Six Situations Where a One-Day QMS Document Review Is the Right Call

A full ISO mock audit is the right call when you have a cert date booked and you need the registrar-style walk before the registrar arrives. It is also a four-to-eight-week engagement that costs $20,000 or more by the time on-site work, travel, and follow-up are billed out. There are a lot of situations where you don’t need that — and where a junior consultant’s checklist isn’t enough either.

That’s the gap a one-business-day QMS Document Review fills. You send your QMS documentation. You pick the standard you want to be measured against. A senior ISO lead auditor reads the docs clause-by-clause and writes you a gap report with action items. The whole thing is off-site, fixed-fee ($750 top-level, $2,000 with all Work Instructions included), and turned around inside one business day.

Below are six situations where this is the right tool — what each one feels like, why it matters, and which tier fits.

1. The pre-cert sanity check

The situation. You’re thinking about ISO 9001 (or 13485, or 14001) certification. The exec team is asking how long it’ll take and what it’ll cost. You don’t know if you’re three months from being ready or twelve.

Why it matters. Certification programs that get calibrated against wrong assumptions burn quarters. If you tell your CEO “six months” and it’s actually fifteen, you’ve cost the company the difference. If you tell your CEO “fifteen months” and it’s actually six, you’ve cost the company a quicker contract win.

What the review does. A clause-by-clause read against the standard gives you a specific count: you are X Major gaps and Y Minor gaps away from cert-ready. The exec team gets a number they can plan around. You get a prioritized action list to start working.

The right tier. Top-Level Review ($750) is usually enough for this. You’re asking a directional question about cert-readiness, not auditing every WI. If the answer comes back “you’re closer than you think — let’s check the WIs,” the Full Doc tier is the natural next step.

2. Pre-surveillance prep

The situation. Surveillance audit is on the calendar — sometime in the next six to ten weeks. The QMS hasn’t been touched much since the last surveillance. You suspect it’s drifted. You don’t want the registrar to be the first one to tell you.

Why it matters. A surveillance audit that lands a Major is a problem that’s now public to the registrar, in writing, on the audit report. Closing a Major after the surveillance costs you more than fixing it before — both in actual remediation work and in the audit trail. The cheapest Major is the one the registrar never sees because you found it first.

What the review does. A fresh-eyes pass over the QMS with the standard in hand. The review catches the drift you can no longer see because you’ve been living with it. The gap report names specific documents and specific clauses, so the remediation work is bounded.

The right tier. Full Document Review ($2,000). Surveillance audits typically sample down to WIs and records — so the review needs to match that depth.

3. The new quality manager just took over

The situation. You just inherited the QMS. The prior quality manager left — quickly, or quietly, or both. The team is telling you everything’s fine. You don’t have any reason to doubt them yet, except that they would say that whether or not it were true.

Why it matters. You’re going to own this QMS for the next few years. Whatever’s broken in it becomes yours the day the prior QM’s email goes inactive. If the system has hidden gaps and you don’t know about them, your first surveillance is going to be the announcement.

What the review does. An independent baseline read on what you actually inherited. No internal political pressure to make the prior QM look good or bad. Just a clause-by-clause read that tells you what’s there, what isn’t, and where the team’s “everything’s fine” doesn’t match the documents.

The right tier. Full Document Review ($2,000). You’re not asking “are we cert-ready” — you’re asking “what do I own.” The WI level is where most inherited problems live, so the WI level is where the review needs to look.

4. M&A due diligence — 72-hour QMS posture read

The situation. Your company is looking at acquiring a smaller manufacturer. The diligence team is working through financials, contracts, and customer relationships. You’ve been handed the quality side. You have a few days. The data room has the QMS docs in it. The target’s quality team is technically available for questions, but you’d rather not tip your hand by asking too many.

Why it matters. Quality gaps you discover post-close are quality gaps you now own. A target whose Quality Manual references procedures that don’t exist, or whose Internal Audit program hasn’t run in two years, has a real cost to integrate that probably wasn’t priced into the deal. Better to know during diligence than during integration.

What the review does. The review is off-site — no on-site visit, no signal to the target that you’re looking hard at quality. You upload the data-room docs to a secure share, name the standard the target is supposed to be compliant against, and a senior independent engineer reads the docs and writes a gap report you can take into the diligence committee meeting.

The right tier. Top-Level Review ($750) is usually enough for a 72-hour diligence sprint. You’re looking for posture-level issues, not WI-level issues. If the diligence committee wants a deeper look, the Full Doc tier follows.

5. Customer vendor audit incoming

The situation. A large customer (or large prospect) is going to audit your QMS as part of vendor qualification. They’ve told you the audit will happen in the next four to six weeks. You want to know what they’re going to find before they tell you.

Why it matters. Customer audits don’t issue Major findings the way registrars do — but they do produce vendor scorecards, and the scorecard determines whether you keep the contract or lose it. A customer audit that turns up gaps the customer didn’t expect costs you trust you took years to build.

What the review does. Customer audits typically work top-down — Quality Manual, then Procedures, then a sample of WIs and records. The review is calibrated the same way. You get a gap report that mirrors what the customer’s audit team will see, so you fix what they’d find before they find it.

The right tier. Depends on what the customer’s audit plan covers. If they’re doing a one-day vendor audit, Top-Level Review ($750) is usually enough. If they’re doing a multi-day comprehensive audit, Full Doc Review ($2,000) gives you the WI-level coverage to match.

6. QMS standard migration

The situation. Your company is moving from one standard to another. Common shape: a 9001-certified contract manufacturer that just won a medical-device customer and now needs to be 13485-compliant. Or a 9001 shop that added a regulated waste stream and now needs ISO 14001. The current QMS works for the old standard. The new standard has different requirements, and you need to know what to change.

Why it matters. Standards migration is expensive when it’s done by guessing what changes and finding out the hard way. The delta between standards is usually smaller than it looks at first — but the parts that ARE different are critical, and missing one of them is a Major waiting to happen.

What the review does. The same QMS docs read against the new standard. The gap report tells you which existing documents are reusable as-is, which need amendment, and which gaps require new documents. You get a migration roadmap, not a guess.

The right tier. Full Document Review ($2,000). Standards migration touches WIs because the operational level is usually where the new standard’s specific requirements bite — sterile barrier control for 13485, environmental aspect logging for 14001, hazard identification for 45001.

What the review actually delivers

In every situation above, the deliverable shape is the same. A clause-by-clause gap report against the standard you chose. Findings tagged Major / Minor / OFI per ISO 17021 audit conventions. Specific evidence references — document name, section, revision — for every finding. Action items prioritized by certification impact. A 30-minute review call to walk findings and answer questions.

What’s different between situations is which tier fits and where you take the report next. Sometimes the report is the whole engagement. Sometimes the report is the brief for the next engagement — a Process Audit if one specific process is the weak spot, an ISO Audit Prep engagement if the cert date is now on the calendar.

If any of the six situations above sound familiar, book a 20-minute scoping call. We’ll walk through your standard, your doc set, and which tier fits. If it’s a good match, you’ll get a one-page engagement brief and a deposit invoice. If it’s not, we’ll tell you why and recommend the right path — same call, no charge.

— Mark Mayeux QESaaS — Quality Engineering Solutions as a Service