Workflow Templates for Manufacturing: ISO 9001 Compliance Checklist

Context of the Organization (Clause 4)

Document internal and external issues

SWOT or PESTLE output is the typical evidence registrars look for under Clause 4.1. Pull from the most recent management review and the strategic plan; do not redo the analysis from scratch every audit cycle. Tie each issue to a QMS impact — a labor shortage in the machine shop is a Clause 4.1 issue if it threatens on-time delivery.

Map interested parties and their requirements

Clause 4.2 evidence: a register listing customers, regulators (FDA, OSHA, EPA where applicable), employees, owners, and key suppliers, plus the requirement each imposes on the QMS. Customer PPAP/FAI requirements and AS9100/IATF 16949 flow-downs belong here even if you only certify to 9001.

Define the QMS scope and exclusions

State the products, sites, and processes covered. If design and development is excluded (Clause 8.3), the scope statement must say so explicitly and the justification must hold up — contract manufacturers building to customer prints commonly exclude 8.3.

Map QMS process interactions

Turtle diagrams or a process interaction map covering quoting → order entry → planning → procurement → production → inspection → shipping → customer feedback. Registrars use this map to plan the audit trail; gaps here cost audit time on day one.

Publish the context and scope document

Release through document control with the current rev number. Older revs visible on the floor or in the QMS portal are a recurring minor finding.

Leadership and Commitment (Clause 5)

Hold the management commitment review

Top management — owner, GM, or COO — chairs a review covering customer focus, quality policy alignment, and KPI status. Minutes are the Clause 5.1 evidence; an action item list with owners is what separates real commitment from paperwork.

Reissue the quality policy at current rev

Clause 5.2 requires the policy be available, communicated, and understood. Post on the production floor and in the QMS portal; make sure the rev on the wall matches the rev in document control.

Cascade quality objectives to functions

Plant-level objectives (OTD, scrap rate, PPM defective, customer complaint count) flow down to cell or shift targets. Each objective needs an owner, a target, a measurement method, and a review cadence — registrars probe this in interviews.

Assign QMS roles and authorities

Update the org chart and a RACI matrix covering NCR disposition, CAR ownership, document approval, calibration, and internal audit. The 2015 standard does not require a Management Representative title, but registrars still expect a single point of QMS accountability.

Brief supervisors on the process approach

Supervisors and cell leads will be interviewed on the floor. Run a 30-minute refresh covering risk-based thinking, the PDCA cycle, and how their daily work links to a quality objective. Auditor question: 'How does your shift affect the OTD KPI?'

Planning and Risk Management (Clause 6)

Run the risk and opportunity workshop

Cross-functional session covering each QMS process. Use the existing PFMEA severity/occurrence/detection ratings where they exist; do not invent a parallel risk-scoring system that contradicts the PFMEA.

Update the QMS risk register

Each risk needs an owner, a treatment (avoid, mitigate, transfer, accept), and a target close date. Common gotcha: the register from the prior audit has unchanged dates and no progress notes — auditors flag stagnant registers as a Clause 6.1 finding.

Refresh PFMEAs for impacted processes

Any process that took an ECN, layout change, or new equipment in the past 12 months gets a PFMEA review. The PFMEA → control plan → work instruction chain must be consistent; mismatches between control plan inspection frequency and the actual work instruction are a frequent finding.

Set measurable quality objectives with KPIs

Clause 6.2 wants objectives that are measurable, monitored, communicated, and updated. 'Improve quality' fails. 'Reduce internal scrap rate from 3.2% to 2.0% by Q4, measured weekly via ERP scrap report' passes.

Plan the QMS change-control workflow

Clause 6.3 requires planned changes — ECNs, layout moves, new suppliers, software cutovers. Document who approves, who notifies the floor, who updates training, and when PFMEA/control plan refresh is triggered.

Support and Resources (Clause 7)

Verify resource adequacy across the QMS scope

Headcount, machine capacity, tooling, and floor space against the next 12 months of forecast. If a capacity gap exists, the mitigation plan (overtime, second shift, capex) is what auditors want to see, not the gap denied.

Audit the competence and training matrix

Clause 7.2: every operator on the floor must have evidence of competence for the operations they run. Cross-check the training matrix against the current shift schedule — operators running ops they are not signed off on is a recurring major finding. Forklift, LOTO, and HazCom annual refreshes count here too.

Close training gaps before audit week

Schedule the training, deliver it, capture acknowledgments in the LMS, and update the matrix. If a gap cannot close before the audit, document a containment action — the operator does not run the affected op until signed off.

Inspect calibration and infrastructure status

Walk the gauge crib and the floor. Past-due calibration stickers on micrometers, calipers, CMM standards, or torque wrenches are easy findings under Clause 7.1.5. Red-tag any past-due gauge and pull from service the same day.

Audit document control and the master list

Pull five random work instructions from the floor and verify rev matches the QMS portal master list. Confirm obsolete revs are clearly marked or removed. The master document list, retention schedule, and external document register are core Clause 7.5 evidence.

Operation and Internal Audit Readiness (Clause 8)

Verify production planning and traveler controls

Pull three open work orders from the floor. Confirm the traveler shows the current routing rev, current drawing rev, and the inspection sample plan. Operator sign-offs at each op should be present and dated; missing op sign-offs is a Clause 8.5 finding.

Confirm customer requirement review records

Clause 8.2.3: contract review evidence on every order before acceptance. Sample five recent POs and verify the order entry checklist captured spec rev, quantity, due date, and any flow-down requirements (PPAP level, FAI per AS9102, certs of conformance).

Validate first-article inspection records

Sample five recent FAIs across CNC, assembly, and any outsourced ops. Each critical and major dimension must show actual reading vs. tolerance, gauge ID, and inspector. FAI signed off after run start is a frequent finding — the record must show release-to-run was gated on FAI pass.

Audit nonconformance and CAR closure logs

Pull all NCRs and CARs from the past 12 months. Every NCR needs a disposition (use-as-is, rework, scrap, return-to-supplier) with named approver. Every CAR needs root cause (5-why or fishbone evidence), action, and effectiveness verification. Open CARs older than the SLA without escalation are a major finding under Clause 10.2.

Sign off internal audit readiness

Quality manager and GM review the internal audit findings package. Pass means no open major findings and a clear path on minors. Conditional pass means open minors with documented action plans. Fail means a major remains open — registrar audit should be deferred.

Open corrective action for unresolved findings

Triggered when readiness review fails. Issue a CAR for each open major, assign a root-cause owner, and set a 30-day target. Notify the registrar to defer the certification audit until the CAR shows effectiveness verification — pushing through a known-fail audit risks loss of certification.