ISO 9001 Internal Audit Checklists - Free Templates
Template Library > ISO Standards > ISO 9001 Audit Checklists
Run Confident ISO 9001 Audits with Clause-by-Clause Checklists
An ISO 9001 audit checklist helps quality teams verify that a quality management system meets the requirements of ISO 9001:2015. Each template walks auditors clause by clause, from context and leadership, to improvement. Ensure readiness ahead of external certification audits, align process owners on QMS requirements, identify nonconformities before they become findings, and maintain consistent audit standards across sites and cycles.
The checklists on this page cover the main ISO 9001 audit scenarios:
- Internal audit checklists for routine Clause 9.2 audits
- Gap analysis checklists for pre-certification readiness
- Supplier audit checklists for Clause 8.4 evaluations
- Industry-specific templates for manufacturing, food, and logistics QMS audits
With the GoAudits Safety Inspection App, you can:
- Eliminate paperwork: conduct efficient digital audits, add photos from mobile device
- Customize this template or easily create your own
- Save time with instant reports & assign corrective actions
4.1 Understanding The Organization And Its Context
4.2 Understanding The Needs And Expectations Of Interested Parties
4.3 Determining The Scope Of The Quality Management System
4.4 Quality Management System And Its Processes
5.1 Leadership And Commitment - 5.1.1 General
5.1 Leadership And Commitment - 5.1.2 Customer Focus
5.2 Policy - 5.2.1 Developing The Quality Polic
5.2 Policy - 5.2.2 Communicating The Quality Policy
6.1 Actions To Address Risks And Opportunities - 6.1.1 Considering Issues
6.1 Actions To Address Risks And Opportunities - 6.1.2 Organization Planning
6.2 Quality Objectives And Planning To Achieve Them - 6.2.1 Establishing Quality Objectives
6.3 Planning Of Changes
7.1 Resources - 7.1.1 General
7.1 Resources - 7.1.2 People
7.1 Resources - 7.1.3 Infrastructure
7.1 Resources - 7.1.4 Environment For The Operation Of Processes
7.1 Resources - 7.1.5 Monitoring And Measurement Resources - 7.1.5.1 General
7.1 Resources - 7.1.5 Monitoring And Measurement Resources - 7.1.5.2 Measurement Traceability
2. When no such standards exist, is the basis used for calibration or verification retained as documented information? • identified in order to determine its status? • safeguarded from adjustments, damage, or deterioration that would invalidate the calibration status and subsequent measurement results?
| Photo Comment |
7.1 Resources - 7.1.6 Organizational Knowledge
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information - 7.5.1 General
7.5 Documented Information -7.5.2 Creating And Updating
7.5 Documented Information -7.5.3 Control Of Documented Information - 7.5.3.1 Availability Of Documented Information
7.5 Documented Information -7.5.3 Control Of Documented Information - 7.5.3.2 Organizational Activities
8.1 Operational Planning And Control
8.2 Requirements For Products And Services - 8.2.1 Customer Communication
8.2 Requirements For Products And Services - 8.2.4 Changes To Requirements For Products And Services
8.2 Requirements For Products And Services -8.2.2 Determination Of Requirements Related To Products And Services
8.2 Requirements For Products And Services -8.2.3 Review Of Requirements Related To Products And Services - 8.2.3.1 Ability To Meet Requirements
8.2 Requirements For Products And Services -8.2.3 Review Of Requirements Related To Products And Services - 8.2.3.2 Retained Information
8.3 Design And Development Of Products And Services - 8.3.1 General
8.3 Design And Development Of Products And Services - 8.3.2 Design And Development Planning
8.3 Design And Development Of Products And Services - 8.3.3 Design And Development Inputs
8.3 Design And Development Of Products And Services - 8.3.4 Design And Development Controls
8.3 Design And Development Of Products And Services - 8.3.5 Design And Development Outputs
8.3 Design And Development Of Products And Services - 8.3.6 Design And Development Changes
8.4 Control Of Externally Provided Products And Services - 8.4.1 General
8.4 Control Of Externally Provided Products And Services - 8.4.2 Type And Extent Of Control
8.4 Control Of Externally Provided Products And Services - 8.4.3 Information For External Providers
8.5 Production And Service Provision - 8.5.1 Control Of Production And Service Provision
8.5 Production And Service Provision - 8.5.2 Identification And Traceability
8.5 Production And Service Provision - 8.5.3 Property Belonging To Customers Or External Providers
8.5 Production And Service Provision - 8.5.4 Preservation
8.5 Production And Service Provision - 8.5.5 Post-delivery Activities
8.5 Production And Service Provision - 8.5.6 Control Of Changes
8.6 Release Of Products And Services
8.7 Control Of Nonconforming Process Outputs, Products And Services - 8.7.1 Nonconforming Outputs
9.1 Monitoring, Measurement, Analysis, And Evaluation - 9.1.1 General
9.1 Monitoring, Measurement, Analysis, And Evaluation - 9.1.2 Customer Satisfaction
9.1 Monitoring, Measurement, Analysis, And Evaluation - 9.1.3 Analysis And Evaluation
9.2 Internal Audit
3. Does the organization plan, establish, implement, and maintain an audit program(s) including the frequency, methods, responsibilities, planning requirements, and reporting, which take into consideration the importance of the processes concerned, customer feedback, changes affecting the organization, and the results of previous audits?
| Photo Comment |
9.3 Management Review - 9.3.1 General
9.3 Management Review - 9.3.2 Management Review Inputs
9.3 Management Review - 9.3.3 Management Review Outputs
10.1 General
10.2 Nonconformity And Corrective Action
10.3 Continual Improvement
4.1 Understanding The Organization And Its Context
4.2 Understanding The Needs And Expectations Of Interested Parties
4.3 Determining The Scope Of The Quality Management System
4.4 Quality Management System And Its Processes
5.1 Leadership And Commitment - 5.1.1 General
5.1 Leadership And Commitment - 5.1.2 Customer Focus
5.2 Policy - 5.2.1 Developing The Quality Polic
5.2 Policy - 5.2.2 Communicating The Quality Policy
6.1 Actions To Address Risks And Opportunities - 6.1.1 Considering Issues
6.1 Actions To Address Risks And Opportunities - 6.1.2 Organization Planning
6.2 Quality Objectives And Planning To Achieve Them - 6.2.1 Establishing Quality Objectives
6.3 Planning Of Changes
7.1 Resources - 7.1.1 General
7.1 Resources - 7.1.2 People
7.1 Resources - 7.1.3 Infrastructure
7.1 Resources - 7.1.4 Environment For The Operation Of Processes
7.1 Resources - 7.1.5 Monitoring And Measurement Resources - 7.1.5.1 General
7.1 Resources - 7.1.5 Monitoring And Measurement Resources - 7.1.5.2 Measurement Traceability
2. When no such standards exist, is the basis used for calibration or verification retained as documented information? • identified in order to determine its status? • safeguarded from adjustments, damage, or deterioration that would invalidate the calibration status and subsequent measurement results?
| Photo Comment |
7.1 Resources - 7.1.6 Organizational Knowledge
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information - 7.5.1 General
7.5 Documented Information -7.5.2 Creating And Updating
7.5 Documented Information -7.5.3 Control Of Documented Information - 7.5.3.1 Availability Of Documented Information
7.5 Documented Information -7.5.3 Control Of Documented Information - 7.5.3.2 Organizational Activities
8.1 Operational Planning And Control
8.2 Requirements For Products And Services - 8.2.1 Customer Communication
8.2 Requirements For Products And Services - 8.2.4 Changes To Requirements For Products And Services
8.2 Requirements For Products And Services -8.2.2 Determination Of Requirements Related To Products And Services
8.2 Requirements For Products And Services -8.2.3 Review Of Requirements Related To Products And Services - 8.2.3.1 Ability To Meet Requirements
8.2 Requirements For Products And Services -8.2.3 Review Of Requirements Related To Products And Services - 8.2.3.2 Retained Information
8.3 Design And Development Of Products And Services - 8.3.1 General
8.3 Design And Development Of Products And Services - 8.3.2 Design And Development Planning
8.3 Design And Development Of Products And Services - 8.3.3 Design And Development Inputs
8.3 Design And Development Of Products And Services - 8.3.4 Design And Development Controls
8.3 Design And Development Of Products And Services - 8.3.5 Design And Development Outputs
8.3 Design And Development Of Products And Services - 8.3.6 Design And Development Changes
8.4 Control Of Externally Provided Products And Services - 8.4.1 General
8.4 Control Of Externally Provided Products And Services - 8.4.2 Type And Extent Of Control
8.4 Control Of Externally Provided Products And Services - 8.4.3 Information For External Providers
8.5 Production And Service Provision - 8.5.1 Control Of Production And Service Provision
8.5 Production And Service Provision - 8.5.2 Identification And Traceability
8.5 Production And Service Provision - 8.5.3 Property Belonging To Customers Or External Providers
8.5 Production And Service Provision - 8.5.4 Preservation
8.5 Production And Service Provision - 8.5.5 Post-delivery Activities
8.5 Production And Service Provision - 8.5.6 Control Of Changes
8.6 Release Of Products And Services
8.7 Control Of Nonconforming Process Outputs, Products And Services - 8.7.1 Nonconforming Outputs
9.1 Monitoring, Measurement, Analysis, And Evaluation - 9.1.1 General
9.1 Monitoring, Measurement, Analysis, And Evaluation - 9.1.2 Customer Satisfaction
9.1 Monitoring, Measurement, Analysis, And Evaluation - 9.1.3 Analysis And Evaluation
9.2 Internal Audit
3. Does the organization plan, establish, implement, and maintain an audit program(s) including the frequency, methods, responsibilities, planning requirements, and reporting, which take into consideration the importance of the processes concerned, customer feedback, changes affecting the organization, and the results of previous audits?
| Photo Comment |
9.3 Management Review - 9.3.1 General
9.3 Management Review - 9.3.2 Management Review Inputs
9.3 Management Review - 9.3.3 Management Review Outputs
10.1 General
10.2 Nonconformity And Corrective Action
10.3 Continual Improvement
Save Time with Digital Inspections
- Easily capture & attach photos, directly on your mobile device.
- Instantly generate and share detailed reports after the inspection.
- Track corrective actions, view historical trends, improve standards.
What is an ISO 9001 Audit Checklist?
An ISO 9001 audit checklist is a structured tool used to assess whether an organization’s Quality Management System conforms to the ISO 9001:2015 standard. Also called a quality management system checklist, ISO 9001 quality checklist, or ISO 9001 QMS audit checklist, it guides auditors through the standard’s requirements, prompts them to gather objective evidence, and records findings in a consistent format that management can act on and that certification bodies can review.
The checklist supports two distinct use cases:
- Internal audits, required by Clause 9.2 of ISO 9001:2015, are conducted by the organization’s own auditors (or contracted specialists) to verify that QMS processes are working as intended and to identify nonconformances before an external body sees them.
- External or certification audits are conducted by accredited third-party registrars who assess the organization against the standard and decide whether to grant or renew ISO 9001 certification.
Both types follow the same clause structure. The 2015 version of the standard organizes requirements around the Plan-Do-Check-Act (PDCA) cycle, which maps directly onto Clauses 4 through 10. A well-built ISO 9001 audit checklist mirrors this structure, with questions grouped by clause and written to probe effectiveness, not just the existence of documentation. Asking “is there a quality policy?” is far less useful than asking “can three people at different levels tell you what the policy means for their work?” That distinction separates checklists that find real problems from those that just tick boxes.
Browse the full ISO audit checklists library, covering ISO 9001, 14001, 45001, 22000, and more.
Types of ISO 9001 Audit Checklists
ISO 9001 Internal Audit Checklist
The ISO 9001 internal audit checklist is the most widely used format. Also referred to as an ISO 9001 2015 checklist, it covers the full structure of the current standard. Clause 9.2 requires organizations to conduct internal audits at planned intervals to confirm that the QMS conforms to its own requirements and to the ISO 9001:2015 standard, and that it is effectively implemented and maintained.
A clause-by-clause internal audit checklist covers all ten clauses of the standard, with questions tailored to gather objective evidence: records to review, observations to make, and personnel to interview. Auditors use it to identify nonconformances, log findings, and produce a report that management can act on. The ISO 9001 internal audit checklist PDF format works for paper-based programs. Digital checklists on mobile devices allow auditors to capture photo evidence against specific questions and generate a formatted report the moment the audit closes, removing the need to compile findings manually afterward.
ISO 9001 Gap Analysis Checklist
A gap analysis checklist is used before an organization’s first certification audit, or when preparing for recertification after significant process changes. It assesses the current state of the QMS against the standard’s requirements to identify where the organization already meets the criteria and where further work is needed.
The key difference from an internal audit checklist: a gap analysis measures distance from the standard, while an internal audit measures whether your implemented QMS is actually working. Many teams also use an ISO 9001 implementation checklist at this stage to track progress clause by clause as they build out the QMS before their first certification audit. Most organizations run the gap analysis first, then build their internal audit program from the results.
Access the ISO 9001 gap analysis checklist in the GoAudits library.
ISO 9001 Supplier Audit Checklist
Clause 8.4 of ISO 9001:2015 requires organizations to control externally provided processes, products, and services. That means auditing suppliers: not just assessing them at onboarding, but conducting periodic reviews of their quality management practices, documentation, and process controls.
A supplier-specific ISO 9001 checklist covers areas including quality policy documentation, incoming material inspection, process controls, nonconformance management, and corrective action records. For manufacturing organizations, it often extends to equipment calibration, production capacity, and workforce competency.
See the supplier audit capability for digitizing supplier audit workflows across multiple vendors and sites.
ISO 9001 Audit Checklists by Industry
ISO 9001 applies across sectors, but the evidence auditors look for varies by industry. A food manufacturer’s QMS includes HACCP integration and allergen controls. A logistics provider’s audit covers fleet maintenance records and delivery performance data. A metal components supplier must document equipment calibration and material traceability.
GoAudits offers industry-specific QMS templates for manufacturing, food production, logistics, healthcare, and construction, each mapped to the ISO 9001:2015 clauses most relevant to that sector’s processes and risks. See the guide to ISO audit processes for more on adapting standard checklists to your operational context.
👉 Case Study: How Heat Treating Services (HTS) digitized manufacturing quality control with GoAudits. ISO 9001:2015 and IATF 16949 certified, the HTS team moved from paper-based audits to digital checklists and can now identify process trends before they become gross nonconformances. “Digitizing our audits was the biggest no-brainer for our quality system in the past couple of years,” says Katie Day, QA and Metallurgy Manager at HTS.
What Should an ISO 9001 Checklist Cover? A Clause-by-Clause Guide
A thorough ISO 9001 checklist maps directly to the standard’s requirements in Clauses 4 through 10. Here is what each clause covers and the types of evidence an auditor should be gathering.
Clause 4: Context of the Organization
- Has the organization identified the internal and external issues relevant to its purpose and strategic direction?
- Have interested parties been determined, along with their requirements and how those requirements affect the QMS?
- Is the QMS scope documented, including the products and services it covers and justification for any exclusions?
- Are the core QMS processes defined, with inputs, outputs, sequence, and interactions mapped?
Common finding: a context statement copied from a consultant’s template without any adaptation to the actual organization.
Clause 5: Leadership
- Can top management demonstrate active involvement in the QMS, beyond just signing off on the quality policy?
- Is the quality policy documented, communicated, and understood at all levels of the organization?
- Are roles, responsibilities, and authorities clearly defined and communicated?
- Is there evidence that customer focus is maintained throughout operations, with customer requirements understood and satisfaction actively monitored?
Common finding: the quality policy exists on paper, but front-line staff cannot explain what it means for their daily work.
Clause 6: Planning
- Has the organization identified risks and opportunities that could affect the QMS’s ability to deliver its intended results?
- Are quality objectives established, measurable, and visible to relevant functions and levels?
- Is there a documented approach for planning changes to the QMS, with consideration for consequences, resource availability, and responsibilities?
Note: Risk-based thinking is a defining feature of the 2015 revision. Auditors are not looking for a formal risk register; they need evidence of systematic analysis and proportionate action.
Clause 7: Support
- Are the resources needed for the QMS (people, infrastructure, environment, monitoring and measuring equipment) identified and available?
- Do personnel have the competence required for their role, with that competence documented through education, training, or experience records?
- Is awareness of the quality policy and quality objectives demonstrated across the workforce?
- Is documented information controlled: available when needed, protected from unintended alteration, and retained for the required period?
Common finding: document control failures: outdated procedures at point of use, no version control, or records not retained for the required period.
Clause 8: Operation
- Are customer requirements determined, reviewed, and communicated before acceptance of orders or contracts?
- Where design and development applies, is it planned and controlled with appropriate reviews, verification, and validation activities?
- Are externally provided products and services controlled in line with Clause 8.4, with supplier evaluation criteria defined and consistently applied?
- Are production and service delivery carried out under controlled conditions, including documented work instructions, monitoring activities, and release criteria?
- Is nonconforming output identified, controlled, and prevented from unintended use or delivery?
Note: Clause 8 is typically the longest section of any ISO 9001 internal audit checklist. It covers the operational core of the QMS, where most quality failures originate.
Clause 9: Performance Evaluation
- Is customer satisfaction monitored and analyzed, with results feeding into management decisions?
- Is the internal audit program planned, scheduled, and executed at defined intervals, with auditor impartiality maintained throughout?
- Does management review cover all required inputs, including audit results, customer feedback, process performance, risk status, and the adequacy of resources?
- Are records of management review maintained as documented information, with outputs including decisions on improvement opportunities and resource needs?
Clause 10: Improvement
- When nonconformances occur, are they documented, investigated for root cause, and resolved with corrective actions designed to prevent recurrence?
- Is there evidence of continual improvement in the suitability, adequacy, and effectiveness of the QMS, beyond simply fixing problems as they arise?
Note: Clause 10 is where auditors assess whether the QMS is genuinely self-improving or just maintaining compliance. Organizations that treat corrective actions as paperwork tend to see the same findings repeat across audit cycles.
👉 Case Study: How Nissin Foods runs 96%+ GMP audit completion using GoAudits. The food manufacturing team digitized quality checks across their production lines and now emails audit reports to relevant parties immediately after each inspection closes. “Real-time information allows us to address much quicker any issues that are found,” says Eddie Odie, QC Manager at Nissin Foods.
ISO 9001 Audit Checklist PDF: Download and Digital Options
Every ISO 9001 audit checklist template on this page is available as a free PDF download. The PDF format suits paper-based QMS programs or auditors who prefer to complete forms by hand.
For teams that need more, the digital versions offer capabilities a static PDF cannot match:
- Photo evidence captured against specific checklist questions, in context
- Instant audit reports generated automatically on completion, with photos, timestamps, and geolocation
- Compliance scoring per checklist item, with overall audit scores calculated automatically
- Trend dashboards showing score trends and nonconformance rates across processes, departments, and sites
This makes the ISO 9001 compliance checklist more than a pass/fail exercise. Over time, data from each completed audit builds a clear picture of where the QMS is improving and where nonconformances keep reappearing.
See how quality inspection software supports end-to-end QMS programs, from daily production checks to management review documentation.
How GoAudits Supports ISO 9001 Audits
GoAudits is built for teams that run audits in the real world: on factory floors, in warehouses, across distributed sites, and in industries where paper-based programs slow everything down.
- Clause-by-clause checklists, ready to use or adapt. The ISO 9001 audit checklist templates in the GoAudits library map directly to the 2015 standard. Teams use them as-is or customize questions to reflect their specific processes, industry context, and QMS scope.
- Mobile auditing, online and offline. Auditors complete checklists on any iOS, Android, or web browser device. Offline mode ensures audits get done in areas without a reliable signal.
- Instant PDF audit reports. Every completed audit generates a formatted report with photos, timestamps, and geolocation attached. Reports are emailed to relevant stakeholders from the app immediately after the audit closes.
- Corrective action workflows. Findings are linked directly to corrective actions. Assign an owner, set a deadline, and track resolution status until the action is verified as closed, all within the same platform.
- Dashboards and trend analysis. Track compliance scores, nonconformance rates, and audit completion across shifts, locations, and standards. Spot patterns before they become certification findings.
Read the full guide on how to conduct ISO 9001:2015 audits, including how to build an audit program, schedule audits by process risk, and manage findings through to closure.
FAQs
Can I use the same checklist for an ISO 9001 gap analysis and an internal audit?
They serve different purposes. A gap analysis checklist assesses how far the current state of your QMS falls from the standard’s requirements. It is a diagnostic tool used before the QMS is fully implemented. An internal audit checklist evaluates whether your implemented QMS is working as intended. The clause structure is similar, but the questions are framed differently: gap analysis asks “does this exist?” while an internal audit asks “is this effective?” Most organizations use a separate template for each stage.
What happens if nonconformances are found during an ISO 9001 audit?
Each nonconformance must be documented with objective evidence, investigated to identify the root cause, and resolved with a corrective action that prevents recurrence. The corrective action is then verified to confirm the fix has worked. For certification audits, minor nonconformances may allow certification to proceed with a scheduled follow-up review. Major nonconformances typically require resolution before certification is granted or maintained.
Does ISO 9001 require a specific audit checklist format?
No. The standard requires that internal audits are planned, conducted by competent and impartial auditors, and that results are documented and communicated to management. It does not mandate a particular checklist format. Organizations can use paper forms, PDF templates, or digital audit tools, as long as the checklist covers the relevant clauses and produces documented evidence of audit findings.
Other Popular ISO Checklists:
Digitize your Safety Inspections
- Easily perform audits anywhere on the site using a mobile device, even offline
- Attach photos to document issues or prove compliance
- Assign tasks, set deadlines and track progress - all within a single app
- Analyze data from audits to identify trends, pinpoint recurring issues, and assess compliance levels.