Quarterly Industry Standards Compliance Review

Export the controlled-document list from your QMS or PLM (MasterControl, Greenlight Guru, Arena, SolidWorks PDM). Spot-check 10 documents — procedures, work instructions, forms — against the floor copy to confirm the rev posted at the work center matches the current rev. ECN cascade gaps are the most common 9001 audit finding.

Use a clause-based audit checklist covering 9001:2015 sections 4–10. Rotate process focus quarterly so all processes are covered annually. The auditor must be independent of the process being audited.

Pull every NCR and CAR open more than 30 days. Confirm each has a named owner, a target close date, and evidence of containment. CARs closed without an effectiveness check are a recurring registrar finding.

Run a calibration-due report from the gauge crib system. Red-tag any gauge past due and verify the last gauge R&R for the top 5 most-used gauges is within tolerance. Out-of-cal gauges in service force a backwards retest of every part measured since the last good cal.

9001:2015 section 9.3 requires management review covering customer feedback, process performance, audit results, NC trends, resource adequacy, and improvement opportunities. Attach the signed minutes — registrars open the binder to this section first.

Pull e-Manifest records for the quarter and confirm monthly hazardous waste generation does not push the facility into a higher status (VSQG → SQG → LQG). A status change triggers different storage time limits, training, and reporting requirements.

Walk every aboveground oil storage location subject to the SPCC plan. Confirm containment is intact, drains are valved closed, and spill kits are stocked and within reach. Document the inspection per 40 CFR 112.7.

EPCRA Tier II is due March 1; TRI Form R is due July 1. If either falls inside this quarter, confirm the submission is filed and the receipt is on file. Missed submissions draw automatic penalties.

Review monitoring logs for booth filter change frequency, VOC totals, and any excursions above permit limits. Deviation reports must be filed semi-annually under most Title V permits — confirm the log shows what will be reported.

Verify every drum is labeled with contents and accumulation start date, lids are closed except when adding waste, and satellite areas are within 90 / 180 / 270 days per generator status. Open drums and missing labels are the most common EPA inspection findings.

For Q1 reviews, verify the 300A summary is posted in a conspicuous employee area February 1 through April 30 and that establishments with 100+ employees in covered industries have submitted electronically by March 2. For other quarters, confirm the 300 log is current.

Reconcile the equipment list in maintenance against the procedure binder. Every machine with hazardous energy needs a machine-specific written procedure under 29 CFR 1910.147. New equipment installed without a procedure is a chronic gap — an annual periodic inspection is also required.

1910.178 requires equipment-specific training. An operator certified on a counterbalance is not certified on a reach truck or order picker. Pull training records and cross-reference against the equipment they actually operate. Recertification is required every three years.

Pull a current chemical inventory from the floor and stockroom. Every chemical needs a current SDS accessible without password barriers. New solvents introduced without an SDS update plus targeted HazCom training are a recurring gap.

Time the drill from alarm to all-clear at every muster point. Note any blocked egress, missing wardens, or muster points where headcount couldn't be reconciled. Document time-to-muster and any corrective actions in the EAP file.

Pull the approved vendor list and flag any supplier whose ISO 9001 / AS9100 / IATF 16949 cert, insurance, or NDA has expired. Buyers releasing POs to expired suppliers is a frequent registrar finding.

Review the trailing 90-day OTD and quality PPM for every tier-1 supplier. Threshold defaults: OTD < 95% or PPM > 5,000 triggers escalation. Trend matters as much as the absolute number — a supplier degrading three quarters in a row needs containment before the customer notices.

Issue an 8D-format CAR with a 30-day response requirement for containment and a 60-day requirement for root cause and verified corrective action. Hold incoming inspection at 100% on the affected part numbers until the supplier's containment is verified.

For tin, tungsten, tantalum, and gold inputs, confirm a current Conflict Minerals Reporting Template is on file from each affected supplier. Public-company customers will ask for this rolled up annually under Dodd-Frank Sec 1502.

For automotive and other PPAP-driven customers, verify the submission level on file (typically Level 3) matches the customer's requirement and that all 18 elements are current. An ECN on a controlled characteristic invalidates the prior PPAP and requires resubmission before the next shipment.

Reconcile the HR termination list for the quarter against active accounts in the ERP, MES, PLM, badge system, and VPN. Orphaned accounts on engineering shares are the highest-risk gap — especially when the departure was involuntary.

For defense work, confirm controlled drawings live in an access-restricted PLM project visible only to US persons on the cleared list. Spot-check email attachments and shared-drive copies for leakage outside the controlled environment — an unintentional export is a DDTC voluntary disclosure event.

Restore last week's ERP backup to an isolated host and verify a known transaction. A backup that has never been restored is not a backup — quarterly restore drills are how you discover silent corruption before a ransomware event makes it your problem.

Log the failure in the IT ticketing system, escalate to the MSP or internal IT lead, and re-run the restore against the prior good backup set. Do not close this step until a successful restore is confirmed and the failed backup window is documented.

The quality director and EHS manager review the consolidated findings, decide whether the facility is in good standing or has open items requiring escalation, and sign. The signed record is the artifact a registrar or customer auditor will ask to see.