ISO 9001 Compliance Checklist

SWOT or PESTLE output is the typical evidence registrars look for under Clause 4.1. Pull from the most recent management review and the strategic plan; do not redo the analysis from scratch every audit cycle. Tie each issue to a QMS impact — a labor shortage in the machine shop is a Clause 4.1 issue if it threatens on-time delivery.

Clause 4.2 evidence: a register listing customers, regulators (FDA, OSHA, EPA where applicable), employees, owners, and key suppliers, plus the requirement each imposes on the QMS. Customer PPAP/FAI requirements and AS9100/IATF 16949 flow-downs belong here even if you only certify to 9001.

State the products, sites, and processes covered. If design and development is excluded (Clause 8.3), the scope statement must say so explicitly and the justification must hold up — contract manufacturers building to customer prints commonly exclude 8.3.

Turtle diagrams or a process interaction map covering quoting → order entry → planning → procurement → production → inspection → shipping → customer feedback. Registrars use this map to plan the audit trail; gaps here cost audit time on day one.

Top management — owner, GM, or COO — chairs a review covering customer focus, quality policy alignment, and KPI status. Minutes are the Clause 5.1 evidence; an action item list with owners is what separates real commitment from paperwork.

Clause 5.2 requires the policy be available, communicated, and understood. Post on the production floor and in the QMS portal; make sure the rev on the wall matches the rev in document control.

Plant-level objectives (OTD, scrap rate, PPM defective, customer complaint count) flow down to cell or shift targets. Each objective needs an owner, a target, a measurement method, and a review cadence — registrars probe this in interviews.

Update the org chart and a RACI matrix covering NCR disposition, CAR ownership, document approval, calibration, and internal audit. The 2015 standard does not require a Management Representative title, but registrars still expect a single point of QMS accountability.

Cross-functional session covering each QMS process. Use the existing PFMEA severity/occurrence/detection ratings where they exist; do not invent a parallel risk-scoring system that contradicts the PFMEA.

Each risk needs an owner, a treatment (avoid, mitigate, transfer, accept), and a target close date. Common gotcha: the register from the prior audit has unchanged dates and no progress notes — auditors flag stagnant registers as a Clause 6.1 finding.

Any process that took an ECN, layout change, or new equipment in the past 12 months gets a PFMEA review. The PFMEA → control plan → work instruction chain must be consistent; mismatches between control plan inspection frequency and the actual work instruction are a frequent finding.

Clause 6.2 wants objectives that are measurable, monitored, communicated, and updated. 'Improve quality' fails. 'Reduce internal scrap rate from 3.2% to 2.0% by Q4, measured weekly via ERP scrap report' passes.

Headcount, machine capacity, tooling, and floor space against the next 12 months of forecast. If a capacity gap exists, the mitigation plan (overtime, second shift, capex) is what auditors want to see, not the gap denied.

Clause 7.2: every operator on the floor must have evidence of competence for the operations they run. Cross-check the training matrix against the current shift schedule — operators running ops they are not signed off on is a recurring major finding. Forklift, LOTO, and HazCom annual refreshes count here too.

Schedule the training, deliver it, capture acknowledgments in the LMS, and update the matrix. If a gap cannot close before the audit, document a containment action — the operator does not run the affected op until signed off.

Walk the gauge crib and the floor. Past-due calibration stickers on micrometers, calipers, CMM standards, or torque wrenches are easy findings under Clause 7.1.5. Red-tag any past-due gauge and pull from service the same day.

Pull three open work orders from the floor. Confirm the traveler shows the current routing rev, current drawing rev, and the inspection sample plan. Operator sign-offs at each op should be present and dated; missing op sign-offs is a Clause 8.5 finding.

Clause 8.2.3: contract review evidence on every order before acceptance. Sample five recent POs and verify the order entry checklist captured spec rev, quantity, due date, and any flow-down requirements (PPAP level, FAI per AS9102, certs of conformance).

Sample five recent FAIs across CNC, assembly, and any outsourced ops. Each critical and major dimension must show actual reading vs. tolerance, gauge ID, and inspector. FAI signed off after run start is a frequent finding — the record must show release-to-run was gated on FAI pass.

Pull all NCRs and CARs from the past 12 months. Every NCR needs a disposition (use-as-is, rework, scrap, return-to-supplier) with named approver. Every CAR needs root cause (5-why or fishbone evidence), action, and effectiveness verification. Open CARs older than the SLA without escalation are a major finding under Clause 10.2.

Quality manager and GM review the internal audit findings package. Pass means no open major findings and a clear path on minors. Conditional pass means open minors with documented action plans. Fail means a major remains open — registrar audit should be deferred.