specific requirements for contingency actions?
Does the organisation have a process to determine the requirements for products and services to be offered to potential customers and does the organisation ensure the process is established, implemented and maintained?
Does the organisation ensure product and service requirements including statutory and regulatory requirements are defined? Does the organisation have the ability to meet the defined requirements and substantiate any claims for its products and services?
Does the organisation reviews meet the required criteria:
customer requirements for delivery and post-delivery.
requirements necessary for customer's specified or intended use, where known.
statutory and regulatory requirements applicable to the products and services.
other contract or order requirements.
Does the organisation ensure that the review is conducted prior to the organisation's commitment to supply products and services to the customer?
Does the organisation resolve differences in the contract or order requirements from those previously defined?
Does the organisation confirm customer requirements where the customer doesn't provide a documented statement?
Does the organisation ensure documented information of reviews describing new or changed requirements to products and services?
Does the organisation document information of amended reviews and ensure relevant personnel are made aware of those changes?

8.3 Design and development of products and services

Verify how the design and development process is established, implemented and maintained.

8.3.2 Design and development planning

In determining the stages and control for design and development, verify the organization considers..
the nature, duration and complexity of the activities.
the requirements that specify particular process stages including applicable reviews.
required verification and validation.
responsibilities and authorities.
how interfaces are controlled between individuals and parties.
the need for involvement of customer and user groups.
Verify documented information that confirms design and development requirements have been met.

8.3.3 Design and development inputs

In determining requirements essential for the type of products and services being designed and developed, the organization shall consider..
functional and performance requirements.
information derived from previous similar design and development activities.
statutory and regulatory requirements.
standard or codes of practice that the organization has committed to implement.
potential consequences of failure due to the nature of the products and services.
Verify that the inputs are complete and unambiguous.
Verify documented information on design and development inputs are retained.

8.3.4 Design and development controls

Verify the organization applies controls to the design and development process to ensure that..
the results to be achieved are defined.
reviews are conducted to evaluate the ability of the results of design and development to meet requirements.
verification activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use.
validation activities are conducted to ensure that the resulting products and services meet the requirements of the specified application or intended use.
any necessary actions are taken on problems determined during the reviews, or verification and validation activities.
Verify documented information of these activities are retained.

8.3.5 Design and development outputs

Verify the organization ensures the design and development outputs..
meet the input requirements.
are adequate for the subsequent processes for the provision of products and services.
include or reference monitoring and measuring requirements, as appropriate , and acceptance criteria.
specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision.
Verify documented information on design and development outputs are retained.

8.3.6 Design and development changes

Verify the organization identifies, reviews and controls changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.
Verify documented information on design and development changes, the result of reviews, the authorization of changes and the actions taken to prevent adverse impacts are retained.

8.4 Control of externally provided processes, products and services

Does the organisation ensure externally provided processes, products and services conform to specified requirements?
Does the organisation ensure controls are applied to externally provided processes, products and services when products and services are intended for incorporation into the organisation's own products and services, products and services are provided directly to the customer or a process, or part of a process, is provided by an external provider as a result of a decision by the organisation?
Does the organisation determine and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers?
Does the organisation document information of activities and actions arising from the evaluations?
Does the organisation determine controls applied to the external provision of processes, products and services and the resulting output?
Does the organisation consider the potential impact of the external provided processes, products and services on its ability to meet customer and applicable statutory and regulatory requirements?
Does the organisation consider the effectiveness of the controls applied by the external provider?
Does the organisation determine the verification, or other activities, necessary to ensure the externally provided processes, products and services meet requirements?
Does the organisation communicate the required criteria to external providers:
the processes, products and services to be provided.
the approval of product and services; methods, processes and equipment; and the release of products and services.
competence, including any required qualification of persons.
the external providers' interactions with the organisation.
control and monitoring of the external providers' performance to be applied by the organisation.
verification or validation activities that the organisation, or its customer, intends to perform at the external providers' premises.

8.5 Production and service provision

8.5.1 Control of production and service provision

Does the organisation ensure documented information is available that defines the characteristics of the products to be produced, the services to be provided or the activities to be performed and the results to be achieved?
Does the organisation ensure the availability and use of suitable monitoring and measuring resources?
Does the organisation ensure the implementation of monitoring and measuring activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met?
Does the organisation ensure the use of suitable infrastructure and environment for the operation of processes?
Does the organisation ensure the appointment of competent persons, including any required qualification?
Does the organisation ensure the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement?
Does the organisation ensure the implementation of actions to prevent human error (i.e. poke yoke, visual locations, checklist, emergency stops, templates and document control)?
Does the organisation ensure the implementation of release, delivery and post-delivery activities?

8.5.2 Identification and traceability

Does the organisation ensure that outputs from the process are identified to ensure conformity?
How does the organisation identify the status of process outputs?
Does the organisation control the unique identification of process outputs when traceability is required? Does the organisation document information of traceability, where required?

8.5.3 Property belonging to customers or external providers

Does the organisation ensure care is provided to customers' or external providers' property?
Does the organisation ensure it can identify, verify, protect and safeguard customers' or external providers' property which is provided for use or incorporation into the organisation's products or services?
Does the organisation have retained documented information for property that is damaged or otherwise found to be unsuitable for use?

8.5.4 Preservation

Does the organisation ensure preservation of the process outputs to ensure conformity to requirements?

8.5.5 Post-delivery activities

Does the organisation consider the following required criteria to meet post-delivery activities:
statutory and regulatory requirements
potential undesired consequences associated with its products and services
the nature, use and intended lifetime of its products and services
customer requirements
customer feedback

8.5.6 Control of changes

Does the organisation review and control changes for production or service provision?
Does the organisation have retained documented information describing the results of the review of changes, the person(s) authorizing the change and any necessary actions arising from the review?

8.6 Release of products and services

Does the organisation ensure appropriate stages of product and service requirements have been met?
Does the organisation ensure products and services are not released to the customer until the planned arrangements have been satisfactorily completed, unless otherwise approved by relevant authority and, as applicable, by the customer?
Does the organisation have retained documented information that shows evidence of conformity with acceptance criteria and traceability to person(s) authorising the release?

8.7 Control of nonconforming outputs

Does the organisation ensure that outputs that do not conform to requirements are identified and controlled?
Does the organisation ensure appropriate action is taken for nonconforming products and services (also include after delivery of product or during/after the provision of services)? Does the organisation ensure the required criteria is met:
Correction
Segregation, containment, return or suspension of provision of products and services
Informing the customer
Obtaining authorization for acceptance under concession
Verify conformity to the requirements when nonconforming outputs are corrected.
Verify retained documented information that describes the nonconformity, describes actions taken, describes any concessions obtained and identifies the authority deciding the action in respect of the nonconformity.

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

Does the organisation has determined what needs to be monitored and measured, the methods to be used, when it will be performed, analysed and evaluated?
Does the organisation evaluate the performance and effectiveness of its QMS?
Does the organisation review retained appropriate documented information?
Does the organisation monitor customers' perceptions of the degree to which their needs and expectations have been fulfilled?
Does the organisation analyse and evaluate the following required criteria:
conformity of products and services.
the degree of customer satisfaction.
the performance and effectiveness of the QMS.
if planning has been implemented effectively.
the effectiveness of actions taken to address risks and opportunities.
the performance of external providers.
the need for improvements the the QMS.

9.2 Internal audit

Does the organisation ensure audits are conducted at planned intervals?
Does the organisation have an established, implemented, and maintains an internal audit program?
Does the organisation ensure the importance of the process, changes affecting the organisation and the results of previous audits are considered?
Does the organisation determine the audit criteria and scope are created for each audit?
Does the organisation ensure auditors are objective and impartial?
Does the organisation ensure audit results reported to relevant management?
Does the organisation ensure appropriate correction and corrective actions are taken without delay?
Does the organisation review retained documented information?

9.3 Management review

Does the organisation conduct management reviews QMS at planned intervals?
Does the organisation ensure inputs to management review meets the required criteria:
status of actions from previous management reviews
changes in external and internal issues relevant to the QMS
customer satisfaction and feedback from relevant interested parties
the extent to which quality objectives have been met
process performance and conformity of products and services
nonconformities and corrective actions
monitoring and measurement results
audit results
the performance of external providers
adequacy of resources
effectiveness of actions taken to address risks and opportunities
opportunities for improvement
Does the organisation ensure outputs to management review meets the required criteria:
opportunities for improvement
any need for changes to the QMS
resource needs
Verify retained documented information

10 Improvement

10.1 General

Does the organisation determine and select opportunities for improvement to improve products and services, corrects, prevents or reduces undesired effects and improves the performance and effectiveness of the QMS?

10.2 Nonconformity and corrective action

Does the organisation react to nonconformity, including complaints, by evaluating how its takes action to control and correct it and how it deals with the consequences?
Does the organisation evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere?
Does the organisation implement necessary actions?
Does the organisation evaluate the effectiveness of actions taken?
Does the organisation update risks and opportunities determined during planning, if necessary?
Does the organisation have any changes made to the QMS, if necessary?
Does the organisation retain documented information that provides evidence of the nature of the nonconformity and any subsequent actions taken and the results of any corrective actions?

10.3 Continual improvement

Does the organisation continually improve? Does it consider the results of analysis and evaluation and the outputs from management review to determine if there are needs or opportunities that shall be addressed as part of continual improvement?

Sign Off

I, the undersigned, have completed this audit in an accurate manner. I have attached evidence as required and declare this assessment complete.
Full name and signature of auditor

ISO 9001:2015 Audit Checklist

Free ISO 9001:2015 Audit Checklist Checklist

Go digital today!

Convert your paper checklists into digital forms

Introduction

4.1 Understanding the organisation and its context

4.2 Understanding the needs and expectations of interested parties

4.3 Determining the scope of the quality management system

4.4 Quality management system and its processes

5.1 Leadership and commitment

5.2 Policy

5.3 Organisational roles, responsibilities and authorities

6.1 Actions to address risks and opportunities

6.2 Quality objectives and planning to achieve them

6.3 Planning of changes

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented information

8.1 Operational planning and control

8.2 Determination of requirements for products and services

8.3 Design and development of products and services

8.3.2 Design and development planning

8.3.3 Design and development inputs

8.3.4 Design and development controls

8.3.5 Design and development outputs

8.3.6 Design and development changes

8.4 Control of externally provided processes, products and services

8.5 Production and service provision

8.5.1 Control of production and service provision

8.5.2 Identification and traceability

8.5.3 Property belonging to customers or external providers

8.5.4 Preservation

8.5.5 Post-delivery activities

8.5.6 Control of changes

8.6 Release of products and services

8.7 Control of nonconforming outputs

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.3 Management review

10.1 General

10.2 Nonconformity and corrective action

10.3 Continual improvement

Sign Off

Related checklists