Introduction
Most organizations pursuing ISO 9001 certification have job descriptions. Far fewer have what auditors actually want to see: a document that maps every quality-critical position to its specific competence requirements — with records to prove it.
That gap creates real problems. During Stage 2 registration audits, it's common to find organizations that can describe what each employee does but cannot demonstrate that those employees are qualified to do it — and Clause 7.2 requires documented evidence of both.
This guide is written for quality managers, HR coordinators, operations leaders, and anyone building or maintaining an ISO 9001 QMS. It covers what a training matrix is, what Clause 7.2 demands, how to build one that holds up under audit scrutiny, and where most organizations go wrong.
TL;DR
- An ISO 9001 training matrix maps each QMS-relevant position to its required education, training, experience, and certifications under Clause 7.2
- It is not a job description — job descriptions define duties; the matrix defines pre-conditions for competence
- Clause 7.2 requires you to determine competence needs, close gaps, evaluate effectiveness, and retain documented evidence
- A maintained matrix simplifies certification audits, onboarding, and workforce planning
- Common failure points: using job descriptions as a substitute, missing linked employee records, and not updating the matrix when roles change
What Is an ISO 9001 Training Matrix?
An ISO 9001 training matrix — also called a Position Requirements Matrix or competence matrix — is a document that lists every QMS-relevant position alongside the minimum competence criteria required for that role.
It typically takes the form of a table or spreadsheet with columns for position title, required education, required experience, required training or certifications, and renewal or review dates.
Training Matrix vs. Job Description
These two documents serve completely different purposes, and conflating them is one of the most frequent Clause 7.2 mistakes.
| Document | Core Question It Answers |
|---|---|
| Job Description | What does this person do once they're in the role? |
| Training Matrix | What must they already know, or be trained in, before they can do it competently? |
An auditor reviewing a job description for a Quality Inspector might find detailed duties — inspecting finished goods, logging nonconformances, calibrating gauges. What they won't find is the minimum education required, the specific equipment certifications needed, or whether on-the-job training was completed before the employee worked independently. The training matrix fills that gap.
Scope: Not Every Role Qualifies
The matrix doesn't need to cover every person in the building. Clause 7.2 applies to persons doing work that affects the performance and effectiveness of the QMS. Roles that typically fall within scope include:
- Production operators and assembly personnel
- Quality inspectors and QA/QC staff
- Purchasing and supplier management roles
- Internal auditors
- Top management with QMS responsibilities
Roles like the receptionist or accounts payable team generally fall outside scope. Keeping the boundary tight means your matrix stays auditable — and your team isn't buried maintaining records for positions that have no bearing on quality outcomes.
What ISO 9001 Clause 7.2 Requires from Every Organization
ISO 9001:2015 Clause 7.2 imposes four distinct obligations on every certified organization:
- Determine the necessary competence for persons whose work affects QMS performance and effectiveness
- Ensure those persons are competent based on appropriate education, training, or experience
- Take action where gaps exist to acquire the necessary competence, then evaluate whether those actions worked
- Retain documented information as evidence of competence
Each obligation carries audit weight — and auditors evaluate all four, not just the easiest ones to document.
What "Competence" Actually Means
That first obligation — determining competence — starts with understanding what competence actually means. ISO 9000:2015 defines it as the "ability to apply knowledge and skills to achieve intended results." That definition rules out treating training attendance alone as proof of competence. An employee who sat through a two-hour orientation video has attended training — they haven't necessarily demonstrated competence. The distinction matters when an auditor asks for evidence.
The basis for competence under Clause 7.2(b) is education, training, or experience — all three count. A machinist with 15 years running CNC equipment may satisfy competence requirements for that role through experience alone, even without formal credentials.
The Evidence Requirement Is Non-Negotiable
Clause 7.2(d) requires retained documented information as evidence of competence. NQA identifies records of training, skills, experience, and qualifications as examples of acceptable Clause 7.2 evidence.
The training matrix defines requirements — it is not itself the evidence. Auditors will ask to see the underlying records: certificates, diplomas, licenses, OJT sign-off sheets — whatever proves each current employee actually meets the stated criteria.
Related Clauses to Know
- Clause 5.3 requires that QMS roles, responsibilities, and authorities be assigned and understood — competence requirements should be tied to those defined roles
- Clause 7.1.6 addresses organizational knowledge, which is an input to competence planning and requires the organization to consider changing needs
- Clause 7.5 applies to the training matrix itself as documented information, meaning it must be controlled, identified, reviewed, and protected
How to Build an ISO 9001 Training Matrix
Recommended Structure
Start simple. A single spreadsheet with these columns handles most organizations:
| Column | What Goes Here |
|---|---|
| Position Title | The role, not the person's name |
| Required Education | Minimum degree, diploma, or credential |
| Required Experience | Minimum years or type of prior work history |
| Required Training / Certifications | Specific courses, OJT programs, or licenses |
| Renewal / Review Date | For time-limited certifications or periodic retraining |
| Notes | Legal requirements, industry-specific context |
One centrally maintained file is far easier to keep current than updating competence criteria buried across dozens of individual job descriptions. Synergistic Systems' cloud-based QMS intranet hosts this matrix alongside the training records that support it, with document control and version history built in — so there's one source of truth when an auditor asks.
Step 1: Identify the Positions to Include
List every position whose work affects QMS performance and effectiveness. Typical examples:
- Production Operator
- Quality Inspector / QC Technician
- Purchasing Manager
- Warehouse / Receiving Personnel (where incoming inspection occurs)
- Internal Auditor
- Quality Manager / QMS Coordinator
- Top Management
Exclude roles with no meaningful connection to product/service quality, process outputs, or compliance activities. Once you have a complete position list, the next step is defining what each role actually requires.
Step 2: Define Competence Requirements for Each Role
For each position, document minimum criteria across three dimensions:
- Education: Minimum degree, diploma, or field of study required
- Experience: Minimum years or specific type of prior work history
- Training: Named courses, OJT programs, equipment certifications, or licenses required before or shortly after assuming the role
Base requirements on legal mandates, industry standards, and internal business needs. "None" is a valid entry when no special requirement exists — and for some roles, that's the accurate answer.
With requirements defined, Step 3 connects those criteria to the people currently in each role.
Step 3: Link the Matrix to Employee Records
The matrix defines what's required. A companion record shows whether each current employee meets it. Options include:
- Individual personnel competence files
- A second tab in the same spreadsheet showing current employee vs. required status
- Training records stored in the QMS intranet linked to each position
During an audit, expect the auditor to select a position from the matrix, then ask to see evidence that the people currently in that role satisfy the stated criteria. The linkage between requirements and records is where audits are won or lost.
Training Requirements by Position: What to Document
While every organization customizes its matrix, certain QMS-critical roles appear in nearly every ISO 9001 implementation.
Top Management
Top management's competence requirements under ISO 9001 center on awareness rather than technical credentials. The matrix should document:
- Familiarity with the QMS scope and quality policy
- Understanding of leadership obligations under ISO 9001 Clause 5
- Completion of ISO 9001 awareness orientation
This is typically satisfied through documented orientation training at the start of implementation, not formal degrees.
Quality Manager or QMS Coordinator
This is the role auditors scrutinize most closely. Documented requirements typically include:
- Formal quality management education or equivalent demonstrated experience
- Completion of ISO 9001 internal auditor training
- Working knowledge of the current version of ISO 9001 (2015)
For organizations seeking external benchmarks, the ASQ Certified Manager of Quality/Organizational Excellence (CMQ/OE) requires 10 years of experience in the CMQ/OE Body of Knowledge with 5 years in a decision-making role — useful as a reference point, not an ISO mandate.
Production and Operations Roles
The matrix for hands-on production roles should capture:
- Technical training specific to equipment operated or process performed
- Any legally required licenses or safety certifications
- Documented OJT sign-off before independent operation
The OJT sign-off is frequently missing from organizations' records and is a straightforward finding for auditors.
Internal Auditors
Internal auditors require documented training in audit methods and QMS auditing — general quality awareness alone does not satisfy the Clause 7.2 competence requirement. The matrix should capture:
- Completion of a formal internal auditor course (such as ASQ's ISO 9001:2015 Internal Auditor program or NQA's equivalent)
- Documented evidence of audit-specific knowledge and skills
ISO 9001 does not mandate a specific named course, but the competence requirement is real. Assigning audit duties without documented training creates a straightforward Clause 7.2 nonconformance.
Common Mistakes That Cause Audit Nonconformities
Using Job Descriptions as the Sole Competence Document
Job descriptions describe duties. They rarely establish minimum education, experience, or training criteria in a form auditors can evaluate against. They're also updated infrequently — it's common to find job descriptions from three or more years ago that don't reflect current role requirements.
A Position Requirements Matrix addresses this directly by consolidating competence criteria into a single, auditable document with a clear review cycle.
Defining Requirements Without Maintaining the Evidence
Many organizations build a solid matrix, then fail to retain the records that prove current employees meet it. Clause 7.2(d) is unambiguous: documented information must be retained as evidence. A matrix listing that a Quality Inspector requires gauge calibration certification means nothing if no certificate is on file.
Acceptable evidence includes:
- Copies of academic degrees or diplomas
- Training completion certificates
- Professional licenses
- OJT sign-off sheets with supervisor signature and date
- Records of gap-closing actions and their effectiveness evaluation
Outdated Matrices: The Surveillance Audit Trap
A training matrix that doesn't evolve with the organization becomes a liability at recertification. Triggers that should prompt a matrix review:
- New equipment or processes introduced
- Roles restructured or created
- Regulations or industry standards updated
- Personnel changes in QMS-critical positions
The standard's organizational knowledge requirements under Clause 7.1.6 require organizations to address changing needs. A matrix that was accurate at initial certification but hasn't been reviewed since is exactly the kind of gap a surveillance auditor will find.
Build the review triggers above into your document control cycle — a defined annual review date, at minimum, keeps the matrix defensible between audits.
Frequently Asked Questions
What is the skills matrix for ISO 9001?
The skills matrix (also called a training matrix or Position Requirements Matrix) for ISO 9001 maps each QMS-relevant position to its required education, training, experience, and certifications. It gives auditors a single, structured view of how your organization defines and tracks competence under Clause 7.2.
What does ISO 9001 Clause 7.2 require for training?
Clause 7.2 has four obligations:
- Determine the competence needed for QMS-relevant roles
- Ensure personnel are competent through education, training, or experience
- Take action to close competence gaps and evaluate whether those actions worked
- Retain documented evidence of competence
What is the difference between a training matrix and a job description in ISO 9001?
Job descriptions define what an employee does once in the role. A training matrix defines what qualifications, training, and experience are required before that person can be considered competent in the role — a distinction auditors specifically probe during Clause 7.2 review.
How often should an ISO 9001 training matrix be updated?
Review it whenever roles change, new processes or equipment are introduced, regulations are updated, or during the management review cycle. At minimum, an annual review should be built into the QMS calendar.
Do you need a training matrix to pass an ISO 9001 audit?
ISO 9001 does not mandate a specific format, but auditors require documented evidence of competence requirements under Clause 7.2. A training matrix is the most practical and audit-efficient way to demonstrate that requirements have been defined and are being met.
What records count as evidence of competence under ISO 9001?
Acceptable evidence includes:
- Copies of certificates, diplomas, and licenses
- Training completion records and OJT sign-off sheets
- Performance review documentation
- Records of gap-closing actions taken and evaluated for effectiveness
