ISO/IEC 9001•

ISO 9001 – Clause 9.2 – Internal Audit

See it in action
By Max Edwards | Updated 21 March 2024

Learn how Clause 9.2 aids in selecting and training auditors, assists in streamlining ISO 9001 and internal audits, from planning to addressing non-conformities and integrating with other management systems.

Jump to topic

What Is ISO 9001, Clause 9.2?

When you’re preparing for an ISO 9001 clause 9.2 internal audit, the qualifications and independence of your auditors are paramount. Auditors must possess a deep understanding of the ISO 9001 standards, along with a background in quality management systems. They should be adept in the principles and practices of auditing and possess the ability to identify and assess the effectiveness of quality management processes.

Ensuring Auditor Independence

To maintain the integrity of the audit process, auditor independence is crucial. This means that auditors should not audit their own work to avoid conflicts of interest. At ISMS.online, we understand the importance of impartiality, and our platform supports you in selecting auditors who are free from bias and vested interest, ensuring a fair and objective audit process.

The Role of Training

Training is a critical component in equipping auditors with the necessary skills and knowledge. Continuous professional development ensures that auditors stay current with the latest ISO standards and auditing techniques. Our platform offers resources and tools that can help in the ongoing training of auditors, ensuring they are well-prepared for the ISO 9001 clause 9.2 audit.

ISMS.online's Support in Auditor Selection and Training

At ISMS.online, we are committed to facilitating the selection and training of qualified auditors. Our comprehensive suite of tools and resources is designed to streamline the training process, from initial education to ongoing professional development, ensuring that your auditors are equipped to conduct thorough and effective internal audits.

Book a demo

Planning and Scheduling the Internal Audit

Effective planning is the cornerstone of a successful ISO 9001 clause 9.2 internal audit. As you embark on this critical phase, it’s essential to consider several key factors that will shape the process.

Key Considerations for Audit Planning

When planning your internal audit, you must first establish the scope and objectives. This involves identifying the areas of your Quality Management System (QMS) that will be examined and what you aim to achieve with the audit. At ISMS.online, we provide tools that help you define these parameters clearly, ensuring that your audit aligns with your organisational goals and ISO 9001 requirements.

Determining the Frequency of Internal Audits

The frequency of internal audits is not one-size-fits-all; it should be tailored to your organisation’s unique needs. Factors such as the complexity of processes, importance to your business, and previous audit findings play a role in this decision. Our platform offers dynamic risk management tools that can assist you in making informed decisions about audit frequency.

Influences on Audit Scheduling

Scheduling should take into account the availability of resources, workload, and key business cycles. It’s important to ensure that audits are conducted at times that minimise disruption while still providing a comprehensive assessment of the QMS.

Setting the Stage for an Effective Audit

The planning stage lays the groundwork for the entire audit process. By meticulously preparing, you set the stage for an audit that is not only compliant with ISO 9001 clause 9.2 but also adds value to your organisation. Our ISMS.online platform is designed to support you through every step, ensuring that your planning is thorough, efficient, and sets you up for success.


Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Execution of the Internal Audit

The execution phase is where the planning and preparation for your ISO 9001 clause 9.2 internal audit come to life. This stage is critical as it involves the actual assessment of your Quality Management System against the ISO 9001 criteria.

Steps Involved in the Execution Phase

During the execution phase, auditors will conduct a thorough examination of processes, records, and practices. The steps typically include:

  1. Opening Meeting: To set the objectives and outline the audit plan to the relevant stakeholders.
  2. Evidence Collection: Gathering documentation, records, and conducting interviews to assess conformity.
  3. Evaluation: Assessing the evidence against the ISO 9001 criteria to identify areas of compliance and non-compliance.
  4. Recording Findings: Documenting the audit evidence and findings in a clear and structured manner.

Assessing ISO 9001 Criteria

To ensure a comprehensive audit, each ISO 9001 criterion is assessed methodically. This involves evaluating documented information, observing processes in action, and verifying that practices align with the stated quality objectives.

Tools and Techniques for a Thorough Audit

Our platform, ISMS.online, provides a suite of tools and techniques designed to facilitate a thorough audit. This includes:

  • Checklists and Templates: To guide auditors through the process and ensure no element is overlooked.
  • Document Management Systems: For easy access to and organisation of necessary documentation.

Streamlining Audits with ISMS.online

We at ISMS.online are dedicated to streamlining the execution of internal audits. Our platform offers:

  • Integrated Compliance Frameworks: To align audit activities with ISO 9001 requirements.
  • Dynamic Risk Management Tools: To prioritise audit focus areas based on risk assessment.

By leveraging these tools, you can ensure that your internal audits are conducted efficiently, effectively, and in line with the best practices of ISO 9001 clause 9.2.


Documenting the Audit Findings

Proper documentation is a critical component of the ISO 9001 clause 9.2 internal audit process. It serves as the foundation for evaluating the effectiveness of your Quality Management System and for making informed decisions about future improvements.

Effective Audit Evidence

Audit evidence should be accurate, relevant, and sufficient to support audit findings and conclusions. This includes records, statements of fact, and other information pertinent to the audit criteria. As auditors, you should ensure that evidence is collected methodically and is representative of the audit scope.

Retention of Audit Documentation

Audit documentation should be retained for a period that satisfies your organisation’s requirements and complies with applicable regulations. Typically, this is a minimum of two years for active use and up to seven years for archived records. This retention period allows for the review of historical information during future audits.

Secure Document Management with ISMS.online

At ISMS.online, we understand the importance of secure document management. Our platform provides a Microsoft-hosted, EEA-compliant environment for storing your audit documentation. With our robust policy and control management, you can rest assured that your audit records are secure, accessible, and managed in accordance with the highest standards of information security.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Addressing Non-Conformities and Corrective Actions

During an ISO 9001 clause 9.2 internal audit, identifying and addressing non-conformities is a critical step in enhancing your Quality Management System (QMS).

Identification and Classification of Non-Conformities

Non-conformities are typically identified through a detailed review of processes, documentation, and practices against the ISO 9001 standards. Once identified, they are classified as either minor or major. Minor non-conformities may involve slight deviations from procedures that don’t significantly affect the QMS, while major non-conformities are issues that can potentially lead to a failure of the QMS or part of it.

Steps for Addressing Non-Conformities

To address non-conformities, you should:

  1. Document the non-conformity and inform relevant stakeholders.
  2. analyse the root cause to understand why the non-conformity occurred.
  3. Develop a corrective action plan that includes specific measures to rectify the issue.

Planning and Implementing Corrective Actions

Corrective actions should be planned with clear objectives and timelines. Implementation may involve revising procedures, conducting additional training, or making changes to the QMS. At ISMS.online, we provide tools to help you plan, track, and manage these actions effectively.

Ensuring Effectiveness of Corrective Actions

To ensure corrective actions are effective, they should be followed by a verification process. This may include audits or reviews to confirm that the actions have been implemented and that non-conformities have been addressed. Our platform offers features that facilitate this follow-up, helping you maintain a robust and compliant QMS.


The Role of Audit Checklists and Templates

In the realm of ISO 9001 clause 9.2 internal audits, checklists and templates are not just tools; they are the scaffolding that supports an efficient and comprehensive audit process. At ISMS.online, we recognise the pivotal role these resources play in your audit’s success.

Contribution to Audit Efficiency

Checklists and templates serve as a roadmap, guiding auditors through each step of the audit process. They ensure that no critical element is overlooked and that each audit is conducted systematically. This structured approach not only saves time but also enhances the consistency and reliability of your audit findings.

Benefits of standardised Audit Tools

Using standardised tools during your internal audits brings a multitude of benefits. They provide a reference point that aligns with ISO 9001 requirements, ensuring that your audits address all necessary criteria. Moreover, they facilitate an effective internal audit by streamlining the process, reducing the likelihood of errors, and promoting a thorough examination of the QMS.

Customisation of Templates

We understand that each organisation is unique. That’s why our templates are designed to be customisable. You can tailor them to reflect your specific processes, objectives, and the scope of your audit, ensuring that they fit the unique needs of your organisation perfectly.

Customisable Templates from ISMS.online

Our platform, ISMS.online, provides a suite of customisable templates that are not only time-saving but also proven in their effectiveness. They are scalable, ensuring that organisations of all sizes can benefit from them. With our templates, you can conduct your internal audits with the confidence that you are fully supported by tools that are both comprehensive and compliant with ISO 9001 clause 9.2 standards.


Compliance doesn't have to be complicated.

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Integrating Internal Audits with Other Management Systems

In today’s interconnected business environment, internal audits are not standalone activities; they are part of a complex ecosystem of management systems. At ISMS.online, we recognise the importance of integrating your ISO 9001 clause 9.2 internal audits with other management systems to create a cohesive approach to compliance and quality management.

Interaction with Other Management Systems

Internal audits provide a unique opportunity to ensure that your Quality Management System (QMS) works in harmony with other management systems, such as Information Security Management Systems (ISMS). By conducting integrated audits, you can assess the effectiveness of your QMS and its alignment with information security practices, environmental management, and more.

Benefits of a Holistic Audit Approach

A holistic approach to internal audits offers several benefits. It allows for a more efficient use of resources, as overlapping requirements can be audited simultaneously. This approach also provides a broader perspective on organisational performance, revealing insights that might be missed when management systems are audited in isolation.

Supporting Information Security Management

Internal audits play a crucial role in supporting information security management. They help identify vulnerabilities and ensure that information security controls are effective and aligned with the overall quality objectives of your organisation.

ISMS.online’s Integration Support

Our platform, ISMS.online, is designed to facilitate the integration of your internal audits with other management systems. We provide a centralised platform where you can manage audit activities, document findings, and track corrective actions across all management systems, ensuring a seamless and comprehensive audit experience.


Further Reading

Continuous Improvement Through Internal Audits

Internal audits are not just a compliance exercise; they are a catalyst for continuous improvement within your Quality Management System (QMS). At ISMS.online, we are committed to helping you leverage internal audits as a tool for driving enhancement and growth.

Driving QMS Improvement

Through the meticulous examination of processes and practices, internal audits identify both conformities and non-conformities within your QMS. This critical evaluation provides the insights necessary to make informed decisions about where improvements can be made, ensuring that your QMS evolves to meet the changing needs of your business and customers.

Management Reviews as a Catalyst

Management reviews are an integral part of the improvement cycle. They provide a platform for senior management to engage with audit findings, assess the performance of the QMS, and set actionable goals for improvement. Our platform facilitates these reviews by providing a structured framework for discussion and decision-making.

Incorporating Customer Feedback

Customer surveys and feedback are invaluable in shaping a customer-centric QMS. By integrating this feedback into your internal audits, you ensure that your QMS remains aligned with customer expectations and industry best practices.

ISMS.online’s Tools for Improvement

We offer a suite of dynamic tools designed to support continuous improvement. From risk management tools that help prioritise areas for improvement to dashboards and reporting that track progress, ISMS.online equips you with the resources needed to maintain a state-of-the-art QMS.


Preparing for External ISO Certification Audits

Conducting internal audits is a proactive step towards ensuring that your organisation is ready for external ISO certification audits. These internal assessments provide a mirror for you to reflect on the current state of your Quality Management System (QMS).

Understanding the Audit Spectrum

Internal audits are conducted by your own staff or a hired internal auditor, focusing on self-assessment and improvement. In contrast, external audits are performed by independent auditors from certification bodies to verify that your QMS meets the ISO 9001 standards. The primary difference lies in the objectivity and formal recognition that external audits provide.

Ensuring Audit Readiness

To ensure readiness for an external audit, it’s essential to:

  • Conduct thorough internal audits regularly, using them as a rehearsal for the external audit.
  • Address all findings from internal audits promptly, ensuring that non-conformities are corrected and improvements are implemented.

Strategies for Certification Success

Our platform, ISMS.online, supports you in employing strategies to overcome certification challenges, such as:

  • Gap analysis to identify areas that need attention before the external audit.
  • Mock audits to simulate the external audit experience for your team.
  • Continuous improvement practices to keep your QMS dynamic and responsive.

By integrating these strategies into your audit process, you can approach external certification with confidence, knowing that your QMS not only complies with ISO 9001 standards but is also robust and effective.


Risk Management and Quality Planning

In the intricate dance of internal audits, risk management and quality planning are your lead partners. They guide your steps, ensuring that every move is precise and every turn is calculated to enhance the overall performance of your Quality Management System (QMS).

Utilising Dynamic Risk Management Tools

Dynamic risk management tools are essential in the audit process. They help you identify and evaluate the risks that could impact your QMS’s effectiveness. At ISMS.online, we provide you with these tools to ensure that you’re not just reacting to risks, but proactively managing them. This forward-thinking approach is crucial for a robust audit process and a resilient QMS.

The Significance of Quality Planning

Quality planning sets the stage for a successful audit. It involves defining objectives, identifying resources, and establishing clear, actionable steps to achieve compliance. Quality planning ensures that your audit is not just a box-checking exercise but a strategic activity that aligns with your organisational goals.

Integrating Production Samples and Test Plans

Production samples and test plans are not mere formalities; they are the rehearsal before the main performance. By incorporating these elements into your audit preparedness, you ensure that your QMS can withstand the rigours of real-world application and meet the stringent requirements of ISO 9001.

Applying Advanced Quality Management Techniques

To further enhance your QMS, consider advanced techniques such as process audit turtle diagrams for a deeper understanding of your processes, or CTQ (Critical to Quality) characteristics to focus on what truly matters for quality. These techniques, supported by our platform, can elevate your quality management to new heights, ensuring that your internal audits are not just compliant, but exemplary.



ISO 9001 Clause Table

ISO 9001 Clause NumberISO 9001 Clause Name
Clause 4Context of the Organization
Clause 4.1Understanding the Organization and Its Context
Clause 4.2Understanding the Needs and Expectations of Interested Parties
Clause 4.3Determining the Scope of the Quality Management System
Clause 4.4Quality Management System and Its Processes
Clause 5Leadership
Clause 5.1Leadership and Commitment
Clause 5.2Policy
Clause 5.3Organizational Roles, Responsibilities and Authorities
Clause 6Planning
Clause 6.1Actions to Address Risks and Opportunities
Clause 6.2Quality Objectives and Planning to Achieve Them
Clause 6.3Planning of Changes
Clause 7Support
Clause 7.1Resources
Clause 7.2Competence
Clause 7.3Awareness
Clause 7.4Communication
Clause 7.5Documented Information
Clause 8Operation
Clause 8.1Operational Planning and Control
Clause 8.2Requirements for Products and Services
Clause 8.3Design and Development of Products and Services
Clause 8.4Control of Externally Provided Processes, Products and Services
Clause 8.5Production and Service Provision
Clause 8.6Release of Products and Services
Clause 8.7Control of Nonconforming Outputs
Clause 9Performance Evaluation
Clause 9.1Monitoring, Measurement, Analysis and Evaluation
Clause 9.2Internal Audit
Clause 9.3Management Review
Clause 10Improvement

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Streamline your workflow with our new Jira integration! Learn more here.