1.

Pre-Audit Activities:

 Audit Planning:

 Define the audit scope, objectives, and criteria.

 Select the audit team and assign roles.

 Communicate the audit plan to the organization being audited.

 Review of Documentation:

 Review the organization's documented QMS to get a preliminary understanding.

 This review can help auditors identify potential areas of focus.

2. Opening Meeting:

 A formal meeting to:

 Confirm the scope, objectives, and criteria of the audit.

 Explain the audit methods and timings.

 Establish communication channels for the audit duration.

3. Conducting the Audit:

 Gathering Evidence:

 This includes interviews, observations, and review of relevant documentation and

records.

 Evaluating Evidence:

 Compare the evidence against the requirements of ISO 9001.

 Determine if the QMS is effectively implemented and maintained.

4. Audit Findings:

 Auditors document evidence that indicates conformity and non-conformity with the ISO
9001 standard.

 Non-conformities can be classified as minor or major based on their impact.

5. Closing Meeting:

 Present preliminary audit findings.

 Clarify any doubts or questions.

 Discuss the next steps, including timelines for corrective actions and follow-ups.

6. Audit Report:

 Provide a detailed report that includes:

 Audit scope, objectives, and criteria.

 Audit findings, observations, and non-conformities.

  Recommendations for corrective actions.

7. Review of Corrective Actions (if non-conformities are identified):

 The organization provides evidence of corrective actions taken to address non-conformities.

 Auditors review these actions to verify their effectiveness.

8. Follow-Up Audit (if needed):

 Depending on the nature and severity of non-conformities, a follow-up audit might be

scheduled to verify the effective implementation of corrective actions.

9. Certification Decision (for certification audits):

 If the audit's purpose was for certification, an external certification body will review the audit
results and decide whether to grant the ISO 9001 certification.

10. Surveillance Audits (for certified organizations):

 Regularly scheduled audits (usually annually) to ensure ongoing conformity with ISO 9001
and to promote continual improvement.

11. Recertification Audit (typically every 3 years for certified organizations):

 A more comprehensive audit similar to the initial certification audit, conducted before the
organization's certification expires.

It's worth noting that ISO 9001 audits can be:

 First-party audits (internal audits) conducted by the organization itself.

 Second-party audits conducted by customers or other external parties with an interest in the
organization.

 Third-party audits conducted by external, independent auditing bodies, typically for

certification purposes.