LOYDS QMS Pre Course Work PDF

QMS Auditor/Lead Auditor
Pre-Course Notes
Improving performance,
reducing risk
Introduction
Welcome to the Quality Management Systems Auditor/Lead Auditor training course.

Thank you for choosing LRQA.
We have designed the course to give you the knowledge and skills to perform audits of
management systems against ISO 9001 effectively and with confidence.
It meets the requirements of the International Register of Certificated Auditors (IRCA)
www.irca.org
Complete the course successfully and you will satisfy the formal training requirements
for IRCA certification to all grades of Quality Management System auditor.
Course hours
• The course duration is 40 hours over 4½ days.
• 100% attendance is required.
• You will be asked to complete evening work each day, which will take approximately
1 hour.
Delegate assessment
• We will fully explain at the start of the course the assessment criteria and
performance standards you need to achieve.
• We will give you written feedback each day, and guidance on any improvements
needed.
• You will complete a 2 hour written examination at the end of the course.
What is this pre-course work for?

• You must have some understanding of quality management principles and concepts
and knowledge of ISO 9001 requirements before starting the course. Completing
this pre-course work and you enable you to consolidate and develop your
knowledge, which you will use and build on during the course.
• We are giving you this information in advance so we can make the course practical
and activity-based. This will help you to learn and make the course enjoyable.
• This pack is part of your course notes.
How long will it take?

• Plan on taking approximately two hours in total to complete it.
What happens if I do not complete this?

• You will have missed a valuable opportunity to start building your knowledge.
• You will almost certainly find it difficult to participate in some of the course exercises
and you will need to complete it in your own time in addition to your evening work.
• You may well reduce your chance of successfully completing the course.
QMS Auditor/Lead Auditor Page 1 of 45
Version 3 - Revision 5.0
Precourse Notes.docx
© LRQA Training 2014
Introduction
Am I expected to remember all of the information in this pack?

• No, the course is not a test of memory but it will test your understanding. To be
successful you will need to apply this information during the course and show
during the exam that you understand the concepts covered in this pack. The exam
questions could relate to any aspect of this pre course information, any aspects
covered on the course, and any requirements of ISO 9001.
• During the exam you will be able to refer to a clean copy of ISO 9001 (i.e., one that
has not been annotated in any way). If appropriate you can use a paper based
bilingual dictionary. These are the only items permitted for reference.
Important
• Please complete Section G – Verification of pre-course work. This is very important.
It will help you prepare for the course.
• Please be sure you bring the completed pack and your personal copy of ISO 9001
with you when you attend the course.
• Please complete your personal course objectives at the end of the pack. We will ask
you to present these at the start of the course.

Section A – ISO 9000 Series of Documents
Contents
Page
Introduction 1
SECTION A The ISO 9000 Series of Documents 4
SECTION B ISO Terms and Definitions 5
ISO 9000 Quality Management Principles

• The Eight Quality Management Principles
SECTION C 7
• Matching ISO 9001 Requirements to the Quality
Management Principles
SECTION D Understanding Processes 9

• The Process-improvement model
• The process model
• Process conformance and effectiveness
SECTION E ISO 9001 Structure and Contents 13

• ISO 9001 - Model of a process-based quality
management system
• ISO 9001 Contents and layout
• Pre course preparation
19
SECTION F Introduction to Auditing
• Audit terms and definitions
• Audit types and purpose
• Certification and accreditation
SECTION G Verification of pre-course work 23
SECTION H Defining Personal Course Objectives 26
Appendix Guide to ISO 9001 Requirements 28
Note: The following spellings are used throughout for consistency with the
ISO 9000 series of documents: - Organization. Realization. Realized

Section A – ISO 9000 Series of Documents
Purpose
This section contains information on the ISO 9000 series of documents.
The ISO 9000 Series of Documents

The ISO 9000 series of documents comprise:
• ISO 9000 - Quality management systems – Fundamentals and vocabulary

ISO 9000 explains the fundamentals of quality management. It defines terms used in
ISO 9001 and ISO 9004.
• ISO 9001 - Quality management systems – Requirements

ISO 9001 specifies requirements for a quality management system that aims to
enhance customer satisfaction by meeting customer and applicable statutory and
regulatory requirements. It can be used for internal application by organizations, for
certification and for contractual purposes.
ISO 9001 is an auditable standard. The others are not.
• ISO 9004 – Managing for the sustained success of an organization – A quality

management approach
ISO 9004 is a guide for organizations that wish to achieve sustained success using a
quality management approach. ISO 9004 provides a wider focus on quality
management than ISO 9001, addressing the needs of a wide range of stakeholders
and giving guidance for the systematic and continual improvement of the
organizations’ overall performance. As a guidance document, ISO 9004 is not
auditable for certification, but it does promote self assessment by organizations to
identify opportunities for improvements and/ or innovations.
ISO 9001 and ISO 9004 are designed to complement each other, but can also be used
independently.
Most standards require periodic revision. Several factors combine to render a standard
out of date: technological evolution, new methods and materials, new quality and safety
requirements. To take account of these factors, ISO has established the general rule that
all ISO standards should be reviewed at intervals of not more than five years.

Section B – ISO Terms and Definitions
Purpose
This section introduces some essential quality terms and definitions. These will help you
interpret and audit ISO 9001 requirements. You may want to refer back to these
definitions as you read through the other sections of this pack.
Definitions
The following terms and definitions are quoted from ISO9000 Quality management
systems - Fundamentals and vocabulary.
 To help your understanding, we have grouped related terms together and separated
groups using this bullet symbol.
Quality
Degree to which a set of inherent characteristics fulfils requirements
System
Set of interrelated or interacting elements
Management system
System to establish policy and objectives and to achieve those objectives
Quality management system

Management System to direct and control an organization with regard to quality

Process
Set of interrelated or interacting activities which transforms inputs into outputs
Product
Result of a process
• The term Product is used as a generic term for:
- services (for example transport)
- software (for example computer programme or information,)
- hardware (for example engine mechanical part)
- processed materials (for example lubricant)
Procedure
Specified way to carry out an activity or a process
• Where the procedure is documented the term ‘written procedure’ or ‘documented
procedure’ is frequently used. For clarity, auditors should not use the term procedure
when in fact they are referring to a written or documented procedure.

Section B – ISO Terms and Definitions
Requirement
Need or expectation that is stated, generally implied or obligatory
Nonconformity
Non-fulfilment of a requirement
Correction
Action to eliminate a detected nonconformity
• for example rework
Corrective action
Action to eliminate the cause of a detected nonconformity or other undesirable situation
Preventive action
Action to eliminate the cause of a potential nonconformity or other undesirable
situation

Document
Information and its supporting medium
Record
Document stating results achieved or providing evidence of activities performed

Section C - ISO 9000 Quality Management Principles
Purpose
ISO 9000 introduces eight Quality Management Principles that can be used to lead an
organization towards improvement. ISO 9001 includes requirements that can be traced
back to these principles.
By reading this section and working through an example of how requirements of ISO
9001 can be linked back to the principles you will help to develop your understanding of
ISO 9001 and the underlying purpose of specific requirements.
The Eight Quality Management Principles

The eight quality management principles given in ISO 9000 are:
1. Customer focus
Organizations depend on their customers and therefore should understand current
and future needs, should meet customer requirements and strive to exceed customer
expectations.
2. Leadership
Leaders establish unity of purpose and direction of the organization. They should
create and maintain the internal environment in which people can become fully
involved in achieving the organization's objectives.
3. Involvement of people
People at all levels are the essence of an organization and their full involvement
enables their abilities to be used for the organization’s benefit.
4. Process approach
A desired result is achieved more efficiently when activities and related resources are
managed as a process.
5. Systems approach to management

Identifying, understanding and managing interrelated processes as a system
contributes to the organization's effectiveness and efficiency in achieving its
objectives.
6. Continual improvement
Continual improvement of the organization's overall performance should be a
permanent objective of the organization.
7. Factual approach to decision making

Effective decisions are based on the analysis of data and information.
8. Mutually beneficial supplier relationships

An organization and its suppliers are interdependent and a mutually beneficial
relationship enhances the ability of both to create value.
(Reproduced from ISO 9000)

Section C - ISO 9000 Quality Management Principles
Please note - Suppliers are stakeholders not customers. Stakeholder needs are
considered in ISO 9004 but are outside the scope of ISO 9001. Consequently there
is no direct traceability from ISO 9001 to the quality management principle of
mutually beneficial supplier relationships.
Matching ISO 9001 requirements to the quality management

principles
With the exception of “mutually beneficial supplier relationships” requirements that
support each of the principles can be found in ISO 9001. An example of this is shown
below.
Use this example to start to familiarise yourself with ISO 9001.
Principle ISO 9001 requirements that support the principle
Process approach 4.1a) identify the processes needed for the quality management system….
4.1b) determine the sequence and interaction of these processes
4.1c) determine criteria and methods needed to ensure that both the
operation and control of these processes are effective
Now refer to ISO 9001. Read what it says in the sections listed below and
see how these requirements support the process approach principle.
4.1 e)
4.1 f)
7.1 – refer to the first paragraph
8.2.3
Complete the “Quality Management Principle and ISO 9001 cross reference
section” that is part of the “Verification of pre-course work” section.

Section D – Understanding Processes
Purpose
ISO 9001 promotes a process approach to quality management. We introduce in this
section the Process Improvement Model, the Process Model and process conformance
and effectiveness.
The Process-improvement model
ACT PLAN
CHECK DO
This is the “Plan-Do-Check-Act” improvement cycle. You may hear it called the PDCA
cycle or the Deming cycle. You can apply it to all processes and you can use it to plan
and implement process change.
• Plan – Plan the improvement and plan how you will know if it has worked.
• Do - Do what you planned to do and measure it as planned.
• Check - Check the results against expectations.
• Act – Act to maintain the improvement, address any shortfall and learn from
experience.
ISO 9001 aims to bring about continual improvement through the Plan-Do-Check-Act
cycle, which is embedded into ISO 9001 requirements.

The Process model

The ISO 9000 series of documents make frequent reference to processes and process-
base quality management systems. It will be useful if you understand the relevant ISO
terms, what is meant by a process and how any process can be represented by a simple
model. We will use this process model during the course.
• Process - set of interrelated or interacting activities which transforms inputs into

outputs.
• Product -result of a process.
• Procedure - specified way to carry out an activity or process.

You can describe a business or organization as a collection of processes. Processes use
resources to transform the inputs into the outputs. People and equipment are examples
of resources.
The purpose of a quality management system based on ISO 9001 is to ensure the
product of the organization meets customer, statutory and regulatory requirements, and
the organization’s own requirements. Using the PDCA approach, ISO 9001 requires
processes to be designed, monitored and improved so they consistently deliver product
that meets these requirements.
When the way in which an activity or process is carried out can affect the product’s
ability to meet requirements a procedure (a specified way to carry out the process) is
needed. The procedure may be implemented by training the process operator or by
automating the process.
It is useful to be able to represent a process by a simple diagram. The Process model

shown below is one recognised way of doing this and it will be used in the course.
u Controls
u Input Activities u Output
u Resources

For example, consider the enquiry handling part of a sales process.
Controls - controls or constraints applied to the

process or output
E.g. Company pricing and discount policy
Input – materials or Output - the result of

information that is changed transforming the input.
in some way to become the Process E.g. A quotation to the
output.
Activities customer
E.g. Customer enquiry
Resources - resources to enable the process

to be carried out.
E.g. Sales person and database
Process Interaction
Individual processes rarely operate in isolation and processes can often be broken down
into sub-processes. Outputs from one process are often inputs into later processes.
Some times the output from one process will become a control to another process. For
example, consider two parts of a purchasing process.
u Supplier
Performance
standards
u Potential
u Approved
Suppliers Supplier Approval
Suppliers
u Competent
Personnel
u Approved
Suppliers
u Purchase u Purchase
Purchasing
Requirements Order
u Competent
Personnel

Process conformance and effectiveness

• Conformance – fulfillment of a requirement.
The term conformance is used when discussing ISO management system standards in
preference to the term compliant, which is used when discussing statutory and
regulatory standards.
• Effectiveness – extent to which planned activities are realized and planned results
achieved.
A process is conforming when carried out in accordance with planned arrangements.

The planned inputs, resources and controls have been used to produce the planned
output. But a conforming process is not automatically an effective process. For
example, the planned output may not meet requirements of the customer.
Checking a process has been carried out in accordance with planned arrangements is a
conformance audit. Checking the results of a process meet requirements is an
effectiveness audit. Auditors must consider the purpose of a process to determine its
effectiveness.
For example, consider a purchasing process. The purpose of a purchasing process is to

have the right product, in the right quantities, at the right time, in the right place, to the
right specification and at the right price. An effective purchasing process will achieve
these results. So for example, the procedure for purchasing should take account of how
much lead time suppliers need. If specified lead times are too short it is possible to have
a conforming, but ineffective purchasing process. This could result in late delivery.

Section E - ISO 9001 Structure and Contents
Purpose
Read this section and start to familiarise yourself with ISO 9001. It will help you during
the course, the exam and later as an auditor if you can navigate your way around ISO
9001 requirements quickly and accurately.
Quality management systems

ISO 9000 defines a quality management system as “a management system to direct and
control an organization with regard to quality”.
A management system should provide a framework that supports an organization in
determining policy and objectives, and in managing the interrelating elements effectively
to ensure those objectives are achieved. In the case of a quality management system,
the policy and objectives would focus on fulfilling the requirements and expectations of
customers.
The “Plan, Do, Check, Act” cycle you looked at in section D is probably the simplest
framework for a management system. ISO 9001 uses this framework as its underlying
structure; specific auditable requirements have been established to support
organizations in the effective application of this underlying framework.
ISO 9001 specifies requirements for a quality management system that aims to enhance
customer satisfaction by meeting customer and applicable statutory and regulatory
requirements, and continual improvement of the system. It can be used for internal
application by organizations, for certification and for contractual purposes.
Other quality management systems models are available including:
• The Malcolm Baldridge National Quality Award.
• The European Foundation for Quality Management Excellence Awards.
• Customer Service Excellence Standard.
• ISO9004 Managing for the sustained success of an organization.
Applying a quality management system framework can help an organization meet the
current and future needs of its customers in an effective and efficient way, and ensure
that products and services consistently meet customer and regulatory requirements.
The achievement of certification to a standard by an independent body, or an award
against a recognised framework, provides public recognition that an organization meets
those standards, and can be a useful marketing tool.

ISO 9001 – Model of a process-based quality management system

ISO 9001 includes the diagram below. It illustrates in simple terms how a business
works following the principles of ISO 9001 and it provides a framework around which
ISO 9001 is structured.
Quality Management Process Model
Continual improvement of
the quality management system
Management
Responsibility
Customers Customers
Measurement,
Resource Satisfaction
analysis and
management improvement
Input Output
Requirements Product
Product
Realisation
The diagram illustrates the relationship between customers and the supplying
organization. On the left-hand we have customer requirements. In the middle we have
the organization supplying the customer. On the right-hand we have the customer’s
perception as to whether the organization has met their requirements.
Customers Requirements - consider customers at two levels, as shown on the left-

hand side. Firstly there is the collective customer, or market place that the organization
operates within. And there is the individual customer and individual order. The
enclosed “requirements” box in the diagram represents the individual customer. The
same principle applies in the illustration of customers’ satisfaction on the right-hand
side. There is the perception of whether the organization has met the needs of an
individual customer for an individual order, and there is the overall perception of the
collection of customers.

Management Responsibility - Businesses generally operate within a market sector.

For example one airline may choose to concentrate on the business traveller whilst
another targets the low cost part of the market. The organization needs to fully
understand the market it is operating in and what customers want now and in the
future. This is the role of Top management, who direct and control the organization.
Top management need to establish effective two-way communication between the
organization and customers and understand their requirements. This is shown in the
diagram by the two-way dotted line from “management responsibility” to the
“customer”. Of course some businesses have only a low number of customers, possibly
only one. Never the less the same principle applies.
Through this communication with customers top management will be in a position to

make informed decisions and give direction and leadership to the business. Of course
there are many other factors that top management need to take account of, such as
what competitors are offering, new technology, new legislation, stakeholder
expectations and new business opportunities. For top management quality
management is just another part of business management. Top management rarely
uses quality terminology. Auditors need to recognise this and use appropriate business
language when interviewing top management.
• Quality policy – overall intentions of an organization with regard to quality.
The organization’s quality policy should reflect what is important to the organization
and its customers. Top management may formulate and review the quality policy as part
of other business planning activities. In practice an organization’s policies tend to
remain fairly constant from one year to the next whilst objectives change to meet
emerging needs.
• Quality objectives – something sought, or aimed for, relating to quality.
Having set policy and established objectives for quality as well as other business
requirements such as profitability, the role of top management is to communicate these
and establish a unity of purpose throughout the organization.
Resource Management - All businesses need resources. Within the context of ISO
9001 these comprise:
• Human resources - including competence, training and awareness.
• Infrastructure - including buildings, workspace and associated utilities, process
equipment (hardware and software) and supporting services (such as transport,
communication or information systems).
• Work environment - including physical, environmental and other factors under which
work is performed.
Resources need to be planned, implemented and checked for adequacy and

effectiveness in meeting customer, statutory and regulatory requirements applicable to
the product, and the organization’s own requirements as set out in the quality policy
and quality objectives.
In addition to the three resource types given, organizations will need also to plan and
manage other resources such as financial resources and supplier partnerships. These are
outside of the scope of ISO 9001 but are referred to in ISO 9004.
Product Realization - is a term used to refer to the collection of processes that go to

identify and deliver customer requirements at an individual customer order level.
Typically these are the every-day operational processes of an organization. An example
would be all of the individual processes undertaken by an airline; from selling a ticket to
a customer through to delivery of the passenger and their baggage to their destination.
Examples of realization processes that apply to most companies are sales, purchasing,
delivery and invoicing. For a manufacturing company, realization processes could also
include production processes, inspection and test, calibration and installation. For a
service company such as a hotel, examples of realization processes would be guest
reception, restaurant and room services.
ISO 9001 applies the PDCA cycle to these realization processes.
Measurement, Analysis and Improvement - is the fourth set of processes in the

model of a process-based quality management system. There is a requirement to plan
and implement monitoring, measurement, analysis and improvement processes. These
are the check and act parts the PDCA cycle.
The aim is to:

• Make sure customer requirements are being met.
• Make sure product conforms to requirements.
• Make sure processes are capable and effective.
• Make sure the quality management system is being followed.
• Analyse data to determine the effectiveness of the management system and enable
fact based decision making.
• Continually improve the effectiveness of the management system.
That is, continually improve the probability that customer, statutory and regulatory
requirements applicable to the product, and the organization’s own requirements
will be met.
Continual improvement – is the last part of the model of a process-based quality

management system. The aim of the measurement processes is to gather factual data
that can be used to correct any deficiencies in the planned arrangements and identify
improvement opportunities.
Continual improvement acts at two levels.

1. At product realization level - through monitoring and measurement of product and
processes.

The aim is to:

• Correct anything that is wrong and then take corrective action to eliminate cause
and stop it recurring in the future.
• Improve process capability so the probability that customer, statutory and regulatory
requirements applicable to the product, and the organization’s own requirements
will be met is increased.
• Make sure the quality management system is being followed.
And:
2. At organization level – through use of the quality policy, quality objectives, audit
results, analysis of data, corrective and preventive actions and management review.
The aim is to:
• Review what has been achieved against the quality policy and quality objectives and
act to address any shortfalls.
• Plan for the future, taking account of changes in requirements and other changes
that could affect the quality management system such as development of
technology.
This activity is part of what ISO 9001 calls “management review” and is the process
by which new quality objectives and targets are established.
ISO 9001 Contents and layout

Look now at your copy of ISO 9001.
• Clause 1 – Scope. This section defines the scope and purpose of ISO 9001.
• Clause 2 – Normative references. This section identifies reference documents that
should be used with ISO 9001.
• Clause 3 - Terms and definitions. This clause refers to ISO 9000.
• Clause 4 – Quality management system. This section describes general requirements
for developing and implementing a quality management system using ISO 9001. It
specifies documentation requirements and requirements for a Quality manual,
Control of documents and Control of records.
Look now at clauses 5 through to 8. The main body of the Standard is organised in the
same way as the model of a process-based quality management system. That is:
• Clause 5 – Management responsibility.
• Clause 6 – Resource management.
• Clause 7 – Product realization.
• Clause 8 – Measurement, analysis and improvement.
Exclusions – Clause 7 only

Where any requirement(s) of ISO 9001 cannot be applied due to the nature of an
organization and its product, this can be considered for exclusion. Exclusions are limited
to requirements within clause 7. For example, where an organization does not use

monitoring and measuring equipment the requirements of clause 7.6 can be excluded.
The quality manual shall include details of, and justification for, any exclusion.
Pre-course preparation
Before attending the course you are required to have knowledge of the requirements of
ISO 9001.
Depending on your previous knowledge and experience, you may find it useful to
complete the following activities before the course, to consolidate your existing
knowledge and understanding:
1. Read through the “guide to ISO 9001 requirements” that is in the appendix to this
document.
2. Select some of the sections from the guide, maybe those that you are less familiar
with and find out what processes and procedures your own organization uses to
address these requirements. Now compare these with the requirements as they are
detailed in ISO 9001.
3. Review some of the internal and external audit reports for your organization, and
compare their findings with the relevant sections of ISO 9001.
4. Look at you organization’s quality policy, quality objectives and quality manual, and
compare their contents with the relevant ISO 9001 requirements.
5. If available, look at the inputs and outputs form your organization’s management
review. How do they meet the requirements of 5.6.2 and 5.6.3? What is your
organization seeking to improve?

Section F – Introduction to Auditing
Purpose
This section introduces some basic concepts of auditing. It contains essential
information, which you should know and understand before attending the course.
Read this section carefully. You will have an opportunity during the course to clarify any
points with the trainer.
Audit terms and definitions

The following terms and definitions are quoted from ISO 19011 – Guidelines for quality
and/or environmental management systems auditing, which is referred to in ISO 9001
• ISO 19011 is a guidance document, not a set of requirements.

Audit
Systematic, independent and documented process for obtaining audit evidence and
evaluating it objectively to determine the extent to which audit criteria are fulfilled.
Audit evidence
Records, statements of fact or other information, which are relevant to the audit criteria
and verifiable.
Audit criteria
Set of policies, procedures or requirements used as a reference against which audit
evidence is compared.

Auditor
Person who conducts an audit.
Audit team
One or more auditors conducting an audit, supported if needed by technical experts.
Note – one auditor of the audit team is appointed as the audit team leader.
Technical expert
Person who provides specific knowledge or expertise to the audit team.
Audit client
Organization or person requesting an audit.
Auditee
Organization being audited.

Audit programme
Arrangements for a set of one or more audits planned for a specific time frame and
directed towards a specific purpose.
Audit plan
Description of the activities and arrangements for an audit.
Audit scope
Extent and boundaries of an audit.
Audit types and purpose

Audits are done for a variety of reasons. For example to check a process is carried out in
accordance with the planned arrangements.
Quality management system audits may be used to:

• Verify conformance to planned arrangements.
• Identify opportunities for improvement.
• Assess the effectiveness of quality management systems.
• Assist with selection and monitoring of suppliers.
• Verify compliance with contractual requirements.
• Determine conformity with ISO 9001 requirements.
1st, 2nd and 3rd Party audits.

These terms describe the relationship the auditor has with the organization being
audited.
• 1st party or internal audit is the term used when the auditor works for the
organization being audited. 1st party audits are used for internal purposes. The
person managing the audit programme will decide the scope of the audit.
• 2nd party or supplier audit is the term used when the auditor works for the client
nd
buying from the auditee. 2 party audits are used to help select and monitor
suppliers. The audit client will decide the scope of the audit.
• 3rd party or independent audit is the term used when the auditor works for an
independent auditing organization. For example those carrying out certification
audits. The auditee organization may include all of its products within the audit, or
it may want to limit the audit to a selected range. The independent audit body will
audit all applicable parts of the organizations quality management system and
evaluate conformance with all applicable requirements of ISO 9001.
Note – determining conformity with ISO 9001 or other recognised standard is the
primary purpose of a 3rd party audit.

Certification and accreditation

At some stage you will almost certainly need to explain the terms certification and
accreditation to people who do not understand them.
In overview the system works like this.
Accreditation bodies, for example the United Kingdom Accreditation Service (UKAS):
Audit and award accreditation to:
Certification bodies, for example LRQA
Who audit and award certification to:
Organizations
Accreditation bodies audit certification bodies against the requirements of ISO 17021
“Conformity assessment — Requirements for bodies providing audit and certification of
management systems”.
Accredited certification bodies will generally follow the guidelines contained in ISO
19011 “Guidelines for auditing management systems”.
ISO 19011 is a guidance document whereas ISO 17021 is an auditable document. And
where ISO 17021 only applies to certification bodies, ISO 19011 is also referenced by
nd
many organizations operating 1st party (internal) or 2 party (supplier) audit systems.
There is no statutory requirement for certification bodies to be accredited, but the

credibility of certification can be greatly undermined if they are not. Using an accredited
certification body gives stakeholders the assurance that:
• Certification auditors are competent and have relevant industry experience;

• They conduct rigorous, evidence based audits and their recommendations are
validated;
• Certified organizations have systems and processes that enable them to consistently
meet the requirements of their customers, and of ISO 9001;
• Certified organizations are audited regularly to ensure that they continue to conform
to requirements, and certification will be withdrawn if they do not.

Section G – Verification of Pre-course Work
The purpose of this section is to check your understanding of the information given in
this pre-course work.
1. Match the definition to the term and write the letter of the correct definition against
the term. There are two definitions for which there is no term listed.
No TERM Def. DEFINITION

1 Management A Set of interrelated or interacting activities which
system transform inputs into outputs
2 Procedure B Action taken on a nonconforming product to

make it conform to requirements
3 Corrective action C Specified way to carry out an activity or a

process
4 Nonconformity D System to establish policy and objectives and to

achieve those objectives
5 Process E Co-ordinated activities to direct and control an

organization with regard to quality
F Action to eliminate the cause of a detected

nonconformity or other undesirable situation
G Non-fulfilment of a requirement
2. In the space below, describe the difference between corrective action and preventive
action and give an example of each.
3. Which of the following are guidance documents?

a) ISO 9000
b) ISO 19011
c) ISO 9004
d) None of the above
e) All of the above

4. Complete this cross-reference guide by identifying 5 specific requirements in ISO

9001 that support each of the quality management principles listed below.
Quality Management ISO 9001 requirements that support the principle

Principle
Customer focus
Leadership
Involvement of people
Continual
improvement
Factual approach to
decision making

5. With reference to this pre-course work and ISO 9001, who has overall responsibility
for the organization’s quality policy and quality objectives?
6. With reference to this pre-course work and ISO 9001 describe in the space below
the purpose of “Management review”
-----------------------------------------------------------------------------------------------------------------

Section H – Personal Course Objectives
Purpose
Each delegate will have their own reason for coming on the course. For example you
may be an internal auditor (1st party audits) who wants now to audit against ISO 9001.
Or you may be coming on the course as part of your personal development. It will help
you and the trainer if before you arrive you think about and plan what you want to get
from the course. We have designed this section to help you with this. It forms a bridge
between the pre-course pack and the course itself.
In thinking about your objectives for the course you also want to consider:
• What you need to do to meet the IRCA requirements for Auditors. You may find it
beneficial to visit the IRCA web site for more details of the requirements for
becoming an IRCA certificated auditor. www.irca.org
• Your familiarity with ISO 9001 and quality management systems.
• Any other expectations which you or your employer have from the course.
Please now write your personal objectives using the form on the next page and bring it
with you to the course.

Section H – Personal Course Objectives
Personal Course Objectives
Name: Company:
Course Name: QMS Auditor/ Lead Auditor
My current auditing experience is: (please give a brief description of your auditing
experience including the type of audits you have completed or been involved in)
My future auditing role will be: (please give a brief description of how you see your role as
an auditor developing in the future and include also the type of audits you expect to be
involved in)
My objectives for the course are: (please list between three and five specific things that you
want to be able to do as a result of completing the course)
Do you intend to apply to become an IRCA certificated auditor or lead auditor?

Yes No Don’t know
Please take a copy of this page and bring it with you to the course. You will be asked to
discuss and present your course objectives to your group and LRQA trainer.

Appendix: Guide to ISO 9001 requirements
Guide to ISO 9001 requirements

This section provides you with a layperson’s guide to the purpose and key requirements
of ISO 9001. It describes all the main requirements you need to know to complete the
course.
To keep the document brief, only an overview of the requirements is included. You
should refer to your personal copy of the standard for definitive information.
Caution!
ISO 9001 specifies requirements for a quality management system. It does not prescribe
how these requirements are to be met.
If your organization’s quality management system has been certified as conforming to

the requirements of ISO 9001 then it has found a way of meeting the requirements that
suit its business needs. But what suits one organization may not suit another. For
example, where it suits one organization to have many documented procedures,
another may choose to rely on other means to ensure the effective planning, operation
and control of its processes. Also your organization may have requirements other than
ISO 9001 that is has to comply with. For example, customers may demand certain ways
of working or the keeping of certain records. It will be essential during the course that
you are open-minded about how conformance with the requirements of ISO 9001 can
be achieved, don’t mistake your organizations way of conforming with ISO 9001
requirements as being an absolute requirement of the standard itself.
Using this guide

The title of the ISO 9001 clause is given in blue text. Refer to your copy of ISO 9001 for
the full text. Then the main purpose of the requirement is shown in red. It is phrased as
a question, the answer to which follows in black text.

4 Quality management system

4.1 General requirements
The organization shall:
4.1a) determine the processes needed for the quality management system and their
application throughout the organization
What do we need to manage to ensure achievement of our business objectives and

targets?
If the management system is to work, a starting point must be to identify all those
things that need to be managed. The purpose of this clause is to ensure that all
processes that can have a direct or indirect impact upon customer satisfaction and
compliance with applicable statutory and regulatory requirements are identified as part
of the management system. What are the processes involved in producing products and
services? What support processes are needed?
Requirements: Identify all of the processes that contribute to meeting requirements,

including those of customers, legal requirements and the quality policy and objectives of
the organization. All processes should be identified, including management activities,
resourcing activities, activities needed directly to produce the product or service, and
measurement and improvement activities.
4.1b) determine the sequence and interaction of these processes
How should it fit together?
Businesses are made up of processes that feed other processes. For example, in a
vehicle repair operation the parts ordered in the “parts ordering” process would feed
into the “repair” process. Organizations need to understand how their processes feed
into each other in order to actively manage the business, making sure that processes are
effective and efficient.
Requirements: A description of how processes identified feed each other is required

and can be illustrated, for example as a process map. (See also 4.2.2c).
4.1c) determine criteria and methods needed to ensure that both the operation and
control of these processes are effective
How will we know that the process is delivering the desired outcome?
Requirements: Firstly determine what the process needs to achieve and set some
acceptance criteria. For example in a paint shop this might be the specification for the
paint finish. Then you need to determine what process controls are needed to ensure
this result, for example you might specify paint consistency and drying
time/temperature. You then need to plan how you will monitor the operation of
processes; that is to see if they are being performed as you planned. You will need to
plan how you will assess the effectiveness of controls, for example is the paint
consistency producing the result we want? Such methods might include inspection and
audit activities.
4.1d) ensure the availability of resources and information necessary to support the
operation and monitoring of these processes
What resources do we need to make it happen?
The business needs to ensure that there are sufficient resources to allow processes to
work as intended. Resources include appropriately competent people, equipment,
hardware and software, materials, environment and so on and so on. Resources should
also be available to monitor processes – this would include activities such as internal
audit.
Requirements: Make sure the necessary resources and information is available at the
right time and in the right place.
4.1e) monitor measure where applicable, and analyse these processes and
How do we know if it’s working?
Organizations need to understand what happens in practice, and be able to compare

this with what should have happened as a basis for making informed decisions. This
requirement is about implementing the plans identified in 4.1c.
Processes can be monitored through means such as internal audit, customer feedback,
mystery shoppers; process measures may include quantitative data such as process
times, conversion ratios, turnaround times, volume, costs, revenue etc. Analysis should
help the organization answer the “so what?” question - what is the data telling us
about how we are performing?
Requirements: Implement the planned arrangements for monitoring and measuring

process performance and analyse the information generated.
4.1f) implement actions necessary to achieve planned results and continual

improvement of these processes
What can we do to make it work and work better?
Management is all about taking decisions and acting to ensure that objectives can be
attained. Implementing this requirement will help to ensure that results are achieved,
and that the effectiveness of processes in delivering results is enhanced.
Requirements: Act in response to the results of process measurement and monitoring

activities. Action taken should correct any deficiency between planned and actual
performance. Act also to improve the probability of achieving planned results, which
over time should show sustainable positive trends.

Summary
Section 4.1 introduces the general requirements for the quality management system. It
provides an overview of the requirements. It applies the PDCA cycle, described earlier.

4.2 Documentation requirements

(Look at your copy of ISO 9001 for the full text)
4.2.1 General
How can we ensure that the documentation supporting our management system is
adequately but not overly detailed?
A certain amount of documentation is essential to provide direction and clarity in a

management system, and to ensure that processes, departments and teams interact and
operate as intended. This clause outlines what documentation and records are required
to operate the business effectively and meet the basic requirements of the Standard. It
aims to help organizations develop a level of documentation that is appropriate for their
business.
Requirements: Organizations must document their quality policy and objectives. There
must be a quality manual, and records required by the Standard to demonstrate
effective operation of the management system.
Only 6 mandatory documented procedures are needed:

• Control of documents.
• Control of records.
• Internal audit.
• Control of non conforming product.
• Corrective action.
• Preventive action.
The organization should decide what further documentation including records is

required in order to effectively plan, operate and control its processes.
4.2.2: Quality manual
What does the management system cover?
The quality manual acts as a guide to how the business is organised and what processes
there are. It should provide a documented overview of the quality management system.
Readers should gain a good understanding in overview of the organization. What
processes it operates and how they interact. The quality manual should help readers to
navigate their way through the management system and its documentation.
Requirements: As a minimum the quality manual must include:

• The scope of the management system, that is what activities and processes are
covered; (refer back to 4.1a in the previous section).
• The documented procedures (or reference to them if they are contained in other
separate documentation, i.e. work instruction, handbook, manual, job description or
policy).
• A description of how processes interact.

4.2.3 Control of documents
How can we keep things up to date and communicate changes?
This requirement is intended to ensure that people have the right information at the
right time. It applies to both hard copy and electronic documents. It applies to
documented procedures and some everyday working documents, for example drawings
and specifications. A hotel for example would probably want to control in some way its
room rate list. Customers’ documents that are copied and circulated in the organization
should be controlled. For example, customers' order setting out requirements.
Organizations must decide which every day documents need to be controlled and what
is an appropriate method.
Requirements:
• Approve documents and procedures before issue and amendment.
• Make it clear which is the most up to date version of the document. For example,
use a revision status or date.
• Circulate documents to the right people, and make sure that old versions are
removed or destroyed.
• Set out in a documented procedure how documents will be controlled.
4.2.4 Control of records
How do we know and how can we demonstrate what we have done?
Records may be needed for traceability, and for comparing what happened with what
was planned – a clear understanding of this will be essential for any improvement
activity.
Requirements:
• What records do we need to keep, to demonstrate the effective operation of the
management system?
• How long for?
• Where/how shall we keep them?
• What happens to records that are no longer needed?
• Set out in a documented procedure how records will be controlled.
Summary
Section 4.2 sets out requirements for quality management system documentation
comprising the policy, objectives, manual, procedures and records.

5 Management responsibility
(Look at your copy of ISO 9001 for the full text).
5.1 Management commitment
How does management provide appropriate leadership for the management system?
And, how is this demonstrated?
“People do what their managers pay attention to” and the management system will
only deliver results if people within the organization know that using and improving the
management system to satisfy customers and comply with legal requirements is
important to top management.
Requirements:
• Communicate clearly and consistently how important achieving customer satisfaction
and conforming to regulations is.
• Set direction through the quality policy and objectives.
• Be personally involved in reviewing the effectiveness of the system.
• Demonstrate commitment by allocating resources where they are needed.
5.2 Customer focus
What do customers want?
Find out what the market wants and deliver it.
Requirements: Establish the requirements of individual customers and, where

appropriate, the market place in general and listen to customer feedback.
5.3 Quality policy
How can we tell our people what we want the business to achieve and how important it
is that everyone follows and improves the way we work?
The quality policy provides focus and direction for the organization and what it should
achieve.
Requirements: Top management should establish and document a quality policy that
reflects the business strategy and provides long term direction. They should review their
quality policy periodically. The quality policy should reflect the need for continual
improvement, and facilitate setting of quality objectives. The quality policy should be
communicated and understood by all staff.
5.4 Planning
How are we going to achieve our goals? How are we going to direct and control the
organization?

How the quality policy will be achieved needs to be planned. The management system,
the way the organization will operate to achieve the policy needs to be planned. Top
management is responsible for making this happen.
Requirements: Measurable quality objectives should be set that support the quality
policy. These should be cascaded throughout the organization, so that departments
and individuals that are required to contribute to the achievement of objectives have a
clear understanding of what is required of them. Planning also applies to the general
operation of the management system, and includes the management of change.
5.5 Responsibility, authority and communication
How do we know who is supposed to do what?
For organizations to run smoothly, people need to know what they are supposed to do
and what authority they have, and what others are supposed to do, and to know what’s
going on.
The management system and its effectiveness are fundamental to the success of the
organization. Someone has to have overall responsibility for it.
Requirements: People throughout the organization should be clear about their own
job roles, the decisions they can make, and those of their colleagues’. A member of
management must be appointed to take overall responsibility for the management
system and promoting awareness of customer requirements.
5.6 Management Review
How are we doing, are we meeting customers’ needs and achieving our objectives?
The system needs to be actively managed and continually adjusted and improved and
management review enables this to happen. Management review is the key to ensuring
the system adds value to the business.
Requirements: All of the data gathered about the performance of the system should
be analysed and submitted in an appropriate form to the management review. The
review examines this to see if the system is achieving what it set out to achieve. Other
changes and developments affecting the business are also considered and any changes
needed to the quality policy, objectives and to the management system to improve its
performance are decided.
Summary
Section 5 sets out requirements for top management involvement in leading and
directing the organization through the development and implementation of the quality
management system and continually improving its effectiveness.

6 Resource management
6.1 Provision of resources
What resources do we need to achieve our goals, policy objectives and targets?
Need to ensure adequate resources to deliver customer satisfaction.
Requirements: Determine what resources are needed and provide them, including for
continual improvement.
6.2 Human resources
How can we ensure people can do the job?
People performing work affecting conformity to product requirements should be

competent to perform their roles, and remain competent as their roles develop and
change. Competence is the application of knowledge, skills and behaviour to achieve a
performance standard.
Requirements: Determine what knowledge, skills, experience, training and

qualifications are needed for specific job roles, and what performance standards people
are required to work to. Monitor staff performance to make sure they can do the job
properly. Take appropriate action such as training and coaching to address any
shortfalls and new requirements. Re-assess performance after training and other
interventions and make sure the action has worked. Keep records of education,
training, skills and experience. Make sure that staff should understand the impact they
and their role have on customer satisfaction.
6.3 Infrastructure
What equipment, facilities and supporting services do we need to achieve our goals?
People need tools and systems to achieve results and these need to be planned and
provided. Infrastructure requirements include buildings, equipment, tools, machinery,
computers, desks, software systems, telephone, Internet and other communication and
information systems, vehicles and so on and so on.
Requirements: The organization needs to plan its requirements, provide and maintain
them, so that they are available and in working order when needed.
6.4 Work environment
What environmental conditions are needed to produce our product and meet customer
requirements?
Need to ensure that the work environment is suitable. Certain processes may need a
controlled environment. Examples are cleanliness and hygiene requirements in food
processing areas and protecting components from static electricity in the electronics
industry. Where the work environment could affect peoples’ performance and meeting
customer requirements the environment people work in must be suitable. For example
in a telephone sales office data-entry should not hampered by excessive noise,
temperature or display screens that are difficult to read.
Requirements: Identify what work environment is needed to ensure product meets

customer and regulatory requirements. Provide it.
Summary
Section 6 sets out requirements for planning, providing and maintaining human
resources, infrastructure and the work environment needed by the organization to
achieve its objectives and continually improve the effectiveness of the quality
management system.

7 Product realization
7.1 Planning of product Realization
How are we going to make our product and make sure it meets the customer’s needs?
Product Realization is all those processes needed to produce the desired product. This
requirement of ISO 9001 sets out the generic requirements for the planning and
development of these processes, documents and resources needed to ensure the
effective operation and control of these processes. Referring back to the PDCA cycle
and the model of a process-based quality system, it’s about planning the everyday
activities.
The organization should design and plan product realization processes that can meet
customer and applicable statutory and regulatory requirements in the most effective
way, that is with the greatest probability of meeting requirements, striving towards
meeting them on every occasion.
Where the product is routine the processes can be designed and then applied to all
customers until the product changes or an improvement opportunity is identified. For
example a training organization may develop a standard process for dealing with off-
the-shelf courses. Where the product is very different for each customer, as would be
the case for major construction projects such as a new sports stadium a customer
specific plan probably will be developed. Planning should include inspection activity to
ensure that progress can be checked and verified against the original agreement with
the customer.
Requirements:
• Identify relevant inputs prior to planning the realization processes. For example
customer and statutory and regulatory requirements for the product, documentation
required, quality objectives, resources, responsibilities and so on and so on.
• Identify the processes and resources required. Plan how the process is to be carried
out including documents and data to support their operation, controls, acceptance
criteria, records to demonstrate product meets requirements and so on and so on –
refer back to the IDEF Process Model.
• Produce tangible outputs that show how product Realization processes will be
carried out. For example process plans, resource plans, work instructions, process
documentation, control plans, verification or inspection and test plans.
7.2 Customer related processes
What does the customer want, and can we meet their needs?
If organizations are to achieve customer satisfaction, they need to properly understand

what it is the customer wants, including delivery date and support after delivery. This
section of ISO 9001 typically applies to enquiry, quotation, contract and sales activities.

The organization has a duty to ensure the product meets both the customers’ stated
(verbalised) and implied (expected) needs including statutory and regulatory
requirements applicable to the product. For example, a customer buying a new car may
specify the model, colour and accessories (stated needs). As the customer collecting my
new car, I would assume that the car meets safety and emissions standards, as required
by law and as outlined in product literature, and that I would not specifically need to ask
for these (implied needs).
Requirements: Organizations need to develop communication processes to inform

customers about their products. And to obtain enough information from customers to
fully and clearly understand what they need. The organization then needs to check that
it can meet those needs. If the needs cannot be met they should re-negotiate or the
order should be declined.
Communication processes need to be established that enable customers to give

feedback, including complaints.
7.3 Design and development
Organizations design products to meet customer specific needs or the needs of the
market. Design is fundamental to achieving customer satisfaction. Design must include
customer and applicable statutory and regulatory requirements for the product from the
start. ISO 9001 mandates requirements to ensure design is carried out as a series of
logical steps, including periodic reviews of the design to ensure requirements are
identified and carried forward into the final product. The ISO 9001 requirements for
design incorporate the PDCA cycle.
7.3.1 Design and development planning
How can we be systematic in the way we design our products?
Design should be carried out in a planned and systematic way. This applies to any form
of product design and development irrespective of whether the product is tangible, for
example hardware and software or intangible for example a service.
Frequently a number of people and departments will be involved at various stages in the
design. For example it is likely that manufacturing would be involved at some time in
the design of new hardware. There needs to be effective communication between
those involved in the design. And opportunity for the various functions to participate in
reviews of the design to ensure it is feasible to produce and deliver and meets customer
needs.
The output of the planning process should be in a format that meets the needs of the
organization.
Requirements: Plan the design process and:

• Determine the stages in the design process, including when periodic reviews will be
done.

• Identify who will be responsible for what and when.

• Identify key areas of communication.
• Update the plan as the design progresses.
7.3.2 Design and development inputs
What does our product need to do and what else must we take into account when we
design it?
At the outset features, characteristics, functional and performance requirements of the

product need to be identified. These may have been provided directly by the customer
or determined by the organization. Customers’ needs including legal and regulatory
requirements need to be identified.
Other inputs relating to the design process may include design proformas, checklists,
design protocols and procedural documents.
Requirement: Determine inputs relating to the product and keep records of them.
7.3.3 Design and development outputs
What outputs from the design process do we need and format and media will we use to
record them?
The normal output of design and development is the specification for the product and
information to enable it to be made. This may include information for purchasing,
production, inspection and test, operation and maintenance of the product. If the
process is engineering design, the output may be drawings and specifications. If the
process is software design the output may be a programming functional specification.
And if it is service design the output may be a service specification.
The design should be approved as meeting requirements before being released – look at
7.3.5 design verification and validation below.
Other outputs of the design process will include a design plan that is the output of
design planning activity. Also records of reviews, verification and validation results and
records of design changes.
Requirement: The specification and related information should be in a format that

meets the needs of the organization. The product should meet the input requirements
and include information to enable the product to be made. The outputs from the design
process should be approved before being released.
7.3.4 Design and development review
When and how should we review progress to make sure the design is on the right
track?

The product designed should meet the requirements specified at the start of the
process. Reviews are done as the design progresses to check that requirements are
being met. The organization decides when and how often reviews are done. The more
complex the design the more likely a number of reviews will be done. A simple design
or development project may have only one review, which would be of the completed
design – see 7.3.5 below.
Design reviews should be included in the design plan.
Requirements: Plan and conduct reviews. Identify any problems and action needed.
Keep records. Update the design plan as necessary.
7.3.5 Design and development verification
Will our design work when we make it?
The completed design should be formally reviewed before the product is made. The
review should check that the product designed meets requirements specified. The
review should also check that all requirements and activities set out in the design plan
have been completed.
Like earlier design reviews this is a review of the outputs from the design process, not a
review of the product itself. Typically it will be a review of drawings and specifications.
Requirements: Plan and conduct a review of the design outputs against requirements.
Record the results of the review and any necessary actions.
7.3.6 Design and development validation
Did our design work?
This is a check that the product designed really does meet requirements. Where
practical this check should be done before delivery of the product or implementation of
the service. Methods may include prototype testing hardware and software products
and service trials.
It is not always possible to prove the design meets requirements before the product is
made. For example, design of a building. Where this is the case validation may only be
possible over a period, after the product has been made. In such cases a plan for
validating the design should be produced and ideally agreed with the customer. In this
type of design lessons learned from previous designs are an essential input to the
design. And lessons learned from this design should feed into later ones. See ISO 9001
- 7.3.2c.
Requirements: Plan and conduct activities to demonstrate the product meet

requirements. Record the results and any necessary actions.

7.3.7 Control of design and development changes
What should we do when we want to change the design?
Changes to an established design should follow the same process as an original design.
That is they should be reviewed, verified, approved and validated as appropriate and
records kept.
Changing an established design can have an impact on customers. The effect of the
design change on other parts of the product and on product already delivered needs to
be considered during the design review. For example will a new version of software be
compatible with earlier versions already in use? Or, will a new hardware component be
interchangeable with earlier versions? Depending upon the outcome of the review
there may be a need to communicate the nature of the changes and their impacts to
those potentially affected.
Requirements:
• Identify and record design changes.
• Review, verify and validate design changes.
• Evaluate the effect of the changes.
• Record results of reviews and actions necessary.
7.4 Purchasing
How can we make sure we have the materials and services we need to meet our
customers’ needs?
Need to have the right materials/services in the right place at the right time.
Requirements:
• Select suppliers who are capable of meeting the organizations needs, and monitor
their performance to ensure that they continue to meet these needs.
• Specify clearly to suppliers what is wanted and when it is needed and check that the
purchased goods/services meet requirements.
7.5 Production and service provision
7.5.1 Control of production and service provision
How can we implement our production / service delivery processes effectively?

(Look back at 7.1).
Sections 7.2, 7.3, and 7.4 gave requirements for three specific Realization processes.
This section covers all other Realization processes. Section 7.1 of ISO 9001 dealt with
planning the operation of Realization processes. This section requires the planning
activities referred to in section 7.1 to be put into practice. Referring back to the PDCA

cycle and the model of a process based quality this requirement is about doing the
everyday activities in the way they were planned.
Requirements: Implement production/service delivery processes under controlled

conditions so the organization is confident that it produces what it said it would
produce.
7.5.2 Validation of processes for production and service provision
Did our planned way of working give us what we want when we put it into practice?
In the same way that it is necessary to validate the design of a product, the design of
the processes that will produce the product needs to be validated. In many cases
checking the product can do this. In others it cannot readily or economically be done
this way. In which case, the process must be proven in its own right. For example, a
sterilisation process.
Requirements: Make sure that processes are capable of delivering what is needed.
Identify processes where the output cannot be verified by monitoring or measurement.
Prove these processes are capable of delivering what is needed and monitor the process
not their product.
7.5.3 Identification and traceability
How will we identify different products and different stages of completeness?
Requirements: Identification of product in an appropriate way, making it clear

throughout product realization what checks have been made and what the results were.
And where traceability is required, have a method for uniquely identifying product and
keep records.
7.5.4 Customer property
Will we be using customers’ property in our product and if so how will we look after it?
Customer supplied product is often incorporated into product being supplied. For
example an organization that manufactures and installs signs may be attaching the sign
to their customer’s building. Similarly a financial institution or legal service may use
confidential information and personal data supplied by the customer. And a cleaning
company will take in items belonging to their customers. Other examples include the
use of intellectual property, tools and equipment provided by the customer and the use
of packaging or labels provided by the customer, for example brand labels. In all of
these cases the organization needs to exercise a duty of care with respect to the
customer’s property.
Requirements:
• Identify all instances where the customer provides items for use in the product or
customer property is used to provide the desired product.

• Exercise appropriate care and control over customer’s property.

• Communicate any problems arising to the customer and take action to rectify the
situation.
• Keep records.
7.5.5 Preservation of product
How will we look after the product and making sure it is not damaged or harmed?
Product needs to be looked after during production and delivery. This applies to all
types of product. It includes customer-supplied items and information. It included
component parts of the finished product. Examples include protecting integrated
circuits from static electricity, food packaging requirements and security of confidential
information.
Requirements: Plan and implement appropriate arrangements for identification,

handling, packaging, storage and protection of product.
7.6 Control of monitoring and measuring equipment
How can we be sure monitoring and measuring results are accurate?
Need to make sure that monitoring activities and inspection of product and processes is
accurate.
Requirements:
• Determine what monitoring and measurement is needed and determine what
equipment is needed for this, including what degree of accuracy is needed.
• Monitoring and measurement equipment needs to be identified and checked to
ensure that it is sufficiently accurate to do the job it’s required to do. And re-
calibrated if it is not.
Summary
Section 7 sets out requirements for planning, validating and operating the day-to-day
processes needed for product realization.

8 Measurement, analysis and improvement

(Look at your copy of ISO 9001 for the full text)
8.1 General
How can we ensure we meet requirements and continually improve?
Need to monitor measure and understand what happens in the business in order to
manage it effectively. Why guess when you can base your decisions on sound data and
facts? This part of ISO 9001 is the Check stage of PDCA.
Requirements: need to plan how to monitor, measure, analyse and improve processes,
and implement the plan.
8.2 Monitoring and measurement
Where are we now?
Having a direction and objectives for the management system and a plan for its
implementation is of little use without information to tell the organization where it is
against its plan. Management and measurement activities will enable the organization
to work out what it needs to do to get from where it is to where it needs to be.
Requirements:
• Monitor information relating to customer perceptions, to find out what customers
think about the organization's products and services.
• Perform internal audits to check whether processes are being carried out as
intended, in accordance with ISO 9001 requirements and whether they are effective
in achieving desired results.
• Monitor and measure processes to see whether they achieve the results needed.
• Monitor and measure the product against the specification and acceptance criteria
to make sure it meets requirements.
8.3 Control of nonconforming product
How do we make sure we don’t deliver substandard products or services to customers?
Need to ensure that where a problem is detected the organization ensures that the
problem is rectified before it affects the customer.
Requirements:
• When problems are identified the organization needs to act to ensure that the
product cannot be used or delivered to the customer, unless the problem is
corrected or the customer is told of the nature of the problem and agree to a
concession. If problems are identified after delivery the organization must evaluate
the effect or potential effect of the problem and act appropriately.
• A documented procedure is required that describes the controls, responsibilities and
authorities for dealing with non-conforming product.
• Keep records.
8.4 Analysis of data
What is the data telling us?
Having gathered measurement and monitoring data the organization needs to make
sense of it in order to learn and improve the management system. Remember that
‘management system’ refers to how the business operates to achieve customer and
statutory and regulatory requirements for the product and quality objectives and policy.
Not the collection of paperwork called the quality manual and procedures.
Requirements:
• Decide what data needs to be collected to assess whether the management system
is doing its job, and to identify where there are opportunities to improve.
• Include data on customer satisfaction, product conformity, process performance,
opportunities for preventive action, and suppliers.
• Collect this data, and analyse it to establish patterns, trends, common areas of
strengths and weaknesses.
8.5 Improvement
How can we get better?
If the management system is to add value to the business it must generate improvement
and enhance customer satisfaction.
Requirements
• Continual improvement through a process of setting measurable objectives,
monitoring progress, reviewing results and identifying and acting upon opportunities
to improve further.
• Identify the root cause of problems and act to make sure they cannot be repeated.
• Documented procedure for corrective action.
• Plan to prevent problems by learning from previous problems and near misses. Use
appropriate planning and risk analysis techniques to identify potential problems and
act to prevent them occurring.
• documented procedure for preventive action.
Summary
Section 8 sets out requirements for planning and implementing monitoring and
measurement, analysis and improvement of processes that comprise the quality
management system. The monitoring and measurement activities generate data that
can be used for fact based decision making in continual improvement processes and
feed through to management review for top management to act on, so completing the
PDCA improvement cycle.


LOYDS QMS Pre Course Work PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LOYDS QMS Pre Course Work PDF

Uploaded by

Copyright:

Available Formats

QMS Auditor/Lead Auditor

Welcome to the Quality Management Systems Auditor/Lead Auditor training course.

What is this pre-course work for?

How long will it take?

What happens if I do not complete this?

Am I expected to remember all of the information in this pack?

QMS Auditor/Lead Auditor Page 2 of 45

SECTION A The ISO 9000 Series of Documents 4

SECTION B ISO Terms and Definitions 5

ISO 9000 Quality Management Principles

SECTION D Understanding Processes 9

SECTION E ISO 9001 Structure and Contents 13

SECTION G Verification of pre-course work 23

SECTION H Defining Personal Course Objectives 26

Appendix Guide to ISO 9001 Requirements 28

QMS Auditor/Lead Auditor Page 3 of 45

The ISO 9000 Series of Documents

• ISO 9000 - Quality management systems – Fundamentals and vocabulary

• ISO 9001 - Quality management systems – Requirements

• ISO 9004 – Managing for the sustained success of an organization – A quality

QMS Auditor/Lead Auditor Page 4 of 45

Quality management system

QMS Auditor/Lead Auditor Page 5 of 45

QMS Auditor/Lead Auditor Page 6 of 45

The Eight Quality Management Principles

5. Systems approach to management

7. Factual approach to decision making

8. Mutually beneficial supplier relationships

QMS Auditor/Lead Auditor Page 7 of 45

Matching ISO 9001 requirements to the quality management

Use this example to start to familiarise yourself with ISO 9001.

Principle ISO 9001 requirements that support the principle

QMS Auditor/Lead Auditor Page 8 of 45

The Process-improvement model

• Do - Do what you planned to do and measure it as planned.

• Check - Check the results against expectations.

QMS Auditor/Lead Auditor Page 9 of 45

The Process model

• Process - set of interrelated or interacting activities which transforms inputs into

• Product -result of a process.

• Procedure - specified way to carry out an activity or process.

It is useful to be able to represent a process by a simple diagram. The Process model

u Input Activities u Output

QMS Auditor/Lead Auditor Page 10 of 45

For example, consider the enquiry handling part of a sales process.

Controls - controls or constraints applied to the

Input – materials or Output - the result of

Resources - resources to enable the process

QMS Auditor/Lead Auditor Page 11 of 45

Process conformance and effectiveness

A process is conforming when carried out in accordance with planned arrangements.

For example, consider a purchasing process. The purpose of a purchasing process is to

QMS Auditor/Lead Auditor Page 12 of 45

Quality management systems

QMS Auditor/Lead Auditor Page 13 of 45

ISO 9001 – Model of a process-based quality management system

Quality Management Process Model

Customers Requirements - consider customers at two levels, as shown on the left-

QMS Auditor/Lead Auditor Page 14 of 45

Management Responsibility - Businesses generally operate within a market sector.

Through this communication with customers top management will be in a position to

• Quality policy – overall intentions of an organization with regard to quality.

• Quality objectives – something sought, or aimed for, relating to quality.