During a third-party audit of a pharmaceutical organisation (CD9000) site of seven COVID-19 testing laboratories in various terminals at a major international airport, you interview the CD 9000’s General Manager (GM), who was accompanied by Jack, the legal compliance expert. Jack is acting as the guide in the absence of the Technical Manager due to him contracting COVID-19.
You: "What external and internal issues have been identified that could affect CD9000 and its quality management system?"
GM: "Jack guided us on this. We identified issues like probable competition of another laboratory organisation in the airport, legal requirements on COVID-19 continuously changing, the shortage of competent laboratory analysists, the epidemic declining soon,
shortage of chemicals for the analysis. It was quite a good experience."
You: "Did you document these issues?"
GM: "No. Jack said that ISO 9001 does not require us to document these issues."
You: "How did you determine the risks associated with the issues and did you plan actions to address them?"
GM: "I am not sure. The Technical Manager is responsible for this process. Jack may be able to answer this question in his absence."
Select two options for how you would respond to the General Manager’s suggestion:
A . I would not accept the legal compliance expert answering the question.
B . I would ask to audit the Technical Manager by phone.
C . I would delay the audit until the return of the technical manager
D . I would look for evidence that the actions resulting from the risk assessment had been taken.
E . I would ask for a different guide instead of the legal compliance expert.
F . I would ask the consultant to leave the meeting since he is not an employee of the organisation.
Answer: A,D
Explanation:
According to clause 4.1 of ISO 9001:2015, the organization should determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended results of its quality management system. The organization should monitor and review these issues and update them as necessary. Although the standard does not explicitly require documented information of these issues, it does require documented information as evidence of the implementation of the actions taken to address risks and opportunities, as per clause 6.1. The organization should also retain documented information as evidence of the results of the monitoring, measurement, analysis and evaluation of its QMS, as per clause 9.1. Therefore, the auditor should not accept the legal compliance expert answering the question, as he is not the person responsible for the process and may not have the necessary competence or knowledge of the QMS. The auditor should also look for evidence that the actions resulting from the risk assessment had been taken, as this is a requirement of the standard and a way to verify the effectiveness of the QMS. The other options are not appropriate courses of action for the auditor, because they do not address the audit objective or criteria, or they may compromise the audit integrity or impartiality. For example, option B may not be feasible or reliable, as the Technical Manager may not be available or able to provide the necessary evidence by phone. Option C may cause unnecessary delay and inconvenience for the audit process and the auditee. Option E may not solve the problem, as the guide is not the main source of evidence or information for the audit. Option F may be disrespectful or unprofessional, as the consultant may have a legitimate role or interest in the audit.
Reference: ISO 9001:2015, ISO 9001 Auditing Practices Group Guidance on Context of the Organization, ISO 9001 Auditing Practices Group Guidance on Audit Evidence
Latest ISO-9001 Lead Auditor Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund