Guidance to auditor(s)

This document is intended to provide structured assistance to conduct the audit. To fit that purpose it contains key questions related to each standard clause. It shall not to be part of the audit report.

Clause Details Comment1.2 Application

Are any exclusions to requirements of ISO9001:

limited to clause 7?

not customer and/or regulatory requirements?

4.2.2 a) defined and justified in the Quality Manual?

4.2.1 b) Quality Manual

4.2.2

a)

Does the Quality Manual define:

the scope of the quality management system (products and processes)?

b) documented QMS procedures, or reference to them?

c) a description of the interaction between the processes of the quality management system?

4.1 General requirements

Is the QMS:

DOCUMENTED, implemented, and maintained?

Is the Quality Management System’s effectiveness continually improved (see 8.5.1)?

4.1

a)

b)

c)

d)

e)

f)

Has the organisation:

Identified the processes needed?

Determined the sequence and interaction of these processes?

Determined criteria and methods for effective operation and control?

Made supporting resources and information available?

Measured, monitored and analysed these processes (see 8.2.3)?

acted to achieve planned results and continual improvement of these processes (see 8.5.1)?

4.1 Are any outsourced processes controlled and identified within the QMS?

4.2.1 Documentation requirements

a)

b)

c)

d)

e)

Does the quality management system documentation include:

Policy and objectives?

A quality manual?

Required documented procedures?

Process related documentation?

Required quality records?

NOTE 2 Is the QMS documentation appropriate to:

a) the organisation’s size and activities?

b) its complexity?

c) competency of personnel?

5.1 Management responsibility

Clause Details CommentIs there evidence of top management commitment to the QMS and its continual improvement by:

a) communicating the importance of meeting customer, statutory and regulatory requirements?

b) establishing the quality policy?

c) ensuring that quality objectives are established?

d) conducting management reviews?

e) ensuring the availability of resources?

5.2 focussing on meeting customer requirements and enhancing customer satisfaction (see 7.2.1 and 8.2.1)?

5.3 Quality policy

a) Appropriate to the purpose of the organisation?

b) Commits to comply with requirements and continually improve the effectiveness of the quality management system?

c) Provides a framework for establishing and reviewing quality objectives?

d) Communicated and understood within the organisation?

e) Reviewed for continuing suitability?

5.4.1 Quality objectives

Are objectives established at relevant functions and levels?

Do they include product requirements (see 7.1 a)?

8.5.1 Are they measurable?

Are they consistent with the quality policy?

Do they improve the effectiveness of the QMS?

5.4.2 Quality management system planning

a) Does the QMS meet the general requirements in clause 4.1 AND the quality objectives (5.4.1)?

b) Does it maintain its integrity when changes are planned and implemented?

5.5 Responsibility, authority & communication

5.5.1 Are responsibilities and authorities defined and communicated by top management?

5.5.2 Management representative

Is there a member of the management team responsible for:

a) ensuring that QMS processes are established implemented and maintained?

b) reporting performance of the QMS to management, including any need for improvement?

c) promoting awareness of customer requirements throughout the organisation?

5.5.3 Internal communication

Are internal communication processes established, including the effectiveness of the QMS?

5.6.1 Management review – General

Do top management review the quality management system:

at planned intervals?

to ensure continuing suitability, adequacy and effectiveness?

Clause Details Commentto assess improvement opportunities and the need for changes to the QMS, policy and objectives?

Are RECORDS maintained?

5.6.2 Review input

Includes information from:

a) Audit results

b) Customer feedback?

c) Process performance and product conformity?

d) Preventive and corrective actions?

e) Follow-up from previous reviews?

f) Changes?

g) Improvement recommendations?

5.6.3 Review output

Includes decisions and actions for:

a) Improved effectiveness of the QMS and processes?

b) Improved product related to customer requirements?

c) Resource needs?

4.2.3

a)

Control of documents

For QMS documents, is there a DOCUMENTED PROCEDURE and controls for:

issue approval?

b) review, update, and re-issue approval?

c) change and revision status?

d) distribution?

e) legibility and identification?

f) external documents?

g) obsolete documents?

4.2.4 Control of records

Are records maintained to provide evidence of the effective operation of QMS in accordance with a DOCUMENTED PROCEDURE?

Are controls defined for:

Identification?

Storage protection & retrieval?

Retention time and disposition?

Are records:

Legible?

Identifiable?

Retrievable?

6.1 Provision of resources

Have resources been determined and provided:

a) to implement, maintain, and continually improve the effectiveness of the QMS?

b) to meet customer requirements?

Clause Details Comment6.2

6.2.1

Human resources

Are personnel performing work competent?

6.2.2 Competence, awareness and training

a) Are necessary competencies determined?

b) Are training and other necessary actions taken?

c) Is effectiveness of actions evaluated?

d) Are personnel aware of their relevance, importance, and contribution?

e) Are appropriate RECORDS maintained of:

Education & Training?

Skills and experience?

6.3 Infrastructure

Is the infrastructure and its maintenance suitable to achieve product conformity:

a) Buildings, workspace, facilities?

b) Process equipment (hardware and software)?

c) Supporting services (transport, communication, etc….. )?

6.4 Work Environment

Is the work environment managed to achieve product conformity?

7.1 Planning of product realisation

Are product realisation processes planned and developed to determine:

a) Quality objectives and requirements for the product?

b) Establishment of processes, documents and product specific resources?

c) Product specific activities and acceptance criteria for:

Verification & validation?

Monitoring?

Inspection & test?

d) Records needed to provide evidence of product conformity?

Is the product realisation planning consistent with the other QMS processes, and consistent with the organisation’s method of operations?

7.2

7.2.1

Customer- related processes

Are the product-related requirements determined, ie:

a) Customer’s requirements, including delivery and post delivery activities.

b) Necessary requirements not stated by the customer?

c) Statutory and regulatory requirements?

d) Organisation’s additional requirements?

7.2.2 Are product-related requirements reviewed prior to commitment to supply, eg by:

tender submission?

contract or order acceptance?

Acceptance of changes?

Does this review include:

a) Product requirements?

b) Differences from previously expressed requirements?

c) Ability to meet requirements?

Clause Details CommentAre RECORDS maintained of

Results of review?

Any actions arising?

Are non-documented customer requirements confirmed before acceptance?

Where requirements change are:

Relevant documents amended?

Relevant personnel informed?

7.2.3 Customer communication

Is there effective customer communication relating to:

a) Product information?

b) Enquiries, contracts or order handling, and amendments?

Customer feedback, including complaints?

8.2.1 Is customer satisfaction monitored?

7.3.1 Design & development planning

Is product design & development planned and controlled?

Does the planning process determine:

a) design & development stages?

b) appropriate review, verification and validation at each stage?

c) responsibilities and authorities?

Are interfaces managed to ensure:

effective communication?

assignment of responsibility?

7.3.2 Design &development inputs

Input requirements include:

a) functional and performance?

b) statutory and regulatory?

c) previous similar designs, where applicable?

d) other essential requirements?

Are they:

complete?

unambiguous?

not in conflict with each other?

Are the inputs reviewed for adequacy and RECORDS of inputs maintained?

7.3.3 Design & development outputs

Do the outputs allow verification against input requirements, and:

a) meet input requirements?

b) provide purchasing, production and service information?

c) contain or reference acceptance criteria?

d) specify essential characteristics for safe and proper use?

Are they approved prior to release?

7.3.4 Design & development review

Performed as planned (7.3.1)?

Clause Details Commenta) Evaluates design results versus requirements?

b) Actions proposed relating to problems identified?

Participants include functions concerned?

RECORDS maintained of review results and actions?

7.3.5 Design & development verification

Performed as planned (7.3.1)?

Ensures that outputs have met input requirements?

RECORDS maintained of the verification results and actions?

7.3.6 Design & development validation

Performed as planned (7.3.1)?

Ensures product meets requirements of specified application or intended use where known)?

Completed prior to delivery or implementation, when practicable?

RECORDS maintained of the validation results and actions?

7.3.7 Control of design & development changes

Are changes identified and, prior to implementation:

reviewed?

verified and validated?

approved?

Does review consider:

effect on constituent parts?

Product already delivered?

Are RECORDS maintained of the changes, review results and actions?

7.4.1 Purchasing process

Do controls ensure that purchased products conform to specified requirements?

Is supplier control appropriate for the product including:

Selection and evaluation?

Re-evaluation?

RECORDS of the evaluation results and any actions?

8.4 d) Analysis of supplier related data?

7.4.2 Purchasing information

Is the adequacy of specified requirements ensured prior to communication to suppliers.

Description of product?

a) Approval of product, procedures, processes and equipment?

b) Qualification of personnel?

c) QMS requirements?

Any intended verification arrangements at the supplier’s premises, and method of release?

Clause Details Comment7.4.3 Verification of purchased product

Are verification activities implemented to ensure requirements are met?

Inspection?

Own or customer’s verification at supplier’s premises?

Other?

7.5.1 Control of production and service provision

Is production and service provision planned and carried out under controlled conditions:

a) Information available describing product characteristics?

b) Necessary work instructions available?

c) Suitable equipment used?

d) Availability and use of monitoring and measuring devices?

e) Monitoring and measuring implemented

8.2.4 Acceptance criteria met?

7.5.1 f) Release, delivery and post-delivery activities implemented?

8.2.4 Are there RECORDS of the person authorising release?

8.2.4 Is unauthorised product release / service delivery before all planned arrangements are complete prevented, unless:

otherwise approved?

approved, where applicable, by the customer?

7.5.2 Validation of processes for production and service provision

Are processes validated where:

output cannot be verified by subsequent monitoring and measuring?

deficiencies become apparent after use or delivery?

Do arrangements include (as applicable):

a) Defined review and approval criteria?

b) Approval of equipment?

b) Qualification of personnel?

c) Specific methods and procedures?

d) Requirements for records?

e) Revalidation?

7.5.3 Identification and traceability

Is product identified by suitable means throughout realisation?

Does control and identification include:

Status with respect to monitoring and measurement requirements?

Unique identification and RECORD where traceability is a requirement?

7.5.4 Customer property

(Can include intellectual property)

Is care exercised including controls to identify, verify, protect and safeguard customer property?

Is customer notified of loss, damage, or unsuitability for use and RECORDS maintained?

Clause Details Comment7.5.5 Preservation of product

Is the conformity of product (and constituent parts) preserved during internal processing and delivery, including:

Identification?

Handling?

Packaging?

Storage?

Protection?

7.6 Control of monitoring and measuring devices

Are product monitoring and measurement requirements determined, including:

monitoring and measurement to be carried out?

devices needed?

processes that are consistent with requirements?

Where necessary is measuring equipment:

a) calibrated or verified at specified intervals, or prior to use?

a) calibrated against traceable measurement standards, or other basis that is RECORDED?

b) adjusted or re-adjusted as necessary?

c) identified to enable calibration status?

d) safeguarded from adjustments that would invalidate status?

e) protected from damage or deterioration?

When equipment is found not to conform:

is the validity of previous results assessed and RECORDED?

is action taken on the equipment?

is action taken on any affected product?

Are RECORDS of calibration results and verification maintained?

Is computer software used in measuring and monitoring applications:

verified prior to initial use?

re-confirmed as necessary?

8.1 Measurement analysis and improvement

Are monitoring, measurement, analysis and improvement activities planned and implemented to:

a) demonstrate product conformity?

b) ensure conformity of the QMS?

c) continually improve the QMS’s effectiveness?

determine applicable methods, including statistical techniques?

8.2.1 Customer satisfaction

Is customer perception used as a QMS performance monitor?

Clause Details Comment8.2.2 Internal audit

Is there a DOCUMENTED PROCEDURE that defines:

Responsibilities?

Reporting requirements?

RECORDS?

Are audits carried out at planned intervals taking account of:

Status or importance of processes and areas?

Previous audit results?

Do audits determine that the QMS conforms to:

a) planned arrangements?

ISO9001:2000?

the organisation’s own requirements?

b) and that the QMS is effectively implemented and maintained?

Are audits carried out:

with defined criteria, scope, frequency and methods?

with objectivity and impartiality?

without auditors auditing their own work?

Is timely action taken by responsible management to eliminate nonconformities and causes?

Are audits followed up and verification of actions RECORDED (see 8.5.2).

8.5.1 Are audit results used to continually improve the QMS’s effectiveness?

8.2.3 Monitoring and measurement of processes

Are the QMS processes monitored and (where applicable) measured to:

demonstrate achievement of planned results? (see 4.1(e))

initiate correction?

take appropriate corrective action to ensure product conformity?

8.2.4 Monitoring and measurement of product

Has monitoring and measurement at appropriate stages verified that product requirements have been met? (see 7.1and 7.5.1)

8.3 Control of nonconforming product

Is nonconforming product identified and controlled in accordance with a DOCUMENTED PROCEDURE?

Are the following defined:

Responsibilities & authorities?

And, either:

a) Actions to eliminate nonconformity, or

b) Authorisation to use or release under concession (by customer, if applicable), or

c) Action to preclude unauthorised use?

Clause Details CommentAre there RECORDS of:

the nature of the nonconformities?

actions taken?

Concessions?

After correction is product subject to re-verification?

Is action taken when nonconforming product is detected after delivery?

8.4 Analysis of data

Is appropriate data collected and analysed to:

Determine effectiveness of the QMS?

determine where the QMS can be continually improved?

Does the analysis include:

a) Customer satisfaction? (8.2.1)

b) Conformity to product requirements? (7.2.1)

c) Process and product characteristics, trends and preventive action opportunities?

d) Supplier information (7.4.1)?

8.5. Continual improvement

Is the QMS’s effectiveness continually improved through:

Quality Policy? (5.3)

Quality objectives? (5.4.1)

Audit results? (8.2.2)

Data Analysis? (8.4)

Corrective & preventive actions? (8.5.2 & 8.5.3)

Management Review? (5.6.1)

8.5.2 Corrective action

Are actions taken (appropriate to the effects of the nonconformities encountered) to eliminate causes of nonconformity?

Does a DOCUMENTED PROCEDURE define requirements for:

a) Reviewing nonconformities (including Customer Complaints)?

b) Determining the causes of nonconformity?

c) Evaluating actions to prevent recurrence?

d) Determining and implementing the action needed?

e) RECORDING results of action taken?

f) Reviewing corrective action taken?

8.5.3 Preventive action

Are actions taken (appropriate to the effects of the potential problems) to eliminate causes of potential nonconformities, and prevent recurrence?

Does a DOCUMENTED PROCEDURE define requirements for:

a) Determining potential nonconformities and their causes?

b) Evaluating the need for preventive action?

c) Determining and implementing the action needed?

d) RECORDING results of action taken?

e) Reviewing preventive action taken?

PROCESSINPUT OUTPUT

Monitor & Measure

Environment People

Materials /Equipment

Information

Audit Checklist - ISO 9001:2000

Process Auditing Guidance *

An activity, or set of activities, that uses resources to transform inputs to outputs can be considered a process

Inputs QMS requirements (4.1) Customer requirements (7.2)

Outputs Records providing evidence of conformity to

requirements and the effective operation of the QMS (4.2.4)

People Competence requirements defined (6.2.2) Awareness of how personnel contribute to the

achievement of the quality objectives (6.2.2) Adequate personnel for process improvement (6.1) Responsibilities and authorities clearly defined

(5.5.1) Appropriate communication processes established

(5.5.3)

Information Adequate to ensure effective planning, operation

and control of the process (4.2.1) Relevant versions of applicable documents

available at point of use (4.2.3) Obsolete documents controlled as such (4.2.3) Records provide evidence that process outputs

meet process input requirements (4.2.4)

Materials / Equipment Adequate to achieve conformity to product

requirements (6.3) Process equipment suitably maintained Monitoring and measuring devices effectively

controlled (7.6)

Environment Work environment determined and managed to

achieve conformity of product requirements (6.4)

Monitor and Measure Methods used demonstrate ability of processes to

achieve planned results (8.2.3) And continual improvement of the QMS processes

(4.1) When results are not achieved correction and

corrective action taken (8.5.2) Data collected and analyzed to demonstrate

suitability and effectiveness of the QMS processes (8.4)

Evaluation of where continual improvement of QMS process can be made (8.4)

Demonstrated through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive action and management review (8.5.1)

* The majority of above listed requirements would apply to most Quality Management System processes. Specific product realization requirements, by example, Design and development (7.3), Purchasing (7.4), Control of production and service provision (7.5) would be added where applicable, to the generic process requirements, in the audit planning of product realization processes.

Job / Cert n°: Organization: Date:

Auditor(s): Location: Visit n°:

Template: document.doc Issue n°: Page n°: 11 of 11