PropoDoc provides self-help document templates and tools. It is not a law firm and does not provide legal advice. Learn more.
Skip to main content

Quality Assurance Plan

How quality will be ensured — standards, checks, and responsibilities.

Use Free Template
Create your custom version — free to start

20 free credits on signup — no card needed

guide
moderate
low Risk

About this Document

What a quality assurance plan is

A quality assurance plan is the document that sets out, in advance, how an organisation will make sure its work meets a defined standard — every time, not by luck. It names the standards the work will be held to, the processes and checkpoints that keep the work on track, the measurements that prove quality is being achieved, the people accountable for each part, and the way problems are caught and fixed before they reach the customer. It is a prevention document: its job is to build quality in, rather than inspect defects out at the end.

Unlike a one-off test plan, a QA plan is broad and durable. It governs a product line, a department, a service, or a whole programme of work, and it stays in force across many individual jobs. A good QA plan turns "we care about quality" into something concrete and repeatable: anyone can read it and know exactly what good looks like, how it is checked, and who answers for it.

A strong plan does three things at once. It makes the standard explicit so expectations are shared rather than assumed. It makes quality measurable so progress is visible and arguments are settled with data. And it makes quality owned so that when something slips, it is clear who acts and how.

QA versus QC — a distinction that matters

People use "QA" and "QC" interchangeably, but they are different jobs and confusing them weakens both.

Quality assurance (QA) is process-focused and proactive. It asks, "Are we working in a way that will reliably produce good results?" QA designs the workflow, writes the standards, trains the people, and audits whether the process is being followed. It happens throughout the work and aims to prevent defects from occurring in the first place.

Quality control (QC) is product-focused and reactive. It asks, "Did this specific item meet the standard?" QC inspects, tests, and measures the actual output — the part on the line, the document delivered, the meal plated — and rejects or reworks anything that fails. It happens to the finished or in-progress product and aims to detect defects that have already occurred.

A simple way to remember it: QA is building the recipe and the kitchen routine so the dish comes out right; QC is tasting the dish before it leaves the pass. Both are needed. QA without QC means you trust the process but never verify the output; QC without QA means you catch defects endlessly but never fix the cause. A complete QA plan describes both — the assurance activities that shape the process and the control activities that check the result — and is clear about which is which.

Quality standards and metrics

Quality only means something when it is measured against an agreed standard. Standards come from several places, and a plan should name the ones that apply:

  • External standards — formal frameworks such as ISO 9001 for quality management systems, industry-specific norms, or regulatory requirements the work must legally satisfy.
  • Customer requirements — the specifications, tolerances, and service levels promised to the people receiving the work.
  • Internal standards — the organisation's own benchmarks, style guides, checklists, and acceptance criteria that define "good enough to ship".

Standards are made operational through acceptance criteria — the specific, checkable conditions a piece of work must meet to be accepted — and tracked through metrics. Useful quality metrics include:

  • Defect rate — defects found per unit, per batch, or per release.
  • First-pass yield — the percentage of output that meets the standard the first time, without rework.
  • Rework / scrap rate — the share of work that has to be redone or discarded.
  • Customer-reported issues — complaints, returns, or support tickets traced to quality failures.
  • On-time, in-full delivery — whether the work arrived complete and on schedule.
  • Audit findings — the number and severity of process non-conformances found during reviews.

The discipline is to choose a small set of metrics that genuinely reflect quality, set a target for each, and review them on a fixed cadence. A metric with no target is just trivia; a target no one reviews is just a wish.

Processes and checkpoints

The heart of a QA plan is the set of processes that produce the work and the checkpoints built into them where quality is verified before the work moves on. A checkpoint — sometimes called a quality gate, hold point, or stage gate — is a defined moment where work pauses, is checked against its acceptance criteria, and is only allowed to proceed if it passes.

Good checkpoints share a few traits. They sit at natural handoff points — between stages, before a costly step, or just before delivery — so a defect is caught before more effort is spent on top of it. Each one has a clear pass/fail rule rather than a subjective judgement. And each one names an owner who performs the check and has the authority to stop the work if it fails.

A typical chain of checkpoints runs from inputs to output: verify the inputs (materials, requirements, or data are correct before work starts), check in-process quality at key milestones, run a final inspection or test before release, and confirm quality after delivery through feedback and monitoring. The plan should list each checkpoint, what it checks, its acceptance criteria, who owns it, and what happens when it fails. That last point — the path for failed work — is what separates a real plan from a hopeful one.

Roles and responsibilities

Quality is everyone's job, but if it is only everyone's job, it is no one's job. A QA plan makes ownership explicit. Common roles include:

  • Quality manager / QA lead — owns the QA plan itself, sets standards, runs audits, and reports on quality to leadership. Accountable for the system, not for inspecting every item.
  • Process owners — the managers responsible for each stage of work, who ensure their team follows the defined process and meets its acceptance criteria.
  • Inspectors / QC staff / reviewers — the people who carry out the checks at each checkpoint and record the results.
  • Operators / contributors — everyone doing the work, responsible for first-line quality and for flagging problems early rather than passing them downstream.
  • Sponsor / leadership — provides the mandate, resources, and authority for quality to be enforced, and receives the quality reports.

A useful tool here is a responsibility matrix (often RACI: Responsible, Accountable, Consulted, Informed) that maps each quality activity to a person, so there is never a gap or an overlap about who acts.

Continuous improvement (the PDCA cycle)

A QA plan should never be static. The most widely used engine for keeping it alive is the PDCA cycle — Plan, Do, Check, Act, sometimes called the Deming cycle:

  • Plan — decide what good looks like, set targets, and design the process and checkpoints to reach them.
  • Do — carry out the work according to the plan, on a small scale first where possible.
  • Check — measure the results against the targets and study what the metrics and audits reveal.
  • Act — where results fall short, find the root cause, change the process, and standardise the improvement; where they meet the target, lock the gain in. Then the cycle begins again.

PDCA matters because the goal of QA is not to police a fixed standard forever but to raise the standard over time and to drive out the recurring causes of defects. Each loop should be fed by real data — the metrics, audit findings, and non-conformance reports the plan already produces — and should aim at the root cause, not the symptom. A QA plan that schedules regular reviews and feeds the lessons back into the process is a living system; one that is written once and filed is just paperwork.

Common mistakes to avoid

  • Confusing QA with QC. Treating inspection at the end as your whole quality strategy means you keep catching the same defects without ever fixing why they happen. Plan for prevention, not just detection.
  • Standards no one can check. "High quality" is not a standard. Every requirement needs a specific, measurable acceptance criterion, or it cannot be enforced fairly.
  • Metrics without targets or review. Collecting numbers nobody acts on wastes effort and breeds cynicism. Set a target for each metric and a fixed cadence to review it.
  • Checkpoints with no teeth. A gate that work always passes through regardless of result is theatre. Each checkpoint needs a real pass/fail rule and an owner empowered to stop the work.
  • Unassigned ownership. When quality is "everyone's responsibility" with no named owners, accountability evaporates. Map each activity to a person.
  • A plan that never changes. Quality erodes when the plan is written once and ignored. Build in the improvement loop so the plan learns from its own data.
  • Treating QA as the quality team's job alone. Quality is produced by the people doing the work; the QA function enables and verifies it. A plan that walls quality off in one department will not hold.

Required Sections

Purpose & Scope

what this plan covers and why

Required

Quality Objectives

measurable quality targets and success criteria

Required

Roles & Responsibilities

who owns each quality function

Required

Standards & Criteria

quality benchmarks, regulations, and acceptance thresholds

Required

QA Processes

review, testing, and inspection procedures

Required

Defect Management

how issues are logged, prioritized, and resolved

Required

Reporting & Metrics

quality KPIs, dashboards, and review cadence

Required

Optional Sections

Tools & Infrastructure

QA toolchain, test environments, and automation

Optional

Training & Competency

required skills and team readiness levels

Optional

Audit Schedule

planned internal and external audit dates

Optional

Continuous Improvement

process for incorporating lessons and raising standards

Optional

Frequently Asked Questions

What is the difference between QA and QC?
Quality assurance (QA) is process-focused and proactive: it designs the workflow, sets the standards, trains people, and audits whether the process is being followed, all to prevent defects from happening. Quality control (QC) is product-focused and reactive: it inspects, tests, and measures the actual output and rejects or reworks anything that fails, catching defects that have already occurred. QA shapes how the work is done; QC checks the result. A complete plan describes both and is clear about which activity is which.
How is a quality assurance plan different from a test plan or a project QA plan?
A quality assurance plan is broad and durable: it governs quality across a whole product line, service, department, or programme, and stays in force across many individual jobs. A technical test plan is narrower and software-specific — it describes how one release or feature will be tested. A project QA plan applies the same idea to a single project, defining the checks and gates for that one effort. The QA plan is the umbrella that sets the standards and processes the more specific plans then put into practice.
What quality metrics should a QA plan track?
Pick a small set of metrics that genuinely reflect quality and give each a target and a review cadence. Common choices are defect rate (defects per unit, batch, or release), first-pass yield (the share of output that meets the standard without rework), rework or scrap rate, customer-reported issues, on-time in-full delivery, and audit findings. A metric with no target is just trivia, and a target nobody reviews is just a wish, so always pair each metric with a number to hit and a fixed forum where it is reviewed.
What is a quality checkpoint or quality gate?
A quality checkpoint — also called a quality gate, hold point, or stage gate — is a defined moment where work pauses, is checked against its acceptance criteria, and is only allowed to proceed if it passes. Good checkpoints sit at natural handoff points so defects are caught before more effort is spent on top of them, have a clear pass/fail rule rather than a subjective judgement, and name an owner with the authority to stop the work if it fails. Crucially, each checkpoint should also define what happens to work that fails.
What is the PDCA cycle and how does it relate to a QA plan?
PDCA stands for Plan, Do, Check, Act — also called the Deming cycle — and it is the engine of continuous improvement in a QA plan. You Plan the standard and process, Do the work against it, Check the results using your metrics and audits, and Act by finding the root cause of any shortfall, changing the process, and standardising the gain. Then the loop repeats. Feeding each cycle with real data and aiming at root causes rather than symptoms is what turns a QA plan from static paperwork into a living system that raises the standard over time.
Who is responsible for quality assurance?
Quality is produced by the people doing the work, so first-line responsibility sits with operators and contributors, who follow the process and flag problems early. Process owners ensure their stage meets its criteria, inspectors and reviewers carry out the checkpoint checks, and a quality manager or QA lead owns the plan itself — setting standards, running audits, and reporting to leadership, who provide the mandate and resources. Treating QA as the quality team's job alone is a mistake; the QA function enables and verifies quality, but the whole organisation produces it. A responsibility matrix keeps ownership clear.

Ready to create your document?

Use our free template or generate a custom version tailored to your needs.

Use Free Template
Create your custom version — free to start

20 free credits on signup — no card needed

This document is for informational purposes and serves as a general guide.

Last reviewed: June 4, 2026