ISO 9001 Implementation Checklist

Use this ISO 9001 Implementation Checklist to manage QMS certification projects from gap analysis and documentation through to internal audit, Stage 1, Stage 2, and surveillance audit requirements.

Download as free PDF

Library
ISO Standards
ISO 9001 Implementation Checklist

Phase 1 — Project Initiation And Management Commitment

Phase 2 — Gap Analysis And Scope Definition

Phase 3 — QMS Documentation

Phase 4 — Process Implementation And Operational Controls

Phase 5 — Training And Awareness

3. Deliver role-specific training to personnel in functions with significant QMS responsibilities — including quality, operations, procurement, customer service, and any process owners — covering the specific procedures and controls relevant to their role.

Photo Comment

Phase 6 — Internal Audit And Management Review

7. Conduct a management review covering all required inputs specified in Clause 9.3.2, including quality objectives performance, customer satisfaction data, process performance, audit findings, supplier performance, risk status, and continual improvement opportunities.

Photo Comment

Phase 7 — Certification Audit Preparation

3. Prepare the Stage 1 audit evidence pack, ensuring all mandatory documented information is complete, approved, and accessible, including the quality policy, quality objectives, QMS scope, risk register, process documentation, and internal audit records.

Photo Comment

7. Prepare the Stage 2 audit evidence pack, ensuring operational records demonstrating QMS implementation are complete, including process records, training records, monitoring and measurement results, nonconformance records, corrective action records, internal audit reports, and management review minutes.

Photo Comment

Phase 8 — Post-Certification And Surveillance

11. Review and update QMS documentation, risk assessments, and quality objectives at defined intervals or when significant changes occur in the organisation's context, processes, products, services, or applicable requirements (Clauses 4.1, 4.2, and 6.1).

Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists

Conduct inspections anytime, anywhere - even offline
Capture photos as proof of compliance or areas needing attention
Instantly generate and share detailed reports after the inspections
Assign & track follow-up tasks, view historical trends on a centralized dashboard

ISO 9001 Implementation Checklist

Use this ISO 9001 Implementation Checklist to manage QMS certification projects from gap analysis and documentation through to internal audit, Stage 1, Stage 2, and surveillance audit requirements.

1. Research the benefits of ISO 9001:2015 certification relevant to your organisation, including market access, customer requirements, operational efficiency, and risk reduction, and document the business case for implementation.

2. Present the business case for ISO 9001 certification to senior leadership and obtain formal commitment from top management to support and resource the implementation project.

3. Secure a formal management decision to proceed with ISO 9001 implementation, documented in meeting minutes or an equivalent record.

4. Appoint a QMS project manager or management representative with sufficient authority, time, and resources to lead the implementation.

5. Identify the project team members from relevant departments and assign roles and responsibilities within the implementation project.

6. Define the project governance structure, including how progress will be reported to top management and how decisions will be escalated.

7. Establish a project plan with defined milestones, tasks, owners, target dates, and resource requirements covering all phases from initiation to certification audit.

8. Communicate the decision to pursue ISO 9001 certification to the wider organisation, explaining the purpose, expected timeline, and what will be required from different teams.

9. Determine the approach to implementation — self-led, consultant-supported, or fully outsourced — and engage any external consultants or certification body advisors required.

10. Obtain a copy of the ISO 9001:2015 standard and ensure the project manager and key team members have read and understood its requirements.

11. Identify any industry-specific or customer-specific requirements that will need to be incorporated into the QMS alongside the standard's requirements.

1. Conduct a formal gap analysis comparing your organisation's current practices, processes, and documentation against every requirement of ISO 9001:2015, Clauses 4–10.

2. Document the results of the gap analysis, identifying conforming areas, partial conformities, and areas where no current practice exists, with a priority rating for each gap.

3. Use gap analysis findings to refine and update the project plan, adjusting timelines, resource allocations, and task priorities based on the volume and severity of gaps identified.

4. Define the scope of the QMS, identifying which products, services, sites, departments, and processes are included, and documenting any exclusions with justification (Clause 4.3).

5. Identify the external and internal issues relevant to the organisation's purpose and strategic direction that affect the QMS (Clause 4.1).

6. Identify interested parties relevant to the QMS — including customers, regulators, suppliers, and employees — and document their relevant requirements and expectations (Clause 4.2).

7. Confirm that the defined scope is appropriate and achievable within the project timeline and resource budget before proceeding to documentation.

8. Document the QMS scope statement in its final form, ready for inclusion in QMS documentation and communication to relevant parties.

1. Identify all documented information required by ISO 9001:2015, including mandatory documented procedures, records, and any additional documented information the organisation determines is necessary for QMS effectiveness (Clause 7.5).

2. Develop or update the quality policy, ensuring it is appropriate to the organisation's purpose, includes commitments to satisfying requirements and continual improvement, and is approved by top management (Clause 5.2).

3. Establish quality objectives for relevant functions, levels, and processes, ensuring they are measurable, consistent with the quality policy, and supported by documented plans for achievement (Clause 6.2).

4. Document the process approach for the QMS, identifying the processes needed, their sequence and interaction, the criteria and methods for their control, and the resources and responsibilities for each process (Clause 4.4).

5. Develop or update the organisation's risk register, documenting identified risks and opportunities relevant to the QMS and the planned actions to address them (Clause 6.1).

6. Develop or revise documented procedures and work instructions for key processes, ensuring they are sufficient to support consistent process operation and compliance with QMS requirements.

7. Develop or update the Statement of Applicability or equivalent document where design and development (Clause 8.3) or other clauses require specific scoping decisions.

8. Establish a document control procedure covering the creation, review, approval, version control, distribution, access, and disposal of QMS documented information (Clause 7.5.3).

9. Apply the document control procedure to all QMS documents, ensuring each document is identified, dated, approved, and accessible to those who need it.

10. Develop or update job descriptions, competence frameworks, or role profiles to reflect QMS responsibilities for all roles that affect QMS performance (Clause 7.2).

11. Review and update existing forms, records templates, and logs to capture the documented information required as evidence of QMS operation and conformity.

12. Have all key QMS documents reviewed and approved by relevant process owners and top management before implementation begins.

1. Implement the documented QMS processes across all functions and sites within the defined scope, ensuring process owners are briefed and operational controls are in place (Clause 8.1).

2. Establish operational planning and control for all processes needed to meet product and service requirements, including criteria for process performance and conformity (Clause 8.1).

3. Implement customer communication processes, including mechanisms for determining customer requirements, handling enquiries, obtaining orders, and managing customer feedback and complaints (Clause 8.2).

4. Where design and development activities are within scope, implement the design and development planning, input, output, review, verification, and validation controls required by Clause 8.3.

5. Implement supplier evaluation and selection processes, establish an approved supplier list or equivalent, and define the controls applied to externally provided products and services (Clause 8.4).

6. Implement identification and traceability controls for products and services throughout production and service delivery, ensuring conforming and nonconforming outputs can be distinguished at all times (Clause 8.5.2).

7. Implement preservation controls for products in storage and transit, including handling, packaging, labelling, and environmental controls appropriate to the product (Clause 8.5.4).

8. Implement product and service release controls, ensuring that planned arrangements are completed before release to the customer and that records of conformity are retained (Clause 8.6).

9. Implement nonconforming output controls, including procedures for identification, segregation, disposition, and notification of affected customers where applicable (Clause 8.7).

10. Implement monitoring and measurement activities for products, services, and processes, ensuring that calibrated or verified measuring equipment is used where accuracy is critical (Clauses 7.1.5 and 9.1.1).

11. Operate all implemented processes for a minimum period — typically three to six months — before the certification audit, to generate sufficient records demonstrating consistent QMS operation.

1. Conduct a training needs analysis based on competence requirements defined for all QMS-relevant roles, identifying gaps between required and current competence levels (Clause 7.2).

2. Develop and deliver ISO 9001 awareness training for all employees, covering what ISO 9001 is, why the organisation is implementing it, the quality policy, quality objectives, and each person's role in the QMS (Clause 7.3).

3. Deliver role-specific training to personnel in functions with significant QMS responsibilities — including quality, operations, procurement, customer service, and any process owners — covering the specific procedures and controls relevant to their role.

4. Deliver internal auditor training to the personnel who will conduct internal audits, covering ISO 9001 requirements, audit planning, interviewing techniques, gathering objective evidence, and reporting findings.

5. Retain training records for all personnel covering induction, QMS awareness, role-specific, and internal auditor training, as documented evidence of competence (Clause 7.2d).

6. Evaluate the effectiveness of training delivered and document the evaluation results, taking further action where training has not achieved the required competence level (Clause 7.2c).

7. Establish ongoing communication channels to keep all personnel informed about QMS performance, updates to procedures, quality objectives progress, and audit outcomes (Clause 7.4).

8. Verify that personnel across all functions can demonstrate awareness of the quality policy, their relevant quality objectives, their contribution to QMS effectiveness, and the consequences of non-conformity (Clause 7.3).

1. Develop an internal audit programme covering all QMS processes and all clauses of ISO 9001:2015 within the audit scope, with defined audit frequency, methods, and criteria (Clause 9.2).

2. Select and confirm internal auditors, ensuring auditors do not audit their own work and have appropriate competence to audit the processes assigned to them (Clause 9.2).

3. Conduct at least one complete cycle of internal audits covering all QMS processes before the Stage 1 certification audit, generating audit reports for each area audited (Clause 9.2.2).

4. Document all internal audit findings, including conformities, nonconformities, and opportunities for improvement, in formal audit reports retained as documented information (Clause 9.2.2).

5. Raise corrective actions for all nonconformities identified during internal audits, conducting root cause analysis and implementing and verifying corrective actions before the certification audit (Clause 10.2).

6. Confirm that all internal audit nonconformities have been closed with verified corrective actions before submitting for the Stage 1 certification audit.

7. Conduct a management review covering all required inputs specified in Clause 9.3.2, including quality objectives performance, customer satisfaction data, process performance, audit findings, supplier performance, risk status, and continual improvement opportunities.

8. Document management review minutes and outputs, including decisions made on improvement actions, resource needs, and any required changes to the QMS (Clause 9.3.3).

9. Confirm that at least one management review has been completed and documented before the Stage 1 certification audit.

10. Analyse monitoring and measurement data collected during the operation period, evaluate QMS performance against quality objectives, and use the results to identify improvement actions (Clause 9.1.3).

1. Research and select an accredited certification body, confirming the body holds accreditation from a recognised national accreditation authority for ISO 9001 certification in your sector.

2. Submit the application for certification to the chosen certification body, providing the required information about the organisation's scope, size, and QMS.

3. Prepare the Stage 1 audit evidence pack, ensuring all mandatory documented information is complete, approved, and accessible, including the quality policy, quality objectives, QMS scope, risk register, process documentation, and internal audit records.

4. Conduct a pre-audit internal review or mock audit to identify any remaining gaps in documentation or evidence before the Stage 1 audit.

5. Participate in the Stage 1 audit — a documentation review by the certification body — and address any findings or areas of concern identified in the Stage 1 audit report.

6. Implement corrective actions for any nonconformities or concerns raised during the Stage 1 audit and confirm with the certification body that these have been satisfactorily addressed before scheduling Stage 2.

8. Brief process owners and key personnel on the Stage 2 audit process, confirming they understand their roles, are familiar with relevant procedures, and know how to present objective evidence to auditors.

9. Participate in the Stage 2 audit — the main certification audit — during which the certification body will verify that the QMS is fully implemented and effective across all processes within scope.

10. Address any nonconformities raised during the Stage 2 audit through documented root cause analysis and corrective action plans submitted to the certification body within the agreed timescale.

11. Receive and review the certification decision; if successful, obtain the ISO 9001 certificate and confirm the certificate scope, issue date, and expiry date.

1. Communicate the achievement of ISO 9001 certification to customers, suppliers, and other relevant interested parties through appropriate channels.

2. Update marketing materials, website content, tender submissions, and company stationery to reflect ISO 9001 certification, using the certification body's logo in accordance with their usage guidelines.

3. Transition the QMS from a project-led implementation to ongoing business-as-usual operation, with process owners taking full responsibility for their respective QMS processes.

4. Maintain the internal audit programme on an ongoing basis, ensuring all QMS processes are audited at least once per year and audit records are retained (Clause 9.2).

5. Maintain the management review schedule, ensuring management reviews are conducted at planned intervals and that review inputs, outputs, and decisions are documented (Clause 9.3).

6. Monitor quality objectives performance on an ongoing basis and report results to relevant management and process owners at defined intervals (Clause 9.1).

7. Continue to manage nonconformities and corrective actions through the defined process, ensuring the corrective action system remains active and effective beyond the certification audit (Clause 10.2).

8. Prepare for the first surveillance audit — typically conducted 12 months after initial certification — by reviewing QMS performance data, audit findings, corrective action status, and management review outputs.