Internal Audit Checklist (ISO 9001:2015)

Date: Auditor: Auditee (s):

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

4 Context of the Organization
4.1 Understanding the organization and its context
4.1q1 The organization shall determine external and internal How has the organization determined external
issues that are relevant to its purpose and its strategic and internal issues relevant to its purpose and
direction and that affect its ability to achieve the strategic direction?
intended result(s) of its quality management system. How do these affect the ability to achieve the
intended result of the QMS?
4.1q2 The organization shall monitor and review the How do you monitor and review information
information about these external and internal issues. about these internal and external issues?
NOTE 1 Understanding the external context can be facilitated by considering issues arising from legal, technological,
competitive, market, cultural, social, and economic environments, whether international, national, regional or local.
NOTE 2 Understanding the internal context can be facilitated by considering issues related to values, culture knowledge
and performance of the organization.
4.2 Understanding the needs and expectations of interested parties
4.2q1 Due to their impact or potential impact on the How have you determined what interested
organization’s ability to consistently provide products parties are relevant to the QMS?
and services that meet customer and applicable statutory How have you determined what requirements
and regulatory requirements, the organization shall those parties have that are relevant to the QMS?
determine: How has impact or potential impact been
a) the interested parties that are relevant to the quality determined?
management system;
b) the requirements of these interested parties that are
relevant to the quality management system.
4.2q2 The organization shall monitor and review the How do you monitor and review the information
information about these interested parties and their about interested parties and their relevant
relevant requirements. requirements?
4.3 Determining the scope of the quality management system
4.3q1 The organization shall determine the boundaries and How have the boundaries and applicability of
applicability of the quality management system to the QMS been used to establish the scope of the
establish its scope. organization?
4.3q2 When determining this scope, the organization shall How have:
consider: The external and internal issues;
a) the external and internal issues referred to in 4.1; The requirements of relevant interested parties
b) the requirements of relevant interested parties and;
referred to in 4.2; The products and services of the organization
c) the products and services of the organization. been considered when determining the scope of
the organization?
4.3q3 Where a requirement of this International Standard How has the application of the International
within the determined scope can be applied, then it shall Standard within the scope been determined, and
be applied by the organization. how has it been applied by the organization?
4.3q4 If any requirement(s) of this International Standard How have any requirements of the International
cannot be applied, this shall not affect the organization’s Standard been determined as not applicable?
ability or responsibility to ensure conformity of products Show me how conformity of products and
and services. services are not affected by this.

Page 1 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

4.3q5 The scope shall be available and be maintained as Where is the scope available? Where is it Scope required as documented information.
documented information stating the: maintained as documented information?
- products and services covered by the quality Does it state what products and services are
management system; covered by the QMS?
- justification for any instance where a Does it justify how instances of requirements of
requirement of this International Standard the QMS cannot be applied?
cannot be applied.
4.4 Quality management system and its processes
4.4q1 The organization shall establish, implement, maintain How has the QMS been established? Show me
and continually improve a quality management system, how this is implemented. How is it maintained
including the processes needed and their interactions, in and continually improved? How have the
accordance with the requirements of this International processes been determined and how do they
Standard. interact?
4.4q2 The organization shall determine the processes needed How have the processes been determined for the
for the quality management system and their application QMS?
throughout the organization and shall determine: What are the inputs and outputs for those
a) the inputs required and the outputs expected from processes?
these processes; What is the sequence and interaction of the
b) the sequence and interaction of these processes; processes?
c) the criteria, methods, including measurements and What are the criteria, methods, measurement and
related performance indicators needed to ensure the related performance indicators needed to operate
effective operation, and control of these processes; and control those processes?
d) the resources needed and ensure their availability; What resources are needed and how are these
e) the assignment of the responsibilities and authorities made available?
for these processes; How are responsibilities and authorities assigned
f) the risks and opportunities in accordance with the for those processes?
requirements of 6.1, and plan and implement the How are risks and opportunities considered and
appropriate actions to address them; what plans are made to implement actions to
g) the methods for monitoring, measuring, as address them?
appropriate, and evaluation of processes and, if needed, What methods are used to monitor, measure and
the changes to processes to ensure that they achieve evaluate processes and, if needed, what changes
intended results; are made to achieve intended results?
h) opportunities for improvement of the processes and How are opportunities to improve the processes
the quality management system. and the QMS determined?
4.4q3 The organization shall maintain documented information What documented information exists to Documented information to support the operation of processes.
to the extent necessary to support the operation of support the operation of processes? How is this
processes and retain documented information to the documented information retained? How is
extent necessary to have confidence that the processes confidence that the processes are being carried
are being carried out as planned. out as planned determined?
5 Leadership
5.1 Leadership and commitment
5.1.1 Leadership and commitment for the quality management system

Page 2 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

5.1.1q1 Top management shall demonstrate leadership and Show me how top management demonstrates
commitment with respect to the quality management leadership and commitment w.r.t. the QMS by
system by: taking accountability of the effectiveness of the
a) taking accountability of the effectiveness of the QMS.
quality management system; How is the quality policy and objectives
b) ensuring that the quality policy and quality objectives established for the QMS and how are they
are established for the quality management system and compatible with the strategic direction and the
are compatible with the strategic direction and the organizational context?
context of the organization; How is the quality policy communicated within
c) ensuring that the quality policy is communicated, the organization? Show me how this is
understood and applied within the organization; understood and applied.
d) ensuring the integration of the quality management How are the requirements of the QMS integrated
system requirements into the organization’s business into the business processes?
processes; How do you promote awareness of the process
e) promoting awareness of the process approach; approach?
f) ensuring that the resources needed for the quality How do you ensure that resources needed for the
management system are available; QMS area available?
g) communicating the importance of effective quality How do you communicate the importance of
management and of conforming to the quality effective quality management?
management system requirements; How do you communicate the importance of
h) ensuring that the quality management system conforming to the QMS requirements?
achieves its intended results; How do you ensure that the QMS achieves its
i) engaging, directing and supporting persons to intended results?
contribute to the effectiveness of the quality How do you engage, direct and support people
management system; to contribute to the effectiveness of the QMS?
j) promoting continual improvement; How do you promote continual improvement?
k) supporting other relevant management roles to How do you support other relevant management
demonstrate their leadership as it applies to their areas of roles to demonstrate leadership in their areas of
responsibility. responsibility?
NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are
core to the purposes of the organization’s existence; whether the organization is public, private, for profit or not for
profit.
5.1.2 Customer focus
5.1.2q1 Top management shall demonstrate leadership and Show me how top management demonstrates
commitment with respect to customer focus by ensuring leadership and commitment w.r.t. customer
that: focus ensuring requirements and applicable
a) customer requirements and applicable statutory and statutory and regulatory requirements are
regulatory requirements are determined and met; determined and met.
b) the risks and opportunities that can affect conformity How are risks and opportunities that can affect
of products and services and the ability to enhance conformity of products and services determined?
customer satisfaction are determined and addressed; How is the ability to enhance customer
c) the focus on consistently providing products and
satisfaction determined and addressed?
services that meet customer and applicable statutory and
How is the focus on consistently providing
regulatory requirements is maintained;
d) the focus on enhancing customer satisfaction is products and services that meet customer and
maintained. applicable statutory and regulatory requirements
maintained?
How is customer satisfaction maintained?

Page 3 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

5.2 Quality policy
5.2.1
5.2.1q1 Top management shall establish, review and maintain a How does top management establish, review and
quality policy that: maintain a quality policy?
a) is appropriate to the purpose and context of the How is it determined to be appropriate to the
organization; purpose and context of the organization?
b) provides a framework for setting and reviewing quality Does it provide a framework for setting and
objectives; reviewing quality objectives?
c) includes a commitment to satisfy applicable Does it contain a commitment to satisfy
requirements; applicable requirements?
d) includes a commitment to continual improvement of the Does it include a commitment to continual
quality management system. improvement of the QMS?
5.2.2
5.2.2q1 The quality policy shall: Where is the quality policy available as Quality Policy as document information
a) be available as documented information; documented information?
b) be communicated, understood and applied within How is it communicated?
the organization; Show me how it is understood and applied
c) be available to relevant interested parties, as within the organization.
appropriate. How have you made it available to relevant
interested parties?
5.3 Organizational roles, responsibility and authorities
5.3q1 Top management shall ensure that the responsibilities How does top management ensure that
and authorities for relevant roles are assigned, responsibilities and authorities for relevant roles
communicated and understood within the organization. are assigned, communicated and understood
within the organization?
5.3q2 Top management shall assign the responsibility and How does top management assign the
authority for: responsibility and authority for:
a) ensuring that the quality management system Ensuring that the QMS conforms to the
conforms to the requirements of this International International standard?
Standard; Ensuring processes are delivering their intended
b) ensuring that the processes are delivering their outputs?
intended outputs; How is the performance of the QMS,
c) reporting on the performance of the quality opportunities for improvement and the need for
management system, on opportunities for improvement change or innovation reported to top
and on the need for change or innovation, and especially management?
for reporting to top management; How is customer focus promoted within the
d) ensuring the promotion of customer focus throughout organization?
the organization; How is the integrity of the QMS maintained
e) ensuring that the integrity of the quality management when changes to the QMS are planned and
system is maintained when changes to the quality implemented?
management system are planned and implemented.
6 Planning for the quality management system
6.1 Actions to address risks and opportunities
6.1.1

Page 4 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

6.1.1q1 When planning for the quality management system, the How are the internal and external issues and
organization shall consider the issues referred to in 4.1 interested parties considered when planning for
and the requirements referred to in 4.2 and determine the the QMS?
risks and opportunities that How are risks and opportunities determined and
need to be addressed to: addressed so that the QMS can::
a) give assurance that the quality management system a) achieve its intended results;
can achieve its intended result(s); b) Prevent or reduce undesired effects;
b) prevent, or reduce, undesired effects; c) Achieve continual improvement?
c) achieve continual improvement.
6.1.2
6.1.2q1 The organization shall plan: How are actions planned to address risks and
a) actions to address these risks and opportunities; opportunities?
b) how to: How are actions integrated and implemented
1) integrate and implement the actions into its quality into the QMS processes?
management system processes (see 4.4); How do you evaluate the effectiveness of the
2) evaluate the effectiveness of these actions. actions?
6.1.2q2 Actions taken to address risks and opportunities shall be How are actions taken to address risks and
proportionate to the potential impact on the conformity opportunities determined as being appropriate to
of products and services. the potential impact on the conformity of
products and services?
6.2.2.1 Product design skills
6.2.2.1q1 The organization shall ensure that personnel with How do you determine that personnel with
product design responsibility are competent to achieve product design responsibility are competent to
design requirements and are skilled in applicable tools achieve design requirements? How do you
and techniques. determine skills required in applicable tools and
Applicable tools and techniques shall be identified by techniques? How do you identify applicable
the organization. tools and techniques?
NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an
opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by
informed decision.
6.2 Quality objectives and planning to achieve them
6.2.1
6.2.1q1 The organization shall establish quality objectives at Where are the quality objectives and are these at Documented information on quality objectives
relevant functions, levels and processes. all relevant functions, levels and processes?
The quality objectives shall: Are they consistent with the quality policy?
a) be consistent with the quality policy, Are they measureable?
b) be measurable; Do they consider applicable requirements?
c) take into account applicable requirements; Are they relevant to the conformity of products
d) be relevant to conformity of products and services and services and do they enhance customer
and the enhancement of customer satisfaction; satisfaction?
e) be monitored; Are they monitored? How? How often?
f) be communicated; How are they communicated?
g) be updated as appropriate. How are they updated?
The organization shall retain documented information on Where is the documented information on the
the quality objectives. quality objectives?
6.2.2

Page 5 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

6.2.2q1 When planning how to achieve its quality objectives, the How does the organization determine what will
organization shall determine: be done, with what resources, when completed
a) what will be done; and how will results be evaluated for quality
b) what resources will be required; objectives?
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.
6.3 Planning of changes
6.3q1 Where the organization determines the need for change How are changes to the QMS planned
to the quality management system (see 4.4) the change systematically?
shall be carried out in a planned and systematic manner. Demonstrate the purpose and potential
The organization shall consider: consequences of changes;
a) the purpose of the change and any of its potential Demonstrate the integrity of the QMS;
consequences; Demonstrate how resources are made available?
b) the integrity of the quality management system; Demonstrate how responsibility and authority is
c) the availability of resources; allocated or reallocated.
d) the allocation or reallocation of responsibilities and
authorities.
7 Support
7.1 Resources
7.1.1 General
7.1.1q1 The organization shall determine and provide the Demonstrate how resources are determined for
resources needed for the establishment, implementation, the establishment, implementation, maintenance
maintenance and continual improvement of the quality and continual improvement of the QMS.
management system. Show me how the capabilities and constraints on
The organization shall consider: internal resources are considered.
a) the capabilities of, and constraints on, existing Show me how needs from external providers are
internal resources; considered.
b) what needs to be obtained from external providers.
7.1.2 People
7.1.2q1 To ensure that the organization can consistently meet How do you provide persons necessary to
customer and applicable statutory and regulatory consistently meet customer, applicable statutory
requirements, the organization shall provide the persons and regulatory requirements for the QMS
necessary for the effective including the necessary processes?
operation of the quality management system, including
the processes needed.
7.1.3 Infrastructure
7.1.3q1 The organization shall determine, provide and maintain How do you determine, provide and maintain the
the infrastructure for the operation of its processes to infrastructure for the operation of processes to
achieve conformity of products and services. achieve products and service conformity?
NOTE 1 Any product realization change affecting customer requirements requires notification to, and agreement from,
the customer.
7.1.4 Environment for the operation of processes
7.1.4q1 The organization shall determine, provide and maintain How do you determine, provide and maintain the
the environment necessary for the operation of its environment for the operation of processes to
processes and to achieve conformity of products and achieve products and service conformity?
services.
Page 6 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

NOTE Environment for the operation of processes can include physical, social, psychological, environmental and other
factors (such as temperature, humidity, ergonomics and cleanliness).
7.1.5 Monitoring and measuring resources
7.1.5q1 Where monitoring or measuring is used for evidence of How are the resources determined for ensuring
conformity of products and services to specified valid and reliable monitoring and measuring
requirements the organization shall determine the results, where used?
resources needed to ensure valid and reliable monitoring
and measuring results.
7.1.5q2 The organization shall ensure that the resources How do you ensure that resources provided are
provided: suitable for the specific monitoring and
a) are suitable for the specific type of monitoring and measurement activities and are maintained to
measurement activities being undertaken; ensure continued fitness for purpose?
b) are maintained to ensure their continued fitness for
their purpose.
7.1.5q3 The organization shall retain appropriate documented Show me the documented information which is Documented information of fitness for purpose of monitoring &
information as evidence of fitness for purpose of evidence of fitness for purpose of monitoring measurement resources.
monitoring and measurement resources. and measurement resources.
7.1.5q4 Where measurement traceability is: a statutory or Where applicable, show me how measurement Documented information for the basis of calibration or verification
regulatory requirement; a customer or relevant interested instruments are: where no standards exist.
party expectation; or considered by the organization to Verified or calibrated at specified intervals
be an essential part of providing confidence in the against national or international measurement
validity of measurement results; measuring instruments standards;
shall be: If there are no standards, show me the
-verified or calibrated at specified intervals or prior to documented information which is used as the
use against measurement standards traceable to basis used for calibration or verification.
international or national measurement standards. Where Show me how measurement instruments are
no such standards exist, the basis used for calibration or identified to determine their calibration status.
verification shall be retained as documented Show me how they are safeguarded from
information; adjustments.
-identified in order to determine their calibration status; Show me how they are safeguarded from
-safeguarded from adjustments, damage or deterioration damage and deterioration.
that would invalidate the calibration status and
subsequent measurement results.
7.1.5q5 The organization shall determine if the validity of How do you determine the validity of previous
previous measurement results has been adversely measurements if you find an instrument to be
affected when an instrument is found to be defective defective during verification or calibration?
during its planned verification or calibration, or during What appropriate actions can you take?
its use, and take appropriate corrective action as
necessary.
7.1.6 Organizational knowledge
7.1.6q1 The organization shall determine the knowledge How do you determine necessary knowledge for
necessary for the operation of its processes and to the operation of processes? How do you
achieve conformity of products and services. determine necessary knowledge to achieve
conformity of products and services?
7.1.6q2 This knowledge shall be maintained, and made available How do you maintain this knowledge and how
to the extent necessary. do you make it available to the extent necessary?

Page 7 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

7.1.6q3 When addressing changing needs and trends, the How do you consider current knowledge and
organization shall consider its current knowledge and how do you acquire additional knowledge when
determine how to acquire or access the necessary addressing changing needs and trends?
additional knowledge.
NOTE 1 Organizational knowledge can include information such as intellectual property and lessons learned.
NOTE 2 To obtain the knowledge required, the organization can consider:
a) internal sources (e.g. learning from failures and successful projects, capturing undocumented knowledge and
experience of topical experts within the organization);
b) external sources (e.g. standards, academia, conferences, gathering knowledge with customers or
providers).
7.2 Competence
7..2q1 The organization shall: Show me how: Documented information as evidence of competence where
a) determine the necessary competence of person(s) You determine the necessary competence of appropriate.
doing work under its control that affects its quality people doing work under your control that
performance; affects quality performance;
b) ensure that these persons are competent on the basis How do you determine competence on the basis
of appropriate education, training, or experience; of appropriate education, training or experience?
c) where applicable, take actions to acquire the How do you take actions to acquire necessary
necessary competence, and evaluate the effectiveness of competence where applicable and how do you
the actions taken; evaluate the effectiveness of those actions?
d) retain appropriate documented information as Show me documented information where
evidence of competence. appropriate of competence.
NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re-assignment of
currently employed persons; or the hiring or contracting of competent persons.
7.3 Awareness
7.3q1 Persons doing work under the organization’s control How are people aware of:
shall be aware of: The quality policy?
a) the quality policy; Relevant quality objectives?
b) relevant quality objectives; Their contribution to the effectiveness of the
QMS?
c) their contribution to the effectiveness of the quality The benefits of improved performance?
management system, including the benefits of improved The implications of not conforming with the
quality performance; QMS requirements?
d) the implications of not conforming with the quality
management system requirements.
7.4 Communication
7.4q1 The organization shall determine the internal and How do you determine internal and external
external communications relevant to the quality communications relevant to the QMS?
management system including: How do you determine:
a) on what it will communicate; What?
When?
b) when to communicate; With Whom?
c) with whom to communicate; How?
d) how to communicate.
7.5 Documented information
7.5.1 General

Page 8 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

7.5.1q1 The organization’s quality management system shall What documented information do you have as Documented information required by this standard.
include: required by this standard? Documented information necessary for the effectiveness of the QMS.
a) documented information required by this International What documented information do you have as
Standard; being necessary for the effectiveness of your
b) documented information determined by the QMS?
organization as being necessary for the effectiveness of
the quality management system.
NOTE The extent of documented information for a quality management system can differ from one
organization to another due to:
a) the size of organization and its type of activities, processes, products and services;
b) the complexity of processes and their interactions;
c) the competence of persons.
7.5.2 Creating and updating
7.5.2q1 When creating and updating documented information Show me that your documented information Documented information (in various media) needs identification,
the organization shall ensure appropriate: contains: description.
a) identification and description (e.g. a title, date, author, Identification;
or reference number);
Review / approval process?
Description;
b) format (e.g. language, software version, graphics) and In what media format?
media (e.g. paper, electronic); Show me how the documented information is
c) review and approval for suitability and adequacy. reviewed and approved for suitability and
adequacy.
7.5.3 Control of documented information
7.5.3.1
7.5.3.1q1 Documented information required by the quality Show me how you control documented Control of documented information.
management system and by this International Standard information. Suitability and availability for use.
shall be controlled to ensure: Show me how you make it available and suitable How is it protected?
a) it is available and suitable for use, where and when it for use.
is needed; How do you protect your documented
b) it is adequately protected (e.g. from loss of information?
confidentiality, improper use, or loss of integrity).
7.5.3.2
7.5.3.2q1 For the control of documented information, the When controlling documented information, how Control of documented information.
organization shall address the following do you address: Change control, distribution, access, retrieval, use, storage, preservation,
activities, as applicable: Distribution; legibility, retention and disposition.
a) distribution, access, retrieval and use; Access;
b) storage and preservation, including preservation of Retrieval;
legibility; Use;
c) control of changes (e.g. version control); Storage and preservation;
d) retention and disposition. Legibility;
Control of changes;
Retention and disposition.
7.5.3.2q2 Documented information of external origin determined How do you identify as appropriate and control Control of external documented information.
by the organization to be necessary for the planning and documented information of external origin
operation of the quality management system shall be which you have determined as necessary for the
identified as appropriate, and controlled. QMS
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission
and authority to view and change the documented information.

Page 9 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8 Operation
8.1 Operational planning and control
8.1q1 The organization shall plan, implement and control the How are processes needed to meet requirements Documented information to show processes have been carried out as
processes, as outlined in 4.4, needed to meet for provision of products and services planned, planned and can demonstrate conformity of products and services.
requirements for the provision of products and services implemented and controlled?
and to implement the actions determined in 6.1, by: How are requirements for products and services
a) determining requirements for the product and determined?
services; How is criteria for processes and acceptance for
b) establishing criteria for the processes and for the products and services determined?
acceptance of products and services; How are resources determined?
c) determining the resources needed to achieve How is process control implemented?
conformity to product and service requirements; Show me the documented information that
d) implementing control of the processes in accordance shows confidence in that the processes have
with the criteria; been carried out as planned and can demonstrate
e) retaining documented information to the extent conformity of products and services.
necessary to have confidence that the processes have
been carried out as planned and to demonstrate
conformity of products and services to requirements.
8.1q2 The output of this planning shall be suitable for the How have you determined that the output from
organization's operations. the planning process is suitable for your
operations?
8.1q3 The organization shall control planned changes and How do you control planned changes? How do
review the consequences of unintended changes, taking you review the consequences of unintended
action to mitigate any adverse effects, as necessary. changes? What action is taken to mitigate any
adverse effects?
8.1q4 The organization shall ensure that outsourced processes How do you control outsourced processes?
are controlled in accordance with 8.4.
8.2 Determination of requirements for products and services
8.2.1 Customer communication
8.2.1q1 The organization shall establish the processes for What are your processes for communicating
communicating with customers in relation to: with customers? How do you communicate
a) information relating to products and services; information relating to:
b) enquiries, contracts or order handling, including Products;
changes; Services;
c) obtaining customer views and perceptions, including Enquiries;
customer complaints; Contracts;
d) the handling or treatment of customer property, if Order handling;
applicable; Customer views, perceptions and complaints;
e) specific requirements for contingency actions, when Handling or treatment of customer property;
relevant. Specific requirements for contingency actions?
8.2.2 Determination of requirements related to products and services
8.2.2q1 The organization shall establish, implement and What is your process to determine the
maintain a process to determine the requirements for the requirements for products and services to be
products and services to be offered to potential offered to potential customers? How do you
customers. establish, implement and maintain this process?

Page 10 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.2.2q2 The organization shall ensure that: How do you define product and service
a) product and service requirements (including those requirements including statutory and regulatory
considered necessary by the organization), and requirements?
applicable statutory and regulatory requirements, are How do you ensure that you have the ability to
defined; meet the defined requirements and substantiate
b) it has the ability to meet the defined requirements and any claims for your products and services?
substantiate the claims for the products and services it
offers.
8.2.3 Review of requirements related to products and services
8.2.3q1 The organization shall review, as applicable: How do you review:
a) requirements specified by the customer, including the Customer requirements for delivery and post-
requirements for delivery and post-delivery activities; delivery?
b) requirements not stated by the customer, but Requirements necessary for customers’ specified
necessary for the customers' specified or intended use, or intended use, where known;
when known; Additional statutory and regulatory requirements
c) additional statutory and regulatory requirements applicable to products and services;
applicable to the products and services; Any other contract or order requirements.
d) contract or order requirements differing from those
previously expressed.
NOTE Requirements can also include those arising from relevant interested parties.
8.2.3q2 This review shall be conducted prior to the Show me that the review is conducted prior to
organization’s commitment to supply products and your commitment to supply products and
services to the customer and shall ensure contract or services to your customers. How do you resolve
order requirements differing from those previously contract or order requirements which differ from
defined are resolved. those previously defined?
8.2.3q3 Where the customer does not provide a documented How do you confirm customer requirements
statement of their requirements, the customer where the customer does not provide a
requirements shall be confirmed by the organization documented statement?
before acceptance.
8.2.3q4 Documented information describing the results of the Show me where you retain documented Documented information of reviews describing new or changed
review, including any new or changed requirements for information which describes results of the requirements to products and services.
the products and services, shall be retained. review including any new or changed
requirements.
8.2.3q5 Where requirements for products and services are Show me the documented information Documented information of amended reviews and how relevant
changed, the organization shall ensure that relevant containing changes to products and services. personnel are made aware of those changes.
documented information is amended and that relevant How do you ensure that relevant personnel are
personnel are made aware of the changed requirements. made aware of those changes?
8.3 Design and development of products and services
8.3.1 General
8.3.1q1 Where the detailed requirements of the organization’s How do you establish, implement and maintain a
products and services are not already established or not design and development process (where detailed
defined by the customer or by other interested parties, requirements of your products and services are
such that they are adequate for subsequent production or not already established or defined by the
service provision, the organization shall establish, customer or other parties).
implement and maintain a design and development
process.

Page 11 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes for production
and services provision.
NOTE 2 For services, design and development planning can address the whole service delivery process. The organization
can therefore choose to consider the requirements of clauses 8.3 and 8.5 together.
8.3.2 Design and development planning
8.3.2q1 In determining the stages and controls for design and When determining the stages and control for Documented information that confirms design & development
development, the organization shall consider: design and development, show me how you requirements have been met.
a) the nature, duration and complexity of the design and consider:
development activities; The nature, duration and complexity of the
b) requirements that specify particular process stages, activities;
including applicable design and development reviews; Requirements that specify particular process
c) the required design and development verification and stages including applicable reviews;
validation; Required verification and validation;
d) the responsibilities and authorities involved in the Responsibilities and authorities;
design and development process; How interfaces are controlled between
e) the need to control interfaces between individuals and individuals and parties;
parties involved in the design and development process; The need for involvement of customer and user
f) the need for involvement of customer and user groups groups.
in the design and development process; Show me documented information that
g) the necessary documented information to confirm that confirms design and development requirements
design and development requirements have been met. have been met.
8.3.3 Design and development inputs
8.3.3q1 The organization shall determine: Can you show me how you determine:
a) requirements essential for the specific type of Requirements essential for the type of products
products and services being designed and developed, and services being designed and developed,
including, as applicable, functional and performance including as applicable:
requirements; Functional & performance requirements;
b) applicable statutory and regulatory requirements; Statutory and regulatory requirements;
c) standards or codes of practice that the organization Standards or codes of practice where there is a
has committed to implement; commitment to implement;
d) internal and external resource needs for the design Internal and external resources needed for the
and development of products and services; design and development of products and
e) the potential consequences of failure due to the nature services;
of the products and services; Potential consequences of failure;
f) the level of control expected of the design and Level of control expected of the design and
development process by customers and other relevant development process by customers and other
interested parties. relevant parties.
8.3.3q2 Inputs shall be adequate for design and development How do you determine that inputs are adequate,
purposes, complete, and unambiguous. Conflicts among complete and unambiguous for design and
inputs shall be resolved. development? How do you resolve conflicts
among inputs?
8.3.4 Design and development controls

Page 12 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.3.4q1 The controls applied to the design and development How do controls that are applied to the design
process shall ensure that: and development process ensure:
a) the results to be achieved by the design and Results achieved by design and development
development activities are clearly defined; activities are clearly defined?
b) design and development reviews are conducted as Design and development reviews are conducted
planned; as planned?
c) verification is conducted to ensure that the design and Outputs meet the input requirements by
development outputs have met the design and verification/
development input requirements; Validation is conducted to ensure that the
d) validation is conducted to ensure that the resulting resulting products and services are capable of
products and services are capable of meeting the meeting the requirements for the specified
requirements for the specified application or intended application or intended use (when known)?
use (when known).
8.3.5 Design and development outputs
8.3.5q1 The organization shall ensure that design and How do you ensure that design and development
development outputs: outputs:
a) meet the input requirements for design and Meet the input requirements for design and
development; development?
b) are adequate for the subsequent processes for the Are adequate for the subsequent processes for
provision of products and services; the provision of products and services?
c) include or reference monitoring and measuring Include or reference monitoring and measuring
requirements, and acceptance criteria, as applicable; requirements, and acceptance criteria, as
d) ensure products to be produced, or services to be applicable?
provided, are fit for intended purpose and their safe and Ensure products to be produced, or services to
proper use. be provided, are fit for intended purpose and
their safe and proper use?
8.3.5q2 The organization shall retain the documented Show me the documented information which Documented information from the design and development process.
information resulting from the design and development results from the design and development
process. process.
8.3.6 Design and development changes
8.3.6q1 The organization shall review, control and identify How do you review, control and identify
changes made to design inputs and design outputs during changes made to the design inputs and outputs
the design and development of products and services or during design and development of products and
subsequently, to the extent that there is no adverse services ensuring no impact on conformity to
impact on conformity to requirements. requirements?
8.3.6q2 Documented information on design and development Show me the documented information for Documented information for design and development changes.
changes shall be retained. design and development changes.
8.4 Control of externally provided products and services
8.4.1 General
8.4.1q1 The organization shall ensure that externally provided How do you ensure externally provided
processes, products, and services conform to specified processes, products and services conform to
requirements. specified requirements?

Page 13 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.4.1q2 The organization shall apply the specified requirements Show me how you apply specified requirements
for the control of externally provided products and for the control of externally provided products
services when: and services when:
a) products and services are provided by external Products and services are provided by external
providers for incorporation into the organization’s own providers for incorporation into your own
products and services; products and services;
b) products and services are provided directly to the You provide products and services directly to
customer(s) by external providers on behalf of the customers by external providers on your behalf;
organization; A process or part-process is provided by an
c) a process or part of a process is provided by an external provider as a result of a decision to
external provider as a result of a decision by the outsource a process or function.
organization to outsource a process or function.
8.4.1q3 The organization shall establish and apply criteria for the Show me how you establish and apply criteria
evaluation, selection, monitoring of performance and re- for evaluation, selection, monitoring of
evaluation of external providers based on their ability to performance and re-evaluation of external
provide processes or products and services in providers. How do you assess their ability to
accordance with specified requirements. provide processes or products and services in
accordance with specified requirements?
8.4.1q4 The organization shall retain appropriate documented What documented information do you have of Documented information of external providers’ performance.
information of the results of the evaluations, monitoring the results of evaluations, monitoring of
of the performance and re-evaluations of the external performance and re-evaluations of external
providers. providers?
8.4.2 Type and extent of control of external provision
8.4.2q1 In determining the type and extent of controls to be How do you determine the controls applied to
applied to the external provision of processes, products the external provision of processes, products and
and services, the organization shall take into services and take into consideration:
consideration: a) The potential impact of the externally
a) the potential impact of the externally provided provided processes, products and services on the
processes, products and services on the organization’s ability to consistently meet customer and
ability to consistently meet customer and applicable applicable statutory and regulatory
statutory and regulatory requirements; requirements?
b) the perceived effectiveness of the controls applied by b) The perceived effectiveness of the controls
the external provider. applied by the external provider?
8.4.2q2 The organization shall establish and implement What verification or other activities do you have
verification or other activities necessary to ensure the to ensure externally provided processes,
externally provided processes, products and services do products and services do not adversely affect
not adversely affect the organization's ability to your ability to consistently deliver conforming
consistently deliver conforming products and services to products and services to your customers?
its customers.
8.4.2q3 Processes or functions of the organization which have When processes or functions have been
been outsourced to an external provider remain within outsourced to external providers, how do you
the scope of the organization’s quality management consider a) and b) in 8.4.1 and how do you
system; accordingly, the organization shall consider a) define the controls intended to be applied to the
and b) above and define both the controls it intends to external provider and to the resulting process
apply to the external provider and those it intends to output?
apply to the resulting process output.
8.4.3 Information for external providers
Page 14 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.4.3q1 The organization shall communicate to external Show me how you communicate to external
providers applicable requirements for the following: providers, applicable requirements for:
a) the products and services to be provided or the Products and services to be provided or the
processes to be performed on behalf of the organization; processes to be performed on behalf of the
b) approval or release of products and services, methods, organization;
processes or equipment; Approval or release of products and services,
c) competence of personnel, including necessary methods, processes or equipment;
qualification; Competence of personnel, including necessary
d) their interactions with the organization's quality qualification;
management system; Their interactions with the organization's quality
e) the control and monitoring of the external provider’s management system;
performance to be applied by the The control and monitoring of the external
organization; provider’s performance to be applied by the
f) verification activities that the organization, or its organization;
customer, intends to perform at the external provider’s Verification activities that the organization, or
premises. its customer, intends to perform at the external
provider’s premises.
8.4.3q2 The organization shall ensure the adequacy of specified Before you communicate with external
requirements prior to their communication to the providers, how do you ensure the adequacy of
external provider. specified requirements?
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.1q1 The organization shall implement controlled conditions What controlled conditions do you have for
for production and service provision, including delivery production and service provision, including
and post-delivery activities. delivery and post-delivery activities?

Page 15 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.5.1q2 Controlled conditions shall include, as applicable: Can you show me controlled conditions for: Documented information defining characteristics of the products and
a) the availability of documented information that a) the availability of documented information services
defines the characteristics of the products and services; defining the characteristics of the products and
b) the availability of documented information that services;
defines the activities to be performed and the results to b) the availability of documented information
be achieved; defining the activities to be performed and the
c) monitoring and measurement activities at appropriate results to be achieved;
stages to verify that criteria for control of processes and c) monitoring and measurement activities at
process outputs, and acceptance criteria for products and appropriate stages to verify that criteria for
services, have been met. control of processes and process outputs, and
d) the use, and control of suitable infrastructure and acceptance criteria for products and services,
process environment; have been met.
e) the availability and use of suitable monitoring and d) the use, and control of suitable infrastructure
measuring resources; and process environment;
f) the competence and, where applicable, required e) the availability and use of suitable monitoring
qualification of persons; and measuring resources;
g) the validation, and periodic revalidation, of the ability f) the competence and, where applicable,
to achieve planned results of any process for production required qualification of persons;
and service provision where the resulting output cannot g) the validation, and periodic revalidation, of
be verified by subsequent monitoring or measurement; the ability to achieve planned results of any
h) the implementation of products and services release, process for production and service provision
delivery and post-delivery activities. where the resulting output cannot be verified by
subsequent monitoring or measurement;
h) the implementation of products and services
release, delivery and post-delivery activities.
8.5.2 Identification and traceability
8.5.2q1 Where necessary to ensure conformity of products and What means do you use to identify process
services, the organization shall use suitable means to outputs to ensure conformity of products and
identify process outputs. services?
8.5.2q2 The organization shall identify the status of process How do you identify the status of process
outputs with respect to monitoring and measurement outputs?
requirements throughout production and service
provision.
8.5.2q3 Where traceability is a requirement, the organization How do you control the unique identification of Documented information of traceability, where required.
shall control the unique identification of the process process outputs, where applicable? What
outputs, and retain any documented information documented information do you retain?
necessary to maintain traceability.
NOTE Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to
an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate
parts, components, etc.
8.5.3 Property belonging to customers or external providers

Page 16 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.5.3q1 The organization shall exercise care with property What care do you provide for customer or
belonging to the customer or external providers while it external provider’s property while under your
is under the organization's control or being used by the control?
organization. The organization shall identify, verify, How do you identify, verify, protect and
protect and safeguard the customer’s or external safeguard that property which is provided for
provider’s property provided for use or incorporation use or incorporation into your products or
into the products and services. services?
8.5.3q2 When property of the customer or external provider is What means do you use to report to the customer
incorrectly used, lost, damaged or otherwise found to be or external provider if their property is
unsuitable for use, the organization shall report this to incorrectly used, lost, damaged or found to be
the customer or external provider. unsuitable for use?
NOTE Customer property can include material, components, tools and equipment, customer premises, intellectual
property and personal data.
8.5.4 Preservation
8.5.4q1 The organization shall ensure preservation of process How do you ensure preservation of process
outputs during production and service provision, to the outputs during production and service provision
extent necessary to maintain conformity to requirements. to maintain conformity to product requirements?
NOTE Preservation can include identification, handling, packaging, storage, transmission or transportation, and
protection.
8.5.5 Post-delivery activities
8.5.5q1 As applicable, the organization shall meet requirements How do you meet requirements for post-delivery
for post-delivery activities associated with the products activities associated with products and services?
and services.
8.5.5q2 In determining the extent of post-delivery activities that How do you determine:
are required, the organization shall consider: Risk;
a) the risks associated with the products and services; Nature, use and intended lifetime;
b) the nature, use and intended lifetime of the products Customer feedback;
and services; Statutory and Regulatory requirements, when
c) customer feedback; determining the extent of post-delivery activities
d) statutory and regulatory requirements. required with products and services?
NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as
maintenance services, and supplementary services such as recycling or final disposal.
8.5.6 Control of changes
8.5.6q1 The organization shall review and control unplanned How do you review and control unplanned
changes essential for production or service provision to changes to ensure continuing conformity with
the extent necessary to ensure continuing conformity specified requirements?
with specified requirements.
8.5.6q2 The organization shall retain documented information What documented information can you show Documented information describing results of review of changes,
describing the results of the review of changes, the me which describes the results of reviews of personnel and actions.
personnel authorizing the change, and any necessary changes, the personnel authorizing change and
actions. any necessary actions?
8.6 Release of products and services

Page 17 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

8.6q1 The organization shall implement the planned Show me how planned arrangement have been
arrangements at appropriate stages to verify that product implemented at appropriate stages to verify
and service requirements have been met. Evidence of product and service requirements have been met.
conformity with the acceptance criteria shall be retained. Show me what evidence you retain.
8.6q2 The release of products and services to the customer Show me how the release of products and Documented information providing traceability, authorizing release
shall not proceed until the planned arrangements for services is held until planned arrangements for of products and services.
verification of conformity have been satisfactorily verification of conformity have been
completed, unless otherwise approved by a relevant satisfactorily completed, unless approved by a
authority and, as applicable, by the customer. relevant authority, or the customer if applicable.
Documented information shall provide traceability to the Show me documented information which
person(s) authorizing release of products and services shows traceability to the person authorizing
for delivery to the customer. release of products and services.
8.7 Control of non-conforming process outputs, products and services
8.7q1 The organization shall ensure process outputs, products How do you identify and control process
and services that do not conform to requirements are outputs, products and services that do not
identified and controlled to prevent their unintended use conform to requirements and prevent their
or delivery. unintended use or delivery?
8.7q2 The organization shall take appropriate corrective action What appropriate corrective actions are taken
based on the nature of the nonconformity and its impact based on the nature of the nonconformity and its
on the conformity of products and services. This applies impact on the conformity of products and
also to nonconforming products and services detected services? How do you apply this to
after delivery of the products or during the provision of nonconformity detected after delivery?
the service.
8.7q3 As applicable, the organization shall deal with How you deal with nonconforming process
nonconforming process outputs, products and services in outputs, products and services in terms of:
one or more of the following ways: Correction;
a) correction; Segregation, containment, return or suspension
b) segregation, containment, return or suspension of of provision of products and services?
provision of products and services; Informing the customer?
c) informing the customer; Obtaining authorization for use as-is?
d) obtaining authorization for: Release, continuation or re-provision of the
- use “as-is’;
products and service?
- release, continuation or re-provision of the products
Acceptance under concession?
and services;
- acceptance under concession.
8.7q4 Where nonconforming process outputs, products and How do you verify conformance where process
services are corrected, conformity to the requirements outputs, products and services are corrected
shall be verified. following nonconformance?
8.7q5 The organization shall retain documented information of What documented information do you keep Documented information for actions taken following
actions taken on nonconforming process outputs, following actions taken to address nonconformance, including concessions and authority granted.
products and services, including on any concessions nonconformities, including any concessions
obtained and on the person or authority that made the obtained and on the person or authority that
decision regarding dealing with the nonconformity. made the decision regarding dealing with the
nonconformance.
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
Page 18 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

9.1.1q1 The organization shall determine: Show me how you determine:
a) what needs to be monitored and measured; What needs to be monitored and measured?
b) the methods for monitoring, measurement, analysis Methods for monitoring, measurement, analysis
and evaluation, as applicable, to ensure valid results; and evaluation to ensure valid results?
c) when the monitoring and measuring shall be When to perform monitoring and measuring?
performed; When results shall be analysed and evaluated?
d) when the results from monitoring and measurement
shall be analysed and evaluated.
9.1.1q2 The organization shall ensure that monitoring and What documented information can you show me Documented information of monitoring and measurement activities
measurement activities are implemented in accordance that monitoring and measurement activities have in accordance with determined requirements.
with the determined requirements and shall retain been implemented in accordance with
appropriate documented information as determined requirements?
evidence of the results.
9.1.1q3 The organization shall evaluate the quality performance Show me how you evaluate the quality
and the effectiveness of the quality management system. performance and the effectiveness of the QMS.

9.1.2 Customer satisfaction

9.1.2q1 The organization shall monitor customer perceptions of How do you monitor customer perception of the
the degree to which requirements have been met. degree to which requirements have been met?
9.1.2q2 The organization shall obtain information relating to How do you obtain information relating to
customer views and opinions of the organization and its customer views and opinions of your products
products and services. and services?
9.1.2q3 The methods for obtaining and using this information What methods for obtaining and using this
shall be determined. information do you have?
NOTE Information related to customer views can include customer satisfaction or opinion surveys, customer data on
delivered products or services quality, market-share analysis, compliments, warranty claims and dealer reports.
9.1.3 Analysis and evaluation
9.1.3q1 The organization shall analyse and evaluate appropriate So me how you analyse and evaluate data and
data and information arising from monitoring, information arising from monitoring,
measurement and other sources. measurement and other sources.
9.1.3q2 The output of analysis and evaluation shall be used to: Show me how the output of analysis and
a) demonstrate conformity of products and services to evaluation is used to:
requirements; Demonstrate conformity of products and
b) assess and enhance customer satisfaction; services to requirements?
c) ensure conformity and effectiveness of the quality Assess and enhance customer satisfaction?
management system; Ensure conformity and effectiveness of the
d) demonstrate that planning has been successfully QMS?
implemented; Demonstrate that planning has been successfully
e) assess the performance of processes; implemented?
f) assess the performance of external provider(s); Assess process performance?
g) determine the need or opportunities for improvements Assess performance of external providers?
within the quality management system. Determine the need or opportunities for
improvements within the QMS?
9.1.3q3 The results of analysis and evaluation shall also be used Show me where the results of analysis and
to provide inputs to management review. evaluation are used to provide inputs to
management review.

Page 19 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

9.2 Internal audit
9.2.1
9.2.1q1 The organization shall conduct internal audits at planned Are internal audits being conducted at planned
intervals to provide information on whether the quality intervals? Do they determine whether the QMS
management system; conforms to the requirements of ISO 9001 and to
a) conforms to: the other requirements established by
1) the organization’s own requirements for its Organization? (Review records to demonstrate
quality management system; conformance)
2) the requirements of this International Do they determine whether the QMS is
Standard; effectively implemented and maintained?
b) is effectively implemented and maintained. (Review records)
9.2.2
9.2.2q1 The organization shall: Can you show me audit programme(s) that takes Documented information of the audit programme and results
a) plan, establish, implement and maintain an audit into consideration the quality objectives,
programme(s) including the frequency, methods, importance of the processes, customer feedback,
responsibilities, planning requirements and reporting, changes impacting the organization and the
which shall take into consideration the quality results of previous audits?
objectives, the importance of the processes concerned, Where are the audit criteria and scope for each
customer feedback, changes audit?
impacting on the organization, and the results of Can you demonstrate that selection of auditors
previous audits; and the conduct of audits are objective and
b) define the audit criteria and scope for each audit; impartial and that auditors don’t audit their own
c) select auditors and conduct audits to ensure work?
objectivity and the impartiality of the audit process; How are audit results reported to relevant
d) ensure that the results of the audits are reported to management?
relevant management; Can you demonstrate that necessary correction
e) take necessary correction and corrective actions and corrective actions are taken without undue
without undue delay; delay?
f) retain documented information as evidence of the Can you show me documented information of
implementation of the audit programme and the audit the audit programme and the audit results?
results.
NOTE See ISO 19011 for guidance.
9.3 Management Review
9.3.1
9.3.1q1 Top management shall review the organization's quality What is the frequency that top management
management system, at planned intervals, to ensure its reviews the organization's QMS? How is the
continuing suitability, adequacy, and effectiveness. QMS deemed suitable, adequate and effective?

Page 20 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

9.3.1q2 The management review shall be planned and carried What kinds of information are reviewed in
out taking into consideration: management reviews? These must include:
a) the status of actions from previous management actions status of previous reviews;
reviews; changes to internal/external issues relevant to the
b) changes in external and internal issues that are QMS;
relevant to the quality management system including its issues that affect strategy;
strategic direction; KPIs for nonconformities and corrective actions;
c) information on the quality performance, including monitor and measurement of results;
trends and indicators for: audit results;
1) nonconformities and corrective actions; customer satisfaction;
2) monitoring and measurement results; issues concerning external providers;
3) audit results; issues concerning other relevant parties;
4) customer satisfaction; adequacy of resources and effectiveness of
5) issues concerning external providers and other QMS;
relevant interested parties; process performance;
6) adequacy of resources required for maintaining an conformity of products and services;
effective quality management system; actions taken to address risks and opportunities
7) process performance and conformity of products and and their effectiveness;
services; new potential opportunities for continual
d) the effectiveness of actions taken to address risks and improvement.
opportunities (see clause 6.1);
e) new potential opportunities for continual
improvement.
9.3.2
9.3.2q1 The outputs of the management review shall include Show me that management reviews include
decisions and actions related to: decisions and actions relating to:
a) continual improvement opportunities; Continual improvement opportunities;
b) any need for changes to the quality management The need for changes to the QMS including
system, including resource needs. resource needs.
9.3.2q2 The organization shall retain documented information as Show me what documented information you Documented information of management reviews.
evidence of the results of management reviews. have as evidence of management reviews.
10 Improvement
10.1 General
10.1q1 The organization shall determine and select How do you determine and select opportunities
opportunities for improvement and implement necessary for improvement? What necessary actions have
actions to meet customer requirements and enhance you implemented so that you have met customer
customer satisfaction. requirements and enhanced customer
satisfaction?
10.1q2 This shall include, as appropriate: Show me how you have:
a) improving processes to prevent nonconformities; Improved processes to prevent nonconformities;
b) improving products and services to meet known and Improved products and services to meet known
predicted requirements; and predicted requirements;
c) improving quality management system results. Improved QMS results.
NOTE Improvement can be effected reactively (e.g. corrective action), incrementally (e.g. continual improvement), by
step change (e.g. breakthrough), creatively (e.g. innovation) or by re-organization (e.g. transformation).
10.2 Nonconformity and corrective action
10.2.1

Page 21 of 22
 Internal Audit Checklist (ISO 9001:2015)

Q# ISO 9001:2015 Clause Audit Question Audit Evidence

10.2.1q1 When a nonconformity occurs, including those arising When nonconformities occur, show me how;
from complaints, the organization shall: You react;
a) react to the nonconformity, and as applicable: Take action to control and correct it;
1) take action to control and correct it; Deal with the consequences;
2) deal with the consequences; Evaluate the need for action to eliminate the
b) evaluate the need for action to eliminate the cause(s) cause so that it does not recur or occur elsewhere
of the nonconformity, in order that it does not recur or by:
occur elsewhere, by: Reviewing the nonconformity;
1) reviewing the nonconformity; Determining the cause of the nonconformity;
2) determining the causes of the nonconformity; Determining if similar nonconformities exist or
3) determining if similar nonconformities exist, or could could potentially occur;
potentially occur; Actions needed are implemented;
c) implement any action needed; Review the effectiveness of corrective actions
d) review the effectiveness of any corrective action taken, if any;
taken; Make necessary changes to the QMS.
e) make changes to the quality management system, if
necessary.
10.2.1q2 Corrective actions shall be appropriate to the effects of Show me how correction actions were
the nonconformities encountered. appropriate to the effects of the nonconformities
encountered.
NOTE 1 In some instances, it can be impossible to eliminate the cause of a nonconformity.
NOTE 2 Corrective action can reduce the likelihood of recurrence to an acceptable level.
10.2.2
10.2.2q1 The organization shall retain documented information as What documented information can you show Documented information of the nature of nonconformities,
evidence of: me as evidence of: subsequent actions and results of corrective action.
a) the nature of the nonconformities and any subsequent The nature of the nonconformities and
actions taken; subsequent actions taken;
b) the results of any corrective action. The results of any corrective action.
10.3 Continual improvement
10.3q1 The organization shall continually improve the Demonstrate that you continually improve the
suitability, adequacy, and effectiveness of the quality suitability, adequacy and effectiveness of the
management system. QMS.
10.3q2 The organization shall consider the outputs of analysis Demonstrate that outputs of analysis and
and evaluation, and the outputs from management evaluation and the outputs from management
review, to confirm if there are areas of review are considered to confirm if there are
underperformance or opportunities that shall be areas of underperformance or opportunities that
addressed as part of continual improvement. shall be addressed as part of continual
improvement.
10.3q3 Where applicable, the organization shall select and What applicable tools and methodologies for
utilise applicable tools and methodologies for investigation of the causes of underperformance
investigation of the causes of underperformance and for and to support continual improvement are
supporting continual improvement. selected?

Page 22 of 22