What does ISO 9001 Clause 7.2 require?

ISO 9001:2015 Clause 7.2 requires organizations to: determine the competence needed for persons doing work that affects QMS performance, ensure persons are competent based on education, training, or experience, take actions to acquire necessary competence where gaps exist, evaluate the effectiveness of actions taken, and retain documented information as evidence of competence. The emphasis is on demonstrated competence, not just completed training.

What is the difference between training and competence in ISO 9001?

Training is an input; competence is the outcome. ISO 9001 Clause 7.2 focuses on competence — the demonstrated ability to apply knowledge and skills to achieve intended results. Completing a training course does not automatically prove competence. Organizations must evaluate whether training actually produced the desired competence, typically through quizzes, observation, or performance metrics.

Does ISO 9001 require a training procedure?

ISO 9001:2015 does not explicitly require a documented training procedure. However, Clause 7.2 requires that training effectiveness be evaluated and Clause 7.5 requires retention of competence evidence records. Most organizations maintain an HR or training procedure to ensure consistent execution — auditors look for evidence that the process is systematic rather than ad hoc.

How do you determine required competence for a role in ISO 9001?

Common methods include job descriptions with competency requirements, role-based training matrices showing required documents and procedures by position, skills assessments, and review of process risk. Higher-risk roles typically require more formal competence verification. Requirements should be defined before someone is placed in a role, not retroactively after an audit finding.

← Back to ArticlesISO 9001

ISO 9001 Clause 7.2 Competence: What Auditors Actually Want to See

By the Training Tiger Team•February 2026•8 min read

Clause 7.2 of ISO 9001:2015 is just four short paragraphs, but it's one of the most commonly cited clauses in audit findings. It covers competence — making sure the people who affect your quality management system actually know what they're doing, and that you can prove it.

In this guide, we'll break down exactly what Clause 7.2 requires, what auditors are really looking for, and how to build a training system that keeps you compliant without drowning in paperwork.

What Clause 7.2 Actually Says

The standard requires organizations to:

a) Determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the quality management system;

b) Ensure that these persons are competent on the basis of appropriate education, training, or experience;

c) Where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;

d) Retain appropriate documented information as evidence of competence.

Four requirements. Simple in theory, surprisingly tricky in practice.

Breaking Down Each Requirement

a) Determine Necessary Competence

This means you need to define, for each role or position, what competencies are required. This typically takes the form of job descriptions, role profiles, or a training matrix that maps roles to required training. The key question: for each person doing quality-affecting work, have you defined what they need to know?

Auditors check this by looking at your organizational chart, job descriptions, and training matrix. If someone is performing a task and there's no documented requirement for competence in that task, that's a gap.

b) Ensure Competence

It's not enough to define what's needed — you have to actually make sure people are competent. This means training, education, mentoring, or leveraging existing experience. The standard is flexible here: formal classroom training is one option, but on-the-job training, certifications, or demonstrated experience all count.

The auditor's question: Can you show me that this person has the competence you said they need?

c) Take Action and Evaluate Effectiveness

When there's a gap between required and actual competence, you need to do something about it — and then check whether it worked. This is where many organizations fall short. They train people but never verify whether the training was effective.

Effective evaluation methods include:

Post-training quizzes or assessments
Observed task performance
Reduced error rates or quality metrics
Supervisor sign-off after a probationary period

This is exactly where AI-generated quizzes add real value — they provide documented evidence that someone understood the material, not just that they sat through it.

d) Retain Evidence

You need documented records. Training records, certificates, test results, competence evaluations — whatever demonstrates compliance. And these records need to be retrievable. When an auditor asks "show me the training records for the person who performed this inspection," you need to produce them.

Common Audit Findings Related to Clause 7.2

Based on real audit reports, here are the findings that come up again and again:

No evidence of competence evaluation: Training records show attendance but not assessment. The person was present — but can they actually do the work?
Incomplete training records: Some employees have records, others don't. New hires are particularly vulnerable — they started three months ago but there's no evidence they were trained on relevant procedures.
No retraining after procedure changes: A work instruction was revised six months ago, but training records still reference the old version. Everyone is technically trained on an obsolete document.
Competence requirements not defined: There's training happening, but no documented connection between roles and required competencies. This is one of the first things quality managers should address when building their QMS.
Training effectiveness not evaluated: Records show people completed training, but there's no assessment of whether they understood it.

Competence vs. Awareness (Clause 7.3)

It's worth understanding the distinction. Competence (7.2) means a person can actually perform a task — they have the skill and knowledge. Awareness (7.3) means they understand the quality policy, relevant objectives, their contribution, and implications of not conforming.

In practice, many organizations conflate the two. Having someone read a quality policy and sign a sheet proves awareness, but not competence. Competence requires evidence that the person can do the work, not just that they know the policy exists.

A well-designed training system addresses both: the training itself covers the content (awareness), and an assessment confirms understanding and capability (competence).

How to Prove Competence to an Auditor

Auditors don't expect perfection — they expect a system. Here's what a strong competence system looks like:

Training records tied to specific documents: Not just "safety training on March 5" but "completed training on WI-003 Rev C, Assembly Procedure, with quiz score 85%."
Timestamps and version tracking: Records should show which version of the document the person was trained on.
Assessment results: Quiz scores, practical evaluations, or supervisor sign-offs that demonstrate understanding.
Currency: Records should be current. Training on Rev A when the document is now on Rev D is a problem.
Retrievability: You should be able to pull up any employee's complete training history in minutes, not hours.

Building a Compliant Training System

Here's a practical approach to getting Clause 7.2 right:

Map roles to documents: For each position, identify which controlled documents they need to be trained on.
Define competence criteria: Decide what "competent" means for each document — is it read-and-acknowledge, quiz-based assessment, or practical demonstration?
Deliver training systematically: Don't rely on informal knowledge transfer. Have a defined process for onboarding and ongoing training.
Assess understanding: Use quizzes, practical tests, or observed performance to verify competence.
Track everything: Record who was trained, on what, when, by whom, and how competence was verified.
Handle document changes: When a procedure is updated, automatically identify who needs retraining and track completion.

How Training Tiger Supports Clause 7.2 Compliance

Training Tiger was built specifically around the requirements of Clause 7.2. When you upload a controlled document and assign it to employees, the platform handles the rest: delivering the training, generating comprehension quizzes with AI, recording completion with timestamps and scores, and flagging retraining needs when documents change.

Every piece of evidence an auditor might ask for — who was trained, on which version, when they completed it, and what score they achieved — is available instantly. For a deeper look at how this fits into your ISO 9001 compliance strategy, we've written more on that page.

Training Tiger handles this automatically.

Competence tracking, AI-generated assessments, and automatic retraining — all tied to your controlled documents.

Start your free 30-day trial