Change: New Requirements
Procedure Required: YES
Record(s) Required: Internal Audit Results
Comments:
This section requires the organization to:
1. Conduct internal audits at planned intervals to determine whether the quality management system:
- conforms to the planned arrangements, to the requirements of ISO 9001:2000 and to the quality management system requirements established by the organization, and
- is effectively implemented and maintained.
2. Plan an audit program taking into consideration the:
- status and importance of the processes and areas to be audited, and
- the results of previous audits.
3. Define the:
- audit criteria,
- scope,
- frequency and
- methods
Selection of auditors and conduct of audits must ensure objectivity and impartiality of the audit process. Auditors must not audit their own work.
The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records must be defined in a documented procedure.
The management responsible for the area being audited must ensure that actions (i.e., corrective actions) are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results.
Clearly this section contains the most comprehensive set of requirements found in ISO 9001:2000!
Guidance:
I suggest paraphrasing the wording of the standard in your Quality
Manual AND addressing all of the detailed requirements in a documented
procedure. While the standard requires the documented procedure to only
specify the responsibilities and requirements for planning and
conducting audits, and for reporting results and maintaining records, I
suggest that your documented procedure address all of the requirements
contained in this section.
Contrary to the note contained in this section, I do NOT recommend referencing the ISO 10011 series as these documents may confuse matters rather than provide clarity and guidance.
Auditors have traditionally utilized checklists to record the results of internal audits. ISO 9001:2000 does not however lend itself to being easily audited using a checklist. I suggest reporting the results of the internal audit in a narrative format.
CAUTION - Phantom Requirement:
Although not specified in the standard, most ISO 9000 auditors expect
full internal audit cycles to be one calendar year. Internal audit
cycles exceeding one calendar year may be questioned.
CAUTION - Phantom Requirement:
Although not specifically required in the standard, most ISO 9000
auditors expect training records of qualified auditors to be be linked
to defined (documented) criteria for an internal auditor. The basis for
this interpretation relates to the auditor being able to verify that the
individuals performing internal audits are properly trained and
qualified (as per section 6.2). I
suggest defining in your procedure the minimum requirements
(qualifications) for internal auditors and ensuring that your internal
auditors are properly trained.
|
Copyright © 2003 by Richard C. Randall This Page Last Revised: |
|
