Clause Requirement Detailed Audit Questions

✓Has the organization

identified internal and
external issues affecting
its QMS?
✓Are these issues
4.1 - Understanding
reviewed periodically for
organization & context
changes?

✓Are they documented

and communicated to
relevant personnel?

✓Have stakeholders and

their needs been
identified (customers,
regulators, suppliers,
etc)?
4.2 - Interested parties
✓Are updates to their
needs regularly
reviewed? - Is there
4.Context of the evidence of addressing
Organization these needs?

✓Is the scope

documented and aligned
with business activities?
4.3 - Scope of QMS
✓Does it cover all
applicable
requirements? Are
boundaries clearly
defined?
 ✓Are processes
identified, mapped, and
their sequence defined?
✓Are inputs, outputs,
4.4 - QMS processes responsibilities, risks,
and KPIs defined?

✓Are process
interactions monitored?

✓Does top management

demonstrate
involvement (meetings,
policies,
5.1 - Leadership communications)?
commitment
✓Are resources
provided to achieve
objectives? Is customer
focus promoted?

✓Is policy appropriate to

purpose/context?
5.Leadership
5.2 - Quality Policy
✓Is it communicated,
understood, and applied
across all levels? Is it
reviewed for suitability?
✓Are responsibilities for
QMS assigned,
documented, and
5.3 - Roles & understood?
responsibilities
✓Do employees know
how their role
contributes to quality?
 ✓Are risks and
opportunities identified
and analyzed at
organizational level?

✓Are actions planned,

6.1 - Risks &
implemented, and
opportunities
evaluated?

✓Is there evidence of

mitigation or exploitation
of opportunities?

6.Planning ✓Are objectives

measurable, aligned with
policy, and monitored?
6.2 - Quality objectives
✓Are progress updates
communicated? Are
objectives reviewed for
effectiveness?

✓Are changes planned

before implementation?
Are risks, impacts, and
6.3 - Planning of changes
resources reviewed? Is
documentation updated
accordingly?
✓Are resources
(manpower,
infrastructure,
environment, monitoring
tools) adequate?
7.1 - Resources
✓Are resources
maintained and
reviewed for sufficiency?
 ✓Are competence
needs defined for each
role? Are training and
evaluations carried out?
7.2 - Competence
✓Are records of
competence
maintained?

✓Do employees
7.Support understand the policy,
objectives, and their
contribution?
7.3 - Awareness
✓Are they aware of
consequences of non-
conformity?

✓Are internal and

external communication
channels defined?
7.4 - Communication
✓Is communication
timely and effective?

✓Is documented
information controlled,
accessible, and
updated?
7.5 - Documented
information
✓Is obsolete
documentation
prevented from
unintended use?
✓Are operations
planned to meet
requirements? Are
process controls in
place?
8.1 - Operational planning
 8.1 - Operational planning

✓Is risk-based thinking

applied?

✓Are customer
requirements reviewed
before acceptance?
8.2 - Customer
requirements ✓Are contract
amendments managed?
Is customer
communication
effective?

✓Is there a defined

process for design
planning, inputs,
controls, verification,
8.3 - Design & validation?
development

✓Are outputs meeting

requirements? Are
changes controlled?

✓Are suppliers
evaluated, selected, and
monitored?
8.4 - Control of external
providers
✓Are performance
reviews conducted? Is
communication of
requirements clear?

8.Operation
 ✓Are production/service
8.Operation processes controlled?
8.5 - Production & service
provision
✓Are acceptance criteria
defined and applied?
Are special processes
validated?

✓Is traceability
maintained for
regulated/critical items?
8.5.1 - Identification &
traceability
✓Is identification applied
to prevent mix-ups?

✓Is customer property

safeguarded against
loss/damage?
8.5.2 - Customer property
✓Is property properly
identified and
maintained?

✓Are operational
changes reviewed,
8.5.5 - Control of changes
approved, and
documented?

✓Is verification
performed before
8.6 - Release of
delivery? Is evidence
product/service
retained of product
conformity?
 ✓Are nonconforming
products identified and
controlled?

8.7 - Nonconforming ✓Are corrective actions

output taken?

✓Are customers
informed when
necessary?
✓Are monitoring and
measurement methods
9.1 - Monitoring & defined?
measurement
✓Are KPIs aligned with
objectives?

✓Is feedback actively

9.1.2 - Customer
sought, analyzed, and
satisfaction
acted upon?

✓Is performance data

9.1.3 - Analysis &
analyzed for trends and
evaluation
improvements?

✓Are audits planned,

9.Performance Evaluation scheduled, and carried
out as per procedure?
9.2 - Internal audits
✓Are audit results
documented and
followed up?

✓Is review held at

planned intervals?

9.3 - Management review

 ✓Are required inputs
(objectives, audits,
9.3 - Management review
customer feedback,
risks) covered?

✓Are outputs
documented (actions,
resource needs)?

✓Is continual
10.1 - General improvement evident in
improvement processes and
products?

✓Are root causes

identified using proper
10.2 - Nonconformity & tools?
corrective action ✓Are corrective actions
10.Improvement
verified for
effectiveness?
✓Are improvement
opportunities pro-
10.3 - Continual actively identified?
improvement
✓Are lessons learned
captured?
Audit Evidence to Verify

SWOT/PESTLE analysis,
strategic plans,
management review
inputs

Stakeholder register,
meeting minutes,
customer communication

Scope statement in QMS

manual, certification
scope
Process maps, SIPOC
diagrams, KPI
dashboards

Interviews, budgets,
policy statements,
management review

Quality policy document,

awareness interviews,
training

Org charts, job

descriptions, staff
interviews
Risk register, action
plans, risk treatments

Quality objectives log, KPI

reports, meeting minutes

Change request forms,

approval notes, revision
history

Calibration records,
maintenance logs, staffing
records
Training matrix,
certificates, performance
appraisals

Staff interviews, training

attendance

Communication plan,
memos, newsletters

Document control
procedure, master logs,
access controls

Work instructions,
production schedules
Work instructions,
production schedules

Contract review forms,

customer feedback
records

Design records,
verification reports,
design review minutes

Supplier evaluations,
audits, purchase orders
Process monitoring
records, inspection
reports

Labels, tracking logs,

ERP records

Logs, storage records,

NCRs if damaged

Change records, approval

notes

Final inspection reports,

release notes
NCR logs, rework
records, customer
notifications

KPI reports, monitoring

records

Survey results, complaint

registers

Trend charts, statistical

reports

Audit schedules, reports,

CAPA records

Management review
minutes, action plans
Management review
minutes, action plans

CI projects, improvement
reports

RCA reports,
5-Why/Fishbone analysis,
closure reports

Lessons learned log,

benchmarking reports