Blog Header Bg New

Certainty Blog

The ISO 9001 Audit Checklist (2026 Edition): Clauses 4–10, Step by Step

An ISO 9001 audit fails or passes long before the auditor arrives — because it is decided by whether your processes actually match what your quality management system claims. A good checklist, therefore, is how you find the gaps first.

Summary: An ISO 9001 audit checklist is a structured list of questions, mapped to clauses 4 through 10 of the standard, that an auditor uses to verify a quality management system conforms to ISO 9001 and works in practice. Crucially, the best checklists test for evidence rather than documentation, and as a result they link every finding to a corrective action.

By the numbers

  • More than 1 million organizations worldwide hold ISO 9001 certification. (ISO Survey, 2023)
  • ISO 9001:2026 reached Final Draft (FDIS) in April 2026, with publication expected September 2026. (ISO/TC 176, 2026)
  • Certified organizations get a three-year transition window — to about September 2029 — to adopt the 2026 revision. (ISO, 2026)
  • The 2026 revision embeds climate change in the requirements and separates risks from opportunities. (ISO 9001 DIS, 2025)

What is an ISO 9001 audit checklist?

An ISO 9001 audit checklist is a clause-by-clause set of verification questions that an auditor works through to confirm a quality management system both conforms to ISO 9001 and operates as documented. In other words, it turns an abstract standard into concrete, answerable checks. Moreover, each item gives the auditor a place to record evidence and any nonconformance.

ISO 9001 requirement clauses 4 to 10 mapped to the Plan-Do-Check-Act cycle
An ISO 9001 audit checklist maps to clauses 4–10 of the standard, from context of the organization through to improvement.

Indeed, it is the working tool behind any internal or certification audit. For example, for a refresher on the audit itself, see our guide to the ISO 9001 audit; by contrast, this article focuses on the checklist you actually run.

The ISO 9001 audit checklist: a clause-by-clause structure

ISO 9001 places its requirements in clauses 4 through 10. Therefore, a complete checklist covers each one and, importantly, asks for objective evidence rather than a document reference.

ClauseAreaWhat to verify
4Context of the organizationInterested parties, QMS scope, processes mapped
5LeadershipPolicy, roles, customer focus evidenced
6PlanningRisks & opportunities, quality objectives
7SupportResources, competence, documented information
8OperationProcess control, design, supplier control
9Performance evaluationMonitoring, internal audit, management review
10ImprovementNonconformity, corrective action, continual improvement
The seven requirement clauses every ISO 9001 audit checklist should cover.
Two quality auditors reviewing a digital checklist on a tablet during an audit on a manufacturing packaging line
An audit is only as strong as the evidence behind it — capture findings on the floor, in real time.

How to run an ISO 9001 internal audit, step by step

In practice, an ISO 9001 internal audit works best when the process behind it stays repeatable. Accordingly, six steps take you from a blank checklist to a program that finds gaps and drives action.

1. Plan the audit scope and schedule

First, define which processes and clauses each audit covers. Then build an annual schedule so that, over the cycle, your team audits every area.

2. Prepare your clause-mapped checklist

Next, tailor the clause 4–10 questions to your processes and risks. Otherwise, a generic checklist will miss the controls that matter most to your operation.

3. Gather objective evidence

During the audit, interview process owners, observe the work, and sample records. Ultimately, the test is whether practice matches the documented system, so capture photos and references as you go.

4. Record findings and classify nonconformities

As you go, log conformities, observations, and major or minor nonconformities against the relevant clause. In each case, attach the evidence behind the finding.

5. Trigger corrective actions to closure

Whenever you raise a finding, trigger a corrective action with an owner, a due date, and verified closure. In short, this is where a checklist stops being a report and becomes a control.

6. Review on a set cadence

Finally, score strategic processes more often and the rest at least annually. As a result, recurring quality audits keep the cycle moving and feed the checklist with fresh evidence.

What is changing with ISO 9001:2026

The next revision is evolutionary rather than revolutionary; even so, your checklist will need updates. Specifically, ISO 9001:2026 aligns with the Harmonised Structure, brings climate change directly into the requirements, separates risks from opportunities, and strengthens expectations around quality culture. Because publication is expected in September 2026 with a three-year transition, now is the time to align. For the full picture, see our ISO 9001:2026 transition guide.

Common ISO 9001 audit findings to check for

In practice, a handful of findings come up again and again. For instance, watch for these:

  • Documented procedures that do not match what people actually do.
  • Quality objectives that are neither measurable nor monitored.
  • Corrective actions closed without verifying effectiveness.
  • Missing or out-of-date competence and training records.
  • Internal audits or management reviews that are overdue or incomplete.

Key Takeaways:

  • An ISO 9001 audit checklist maps verification questions to clauses 4–10 of the standard.
  • Above all, test for objective evidence that practice matches the documented system — not merely that a document exists.
  • In addition, every nonconformity should trigger a tracked corrective action closed with verified effectiveness.
  • Finally, ISO 9001:2026 (publishing around September 2026) adds climate and separates risk from opportunity, so update your checklist accordingly.

You might also be interested in

ISO 9001:2026 transition planning

ISO 9001:2026 Transition Planning

What is changing in the 2026 revision and how to plan your transition.

Read article →

What is an ISO 9001 audit

What Is an ISO 9001 Audit?

Internal vs external audits, the process, and what auditors look for.

Read article →

Audit management software

Audit Management Software

Run clause-mapped checklists and track findings to closure in one system.

Read article →

Frequently Asked Questions (FAQs)

What is an ISO 9001 audit checklist?

To put it simply, it is a clause-by-clause list of verification questions, covering clauses 4 to 10 of ISO 9001, that confirms a quality management system conforms to the standard and is followed in practice. In addition, each item records evidence and any nonconformity.

Which ISO 9001 clauses should the checklist cover?

The checklist covers clauses 4 (context), 5 (leadership), 6 (planning), 7 (support), 8 (operation), 9 (performance evaluation), and 10 (improvement). By contrast, clauses 1 to 3 are scope, references, and terms, so auditors do not assess them for conformity.

What is the difference between an internal and certification audit?

An internal audit is run by your own organization to check the QMS and prepare for certification. A certification audit, on the other hand, is performed by an accredited external body to grant or maintain ISO 9001 certification.

How often should ISO 9001 internal audits happen?

Of course, ISO 9001 requires internal audits at planned intervals. In most cases, organizations audit every process at least once a year, while higher-risk areas are reviewed more often.

Does ISO 9001:2026 change the audit checklist?

Yes. Because ISO 9001:2026 adds climate-change considerations, separates risks from opportunities, and strengthens quality-culture expectations, you should update checklists to test for those during the transition.

What does an ISO 9001 auditor look for?

An ISO 9001 auditor looks for objective evidence that the QMS is both documented and followed in practice. That means process records, competence records, internal audit results, management review minutes, and corrective action logs — not just procedure documents. The audit tests whether what is written matches what is done.

How does ISO 9001:2026 affect an existing audit checklist?

ISO 9001:2026 adds climate-change considerations to clause 4 (context of the organization) and clause 6 (planning), separates risks from opportunities as distinct items, and strengthens quality-culture expectations. Existing checklists will need new questions in those areas. Organizations have a three-year transition window from the September 2026 publication date — approximately to September 2029 — to update their QMS and checklists.

Audit-ready, always

See how Certainty digitizes ISO 9001 audits end to end — clause-mapped checklists, evidence capture, and corrective actions tracked to verified closure.