ISO / Quality Audit Checklist

Understanding the organization and its context

Evidence Required: Documentation of internal/external issues affecting QMS

Understanding needs and expectations of interested parties

Evidence Required: List of interested parties and their requirements

Leadership and commitment

Evidence Required: Evidence of top management involvement in QMS

Quality policy

Evidence Required: Documented quality policy approved by management

Actions to address risks and opportunities

Evidence Required: Risk assessment and mitigation plans

Resources

Evidence Required: Resource planning and allocation records

Competence

Evidence Required: Training records and competency assessments

Operational planning and control

Evidence Required: Process documentation and control procedures

Requirements for products and services

Evidence Required: Customer requirement documentation

Monitoring, measurement, analysis and evaluation

Evidence Required: Performance monitoring data and KPIs

Internal audit

Evidence Required: Internal audit schedule and reports

Management review

Evidence Required: Management review meeting minutes

Nonconformity and corrective action

Evidence Required: NCR log and corrective action records

Continual improvement

Evidence Required: Improvement initiatives and results

Environmental aspects

Evidence Required: Environmental aspects register

Compliance obligations

Evidence Required: Legal and regulatory compliance register

Operational planning and control

Evidence Required: Environmental operational controls

Emergency preparedness and response

Evidence Required: Emergency response plans and drills

Information security policies

Evidence Required: Documented information security policies

Asset management

Evidence Required: Asset inventory and classification

Access control

Evidence Required: Access control procedures and logs

Operational security

Evidence Required: Operational procedures and change management

Incident management

Evidence Required: Security incident logs and response procedures

Hazard identification

Evidence Required: Hazard identification and risk assessment

Competence

Evidence Required: Safety training records

Operational planning and control

Evidence Required: Safety operational controls and procedures

Monitoring and measurement

Evidence Required: Safety performance monitoring data