iso 9001 internal audit case study examples

ISO Certification

ISO 9001:2015 – Internal Audit Criteria with examples

This page is dedicated to helping you learn the art & science of internal auditing. It is by no means a comprehensive list but it gives you the basis of ISO 9001:2015 – Internal Audit Criteria with examples.

In this first part, I will give some basic fundamentals of internal auditing.

T he difference between objectivity and impartiality in this context.

Objectivity: Objectivity is sticking to the facts, being guided by the evidence and considering an event will be closer to the truth the more supporting evidence it has. This is important when gathering evidences during the audit.

Impartiality: impartiality is not taking sides, giving up making value judgments and treat as equivalent different versions of an event, believing the truth is in the middle.

The difference between being argumentative and being assertive, in the context of an audit.

Argumentative: going into an argument with clients – being disagreeable. This is an emotional reaction. Often aggressive.

Assertive: being respectful of the client who is disagreeing with you, while standing behind the point that you are making (which is backed-up by a specific clause from the standard). This is without emotion, just stating facts.

ISO Frog | The Latest Project From Luke Desira

ISO Frog is the new solution for ISO Certification. This software is crafted by a team of ISO experts, led by the management systems specialist, Luke Desira.

ISO Frog makes internal audits easier and more efficient by providing pre-built audit checklists aligned with ISO 9001:2015 standards. Whether you’re preparing for a certification audit or conducting regular internal audits, ISO Frog’s customizable templates ensure you cover all critical aspects. With its user-friendly interface, you can document findings, track non-conformities, and generate reports that align with ISO requirements. Simplify your internal auditing process and focus on continuous improvement with ISO Frog.

Sign up today and be one of the first to gain early access to ISO Frog itself! You’ll be effectively helping us test ISO Frog. By signing up, you’ll be receiving:

Lifetime Discount on ISO Frog
Monthly Group Coaching Sessions with Luke Desira

Customer Satisfaction

When doing an internal audit, two methods in which an organisation can monitor customer satisfaction :

Customer surveys
Market-share analysis

Verification Activities

Clause 8.3.4 of ISO 9001:2015 requires design and development verification to be carried out. List two verification activities that may be used by the design function of an organization.

Modelling/simulation
Experiments/tests

Note: 8.3.4 has 3 requirements:

Review: planning on how things happen
Verification: internally checking that product developed meets the desired output
Validation: customer confirms that outputs meet customer requirements

How an auditor can verify that agreed corrective actions have been effectively implemented.

After noting a corrective action as documented information an auditor can:

Check whether changes are made to the management systems and talk with the people involved to ensure that they know/implement the change
Update risks and opportunities during planning, and ensure that the right actions are taken and implemented to mitigate risks and seize opportunities for effective risk based management as per ISO 9001:2015
Go on site, to confirm that the changes has been implemented.

ISO 9001:2015 – Internal Audit Criteria examples: Leadership + Auditor

7 quality management principles.

ISO 9000:2015 identifies ‘evidence-based decision-making as one of the 7 Quality Management Principles that facilitate the achievement of Quality Objectives .

‘Evidence-based decision-making means that decisions are taken based facts on objective analysis of data and information, rather than hunches. This means that data is collected, and effectively analysed to come up with factual information regarding a situation – and subsequently evidence-based decision making can be done.

ISO 9001:2015 clauses that support ‘evidence-based decision making’

The following are examples of ISO 9001:2015 – Internal Audit Criteria for evidence-based decision making.

4.1 – internal & external issues
4.4.1 – QMS and its processes
6.2 – quality objectives
7.2 – competence
8.5.1 – control of production and service provision
9.1.2 – customer satisfaction
9.1.3 – analysis and evaluation
9.2 – Internal Audit
9.3 – Management Review Meeting

Evaluation of Leadership

ISO 9001:2015 requires Top Management to demonstrate leadership and commitment with respect to the QMS. Here are some methods for evaluating leadership in ISO 9001:2015 – Internal Audit Criteria with examples

To evaluate Top Management leadership and commitment, and internal auditor can:

interview the top management, I would ensure that they are committed to the quality policy, in a way that the quality objectives are defined that support the quality policy. And that they quality objectives are compatible with the context and strategic direction of the organization. Moreover, I would confirm that the data relating to these objectives is being collected, effectively analysed, and discussed during management review meetings, and that appropriate decisions are taken by top management to reach the quality objectives.

To audit Top Management leadership and commitment, and internal auditor can look for:

5.2 – quality policy is available as documented information, communicated and understood throughout the organization, and available to relevant interested parties
5.3 – organizational roles and responsibilities are assigned, communicated and understood within the organization.
9.3.3 – the outputs from the management review meeting consider all items mentioned in 9.3.2 and that decisions and actions related to opportunities for improvement, changes to the QMS and any resources needed are discussed and actioned (with the allocation of the right budgets – time and money).

Demonstrating Leadership & Commitment

Top management shall demonstrate leadership and commitment with respect to the quality management system by:

taking accountability for the effectiveness of the quality management system;
ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization;
ensuring the integration of the quality management system requirements into the organization’s business processes;
promoting the use of the process approach and risk-based thinking;
ensuring that the resources needed for the quality management system are available;
communicating the importance of effective quality management and of conforming to the quality management system requirements;
ensuring that the quality management system achieves its intended results;
engaging, directing and supporting persons to contribute to the effectiveness of the quality management system;
promoting improvement;
supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

ISO Frog is the new solution for ISO Certification.

Crafted by a team of ISO experts, led by Luke Desira, ISO Frog is there to simplify your journey towards ISO certification.

FREE Early Access Beta starts on Monday 9th September 2024 – So book your spot now.

Traits of an auditor

Diplomatic is when we convey the message that we’d like to communicate with the client in a respectful way, that would be understood by the client. For example when the auditee is disagreeing with the auditor that a particular evidence (or lack of) should be considered as a NC – a diplomatic auditor with cordially disagreed with the auditee and read the relevant clause in a way that is perceived as friendly, respectful and professional.

Not being diplomatic could have on an audit the following impacts:

Severe the relationship with the client by arguing
If one the other hand the auditor is agreeable, to avoid being assertive, the downside could be that we do not achieve the intended outcome of the audit which to ensure that the company is complying to the requirements set by the standard.

Conclusion: ISO 9001:2015 – Internal Audit Criteria with examples

We sincerely hope you have enjoyed this post about ISO 9001:2015 – Internal Audit Criteria with examples. We have shared this information with a deep commitment to help you grow your ISO 9001 Certification knowledge. The more companies get ISO 9001 Certified, the better the value-chain will be across the board.

If you are now interested in getting further help and you’d like to know the cost for ISO 9001 Certification , we’d love to help.

If you are seeing the help of an ISO 9001 Consultant in Malta or anywhere in the world, we can help. Alternatively, you might want to consider this ISO 9001 Software that will guide you towards ISO Certification at your own pace.

Quality policy for an ISO management system

Creating a Quality policy for an ISO management system might be a daunting task for some. However, from our experience in ISO 9001 consulting, we know that it can be a fun, creative exercise. Strategy first Getting your business ISO Certified, should be a strategic decision for your business. Through the process of getting ISO…

Customer Satisfaction for ISO 9001

Customer satisfaction is a very important aspect of ISO 9001. As we have discussed in earlier posts, having an ISO Certification doesn’t mean that you will have a good quality product. Rather, an ISO Certification, by a reputable certification body, means that you have a strong management system through which you are obtaining real data…

Process to get ISO 9001 Certified

Since ISO 9001 is a standard, there should be a process to get ISO 9001 Certified, however most consultants still don’t follow a defined process, with tangible actions and results that will be obtained in each step. At ISO 9001 Malta, we do it different. In this post, we will explain the salient steps to…

ISO 9001 Clauses in plain English

On this page, we will explain in detail, the ISO 9001 clauses in plain English. As an introduction, here are the salient elements of these ISO 9001 clauses in plain English. Introduction to ISO 9001 Clauses in plain English Context – What are the internal and external elements affecting the business? Who are the people…

ISO 9001 Certification Requirements

In this page, you will get a complete overview to learn the ISO 9001 Certification Requirements. Here we will assume that you are very familiar with the benefits of implementing an ISO Certification and that you understand Why ISO Certification is important. Step 1: Get an overview of the Clauses for Certification Step 2: Know…

Pingback: Internal & External Audit Findings Examples (Based on ISO 9001:2015)
Pingback: ISO 15189 for Medical laboratories in Malta - Certified ISO Consultant
Pingback: How to perform ISO 9001 Internal audit for SMEs in Malta
Pingback: Corrective actions and non-conformities in ISO - Explained in detail
Pingback: ISO 9001 for a Marketing Agency - an Example for a Service Company
Pingback: How Do You Verify Corrective Action? – Fallsgardencafe

Comments are closed.

Choose your region and currency

Get Certified

ISO 9001 Certification Process

Learn how to quickly implement a business-friendly ISO 9001 system

DIY Certification Toolkit

Expert Certification Service

Hybrid Certification Support

Maintain & Improve

How to Improve Your QMS

Transform your underperforming ISO 9001 system into a powerful business tool

Documentation Templates

ISO 9001 Consulting

Internal Audit Service

Document Review

Training Recommendations

Identify your optimal ISO 9001 learning journey

E-Learning Solutions

Bespoke Training Programs

Video-Based Instruction

Learning Center

Comprehensive knowledge hub for ISO 9001 implementation and maintenance

Case Studies

Real-world examples of successful ISO 9001 adoptions across various industries

Free Downloads

Practical tools, templates, and guides to support your ISO 9001 implementation

Registrar Finder

Match with suitable certification bodies and receive quotes

What are you looking for?

HOME / iso 9001 case studies

ISO 9001 Case Studies

Explore our ISO 9001 case studies to witness real-world examples of how companies worldwide have successfully implemented our products to establish custom quality management systems and achieve ISO 9001 certification. These case studies provide valuable insights into the practical application of ISO 9001 and offer tangible proof of the results that can be achieved when utilizing the resources and expertise offered by 9001Simplified.

Semilink Materials

Certified: October 2024

SemiLink Materials achieved ISO 9001:2015 certification, integrating quality management into their business foundation. Learn how this semiconductor startup leveraged ISO 9001 principles to enhance operations and secure market access.

Read the Case Study

Environmental Painting Alternatives

Certified: August 2024

EPA achieved ISO 9001 certification through our comprehensive Certification Service. This case study examines EPA's motivations, challenges, and the tangible benefits they've experienced throughout the process.

Kingpin Dynamics

Certified: November 2023

Operating as a one-person engineering company in Sweden, Kingpin Dynamics required ISO 9001 certification to increase its appeal to potential clients. Leveraging our DIY Toolkit, the company spent only one month to implement ISO and realize multiple operational benefits as well.

AirportCreators

Certified: March 2021

Located at Schipol Airport in the Netherlands, AirportCreators needed an ISO system that would align with their dynamic and creative culture. With our help, they implemented a lean ISO 9001 system and achieved certification within five months.

Pace Engineering

Certified: October: 2020

Pace Engineering in New Zealand's South Island wanted to use ISO 9001 to achieve ultimate process efficiency in production and administration. With our Do-It-Yourself kit and training, they implemented a versatile ISO system and got certified nine months later.

J.T. Fennell

Certified: September 2020

Operating two steel fabrication plants south of Chicago, J.T. Fennell used our products and services to set up an ISO 9001 system that would earn the full support of all employees. They easily passed the certification audit at their first attempt in September 2020.

How can we help?

Please enter your full name

Please enter a valid email

Please enter a valid phone number

Please enter a message

Send Inquiry

Thanks. Your message has been sent. We'll get back to you as soon as possible.

Looking for information or advice? Ask us anything

We'll reply ASAP

Making excellence a habit

Verify a certificate

Buy standards

Case studies for ISO 9001

ISO 9001 is the world’s most recognized quality management standard. Implementing the standard can help you to continually monitor, manage and improve quality across all operations. This can help you save money, increase profit, win more business and satisfy more customers.

Read how our customers have benefited from implementing the standard.

Advisera Home
Compliance in general

Partner Panel

Company Training Academy

Products by framework:

Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.

Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.

All required policies, procedures, and forms to implement an ISMS according to ISO 27001.

Train your key people about ISO 27001 requirements and provide cybersecurity awareness training to all of your employees.

Accredited courses for individuals and security professionals who want the highest-quality training and certification.

Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.

Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.

All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.

Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.

Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.

All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.

Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.

Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.

All required policies, procedures, and forms to implement a QMS according to ISO 9001.

Accredited courses for individuals and quality professionals who want the highest-quality training and certification.

Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.

Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.

All required policies, procedures, and forms to implement an EMS according to ISO 14001.

Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.

Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.

Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.

All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.

Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.

Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.

All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.

Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.

Compliance products for the European Union’s Medical Device Regulation.

All required policies, procedures, and forms to comply with the EU MDR.

Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.

All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.

Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.

All required policies, procedures, and forms to implement a BCMS according to ISO 22301.

Implementation products for testing and calibration laboratories according to the ISO 17025 standard.

All required policies, procedures, and forms to implement ISO 17025 in a laboratory.

Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.

All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.

Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.

All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.

White Papers
Templates & Tools

Where to Start

Live Consultations
Consultant Directory

Solutions for industries:

Consultants
IT & SaaS companies
Critical infrastructure
Manufacturing
Transportation & distribution
Telecommunications
Banking & finance
Health organizations
Medical device
Laboratories

Implementation, maintenance, training, and knowledge products for consultancies.

Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.

All required policies, procedures, and forms to implement various standards and regulations for your clients.

Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.

Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.

Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.

Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.

Implementation, maintenance, training, and knowledge products for the IT industry.

Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).

Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.

Compliance, training, and knowledge products for essential and important organizations.

Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).

Implementation, training, and knowledge products for manufacturing companies.

Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).

Accredited courses for individuals and professionals who want the highest-quality training and certification.

Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.

Implementation, training, and knowledge products for transportation & distribution companies.

Implementation, training, and knowledge products for schools, universities, and other educational organizations.

Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).

Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.

Implementation, maintenance, training, and knowledge products for telecoms.

Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.

Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).

Implementation, training, and knowledge products for local, regional, and national government entities.

Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (critical infrastructure cybersecurity).

Implementation, training, and knowledge products for hospitals and other health organizations.

Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).

Implementation, training, and knowledge products for the medical device industry.

Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), NIS 2 (critical infrastructure cybersecurity) and GDPR (privacy).

Implementation, training, and knowledge products for the aerospace industry.

Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).

Implementation, training, and knowledge products for the automotive industry.

Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety), and NIS 2 (critical infrastructure cybersecurity).

Implementation, training, and knowledge products for laboratories.

Documentation to comply with ISO 17025 (testing and calibration laboratories), ISO 9001 (quality), and NIS 2 (critical infrastructure cybersecurity).

Carlos Pereira da Cruz

Get Started

ISO 9001:2015 Case study: Context of the organization as a success factor in manufacturing company

Clause 4.1 of ISO 9001:2015 is causing lot of ambiguities and raising more questions than answers to most quality practitioners. Defining context of the organization basically means determining the foundation of your QMS and where your company stands in terms of internal and external issues related to the QMS. This requirement of clause 4 can seem too general, and there is a risk of going too wide when defining the internal and external issues. In fulfilling this clause, you should focus only on issues that can affect the customer satisfaction and delivery of quality product and/or service.

This simple example will help you understand how to determine context of the organization according to ISO 9001 in small or midsize production company and give some inspiration in your implementation project.

Small company from the South East Europe, let’s call it ABC Company, produces terrace and staircase metal fences and exports its products for some time in Germany. Since the projects are being more and more lucrative, their German customers required implementation of ISO 9001. First milestone in implementation of the standard was definition of context of the organization .

Internal context

External context.

Since the most of the products are delivered to Germany, the company is obliged to apply German and EU regulations regarding product quality, environmental protection and occupational health and safety. Being present on German market for 5 years, the company identified all legal requirements together with requirements of their customer which is one big German construction company and they are one of the subcontractors. Domestic market has far less requirements but it is struggling and prices on the foreign markets are more favorable so the future direction of the company is to meet requirements of it foreign customer and try to find another customers in EU countries.

Documenting context of the organization

The CEO of ABC Company decided to conduct SWOT analysis to furtherly examine the context of the organization and ensure inputs for further identification of risks and opportunities .

Table: SWOT analysis

The CEO decided that the records of SWOT analysis will be included in QMS documentation; however, he did it reluctantly since information in the SWOT analysis can be considered as sensitive and he doesn’t feel comfortable showing them to the third party (e.g. certification auditor) but he did it at the insistence of Quality Manager. The final solution was to require from the certification body an NDA (Non Disclosure Agreement) and make sure that the information provided during the audit will be confidential and protected.

What’s next?

Information gathered through process of defining context of the organization will be used as an input for further phases in implementation of ISO 9001. The fact that only one kind of product is delivered to the customer who requires ISO 9001 certificate can influence the decision about the scope of QMS (for more information, see: How to define the scope of the QMS according to ISO 9001:2015 ), other issues identified can lead to actions to address risks and opportunities (for more information, see: How to address risks and opportunities in ISO 9001 ) or can even influence the business plan and overall strategy of the company in the future years in terms of expanding to another markets and seeking for more reliable suppliers.

To learn more about ISO 9001 requirements and particularly context of the organization, try our free online training: ISO 9001:2015 Foundations Course .

Strahinja Stojanovic is certified as a lead auditor for the ISO 13485, ISO 9001, ISO 14001, and OHSAS 18001 standards by RABQSA. He participated in the implementation of these standards in more than 100 SMEs, through the creation of documentation and performing in-house training for maintaining management systems, internal audits, and management reviews.