00374151 PDF BRITISH STANDARD BS EN 30011 1 1993 ISO 10011 1 1990 Incorporating Amendment No 1 to BS 7229 1 1991, (renumbers the BS as BS EN 30011 1 1993)Guidelines for auditing quality systems — Part[.]
BRITISH STANDARD Guidelines for auditing quality systems — Part 1: Auditing The European Standard EN 30011-1:1993 has the status of a British Standard UDC 658.562(035) BS EN 30011-1:1993 ISO 10011-1: 1990 Incorporating Amendment No to BS 7229-1:1991, (renumbers the BS as BS EN 30011-1:1993) BS EN 30011-1:1993 Committees responsible for this British Standard The preparation of this British Standard was entrusted by the Quality, Management and Statistics Standards Policy Committee (QMS/-) to Technical Committee QMS/25, upon which the following bodies were represented: Association of Consulting Engineers Association of Consulting Scientists British Paper and Board Industry Federation British Photographic Association British Quality Association British Telecommunications plc Chemical Industries’ Association Computing Services Association EEA (the Association of Electronics, Telecommunications and Business Equipment Industries) Energy Industries Council Engineering Equipment and Materials Users’ Association GAMBICA (BEAMA Ltd.) Guildford County College of Technology Institute of Quality Assurance Loughborough, University of Technology National House-building Council Production Engineering Research Association of Great Britain Solvents Industry Association Ltd This British Standard, having been prepared under the direction of the Quality, Management and Statistics Standards Policy Committee, was published under the authority of the Standards Board and comes into effect on 31 May 1991 © BSI 10-1998 Amendments issued since publication First published as BS 7229 January 1990 Second edition, as BS 7229-1, May 1991 Amd No Date Comments 7922 September 1993 Renumbered as BS EN 30011-1:1993 The following BSI references relate to the work on this standard: Committee reference QMS/25 Draft for comment 89/97801 DC ISBN 580 19718 BS EN 30011-1:1993 Contents Committees responsible National foreword Foreword Scope Normative reference Definitions Audit objectives and responsibilities Auditing Audit completion Corrective action follow-up Annex A (informative) Bibliography Annex (informative) Publication(s) referred to © BSI 10-1998 Page Inside front cover ii 3 10 Inside back cover i BS EN 30011-1:1993 National foreword This Part of BS 7229 having been prepared under the direction of the Quality, Management and Statistics Standards Policy Committee supersedes BS 7229:1989 which is withdrawn It is identical with ISO 10011-1 “Guidelines for quality systems, Part Auditing” published by the International Organization for Standardization (ISO) The guidance given in this Part of BS 7229 contains minor changes from the previous edition that were derived from an earlier draft of the international standard The technical committee is concerned that guidance given in note 14 will, if acted upon, change the status of the auditor to that of a consultant, which is contrary to UK practice particularly when used during third party audits In 1993 the European Committee for Standardization (CEN) accepted ISO 10011-1:1990 as European Standard EN 30011-1:1993 As a consequence of implementing the European Standard this British Standard is renumbered as BS EN 30011-1 and any reference to BS 7229-1 should be read as a reference to BS EN 30011-1 This British Standard is now issued in three Parts as follows: — Part 1: Auditing; — Part 2: Qualification criteria for auditors1); — Part 3: Managing an audit programme1) Cross-references International standard Corresponding British Standard ISO 8402:1986 BS 4778 Quality vocabulary Part 1:1987 International terms (Identical) BS 5750 Quality systems ISO 9000:1987 Section 0.1:1987 Guide to selection and use (Identical) ISO 9001:1987 Part 1:1987 Specification for design/development, production, installation and servicing (Identical) ISO 9002:1987 Part 2:1987 Specification for production and installation (Identical) ISO 9003:1987 Part 3:1987 Specification for final inspection and test (Identical) ISO 9004:1987 Section 0.2:1987 Guide to quality management and quality system elements (Identical) A British Standard does not purport to include all the necessary provisions of a contract Users of British Standards are responsible for their correct application Compliance with a British Standard does not of itself confer immunity from legal obligations Summary of pages This document comprises a front cover, an inside front cover, pages i and ii, the EN title page, pages to 10, an inside back cover and a back cover This standard has been updated (see copyright date) and may have had amendments incorporated This will be indicated in the amendment table on the inside front cover 1) ii In preparation © BSI 10-1998 EUROPEAN STANDARD EN 30011-1 NORME EUROPÉENNE EUROPÄISCHE NORM April 1993 UDC 658.562(035) Descriptors: Quality, quality assurance, quality assurance programme, quality audit English version Guidelines for auditing quality systems – Part 1: Auditing (identical with ISO 10011-1:1990) Lignes directrices pour l’audit des systèmes qualité – Partie 1: Audit (identique ISO 10011-1:1990) Leitfaden für das Audit von Qualitätssicherungssystemen – Teil 1: Auditdurchführung (identisch mit ISO 10011-1:1990) This European Standard was approved by CEN on 1993-04-05 CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CEN member This European Standard exists in three official versions (English, French, German) A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the official versions CEN members are the national standards bodies of Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom CEN European Committee for Standardization Comité Européen de Normalisation Europäisches Komitee für Normung Central Secretariat: rue de Stassart 36, B-1050 Brussels © 1993 Copyright reserved to CEN members Ref No EN 30011-1:1993 E EN 30011-1:1993 Foreword Following the resolution BT 221/1991 ISO 10011-1:1990 Guidelines for auditing quality systems – Part 1: Auditing was submitted to the Unique Acceptance Procedure The result of the Unique Acceptance Procedure was positive This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 1993, and conflicting national standards shall be withdrawn at the latest by October 1993 According to the CEN/CENELEC Internal Regulations, the following countries are bound to implement this European Standard: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland, United Kingdom © BSI 10-1998 EN 30011-1:1993 Scope This part of ISO 10011 establishes basic audit principles, criteria and practices, and provides guidelines for establishing, planning, carrying out and documenting audits of quality systems It provides guidelines for verifying the existence and implementation of elements of a quality system and for verifying the system’s ability to achieve defined quality objectives It is sufficiently general in nature to permit it to be applicable or adaptable to different kinds of industries and organizations Each organization should develop its own specific procedures for implementing these guidelines Normative reference The following standard contains provisions which, through reference in this text, constitute provisions of this part of ISO 10011 At the time of publication, the edition indicated was valid All standards are subject to revision, and parties to agreements based on this part of ISO 10011 are encouraged to investigate the possibility of applying the most recent edition of the standard indicated below Members of IEC and ISO maintain registers of currently valid International Standards ISO 8402:1986, Quality — Vocabulary Definitions For the purposes of this part of ISO 10011, the definitions given in ISO 8402, together with the following definitions, apply NOTE Some terms in ISO 8402 are repeated here and the source is indicated in brackets 3.1 quality audit 3.2 quality system the organizational structure, responsibilities, procedures, processes and re-sources for implementing quality management [ISO 8402] NOTE The quality system should only be as comprehensive as is needed to meet the quality objectives NOTE For contractual, mandatory and assessment purposes, demonstration of the implementation of identified elements in the system may be required 3.3 auditor (quality) a person who has the qualification to perform quality audits NOTE To perform a quality audit, the auditor must be authorized for that particular audit NOTE An auditor designated to manage a quality audit is called a “lead auditor” 3.4 client a person or organization requesting the audit NOTE 10 The client may be: a) the auditee wishing to have its own quality system audited against some quality system standard; b) a customer wishing to audit the quality system of a supplier using his own auditors or a third party; c) an independent agency authorized to determine whether the quality system provides adequate control of the products or services being provided (such as food, drug, nuclear, or other regulatory bodies); d) an independent agency assigned to carry out an audit in order to list the audited organization’s quality system in a register 3.5 auditee an organization to be audited a systematic and independent examination to determine whether quality activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives [ISO 8402] 3.6 observation NOTE The quality audit typically applies to, but is not limited to, a quality system or elements thereof, to processes, to products, or to services Such audits are often called “quality system audit”, “process quality audit”, “product quality audit”, “service quality audit” NOTE Quality audits are carried out by staff not having direct responsibility in the areas being audited but, preferably, working in cooperation with the relevant personnel NOTE One purpose of the quality audit is to evaluate the need for improvement or corrective action An audit should not be confused with “surveillance” or “inspection” activities performed for the sole purpose of process control or product acceptance NOTE Quality audits can be conducted for internal or external purposes qualitative or quantitative information, records or statements of fact pertaining to the quality of an item or service or to the existence and implementation of a quality system element, which is based on observation, measurement or test and which can be verified © BSI 10-1998 a statement of fact made during an audit and substantiated by objective evidence 3.7 objective evidence EN 30011-1:1993 3.8 nonconformity the nonfulfilment of specified requirements [ISO 8402] NOTE 11 The definition covers the departure or absence of one or more quality characteristics or quality system elements from specified requirements Audit objectives and responsibilities 4.1 Audit objectives Audits are normally designed for one or more of the following purposes: — to determine the conformity or nonconformity of the quality system elements with specified requirements; — to determine the effectiveness of the implemented quality system in meeting specified quality objectives; — to provide the auditee with an opportunity to improve the quality system; — to meet regulatory requirements; — to permit the listing of the audited organization’s quality system in a register Audits are generally initiated for one or more of the following reasons: — to initially evaluate a supplier where there is a desire to establish a contractual relationship; — to verify that an organization’s own quality system continues to meet specified requirements and is being implemented; — within the framework of a contractual relationship, to verify that the supplier’s quality system continues to meet specified requirements and is being implemented; — to evaluate an organization’s own quality system against a quality system standard These audits may be routine, or may be prompted by significant changes in the organization’s quality system, process, product or service quality, or by a need to follow up on corrective action NOTE 12 Quality audits should not result in a transfer of the responsibility to achieve quality from operating staff to the auditing organization NOTE 13 Quality audits should not lead to an increase in the scope of quality functions over and above those necessary to meet quality objectives 4.2 Roles and responsibilities 4.2.1 Auditors 4.2.1.1 Audit team Depending upon the circumstances, the audit team may include experts with specialized background, auditor trainees or observers who are acceptable to the client, auditee and lead auditor 4.2.1.2 Auditor’s responsibilities Auditors are responsible for — complying with the applicable audit requirements; — communicating and clarifying audit requirements; — planning and carrying out assigned responsibilities effectively and efficiently; — documenting the observations; — reporting the audit results; — verifying the effectiveness of corrective actions taken as a result of the audit (if requested by the client); — retaining and safeguarding documents pertaining to the audit: • submitting such documents as required, • ensuring such documents remain confidential, • treating privileged information with discretion; — cooperating with and supporting the lead auditor 4.2.1.3 Lead auditor’s responsibilities The lead auditor is ultimately responsible for all phases of the audit The lead auditor should have management capabilities and experience and should be given authority to make final decisions regarding the conduct of the audit and any audit observations The lead auditor’s responsibilities also cover: — assisting with the selection of other audit team members; — preparation of the audit plan; — representing the audit team with the auditee’s management; — submitting the audit report 4.2.1.4 Independence of the auditor Auditors should be free from bias and influences which could affect objectivity All persons and organizations involved with an audit should respect and support the independence and integrity of the auditors Whether an audit is carried out by a team or an individual, a lead auditor should be placed in overall charge © BSI 10-1998 EN 30011-1:1993 4.2.1.5 Auditor’s activities 4.2.3 Auditee The lead auditor should — define the requirements of each audit assignment, including the required auditor qualifications; — comply with applicable auditing requirements and other appropriate directives; — plan the audit, prepare working documents and brief the audit team; — review documentation on existing quality system activities to determine their adequacy; — report critical nonconformities to the auditee immediately; — report any major obstacles encountered in performing the audit; — report on the audit results clearly, conclusively and without undue delay Auditors should — remain within the audit scope; — exercise objectivity; — collect and analyse evidence that is relevant and sufficient to permit the drawing of conclusions regarding the audited quality system; — remain alert to any indications of evidence that can influence the audit results and possibly require more extensive auditing; — be able to answer such questions as • “are the procedures, documents and other information describing or supporting the required elements of the quality system known, available, understood and used by the auditee’s personnel?” • “are all the documents and other information used to describe the quality system adequate to achieve the required quality objectives?” — act in an ethical manner at all times The auditee’s management should — inform relevant employees about the objectives and scope of the audit; — appoint responsible members of staff to accompany members of the audit team; — provide all resources needed for the audit team in order to ensure an effective and efficient audit process; — provide access to the facilities and evidential material as requested by the auditors; — cooperate with the auditors to permit the audit objectives to be achieved; — determine and initiate corrective actions based on the audit report 4.2.2 Client The need to perform an audit is determined by the client, taking account of specified or regulatory requirements and any other pertinent factors Significant changes in management, organization, policy, techniques or technologies that could affect the quality system, or changes to the system itself and the results of recent previous audits, are typical of the circumstances to be considered when deciding audit frequency Within an organization, internal audits may be organized on a regular basis for management or business purposes The client — determines the need for and the purpose of the audit and initiates the process; — determines the auditing organization; — determines the general scope of the audit, such as what quality system standard or document it is to be conducted against; — receives the audit report; — determines what follow-up action, if any, is to be taken, and informs the auditee of it © BSI 10-1998 Auditing 5.1 Initiating the audit 5.1.1 Audit scope The client makes the final decisions on which quality system elements, physical locations and organizational activities are to be audited within a specified time frame This should be done with the assistance of the lead auditor If appropriate, the auditee should be contacted when determining the scope of the audit The scope and depth of the audit should be designed to meet the client’s specific information needs The standards or documents with which the auditee’s quality system is required to comply should be specified by the client Sufficient objective evidence should be available to demonstrate the operation and effectiveness of the auditee’s quality system The resources committed to the audit should be sufficient to meet its intended scope and depth 5.1.2 Audit frequency EN 30011-1:1993 5.1.3 Preliminary review of auditee’s quality system description As a basis for planning the audit, the auditor should review for adequacy the auditee’s recorded description of the methods for meeting the quality system requirements (such as the quality manual or equivalent) If this review reveals that the system described by the auditee is not adequate to meet the requirements, further resources should not be expended on the audit until such concerns are resolved to the satisfaction of the client, the auditor and, where applicable, the auditee 5.2 Preparing the audit 5.2.1 Audit plan The audit plan should be approved by the client and communicated to the auditors and auditee The audit plan should be designed to be flexible in order to permit changes in emphasis based on information gathered during the audit, and to permit effective use of resources The plan should include: — the audit objectives and scope; — identification of the individuals having significant direct responsibilities regarding the objectives and scope; — identification of reference documents (such as the applicable quality system standard and the auditee’s quality manual); — identification of audit team members; — the language of the audit; — the date and place where the audit is to be conducted; — identification of the organizational units to be audited; — the expected time and duration for each major audit activity; — the schedule of meetings to be held with auditee management; — confidentiality requirements; — audit report distribution and the expected date of issue If the auditee objects to any provisions in the audit plan, such objections should immediately be made known to the lead auditor They should be resolved between the lead auditor and the auditee and, if necessary, the client before executing the audit Specific details of the audit plan should only be communicated to the auditee throughout the audit if their premature disclosure does not compromise the collecting of objective evidence 5.2.2 Audit team assignments Each auditor should be assigned specific quality system elements or functional departments to audit Such assignments should be made by the lead auditor in consultation with the auditors concerned 5.2.3 Working documents The documents required to facilitate the auditor’s investigations, and to document and report results, may include: — check-lists used for evaluating quality system elements (normally prepared by the auditor assigned to audit that specific element); — forms for reporting audit observations; — forms for documenting supporting evidence for conclusions reached by the auditors Working documents should be designed so that they not restrict additional audit activities or investigations which may become necessary as a result of information gathered during the audit Working documents involving confidential or proprietary information shall be suitably safeguarded by the auditing organization 5.3 Executing the audit 5.3.1 Opening meeting The purpose of an opening meeting is to — introduce the members of the audit team to the auditee’s senior management; — review the scope and the objectives of the audit — provide a short summary of the methods and procedures to be used to conduct the audit; — establish the official communication links between the audit team and the auditee; — confirm that the resources and facilities needed by the audit team are available; — confirm the time and date for the closing meeting and any interim meetings of the audit team and the auditee’s senior management; — clarify any unclear details of the audit plan 5.3.2 Examination 5.3.2.1 Collecting evidence Evidence should be collected through interviews, examination of documents, and observation of activities and conditions in the areas of concern Clues suggesting nonconformities should be noted if they seem significant, even though not covered by check-lists, and should be investigated Information gathered through interviews should be tested by acquiring the same information from other independent sources, such as physical observation, measurements and records © BSI 10-1998 EN 30011-1:1993 During the audit, the lead auditor may make changes to the auditors’ work assignments, and to the audit plan with the client’s approval and the auditee’s agreement, if this is necessary to ensure the optimal achievement of the audit objectives If the audit objectives appear to become unattainable, the lead auditor should report the reasons to the client and the auditee 5.3.2.2 Audit observations All audit observations should be documented After all activities have been audited, the audit team should review all of their observations to determine which are to be reported as nonconformities The audit team should then ensure that these are documented in a clear, concise manner and are supported by evidence Nonconformities should be identified in terms of the specific requirements of the standard or other related documents against which the audit has been conducted Observations should be reviewed by the lead auditor with the responsible auditee manager All observations of nonconformities should be acknowledged by the auditee management 5.3.3 Closing meeting with auditee 5.4.2 Report content The audit report should faithfully reflect both the tone and content of the audit It should be dated and signed by the lead auditor It should contain the following items, as applicable: — the scope and objectives of the audit; — details of the audit plan, the identification of audit team members and auditee’s representative, audit dates, and identification of the specific organization audited; — identification of the reference documents against which the audit was conducted (quality system standard, auditee’s quality manual etc.); — observations of nonconformities; — audit team’s judgement of the extent of the auditee’s compliance with the applicable quality system standard and related documentation; — the system’s ability to achieve defined quality objectives; — the audit report distribution list Any communication made between the time of the closing meeting and the issue of the report should be by the lead auditor At the end of the audit, prior to preparing the audit report, the audit team should hold a meeting with the auditee’s senior management and those responsible for the functions concerned The main purpose of this meeting is to present audit observations to the senior management in such a manner so as to ensure that they clearly understand the results of the audit The lead auditor should present observations, taking into account their perceived significance The lead auditor should present the audit team’s conclusions regarding the quality system’s effectiveness in ensuring that quality objectives will be met Records of the closing meeting should be kept 5.4.3 Report distribution NOTE 14 If requested, the auditor may also make recommendations to the auditee for improvements to the quality system Recommendations are not binding on the auditee It is up to the auditee to determine the extent, the way and means of actions to improve the quality system 5.4.4 Record retention 5.4 Audit documents 5.4.1 Audit report preparation The audit report is prepared under the direction of the lead auditor, who is responsible for its accuracy and completeness © BSI 10-1998 The audit report should be sent to the client by the lead auditor It is the client’s responsibility to provide the auditee’s senior management with a copy of the audit report Any additional distribution should be determined in consultation with the auditee Audit reports containing confidential or proprietary information shall be suitably safeguarded by the auditing organization and the client The audit report should be issued as soon as possible If it cannot be issued within an agreed time period, the reasons for the delay should be given to both the client and the auditee and a revised issue date established Audit documents should be retained by agreement between the client, the auditing organization and the auditee, and in accordance with any regulatory requirements Audit completion The audit is completed upon submission of the audit report to the client EN 30011-1:1993 Corrective action follow-up The auditee is responsible for determining and initiating corrective action needed to correct a nonconformity or to correct the cause of a nonconformity The auditor is only responsible for identifying the nonconformity Corrective action and subsequent follow-up audits should be completed within a time period agreed to by the client and the auditee in consultation with the auditing organization NOTE 15 The auditing organization should keep the client informed of the status of corrective action activities and follow-up audits After verification of corrective action implementation, the auditing organization may prepare a follow-up report and distribute it in a manner similar to the original audit report © BSI 10-1998 EN 30011-1:1993 Annex A (informative) Bibliography [1] ISO 9000:1987, Quality management and quality assurance standards — Guidelines for selection and use [2] ISO 9001:1987, Quality systems — Model for quality assurance in design/development, production, installation and servicing [3] ISO 9002:1987, Quality systems — Model for quality assurance in production and installation [4] ISO 9003:1987, Quality systems — Model for quality assurance in final inspection and test [5] ISO 9004:1987, Quality management and quality system elements — Guidelines © BSI 10-1998 EN 30011-1:1993 Annex (informative) This European Standard is one of a series of standards on “Guidelines for auditing quality systems” The other two European Standards are listed below: EN Year Title 30011-2 1993 Guidelines for auditing quality 30011-3 systems — Part 2: Qualification criteria for quality systems auditors 10 EN Year Title 1993 Guidelines for auditing quality systems — Part 3: Management of audit programmes © BSI 10-1998 BS EN 30011-1:1993 Publication(s) referred to See national foreword © BSI 10-1998 BSI 389 Chiswick High Road London W4 4AL | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BSI Ð British Standards Institution BSI is the independent national body responsible for preparing British Standards It presents the UK view on standards in Europe and at the international level It is incorporated by Royal Charter Revisions British Standards are updated by amendment or revision Users of British Standards should make sure that they possess the latest amendments or editions It is the constant aim of BSI to improve the quality of our products and services We would be grateful if anyone finding an inaccuracy or ambiguity while using this British Standard would inform the Secretary of the technical committee responsible, the identity of which can be found on the inside front cover Tel: 020 8996 9000 Fax: 020 8996 7400 BSI offers members an individual updating service called PLUS which ensures that subscribers automatically receive the latest editions of standards Buying standards Orders for all BSI, international and foreign standards publications should be addressed to Customer Services Tel: 020 8996 9001 Fax: 020 8996 7001 In response to orders for international standards, it is BSI policy to supply the BSI implementation of those that have been published as British Standards, unless otherwise requested Information on standards BSI provides a wide range of information on national, European and international standards through its Library and its Technical Help to Exporters Service Various BSI electronic information services are also available which give details on all its products and services Contact the Information Centre Tel: 020 8996 7111 Fax: 020 8996 7048 Subscribing members of BSI are kept up to date with standards developments and receive substantial discounts on the purchase price of standards For details of these and other benefits contact Membership Administration Tel: 020 8996 7002 Fax: 020 8996 7001 Copyright Copyright subsists in all BSI publications BSI also holds the copyright, in the UK, of the publications of the international standardization bodies Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means ± electronic, photocopying, recording or otherwise ± without prior written permission from BSI This does not preclude the free use, in the course of implementing the standard, of necessary details such as symbols, and size, type or grade designations If these details are to be used for any other purpose than implementation then the prior written permission of BSI must be obtained If permission is granted, the terms may include royalty payments or a licensing agreement Details and advice can be obtained from the Copyright Manager Tel: 020 8996 7070