Match each of the following statements into the table below to show whether they apply to first-party audits, second-party audits or third-party audits:
Noitol is an organisation specialising in the design and production of e-learning training materials for the insurance market. During an ISO 9001 audit of the development department, the auditor asks the Head of Development about the process used for validation of the final course design. She states that they usually ask customers to validate the product with volunteers. She says that the feedback received often leads to key improvements.
The auditor samples the design records for a recently completed course for the 247 Insurance organisation. Design verification was carried out but there was no validation report. The Head of Development advises that this customer required the product on an urgent basis, so the validation stage was omitted. When asked, the Head estimates that this occurs about 50% of the time. She confirms that they always ask for feedback and often make changes. There is no record of feedback in the design file for the course.
The auditor decides to review the training course design process in more depth.
Select three options that provide a meaningful audit trail for this process.
You are conducting an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The organisation manufactures cosmetics for major retailers and the name of the retailer supplied appears on the product packaging. Sales turnover has increased significantly over the past five years.
You are interviewing the new Product Development Manager. You note that a software application called SWIFT is used to help control the product development process.
You have gathered audit evidence as outlined in the table. Match the ISO 9001 clause 8.3 extracts to the audit evidence.
In the context of a third-party audit, match the activity with the party responsible in relation to the audit process.
Takitup is a small fabrication organisation that manufactures steel fencing, stairs and platforms for the construction sector. It has been certified to ISO 9001 for some time and has appointed a new Quality Manager. The audit plan during a surveillance audit covers the organisation's improvement actions and the auditor asks to see the most recent management review meeting minutes.
The auditor finds that the management review report records that none of the improvement actions set by the previous review has been realised for a second time. A new Quality Manager has been brought in at the middle management level to rectify the situation as the organisation is concerned that it might lose its certification.
Select three options that would provide evidence of conformance with clause 10.3 of ISO 9001.
During the opening meeting of a third-party audit of a pharmaceutical organisation (CD9000) with seven COVID-19 testing laboratories in various terminals at a major international airport, you are asked if you could
visit all laboratories. As audit team leader you say that, based on sampling criteria, you had planned to audit only three of them as CD9000 is a multisite organisation.
They tell you that they have worked so hard to get ready for the audit that the supervisors of those laboratories that would not be visited would be quite disappointed.
The following are possible responses to the request, select the two best responses:
You are carrying out an audit at a single-site organisation seeking certification to ISO 9001 for the first time. The
organisation manufactures cosmetics for major retailers and the name of the retailer supplied appears on the product
packaging. Sales turnover has increased significantly over the past five years. The organisation uses a software programme called SWIFT, which is used to record sales, plan production, purchase supplies, print despatch notes, track new product development, perform traceability exercises, carry out mass balance checks, raise invoices, create budgets, and support financial control.
You are nearing the end of the audit and you are reviewing your audit notes. You notice a recurring trend concerning the SWIFT database as shown below:
You ask the Quality Manager to explain how the SWIFT database is controlled. You learn that the Operations Director is
responsible for determining and progressing SWIFT software updates. You decide to meet the Operations Director (OD).
You: "Good afternoon."
OD: "Good afternoon."
You: "What responsibility do you have concerning the SWIFT database?"
OD: "I maintain it. If anyone wishes to propose an update to the database, they send me an email with
details of their proposal. I then either process the database update myself, or I send the request to the
consultant who designed the database 20 years ago. The necessary software changes are made, and the
amended software is immediately released to users."
You: "Would you explain how the software amendments are controlled?"
OD: "Of course. I personally update every computer myself."
You: "Do you inform the database users of the changes?"
OD: "No I don't. They find out for themselves by using the software, or they come to see me if they have
any questions."
You: "How do you ensure that the database users use the latest version?"
OD: "That's easy, I update every computer myself."
You: "During the audit, I noted there were several versions of SWIFT in use (you refer to your audit
notes)."
OD: "I know. That's because some versions work better than others, and depending on user needs and
experiences, we allow users to revert to using an earlier version if they find it works better for them."
Based on the scenario, which two of the following statements are true? There is evidence of
nonconformity with a requirement defined in ...