Practical Guide: Using ISO 17020 Documents Effectively During Internal Audits

ISO 17020 internal audit processes rely on correct handling of documents to verify conformity, traceability, and impartiality. This article explains how inspection bodies should use ISO 17020 documents during internal audits, covering document control, audit checklists, a named DARC checklist, the PDCA framework, and common mistakes to avoid.

ISO 17020 internal audit: purpose and document types

An ISO 17020 internal audit verifies that an inspection body meets the standard's requirements for impartiality, competence, and consistency. Documents are central to this verification because they record policies, procedures, calibration records, inspection reports, corrective actions, personnel competencies, and management reviews. Treat documents as primary evidence during the audit — they demonstrate what was intended and what was actually done.

Core documents to review for an inspection body

• Scope of inspection activities and organizational chart
• Impartiality and conflict-of-interest declarations
• Inspection procedures and work instructions
• Technical records: inspection reports, checklists, sampling plans
• Calibration and equipment maintenance logs
• Personnel training and competency records
• Internal audit reports and corrective action records
• Management review outputs and improvement plans

Named framework: DARC checklist for ISO 17020 document review

Use the DARC checklist (Document, Applicability, Revision, Control) as a focused tool for document assessment during internal audits.

• Document: Is the document present and identifiable (title, owner, version)?
• Applicability: Is the document applicable to the inspected activity and referenced in procedures?
• Revision: Is the revision current, and are changes documented with rationale?
• Control: Is the document controlled: distribution, access, archival, and obsolescence handled?

Step-by-step: Using ISO 17020 documents during internal audits

1. Plan the document sample

Select documents representative of activities, not only example-ready records. Include recent inspection reports, corrective action files, personnel competency records, and calibration logs. Prioritize documents that support high-risk or frequently performed inspections.

2. Use the DARC checklist on each sampled document

Apply DARC to verify identity, applicability, revision status, and control. Record evidence linked to specific clause requirements (for example, impartiality and competence clauses). For each nonconformity, capture the objective evidence — not an opinion.

3. Verify implementation, not just paperwork

Correlate document evidence to on-the-job performance: match inspection reports with instrumentation logs and competency records. Look for consistent traceability: signatures, timestamps, calibration references, and cross-referenced procedures.

4. Close the loop with PDCA

Apply the Plan-Do-Check-Act (PDCA) cycle: plan audits to include document checks, perform audits, check results against ISO 17020 requirements, and act by raising corrective actions and tracking effectiveness. PDCA is effective for continual improvement and aligns with many accreditation bodies' expectations.

Practical example: sample scenario

Scenario: During an internal audit at a mid-size inspection body, an auditor selects five recent inspection reports for a common test. Using the DARC checklist, the auditor finds two reports with missing calibration references and one report where the inspector used an outdated version of the inspection procedure. Cross-checking personnel records reveals no evidence of the required re-training after the procedure update. Result: one major nonconformity (use of outdated procedure) and two minor nonconformities (missing calibration references), leading to corrective actions, training records update, and procedure distribution controls tightened.

Practical tips for auditors and inspection bodies

• Keep an audit trail: link each finding to specific clauses in ISO 17020 and to the exact pages of the documents reviewed.
• Sample dynamically: rotate document samples over successive audits to avoid predictable patterns and blind spots.
• Use cross-referencing: verify inspection outcomes against calibration and maintenance records to confirm traceability.
• Prioritize clarity over completeness: a concise, correctly completed document is better evidence than a lengthy, unclear one.

Trade-offs and common mistakes

Common mistakes

• Checking documents in isolation — failing to tie records to actual work performed.
• Over-reliance on document presence rather than accuracy (e.g., signed but not validated records).
• Sampling only recent or perfect records — this produces false assurance.
• Confusing administrative control with technical competence (documents that look controlled but reflect poor technical practice).

Trade-offs to accept

Comprehensive document audits require time and resources. A pragmatic approach balances breadth and depth: sample critical processes thoroughly while using spot checks for lower-risk activities. Investing in targeted training for auditors yields better outcomes than expanding audit frequency without improving audit quality.

Inspection body audit checklist (sample)

This short checklist helps prioritize during the document review phase. It is suitable for internal auditors and accreditation preparatory activities.

1. Confirm document identity and revision number (DARC: Document & Revision).
2. Verify procedural applicability to the specific inspection activity (Applicability).
3. Match inspection records to equipment calibration logs and personnel competency files (Control).
4. Check corrective action records for closure and effectiveness evidence.
5. Ensure management review considered audit findings and made decisions for improvement.

Core cluster questions for related content

• How to prepare an inspection body for ISO 17020 accreditation audits?
• What documents must an inspection body maintain under ISO 17020?
• How to create an effective internal audit schedule for inspection activities?
• How to handle nonconformities found during an ISO 17020 internal audit?
• What are best practices for document control in inspection bodies?

For the official standard details and clause references, refer to the ISO standard summary available from the International Organization for Standardization: ISO 17020:2012 overview.

Closing recommendations

Make documents usable evidence: structured, traceable, and linked to activities. Use DARC for focused reviews and PDCA to turn findings into effective improvement. Treat document review as a verification of what actually happens, not just what is written.

How to plan an ISO 17020 internal audit?

Plan audits by defining scope, objectives, and document samples; map sampled documents to specific ISO 17020 clauses; schedule on-site verification to observe procedures in practice and use the DARC checklist to ensure document control and applicability.

What is the best way to check ISO 17020 document control?

Verify version control, controlled distribution, access restrictions, archival practices, and evidentiary links between documents and inspection records. Apply DARC and cross-check with calibration and personnel records.

How often should internal audits sample inspection reports and records?

Frequency depends on activity risk and past performance. High-risk or high-volume processes need more frequent sampling; lower-risk activities may be sampled less often but should be rotated systematically.

Can an internal audit replace an external assessment for ISO 17020?

No. Internal audits are essential for continual improvement and preparedness, but external assessments by accreditation bodies are required for formal accreditation and impartial evaluation against the standard.

How to address recurring nonconformities found during an ISO 17020 internal audit?

Investigate root cause, verify corrective action effectiveness using objective evidence, update procedures or training as needed, and monitor the issue through subsequent audits and management review.