ISO 9001:2008 Audit Checklist

Clause Detail Comments

1.2 Are there any exclusions to the Standard

Are exclusions limited to clause 7

4.1 a) Have the processes required for the QMS been determined

b) Has the sequence and interaction of processes been

determined

c) Has a criteria been determined for the processes

Has a method been determined to ensure that both

operation and control of the processes are effective

d) (6)

(6.2.2)

Have sufficient resources been made available to support

the monitoring of these processes

Has sufficient information been made available to support

the monitoring of these processes

e) Have these processes been monitored

Have these processes been measured

Has this information been analysed

f) Have the processes been fully implemented

Have the implemented processes been improved or is an

improvement plan in place

4.1 Does the organisation outsource any of its processes that

could affect product conformity

Are outsourced processes controlled

5.4.2 Where the above requirements are not met is there

a) evidence of top management planning to comply

4.2.1 (5.3)
a) (5.4.1)

b) Does the organisation have a quality manual

c) Does the quality manual contain procedures for the control

of records (4.2.4)
Page 1 of 16
 Does the quality manual contain procedures for the control
of documents (4.2.3)

Does the quality manual contain procedures for the control

of internal audits (8.2.2)

Does the quality manual contain procedures for the control

of the control of non conforming products (8.3)

Does the quality manual contain procedures for the control

of corrective actions (8.5.2)

Does the quality manual contain procedures for the control

of preventive actions (8.5.3)

Does the quality manual contain procedures that have been

identified as being required to maintain the QMS

d) Has the organisation determined what documentation and

records are required to ensure the effective planning,
operation and control of its processes

Are these documents and records maintained

4.2.1 Are all procedures appropriately established, documented,

implemented and maintained

Is the QMS documentation appropriate to the size of the

organisation, its activities, the complexity of its processes
and their interactions and the competence of its personnel

4.2.2 Has the scope of the quality manual been defined

a) Have exclusions identified at 1.2 been justified

b) Are the procedures established for the QMS contained in the

quality manual or referred to in it

c) Has the interaction of procedures been described

4.2.3 Does the document control procedure define the means of

a) Document approval

b) Document review and re-approval

c) Identification of revision status

d) Identification of changes made to documentation

e) Ensuring that only current and relevant versions of

documentation are available at the point of use

f) Ensuring that documents remain legible

Page 2 of 16
g) Ensuring that documents remain readily identifiable

h) Ensuring that appropriate external documentation is

identified

i) Ensuring that the distribution of external documents is

controlled

j) Removing obsolete document from use

k) Ensuring that obsolete documents remain out of use

5.4.2 Are the above procedures implemented and maintained

b)

4.2.4 Does the procedure for the control of records define the
controls for
Identification of records

Storage of records

Protection of records

Retrieval of records

Retention of records

The disposition of records

4.2.4 Are the above procedures implemented and maintained

5.1 Has top management

Communicated the importance of meeting customer
requirements

Communicated the importance of statutory and regulatory

requirements

(5.3)

(5.6)

(6)

5.2 Have customer requirements been determined

Are customer requirements met with

5.3 Does the organisation have a quality policy

a) Is the policy appropriate to the purpose of the organisation

Page 3 of 16
b) Does the policy include a commitment to comply with the
requirements of the QMS

Does the policy include commitment to continually improving

the QMS

c) Does the policy provide a framework for establishing and

reviewing quality objectives

d) Has the policy been communicated within the organisation

Is the policy understood by the organisation

e) Is the policy subject to review to ensure continued suitability

5.6 Has this review been undertaken by top management

5.4.1 Have quality objectives been set

Are quality objectives measurable

Are quality objectives consistent with the quality policy

Are the quality objectives set at relevant functions and levels

5.6 Have the quality objectives been reviewed by top

management

5.4.2 Where the above objectives have not been established is

a) there evidence of top management planning to comply

b) Have all changes to the QMS been managed effectively

5.5.1 Are responsibilities and authorities throughout the
organisation defined

Are responsibilities and authorities communicated

throughout the organisation

5.5.2 Has a QMR been appointed

a) Does the QMR understand his/her responsibilities to:

Ensure that the processes required for the QMS are
established, implemented and maintained
b)
Report to top management on the performance of the QMS

Report to top management on the need for improvements

c)
Promote the awareness of customer requirements

Where agreed, to liaise with external parties on matters

relating to the QMS

Page 4 of 16
5.5.3 Have top management established appropriate
communication processes for the purposes of the QMS

Is there evidence of effective communication via the

established means

5.6 Have top management established a plan for reviews of the

QMS

Are reviews undertaken in accordance with the management

plan
5.6.2 Has the top management review included:
a) Results of audits

b) Customer feedback

c) Process performance

Product conformity

d) Status of preventive action

Status of corrective action

e) Follow-up action from previous reviews

f) Changes that could affect the QMS

g) Recommendations for improvement

5.6.3 Do top management review outputs include the decisions

made or actions taken related to:

Improving the QMS

Improving the product related to customer requirements

Improving the need for resources

6.1 Has the organisation determined the resources required to

maintain the QMS

6.2.2 Has the organisation:

a) Determined the necessary competencies required by
personnel performing work affecting conformity to product
requirements

b) Provided training or taken other measures to ensure

competency where applicable

c) Evaluated the effectiveness of these actions

d) Do personnel understand the relevance and importance of

Page 5 of 16
 their activities

Do workers understand how they contribute to the quality

objectives

E) Are training records maintained

6.3 Has the organisation determined:

a) The building, workspace and associated utilities needed to
achieve conformity to product requirements

b) The process equipment (both hardware and software)

needed to achieve conformity to product requirements

c) Supporting services (such as transport, communication or

information systems) needed to achieve conformity to
product requirements

6.3 Have the above resources been provided

Have the above resources been maintained

6.4 Has the organisation determined the work environment

needed to achieve conformity to product requirements

7.1 Has the organisation determined:

a) The quality objectives and requirements for the product

b) The processes specific to the product

The documentation specific to the product

The resources specific to the product

c) The required verification activities and acceptance criteria

for the specific product

The required validation activities and acceptance criteria for

the specific product

The required monitoring activities and acceptance criteria for

the specific product

The required measuring activities and acceptance criteria for

the specific product

The required inspection activities and acceptance criteria for

the specific product

The required test activities and acceptance criteria for the

specific product

d) The records needed to provide evidence of product

Page 6 of 16
 conformity

7.1 Is the product realisation planning consistent with the other

QMS processes

Is the product realisation planning consistent with the

organisations method of operation

7.2.1 Has the organisation determined:

a) Product requirements determined by the customer

The delivery and post delivery requirements of the customer

b) Requirements necessary for the products intended use

c) Statutory or regulatory requirements of the product

d) The requirements considered necessary by the organisation

7.2.2 Has the organisation, prior to submission of tenders,

a) acceptance of contracts or orders ensured:
That product requirements are defined

b) That contract or order requirements differing from previous

contracts or orders have been resolved

c) That the organisation can meet the defined requirements

7.2.2 Have actions under this clause been recorded

Has clause 4.2.4 been applied to these records

If customer requirements have not been stated in writing

have they been confirmed by other means

Have changes to requirements been communicated

7.2.3 Has the organisation determined effective arrangements for

a) communications with customers in relation to:
Product information

b) Enquiries, contracts or order handling

Enquiry, contracts or order amendments

c) Customer feedback and customer complaints

7.2.3 Have these arrangements been implemented

7.3.1 Has the organisation determined:

The design and development stages

Page 7 of 16
 A review that is appropriate to each design and
development stage

A means of verification that is appropriate to each design

and development stage

A means of validation that is appropriate to each design and

development stage

The responsibilities and authorities for design and

development

Is there effective communication and assignment of

responsibility between different groups involved in the
design and development stages

7.3.2
a) Are functional and performance requirements determined at
the design stage

Are functional and performance requirements recorded at

the design stage

b) Are statutory and regulatory requirements determined at the

design stage

Are statutory and regulatory requirements recorded at the

design stage

c) Where information from previous similar designs has been

used has this information been determined and recorded

d) Has the organisation determined other requirements

essential for design and development

Has the organisation recorded other requirements essential

for design and development

7.3.2 Have these inputs been subject to review for adequacy

Are the identified requirements complete, unambiguous and

free of conflict with each other

7.3.3 Can the design outputs be verified against the design and
development inputs

Are the design and development outputs approved prior to

release

a) Do the design and development outputs:

Meet the input requirements for design and development

b) Provide appropriate information for purchasing

Page 8 of 16
 Provide appropriate information for production

Provide appropriate information for service provision

c) Contain or reference product acceptance criteria

d) Specify the characteristics of the product that are essential

for its safe and proper use

7.3.4 Have suitable stages been determined for the systematic

review of design and development in accordance with
clause 7.3.1

Have the determined reviews been performed

Have these reviews been adequate to:

a) Evaluate the ability of the results of design and development
to meet the requirements

b) Identify any problems

Propose necessary actions

7.3.4 Have representatives of functions concerned with design

and development stages been involved in the review

Have records of reviews and necessary actions been

maintained in accordance with 4.2.4

7.3.5 Has verification been performed in accordance with 7.3.1

Have records of verification results and associated

necessary actions been maintained in accordance with 4.2.4

7.3.6 Has validation been performed in accordance with 7.3.1

Was validation undertaken prior to delivery / implementation

(should be where practicable)

Have records of validation results and associated necessary

actions been maintained in accordance with 4.2.4

7.3.7 Have any design and development changes taken place

Have any design and development changes been identified

and recorded

Have changes been subject to review, verified, validated

and approved before implementation

Page 9 of 16
 Does the review of design and development changes
include the evaluation of the effect of the changes on
constituent parts

Does the review of design and development changes

include the evaluation of the effect of the changes on
product already delivered

Have records of these reviews and associated actions been

maintained in accordance with 4.2.4

7.4.1 Has the organisation established controls over purchased

product that is appropriate to the purchased products effect
on subsequent product realisation or the final product

Has the organisation set criteria for the selection of

approved suppliers

Are records of approved suppliers and actions resulting from

evaluation maintained in accordance with 4.2.4

7.4.2 Does purchasing information describe the product to be

purchased

Does this description include:

a) The requirements for approval of product, procedures,
processes and equipment

b) The requirements for qualification of personnel

c) Any requirements of the QMS

7.4.3 Has the organisation established and implemented

appropriate measures to ensure that purchased product
meets specified purchase requirements

Where verification is to be performed at the suppliers

premises has the organisation stated the intended
arrangements and method of product release in the
purchasing information

7.5.1 Has the organisation planned production

Does this planning include:

a) The availability of the description of the characteristics of the
product

b) The availability of work instructions

c) The use of suitable equipment

d) The availability and use of monitoring and measuring

equipment (7.6)
Page 10 of 16
e) The implementation of monitoring and measurement

f) Product release

Product delivery

Post delivery activities

7.5.2 If production and service provision output cannot be verified

by subsequent monitoring and measuring has the
organisation defined arrangements for (as applicable):
a) Defining the criteria for review and approval of the
processes

b) The approval of equipment

The approval of qualification of personnel

c) The use of specific methods and procedures

d) The requirements of records in accordance with 4.2.4

e) Revalidation

7.5.3 Where appropriate has the organisation identified the

product by suitable means throughout product realisation

Has the organisation identified the status of the product with

respect to monitoring and measurement requirements
throughout product realisation

Where traceability is a requirement, has the organisation

controlled the unique identification of the product and
maintained records in accordance with 4.2.4

7.5.4 Where the organisation is in possession of customer

property, which has been provided for use or incorporation
into the product, has the organisation:
Identified the property

Verified the property

Taken measures to protect and safeguard the customers

property

7.5.4 If customer property has been lost, damaged or otherwise

found to be unsuitable for use, has the customer reported
such to the customer

Have records been maintained for such reports in

accordance with 4.2.4

Page 11 of 16
7.5.5 Has the organisation taken appropriate measures to
preserve the product, including its constituent parts, during
internal processing and delivery including, as applicable:
Identification

Handling

Packaging

Storage and protection

7.6 Has the organisation determined the monitoring and

measurement to be undertaken to provide evidence of
conformity of product to determined requirements

Has the organisation identified the measuring equipment

needed to achieve the determined monitoring and
measurement

Has the organisation established processes to ensure that

monitoring and measurement can be carried out in a manner
that is consistent with the monitoring and measurement
requirements

Where necessary to ensure valid results has the

organisation ensured that the measuring equipment is:
a) Calibrated or verified, or both, at specified intervals, or prior
to use, against measurement standards traceable to
international or national measurement standards

Where no such standard exist, has the basis used for

calibration or verification been recorded and records
maintained in accordance with 4.2.4

b) Adjusted or re-adjusted as necessary

c) Marked with an identification number in order to determine

its calibration status

d) Safeguarded from adjustments that would invalidate the

measurement result

e) Protected from damage and deterioration during handling,

maintenance and storage

7.6 If measuring equipment has been found not to conform to

requirements has the organisation assessed and recorded
the validity of previous measurement results

If measuring equipment has been found not to conform to

requirements has the organisation taken appropriate action
on the measuring equipment

Page 12 of 16
 If measuring equipment has been found not to conform to
requirements has the organisation taken appropriate action
on affected product

Have all calibration and verification results been recorded

and the records maintained in accordance with 4.2.4

If computer software is used in the monitoring and

measurement of specified requirements, has the ability of
the software to satisfy the intended application been
confirmed prior to use and reconfirmed as necessary

8.1 Has the organisation planned and implemented the

monitoring, measurement, analysis and improvement
processes needed to:
a) Demonstrate conformity to product requirements

b) Ensure conformity of the QMS

c) Continually improve the QMS

8.2.1 Has the organisation determined means to monitor customer

perception

Has the determined means been implemented and

maintained

8.2.2 Are internal audits planned

Are internal audits successful in determining whether or not

the QMS:
a) Conforms to the planned arrangements (7.1)

Conforms to the requirements of the Standard

Conforms to the QMS requirements established by the

organisation

b) Is effectively implemented and maintained

8.2.2 Does the audit programme take into account the status and
importance of the processes and areas to be audited

Does the audit programme take into account the results of

previous audits

Has the organisation defined the audit:

Criteria

Scope

Frequency and methods

Page 13 of 16
8.2.2 Have audits been objective and impartial

Have audits been conducted by personnel not involved in

the audited activity

Have records of audits been maintained in accordance with

4.2.4

Have actions and corrective actions been taken without

undue delay(8.5.2)

8.2.3 Are the QMS processes monitored and, where applicable

measured to
Demonstrate the achievement of planned results

Initiate corrective action

Take appropriate corrective action to ensure product

conformity

8.2.4 Has the organisation monitored and, where applicable

measured the characteristics of the product to verify that
product requirements have been met

Has this been carried out at appropriate stages in

accordance with planned arrangements (7.1)

Has evidence of conformity, along with acceptance criteria

been maintained

Do records indicate the person(s) who authorised release of

product for delivery to the customer

Have planned arrangements (7.1) been satisfactorily

completed prior to product release for delivery to the
customer or have they been otherwise approved by a
relevant authority and, where applicable, the customer

8.3 Is nonconforming product identifiable

Where applicable, has the organisation dealt with non

conforming product by one or more of the following ways:
By taking action to eliminate the detected nonconformity

By authorising its use, release or acceptance under

concession by a relevant authority and, where applicable, by
the customer

By taking action to preclude its original intended use or

application

Page 14 of 16
 By taking action appropriate to the effects, or potential
effects, of the nonconformity when nonconforming product is
detected after delivery or use has started
8.3 Where applicable, has nonconforming product, which has
been corrected, been subject to re-verification to
demonstrate conformity to requirements

Have records of non-conformance and subsequent actions,

including concessions obtained, been maintained in
accordance with 4.2.4

8.4 Has the organisation determined the data required to

demonstrate the suitability and effectiveness of the QMS
and to evaluate where continual improvement of the
effectiveness of the QMS can be made

Does the data that has been determined include that data
generated as a result of monitoring and measurement and
other relevant sources

Has the organisation collected and analysed the data

determined

Does the analysis of data provide information relating to:

a) Customer satisfaction (8.2.1)

b) Conformity of product requirements (8.2.4)

c) Characteristics and trends of processes and products,

including opportunities for preventive action (8.2.3 and
8.2.4)

d) Suppliers

8.5.1 Has the organisation continually improved the effectiveness

of the QMS through the use of:

The quality policy

Quality objectives

Audit results

Analysis of data

Corrective actions

Preventative actions

Management review

Page 15 of 16
8.5.2 Has the organisation taken action to eliminate the causes of
nonconformities to prevent recurrence

Has the corrective action bee appropriate to the effects of

the nonconformities

Has a documented procedure been established, which

defines requirements for:
a) Reviewing nonconformities (including customer complaints)

b) Determining the causes of nonconformities

c) Evaluating the need for action to ensure that

nonconformities do not recur

d) Determining and implementing action needed

e) Records of the results of action taken (4.2.4)

f) Reviewing the effectiveness of the corrective action taken

8.5.3 Has the organisation determined action to eliminate the

causes of potential nonconformities in order to prevent their
occurrence

Are the preventive actions determined appropriate to the

effects of the potential problems

Has a documented procedure been established, which

defines requirements for:
Determining potential nonconformities and their causes

Evaluating the need for action to prevent occurrence of

nonconformities

Determining and implementing action needed

Records of results of action taken (4.2.4)

Reviewing the effectiveness of the preventive action taken

Organisation name:

Location:

Audit Date:

Auditor(s):

Audit number:

Page 16 of 16