ISO-9001-Lead-Auditor Exam Dumps - QMS ISO 9001:2015 Lead Auditor Exam

According to ISO 19011:2018, clause 3.2, audit criteria are a set of policies, procedures or requirements used as a reference against which objective evidence is compared. Audit criteria are usually selected by the audit client or by agreement between the audit client and the auditee, and they should be appropriate for the audit scope and objectives1. Audit criteria may include, but are not limited to, the following sources2:

•ISO management system standards, such as ISO 9001, ISO 14001, ISO 45001, etc.

•Verbal statements by the general manager or other top management, as long as they are consistent with the documented policies and objectives of the organisation

•Verbal agreements with interested parties, such as customers, suppliers, regulators, etc., as long as they are documented and approved by the relevant authorities

•Health and safety notices, such as posters, signs, labels, etc., that communicate the organisation’s legal obligations, policies, or procedures

•Written agreements with interested parties, such as contracts, orders, specifications, etc., that define the requirements and expectations of the parties involved

•Organisation’s documented information, such as policies, procedures, manuals, records, etc., that describe the organisation’s management system and its processes

•Commitment to follow principles issued by an NGO, such as the United Nations Global Compact, the International Labour Organization, etc., as long as they are relevant to the organisation’s context and objectives

•Environmental aspects register, such as a list of the environmental impacts and risks associated with the organisation’s activities, products, and services

Therefore, the two options that are not potential audit criteria are F and H, as they are not reliable or verifiable sources of information, and they may not reflect the actual performance or conformity of the organisation’s management system. Commercial advertisements and claims made on the organisation’s website are forms of marketing communication that may be exaggerated, misleading, or inaccurate, and they are not subject to the same level of scrutiny or approval as the other sources of audit criteria.

References: ISO 19011:2018(en), Guidelines for auditing management systems, What are audit criteria? - ISO Update

According to ISO 9001:2015, clause 4.1, the organisation must determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended results of its quality management system. The organisation must also monitor and review the information about these issues. SWOT analysis is a tool that can help the organisation to identify its strengths, weaknesses, opportunities, and threats. However, the SWOT analysis alone is not sufficient to comply with the requirement, as the organisation also needs to review the information periodically and update it as necessary. Therefore, one audit trail would be to establish how the organisation reviews information about external and internal issues, such as how often, by whom, using what criteria, and with what results. 123

According to ISO 9001:2015, clause 10.3, the organisation must continually improve the suitability, adequacy, and effectiveness of the quality management system. The organisation must also consider the results of analysis and evaluation, and the outputs from management review, to determine if there are any needs or opportunities for improvement. SWOT analysis can help the organisation to identify the areas where improvement is needed or possible, such as addressing the weaknesses and threats, or exploiting the strengths and opportunities. However, the SWOT analysis alone is not sufficient to comply with the requirement, as the organisation also needs to take actions to implement the improvement, such as setting objectives, allocating resources, assigning responsibilities, and evaluating the effectiveness. Therefore, another audit trail would be to establish what actions were taken to improve the QMS, such as what, when, by whom, how, and with what results. 124 References:

1: ISO 9001:2015 - Quality management systems — Requirements

2: Advisera, “Context of the organization in ISO 9001:2015 explained”, https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/

3: ISO Templates, “ISO 9001 - Clause 4: Context of the organisation explained”, https://resources.iso-templates.com/blog/iso-9001-clause-4-context-of-the-organisation-explained

4: Advisera, “How to implement continual improvement in ISO 9001”, https://advisera.com/9001academy/knowledgebase/how-to-implement-continual-improvement-in-iso-9001/

According to the ISO - Management system standards page, the key benefits of an effective management system include improved operational effectiveness and efficiency, improved risk management and protection of people and the environment, and enhanced drive for innovation. The Integrated Use of Management System Standards (IUMSS) handbook also states that the purpose and objectives of management system standards are to help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives.

Therefore, the complete sentence is:

“The purpose of a management system standard is to improve the performance of an organisation.”

The following table shows the possible matching of the records to the requirements of clause 8.4:

Table

Requirements

Records

Define product requirements

Product specification

Criteria for selection

List of requirements to be met by the external provider

Evaluation of potential external provider

External provider questionnaire

External provider selection

Approved external provider list

Communicate requirements

Purchase order

Monitoring of performance

External provider delivery times and quality issues

Comprehensive and Detailed Explanation: = According to clause 8.4 of ISO 9001:2015, the organization should ensure that externally provided processes, products, and services conform to the specified requirements. To do so, the organization should:

Define the product requirements that are relevant for the external provision, such as specifications, drawings, standards, codes, etc. These should be documented and communicated to the external provider. A record of the product specification can be used as evidence of this requirement.

Establish the criteria for the selection, evaluation, and re-evaluation of external providers, based on their ability to provide processes, products, and services in accordance with the requirements. The criteria should be documented and applied consistently. A record of the list of requirements to be met by the external provider can be used as evidence of this requirement.

Evaluate the potential external providers before selecting them, using the established criteria. The evaluation methods may include questionnaires, audits, references, samples, etc. The results of the evaluation should be documented and reviewed. A record of the external provider questionnaire can be used as evidence of this requirement.

Select the external providers that have demonstrated their competence and conformity to the requirements. The selection should be based on the evaluation results and the organization’s needs. The selection should be documented and approved. A record of the approved external provider list can be used as evidence of this requirement.

Communicate the requirements for the processes, products, and services to be provided by the external provider, including the verification and validation activities, the acceptance criteria, the documentation requirements, the changes control, etc. The communication methods may include purchase orders, contracts, agreements, etc. The communication should be clear, complete, and timely. A record of the purchase order can be used as evidence of this requirement.

Monitor the performance and conformity of the external provider, using the established criteria and methods. The monitoring methods may include inspections, tests, audits, feedback, complaints, etc. The monitoring results should be documented and analyzed. A record of the external provider delivery times and quality issues can be used as evidence of this requirement.

References: ISO 9001:2015, [ISO 9001 Auditing Practices Group Guidance on Scope], Mastering the Scope of ISO 9001 Quality Management Systems

The quality system failed to control the laundry services provided for customers in five shops. The equipment used was not capable of consistently producing the required service.