INTERNATIONAL ISO

STANDARD 10011-1
First edition
1990-12-15

Guidelines for auditing quality systems —

Part 1:
Auditing

Lignes directrices pour l'audit des systèmes qualité —

Partie 1: Audit

Reference number
ISO 10011-1:1990(E)
ISO 10011-1:1990(E)

Contents
Page

1 Scope .............................................................................................. 1

2 Normative reference ................................................................. 1

3 Definitions ................................................................................. 1

4 Audit objectives and responsibilities ......................................... 2

5 Auditing ..................................................................................... 4

6 Audit completion ....................................................................... 6

7 Corrective action follow-up ....................................................... 6

Annex

A Bibliography .............................................................................. 7

 ISO 1990
All rights reserved. No part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without per-
mission in writing from the publisher.
International Organization for Standardization
Case Postale 56 • CH-1211 Genève 20 • Switzerland
Printed in Switzerland

ii
 ISO 10011-1:1990(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide
federation of national standards bodies (ISO member bodies). The work
of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for
which a technical committee has been established has the right to be
represented on that committee. International organizations, governmental
and non-governmental, in liaison with ISO, also take part in the work. ISO
collaborates closely with the International Electrotechnical Commission
(IEC) on all matters of electrotechnical standardization.
Draft International Standards adopted by the technical committees are
circulated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting
a vote.
International Standard ISO 10011-1 was prepared by Technical Committee
ISO/TC 176, Quality management and quality assurance.
ISO 10011 consists of the following parts, under the general title Guide-
lines for auditing quality systems:

— Part 1: Auditing

— Part 2: Qualification criteria for quality systems auditors

— Part 3: Management of audit programmes

Annex A of this part of ISO 10011 is for information only.

iii
ISO 10011-1:1990(E)

Introduction
The ISO 9000 series emphasizes the importance of quality audit as a key
management tool for achieving the objectives set out in an organization's
policy.
Audits should be carried out in order to determine that the various el-
ements within a quality system are effective and suitable for achieving the
stated quality objectives.
This part of ISO 10011 provides guidelines for performing an audit of a
quality system of an organization. It allows users to adjust the guidelines
described to suit their needs.
The quality system audit also provides objective evidence concerning the
need for the reduction, elimination and, especially, prevention of noncon-
formities.
The results of these audits can be used by management to improve the
performance of the organization.

iv
INTERNATIONAL STANDARD ISO 10011-1:1990(E)

Guidelines for auditing quality systems —

Part 1:
Auditing

1 Scope 3.1 quality audit: A systematic and independent

examination to determine whether quality activities
This part of ISO 10011 establishes basic audit princi- and related results comply with planned arrange-
ples, criteria and practices, and provides guidelines for ments and whether these arrangements are im-
establishing, planning, carrying out and documenting plemented effectively and are suitable to achieve
audits of quality systems. objectives.

It provides guidelines for verifying the existence and [ISO 8402]

implementation of elements of a quality system and
for verifying the system's ability to achieve defined NOTES
quality objectives. It is sufficiently general in nature to
2 The quality audit typically applies to, but is not limited to,
permit it to be applicable or adaptable to different
a quality system or elements thereof, to processes, to pro-
kinds of industries and organizations. Each organiz- ducts, or to services. Such audits are often called “quality
ation should develop its own specific procedures for system audit”, “process quality audit”, “product quality au-
implementing these guidelines. dit”, “service quality audit”.

3 Quality audits are carried out by staff not having direct

responsibility in the areas being audited but, preferably,
2 Normative reference working in cooperation with the relevant personnel.

The following standard contains provisions which, 4 One purpose of the quality audit is to evaluate the need
through reference in this text, constitute provisions for improvement or corrective action. An audit should not
of this part of ISO 10011. At the time of publication, be confused with “surveillance” or “inspection” activities
the edition indicated was valid. All standards are sub- performed for the sole purpose of process control or prod-
ject to revision, and parties to agreements based on uct acceptance.
this part of ISO 10011 are encouraged to investigate
5 Quality audits can be conducted for internal or external
the possibility of applying the most recent edition of purposes.
the standard indicated below. Members of IEC and
ISO maintain registers of currently valid International
Standards. 3.2 quality system: The organizational structure,
responsibilities, procedures, processes and resources
ISO 8402:1986, Quality — Vocabulary. for implementing quality management.

[ISO 8402]
3 Definitions NOTES
For the purposes of this part of ISO 10011, the defi- 6 The quality system should only be as comprehensive as
nitions given in ISO 8402, together with the following is needed to meet the quality objectives.
definitions, apply.
7 For contractual, mandatory and assessment purposes,
NOTE 1 Some terms in ISO 8402 are repeated here and demonstration of the implementation of identified elements
the source is indicated in brackets. in the system may be required.

1
ISO 10011-1:1990(E)

3.3 auditor (quality): A person who has the quali- — to determine the effectiveness of the im-
fication to perform quality audits. plemented quality system in meeting specified
quality objectives;
NOTES
— to provide the auditee with an opportunity to im-
8 To perform a quality audit, the auditor must be auth- prove the quality system;
orized for that particular audit.

9 An auditor designated to manage a quality audit is called

— to meet regulatory requirements;
a “lead auditor”.
— to permit the listing of the audited organization's
quality system in a register.
3.4 client: A person or organization requesting the
audit. Audits are generally initiated for one or more of the
following reasons:
NOTE 10 The client may be:
— to initially evaluate a supplier where there is a de-
a) the auditee wishing to have its own quality system
audited against some quality system standard; sire to establish a contractual relationship;

b) a customer wishing to audit the quality system of a — to verify that an organization's own quality system
supplier using his own auditors or a third party; continues to meet specified requirements and is
being implemented;
c) an independent agency authorized to determine
whether the quality system provides adequate control — within the framework of a contractual relationship,
of the products or services being provided (such as to verify that the supplier's quality system contin-
food, drug, nuclear, or other regulatory bodies); ues to meet specified requirements and is being
implemented;
d) an independent agency assigned to carry out an audit in
order to list the audited organization's quality system in — to evaluate an organization's own quality system
a register.
against a quality system standard.
3.5 auditee: An organization to be audited. These audits may be routine, or may be prompted by
significant changes in the organization's quality sys-
3.6 observation: A statement of fact made during tem, process, product or service quality, or by a need
an audit and substantiated by objective evidence. to follow up on corrective action.
NOTES
3.7 objective evidence: Qualitative or quantitative
information, records or statements of fact pertaining 12 Quality audits should not result in a transfer of the re-
to the quality of an item or service or to the existence sponsibility to achieve quality from operating staff to the
and implementation of a quality system element, auditing organization.
which is based on observation, measurement or test
and which can be verified. 13 Quality audits should not lead to an increase in the
scope of quality functions over and above those necessary
3.8 nonconformity: The nonfulfilment of specified to meet quality objectives.
requirements.
[ISO 8402]
4.2 Roles and responsibilities
NOTE 11 The definition covers the departure or absence
of one or more quality characteristics or quality system el-
ements from specified requirements.
4.2.1 Auditors

4 Audit objectives and responsibilities

4.2.1.1 Audit team

4.1 Audit objectives Whether an audit is carried out by a team or an indi-

vidual, a lead auditor should be placed in overall
Audits are normally designed for one or more of the charge.
following purposes:
Depending upon the circumstances, the audit team
— to determine the conformity or nonconformity of may include experts with specialized background,
the quality system elements with specified re- auditor trainees or observers who are acceptable to
quirements; the client, auditee and lead auditor.

2
 ISO 10011-1:1990(E)

4.2.1.2 Auditor's responsibilities 4.2.1.5 Auditor's activities

Auditors are responsible for The lead auditor should

— complying with the applicable audit requirements; — define the requirements of each audit assignment,
including the required auditor qualifications;
— communicating and clarifying audit requirements;
— comply with applicable auditing requirements and
— planning and carrying out assigned responsibilities other appropriate directives;
effectively and efficiently;
— plan the audit, prepare working documents and
— documenting the observations; brief the audit team;

— reporting the audit results; — review documentation on existing quality system

activities to determine their adequacy;
— verifying the effectiveness of corrective actions
taken as a result of the audit (if requested by the — report critical nonconformities to the auditee im-
client); mediately;

— retaining and safeguarding documents pertaining — report any major obstacles encountered in per-
to the audit: forming the audit;

• submitting such documents as required, — report on the audit results clearly, conclusively and
without undue delay.
• ensuring such documents remain confidential,
Auditors should
• treating privileged information with discretion;
— remain within the audit scope;
— cooperating with and supporting the lead auditor.
— exercise objectivity;

— collect and analyse evidence that is relevant and

4.2.1.3 Lead auditor's responsibilities sufficient to permit the drawing of conclusions re-
garding the audited quality system;
The lead auditor is ultimately responsible for all — remain alert to any indications of evidence that can
phases of the audit. The lead auditor should have influence the audit results and possibly require
management capabilities and experience and should more extensive auditing;
be given authority to make final decisions regarding
the conduct of the audit and any audit observations. — be able to answer such questions as
The lead auditor's responsibilities also cover: • “are the procedures, documents and other in-
formation describing or supporting the required
— assisting with the selection of other audit team elements of the quality system known, avail-
members; able, understood and used by the auditee's
personnel?”
— preparation of the audit plan;
• “are all the documents and other information
— representing the audit team with the auditee's used to describe the quality system adequate
management; to achieve the required quality objectives?”
— submitting the audit report. — act in an ethical manner at all times.

4.2.1.4 Independence of the auditor 4.2.2 Client

Auditors should be free from bias and influences The client

which could affect objectivity.
— determines the need for and the purpose of the
All persons and organizations involved with an audit audit and initiates the process;
should respect and support the independence and in-
tegrity of the auditors. — determines the auditing organization;

3
ISO 10011-1:1990(E)

— determines the general scope of the audit, such 5.1.2 Audit frequency
as what quality system standard or document it is
to be conducted against; The need to perform an audit is determined by the
client, taking account of specified or regulatory re-
— receives the audit report; quirements and any other pertinent factors. Signif-
icant changes in management, organization, policy,
— determines what follow-up action, if any, is to be techniques or technologies that could affect the qual-
taken, and informs the auditee of it. ity system, or changes to the system itself and the
results of recent previous audits, are typical of the
circumstances to be considered when deciding audit
4.2.3 Auditee frequency. Within an organization, internal audits may
be organized on a regular basis for management or
The auditee's management should business purposes.
— inform relevant employees about the objectives
and scope of the audit;
5.1.3 Preliminary review of auditee's quality
— appoint responsible members of staff to ac- system description
company members of the audit team;
As a basis for planning the audit, the auditor should
— provide all resources needed for the audit team in review for adequacy the auditee's recorded de-
order to ensure an effective and efficient audit scription of the methods for meeting the quality sys-
process; tem requirements (such as the quality manual or
equivalent).
— provide access to the facilities and evidential ma-
terial as requested by the auditors; If this review reveals that the system described by the
auditee is not adequate to meet the requirements,
— cooperate with the auditors to permit the audit further resources should not be expended on the au-
objectives to be achieved; dit until such concerns are resolved to the satisfaction
of the client, the auditor and, where applicable, the
— determine and initiate corrective actions based on auditee.
the audit report.

5.2 Preparing the audit

5 Auditing

5.2.1 Audit plan

5.1 Initiating the audit
The audit plan should be approved by the client and
communicated to the auditors and auditee.
5.1.1 Audit scope
The audit plan should be designed to be flexible in
The client makes the final decisions on which quality order to permit changes in emphasis based on infor-
system elements, physical locations and organiz- mation gathered during the audit, and to permit ef-
ational activities are to be audited within a specified fective use of resources. The plan should include:
time frame. This should be done with the assistance
of the lead auditor. If appropriate, the auditee should — the audit objectives and scope;
be contacted when determining the scope of the au-
dit. — identification of the individuals having significant
direct responsibilities regarding the objectives and
The scope and depth of the audit should be designed scope;
to meet the client's specific information needs.
The standards or documents with which the auditee's — identification of reference documents (such as the
quality system is required to comply should be speci- applicable quality system standard and the
fied by the client. auditee's quality manual);

Sufficient objective evidence should be available to — identification of audit team members;

demonstrate the operation and effectiveness of the
auditee's quality system. — the language of the audit;

The resources committed to the audit should be suf- — the date and place where the audit is to be con-
ficient to meet its intended scope and depth. ducted;

4
 ISO 10011-1:1990(E)

— identification of the organizational units to be 5.3 Executing the audit

audited;
5.3.1 Opening meeting
— the expected time and duration for each major
audit activity; The purpose of an opening meeting is to
— the schedule of meetings to be held with auditee — introduce the members of the audit team to the
management; auditee's senior management;
— confidentiality requirements; — review the scope and the objectives of the audit;
— audit report distribution and the expected date of — provide a short summary of the methods and pro-
issue. cedures to be used to conduct the audit;
If the auditee objects to any provisions in the audit
— establish the official communication links between
plan, such objections should immediately be made
the audit team and the auditee;
known to the lead auditor. They should be resolved
between the lead auditor and the auditee and, if
— confirm that the resources and facilities needed
necessary, the client before executing the audit.
by the audit team are available;
Specific details of the audit plan should only be com-
municated to the auditee throughout the audit if their — confirm the time and date for the closing meeting
premature disclosure does not compromise the col- and any interim meetings of the audit team and
lecting of objective evidence. the auditee's senior management;

— clarify any unclear details of the audit plan.

5.3.2 Examination
5.2.2 Audit team assignments
5.3.2.1 Collecting evidence
Each auditor should be assigned specific quality sys-
tem elements or functional departments to audit. Evidence should be collected through interviews, ex-
Such assignments should be made by the lead auditor amination of documents, and observation of activities
in consultation with the auditors concerned. and conditions in the areas of concern. Clues sug-
gesting nonconformities should be noted if they seem
significant, even though not covered by check-lists,
and should be investigated. Information gathered
through interviews should be tested by acquiring the
same information from other independent sources,
5.2.3 Working documents such as physical observation, measurements and
records.
The documents required to facilitate the auditor's in-
vestigations, and to document and report results, may During the audit, the lead auditor may make changes
include: to the auditors' work assignments, and to the audit
plan with the client's approval and the auditee's
— check-lists used for evaluating quality system el- agreement, if this is necessary to ensure the optimal
ements (normally prepared by the auditor assigned achievement of the audit objectives.
to audit that specific element);
If the audit objectives appear to become unattainable,
— forms for reporting audit observations; the lead auditor should report the reasons to the client
and the auditee.
— forms for documenting supporting evidence for
conclusions reached by the auditors. 5.3.2.2 Audit observations

Working documents should be designed so that they All audit observations should be documented. After
do not restrict additional audit activities or investi- all activities have been audited, the audit team should
gations which may become necessary as a result of review all of their observations to determine which
information gathered during the audit. are to be reported as nonconformities. The audit team
should then ensure that these are documented in a
Working documents involving confidential or pro- clear, concise manner and are supported by evidence.
prietary information shall be suitably safeguarded by Nonconformities should be identified in terms of the
the auditing organization. specific requirements of the standard or other related
documents against which the audit has been con-

5
ISO 10011-1:1990(E)

ducted. Observations should be reviewed by the lead — the system's ability to achieve defined quality ob-
auditor with the responsible auditee manager. All ob- jectives;
servations of nonconformities should be acknowl-
edged by the auditee management. — the audit report distribution list.

5.3.3 Closing meeting with auditee Any communication made between the time of the
closing meeting and the issue of the report should be
At the end of the audit, prior to preparing the audit by the lead auditor.
report, the audit team should hold a meeting with the
auditee's senior management and those responsible 5.4.3 Report distribution
for the functions concerned. The main purpose of this
meeting is to present audit observations to the senior The audit report should be sent to the client by the
management in such a manner so as to ensure that lead auditor. It is the client's responsibility to provide
they clearly understand the results of the audit. the auditee's senior management with a copy of the
audit report. Any additional distribution should be de-
The lead auditor should present observations, taking termined in consultation with the auditee. Audit re-
into account their perceived significance. ports containing confidential or proprietary information
shall be suitably safeguarded by the auditing organiz-
The lead auditor should present the audit team's ation and the client.
conclusions regarding the quality system's effective-
ness in ensuring that quality objectives will be met. The audit report should be issued as soon as possible.
If it cannot be issued within an agreed time period,
Records of the closing meeting should be kept. the reasons for the delay should be given to both the
client and the auditee and a revised issue date estab-
NOTE 14 If requested, the auditor may also make rec- lished.
ommendations to the auditee for improvements to the
quality system. Recommendations are not binding on the
auditee. It is up to the auditee to determine the extent, the 5.4.4 Record retention
way and means of actions to improve the quality system.
Audit documents should be retained by agreement
between the client, the auditing organization and the
5.4 Audit documents
auditee, and in accordance with any regulatory re-
quirements.
5.4.1 Audit report preparation

The audit report is prepared under the direction of the

lead auditor, who is responsible for its accuracy and 6 Audit completion
completeness.
The audit is completed upon submission of the audit
5.4.2 Report content report to the client.

The audit report should faithfully reflect both the tone

and content of the audit. It should be dated and 7 Corrective action follow-up
signed by the lead auditor. It should contain the fol-
lowing items, as applicable: The auditee is responsible for determining and initiat-
ing corrective action needed to correct a noncon-
— the scope and objectives of the audit; formity or to correct the cause of a nonconformity.
The auditor is only responsible for identifying the
— details of the audit plan, the identification of audit nonconformity.
team members and auditee's representative, audit
dates, and identification of the specific organiz- Corrective action and subsequent follow-up audits
ation audited; should be completed within a time period agreed to
by the client and the auditee in consultation with the
— identification of the reference documents against auditing organization.
which the audit was conducted (quality system
standard, auditee's quality manual, etc.); NOTE 15 The auditing organization should keep the client
informed of the status of corrective action activities and
— observations of nonconformities; follow-up audits. After verification of corrective action im-
plementation, the auditing organization may prepare a
follow-up report and distribute it in a manner similar to the
— audit team's judgement of the extent of the original audit report.
auditee's compliance with the applicable quality
system standard and related documentation;

6
 ISO 10011-1:1990(E)

Annex A
(informative)

Bibliography

[1] ISO 9000:1987, Quality management and quality [3] ISO 9002:1987, Quality systems — Model for
assurance standards — Guidelines for selection quality assurance in production and installation.
and use.
[4] ISO 9003:1987, Quality systems — Model for
[2] ISO 9001:1987, Quality systems — Model for quality assurance in final inspection and test.
quality assurance in design/development, pro-
duction, installation and servicing. [5] ISO 9004:1987, Quality management and quality
system elements — Guidelines.

7
ISO 10011-1:1990(E)

ICS 658.56
Descriptors: quality assurance, quality assurance programme, quality audit.

Price based on 7 pages