AUDIT CHECKLIST– ISO 9001:2015
/ Organization / Report n°:Site/s / Date / Page n°...... of .....
Type of audit First Cert. Surveillance Recert. Extension Transition Other: …
Auditor / Signature
Note for transition audit:
Clauses or paragraphs highlighted in grey must always be checked; when an entire clause or a part of the clause is highlighted in grey, auditor must register relevant evidences in the pertinent field of this checklist.
Evidences related to other elements of the standard is to be registered in the checklist or in the observation sheets at the end of this document.
Par. / ISO9001:2015 REQUIREMENTS / EVALUATIONC / N.C. / N.A.
4.1 / Understanding the organization and its context
Has the Organization determined external and internal issues that are relevant to QMS?
How does the Organization monitor and review the relevant information?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
4.2 / Understanding the needs and expectations of interested parties
Has the Organization determined:
a)the interested parties that are relevant to the quality management system;
b)the requirements of these interested parties?
How does the Organization monitor and review the relevant information?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
4.3 / Determining the scope of the quality management system
Has the Organization determined the boundaries and applicability of the QMS to establish its scope?
When determining this scope, has the organization considered the external and internal issues, including their requirements, and its products and services?
Have all products and services within the scope included in QMS?
Documented information related to 4.3
Does the Organization maintain documented information of its scope?
Does the Organization maintain documented information relevant to justification for any requirement of ISO 9001 that the organization determines is not applicable to the scope of its QMS?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
4.4 / Quality management system and its processes
Has the organization established, implemented and maintained a QMS in accordance with the requirements of ISO 9001?
Does the Organization continually improve it?
Has the Organization determined the processes needed and their interactions and has:
a) determined the inputs required and the outputs expected from theseprocesses;
b) determined the sequence and interaction of these processes;
c) determined and apply the criteria and methods (including monitoring, measurements and relatedperformance indicators) needed to ensure the effective operation and control of these processes;
d) determined the resources needed for these processes and ensure their availability;
e) assigned the responsibilities and authorities for these processes;
f) addressed the risks and opportunities as determined in accordance with the requirements of 6.1;
g) evaluated these processes and implement any changes needed to ensure that these processes achieve their intended results;
h) improved the processes and the quality management system?
Documented information related to 4.4
Does the Organization maintain documented information to support the operation of its processes?
Has the Organization retained documented information to have confidence that the processes are being carried out as planned?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
5.1 / Leadership and commitment
Does top management demonstrate leadership and commitment with respect to QMS by:
a) taking accountability for the effectiveness of the quality management system;
b) ensuring that the quality policy and quality objectives are established for the quality managementsystem and are compatible with the context and strategic direction of the organization;
c) ensuring the integration of the quality management system requirements into the organization’sbusiness processes;
d) promoting the use of the process approach and risk-based thinking;
e) ensuring that the resources needed for the quality management system are available;
f) communicating the importance of effective quality management and of conforming to the quality
management system requirements;
g) ensuring that the quality management system achieves its intended results;
h) engaging, directing and supporting persons to contribute to the effectiveness of the quality
management system;
i) promoting improvement;
j) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?
Costumer focus
Does top management demonstrate leadership and commitment with respect to customer focus by:
a) customer and applicable statutory and regulatory requirements are determined, understood and consistently met;
b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed;
c) the focus on enhancing customer satisfaction is maintained?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
5.2 / Establishing the quality policy
Has the Organization established, implemented and maintained a quality policy?
Is it appropriate to the purpose and context of the organization and supports its strategic direction?
Does it provide a framework for setting quality objectives?
Does it include a commitment to:
-satisfy applicable requirements?
-continual improvement of the QMS?
Communicating the quality policy
Is the quality policy
-communicated, understood and applied within the organization?
-available to interested parties?
Documented information related to 5.2
Does quality policy maintain as documented information?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
5.3 / Organizational roles, responsibilities and authorities
Has top management ensured that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization?
Has top management assigned the responsibility and authority for:
-ensuring that the quality management system conforms to the requirements of ISO 9001:2015
-ensuring that the processes are delivering their intended outputs
-reporting on the performance of the quality management system and on opportunities for improvement, in particular to top management
-ensuring the promotion of customer focus throughout the organization
-ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
6.1 / Planning
Actions to address risks and opportunities
Has the organization determined the risks and opportunities, related to its:
-issues referred to in 4.1?
-requirements referred to in 4.2?
-the scope of its QMS?
Are the determined risks and opportunities addressed to:
-give assurance that the QMS can achieve its intended outcomes?
-enhance desirable effects?
-prevent, or reduce, undesired effects?
-achieve improvement?
Has the organization planned :
-actions to address the defined risks and opportunities, proportionated to the potential impact on the conformity of products and services?
-how to integrate and implement the actions into its quality management system processes and evaluate the effectiveness of these actions?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
6.2 / Quality objectives and planning to achieve them
Has the organization established quality objectives:
-consistent with the quality policy?
-measurable?
-take into account applicable requirements?
-be relevant to conformity of products and services and to enhancement of customer satisfaction?
-monitored?
-communicated?
-updated as appropriate?
When planning how to achieve its quality objectives, has the organization determined:
-what will be done
-what resources will be required
-who will be responsible
-when it will be completed
-how the results will be evaluated?
Documented information related to 6.2
Does the organization maintain documented information on the quality objectives?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
6.3 / Planning of changes
When determines the need for changes to the quality management system, has the organization considered:
a)the purpose of the changes and their potential consequences;
b)the integrity of the quality management system;
c)the availability of resources;
d)the allocation or reallocation of responsibilities and authorities?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
7.1 / Resources
General
Has the organization determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the QMS?
Has the organization considered:
- the capabilities of, and constraints on, existing internal resources
- what needs to be obtained from external providers?
People
Has the organization determined and provided the persons necessary for the effective implementation of its quality management system and for the operation and control of its processes?
Infrastructure
Has the organization determined, provided and maintained the infrastructure necessary for the operation of its processes and to achieve conformity of products and services?
Environment and measuring resources
Has the organization determined, provided and maintained the environment necessary for the operation of its processes and to achieve conformity of products and services?
Monitoring and measuring resources - General
Has the organization determined and provided the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements?
Has the organization ensured that the resources provided:
- are suitable for the specific type of monitoring and measurement activities being undertaken
- are maintained to ensure their continuing fitness for their purpose?
Monitoring and measuring resources - Measurement traceability
Are the measuring equipment:
- calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards;
- identified in order to determine their status;
- safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results?
When measuring equipment is found to be unfit for its intended purpose, has the organization determined if the validity of previous measurement results has been adversely affected and appropriate action have been taken, as necessary?
Organizational knowledge
Has the organization determined the knowledge necessary for the operation of its processes and toachieve conformity of products and services?
Does the organization maintained and be made it available to the extent necessary?
Documented information related to 7.1.5.1
Does the organization retained documented information as evidence of fitness for purpose of the monitoring and measurement resources?
Documented information related to 7.1.5.2
When no international or national measurement standards exist, are the basis used for calibration or verification retained as documented information?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
7.2 / Competence
Has the organization:
a)determined the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the quality management system?
b)ensured that these persons are competent on the basis of appropriate education, training or experience?
c)where applicable, taken actions to acquire the necessary competence and evaluate the effectiveness of the actions taken?
Documented information related to 7.2
Has the organization retained appropriate documented information as evidence of competence?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
7.3 / Awareness
Has the organization ensured that persons doing work under the organization's control are aware of:
a)the quality policy?
b)relevant quality objectives;
c)their contribution to the effectiveness of the quality management system, including the benefits of improved performance;
d)the implications of not conforming with the quality management system requirements?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
7.4 / Communication
Has the organization determined the internal and external communications relevant to the quality management system, including:
a)on what it will communicate;
b)when to communicate;
c)with whom to communicate;
d)how to communicate;
e)who communicates?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
7.5 / Documented information
Does the organization's QMS include:
a)documented information required by ISO9001:2015;
b)documented information as being necessary for the effectiveness of the QMS?
Is the organization’s documented information created, updated, controlled and protected from unintended alterations as per clause 7.5.2 and 7.5.3?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
8.1 / Operational planning and control
With the aim of planning, implementing and controlling the processes needed to meet the requirements for the provision of products and services, and in order to implement the actions determined in Clause 6, has the organization:
-determined the requirements for the products and services?
-established criteria for:
-the processes;
-the acceptance of products and services?
-determined the resources needed to achieve conformity to the product and service requirements?
-implemented control of the processes in accordance with the criteria?
-determined,maintained and retained documented information to the extent necessary:
-to have confidence that the processes have been carried out as planned
-to demonstrate the conformity of products and services to their requirements?
Does the organization control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary?
Does the organization ensure that outsourced processes are controlled?
Documented information related to 8.1
Has the organization maintained and retained documented information to the extent necessary:
-to have confidence that the processes have been carried out as planned
-to demonstrate the conformity of products and services to their requirements?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
8.2 / Requirements for products and services
Customer communication
Does communication with customers include:
-providing information relating to products and services;
-handling enquiries, contracts or orders, including changes;
-obtaining customer feedback relating to products and services, including customer complaints;
-handling or controlling customer property;
-establishing specific requirements for contingency actions, when relevant?
Determining the requirements related to products and services
When determining the requirements for the products and services to be offered to customers, has the organization ensured that:
-the requirements for the products and services are defined, including:
-any applicable statutory and regulatory requirements;
-those considered necessary by the organization;
-the organization can meet the claims for the products and services it offers?
Review of requirements related to products and services
Has the organization ensured that:
-it has the ability to meet the requirements for products and services to be offered to customers
-contract or order requirements differing from those previously defined are resolved?
Has the organization conducted a review before committing to supply products and services to a customer, to include:
-requirements specified by the customer, including the requirements for delivery and post-delivery activities;
-requirements not stated by the customer, but necessary for the specified or intended use, when known;
-requirements specified by the organization;
-statutory and regulatory requirements applicable to the products and services;
-contract or order requirements differing from those previously expressed?
When the customer does not provide a documented statement of their requirements, has the organization confirmed the customer’s requirements before acceptance?
Changes to requirements for products and services
When the requirements for products and services are changed, has the organization ensured that relevant documented information is amended, and that relevant persons are made aware of the changed requirements?
Documented information related to 8.2.3
Has the organization retained appropriate documented information on the results of the review and on any new requirements for the products and services?
EVIDENCES (Assessed activities, Contacted people and their position, findings etc ….)
REF. OF MANDATORY DOCUMENTED INFORMATION:
8.3 / Design and development of products and services
General
Has the organization established, implemented and maintained a design and development process that is appropriate to ensure the subsequent provision of products and services?
Design and development planning
In determining the stages and controls for design and development, has the organization considered:
a) the nature, duration and complexity of the design and development activities;
b) the required process stages, including applicable design and development reviews;
c) the required design and development verification and validation activities;
d) the responsibilities and authorities involved in the design and development process;
e) the internal and external resource needs for the design and development of products and services;
f) the need to control interfaces between persons involved in the design and development process;
g) the need for involvement of customers and users in the design and development process;
h) the requirements for subsequent provision of products and services;
i) the level of control expected for the design and development process by customers and other relevant interested parties;
j) the documented information needed to demonstrate that design and development requirements have been met?
Design and development inputs
In determining the requirements essential for the specific types of products and services to be designed and developed, has the organization considered:
-functional and performance requirements;
-information derived from previous similar design and development activities;
-statutory and regulatory requirements;
-standards or codes of practice that the organization has committed to implement;
-potential consequences of failure due to the nature of the products and services?
Are the inputs for design and development purposes complete and unambiguous?
Has the organization resolved conflicting design and development inputs?