What auditors actually ask about calibration
Not the clause text: the actual questions, taken from auditors and audited quality people on the public forums, and the documents that answer each one.
There is an audit on your calendar, and calibration is on the agenda. If you are new to the role, the standard itself will not tell you what the day actually looks like: auditors do not read clause text aloud, they ask short practical questions and follow the paper. The questions are remarkably consistent across ISO 9001, IATF 16949 and AS9100 audits, because calibration records are objective: a date is past due or it is not.
This guide collects the questions as auditors and audited quality managers have actually written them on the public quality forums over the last twenty years, and pairs each one with the document that answers it. Prepare these answers and the calibration section of your audit becomes the shortest part of the day.
“We have a 3rd party surveillance audit coming up soon. What do we need to show the auditor as evidence so that we do not receive a nonconformance?”
Question one is always the overdue list
The first move is nearly universal: the auditor asks you to produce the list of what is due and what is past due, live, from your own system. It tests two things at once: whether such a list exists at all, and whether you act on it. A clean fleet with no list is a finding waiting to happen; an overdue instrument with a documented response often is not.
An auditor on Elsmar Cove described his own opening move:
“A typical question I ask when auditing is to have the calibration folks run the ageing list and show what is done to address the gauges that are identifed as past due.”
Why overdue instruments are the favorite finding
Calibration status is the easiest thing in a quality system to check objectively. The sticker has a date, the register has a date, and today's date is not negotiable. No interpretation, no judgment call, no debate with the quality manager: the instrument is either in date or it is not. That is why auditors start there, and why quality people who have sat through many audits talk about it the way this one did:
“calibration/ past due instruments are such low-lying fruit.”
The system question: who checks, and how often
If your register is a spreadsheet, expect the auditor to probe the mechanism rather than the file. A list of due dates proves nothing about whether anyone looks at it. The question lands on ownership: which person is responsible, at what frequency, and where is that written down. In a thread where a company defended keeping its calibration plan in a reference spreadsheet, the very first challenge was exactly that:
“Is there a work instruction detailing who is responsible for checking the spreadsheet and how often it is to be checked?”
The question that follows a failed calibration
When a calibration comes back with a failed as-found result, the audit question changes character. It is no longer about dates: it is about product. What did this instrument measure since its last good calibration, how did you assess that product, and can you show the decision? This is where systems without usage records or as-found history run out of answers, and the follow-up can be brutal in its simplicity:
“The auditor ask us how can you quarantine the product if it is already been shipped.”
What a records finding actually costs
Calibration findings are not abstract. A major nonconformity typically means a corrective action with root cause analysis, evidence of implementation, and often a paid follow-up visit before the certificate is safe, plus the internal cost of re-checking whatever the records gap touched. Automotive and aerospace schemes escalate faster than plain ISO 9001. The reports arrive on the forums with some regularity, like this one from a tier-2 automotive quality manager:
“We just finished out IATF Surveillance audit and were hit with a major concerning out calibration records.”
The prep is the tax you pay for scattered records
The final pattern worth knowing is not a question but a cost. Where calibration records live in binders, inboxes and disconnected files, audit preparation becomes a project of its own: people pulled off their work for days to reassemble evidence that should have been one report. A lab worker described the routine in March 2026:
“Auditors come at the laboratory and several people spend most of the 2-3 weeks prior to it to make sure everything is in order.”
How to prepare, in order
Everything below works with whatever system you have today, spreadsheet included. It is the audit rehearsed on your own terms, before someone else runs it for you.
Run your own ageing list first
Produce the due and overdue list from your own records, today. Anything overdue gets handled before the audit: out of use, tagged, booked for calibration, and the response written down. An overdue instrument you found and contained is a managed event; one the auditor finds in use on the floor is a finding.
Rehearse the trace on three random instruments
Pick three instruments you did not choose carefully and follow the chain an auditor follows: the row in the register, the last calibration record, the certificate, and the sticker on the physical item. Every date and identifier must agree. Auditors sample exactly like this, and the instruments they pick will not be your best three.
Check stickers against the register
Walk the floor with the register and compare sticker dates to file dates. Mismatches happen when a calibration was logged but the sticker never updated, or the reverse. Each one is trivially visible to an auditor walking the same floor, and each one undermines the credibility of every other record you show.
Write down who checks the list, and how often
If the answer to the work-instruction question is a shrug, fix it before the audit: one short document naming the owner of the recall list, the checking frequency, and the action taken when something comes due. If the honest answer is that reminders depend on one person remembering, write that down as a risk you are addressing.
Prepare the out-of-tolerance story
Collect every calibration since the last audit that came back with a failed as-found result. For each: the product impact assessment, who decided what, and the closure. If there were none, be ready to show the procedure you would follow, because the question comes anyway when a certificate in your stack shows an adjustment.
Put the certificates where the register says they are
Pick one official home for calibration certificates and make the register point at it. If you keep both paper and electronic copies, decide which one is the record and note it in your procedure; keeping two uncontrolled sets is itself a classic finding. Chase any certificate the register references but cannot produce.
Check your reference standards last
If you calibrate anything in-house, the chain continues upward: the references you calibrate against need current external calibrations of their own, with certificates on file. Auditors who find the internal calibrations tidy will often pull this thread next, precisely because it is the one people forget.
Where Gaugelog fits, honestly
Every question above is answered by a document, and Gaugelog's job is that the documents already exist when the auditor asks. The register carries status and due dates, every calibration stores who, when, as-found and as-left with the certificate attached, changes land in an append-only audit trail, and the audit pack exports the register, due list, calibration history and out-of-tolerance events as one PDF. The sample below is generated by the real product from fictional data; show it to your auditor before you commit to anything.
- Software does not pass audits; current records and honest responses do. Every step above works in a spreadsheet, and under roughly 150 instruments a well-kept one is honestly fine.
- Gaugelog does not calculate measurement uncertainty, so an ISO 17025 laboratory scope needs more than it does.
- The preparation plan above works without any product, this one included.
Questions, straight answers
Can a spreadsheet pass a calibration audit?
Yes. Auditors accept any system that demonstrably works; no standard requires software. Expect the mechanism questions: who checks the sheet, how often, where that is written down, and how you prove the checking happens. Those questions are harder to answer well with a file that only acts when opened, which is why they get asked.
What does the auditor ask for first?
Almost always the ageing list: what is due, what is past due, and what you did about it. Produce it live from your own system if you can. The speed and confidence of that first answer sets the tone for the rest of the calibration section.
Is one overdue instrument automatically a major nonconformity?
No. Severity depends on context: an overdue instrument still in use on product is far more serious than one already tagged out of service with a booked calibration and a documented decision. What turns small findings into large ones is a pattern of overdue items plus no evidence anyone noticed before the auditor did.
Which part of ISO 9001 covers calibration?
Clause 7.1.5 is where the monitoring and measurement resource requirements live, and IATF 16949 and AS9100 build their calibration expectations on the same foundation. Read the requirements from the current edition of the standard itself rather than from summaries, this page included.
What should be ready to hand the auditor as evidence?
The register with status and due dates, the ageing list, calibration records with as-found and as-left results, certificates that match the register, the work instruction naming who checks what, and the trail for any out-of-tolerance event. If your system can export that as one pack, the calibration section of the audit gets short.
Doing this job with an audit on the calendar?
Gaugelog is in development and launches in 2026. Until then you can generate a clean calibration certificate PDF with our free tool, no account needed, and compare the plans on the pricing page.