The Audit-Ready Plant Checklist: 24 Questions Your Plant Should Answer Before the Next Inspection
This is the checklist we wish every Indian industrial plant kept taped to the EHS Head's office door. Twenty-four questions across six sections, covering the audit pressure points that show up in every Labour Officer visit, every CDSCO surveillance, every IATF customer audit, every MSIHC inspection and every factory inspector walk-in. Use it as a self-assessment before the next inspection cycle. Any question your plant cannot answer in under 60 seconds from a structured platform is an exposure. The exposures stack up. The audit cycle will find them. The good news is that every exposure on this list has a defined operational fix; the platform layer that closes them is well understood and the deployment timeline is measured in weeks, not quarters.
Section 1: Visitor and PII (4 questions)
Question 1: Does every visitor sign explicit consent for PII collection at the gate, in a form they can understand, before any data is captured? The DPDPA 2023 framework requires explicit, informed consent. Implicit consent (visitor writes name, is allowed in) does not satisfy the Act. Question 2: Is all visitor PII stored in India, on a tier the plant has explicitly chosen (Cloud India-resident, Hybrid Edge at the plant, or On-Premise air-gapped)? Cross-border storage without explicit cross-border consent is an exposure. Question 3: Can the plant honour a visitor's right-to-erasure request within the statutory window, with an audit log of the erasure event? Most paper visitor processes cannot. Question 4: Is the DPO (or the designated equivalent under the threshold) appointed, with contact details on file, with a defined escalation path for breach notification? The Act requires both the appointment and the operational toolkit. If any of these four answers is unclear, the plant's DPDPA posture is exposed. The fix is a DPDPA-ready visitor module (Zentry Pass is one such option) deployed at every gate.
Section 2: Contractor and CLRA (6 questions)
Question 5: Can the plant produce CLRA Form XVI (the daily muster roll) for any prior period in the Central Rules prescribed format within 60 seconds? Question 6: Does the CLRA wages register (Form XVII) reconcile to the muster roll for every period, without manual Excel reconciliation? Question 7: Does the CLRA overtime register (Form XXI) auto-flag any worker approaching the statutory overtime limit before the breach happens? Question 8: Can the plant produce the per-contractor-agency compliance score (licence on file, workers current on induction, no overtime breaches, no statutory complaints) on demand? Question 9: Is the annual CLRA return (Form XXIII) filed within the statutory window, with the evidence chain back to the source gate events available if the Labour Department asks? Question 10: Are all subordinate forms (XIII, XIV, XV, XVIII, XIX, XX, XXII) maintained in the Central Rules format and reconcilable to the master muster roll? Any unclear answer here is the kind of exposure Labour Officers find first. The fix is an integrated Gate module with the Muster view (Zentry Gate is one such option) producing all eleven forms from the gate event stream.
Section 3: Induction and Section 41B (5 questions)
Question 11: Does every worker entering the plant for the first time complete a mandatory safety induction at a kiosk, with on-screen exam and a tamper-evident certificate? Whiteboard induction at shift start does not satisfy Section 41B in the 2024-26 inspection environment. Question 12: For plants with hazard zones (MAH units under MSIHC), is the induction certificate role-specific and zone-specific, validated at the zone entry gate? Generic site induction is not enough. Question 13: For pharma GMP plants under Schedule M revised 2024, is the induction certificate per-batch, per-cleanroom-zone, per-role, gate-verifiable? The 2024 revision raised this bar; whiteboard sessions no longer pass CDSCO surveillance. Question 14: For Section 41C MAH units, can the plant produce the mock drill participation record for every worker over the last 12 months? Question 15: Can the plant block a contractor worker from accessing a zone if their induction certificate has expired or is missing for that zone? Any unclear answer here is a safety exposure that compounds across inspections. The fix is an integrated Induct module (Zentry Induct is one such option) tied to the gate verification layer.
Section 4: Vehicle and inbound logistics (3 questions)
Question 16: Is every inbound vehicle plate captured by ANPR at the gate and matched to its GST e-Way Bill at the point of entry, with the match logged in the same audit-defensible event stream as worker and contractor access? Manual paper vehicle registers no longer satisfy GST e-Way Bill audit requirements or customer supply chain audit requirements. Question 17: For automotive Tier-1 plants, can the plant produce the inbound logistics chain for any specific delivery (gate entry, ANPR match, e-Way Bill match, parts delivery note, receiving inspection) on demand for the OEM customer's audit? Question 18: For chemicals plants moving hazardous materials, is the inbound and outbound vehicle log integrated with the MSIHC manifest and the standing safety procedures for hazardous goods movement? Any unclear answer here is a customer audit and GST audit exposure. The fix is the Drive module (Zentry Drive is one such option) with ANPR and e-Way Bill integration.
Section 5: Audit pack and evidence chain (4 questions)
Question 19: Can the plant produce a complete IATF or customer audit pack (per-zone access, contractor evidence, inbound logistics, induction trail) for any prior 90-day period in under 60 seconds, exportable as PDF or Excel? Question 20: Can the plant produce a complete CDSCO surveillance pack (per-batch induction trail, per-cleanroom access, contractor evidence, visitor consent) for the affected manufacturing window on demand? Question 21: Can the plant produce a complete MSIHC inspection pack (per-zone hazard access, mock drill participation, induction trail, on-site emergency plan) for any specific zone and period? Question 22: Is the audit log signed and tamper-evident, with the cryptographic integrity verifiable by the auditor (or by the customer's IT security team during the supply chain audit)? Plants that can answer yes to all four are operationally audit-ready. Plants that cannot are running on hope. The fix is the single signed event stream architecture; every modern integrated industrial platform should support this.
Section 6: Group posture (2 questions)
Question 23: For multi-plant Groups, can the Group CFO, Group CIO and Group EHS Head see the Group-wide compliance posture (per-plant, per-statute, per-period scoreboard) live from a single console, without per-quarter Excel reconciliation? Question 24: For listed parents under SEBI BRSR, are the BRSR-relevant operational metrics (training hours, contractor hours, accident records, energy proxies via meter integration) captured live across the Group, with the BRSR filing pack one-click exportable? Multi-plant Groups that answer no to either question are running quarterly Excel scrambles that will eventually produce errors at the SEBI filing window. The fix is an Enterprise-grade bundle (Zentry Enterprise is one such option) with a central Group console federating across plant deployments. Once all 24 answers are yes, the plant or Group is operationally audit-ready. The next Labour Officer, CDSCO surveillance, MSIHC inspection, IATF customer audit or factory inspector visit becomes a demonstration, not a defence.