This is a basic question and one that is very likely to take center stage during the certification audit. The focus on this question subsides during periodic audits, primarily because the organization’s management system matures and the same auditor often assesses one company multiple times.
First: Ascertain whether the organization has done a good enough job communicating the policy to its employees;and that the employees have internalized the organization’s stance in regards to quality.
Second: Ensure that employees understand the quality policy.
Third: Check that there is indeed a quality policy.
Best: Employees know where to find the quality policy and are able to articulate in their own words what the policy means to them and how it affects their work, as well as their appreciation and understanding of quality.
Better: Employees know where to find the quality policy and can read it without feeling nervous.
Good: Employees know where to find the quality policy.
This is a question that applies to everyone, not just managers. It is expected that objectives are represented with data and charts, but not absolutely required.
First: Ascertain whether the company has goals they want to achieve and that it measures and tracks processor product performance, as a whole or individually by department or employee.
Second: Ensure that employees understand the quality objectives and how their performance greatly affects the outcome of those objectives.
Third: Check that there are indeed quality objectives.
Best: Employees know where to find the quality objectives and they understand exactly why they have been established and what their purpose is. They know what the desired goal is and how to tell whether it has been achieved. They know how to initiate corrective action when the desired state is not achieved.
Better: Employees know where to find the quality objectives that apply to their position or department and can show if they are doing well or not.
Good: Employees know where to find the quality objectives.
Procedures or documents in general are an integral part of ISO – you need them in order to ensure processes are in control. Therefore, questions regarding documents are definitely going to appear throughout the audit.
First: Ascertain whether employees follow standard processes frequently as part of their jobs, regardless of whether those processes are documented in a formal, written procedure or not. If there are written procedures or other documents, it is also important to determine whether employees can easily find any documents related to their jobs.
Second: Ensure that the company has determined which procedures are needed and documented those processes that are integral to its core operations.
Third: Check whether the employee knows of the existence of any procedures.
Best: Employees know where to find the procedures that apply to their job, can obtain them quickly, and can speak about them and feel invested in the procedure as well as the process.
Better: Employees know where to find the procedures that are applicable to them.
Good: Employees know procedures exist.
The whole concept of continual improvement is paramount to ISO, and the auditor will try to assess it over and over. The auditor will ask for at least the basic concepts of continual improvement.
First: Ascertain whether employees understand the concepts of nonconformance, continual improvement, and corrective and preventive actions and whether they understand the systems that have been put in place to handle them.
Second: Determine if the company encourages use of continual improvement tools and has communicated those to all employees.
Third: Check there is a system in place for handling nonconforming product/service, corrective and preventive actions.
Best: Employees know when to use a nonconformance report and when to use a corrective action or preventive action. They actually have issued some in the past, have been assigned NCRs to disposition, or have been tasked with conducting root cause analyses for corrective or preventive actions.
Better: Employees know there are systems in place for handling nonconformances and corrective or preventive actions and can point to them.
Good: Employees know there are systems in place.
This is a broad question and can lead to many answers. Employees may refer to procedures, job descriptions, objectives, etc.
First: Ascertain whether employees are aware of their responsibilities and their roles in the overall success of the quality (environmental, safety, information security) management system.
Second: Ensure that the organization has defined responsibilities for all positions, and that each employee has a good understanding of what his or her responsibilities are.
Third: Check that responsibilities have indeed been defined.
Best: Employees know what their responsibilities are and understand their importance to the success of the management system. They know where their responsibilities have been defined and documented and have agreed to them in writing.
Better: Employees are aware of their responsibilities and grasp their importance to the success of the management system.
Good: Employees know the tasks they are responsible for.
Miriam Boudreaux is the CEO and Founder of Mireaux Management Solutions, a technology and consulting firm headquartered in Houston, TX. Mireaux’s products and services encompass international standards ISO and API Consulting, Hands-On Training, Auditing, Document Control and implementation of Web QMS platform.
To get in touch with Miriam Boudreaux, please contact her at firstname.lastname@example.org.