Professional Documents
Culture Documents
Refs Requirements What to look for and how Comply Auditor notes and evidence
This checklist is divided into sections corresponding to the quality system processes defined in the Process Map at the top of the checklist. The Process Map and
this audit checklist must call out the same processes. When you edit the Process Map to fit your company, remember to also make corresponding changes in the
checklist.
This is also an ISO 9001:2015 compliance checklist. The requirements for each process are paraphrased from ISO 9001 and there is a reference to the
corresponding clause of the standard (first column). The checklist is carefully designed to completely cover all requirements of the ISO 9001 standard. If, when
customizing the Process Map, you delete or add processes, make sure that you re-associate the corresponding clauses in ISO 9001 and don’t leave any out (e.g.,
maintain completeness of the checklist in regard to compliance with ISO 9001).
You should customize this checklist on three levels: 1) align it with any changes in the Process Map, 2) further develop the “Requirements” column to add other
relevant requirements (if any), and 3) edit the “What to look for and how” column to make it appropriate to the products, operations, practices and issues that are
relevant in your company. The third item in particular will require the most customizing.
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 2 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
QSP 041: Context and interested parties QSP 081 : Production/service provision and quality planning
QSP 042: Quality management system processes QSP 082: Sales, contracting and customer communication
QSP 051: Leadership and commitment QSP 083: Design and development of products and services
QSP 052: Quality policy QSP 084: Purchasing and subcontractor control
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 3 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
QSP 053: Roles, responsibilities and authorities QSP 085: Production and service provision
QSP 061: Risks and opportunities QSP 086: Release of products and services
QSP 062: Quality objectives QSP 087: Control of nonconforming outputs
QSP 063: Planning of changes QSP 091: Monitoring, measurement, analysis and evaluation
QSP 071: Resources QSP 092: Internal audit
QSP 072: Competence QSP 093: Management review
QSP 073: Awareness QSP 101: Opportunities for improvement
QSP 074: Communication QSP 102: Corrective and preventive actions (CAPA)
QSP 075: Documented information QSP 103: Continual improvement
Refs Requirements What to look for and how Comply Auditor notes and evidence
4.3 Determine the Are the boundaries and applicability of the QMS
Scope of the QMS established and documented? How is the scope
documented? (Quality Manual).
ISO 9001 requirements that don't
apply to the company When determining the scope, are external and internal
issues considered? Are requirements of interested
parties considered?
Are there any ISO 9001 requirements that are claimed
not to apply to the company? Are these claims
substantiated? Are these claims reasonable and
justified? Are any ISO 9001 requirements related to
enhancing customer satisfaction excluded?
4.4 Define the processes of the QMS Are processes needed for the quality
management system identified and
established (process map)? Is the sequence
and interaction between these processes
determined (process map)? Are criteria and
methods for the operation and control of
quality system processes established
(operational procedures)? Are required
resources available? Are quality system
processes monitored and measured (internal
audit, customer satisfaction, manufacturing
process performance, etc.)? Is the quality
system being continually improved?
Refs Requirements What to look for and how Comply Auditor notes and evidence
quality objectives
promote improvement
5.1.2 Top management shall demonstrate What measures are implemented to ensure
leadership and commitment with that customer requirements are determined
respect to customer focus. and met (processes, procedures, training,
monitoring, auditing, etc.)?
Are there any risks related to customer
satisfaction determined?
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
6.2.2 Plan how to achieve quality Are plans to achieve quality objectives
objectives, to include the documented? Do those plans include: what
determination of: will be done, what resources will be required,
who will be responsible, when it will be
what will be done
completed, how the result will be evaluated?
resources requirements
responsibilities
completion die date
how results will be measured
7.1.3 Determine and provide infrastructure Are there sufficient equipment and machines
necessary for operations and to to perform all specified production and
achieve conformity of products and service provision processes and
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 8 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
7.1.4 Determine, provide and maintain the In work areas, are temperature, humidity,
work environment needed to achieve particulate levels (dust), noise and other such
conformity of products and services. environmental conditions compatible with the
type of product and processes? Is there
appropriate and adequate lighting at work
stations? Are there any training/awareness
programs aiming to ensuring suitable social
and psychological conditions in the
workplace.
Ensure that measuring devices and Are measuring devices selected on the basis
equipment are suitable for the of the monitoring/measurement requirements
specific measurements for which (accuracy, environmental conditions, etc.)?
they are used, and that they are Are operators/inspectors competent (trained)
in the use of measuring devices? Are there
maintained. maintenance plans/schedules for measuring
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 9 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
equipment?
7.1.6 Determine, acquire, maintain and How is it determined when and what kind of
preserve knowledge necessary for new organizational knowledge is needed
operations and to achieve conformity (design reviews, management reviews,
of products and services, planning of changes, CAPA investigations,
marketing reports, etc.) How is organizational
knowledge maintained and preserved?
(document control and distribution, training)
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
etc.)?
Refs Requirements What to look for and how Comply Auditor notes and evidence
7.5.2 When creating and updating Are documents uniquely identified (unique
documents, ensure that documents title and /or code-number) and are they
are: legible?
uniquely identified, Are documents approved before issue? How
reviewed and approved for is the approval evidenced (signature)? Is
suitability and adequacy there a process for reviewing, updating and
re-approving documents? Are documents
created in appropriate format and
identified with their revision level? How are
media changes identified (change brief, highlighted,
etc.?)
Are documents created in appropriate format
and language, so that they can be readily
accessed, and be understood by the people
who use them?
Define processes and activities Are there procedures and/or instructions for
related to the control of documents, control of documents?
to include:
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 13 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
Establish criteria for production and Are production processes validated or tested
service provision processes. (refer also to PRP 05 ISO 7.5.2)? Who
selects production equipment, and how? Are
Provide resources (human, operators trained? Are there adequate work
instructions?
equipment, machines, etc) for the Select a sample of processes and ask how
process. they were developed and validated/tested;
and review the associated documentation
Implement control of the processes (performance/validation test results, work
in accordance with the criteria. instructions, operator qualification
requirements, setup verification records,
etc.).
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
8.2.4 When changing or amending orders, How are change orders processed? Is there
ensure that relevant documents are a system for amending documents? Are
amended and that changes are there written instructions, procedures and/or
communicated to relevant training? How is information about order
changes communicated to relevant
personnel. departments/personnel within the company?
Review a sample of change orders to verify
that procedures, instructions and/or training
are being followed. See if you can uncover
any past problems caused by mishandling of
change orders.
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
ensure that design outputs have met design outputs meet the design input
the design input requirements. requirements? Is this a systematic review?
Maintain records of the verification Are all design inputs considered? Are the
results and any related actions. actual verification results (calculations, data,
etc.) included in the record?
Document design output and Is design output documented? How? Are the
approve the design output prior to documents reviewed and approved prior to
release. release and by whom? How are preliminary
documents distinguished from the final
released documents?
Verify that design output documents
forwarded to production, subcontractors or
other consultants are clearly identified as
final or preliminary.
8.3.6 Review, verify, validate, as How are requests for design changes
appropriate, and approve design documented and processed? Who reviews
changes before implementation. and approves requests for design changes?
Evaluate the effect of the changes Is the effect of change on the overall product
considered (ask for specific examples)? Who
on constituent parts and on product decides, and how, what reviews, verifications
already delivered. Maintain records and validations need to be done for a design
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 19 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
Evaluate and select suppliers based Are suppliers evaluated and reviewed before
on their ability to supply products they are approved? What are the scope,
conforming to specified extent and criteria for evaluating and
requirements. approving suppliers? Who decides? How is
the approval documented (an approved
vendor list)? Are there records of initial
Establish evaluation, selection, supplier evaluations?
performance monitoring, and re- Select randomly and review a sample of
evaluation criteria. supplier evaluation and monitoring files. Is
their approval status clearly authorized? Is
Maintain records or supplier their performance consistently monitored? In
evaluations and related actions. the event of nonconforming deliveries, are
they required to implement corrective
actions? Is there a follow up?
8.4.2 Ensure that externally provided What is being done to ensure purchased
processes remain within the product conformity: Supplier’s QMS
control of the QMS certification? Audits of supplier's QMS?
Certificates or inspection reports from
Define controls to be applied to the supplier or independent labs? Supplier's
external providers and to the process SPC records, Cpk or Ppk
resulting output (the supplied requirements? Containment and receiving
processes, products and services) inspection?
Determine verification or other Select a sample of purchased product
activities to ensure that supplied categories and investigate for each what
processes, products and services activities or arrangements are planned to
meet requirements. ensure their conformity, how this plan is
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 20 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
8.5.1.b) Ensure the availability of measuring Is there a system for controlling the inventory
8.5.1.c) devices and the implementation of of measuring/monitoring devices (a list with
monitoring and measurement identification, location, calibration status)? Is
activities. the inventory of measuring devices adequate
to meet requirements of the
monitoring/measurement program
(inspections, tests, SPS, etc.)?
Are processes monitored? How? (SPC, tool
ware, etc). Are process outputs inspected or
otherwise verified? (first article inspection, in-
process inspections, etc.) How are process
monitoring and process output verification
defined? (work orders, quality plans, etc.).
Are monitoring and measurement records
established and maintained?
8.5.1.e) Appoint competent persons and Are there specified competency requirements
ensure the availability of work for operating processes? Are process
instructions, as necessary. operators assigned based on meeting the
competency requirements for the process?
How is it known who is competent too
operate specific processes?
Are there adequate instructions for operating
machines and processes? Who decides and
how (criteria) whether work instructions shall
be established for a given process/work
station? Are process parameters
(temperature, pressure, speed, etc.) defined?
Ask operators what should the settings be for
various parameters in their processes, and
how they know this? What are the lower and
upper limits for the parameters? What should
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 22 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
8.5.1.f) Validate processes where the Who is responsible for identifying processes
resulting output cannot be verified by requiring validation? How is it determined
subsequent monitoring or what controls, validations and arrangements
measurement. Establish shall be required for each such process
(criteria for review and approval)? Are
arrangements for these processes process validation results recorded? Are
including, as applicable processes revalidated (where appropriate)?
criteria for their review and Select a sample of processes that require
approval, validation and investigate how these
approval of equipment and processes were validated, and whether this
qualification of personnel, complies with requirements.
use of specific methods and
procedures,
requirements for records, and
revalidation.
8.5.1.g) Implement actions to prevent human How is it determined where prevention of
error. human error is needed? (risk analysis,
CAPAs) Are there any arrangements, setups
or equipment aiming to prevent human error?
(automation, use of templates, alarms, etc.).
8.5.1.h) Ensure the implementation of Are there defined responsibilities for these
release, delivery and post-delivery activities? How are requirements
activities. documented (procedures, work orders,
installation/servicing requisitions, etc.)?
Are delivery-related activities (processing of
shipping orders, packaging, dispatch,
delivery, installation, etc.) defined in
procedures, work instructions, training, etc.?
Are appropriate records maintained?
8.5.2 Identify outputs and their acceptance Are materials and products used in
(inspection) status. production uniquely identified while in
storage, in staging areas, at work stations,
etc? Is the acceptance status identified?
Verify that for any product (material) in
production areas it is evident what the
product is and whether it passed inspection
(test) and can be moved to the next
processing stage or be dispatched to
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 23 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
8.5.3 Identify, verify, protect and Is this relevant? If so, look for identification
safeguard customer and supplier showing that the product belongs to customer
property provided for use or or supplier. Investigate whether there were
incorporation into the product; and any events of loss, damage, or unsuitability
of customer property and whether this was
report to customers or suppliers any promptly reported back to the owner.
event of loss, damage or Are there any requirements/procedures for
unsuitability of their property. handling confidential intellectual property that
belongs to customers or suppliers?
8.5.4 Protect and preserve the conformity In warehouses, storage and staging areas:
of product in storage and during Are there designated areas for storage of
delivery to the intended destination. particular products? Are products kept in
boxes, bags, bins or other protective
packaging? Are there products that require
special storage conditions (temperature,
humidity, cleanliness, etc)? How are these
conditions ensured? Are they recorded? Are
there products with limited shelf life? How is
such product managed? Is there an effective
first-in-first-out system? Are stacking
limitations defined? Are they observed? Is
there a risk of cross-contamination? How is it
managed? Is there an inventory management
system? Is it kept current?
Look for misplaced product, product taken
out of packaging, unused product returned to
storage, product returned by customers,
product intermingled with other unrelated
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 24 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
8.5.5 Determine the extent of required Are there any post-delivery activities
post-delivery activities, considering: specified? Have safety and other risks been
statutory and regulatory considered, and how they could be
potentially mitigated in the post-delivery
requirements
phase?
the potential undesired Has there been any consideration of the
consequences (risks) associated environmental impacts of the product while in
with products and services use and/or at the end of its useful life. If
the nature, use and life cycle of relevant, have a recycling program been
products and services considered, for example?
customer requirements and
customer feedback
8.5.6 Review control and authorize How are requests for process changes
process changes. documented and processed? Who reviews
and authorizes process changes? Is the
Maintain records of changes, effect of change on other processes and/or
product considered (ask for specific
reviews and authorizations, and any examples)? Who decides, and how, what
related actions. tests and validations need to be done to
verify a process change? Are results of
reviews, verifications, validations and
authorizations maintained?
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 25 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
Refs Requirements What to look for and how Comply Auditor notes and evidence
8.7.2 Maintain records of the Are there records describing the nature of
nature of nonconformities nonconformities and actions taken? Are they
traceable to specific product batches or
subsequent action taken
shipments? Are customer concessions
concessions obtained included in the record? Is the authority
the authority deciding the action deciding the disposition identified? How long
and disposition with respect to the are these records retained?
nonconformity
Refs Requirements What to look for and how Comply Auditor notes and evidence
9.1.3 Analyze data arising from monitoring What specific data are analyzed to meet
and measurement, to evaluate: requirements of this clause? Are data on
conformity of products and product nonconformity rates collected and
analyzed? How are data on customer
services
satisfaction analyzed? Are there data on
customer satisfaction trends of characteristics of processes and
performance and effectiveness of products (e.g., on how these characteristics
the QMS vary within the specified tolerance)? Is the
implementation of planned effectiveness of risk reduction actions
arrangements evaluated? What specific supplier
performance data are being systematically
effectiveness of risk reduction
collected (on-time delivery, nonconformity
actions rates, etc.)?
performance of external providers Is it determined how the data is to be
the needs for improvements to the analyzed and by whom? How are results
QMS reported and used?
Refs Requirements What to look for and how Comply Auditor notes and evidence
9.3.2 The input into management reviews Are all required inputs provided for each
shall take into consideration: review? Are there records specifically
status of actions from previous demonstrating that each input was provided
and considered?
reviews
changes Have all actions from the preceding review
customer satisfaction and been closed out? What happens to actions
that have not been fully completed?
feedback
quality objectives How, for example, are opportunities for
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 29 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
process performance and product improvement input into the review? Who is
conformity, responsible for this input? How are the
opportunities for improvement considered?
nonconformities and corrective
Who decides which opportunities will be
actions implemented?
results of monitoring and
measurement
results of audits
performance of external providers
(suppliers)
adequacy of resources
effectiveness of risk reduction
actions
opportunities for improvement.
9.3.3 The output from management In the last two management reviews, what
reviews shall include decisions and specific decisions and actions related to
actions related to: improvement were taken? How were they
implemented?
improvement,
changes to the QMS Does the record show that management
resource needs. reviews include decisions related to changes
to the QMS?
Were there any special resources provided to
implement the improvements or changes?
10 Improvement
10.1 Determine and select opportunities Are there specific examples of recent
for improvement, to include: improvements to products and services?
improvement of products and Is the risk evaluation process actively used to
services identify risks and to implement actions to
preventing or reducing undesired reduce risks?
effects What have been done recently to improve the
improving the QMS QMS?
10.21 Take actions to control and correct Is there a process for initiating, investigating,
nonconformities (including any implementing and evaluating the
arising from complaints) and to deal effectiveness of corrective actions. Is this
with their consequences. process documented in a procedure?
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 30 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence
10.2.2 Maintain records on the nature of Are all nonconformities recorded? Do the
nonconformites, any subsequent records include description of the nature of
action taken, and results of the nonconformity? Are subsequent actions
corrective actions. and their results recorded? Are these records
readily retrievable?
10.3 Continually improve the suitability, Are results of the analysis of quality
adequacy and effectiveness of the performance data used in identifying the
QMS. needs and opportunities for improvement?
Are management review outputs identifying
the needs and opportunities for
improvement?
What are the most recent examples of
INTERNAL AUDIT CHECKLIST Doc: QF-82-02-1 Revision: A Pg. 31 of 26
Refs Requirements What to look for and how Comply Auditor notes and evidence