ISO 29001:2020
Quality Management Systems – Petroleum, Petrochemical and Natural Gas Industries
COMPLETE AUDIT CHECKLIST
AUDIT INFORMATION
Organization Name:
______________________________
Audit Reference #:
______________________________
Audit Type:
☐ Internal ☐ Second-Party ☐ Certification ☐ Surveillance
Audit Date(s):
______________________________
Lead Auditor:
______________________________
Audit Team Members:
______________________________
Scope of Audit:
ISO 29001 – Quality Management Systems for Petroleum, Petrochemical and Natural Gas Industries
Applicable Locations:
______________________________
Applicable Clauses:
Clauses 4–10, Annex A (Sector-Specific Requirements)
Previous Audit Date:
______________________________
Open Actions from Previous Audit:
______________________________
CONFORMITY RATING LEGEND
C – Conforming
NC – Nonconformity
OFI – Opportunity for Improvement
N/A – Not Applicable
INSTRUCTIONS FOR USE
1. Review each requirement against documented evidence and objective evidence observed during the audit.
2. Rate each item as C (Conforming), NC (Nonconformity), OFI (Opportunity for Improvement), or N/A (Not Applicable).
3. Record the finding reference number (linked to the formal audit finding sheet) in the 'Finding Ref.' column.
4. Use the 'Auditor Notes' column for brief observations; detailed evidence is recorded in the audit working papers.
5. All Nonconformities must be formally documented on NCR/CAR forms and agreed with the auditee.
6. OFIs are recommendations only and do not require mandatory corrective action, but should be tracked.
7. N/A must be justified in the auditor notes or in a separate exclusion rationale document.
8. This checklist is a living document – add rows for organization-specific or project-specific requirements as needed.
9. Retain completed checklists as objective evidence of the audit per your document retention policy.
ISO 29001:2020 – Audit Checklist
Complete all fields. Use additional sheets for detailed findings. C = Conforming | NC = Nonconformity | OFI = Opportunity for Improvement | N/A = Not Applicable
Ref. #
Audit Requirement
Evidence / Records to Review
C / NC / OFI
Finding Ref.
Auditor Notes
Clause 4: Context of the Organization
4.1 Understanding the Organization and Its Context
4.1.1
Has the organization determined external and internal issues relevant to its purpose (including geopolitical, regulatory, environmental, market conditions)?
SWOT/PESTLE analysis, management review records, strategic documents
4.1.2
Are issues related to the oil & gas sector specifically identified (e.g., commodity price volatility, environmental regulations, upstream/midstream/downstream risks)?
Context analysis documents, sector risk register
4.1.3
Is the context reviewed and updated at planned intervals?
Management review minutes, version history of context documents
4.2 Understanding the Needs and Expectations of Interested Parties
4.2.1
Has the organization identified relevant interested parties (clients, regulators, local communities, contractors, shareholders, industry bodies)?
Stakeholder register, interested party analysis
4.2.2
Are the relevant requirements of interested parties determined and monitored (including API, ASME, NORSOK, national petroleum regulations)?
Requirements register, regulatory tracking log
4.2.3
Are customer-specific requirements captured and communicated internally?
Contract review records, project quality plans
4.3 Determining the Scope of the QMS
4.3.1
Is the scope of the QMS defined and documented, including boundaries, applicable locations, activities, products, and services?
QMS scope statement, quality manual or equivalent
4.3.2
Does the scope address all applicable ISO 29001 requirements and justify any exclusions?
Scope document with exclusion justification
4.3.3
Is the scope available as documented information?
Quality manual, intranet, document management system
4.4 Quality Management System and Its Processes
4.4.1
Are QMS processes identified, including sequence, interaction, inputs, outputs, and responsibilities?
Process map / turtle diagrams, process descriptions
4.4.2
Are process risks and opportunities determined and addressed?
Risk register at process level, FMEA records
4.4.3
Are processes evaluated and improved using appropriate metrics?
KPI dashboards, process performance reports
4.4.4
Is documented information maintained and retained to support process operation?
Document control register, process records
Clause 5: Leadership
5.1 Leadership and Commitment
5.1.1
Does top management demonstrate leadership by taking accountability for QMS effectiveness and integrating quality into business processes?
Management review records, quality policy sign-off, leadership communications
5.1.2
Does top management ensure quality objectives are aligned with the strategic direction of the organization?
Strategic plan, business plan, quality objectives documentation
5.1.3
Is there evidence of top management promoting a customer and product safety focus throughout the organization?
HSE/quality campaigns, leadership briefings, HSE statistics
5.1.4
Does top management ensure resources for the QMS are available?
Budget allocations, resource planning documents
5.1.5
Does top management support other relevant management roles to demonstrate leadership in their areas?
Delegation of authority matrix, role descriptions
5.2 Policy
5.2.1
Is a documented quality policy established, appropriate to the organization's purpose and context?
Quality policy document, signed and dated by top management
5.2.2
Does the policy include a commitment to satisfy applicable requirements and to continual improvement?
Quality policy content review
5.2.3
Is the quality policy communicated, understood, and applied within the organization?
Communication records, staff awareness interviews, posters/intranet
5.2.4
Is the policy available to relevant interested parties?
Public website, project quality plans shared with clients
5.3 Organizational Roles, Responsibilities and Authorities
5.3.1
Are responsibilities and authorities for all QMS-relevant roles assigned, communicated, and understood?
Organization chart, job descriptions, RACI matrix
5.3.2
Is a management representative or equivalent role designated with authority for QMS conformity?
Appointment letter, QMS organizational chart
5.3.3
Are responsibilities for product/service conformity clearly assigned across the supply chain (engineering, procurement, operations, inspection)?
Project quality plans, work instructions, inspection procedures
Clause 6: Planning
6.1 Actions to Address Risks and Opportunities
6.1.1
Has the organization determined risks and opportunities relevant to the QMS, including sector-specific risks (well integrity, pipeline failures, asset reliability)?
Risk register, risk assessment methodology, bowtie analyses
6.1.2
Are actions planned to address risks and opportunities, and are actions proportionate to the potential impact on product/service conformity?
Risk treatment plans, corrective/preventive action records
6.1.3
Is the effectiveness of risk and opportunity actions evaluated?
KPI reviews, audit findings, management review outputs
6.2 Quality Objectives and Planning to Achieve Them
6.2.1
Are quality objectives established at relevant functions, levels, and processes, consistent with the quality policy?
Quality objectives register, departmental objectives
6.2.2
Are quality objectives measurable, monitored, communicated, and updated as needed?
KPI tracking system, management review records
6.2.3
Are plans in place detailing what will be done, by whom, by when, with what resources, and how results will be evaluated?
Action plans, project schedules, resource plans
6.3 Planning of Changes
6.3.1
Are changes to the QMS carried out in a planned manner, considering purpose, consequences, resource availability, and responsibilities?
Management of change (MOC) procedure, change logs
6.3.2
Is a management of change process in place for changes affecting quality-critical activities (process changes, equipment, personnel, regulations)?
MOC records, change impact assessments
Clause 7: Support
7.1 Resources
7.1.1
Are resources needed for the QMS (human, infrastructure, environment) determined and provided?
Resource plans, budget approvals, staffing records
7.1.2
Are persons whose work affects quality competent (education, training, experience)?
Competency matrix, training records, qualification certificates
7.1.3
Is infrastructure maintained to ensure product/service conformity (equipment, facilities, IT systems, transport)?
Asset register, preventive maintenance schedules, calibration records
7.1.4
Is the work environment managed to ensure process operation and product conformity (cleanliness, temperature, contamination control)?
Work environment monitoring records, housekeeping inspections
7.1.5
Are monitoring and measurement resources identified, maintained, and calibrated/verified to ensure valid results?
Calibration register, calibration certificates, test equipment logs
7.1.6
Is organizational knowledge identified, maintained, and protected (technical know-how, lessons learned, industry standards)?
Knowledge management system, lessons learned database, standards library
7.2 Competence
7.2.1
Are competence requirements determined for personnel affecting quality performance?
Job descriptions, competence frameworks
7.2.2
Is competence ensured through education, training, or experience; with evidence retained?
Training matrix, certificates, qualification records, CVs
7.2.3
Are actions taken when competence gaps are identified, and is effectiveness evaluated?
Training needs analysis, post-training assessments
7.3 Awareness
7.3.1
Are personnel aware of the quality policy, quality objectives, their contribution to QMS effectiveness, and implications of non-conformity?
Onboarding records, toolbox talks, induction records, surveys
7.3.2
Are personnel aware of their specific roles in preventing product/service nonconformity?
Role-specific briefings, work instructions sign-off
7.4 Communication
7.4.1
Are internal and external communication processes defined (what, when, with whom, how)?
Communication plan, meeting minutes, stakeholder communication records
7.4.2
Are quality-critical communications to customers, suppliers, and regulators documented and controlled?
Correspondence register, contract communications
7.5 Documented Information
7.5.1
Does the QMS include all required documented information per ISO 29001 plus organization-determined documents?
Document register, QMS index
7.5.2
Is documented information properly identified (title, date, author, reference number, revision)?
Sample documents checked for identification
7.5.3
Is documented information controlled: available when needed, protected, distributed, stored, retained, and disposed of appropriately?
Document control procedure, access rights, retention schedule
7.5.4
Are external documents (client specs, industry codes, regulations, standards) identified and controlled?
External document register, standards library
Clause 8: Operation
8.1 Operational Planning and Control
8.1.1
Are processes for operational activities planned, controlled, and documented (criteria, work instructions, inspection & test plans)?
Work instructions, ITPs, method statements, quality plans
8.1.2
Are contingency plans in place for potential impacts on product/service conformity (supply chain disruption, emergency shutdowns)?
Business continuity plan, emergency response procedures
8.1.3
Are changes to operational processes controlled through the MOC process?
MOC records, change approvals
8.2 Requirements for Products and Services
8.2.1
Are processes established for communicating with customers (product/service information, enquiries, contracts, changes, feedback, complaints)?
Customer communication procedure, contract register
8.2.2
Are requirements for products and services determined, including statutory/regulatory, industry code, and customer-specific requirements?
Contract review records, requirements traceability matrix
8.2.3
Is a formal contract/order review performed to confirm capability before commitment?
Contract review checklist, signed review records
8.2.4
Are changes to product/service requirements communicated and documented?
Change order register, revised drawings/specs records
8.3 Design and Development of Products and Services
8.3.1
Is a design and development process established (where applicable) with defined stages, reviews, verification, and validation?
Design plan, design reviews, HAZOP/HAZID records
8.3.2
Are design inputs (functional requirements, industry codes, regulatory requirements) documented and reviewed for adequacy?
Design basis document, technical specifications
8.3.3
Are design outputs documented and meet input requirements (drawings, calculations, material specs, data sheets)?
Engineering deliverables register, approved for construction documents
8.3.4
Are design reviews, verifications, and validations performed and recorded at defined stages?
Design review minutes, verification reports, FAT/SAT records
8.3.5
Are design changes identified, reviewed, and controlled?
Engineering change notices, revision history
8.4 Control of Externally Provided Processes, Products and Services
8.4.1
Are criteria defined for evaluation, selection, monitoring, and re-evaluation of external providers (vendors, subcontractors, labs)?
Approved vendor list (AVL), supplier qualification procedure
8.4.2
Are purchased products/services verified to meet specified requirements (incoming inspection, certification review, mill test reports)?
Receiving inspection records, material traceability records, MTRs
8.4.3
Is information communicated to external providers (specifications, qualifications required, interface requirements, approval requirements)?
Purchase orders, technical requisitions, supplier quality requirements
8.4.4
Are critical/sole-source suppliers subject to enhanced surveillance or audits?
Supplier audit records, surveillance visit reports
8.5 Production and Service Provision
8.5.1
Are production/service activities controlled with work instructions, use of suitable equipment, availability of monitoring resources, and implementation of release/delivery activities?
Work instructions, ITPs, job cards, completion checklists
8.5.2
Is traceability of products maintained throughout operations (lot numbers, heat numbers, tag numbers, serial numbers)?
Traceability records, material tracking system, as-built records
8.5.3
Are customer/external provider property identified, verified, protected, and safeguarded (e.g., customer-supplied materials, intellectual property)?
Customer property register, custody receipts
8.5.4
Are products preserved during production and delivery (handling, packaging, storage, protection, transport)?
Preservation procedures, packaging instructions, transport records
8.5.5
Are post-delivery activities addressed (warranty, service, maintenance, site support, end-of-life)?
After-sales procedures, warranty tracking, service records
8.5.6
Is control of changes to production/service provision documented and results reviewed?
Production change records, re-inspection evidence after changes
8.6 Release of Products and Services
8.6.1
Are planned arrangements implemented to verify conformity before release (inspection, test, third-party verification)?
Final inspection records, release certificates, punch list closure
8.6.2
Is documented evidence of release authorization retained (signature, date, authorization)?
Data books, mechanical completion certificates, handover documentation
8.6.3
Are concessions/deviations managed when products do not fully meet requirements?
Deviation/concession request records, client approvals
8.7 Control of Nonconforming Outputs
8.7.1
Are nonconforming products/services identified, documented, and controlled to prevent unintended use or delivery?
NCR register, hold tags, quarantine area procedures
8.7.2
Are dispositions applied: rework, use-as-is (with concession), scrap, or return; with appropriate approvals?
NCR records showing disposition and approval
8.7.3
Are reworked/repaired products re-inspected to demonstrate conformity?
Re-inspection records, updated test reports
8.7.4
Is documented evidence of nonconformity, dispositions, concessions, and responsible authority retained?
Closed NCR records, concession register
Clause 9: Performance Evaluation
9.1 Monitoring, Measurement, Analysis and Evaluation
9.1.1
Has the organization determined what to monitor and measure, methods, timing, and when results shall be analyzed and evaluated?
Quality plan, KPI framework, measurement procedure
9.1.2
Is customer satisfaction monitored and the results used to evaluate QMS performance?
Customer satisfaction surveys, feedback forms, complaints register
9.1.3
Is data analyzed to evaluate product/service conformity trends, process performance, supplier performance, and improvement opportunities?
Quality reports, trend analysis, management review inputs
9.2 Internal Audit
9.2.1
Is an internal audit program established covering all QMS areas at planned intervals?
Annual audit schedule, audit program plan
9.2.2
Are auditors objective and impartial (not auditing their own work)?
Auditor independence policy, audit assignments
9.2.3
Are audit results reported to relevant management and documented?
Internal audit reports, distribution records
9.2.4
Are corrective actions taken for identified nonconformities and their effectiveness verified?
CAR records linked to audit findings, verification evidence
9.2.5
Are internal auditor competencies defined and auditors qualified accordingly?
Auditor qualification records, audit training certificates
9.3 Management Review
9.3.1
Does top management review the QMS at planned intervals to ensure suitability, adequacy, and effectiveness?
Management review agenda and minutes
9.3.2
Do management review inputs cover: audit results, customer feedback, process performance, nonconformities, risk status, improvement opportunities, and changes in context?
Management review inputs documented in minutes
9.3.3
Do management review outputs include decisions on QMS improvements, resource needs, and quality objective changes?
Action log from management review, follow-up records
Clause 10: Improvement
10.1 General
10.1.1
Has the organization determined and selected opportunities for improvement to meet customer requirements and enhance satisfaction?
Improvement register, innovation log, PDCA records
10.2 Nonconformity and Corrective Action
10.2.1
When a nonconformity occurs, is it reacted to, contained, and addressed; with root cause determined?
CAR/NCR procedure, records of immediate actions and root cause analysis
10.2.2
Are corrective actions implemented, including changes to QMS if needed, with effectiveness reviewed?
Closed CARs, effectiveness verification records
10.2.3
Are corrective actions proportionate to the effects of the nonconformities found?
CAR risk rating, action severity matrix
10.2.4
Is documented evidence of nonconformities and corrective actions retained?
CAR register, closed records with evidence
10.3 Continual Improvement
10.3.1
Does the organization continually improve the suitability, adequacy, and effectiveness of the QMS?
Improvement trend reports, management review outputs
10.3.2
Are results of analysis, management reviews, audits, and performance data used to identify and implement improvements?
Improvement actions linked to data analysis, management review action register
Clause A: ISO 29001 Sector-Specific Requirements (Annex A & Supplemental)
Product Realization – Oil & Gas Specific Controls
A.1
Is product quality planning performed for oil & gas products (APQPs, quality plans, control plans for critical products)?
Product quality plans, control plans, FMEA for critical items
A.2
Are critical characteristics (CCs) and significant characteristics (SCs) identified and controlled with enhanced inspection?
Critical characteristics register, enhanced inspection records
A.3
Are API, ASME, NACE, ISO, NORSOK standards incorporated into inspection and test plans?
Referenced standards in ITPs and work instructions
A.4
Are pressure-containing components subject to appropriate pressure testing and documentation?
Hydrostatic/pneumatic test records, test certificates
A.5
Are material traceability and certification requirements (mill test reports, heat/lot traceability) maintained throughout the supply chain?
Material traceability records, MTRs, material certs
Measurement, Analysis & Improvement – Sector Specific
A.6
Is statistical process control (SPC) or equivalent techniques applied to key manufacturing processes where applicable?
SPC charts, process capability studies (Cpk)
A.7
Are returned products and field failures analyzed with findings fed back into the improvement system?
Field failure reports, warranty claims analysis, lessons learned
A.8
Is a documented process in place for managing product recalls or safety alerts relevant to oil & gas products?
Product recall procedure, alert notification records
Customer Satisfaction & Communication
A.9
Are customer-specific quality requirements (CSRs) documented, reviewed, and communicated to relevant functions?
CSR matrix, contract quality requirements flowdown
A.10
Are product/service nonconformance reports to customers issued in a timely manner per contractual requirements?
Customer NCR register, response time records
HSE Interface with Quality
A.11
Are interfaces between the QMS and the HSE management system (ISO 45001/ISO 14001) defined and managed to prevent quality compromising safety?
Integrated management system documents, cross-reference matrix
A.12
Are lessons learned from incidents, near-misses, and industry safety alerts incorporated into the QMS?
Lessons learned register, safety alert review records, improvement actions
Audit Summary & Sign-Off
Category
Total Items
Conforming (C)
Nonconformities (NC)
OFIs
Not Applicable (N/A)
Clause 4 – Context
Clause 5 – Leadership
Clause 6 – Planning
Clause 7 – Support
Clause 8 – Operation
Clause 9 – Performance Evaluation
Clause 10 – Improvement
Annex A – Sector Specific
TOTAL
OVERALL AUDIT CONCLUSION
Overall Conclusion: ☐ Recommended for Certification/Recertification ☐ Conditionally Recommended ☐ Not Recommended
Summary of Key Findings:
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
AUDITOR DECLARATION & SIGNATURES
Role
Name (Print)
Signature
Date
Lead Auditor
Audit Team Member
Audit Team Member
Auditee Representative (Management)
Distribution: Lead Auditor | QMS Manager | Top Management | Certification Body (if applicable)