224 Confidential Charis Practise Exam Paper Solutions Note to markers Markers are expected to use their experience and judgement as certificated auditors, bound by the Charis — The Training Company code of conduct. Markers must give due consideration to logically argued solutions that might not conform precisely to the typical solution and other answers may be acceptable. This is, especially relevant when marking sections three and four. Marker One, and Marker Two where applicable, shall annotate students’ examination Papers clearly to show where each mark is given and shall record their justification for awarding marks outside of the typical solution. Markers should use the margins provided for this, ensuring marks and justifications given by each marker are clearly discemible for review by the Charis Training Assessor. 08/04/2022 vaiRi228 Section one — five questions worth two marks each — maximum 10 marks 1.1 In the context of a quality management system and ISO 9001:2015, explain, in your own words, the difference between a ‘risk’ and an ‘opportunity’ (2 marks) Typical solution A isk is the effect of uncertainty. An effect is a deviation from the expected — positive or negative. An opportunity is @ favourable situation to getting an intended result. It may be taken or not, Note to marker: Award 2 marks for correctly identifying the distinction. 1.2 Explain, in your own words, the terms ‘audit scope’ and ‘audit criteria’ and give an example of each. (2 marks) Typical solution The audit scope is the boundaries set for the audit, eg products and services, processes, activities or organisation Audit criteria are sets of policies, procedures or requirements that are used as a reference against which audit evidence is compared, eg legislation, a regulation, ISO 9001:2015, a contract. Note to marker: Award 0.5 marks for explanation and 0.5 marks for example. 1.3. Explain, in your own words and using examples as appropriate, the difference in meaning of the terms ‘responsibility’ and ‘authority’, (2 marks) Typical solution Responsibility means that an individual or a group has been charged with ensuring that something gets done. They will be held accountable for the successful completion of that task or assignment. (1 mark) Authority is the right to take action and make decisions. eg Top Management have responsibility for ensuring that quality objectives are established. Department Managers may be given the authority to set appropriate quality objectives for their own areas. (1. mark) | 08/04/2022 vaiRi226 1.4 Give one example of ‘infrastructure’ referred to in ISO 9001:2015 clause 7.1.3 and describe how it could affect conformity to product requirements. (2 marks) Typical solution * Buildings and associated utilities, eg - manufacturing space — including heating, lighting, water and waste - storage buildings — condition needs to ensure product is protected from damage, deterioration or contamination. + Equipment, including hardware and software, eg: - Machinery and tools — hoists, lathes, drills, grinders, hammers, grass cutters, brushes - Instruction manual — to operate machinery, to tune a piano - Driving licence — specialist needs for a large goods vehicle or a passenger carrying vehicle. ‘+ Transportation resources, eg - number, availability and capacity of vehicles for a taxi service = specialist delivery vehicles (eg secure or refrigerated) to maintain product condition, ‘+ Information and communication systems, eg} - databases — need to provide adequate accessibility to and security of data, for example client details - Internet and phones ~ websites availability, ease of use for customers; need to be adequate to meet customer requirements for response times, call handling volumes, etc. Note to marker: Answers may vary widely depending upon the student's background. Other appropriate examples are acceptable. Award 0.5 marks each for the example and 1.5 marks for the supporting explanation. 1.8 |SO 9001:2015 requires the analysis of data and information Give two examples of how analysed data and information is used in an ISO 9001:2015 QMS. For each example quote the relevant ISO 9001:2015 clauses. (2 marks) Typical solution 08/04/2022 vaiRi227 Analysed data and information is used to determine the performance and effectiveness of the QMS [9.1.3 and 9.3] Analysed data and information is used to identify where continual improvement of the QMS can be made [9.1.3 and 10.3). Analysed data and information is used to evaluate the performance of external providers [9.1.3] ‘Note to marker: Award 0.5 marks for each appropriate example and 0.5 marks for identifying a relevant clause, to a maximum of 2 marks. Section two - four questions worth five marks each 21 An audit should be evidence-based. a) In your own words, briefly explain the principle of an ‘evidence-based approach to auditing’. (3 marks) Typical solution The basis of any audit is that evidence of conformance or nonconformity is ‘objective’ and therefore verifiable at the time or at a later date. Note to marker: Marks awarded as per the underlining above, up to a maximum of 3 marks. b) Identify two methods by which an auditor gathers evidence. (2 marks) Typical solution + Interviewing people + Sampling records and documents ‘+ Observing process and activities. Note to marker: one mark for each point, up to a maximum of 2 marks. 22 Inan audit a) Describe the purpose of the opening meeting (2 marks) 08/04/2022 vaiRi228 b) List three items that should be considered in an opening meeting (3 marks) Typical solution | The purpose of the opening meeting is to confirm the audit pian, introduce the audit team and ensure that all planned audit activities can be performed. Note to marker: Award 2 marks for this or another acceptable answer. The following items should be considered in an opening meeting as appropriate: ‘+ Introduction of the participants * Outline role of each participant + Confirmation of the audit objectives * Confirm of the audit scope * Confirm of the audit criteria * The audit timetable * Any changes to plan ‘+ Arrangements for interim meetings * Arrangements for the closing meeting * Sampling methods + Uncertainty in auditing * Reporting methods + Grading of findings + Reporting language * The role of guides * The role of observers © Communication links. Note to marker: Award 1 mark for each item equating to 3 marks, maximum. Alternatives from ISO 19011 are acceptable. 23 Inan audit situation: a) Give one example of a working document you would prepare before an audit (1 mark) Typical solution 1, A requirement trail from customer need to customer solution 08/04/2022 vaiRi229 2. Adiagram/document detailing the company processes and their interactions 3. Aghecklist or similar document that acts as a prompt and which is based on the requirements of the standard and the organisation's own arrangements. ®) Briefly describe how you would use it during the audit. Include at least, four uses in your description. (4 marks) Typical solution It will be used to quide the auditor through the audit in a structured way, to ensure coverage of all necessary requirements and as a memory jogger to make sure the requirements of the standard are being covered. It will be used flexibly as a guide not as a rigid set of questions. It can also be used to record the audit findings. Note to marker: An alternative answer could be related to an audit plan. An audit plan tells the team and the client the sequence and timings for the audit 5 including opening and closing meetings. In addition, it identifies resources and auditee attendees. It will be used to communicate arrangements and to maintain focus on the time It can be used to prioritise and can be changed as appropriate to accommodate unexpected events. Note to marker: Award one mark for identifying a valid example of a working document. Award one mark for each correctly identified use of the working document, up to a maximum of 4 marks. 24 — Inan audit situation a) Briefly describe why it is important to contact the person responsible for an area prior to an audit of that area. (This might be the process ‘owner for an internal audit or the Quality Director/Manager for an external audit). (2 marks) Typical solution | To ensure a common understanding exists of the purpose and arrangements for the audit, including its scope and criteria OR 08/04/2022 vaiRi230 To build rapport, introduce yourself and set the scene for the audit. OR To confirm arrangements and provide the auditee with an opportunity to ask questions about the audit process. Note to marker: Award 2 marks for any of the above or another acceptable answer. b) List three topics you would want to discuss when contacting that person prior to the audit. (3 marks) Typical solution + Any significant changes to the planned arrangements + General arrangements, contacts and guides and working hours * Site rules and access ~ for occupational health and safety arrangements and any personal protective equipment needed + Arrangements for opening and closing meeting ‘+The audit plan, timings and duration + Issues from previous audits and corrective action taken. Note to marker: Award 1 mark for each of the above or another acceptable answer, up to @ maximum of 3 marks. Section three — three questions worth 10 marks each 3.1. Arroad haulage company's quality policy statement states: “We will meet our customer requirements 100% of the time, every time.” The performance data shows that they have averaged 90% on-time delivery for the previous three years. You discuss this with the Quality Manager who tells you that this is the industry average and they are satisfied with this performance. He explains that “most of the delivery 08/04/2022 vaiRi231 problems are caused by road congestion, and so we do not take any action on late deliveries because this is out of our control". You ask to see the records to determine what percentage of the late deliveries is due to road congestion. The Quality Manager states: "We do not keep detailed records because we just know the reasons and have concluded that at the moment we do not need to do anything.” You ask whether they receive any complaints about the late deliveries. The Quality Manager replies: “On occasion some customers complain but I'm sure most of them understand that the traffic problems are out of our control.” a) Outline two significant areas of potential concem in the audit situation, (3 marks per issue = 6 marks) AND ») For each issue give two questions you would ask to investigate your initial concems. For each question quote the applicable clause of ISO 9001:2015. (1 mark per question per issue = 4 marks) 08/04/2022 vaiRi232 Typical solution Issue 1 Quality policy and performance are not aligned because the organisation appears to be satisfied with a 90% on time delivery performance when their quality policy states’ that they will meet their customer requirements 100% of the time, every time. Questions: + When the quality policy was last reviewed was account taken of actual delivery performance? [5.1.1]. + Does the quality policy support the organisation's strategic direction? (5.2.1 a)] + What arrangements are in place to achieve these objectives? [6.1.1 a)] + How are quality objectives established at relevant functions and levels throughout the organisation? [6.2.1] + Are any quality objectives set to support this commitment in the Policy? [6.2.1 a)}. Issue 2 Nonconformities do not appear to be effectively monitored and appropriate corrective’ actions implemented. There is no documented information (records) to demonstrate that analysis of the nonconformities (late deliveries) is taking place and there is no evidence of any corrective actions. Questions: + How are customers communicated with following late deliveries? [8.2.1] + Are customers told in advance of their order being taken what contingency plans are in place if deliveries are delayed? (8.2.1 e)] + Has a review been undertaken to consider if the organisation can meet the delivery times? [8.2.3.1 a)] + How are they dealing with the customer complaints related to the late deliveries? (10.2) Have the risks relating to late delivery been updated? [10.2.1 e)]. Notes to marker: The two issues described above are ones that students are likely to identify. Markers’ may use their discretion and accept others, eg continual improvement of the effectiveness of the QMS through the use of [10.1]. |Award up to 3 marks for each of the 2 significant issues identified. 08/04/2022 vaiRi233 |Award 1 mark for each investigatory question with its associated ISO 9001:2015| reference. Deduct 0.5 of a mark where the ISO 90012015 reference has not been Iprovided. |Additional - The outline of the issues and the questions should demonstrate that delegates understand the issues and how to investigate them. Simplistic and incomplete answers, for example “the company is not meeting their quality policy when did you last review the policy?” should be penalised and awarded not more than’ half the available marks. 3.2 [SO 9001:2015 suggests that: “The extent of documented information for a QMS can differ from one organisation to another”. a) Outline three benefits to the organisation of an appropriately documented ms. (3 marks) Typical solution People have easy access to up-to-date information Helps to ensure that process are performed consistently Provides a vehicle to communicate changes and support their implementation ‘+ Can assist in training of new employees or those changing roles Provides a way of capturing and sharing best practice in the organisation Note to marker: One mark for these or similar valid points, up to a maximum of 3 marks. b) Outline three disadvantages of an overly documented system, (3 marks) Typical Solution * Can be difficult to navigate around, leading to people bypassing the documentation * Can result in conflicting information — similar information is contained in a number of different places * It can become difficult to maintain, as many different documents may need to be updated when a change is made * Can be difficult for people to find what they are looking for. 08/04/2022 vaiRi234 Note to marker: Award 1 mark for each of these or similar valid points, to a maximum of 3 marks. c) ISO 9001:2015 includes specific requirements for the control of ‘documented information of external origin’. Give two examples of such documents (2 marks) AND ‘State two document control issues that might apply particularly to documents. of extemal origin (2 marks) Typical solution Examples could include extemal standards (eg ISO standards), customer contracts, specifications or quality plans, regulatory or statutory instruments etc. Note to marker: Award 1 mark for each relevant example provided to a maximum of 2 marks, Issues could include: The organisation needs to identify what documented information of external origin is necessary for the planning, operation and control of the QMS The organisation needs a mechanism for knowing when external documented information are changed, updated, reissued or withdrawn When documented information is changed, the organisation needs a means to identify what has changed, and assess the impacts of that change The organisation needs to determine who needs to have access to this documented information, and must provide access in an appropriate way The organisation needs to ensure that any confidentiality, data security or copyright requirements are upheld. Note to marker: Award 1 mark for each relevant issue provided, up to a maximum of 2 marks. 33 You are conducting an audit of management review. You examine the minutes of the last three management review meetings that cover a period of two years, You note they have largely been a presentation by the Quality Manager to top management of operational cost issues and nonconformities identified through intemal audit. The minutes do not indicate any actions resulted from the review. 08/04/2022 vaiRi236 You consider this does not meet the requirements of ISO 9001:2015 clause 93. a) In relation to clause 9.3, jentify and explain two possible non conformities in this scenario, (4 marks) Typical solution a) Possible nonconformities: 9.3.1 The management review does not adequately address the QMS's continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organisation 9.3.2 The coverage of the management review does not meet the review input requirements — eg trends in customer satisfaction 9.3.3 The output of the management review does not include decisions and actions required — eg opportunities for improvement. Note to marker: Award 2 marks for each requirement of ISO 9001:2015, to a maximum of 4 marks. b) Ide three other clauses of ISO 9001:2015 that you would want to discuss with top management. For each clause selected briefly outline what your discussions will cover. (6 marks) Typical solution b) Discussion with top management Clause Discussion How does the organisation determine relevant external and Context of the internal issues and in particular, in relation to its purpose and organisation [4.1 and 42] its strategic direction? How does the organisation determine the relevant requirements of relevant interested parties? (2 marks) Management commitment [5.1] Discussion around 5.1) through }) to gain an understanding of how well they understand the broad requirements of ISO 9001:2015 and the role of top management. (2 marks) 08/04/2022 vaiRi236 Organisational roles, responsibilities and authorities [5.3] How the various QMS roles were selected and their responsibilities defined. The responsibilities of top management in relation to the QMS in general and management review in particular. (2 marks) Competence (7.2) The responsibilities of the top management and other quality- related people and how competence requirements have been identified and addressed (2 marks) Customer- related issues: Customer feedback [9.3.2 c) 1)] Customer satisfaction (9.1.2) Analysis of data [9.1.3 and 9.3.2 b)] How does top management assess and review the perception their customers have of the organisation's performance and how is that information attained? What information does top management have to enable them to determine the continuing suitability, adequacy and effectiveness of the QMS? (2 marks) Quality policy and quality objectives (5.2, 6.2, 7.3 and 9.3.2] What involvement does top management have in the development and review of quality policy and quality objectives? ‘What is the process for this? How do they determine their quality objectives? Is everyone aware of the quality policy and quality objectives? How do they review the trends in their achievement? (2 marks) Actions to address risks and opportunities [6.1] ‘What consideration does the organisation give to the external and internal issues, the relevant requirements of the relevant interested parties as well as risks and opportunities when planning the QMS? How is this done? What approach is involved in addressing increasing desirable effects and preventing, or reducing, undesired effects? What method is used to give assurance that the QMS can achieve its intended result(s)? For the risks and opportunities associated with the QMS being able to deliver its intended result(s), how does the organization plan to integrate and implement the actions into its QMS processes? How will it evaluate the success of these actions? (2 marks) Improvement (10.1, 9.1.2, 6.3] ‘What is the process for identifying improvements to increase the effectiveness of the QMS? How does top management consider improvements to product quality based on customer feedback? 08/04/2022 vaiRi237 How is any improvement initialive implemented? (2 marks) ‘Note to marker: Award 2 marks for each requirement of ISO 9007:2015, up to a maximum of 6 marks. 08/04/2022 vaiRi238 Section four — three questions worth 10 marks each — maximum 30 marks Questions in this section are desis Ined to test the student's ability to analyse audit situations, evaluate audit evidence and apply knowledge of the audit criteria correctly Students are required to: Either + Complete the nonconformity report template. Marking scheme for a nonconformity: Note: For correctly identifying the scenario as a nonconformity (2 marks) For a clear description of the nonconformity @ marks) For correctly quoting relevant evidence @ marks) For correctly identifying the relevant ISO 9001:2015 requirement (1 mark) Overall clarity of the nonconformity report . a mark) if students raise a nonconformity report when there is no nonconformity, 0 (zero) marks will be awarded. OR ‘+ Complete the audit investigation template, clearly stating: Note: Their reason(s) for thinking there is not yet sufficient evidence to report their findings as a nonconformity (2 marks) How they would investigate to determine conformity or nonconformity, including audit trails they would follow and specific examples of audit evidence they would seek and for what purpose. (8 marks) If students complete the audit investigation template for a situation where there is evidence that a nonconformity exists, a maximum of 7 marks may be awarded as follows: 08/04/2022 Providing a valid reason why there is insufficient evidence for a nonconformity (2 marks) vaiRi239 + Providing relevant audit trails as above. (5 marks) Note: Marks should only be awarded where the audit investigation trails are relevant to the situation and would provide further evidence of conformance or non-conformance. 08/04/2022 vaiRi240 4.1 Audit situation one: During your audit of the sales department, you notice a recent contract, number A12345, has been accepted by the Sales Manager. Sales staff have developed a works order and passed it to the production planning department. You ask to see evidence that the contract has been reviewed. You are shown a letter to the customer accepting the order, signed by the Sales Manager. You are also shown a report from the Production Manager (number Prod D123), dated two weeks after the Sales Manager's letter of acceptance. This report shows that the production department have not been able to meet this specification for three months. It therefore requires the sales staff to ask the customer to accept some modifications to their original requirement and an extended delivery time, None of these issues were mentioned in the Sales Manager's letter of acceptance, You ask to see the response from the customer and confirm that the customer has accepted the modifications and the revised delivery date, but also note in a letter from the customer that they are dismayed about the changed delivery date. Solut nonconformity IRCA QMS AUDIT - NONCONFORMITY REPORT 1 Nonconformity (2 marks for identifying the scenario as a nonconformity) Description of the nonconformity (3 marks for identifying the failure) Processes for the provision of product have not ensured that the organisation has the ability to meet the requirements, prior to the organisation's commitment to supply product to the customer. Evidence (3 marks for identifying the evidence) The production manager's report Prod D123, dated two weeks after contract A12345 had been formally accepted and stated they could not meet the customer's specification and requested modifications to the requirements and an extension of the delivery time. 150 9001:2015 clause and requirement: 8.2.3.1 The organisation shall ensure that it has the ability to meet the requirements for products and services to be offered to customers. (1. mark clause and requirement and 1 mark for clarity of answer) 42 Audit situation two: You are carrying out an audit of an insurance company. You ask the New Business ‘manager what his key process is. He states that itis in an online document called The Guide to Identifying and Dealing with Insurance Risk. The Business manager points to the same document when asked the same question. 08/04/2022 vaiRi244 During the same audit, you discuss the risk evaluation process with the Business Risk Manager. He describes a comprehensive system based on the Plan-Do-Check-Act cycle for risk, which includes identifying risks, determining the need to take action, implementing actions and ensuring that the actions are successful. This is described in The Guide to Identifying and Dealing with Insurance Risk. Later, you ask the Chief Executive Officer about The Guide to Identifying and Dealing with Insurance Risk. He tells you that it is not a document he is familiar with. He explains that, as an organisation, risks and control measures are vital to their business, Solution — no nonconformity Audit investigation: There is no nonconformity and further investigation is needed to determine if The Guide to Identifying and Dealing with Risk document meets the actions to address risks and opportunities requirements of ISO 9001:2015. (2 marks) Points of investigation and evidence sought: ‘+ When creating, reviewing and updating The Guide to Identifying and Dealing with Insurance Risk, did the organisation consider the external and internal issues relevant to its purpose and its strategic direction and that affect its ability to achieve the intended QMS result(s)? [6.1and 4.1] + When creating, reviewing and updating The Guide to Identifying and Dealing with Insurance Risk, did the organisation consider any relevant requirements of relevant interested parties? [6.1 and 4.2]. + Determine if The Guide to Identifying and Dealing with Insurance Risk document conforms to the requirements for actions to address risks and opportunities [6.1.1], and if so whether it has been effectively implemented [4.4.1]. * Ask who is responsible for what aspects of these processes, and how responsibility and authority has been determined [5.3] + Does The Guide to Identifying and Dealing with Insurance Risk give assurance that the QMS can achieve its intended result(s)? [6.1.1 a)]. + Does The Guide to Identifying and Dealing with Risk address the enhancement of desirable effects? [6.1.1 b)]. * Does The Guide to Identifying and Dealing with Risk address the prevention, or reduction of undesired effects? (6.1.1 c)]. * Does The Guide to identifying and Dealing with Risk address how to plan actions to address these risks? [6.1.2 a)] + Does The Guide to Identifying and Dealing with Risk address how to integrate and implement the actions into its QMS processes? [6.1.2 b) 1)]. 08/04/2022 vaiRi242 * Does The Guide to Identifying and Dealing with Risk address how to evaluation of the effectiveness of these actions? [6.1.2 b) 2)]. ‘+ Has the organisation provided any necessary information and communication technology to support the activities detailed in The Guide to Identifying and Dealing with Insurance Risk [7.1.3] + Look for evidence that staffare competent on the basis of appropriate education, training, or experience for the activities described in The Guide to Identifying and Dealing with Insurance Risk. [7.2] + Does The Guide to Identifying and Dealing with Insurance Risk address risks to meeting customer, statutory and regulatory requirements and not just insurance risks to the organisation [8.2.2] + If not, are there other processes or documented information that cover these aspects? [4.4.1]. + Does The Guide to Identifying and Dealing with Insurance Risk address monitoring and measurement, analysis and evaluation? (9.1) + Is The Guide to Identifying and Dealing with Insurance Risk available and suitable for use, where and when it is needed? [7.5.3.1]. + Is The Guide to Identifying and Dealing with Insurance Risk under access control and change control? [7.5.3.2]. + Is The Guide to Identifying and Dealing with Insurance Risk under access control and change control? [7.5.3.2]. + Is The Guide to Identifying and Dealing with Insurance Risk reviewed to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organisation? [9.3.1] Note to marker: 2 marks for each point of investigation and the evidence sought, up to. a maximum of 8 marks. Other relevant points of investigation along with stated evidence may be accepted. You are auditing the design activities at a company that designs storage and distribution solutions as a service to customers. You discuss a recently completed project number Q456 with the Project Manager and are shown the customer specification, customer communication and much more documented information (records) leading through to the final Capacity and Operations 08/04/2022 vaiRi243 Planning Recommendations, which is the deliverable from their design and development process. You ask to see the design plan for the project and the Project Manager tells you: “We do not use design plans as such in this organisation.” You ask: "How do you plan and control the design to ensure everything comes out OK?” The Project Manager replies that they simply follow their detailed software-based project management process as well as investing a lot of care and attention to ensure the desired solution is achieved. Solution — no nonconformity Audit investigation: There is no nonconformity. Further investigation is needed to determine the extent to which the solution satisfies the design and development requirements of ISO 9001:2016. (2 marks) Points of investigation and evidence sought: + Review the computer-based project management process to determine if it encompasses requirements of ISO 9001:2015 for design and development planning, planned design controls (including design reviews, and planned arrangements for design verification and validation) as well as design and development changes? [8.3.2, 8.3.4, 8.3.5 and 8.3.6] (4 marks) ‘+ For project Q456 check documented information (records) for evidence of design and development planning, controls, outputs and changes [8.3.2, 8.3.4, 8.3.5 and 8.3.6). (4 marks) + Investigate how changes to requirements and control of design and development changes are managed through the software process, including any requirements to amend design and development outputs (8.2.3, 8.2.4, 8.3.3, 8.3.6] (4 marks) ‘+ Investigate arrangements for responsibilities and authorities to maintain the status of design documented information (plans and records) held within the software and how access is controlled, eg read-only [8.3.2 d), 5.3, 7.5.3.1 and 7.5.3.2]. (4 marks) ‘+ Investigate arrangements for competence and training needed to use the software and check documented information (records) for persons involved in project Q456 [7.2]. (2 marks) * Investigate arrangements for maintaining the software and documented information (records), eg back-up and archive [7.1.3 and 7.5.3.2] (2 marks) Note to marker: Other relevant points of investigation along with stated evidence may be accepted. Maximum of 8 marks. 08/04/2022 vaiRiCQI and IRCA ae Certified Training €CQI @IRCA We hope you enjoyed your course ‘You wil be contacted by the CQI and IRCA for feedback on the course and your Approved Training Partner. Completing this short survey will help to ensure the continuing high standards of these courses. You can also record your certificate and receive information about the CQI and IRCA, auditing and quality news, ISO updates and much more. To record your certificate, visit www.quality.org/record-your-certificate Qcal BIRCA245 Notice of processing data for delegates The Chartered Quality Institute (the CQl) has approved your training provider to deliver the certified course that you are attending, During or after your course has finished, your training provider sends us some information about you. ‘As a registered UK chatiy, the CQl is subject to the General Data Protection Regulation (GDPR), a European law that gives you certain rights with respect to your personal data that is shared with the Institute. We process your data in order to Provide you with a verifiable record at the conclusion of the course Assess the provider and the training that you have received. The data that is shared with us by your training provider includes your name, your email address, the hname of your tutor, the course in which you are registered, the date of your course and the results of final assessments that you have completed. You are assigned a student identification number when you register for a CAI or IRCA certified course. We retain your name, course and exam details, and this student identification number in perpetuity, so that we can verify, upon request, that you completed the course for which you have registered We use your name, email address and course information to send you a personalised email following the conclusion of your course, in which we ask you to give us feedaack on your experience with the Course, your tutor and the training provider. We also ask you whether you are interested in recelving additional information from us about the quality profession, the CQ and IRCA, and our products and ‘As a data subject you have certain rights under the GDPR including, for example, the right to access the data that we hold about you. You can contact the CQI directly or through your training provider to exercise your GDPR rights. The CQl can be reached directly at: trainina@auality 01, QI Notice of processing data for delegates_ April 2018_v1 08/04/2022 vaiRi246 Choris The Training Company Complaints Information At Charis we are committed to providing industry leading professional training. However, if you feel dissatisfied with the service or would like to appeal exam results, please let us know. You can contact us via the following methods: Email: admin@charisventures.co.uk Phone: 01772 896258 Post: Charis Management Systems, 4th Floor, Media factory, UCLAN, PR1 2HE Please ensure to provide us with your name, customer/partner, contact information and a detailed description of your complaint. 08/04/2022 vaiRi