internal auditor course

May 3, 2023

Internal Quality Auditor Course

Copyright © 2014 ProSep. All Rights Reserved.

SECTION 1 – COURSE PROGRAM

Copyright © 2014 ProSep. All Rights Reserved.May 3, 2023 3

SECTION 1 - OUTLINE

Workshop 1ISO 9000 Family StandardsBenefits of Quality SystemsQuality Management PrinciplesWorkshop 2ISO 9000 Terms and DefinitionsThe Process ApproachWorkshop 3


WORKSHOP 1 - INTERVIEW

Using the information provided below, please pair off and interview one another and observe the responses. Assign time keeper, Time Limit: 10 Min.

Information you seek:– Name– Company or Department– Brief resume of your career– Quality Management System experience (scale

of 1 to 10)– Objective of attending this course


ISO 9000 FAMILY OF STANDARDS

What is ISO?– ISO stands for International Organization for

Standards.

– ISO is a worldwide federation of national standard bodies (ISO member bodies)

– The work of preparing ISO is normally carried out through ISO technical committees.

– International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.


ISO 9000* - Quality Management Systems

– Fundamental and Vocabulary

ISO 9001 - Quality Management Systems

Requirements

ISO 9004 – Quality Management Systems

– Guidelines for Performance

Improvements

ISO 19011 are Guidelines for Quality and / or Environmental Systems Auditing

ISO 9000 FAMILY OF STANDARDS


ISO 9000 QMS FUNDALMENTALS & VOCABULARY

Specifies terms and definitions for Quality Management Systems (QMS).

Prepared by Technical Committee ISO/TC/176, Quality management and quality assurance, subcommittee SC 1, Concepts and terminology.

ISO 9001 refers to this standard as a “Normative Reference” i.e. it is essential for the application of the standard.

Organization cannot be certified to it (ISO 9000).

It is not auditable.


ISO 9001 QMS - REQUIREMENTS

Specifies requirements for implementing and maintaining a quality management system.

Prepared by Technical Committee ISO/TC 176, Quality management and quality assurance Subcommittee SC2, Quality Systems.

It is auditable and organizations can be certified to this standard (ISO 9001).


BACKGROUND & DEVELOPMENT OF ISO 9001

Before 1950 1959 1969 1974 1979

Focus to inspect products after completion

US Military Spec. MIL-Q-9858

NATO Published Allied Quality Assurance Publications (AQAP)

British Standards published guidance, BS4891 & BS 5179

BS published first standard BS 5750


BACKGROUND & DEVELOPMENT OF ISO 9001

1987 1994 2000 2008 2015

• ISO publishes set of standards.

• ISO 9000 Series introduced

ISO 9000 was reviewed and revised

• ISO 9000 significantly revised. Process Approach introduced.

• Focus shifted away from documentation.

Minor changes to 2000 rev. (Customer Focus)

Focus - less process more Risk Management. Acceptance stages: Final draft: July 2015, International standard Sept 2015.


ISO 9004 GUIDELINES FOR PERFORMANCE IMPROVEMENTS

Provides guidance to management for achieving sustained success.

Any organization can apply principles to move beyond the minimum requirements of ISO 9001 in pursuit of continued performance improvement.

ISO 9001 and ISO 9004 have been designed to complement each other, but can be used independently.

It is not auditable and cannot be certified to.


OTHER ISO STANDARDS

While ISO 9001 is intended to be fully generic to be applicable for a wide range of industries, many such industries have developed their own sector based standards which tailor the generic ISO 9001 standards to specific industry requirements.

Some examples:– ISO 27001- Information Security

– API Q1 - Oil Industry

– TS 16949 - Automotive

– ISO 14001 - Environmental

– AS 9100 - Aerospace


BENFITS OF QUALITY SYSTEMS

Prevention of mistakes

Profitability increase

Enhance customer satisfaction and reputation

Improve confidence, morale and motivation

Better and more consistent training to align with business needs


BENEFITS OF ISO 9001 CERTIFICATION

QMS is based on a worldwide, proven and recognized standard

External independent audits

On-going monitoring

Increased marketing opportunities

Improved employee morale


QUALITY MANAGEMENT PRINCIPLES

1. Customer Focus

2. Leadership

3. Involvement of People

4. Process Approach

5. System Approach to Management

6. Continual Improvement

7. Factual Approach to Decision Making

8. Mutually Beneficial Supplier Relationships


QUALITY SYSTEMS BENEFITS

Customer FocusOrganizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.



LeadershipLeaders establish unity of purpose and direction of the organization.

Leaders should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.



Involvement of PeoplePeople at all levels are the essence of the organization and their full involvement enables their abilities to be used to the benefit of the organization.



Process ApproachA desired result is achieved more efficiently when related resources and activities are managed as a process.



Systems Approach to ManagementIdentifying, understanding and managing interrelated processes as a system contributes to the organization’s effectiveness and efficiency to achieve it objectives.



Continual ImprovementContinual improvement of the organization’s overall performance should be a permanent objective of the organization.



Factual Approach to Decision MakingEffective decisions are based on the analysis of data, both qualitative and quantitative information.



Mutually Beneficial Supplier RelationshipsAn organization and its suppliers have an independent but mutually beneficial relationship that enhances the ability of both to create value by leveraging each other.


WORKSHOP 2 – REASONS AND BENEFITS

Break into groups of four.

In your group discuss the following points:– List at least three benefits to an organization that

implements a QMS.

– List at least 3 quality management principles that promote continual improvement.

Assign time keeper, Time Limit: 10 minutes


ISO 9000 TERMS AND DEFINITIONS

Quality – Degree to which a set of inherent characteristics fulfils requirements.

Quality Assurance – Part of quality management, focused on providing confidence that quality requirements will be fulfilled.

Quality Control – Part of quality management focused on fulfilling quality requirements.



Requirements – Need or expectation that is stated, generally implied or obligatory.

Specified

by

Customer

Implied

Statutory regulatoryCompany,

procedure,

forms, etc.

Indu

stry

st

anda

rds

REQUIREMENTS



Quality Management – Coordinated activities to direct and control an organization with regard to quality.

Please note that direction and control with regard to quality generally includes establishment of a quality policy and objectives, quality planning, quality control, quality assurance, and quality improvement.



Quality Policy – Overall intentions and direction of an organization related to quality as formally expressed by top management.

Quality Objectives – Something sought or aimed for that is related to quality.

Quality Improvement – Part of quality management, focused on increasing the ability to fulfill quality requirements.

Continual Improvement – Reoccurring activity to increase the ability to fulfill requirements.



Product – Results from a set process, e.g.: – Services, Software, Hardware, Processed Materials

Audit – A systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Audit Types:– Internal and External



Internal Audits – Conducted by, or on behalf of the organization itself for internal purposes, and may form the basis for an organization’s declaration of conformity.– In smaller organizations, independence can be

demonstrated by the freedom from responsibility for the activity being audited.

– Reasons: • To validate that current processes are compliant to

specifications or procedures

• Preventive measures to catch problems before they occur

• Systematically improve the organizations internal processes



External Audits – – Include those generally termed second and third party

audits.

– Second-party audits - Conducted by parties having an interest in the organization, such as customers or persons on their behalf.

– Third-party - Conducted by external, independent auditing organizations, such as those providing certification/registration.



External Audits: Second-party audits, reasons:– Provides input to selecting, grading and approving

suppliers.

– Provides help to improve the QMS of suppliers

– Increases mutual understanding of QMS requirements



External Audits: Third-party audits –– Carried out by competent certification bodies

– Auditors must be independent and not provide advice or consultancy

– Background

Note: 1950’s and 1970’s: more and more second party audits were being carried out.

Some companies employed people whose sole responsibility was to escort visiting auditors during audits.

Certification bodies were created after ISO 9000 was introduced.



Nonconformity – Non-fulfillment of a requirement, specification, or standard.

Corrective Action – Action taken to eliminate the cause of a detected nonconformity or other undesirable situation.

Preventive Action – Action taken to eliminate the cause of a potential nonconformity or other undesirable potential situation.



Procedure – Specified way to carry out an activity or a process:– Note 1: Procedures can be documented or not

– Note 2: When a procedure is documented, the term “written procedure” or “documented procedure” is frequently used

Inspection – Conformity evaluation by observation and judgment accompanied as appropriate by measurement, testing, or gauging.



Verification – Confirmation through the provision or objective evidence that specified requirements have been fulfilled. (e.g.: measurement)

Validation – Confirmation through the provision of objective evidence that the requirements for specific intended use or application have been fulfilled. (e.g.: Process is working as intended).

Review – Activity taken to determine the suitability, adequacy and effectiveness of subject matter to achieve established objectives.



Specification – A document stating requirements

Auditor – Person with the demonstrated personal attributes and competence to conduct and audit

Auditee – Organization being audited.

Outsourced process – Is a process the organization needs for its QMS and which the organization chooses to have performed by an external party. (ref: ISO 9001 standard)


THE PROCESS APPROACH

ISO 9000 defines a process as: a set of interrelated or interacting activities which transforms inputs into outputs.– The process approach is one of the most important

concepts of ISO 9001

Inputs Process Outputs



Process continued – Fishbone, Ishikawa DiagramINPUTS OUTPUT



Process continued:

The flowchart illustrates a picture of the processes of a simple business.

Customer Inquiry

Order review &

processing

Materials Planning Production Warehouse

& Shipping Product

Inspection



To determine a process, you must determine the set of inputs required to have the desired output.

Define the processes to conduct business in the organization.

Determine the monitoring and measuring activities.

Determine the sequence and interaction.– Review some of ProSep’s internal department

processes


WORKSHOP 3 – THE PROCESS APPROACH

Using the process approach, map a designated process, making sure to include the following:– Inputs

– Outputs

– Main steps to accomplish the process

– Verification steps

– Sequence and interaction

– Support processes (optional)

Assign time keeper, Time Limit: 15 minutesEach team will explain their process map to other groups (wait until each team has finished before asking questions).


SECTION 2 – ISO 9000 SCOPE


SECTION 2 - OUTLINE

Scope of ISO 9001:2008Clause 4: Quality Management SystemWorkshop 4Clause 5: Management ResponsibilityClause 6: Resource ManagementWorkshop 5Clause 7: Product RealizationWorkshop 6Clause 8: Measurement, Analysis & ImprovementWorkshop 7


AIMS AND OBJECTIVES

QMS requirements for an organization that

meets:

Demonstrates ability to consistently provide product that meets:

Customer requirements

Compliant to statutory/regulatory

requirements

Aims to enhance customer satisfaction

through:

Effective system application

System continual improvement

Assurance of conformity to: Customer requirements

Applicable statutory & regulatory

requirements

These objectives translate into:


SCOPE OF ISO 9001:2008

One of the first tasks an organization must do when deciding to seek ISO 9001 certification, is to define the scope of the quality management system to be implemented.

The scope relates to the areas of the organization what will actually be affected or will have to conform to the ISO 9001 standard.

It is important for auditors to be aware of the scope of the system and the standard.



Statements of scope may start with the following aspects:

ActivityDesign,

Manufacturing,Repair,

Delivery, etc.

LimitationsLocations/Site,

Divisions,Geographical area, etc.

Product or ServiceChemicals, Admin.

Processing,Manufacturing, etc.



Exclusions:– When parts of ISO 9001 requirements are believed not

to apply to an organization, they can claim “exclusions”.

– Exclusions are discussed in the standards introductory section and emphasizes they are limited to clause 7.

– If exclusions are to be taken from other clauses, then the organization would not be conforming to the standard.

– In addition, the standard requires that such exclusions do not affect the organizations ability or responsibility to provide product that conforms to the customer’s and applicable regulatory requirements.



Organizations– Can choose not to have all of

their products covered by their quality system (Clause 7).

– They cannot take an option out of their responsibilities within the quality system when seeking certification or if they have obtained certification.

ActivityDesign,

Manufacturing,Repair,

Delivery, etc.

LimitationsLocations/Site,

Divisions,Geographical area, etc.

Product or ServiceChemicals, Admin.

Processing,Manufacturing, etc.

ExclusionsISO 9001, Clause 7



Scope statement examples:

Organization A:Elevator Service Company

Exclusions:

7.3 Design and development. Where Organization A is a service provider and does not engage in designs of product.

7.6 Control of monitoring and measuring devices. Organization A does not own or maintain any devices for monitoring or measuring.




Organization B:

Is a manufacturer of marine navigation, survey, and communications equipment company.

Organization B has no design and development function and claims exemption form Clause 7.3 of the ISO 9001 standard.




Organization C:Is a manufacturer of plastic and rubber based parts utilizing injection, insert and compression molding; form- vacuum casting of parts.

Exclusion:

Organization C does not keep any customer information or customer property of any kind, and claims exemption to clause 7.5.4 from the standard.



Clause 4: Quality Management SystemGeneral Requirements:

– Section 4.1 requires organizations to document, implement and maintain quality management system and continually improve its effectiveness.

– Most of the requirements set forth in this clause are re-stated in other parts of the standard; however this section forms the basis for the development of the whole quality management system.



QMS outline of requirements:– Determine the processes needed for the quality

management system and their application throughout the organization.

– Determine their sequence & interaction of these processes.

– Determine criteria & methods for their effective operation and control.

– Ensure resources and information are available.

– Monitor, measure, and analyze the processes.

– Implement actions necessary to achieve planned results and continual improvement.



Continued Improvement

Determine the processes (inputs and

desired outputs), their interaction,

and criteria

Ensure proper resources and

information are available

Monitor, Measure, and

analyze

Implement actions to

achieve planned results

• PDCA is a common problem solving method.

• DMAIC: “Define, Measure, Analyze, Improve, & Control” is the Six Sigma preferred method for problem solving.



Outsourcing of Processes:– The standard requires the

organization to ensure control over such processes.

– The control level must be defined by the organization in the QMS.

– Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer. statutory, and regulatory requirements.

Calibration

Engineering

Maintenance

Internal Audits



Documentation Requirements– Specifies what documents are necessary for any

quality management system and outlines what should be a part of those documents.

Documented statements of quality policy and objectives

A Quality Manual

Documents procedures and records required by the standard.

Documents including records needed by the organization



Quality ManualThe organization shall establish and maintain a quality manual that includes:

– The scope of the quality system including justification for any inclusions

– If any standards are excluded then these must be specified including justification for the exclusion claimed

– The documented procedures established for the quality management system or references to them

– A description of the interaction between the processes of the QMS



Quality Manual

Required procedures

or reference

Scope and Exclusions

Process and interaction



4.2.3 Control of DocumentsEnsure those documents which are necessary for the effective operation of the QMS are under control.

A documented procedure is required to define the following controls:• Approval prior to issue• Review and updates as necessary• Identification of changes and revision status• Availability at points of use• Legibility and identification• Documents of external origin are controlled• Obsolete documents are prevented from unintended use



Example of processes addressed by a Control of Documents procedure:

Title: Document Control

New

Doc

umen

tSu

ppor

tEx

istin

g D

ocum

ents

Phase

Uncontrolled Document Document Creation Review and approval Implementation

Document change

Controlled Document

Request for change

Obsolete Documents

Documents of External Origin

(Projects or other)



4.2.4 Control of Records

Records are required to be established and maintained to:• Provide evidence of product conformity• Demonstrate effective operation of QMS• Records must be:

• Legible

• Readily identifiable

• Readily Retrievable (e.g. if it takes too long to retrieve, then recording system is lacking)



Records RequiredManagement Reviews (5.6.1)Education & training skills (6.2.2e)Meeting Requirements (7.1d)Review of Requirements and actions (7.2.2)Design Inputs 7.3.2)Design Reviews (7.3.4)Design Verification (7.3.5)Design Validation (7.3.6)Design Changes (7.3.7)Supplier Evaluations (7.4.1)

Validation of processes (7.5.2d)ID & traceability (7.5.3)Customer Property (7.5.3)Basis used for calibration and verification (7.6a)Results of calibration and verification (7.6)Audits and audit results (8.2.2)Authorization of product release & delivery (8.2.4)Nonconformities (8.3)Corrective Actions (8.5.2e)Preventive Actions (8.5.3d)


WORKSHOP 4 - ISO 9001 COMPLIANCE

Workshop 4 (Time limit: 20 Minutes, assign timekeeper)

Using the following documentation, please review the procedure for adequacy and conformance to ISO 9001 standard.

• ISO 9001:2008

• Procedure assigned by the instructor Using a Green highlighter, mark compliant areas.

Using a Red highlighter, mark areas not compliant.

Compile a list of requirements that have not been addressed by all participants.



Clause 5: Management Responsibility5.1 Management CommitmentThis requirement calls for top management of an organization to be committed to the development and improvement of the quality system:

Communicate the importance of meeting customer, statutory & regulatory requirements.

Establish the Quality Policy and convey to all levels in organization

Ensure Quality Objectives are established and convey to appropriate

levelsConduct

Management Reviews

Ensure

resource availabilit

y



5.2 Customer Focus

Top management shall ensure that customer requirements are determined and met with the goal of enhancing customer satisfaction (ref. 7.2.1 and 8.2.1).



5.3 Quality Policy

A formally documented policy is required which:

• Is appropriate to the purpose of the organization

• Includes a commitment to comply with requirements

• Includes a commitment to continually improve the quality management system effectiveness

• Provides a framework for establishing and reviewing quality objectives

• Is reviewed for continuing suitability



5.4.1 Quality Objectives

Top management shall ensure that quality objectives including those needed to meet requirements for product are established at relevant functions and levels within the organization.

The quality objectives shall be measureable and is consistent with the quality policy.



5.4.2 Quality Management System Planning

Top management shall ensure that:

• The planning of the quality management system is carried out in order to meet the general requirements as well as the quality objectives.

• When changes to the QMS are planned and implemented the integrity of the quality management system is maintained.



5.5.1 Responsibility and Authority

Responsibilities and authorities need to be defined and communicated within the organization.

5.5.2 Management Representative

Top management is required to appoint a member of the organization who, irrespective or other responsibilities shall have responsibility and authority that includes:

• Ensuring processes are established, implemented and maintained

• Reporting on the performance of the system

• Reporting on the need for improvements to the system

• Ensuring the promotion of awareness of customer requirements throughout the organization



5.5.3 Internal Communication

Top management shall ensure that appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the quality management system.

Methods of Communication:

• Presentation• Company Intranet• Training• Bulletin Boards• Etc.



5.6 Management Reviews

Top management is required to review the suitability, adequacy, and effectiveness of the QMS at planned intervals. The review also includes an assessment of opportunities for improvement of the QMS, Quality Policy and Objectives.

Review Inputs:• A definitive set of inputs for the review process is provided by the

standard

Review Outputs:• The management review meeting needs to yield decisions and actions



Inputs Outputs

• Audit results (E.g. NCRs, CARs, PARs)

• Customer feedback (E.g. Satisfaction surveys, emails, project close-out, etc.)

• Process performance and product conformity (Increased Project costs, expediting fees, Overtime, NCRs, CARs, PARs)

• Status or preventive and corrective actions (open items, not closed in a timely manner)

• Follow-up actions from previous management reviews (reoccurring issues?)

• Changes to the QMS (Internal Processes, Standards, statutory, regulations, etc.)

• Recommendation for improvements

• Improving the effectiveness of the QMS and its processes (How to drive change?)

• Improving product related to customer requirements

• Resource needs



Clause 6: Resource Management6.1 Provision of Resources

The organization is required to determine and provide the resources needed:• To implement and maintain the quality management system and

continually improve its effectiveness

• To enhance customer satisfaction by meeting customer requirements



6.2 Human Resources

People performing work affecting conformity to product requirements shall be competent on the basis of appropriate education, training, skills and experience.

6.2.2 Competence, Awareness, & Training

Organization is required to determine:

• Competency requirements

• Identify any competency gaps and provide training or other actions to fill those gaps

• The effectiveness of any actions taken to fill competency gaps needs to be evaluated

• People are required to be made aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives



6.3 Infrastructure

Organization is required to formally consider what facilities are needed to support their activities, this includes but is not limited to work-space, utilities, equipment, hardware, software, support services, transport, communication, and information systems.

6.4 Work Environment

The work environment needs to be determined and managed to achieve conformity to product requirements.


WORKSHOP 5 - ISO 9001 COMPLIANCE

Workshop 5 (Time allotted 20 minutes, assign timekeeper)

Using provided documentation, review the procedure for adequacy and conformance to the ISO 9001 standard.

• ISO 9001 standard

• Procedure assigned by the instructor

Please note the areas you believe the procedure complies with the requirements. Make a note of requirements that have not been met.



Clause 7: Product Realization7.1 Planning of Product Realization

The organization is required to plan and develop the processes needed for product realization. Planning shall include as appropriate:

• Quality objectives

• Establishing processes and documents, providing resources for products

• Verification, validation, monitoring, measurement, inspection and test activities for products and product acceptance

• Records needed to provide evidence the product meets requirements



7.2.1 Determination or requirements related to the product

Organizations need to identify all the requirements for the product that must be met.1. Requirements specified by the customer, including the requirements

for delivery and post delivery activities.

2. Requirements not stated by the customer but necessary for specified or intended use, when known.

3. Statutory and regulatory requirements applicable to the product.

4. Any additional requirements considered necessary by the organization, ISO 9001, industry standards, etc.



7.2.2 Review of Product Requirements

The organization has to perform a review of the requirements related to the product. The review shall ensure:

• Requirements have been defined

• Any conflicts are resolved

• The organization has the ability to meet the requirements

• Records have to be maintained. Verbally specified requirements are to be confirmed. Changes have to be controlled and documented.



7.2.3 Customer Communication

The organization shall determine and implement effective arrangements for communicating with customers in relation to:

• Product information

• Inquiries, contracts, order handling, including amendments

• Customer feedback, including customer complaints



7.3.1 Design and Development Planning

Design and development planning activities are planned to determine:

• Design and development stages

• Appropriate review, verification, and validation

• Responsibilities and authorities

• The organization needs to manage the inter faces between difference groups involved in the design and development activities

• Planning output is to be updated as design and development processes



7.3.2 Design and Development Inputs

Inputs related to product requirements need to be determined and recorded. These are to include:

• Functional & performance requirements

• Statutory & regulatory requirements

• Information from previous designs

• Other essential requirements

The inputs are to be reviewed for adequacy and any incomplete, ambiguous or conflicting requirements are to be resolved.



7.2.3 Design and Development Outputs

Outputs are required to be provided in a form that enables verification against inputs. Outputs shall:

• Meet input requirements

• Provide appropriate information for purchasing, production, and service provision

• Contain or reference acceptance criteria

• Specify essential characteristics for safe and proper use

Outputs shall be approved prior to release.



7.3.4 Design and Development Review

At suitable stages, systematic reviews of design and development shall be performed:• To evaluate the ability of the results of design and development to

meet requirements

• To identify any problems and propose necessary actions

• Participants in such reviews shall include:

─ Representatives of functions concerned with the design and development stage(s) being reviewed. Records of the review results and necessary actions shall be maintained.



7.3.5 Design and Development Verification

Verification is to be performed to ensure design outputs have met input requirements.

Records of verification results and any necessary actions shall be maintained.

7.3.6 Design and Development Validation

Design and development changes shall be identified.

Changes shall be reviewed, verified, and validated, as appropriate and approved before implementation.

Review of design and development changes shall include evaluation of the effect of the changes on constituent parts and product already delivered.

Records of change review results and any necessary actions shall be maintained.



7.4.1 Purchase Process

Organizations are required to ensure that purchased product conforms to specified purchase requirements.

The type and extent of control applied to suppliers and purchased product must be dependent upon the effect of the purchased product on subsequent product realization efforts or the final product.

The organization must evaluate and select suppliers based on their ability to supply product in accordance with the requirements.

Criteria for selection, evaluation and reevaluation must be established.

Records of evaluation results and necessary actions arising from evaluation must be maintained.



7.4.2 Purchasing Information

Purchasing information must describe the product to be purchased, including where appropriate:

• Requirements for approval or product, procedures, processes and equipment

• Requirements for qualification of personnel

• Quality management system requirements

Organizations must ensure the adequacy of specified purchase requirements prior to their communication to the supplier.



7.4.3 Verification of Purchased Product

Organizations are required to undertake inspection, or other activities to ensure purchased product meets specified purchase requirements.

If the organization or their customer intends to visit the supplier’s facility to perform verification activities, then this must be stated in the purchasing information (P.O. or agreed upon documented negotiations) provided to the supplier along with the methods used to release the goods.



7.5.1 Control of Production and Service Provision

Production and Service Provision is to be planned and carried out under controlled conditions. Controlled conditions refer to:

• Availability of product information

• Availability of work instructions (as applicable)

• Use of suitable equipment

• Availability and use of monitoring and measuring equipment

• Implementation of monitoring and measurement

• Implementation of product release, delivery and post delivery activities



Control of Product and Service Provision• Product information: Drawings, schematics, Formulas

• Work Instructions (if applicable): Checklist, job packet, work order

• Suitable equipment: Machines, Pipes, Tanks, etc.

• Monitoring & measurement equipment: Caliper, tape measure, computer, gauges, etc.

• Monitoring & measuring: Visual, Testing, Verification

• Release & delivery: Handling, Package, Transport, Commission



Validation of ProcessesThe organization shall validate processes that define product specifications, production and service provision where; the resulting output cannot be verified by subsequent monitoring or measurement and deficiencies become apparent after product/service is in use.

Arrangements for processes include:• Criteria for review and process approvals

• Equipment approval

• Personnel qualification

• Specific methods and procedures

• Record requirements

• Re-validation



Process Verification

Can be verified Cannot be verified

• Measured dimensions/specifications• Visual inspection for imperfections• Color measure: Spectrophotometer• Heat Treat: Destructive test• Welding: NDE - UT

Special processes:• Soldering• Coating• Sterilization• Plating



Processes with Limited Output Verifications must:

• Quality the process, e.g. Materials and Equipment

• Quality the Personnel, e.g. Education, Training, Testing, Certifications



7.5.3 Product Identification and TraceabilityWhere appropriate, product is identified through product realization.Measurements and monitoring status is to be identified.Traceability needs to be controlled and recorded when required.

Identification Traceability Example:

Materials

• Blue pigment, lot# 463• HDPE pellets, lot# 266

Equipment

• 1000 Ton Press• Cutting stations: #1, #2

Status

• In-process• Awaiting inspection (Tagged/placed in a quarantine area)• Warehouse



7.5.4 Customer Property

The organization shall exercise care with customer property while it is under the organization’s control.

Controls required: Identification, Verification, Protection, Safeguarding

Examples: Material, Custom parts, Schematics, software, packaging material, etc.

If any customer’s property is lost, damaged or otherwise found to be unsuitable for use, the organization shall formally report issues to the customer and maintain records for traceability.



7.5.5 Preservation of Product

Product conformity is to be preserved during internal processing and delivery to its intended destination.

Preservation includes:• Identification

• Handling

• Packaging

• Protection

Preservation also applies to products and component parts.



7.6 Control of Monitoring and Measuring Equipment

The organization is required to determine the monitoring and measurement undertaken and equipment required to provide evidence of product conformity.

A process must be established to ensure monitoring and measurement activities are carried out in a manner that is consistent with the monitoring and measurement requirements.



Measurement Inspection Methods:(Match description with picture)

• GC (Gas Chromatograph),

• Caliper,

• Micrometer,

• Go-no-go gauges: • Feeler gauge,

• Pin Gauges



Equipment used to verify product conformity shall be:• Calibrated or verified at specified intervals

• Traceable to international/national measurement standards: A2LA or NIST

• Adjusted or re-adjusted as necessary (when applicable)

• Identified via calibration sticker to verify calibration status

• Safeguarded from adjustments that would invalidate measurement results

• Protected from damage and deterioration during handling, maintenance and storage



Equipment Found Non-conforming

The organization shall assess and record the validity of previous measuring results when the equipment is determined to not conforming to requirements.

• In short, verify the previous measuring results on product that may be affected.

The organization shall take appropriate action on the equipment and any product affected.

• Tag and remove inspection equipment from use until it is calibrated, and if needed notify customers who may have non-compliant product and determine proper course of action.


WORKSHOP 6 - ISO 9001:2008 CLAUSES

Workshop 6 (Time allotted: 7 min./individual. Matching’s, 7 min. discussion, assign timekeeper.)

Clause matching exercise:Use the handout of ISO 9001 Clauses to the standard you believe it belongs to.

Be prepared to discuss your matching's and clause intent with the class.

• Instructor to provide handout



Clause 8: Measurement Analysis and Improvement8.1 GeneralThe organization shall plan and implement the monitoring, measurement, analysis and improvement processes needed:

• To determine conformity to product requirements

• To ensure conformity of the quality management system

• To continually improve the effectiveness of the quality management system

This shall include determination of applicable methods, including statistical techniques, and the extent of their use.



8.2.1 Organizations are required to determine the methods to be employed for obtaining and using information relating to customer perceptions about weather the organization has met customer requirements.

Leading information Lagging information

• Customer survey • Customer complaints

• Industry surveys • Customer returns

• Product or process data • Customer report cards

PROACTIVE REACTIVE



8.2.2 Internal Audits

Organizations are required to conduct internal audits at planned intervals to determine whether the quality management system:

• Conforms to the planned arrangements, to the requirements of ISO 9001 and to the QMS requirements established by the organization

• Is effectively implemented and maintained

• Audits are to be planned, taking into consideration the status and importance of the processes and areas to be audited, including the previous audit results



Continued –

• The audit criteria, scope and frequency and methods are to be defined. A documented procedure is required (see audit procedure and internal audit schedule).

• Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process.

• The management responsible for the area being audited is required to take actions on the results of the audit without undue delay. Follow-up activities are required to verify the actions taken.

• Records are required.



8.2.3 Monitoring and Measurement of Processes

The organization will apply suitable methods fro monitoring and where applicable, measurement of the QMS processes.

These methods are to demonstrate the ability of the processes to achieve planned results.

When planned results are not achieved, correction and corrective action shall be taken as appropriate.



Example of monitoring processes:

Order review/proc

essessing

Materials Planning Production Warehouse

& Shipping

Inspection

Quote turn around time

Production Backlog

Production Cycle time

Inventory accuracy

Internal Audits and Performance Measurements



8.2.4 Monitoring and Measurement of Product

Organizations are required at appropriate stages to monitor and measure the characteristics of the product to verify that product requirements have been met.

Evidence of conformity shall be maintained (Production records).

Records must indicate the person(s) authorizing release of product for delivery to the customer.

When acceptance criteria is not met, approval by a relevant authority (authorized person) is required, and where applicable by the customer.



8.3 Control of Non-conforming Product

Product that does not conform to requirements must be identified and controlled to prevent its unintended use or delivery in accordance with a documented procedure.

Examples of ways to handle nonconforming products:

• By taking action to eliminate the detected nonconformity

• By authorizing its use, release or acceptance under concession by a relevant authority and, where applicable, by the customer

• By taking action to preclude its original intended use or application

• By taking the appropriate action to handle the effects or potential effects, in cases where the nonconforming product is detected after product delivery

Any corrected nonconforming product must be re-verified to demonstrate conformity to requirements.

Records must be maintained for these actions.



8.4 Analysis of Data

Organizations are required to determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and evaluate where opportunities for continued system improvement are apparent.

Part of this analysis is to provide information on:• Customer satisfaction

• Conformity to product requirements

• Characteristics and trends of processes and products, including opportunities for preventive actions

• Suppliers



8.5.1 Continual Improvement

The organization shall continually improve the effectiveness of the quality management system through the use of:

• The Quality Policy

• Quality Objectives

• Audit Results

• Analysis of Data

• Corrective and Preventive actions

• Management Review



8.5.2 Corrective ActionThe organization must take action to eliminate the causes of nonconformities in order to prevent their reoccurrence.

A documented procedure is required to define:

• Reviewing nonconformities (including customer complaints)

• Determining the causes of nonconformities

• Evaluating the need for action to ensure nonconformities do not occur

• Determining and implementing actions needed

• Records or actions taken

• Reviewing the effectiveness of the corrective action taken



8.5.3 Preventive Action

Similar requirements apply to preventive action as for corrective action:

• Documents procedure

• Determine cause of potential nonconformities to prevent occurrence

• Maintain records

• Review effectiveness


WORKSHOP 7 - ISO 9001:2008 COMPLIANCE

Workshop 7 (time allotted 15 min, assign timekeeper)

Using the following documentation, please review the procedure for adequacy and conformance to the ISO 9001 standard.

• ISO 9001 standard

• Procedure assigned by the instructor

Please note the areas you believe the procedure complies with the requirements and note those that do not.



Thank you for your participation of this classroom training.

Please complete the online training at Opensourcesafety .com\Quality Auditor. Send QHSE

Department a copy of your training record once completed.


ISO 9011PRINCIPLES OF AUDITING


SCOPE OF ISO 9011 – Principles of Auditing

There are 5 principles of auditing:1. Ethical conduct – the foundation of professionalism

2. Fair presentation – report truthfully and accurately

3. Due professional care – diligence and judgment

4. Independence – free from bias and conflict of interest

5. Evidence-based approach – rational method for reaching reliable and reproducible audit conclusions in a systematic audit process



Audit Planning:Audit Team and Lead Auditor – ensure an audit team has been selected that has the competence (subject matter experts) to achieve the audit objectives.

Lead Auditor is the most experienced and will follow formal auditing protocol covered in the following information.



Audit Objectives:1. Determine the conformity of the organization’s

management system utilizing objective audit criteria.

2. Management System capability to ensure compliance with statutory, regulatory and contractual requirements.

3. Evaluation of the effectiveness of the management system to meet specified objectives (i.e.: Quality Objectives & other as specified).

4. Identify areas of potential improvements.



Audit Scope:The scope of the audit describes the extent and boundaries of the audit, e.g. physical location, organizational units/departments, activities, processes and the designated audit length.

Audit Criteria:The audit criteria is used as a reference against which conformity is determined which may include:

• policies, procedures, standards, laws/regulations, management system requirements, contractual requirements.



Audit Feasibility: In some cases there may be a lack of information, cooperation, time or resources where it is more practical to reschedule the audit.

Establishing Contact with the Auditee:The Lead Auditor should coordinate the formal contact with the auditee to establish:

• Point contact communication channels and audit logistics

• Confirm authorization to conduct the audit: Day(s), Time, proposed schedule & audit team

• Request access to relevant documents and records: e.g.: QMS, Policies, Objectives, Procedures, records, etc.

• Agree on the audit scope and audit criteria



Short Audits or Assessments:Are designed to focus on specific processes that may stem from Nonconformance's, customer complaints, etc.

Assessments are not utilized for audit certification process.

Are conducted utilizing the same structure and professional manner as a formal audit.



Pre-Audit Documentation Review:

Per the auditee formal contact where documents were requested for review.

Review provided documentation to determine conformity of the system with the audit criteria.

The documentation may include relevant QMS, Management Reviews, Procedures, Records and previous audit reports.

In some cases this may be conducted as the start of the audit in other cases it can be reviewed prior to the audit.

If the documentation is found to be inadequate, the audit team leader should inform the organization and make a decision regarding the course of action (usually the auditee is accommodating with information requests, unless it is of confidential nature).



Minimum Documentation Mandatory Documentation• Quality Policy & Objectives

• Quality Manual

• Documented procedures required by ISO 9001 (if the audit is based on ISO 9001 standard)

• Organizational documents needed to ensure effective planning, operation, and control of its processes

• Internal Audit Reports/ schedule

• Control of Nonconforming product

• Corrective Actions

• Preventive Actions Control of Documents

• Control of Records



Document Styles:Auditors may observe a wide range of quality documentation styles. Long and short Quality Manuals being comprised of:

• Which ever style documents should be assessed on their content and if they meet the requirements of the standard they reference.



Quality Manual Review:The review may be performed by other auditors in the team but should work under the direction of the Lead Auditor.

The intent of a review is to verify if the documentation provided is compliant to the requirements of the standard.

• Does the procedures comply with the statements continued in the quality manual?

• Does the procedures accurately reflect the actual practices observed in the audit?

There are several different approaches of reviewing procedures during an audit.



Document Reviewing Approaches:

Or

Visit area, gather facts,

Review procedures

Compare results

Documented procedures Undocumented procedures

• Read procedures

• Make notes of key control points

• Visit areas, gather data

• Compare results

• Visit area(s), gather facts form various resources

• Compare facts, observations against requirements



Audit Agenda:The lead Auditor should prepare the audit plan or agenda to establish an agreement between the auditee and the auditor’s company.

The amount of detail provided in the audit agenda should reflect the scope and audit complexity.

Changes to the audit scope are allowed and may change while developing the audit agenda.

Topics the audit agenda should cover and potential confidentiality issues.



Audit Agenda Topics:• Date and location

• Roles and Responsibilities of the audit team, the auditee’s escorts and management

• Audit objectives, criteria and reference documents

• Audit scope and identification of the functions and processes to be included in the audit

• Expected time and duration of the planned audit activities



Workshop 8 – Preparing and Audit Plan Allotted time: 30 minutes, assign timekeeper

Prepare an audit plan using the provided template.

Basic information:Audit duration: 1.5 days

Audit team to be divided into two groups: Team1 is the Lead Auditor and Team 2 are the other auditor’s.

Please use a flip chart (if available) to present to the other course attendees.



Audit Team Assignments:Assignments of tasks must take in consideration the auditor’s, knowledge and experience of the subject matter. E.g. An IT person would be ideal to audit IT subject matter, but they should not have any responsibility in that department (independent).

Changes to the work assignments are allowed in order to ensure audit objectives are achieved.



Preparing work package/documents:After reviewing relevant documents, team members should prepare work aids for reference and for recording audit events.

Document examples:

• Checklists

• Audit sampling plans

• Forms for recording information, evidence, findings, and meeting minutes

Checklists should not restrict the flow of audit activities, as they may take you outside the scope of the audit.

Work documents should be retained until audit completion. Confidential or proprietary information should be safeguarded at all times.



Checklist benefits:Guides the auditor – systematic approach

Ensures thoroughness – lists specific areas of the audit

Helps time control – monitor checklist progress completion

Helps reporting – provides area for note taking

Provides objective evidence

Helps consistency – when using multiple auditors

Checklists can be general and/or specific in nature depending on who you plan to use them.



Workshop 9: Allotted time: 30 minutes, assign timekeeper

• Prepare an audit checklist.

• Write at least 10 questions you would ask during an audit interview. State the relevant ISO 9001 clause that may apply.

• Place your answers on a flip chart (if available) to present to other course attendees.

Example



The Opening Meeting (Kick-off):The opening meeting should be held with the organizations management that are responsible for the areas that will be audited. Review the organization chart which should be apart of the requested documents for review.

The purpose of the opening meeting is to:

• Confirm the audit plan

• Provide a brief summary of the audit activities and resources

• Confirm communication channels during the audit

• Provide the auditee an opportunity to ask questions (e.g. roles and responsibilities)

• Review the resources to be made available at the scheduled time of the audited area



• Welcome statement• Introduce audit team and auditee introduce managers• Circulate the kick-off meeting audit plan to record attendance

Introduction

• Confirm purpose, scope and criteria• Discuss any proposed changesConfirm audit plan

• Outline dates, times, auditors for each area/interview• Confirm closing meeting date and timeConfirm audit schedule

• Examination, interviews, record review• Sampling base and nonconformity categories (Major and Minor)Explain audit methodology

• Designate escorts• Review escort roles and responsibilities

Confirm communication links• Auditor’s office• Lunch arrangements• Safety, emergency and security information

Confirm auditor’s working facilities

• Records• Verbal information

Confidentiality

• Assess any proposed changesChanges



Opening Meeting (Kick-off):Average length: 30 to 40 minutes

Beware of delay tactics, e.g.:• Continual interruptions

• Engage in trivial discussions

• Additional tour of facilities out side the audit scope

• Proposed lunches off site

Possibly propose depending on the situation:• Recommend working lunch, order boxed lunches

• Emphasize the audit will continue until the audit objectives have been met



Workshop 10: Opening Meeting (Allotted time 20 min, assign timekeeper)

Using the audit plan prepared in workshop 8, break into teams (no more than 3 or 4 per team) and conduct a formal opening meeting.

You will be required to present answers and reactions to questions asked by the instructor.

This exercise will provide a beneficial experience for opening a meeting.



Audit Performance:Communication between audit team members:Periodically it may be necessary to meet and discuss the audit progress and exchange information, and make any changes if necessary.

• E.g. Change audit scheduled times due to meetings, absent supervisor, (this is normal), etc.

During the audit the lead auditor will periodically communicate to the auditee’s management any concerns, nonconformance's or other issues.



Guides and Observers Roles and Responsibilities should:Accompany the audit team without influencing or interfering with the audit.

Assist the audit team upon request by the lead auditor. Other responsibilities may include:

• Establishing contacts, interview preparation, and assist with record sampling

• Arrange visits to specific parts or the auditee’s facility

• Ensure safety and security rules are provided and respected

• Witnessing the audit and provide clarifications when needed



Collecting and verifying information:Record sampling, relevant information should be collected by appropriate sampling.

Methods for record collection:

• Interviews

• Activity observations

• Review of documents

Note: only information that is verifiable (objective, not subjective) may be used for audit evidence records. Be fair and accurate.



Interviews:Interviews are one of the most important means of collecting information. Consider the following:

• Interview employees from appropriate levels and functions of the organization

• Conduct interviews during normal working hours at their normal workstations

• Put the person at ease (tell them what you are doing)

• Pay attention to body language

• Explain the reason for the interview

• Ask open-ended questions

• Listen actively (two way communication, verify what you hear them say)

• Summarize review results

• Thank them for their cooperation



Body Language: Examples (5 minute discussion)

Are these observations subjective or objective?

What are some observations you have experienced?

• Interviewee with hands on hips and chin raised?

• Interviewee with hands along sides and chin down avoids eye contact?

• Interviewee sitting in chair with legs and arms crossed?

• Interviewee sitting in chair with legs and arms open?



Open-ended verses Close-ended Questions:Open-ended Close-endedSeek more descriptive information. These types of questions utilize verbs e.g.:What, Why, When, How, Where, and Who?• How does this machine operate?• What happens when an order is

received?

Allows the auditee to respond with either a “yes” or “no” providing the auditor with limited amount of information.

This method is not effective to extract the required information. E.g.:• Do you keep a record of

nonconforming product?• Do you have procedures?



Open-ended example questions:• What is the purpose of this process?

• What procedures/work instructions are provided on how to perform this process?

• What is the pass/fail tolerance or criteria of this process?

• What equipment is used in this process?

• How are products examined at the end of the process?

• What happens to nonconforming material or product?



Sampling process:

Initial Sampling Review Outcome Course of Action

Review, Qty 3 P.O.’s for

similar items

No issues with sampled

records

Observed issue on one or more P.O.’s

Move to next record type

(ITP, MTR, etc.

Move on

Review more samples

Determine:How critical is the process and what is the risk of any errors observed?



Process Audit Strategies:

In any given process , depending on what information you are looking for, the auditor you can begin anywhere in the process you believe will provide the most information. Beginning, middle, end, or a combination there of.

• This technique is commonly referred to as Trace forward or trace backward



Handling Difficult Situations:• Stay focused on the audit objectives

• Be patient but firm

• Interview another person if the auditee is difficult or results in slow progress

• Make the best use of your time, move to next step if a person is not available, make a note to return later and follow up

• Ask the auditee to hold calls during interview

• Request information to be brought later. Make a note to return later and follow up

• Do not argue, debate or take sides

• Notify the escort or the appropriate level contact in the organization if the situation is other than accommodating



Diversionary tactic examples: • Key personnel not available or arriving late

• Accessing documents is a challenge

• Guide involved in trivial conversations

• Guide leaving the auditor and not returning

• Guide frequently excusing themselves or frequent stops for refreshments

• Guide using long routes when shorter routes are available

If these are suspected diversionary tactics the auditor must handle with tact and diplomacy by being firm in explaining the agreed agenda and audit objective.



Workshop 11: On-site auditing (Allotted time approximately 1.5 hours, assign timekeeper)

Use the previous audit plan and using the provided Audit report form.

Ensure each clause of ISO 9001 standard is covered in the audit plan (if not already done).

Break into teams and assign each team ISO 9001 clause(s) to audit (5 total clauses), the object is to determine if the requirements of the standard are being met.



Conducting the audit:• Always act in a professional manner. Never criticize or

undermine authorities.

• Give the auditee an opportunity to fully express their point of view

• Do not guide the auditee toward the correct answer

• Ensure the nonconformity is well understood by both parties (auditor and auditee)

• Collect the required information in order to issue the nonconformance

• Obtain the guides acknowledgement of the NCR and collected data



Conducting the audit (Continued):• Don’t break the flow of the audit

• Don’t write a nonconformance at the time of the occurrence

• Record sufficient details to write a formal report later on referencing: Names, function, record name, P.O.#, Project#, Document Number, locations, etc.

• If applicable, obtain a copy of the document being reviewed as supportive evidence

• Ensure you have all of the pertinent data as you will likely not be returning back to this area

• Avoid surprises

• If issues are not well documented and based on fact you will be challenged. Be factual, accurate and be sure to provide irrefutable supporting data



Audit Nonconformance's:Major:The absence of a system to meet a standard requirement.

A number of minor nonconformance's against one requirements which indicates a total breakdown of the system as a whole.

Minor:A lapse during implementation of a system or procedural requirement.

Does not represent a system breakdown and where product or services meet requirements.



Workshop 11: Writing Findings (Allotted time 1 hour, assign timekeeper)

Using the company’s audit report form.

Use findings obtained during the on-site audit workshop and working per the previously assigned teams, write up the following (as applicable) using appropriate wording and being as fair and accurate as possible.

• Noteworthy

• Opportunity for Improvement (OFI)

• Observations

• Nonconformances



The Closing Meeting: Preparing Audit Conclusions

Prior to the closing meeting, the audit team should review the information and notes obtained during the audit, agree on the audit findings.

Discuss when audit follow up time frame.

Conducting the Closing Meeting:

The lead Auditor will chair this closing meeting and present the audit conclusions based on the audit findings.

• Present the findings so they are clearly understood

• Agree on the time to respond to nonconformities

• If needed, record meeting minutes/summary

• Ensure any differing opinions are discussed and resolved if possible. It is ok to agree to disagree but record any differing opinions as this issue may reoccur.



The Closing Meeting Conduct:• The Lead Auditor should present and discuss information as

needed

• The team members should only contribute when specifically requested by the Lead Auditor

• As in any formal meeting, there should be no side-discussions

• Auditors must be vigilant to the reactions of the audit findings and be prepared to respond in a professional manner

• Auditors shall not get involved into arguments, even if provoked by personal comments

• Usually, if you act professionally, you will be treated professionally



• Restate the audit purpose, scope and criteria• Circulate the kick-off meeting audit plan to record attendance Introduction

• Summarize total number of findings• Categorize if possibleSummary results

• Read conformities, nonconformities, opportunities for improvement, note worthy information

• Review sampling methodologyFinding details

• Time period to formally respond to the nonconformities• Review/explain expected responsesCorrective Action time period

• Recommendation as audit findings results• Provide final statement

Invite questions• Questions or comments• Do not engage in resolving nonconformities the organization will

have to investigate and determine best fit CARs

Recommendations

• State confidentiallyConfidentiality

• Always thank management for their hospitality and cooperation• Thank the escorts and guidesThank Management

May 3, 2023 158

The Closing Meeting - Detailed items to review:



Workshop 12: Closing Meeting (Allotted time 20 minutes, assign timekeeper)

Based on the previous workshop information. Prepare for conducting a closing meeting and make a presentation of audit findings to the audited management. (This is only a audit summary providing the auditee a list of action items until the formal report is distributed)

Be sure to mention:

• Any positive findings, attitudes, helpfulness and professionalism.

• Any nonconformities

• Opportunities for improvement

• Audit Conclusion



Preparing the Formal Audit Report:The Lead Auditor is responsible for the preparation and contents of the formal audit report.

The formal audit report must provide complete, accurate, concise and clear record of the audit for a documented history of this event.



The Quality of the Audit Report:• Should be written in good language, no jargon or

abbreviations.

• The report should be clear and concise, unambiguous

• Content is accurate and realistic

• No contradictory statements

• No grammatical or spelling errors



Audit Report – additional items:• Provide a list of auditee interviewees

• Summary of audit processes, including sampling

• Confirm the audit objectives were met

• Areas not covered although within the audit scope

• Unresolved differing opinions

• Recommendations form improvement

• Agreed follow-up action items

• Statement of confidentiality

• Audit report distribution list



Distributing the audit report:Should be issued per the agreed time period, usually 2-3 weeks maximum.

If not possible to distribute the report on time a reasonable explanation must be provided.

The audit report is the property of the client (who requested the audit). The audit team must respect and maintain confidentiality of the report.

The report should be dated, reviewed and approved in accordance with the audit program procedures.

Once approved it can be distributed accordingly.



Audit Completion:The audit is considered completed when all activities described in the audit plan have been satisfactorily carried out. Assigned NCR numbers should be referenced in the audit report so they can easily be cross referenced and follow-up during future audits.

Retain or destroy documents as agreed.

Information obtained during the audit must not be disclosed to anyone outside the audit team its management and the organization that was audited.

Review audit team conduct as observed during the audit: review strengths, weaknesses, training and experience required for further development.



Thank you