![Q2 Audit Checklist [PDF]](https://pdfs.asia/img/200x200/q2-audit-checklist.jpg)
8 0 1 MB
Internal Audit Process Report API Q2, 1st Edition Revision: 1 08/01/2016
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
QUALITY SYSTEM PROCESS AUDIT REPORT SUMMARY DATE OF AUDIT: SCOPE OF AUDIT: SPECIFICATION / SERVICE / SERVICERELATED PRODUCT LOCATION OF AUDIT: AUTHORITY: PURPOSE: AUDIT TEAM: PRIMARY CONTACTS: SUMMARY:
Reported by:
Q2 Audit Checklist
Date:
Page 2 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
INTERNAL AUDIT CHECKLIST / REPORT API Spec Q2, 1st Edition Process oriented report format To be completed in its entirety for all IQAS LLC audits performed (unless otherwise indicated)
TABLE OF CONTENTS Auditor Instructions................................................................................................................................... 4 Pre-Audit Activities………......................................................................................................................... 5 Opening Meeting Details / Checklist……………………………………........................................................7 Identification of QMS Processes……........................................................................................................8 Quality Management System …...............................................................................................................9 Objectives ............................................................................................................................. 10 Communications ............................................................................................................................. 10 Management Responsibility.................................................................................................................... 11 Organizational Capability........................................................................................................................ 12 Documentation Requirements................................................................................................................. 13 Control of Records ............................................................................................................................. 15 Realization of Service & Service-Related Product..................................................................................15 Planning ............................................................................................................................. 16 Risk Assessment & Management............................................................................................................ 17 Design & Development........................................................................................................................... 17 Contingency Planning............................................................................................................................. 19 Purchasing ............................................................................................................................. 19 Control of Service Provision.................................................................................................................... 21 Service Quality Plan ............................................................................................................................. 22 Identification & Traceability..................................................................................................................... 23 Service Related Product Status.............................................................................................................. 23 Customer Property ............................................................................................................................. 23 Preservation of Service-Related Product................................................................................................24 Validation of Service-Related Product.....................................................................................................24 Preventive Maintenance, Measurement, Inspection & Test Plan.............................................................25 Control of Testing, Measuring, Monitoring & Detection Equipment..........................................................25 Service Performance Validation.............................................................................................................. 26 Control of Nonconformities...................................................................................................................... 27 Management of Change.......................................................................................................................... 28 Monitoring, Measuring & Improving.........................................................................................................29 Internal Audit ............................................................................................................................. 29 Analysis of Data ............................................................................................................................. 30 Improvement ............................................................................................................................. 31 Corrective Action ............................................................................................................................. 32 Preventive Action ............................................................................................................................. 32 Management Review ............................................................................................................................. 34 General Summary ............................................................................................................................. 35 Closing Meeting Details/Checklist........................................................................................................... 36 Nonconformity Summary Sheet.............................................................................................................. 37
Q2 Audit Checklist
Page 3 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
AUDITOR INSTRUCTIONS I.
Please review and study this document in its entirety prior to commencing the audit. Ensure that that you have a full understanding of all the requirements, the IQAS audit process and the IQAS audit documentation. If you have any questions or comments please contact IQAS.
II.
The purpose of this document is to provide evidence of the conformity of an Applicant/Registered Organization’s quality management system with API Spec Q2 requirements. All sections must be completed for audits of organizations applying for or with Registrations to API Spec Q2. When performing the audit: A.
Use this document to record audit evidence that all areas of the management system meet applicable requirements. This includes collecting and documenting objective evidence that the facility is meeting all applicable product specification requirements.
B.
Review relevant documents and procedures, as needed that control the area being audited.
C.
Document the audit evidence for each area being audited to verify implementation of requirements.
D.
Interview the people in the area who are actually doing the work, not just the management / supervisors who probably knows what to do and what the requirements are.
E.
Select and document on this report at least three (3) samples of audit evidence for each area (where applicable) being audited to verify implementation of requirements. If less than the required three (3) samples are available in the population, state the fact on the applicable report page.
F.
If there is a nonconformity identified, the organization is to use the organization’s Corrective Action Process. The organization is to identify all applicable requirements therein, including the API Spec, organization’s Quality Manual and procedures, etc.
III.
Record audit evidence observed in as much detail as possible and determine whether an activity is in conformity with specified requirements or not. For any audit evidence to be considered by IQAS, it must be documented. This includes notations on observations and interviews performed. Please use additional sheets if necessary.
IV.
The Auditor should direct the organization to address any nonconformity using the organization’s corrective action process.
V.
The Auditor will review the following processes as classified by IQAS. There may be overlapping areas that may require repeat visits to the appropriate working areas. Audit plans should allow for such overlapping occurrences: Quality Management System Requirements o General o Quality Management System o Quality Policy o Objectives o Planning o Communications o Management Responsibility o Organization Structure o Responsibility and Authority o Organization Capability o Provisions of Resources o Human Resources o Work Environment o Documentation Requirements o General o Control of Documents o Control of Records
Quality Management System Measurement, Analysis, and Improvement o General o Monitoring, Measuring and Improving o Customer Satisfaction o Internal Audit o Analysis of Data o Improvement o General o Corrective Action o Preventive Action o Management Review o General o Input Requirements o Output Requirements
Q2 Audit Checklist
Realization of Services and Service-Related Product o Contract Review o General o Determination of Requirements o Review of Requirements o Planning o Risk Assessment and Management o Design and Development o Design and Development Planning o Design and Development Inputs o Design and Development Outputs o Design and Development Verification o Design and Development Final Review and Approval o Control of Design and Development Changes o Contingency Planning o General o Planning Output o Purchasing o Purchasing Control o Purchasing Information o Verification of Purchased Services and Servicerelated Product o Execution of Service o Control of Execution of Service o Service Quality Plan o Identification and Traceability o Service–related Product Status o Customer Property o Preservation of Service-related Product o Validation of Service-related Product o Preventive Maintenance, Inspection, and Test Program o Control of Testing, Measuring, Monitoring, and Detection Equipment o Service Performance Validation o Control of Nonconformities o General o Nonconforming Service Execution and Servicerelated Product o Verification and Documentation o Customer Notification o Management of Change o General o MOC Implementation o MOC Evaluation, Notification and Controls
Page 4 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
VI.
Confirmation of scope, QMS standards, auditor man-days and other instructions:
AUDITOR – COMPLETE THE FOLLOWING ADDITIONAL ACTIONS: REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Verify API applicant uses current version of API Spec Q2 Verify API Spec Q2 scope of registration/compliance as identified is to or continues to be applicable to the organization Verify effective implementation of corrective actions identified during last: Internal Audit Other Audits (Customer Audits) API Audit / APIQR Audit Provide any comments with regards to the use of the current specifications / standards:
Please note that the auditor is not permitted to increase or decrease the number of audit days assigned without explicit approval from IQAS Staff. Please contact IQAS for guidance. If approval to deviate from time assigned, please provide a justification below, the name of the IQAS staff person issuing the approval, and date of the approval:
IQAS Staff Name:
Date:
Inc / Dec Amount:
Verify the total number of employees (including part time, clerical, seasonal and contract) working at the facility that fall under the API Spec Q2 Scope of Registration/Compliance activities. Please note that any changes in the total number of personnel from the original number identified in the audit assignment may require a change in the number of auditor days. Please contact IQAS Staff for guidance: Total # of Employees
Q2 Audit Checklist
Page 5 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
OPENING MEETING DETAILS / CHECKLIST Opening Meeting Date: Start Time: End Time:
OPENING MEETING CHECKLIST: ITEM
Complete (Y / N / NA)
1. Complete Attendance Sheet 2. Make introductions, including identification of roles in audit team, QMS, etc. 3. Review Audit Scope, Purpose, and Objectives 4. Review Audit Plan and Schedule a. All changes must be documented in the plan 5. Review Confidentiality and Conflict of Interest Policy 6. Review break times and lunch arrangements 7. Request private room for use during audit as applicable 8. Determine and review safety requirements (Personal Protective Equipment (PPE)) and any facility restrictions 9. Review audit sampling and audit methods 10. Confirm communication channels and language of the audit and reporting 11. Confirm roles of guides and escorts 12. Inform facility of when and why an audit may be stopped a. Auditor safety in jeopardy b. Acts of nature require stoppage c.
Complete QMS failure
d. Serious violation of program requirements including conduct policy 13. Request briefing of Client’s organization and status of the quality program a. Identification and confirmation of QMS scope b. Identification and confirmation of personnel c.
Identification and confirmation of any changes (as applicable)
Additional comments as necessary:
Q2 Audit Checklist
Page 6 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
IDENTIFICATION OF QMS PROCESSES The organization is required to identify all processes needed for the quality management system their application, sequence and interaction. If this has not been completed a CAR must be documented. The SERVICE REALIZATION PROCESSES must be described in specific detail to provide information regarding the capabilities of the facility being audited. For example, service processes (activities that transfer inputs into outputs) must be identified clearly as provisions of resources and/or service-related product, proper sequence/order in a service activity, monitoring and measuring the effectiveness of activities, and/or applying changes or correction to activities.
DOCUMENT THE PROCESS INFORMATION IN THE TABLE BELOW: Please note the table below is a tool for identifying the QMS and service realization processes. Flowcharts or other documents can be included that clearly describe the QMS processes and their sequence and interaction. These alternative documents can be included with the report instead of the information in the table below. PROCESS NAME
SEQUENCE, INTERACTION AND PROCESS DESCRIPTION – PLEASE CLEARLY IDENTIFY THOSE PROCESSES THAT ARE OUTSOURCED
PROCESS CONTROL INFORMATION INCLUDING RESPONSIBILITY WITHIN QMS
Quality Management System Requirements Management Responsibility Organization Capability Documentation Requirements Control of Records Realization of Service & ServiceRelated Product Contract Review Planning Risk Assessment & Management Design & Development Contingency Planning Purchasing Execution of Service Control of Testing, Measuring, Monitoring & Detection Equipment Service Performance Validation Control of Nonconformities Management of Change Quality Management System Measurement, Analysis and Improvement Monitoring, Measuring & Improving Internal Audit Analysis of Data Improvement Corrective Action Preventive Action Management Review
NOTE: Identify all service processes applicable to the scope of registration (use additional pages as required).
Q2 Audit Checklist
Page 7 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
QUALITY MANAGEMENT SYSTEM Verify that the defined scope of registration and required documentation has been developed and maintained by the organization. Procedures and control features (documented methods) shall be stand-alone documents and must be audited as each part of audit of the requirements / section in question. REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Scope & Application Requirements (1/1.1) Verify that the scope of registration is accurate for the activities and processes performed by the facility. Document any discrepancies.
Verify any Exclusions as applicable and justified (refer to Sections 1.2 for guidance on allowable exclusions):
Verify service scope – report any process & capability issues.
Additional comments/audit evidence regarding Scope & Application Requirement activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Normative References (2) Verify that organization has included and considered normative referances in the QMS implementation. Additional comments/audit evidence regarding Normative References activities:
4
QUALITY MANAGEMENT SYSTEMS REQUIREMENTS
4.1
GENERAL REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Quality Management System (4.1.1) Verify that the facility has established, documented, implemented, maintained, measured the effectiveness of, and improved their Quality Management System. Does the QMS identify any legal and other applicable requirements which the organization claims compliance and are taken into account in its Quality Management System? Additional comments/audit evidence regarding Quality Management System activities:
Q2 Audit Checklist
Page 8 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
CAR
COMMENTS/EVIDENCE:
Quality Policy (4.1.2) Is the organization’s policy for its commitment to quality: a) Defined? b) Documented? c) Approved by top management? d) The basis for the development of appropriate quality objectives? How is the organization’s policy for its commitment to quality communicated, understood, implemented, and maintained at all relevant functions and levels of the organization? Additional comments/audit evidence regarding Quality Policy activities:
REQUIREMENT:
Objectives (4.1.3) Has management ensured that quality objectives, including those needed to meet requirements for the service and service-related product are established at relevant functions and levels within the organization? Are the quality objectives: a)
Measureable?
b)
Consistent with the Quality Policy?
Additional comments/audit evidence regarding Objectives activities:
OBJECTIVE
FUNCTIONAL AREA
MEASUREMENT METHOD
IDENTIFY COMPONENT OF THE QUALITY POLICY TO WHICH OBJECTIVE IS TIED
Additional comments/audit evidence regarding Objectives activities:
Q2 Audit Checklist
Page 9 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Planning (4.1.4) How has management ensured that: a) The planning of the quality management system is carried out in order to meet the requirements of API Q2? b) The integrity of the quality management system is maintained when changes to the QMS are planned and implemented? Additional comments/audit evidence regarding QMS Planning & Changes activities:
4.1.5
COMMUNICATIONS REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Internal (4.1.5.1) How has management ensured that appropriate communication processes are established within the organization and the effectiveness of the QMS is communicated? What processes has the organization established to ensure that customer, legal, and other applicable requirements are communicated at relevant levels? What processes has the organization established for ensuring the results of data analysis are communicated at relevant levels? (see 6.3) Additional comments/audit evidence regarding QMS Internal Communication activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
External (4.1.5.2) Has the organization determined, documented, and implemented the process for communicating with external organizations to ensure requirements are fully understood and risk is managed (see 5.3) throughout execution of contract and execution of services including activities such as: a) Execution of inquiries, contracts, or order handling and amendments (see 5.1); b) Control of service and service- related product information, including service-related nonconformities (see 5.10); c) Service quality plans and subsequent changes (see 5.7.2); and d) Addressing feedback and complaints (see 6.2.1)? Additional comments/audit evidence regarding External Communication activities:
Q2 Audit Checklist
Page 10 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
4.2
MANAGEMENT RESPONSIBILITY REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Organization Structure (4.2.1) How has top management ensured the availability of resources essential to establish, implement, maintain and improve the QMS? Note: Resources can include human resources and specialized skills, organizational infrastructure, technology and financial resources.
How has management provided evidence of its commitment to the development and implementation of the QMS and continual improvement of its effectiveness by: a) Communicating to the organization the importance of meeting customer as well as legal and or other applicable requirements; b) Ensuring that quality objectives are established including key performance indicators (KPIs) for use in data analysis; and c) Conducting management reviews (see 6.5)? Additional comments/audit evidence regarding Organization Structure activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Responsibility and Authority (4.2.2) How are roles, responsibilities and authorities:
Defined,
Documented,
Assigned within, and
Communicated throughout the organization?
Has the organization’s management appointed a specific management representative(s) from within the organization who has defined roles, responsibilities and authority for: a)
Ensuring that the QMS is established, implemented and maintained in accordance with the requirements of API Spec Q2;
b)
Initiating actions(s) to minimize the likelihood of the occurrence of nonconformities; and
c)
Reporting to management on the performance of the QMS for review, including recommendations for improvement.
Additional comments/audit evidence regarding Responsibility and Authority activities:
Q2 Audit Checklist
Page 11 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
4.3
ORGANIZATION CAPABILITY REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Provision of Resources (4.3.1) Has the organization determined and provided the resources needed to implement, maintain, and improve the effectiveness of the QMS? Additional comments/audit evidence regarding Provision of Resources activities:
4.3.2
HUMAN RESOURCES REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (4.3.2.1) Record the documented procedure defining personnel competency activities – include revision level and approval status Has the organization maintained a documented procedure for defining personnel competency within the organization and identifying training requirements? Does the procedure provide for the training of all personnel? Does the procedure include provisions for ensuring the effectiveness of the actions taken to achieve the necessary competency of personnel? Additional comments/audit evidence regarding Human Resources activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Personnel Competence (4.3.2.2) Have personnel been deemed competent based on the appropriate education, training, skills and experience needed to meet service and service-related product requirements? Are records maintained to show evidence of the determination of competence of personnel? Additional comments/audit evidence regarding Personnel Competence activities:
Q2 Audit Checklist
Page 12 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Training and Awareness (4.3.2.3) Has the organization: a) Provided for QMS training and for job training of the its personnel and contractors who affect the execution of services or provision of service-related products; b)
Ensured that customer specified training and/or customer-provided training, if required, is included in the training program;
c)
Ensured that the frequency and content of training complies with legal and other applicable requirements; Ensured that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives; Identified and provided training on legal and other applicable requirements; and
d)
e) f)
Maintained appropriate records of education, training skills and experience (see 4.5).
Additional comments/audit evidence regarding Training and Awareness activities:
COMPLETE THE FOLLOWING USING PERSONNEL INTERVIEWED THROUGHOUT THE AUDIT (YES/NO RESPONSE ACCEPTABLE): SELECT REPRESENTATIVE SAMPLING OF PERSONNEL PERFORMING WORK AFFECTING QUALITY. PERSON / POSITION
COMPETENCE REQUIREMENTS DETERMINED / VERIFIED AS IDENTIFIED COMPETENT
INDIVIDUALS AWARE OF THEIR ROLES IN THE QMS
CURRENT RECORDS EXIST
Additional comments/audit evidence regarding Responsibility and Authority activities:
Q2 Audit Checklist
Page 13 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Work Environment (4.3.3) Has the organization determined, provided, managed, and maintained the work environment needed to achieve conformity to applicable service or service-related product requirements? Work environment includes, as applicable: a)
Buildings, workspace, and associated utilities;
b)
Process equipment (both hardware and software);
c)
Supporting services (such as transport communication or information systems); and
d)
Conditions under which work is performed including physical, environmental, and other factors.
or
Additional comments/audit evidence regarding Work Environment activities:
4.4
DOCUMENTATION REQUIREMENTS REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (4.4.1) Does the QMS documentation include: a) Statements of quality policy and quality objectives; b)
A quality manual that addresses each requirement of API Spec Q2 and included the following: 1) The scope of the QMS; 2) Description of the interaction between the processes of the QMS, including the reference to documented procedures; 3) Allowable exclusions and the basis for claiming those exclusions (see 1.2); and 4) Identification of legal and other applicable requirements to which the organization claims compliance; c) Documented procedures established for the QMS; and d) Documents to ensure the effective planning, operation and control of its processes, and conformance to specified requirements? Are procedures required by API Spec Q2 and the QMS established, documented, implemented and maintained? NOTE: A single document can address the requirements for one or more procedures. A requirement for documented procedures can be covered by more than one document. Additional comments/audit evidence regarding Documentation Requirements activities:
Q2 Audit Checklist
Page 14 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Control of Documents (4.4.2) Identify the documented procedure for Control of Documents activities – include revision level and approval status. Does the procedure define the controls needed to: a) Ensure that documents required by the QMS, including revisions, translations, and updates, are reviewed and approved for adequacy prior to issue and use; b) Define responsibilities for approval and re-approval of documents; c) Identify changes to the documents; d)
Ensure that documents remain legible and readily identifiable; and e) Ensure relevant versions of applicable documents are available where the activity is being performed? Are obsolete documents removed from all points of issue or use, or otherwise identified to prevent unintended use if they are retained for any purpose? Is there a master list or equivalent established to identify the current revision status of documents? Additional comments/audit evidence regarding Control of Document activities:
4.5
CONTROL OF RECORDS REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Control of Records (4.5) Identify the documented procedure for Control of Records activities – include revision level and approval status. Does the documented procedure define the controls and responsibilities needed for the: Initiation,
Identification,
Collection,
Storage,
Protection,
Retrieval,
Retention time, and
Disposition of records?
How does the organization control records from outsourced activities to provide evidence of conformity to requirements and of the effective operation of the quality management system? Have records been established and controlled to provide evidence of conformity to requirements and of the effective operation of the QMS? Are records: Legible? Q2 Audit Checklist
Page 15 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
Identifiable?
Readily retrievable?
Retained for a minimum of five years or as required by customer, legal and other applicable requirements, whichever is longer?
COMMENTS/EVIDENCE:
Additional comments/audit evidence regarding Control of Records activities:
5 5.1
REALIZATION OF SERVICE AND SERVICE-RELATED PRODUCT CONTRACT REVIEW REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (5.1.1) Identify the documented procedure for the review of requirements related to the execution of services or provision of service-related products. Additional comments/audit evidence regarding Contract Review activities:
DOCUMENT / CONTRACT REVIEWED 1 2 3 4 5 Additional comments/audit evidence regarding Document / Contract Review activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Determination of Requirements (5.1.2) Has the organization determined: a) Requirements specified by the customer, including the requirements for service planning, execution, and evaluation); b) Legal and other applicable requirements; and c)
Requirements not stated by the customer but considered necessary by the organization for the execution of service and provision of service-related products?
Q2 Audit Checklist
Page 16 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Where the customer provides no documented statement of the requirements, are the customer requirements confirmed by the organization and records maintained (see 4.5) Additional comments/audit evidence regarding Determination of Requirements activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Review of Requirements (5.1.3) Does the organization review of the requirements related to the execution of the service or provision of service-related products? Is the review being conducted prior to the organizations commitment to provide a service to the customer, and does it ensure that: a) Requirements are defined b)
Requirements differing from those previously are identified and resolved; c) The organization has the capability to meet the defined requirements. When contract requirements are changed, is the organization ensuring that relevant documents are amended and that relevant personnel are made aware of the changed requirements? Are records of the results of the review, including resulting actions maintained (see 4.5)? Additional comments/audit evidence regarding Review of Requirements activities:
5.2
PLANNING REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Does the organization identify and plan the processes and documents needed for service and service-related product realization? In planning, has the organization addressed the following: a)
Customer-specified requirements, including critical success factors;
b)
Key performance indicators;
c)
Legal and other applicable requirements;
d)
Initial risk assessment (see 5.3);
e)
Required resources management (see 4.3);
f)
Service and/or service-related product design ( see 5.4);
g)
Contingency planning ( see 5.5);
h)
Management of change (see 5.11); and
Q2 Audit Checklist
and
work
environment
Page 17 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
i)
CAR
COMMENTS/EVIDENCE:
Records needed to provide evidence that the realization processes meet requirements (see 4.5)?
Additional comments/audit evidence regarding Planning activities:
5.3
RISK ASSESSMENT AND MANAGEMENT REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Identify the procedure for risk assessment and management – include revision level and approval status. Does the procedure: a)
Identify risks (potential or real) associated with services and service-related products;
b)
Identify and use risk management tools and techniques;
c)
Select, communicate and implement the mitigation or preventive control measures to reduce or avoid exposure to loss; and
d)
Notify the customer of remaining risks that may impact the service?
Verify that records of risk assessment and actions taken are maintained ( see 4.5). Additional comments/audit evidence regarding Risk Assessment and Management activities:
5.4
DESIGN AND DEVELOPMENT SERVICE DESIGN & DEVELOPMENT MATRIX
Select a representative sampling (minimum of three) of the applicable services. PRODUCT NAME
API SPECIFICATION
1 2 3 4 5 6
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Design and Development Planning (5.4.1) Identify the procedure for planning and controlling the design and development of the service, including the use of servicerelated products – include revision level and approval status. Does the procedure identify: a) The design and development stages; b)
The activities required for completion, review, and verification of each stage:
Q2 Audit Checklist
Page 18 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
c)
The interfaces between different groups involved in design and development activities; and d) The responsibilities and authorities for the design and development activities? When design and development are outsourced, does the organization ensure the supplier meets the requirements of 5.4 and provide objective that the supplier has met their requirements. Additional comments/audit evidence regarding Design and Development Planning activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Design and Development Inputs (5.4.2) Are Inputs relating to design of the service determined and records maintained (see 4.5)? Do these inputs include: a)
Customer-specified requirements (see 5.1);
b)
Legal requirements; and
c)
Other applicable requirements including: 1)
Requirements source;
provided
from
any
external
2)
3)
Requirements for service-related products, including its functional and technical requirements; Environmental and operational conditions;
4)
Results from risk assessments (see 5.3); and
5)
Historical performance and other information derived from pervious similar service designs?
Additional comments/audit evidence regarding Design and Development Input activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Design and Development Outputs (5.4.3) The outputs of design and development shall be documented to allow verification against the design and development input requirements. Do the design and development outputs: a)
Meet the input development;
b)
Provide information for purchasing of any required service-related product;
c)
Provide controls for the execution of the service, including allowable variations in the service execution parameters; Include or reference acceptance criteria for the completion of the service); and
d)
Q2 Audit Checklist
requirements
for
design
and
Page 19 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
e)
CAR
COMMENTS/EVIDENCE:
Identify critical service-related product?
Additional comments/audit evidence regarding Design and Development Output activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Design and Development Verification (5.4.4) Is the verification of the design of the service performed in accordance with planned arrangements (see 5.4.1) to ensure that the design and development outputs have met the design and development input requirements. Are records of the results of the design and development verification maintained? (see 4.5) Additional comments/audit evidence regarding Design and Development Verification activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Design and Development Final Review and Approval (5.4.5) Is a final design and development review conducted and documented? Have individual(s) other that the person or persons who developed the design reviewed and approved the final design and development outputs? Are records of the results of the final review and approval maintained? Additional comments/audit evidence regarding Design and Development Final Review and Approval activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Control of Design and Development Changes (5.4.6) Are changes in the approved design reviewed and verified by the management of change process? (see 5.11) Additional comments/audit evidence regarding Control of Design and Development Changes activities:
Q2 Audit Checklist
Page 20 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
5.5
CONTINGENCY PLANNING REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (5.5.1) Identify the documented procedure for Contingency Planning activities – include revision level and approval status. Does the procedure include incident and disruption prevention and mitigation measures? Is contingency planning integrated into services and supporting processes between the organization, its suppliers and the customer? Additional comments/audit evidence regarding Contingency Planning General activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Planning Output (5.5.2) Is contingency planning output documented and communicated to the relevant operational personnel, and updated as required to minimize the likelihood or duration or disruption of execution of service. Is the contingency plan being based on assessed risks (see 5.3)? Does the Contingency Plan include, at a minimum: a) b) c) d)
Actions required in response to significant risk scenarios; Actions required to mitigate the effects of disruptive incidents: and; Identification and assignment of responsibilities and authorities: and Internal and external communications controls?
Additional comments/audit evidence regarding Contingency Planning activities:
Q2 Audit Checklist
Page 21 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
5.6
PURCHASING REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Purchasing Control (5.6.1) Identify the documented procedure for purchasing activities that ensure that purchased or outsourced services and service-related products conform to specified requirements – include revision level and approval status. Does the purchasing procedure address: a)
The determination of the criticality of the services and/or service-related products obtained; b) The evaluation and selection of suppliers based on their ability to supply services and service-related products in accordance with the organization’s requirements; c) The type and extent of control applied to the supplier and service and/or service-related product based on the criticality of the service and service-related product; d) Criteria, scope, frequency, and methods used when performing an assessment on a supplier; and e) Maintaining a list of approved suppliers and scope of approval.? For critical services or service-related product, is the criteria for the initial evaluation and selection of suppliers by the organization include the following prior to initiation of the purchase agreement: 1) Assessment of the supplier at the supplier’s facility to meet the organization’s purchasing requirements; and 2) Verification that the supplier’s QMS conforms to the quality system requirements specified for suppliers by the organization? For re-evaluation of suppliers and the initial evaluation of suppliers for non-critical services or service-related product by the organization, one or more of the following shall apply (indicate which is applicable): i. Assessment of the supplier to meet the organization’s purchasing requirements; ii. Verification that the supplier’s QMS conforms to the QMS requirements specified for suppliers by the organization; iii. Assessment of the supplier upon delivery of the product or service. Are records of the results of assessments and any necessary actions arising from the evaluation maintained (see 4.5)? Where supplier assessment results in the need for corrective actions, is evidence of effective implementation of such actions maintained in accordance with 6.4.2? Additional comments/audit evidence regarding Purchasing Control activities:
Q2 Audit Checklist
Page 22 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
DOCUMENT / PURCHASE ORDER
SUPPLIER
DATE
1. 2. 3. 4. 5. 6. Complete table for the suppliers selected and identified above. Identify product name and Yes (Y) / No (N) / Not Applicable (NA) for each column. All ‘No’ identifiers shall require a CAR to be raised and details provided therein. Use additional pages if required. REQUIREMENT
1
2
SAMPLE SELECTED (REFERENCED ABOVE) 3 4 5 6
CAR
Have criteria for selection/evaluation been defined? Have criteria for re-evaluation of suppliers been defined? Have evaluations been performed and results maintained? Supplier records maintained? Additional comments/audit evidence regarding Purchasing Control activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Purchasing Information (5.6.2) Is the purchasing information provided to the supplier documented and does it describe the services or servicerelated product to be purchased, including where appropriate: a) Requirements for acceptance criteria of service and service-related products; b)
Requirements for approval of procedures, processes, and equipment;
c)
The applicable version of specifications, drawings, process requirements, inspection instructions, and other relevant technical data;
d)
Requirements personnel, and
e)
for
qualification
of
supplier’s
supplier’s
QMS requirements.
Additional comments/audit evidence regarding Purchasing Information activities:
Q2 Audit Checklist
Page 23 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Verification of Purchased Services and Service-Related Product (5.6.3) Identify the documented procedure for the verification or other activities necessary for ensuring that purchased service and service-related product meets specified purchased requirements – include revision level and approval status. Have records for verification activities been maintained? (see 4.5) Does the organization ensure and provide evidence that outsourced services and service-related products conform to specified requirements? Additional comments/audit evidence regarding Verification of Purchased Services and Service-Related Product activities:
DOCUMENT / PURCHASE ORDER 1. 2. 3. 4. 5. 6. Complete table for the suppliers selected and identified above. Identify Yes (Y) / No (N) / Not Applicable (N/A) for each column. All “No” identifiers shall require a CAR to be raised and details provide therein. Use additional pages if required. REQUIREMENT
SAMPLE SELECTED (REFERENCED ABOVE)
1
2
3
4
5
6
CAR
Have criteria for verification of service and/or service related product been defined? Have criteria for verification of service and/or service related product been met Have verification of service and/or service related product records been maintained? Additional comments/audit evidence regarding Verification of Purchasing Information activities:
Q2 Audit Checklist
Page 24 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
5.7
Execution of Service 5.7.1 Control of Service Provision REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (5.7.1.1) Identify the documented procedure that describes the integration of the following as a minimum, into the development of a service quality plan. Include revision level and approved status. a) Personnel training and competence (see 4.3.2); b)
Defined contract requirements (see 5.1);
c)
Risk assessment and management (see 5.3);
d)
Information that describes the characteristics of the service and service-related products and ensuring design requirements are satisfied (see 5.4); and
e)
Identification of equipment, including required testing, measuring, monitoring, and detection devices (see 5.8).
Additional comments/audit evidence regarding Control of Service Provision Information activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
CAR
COMMENTS/EVIDENCE
Documentation (5.7.1.2) Are controls for execution of the service documented in routings, travelers, checklists, process sheets, or other types of documents? Explain. Does the documentation include requirements for verifying conformity to quality plans, procedures, and applicable standards/codes? Do the documents include or reference instructions, workmanship, and acceptance criteria for processes, tests, inspections, and customer inspection hold or witness points? Additional comments/audit evidence regarding Documentation activities:
5.7.2
Service Quality Plan REQUIREMENT
General (5.7.2.1) Has the organization developed a service plan that controls the execution of services or use of service-related products? Additional comments/audit evidence regarding Service Quality Plan activities:
Q2 Audit Checklist
Page 25 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT
CAR
COMMENTS/EVIDENCE
Plan Content (5.7.2.2) Does the service quality plan address each of the following: a) Required activities and documentation for compliance with customer and legal requirements; b) Identification of responsible functions for each activity, including external parties; c)
Identification and reference to control of subcontractors;
d)
e)
Identification of the relevant revision for each procedure, specification, or other document referenced or used in each activity; Identification of the requirements to perform acceptance inspection of each activity, including hold, witness, monitor and document review points for representatives of the organization and the customer;
f)
Service equipment and monitoring devices; (see 5.8)
g)
Identification and controls of risk;(see 5.3)
h)
Identification of critical services and service-related products;
i)
Identification of the required deliverables; and
j)
Identification of the required records. (see 4.5)
Is the service quality plan updated when any of the plan content changes? Additional comments/audit evidence regarding Service Quality Plan Information activities:
REQUIREMENT
CAR
COMMENTS/EVIDENCE
Plan Approval (5.7.2.3) Are service quality plans and any revisions to them documented and approved by the organization? When required by contract, is/are the service quality plan(s) and any revisions communicated to the customer? Additional comments/audit evidence regarding Service Quality Plan Information activities:
Q2 Audit Checklist
Page 26 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
5.7.3
IDENTIFICATION AND TRACEABILITY REQUIREMENT
CAR
COMMENTS/EVIDENCE
Identify the documented procedure for identification and traceability service-related product – include revision level and approval status. Does the procedure include identification controls at all stages of as required by the organization and the customer for: Delivery;
Installation;
Repair; and
Redress?
Does the procedure include requirements for maintenance or replacement of identification and traceability marks, and records? How is service-related product identified? Is critical service-related product identified and traceable to preventive maintenance, inspection, and test program (PMITP) records (see 4.5 and 5.7.8) and the original manufacture? Additional comments/audit evidence regarding Identification and Traceability Information activities:
5.7.4
SERVICE-RELATED PRODUCT STATUS REQUIREMENT
CAR
COMMENTS/EVIDENCE
Identify the documented procedure for the identification of service-related product status – include revision level and approval status. Additional comments/audit evidence regarding Service-Related Product Status Information activities:
5.7.5
CUSTOMER PROPERTY REQUIREMENT
CAR
COMMENTS/EVIDENCE
Identify the documented procedure for customer property activities – include revision level and approval status. Does the documented procedure specify the protection of customer property while under control of the organization, including: Identification,
Verification,
Storage,
Preservation,
Maintenance, and
Q2 Audit Checklist
Page 27 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT
CAR
COMMENTS/EVIDENCE
Protection of customer property
Does customer property include customer-derived intellectual property and customer-specific data? Does control of customer property include reporting to the customer any loss, damage or unsuitable use of customersupplied property? Does the organization identify, verify, protect, and safeguard customer property provided for use in the service and/or service-related product? Are records maintained for the control and disposition of customer supplied property (See 4.5)? Additional comments/audit evidence regarding Customer Property Information activities:
5.7.6
PRESERVATION OF SERVICE-RELATED PRODUCT REQUIREMENT
CAR
COMMENTS/EVIDENCE
Identify the documented procedure for preservation of service-related product – include revision level and approval status. Does the documented procedure describe the methods used to preserve the service-related product during internal processing through execution of service? Describe the controls and processes established and implemented for preservation (as applicable) to:
Identification
Traceability
Transportation
Handling
Packaging
Storage
Protection
Does preservation also apply to the constituent parts of the service-related product? In order to detect deterioration, is the condition of the servicerelated product or constituent parts in stock assessed at intervals specified in the procedure? Additional comments/audit evidence regarding Preservation of Service-Related Product Information activities:
Q2 Audit Checklist
Page 28 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
5.7.7
VALIDATION OF SERVICE-RELATED PRODUCT REQUIREMENT
CAR
COMMENTS/EVIDENCE
Is validation of the service-related product completed prior the execution of the service? Are records of the results of validation, when performed, maintained (see 4.5). Additional comments/audit evidence regarding Validation of Service-related Product Information activities:
5.7.8
PREVENTIVE MAINTENANCE, INSPECTION, & TEST PROGRAM REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Identify the procedure for Preventive Maintenance, Inspection, and Test Program – include revision level and approval status. Does the procedure address: Record keeping requirements (see 4.5);
Inspection;
Maintenance;
Redress;
Repair;
Make-up;
Testing; and
Acceptance criteria for the service-related product?
As a minimum, does the PMITP include: a)
Actions which address preventive maintenance;
b)
Reports that document usage history, repairs or redress, modifications, remanufacturing, inspection, and test activities that allow direct verification for reuse of product; c) List of critical spare parts requirements by the customer and/or technical requirements including those recommended by the original equipment manufacturer; and d) Controls that ensure equipment integrity to original performance requirements and design acceptance criteria are maintained? If original performance requirements cannot me met, is the MOC process used continued use? NOTE 2: The PMITP can be based on risk, system reliability, usage history, experience, industrial recommended practices, relevant codes and standards, original equipment manufacturing guidelines, or other applicable requirements.
Additional comments/audit evidence regarding Preventive Maintenance, Inspection, and Test Program activities:
Q2 Audit Checklist
Page 29 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
5.8
CONTROL OF TESTING, MEASURING, MONITORING, & DETECTION EQUIPMENT REQUIREMENT
CAR
COMMENTS/EVIDENCE
Identify the documented procedure(s) for the control of testing, measuring, monitoring, and detection equipment – include revision level and approval status. How has the organization determined the required testing, measuring, monitoring, and detection equipment to be controlled and necessary to provide evidence that service or service-related product meets specified requirements? Verify that the procedure addresses:
Equipment traceability;
Frequency of calibration;
Calibration method;
Acceptance criteria; and
Suitable environmental conditions
Verify that testing, measuring, monitoring, and detection equipment: a) Is calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; or where no such standards exist, the basis used for calibration or verification is recorded, b) Have identification in order to determine its calibration status, c)
Is safeguarded from adjustments that would invalidate the measurement result, and
d)
Is protected from damage and deterioration during handling, maintenance and storage?
When used in the testing, measurement, monitoring and detection of specified requirements, is the ability of computer software to satisfy the intended application confirmed? Is this confirmation undertaken prior to initial use and reconfirmed as necessary? When the equipment is externally provided, does the organization verify that the equipment is suitable to provide evidence of conformity of service or service-related product to specified requirements? Does the organization maintain a registry of the required testing, measurement, monitoring and detection equipment that includes an unambiguous form of identification, specific to each piece of equipment? Are records of the results of calibration and verification maintained? Additional comments/audit evidence regarding Control of Testing, Measuring, Monitoring, and Detection Equipment activities:
Q2 Audit Checklist
Page 30 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
NOTES ON RECORDS: 1. All records must be legible, retrievable, identifiable and protected from damage / deterioration (API Spec Q2).
2. Records retention must be verified by sampling records that have been retained for the minimum retention times required by API Spec Q2 (5 yrs.) or by the applicable industry / customer requirements. Complete the following using Testing, Measuring, Monitoring, and Detection Equipment reviewed during the audit: CAL EQUIPMENT TYPE SERIAL NO. CAL. DATE ACCURACY FREQUENCY
CALIBRATION STATUS
NIST*
ANSWER YES / NO STORED SAFEGUARD
If no national / international reference is available, ensure that the basis for traceability for calibration has been established Additional comments/audit evidence regarding Control of Testing, Measuring, Monitoring, and Detection Equipment activities:
5.9
SERVICE PERFORMANCE VALIDATION REQUIREMENT
CAR
COMMENTS/EVIDENCE
Identify the documented procedure(s) for service performance validation – include revision level and approval status. Does the organization validate processes at appropriate stages during the execution of the service in accordance with design requirements (see 5.4) and the service quality plan (see 5.7.2)? Is evidence of conformity with established acceptance criteria, including KPIs and critical success factors maintained? Comment on how service performance validation records are maintained, including identification of the person(s) accepting the results (see 4.5). Additional comments/audit evidence regarding Service Performance Validation activities:
5.10
CONTROL OF NONCONFORMITIES REQUIREMENT
CAR
COMMENTS/EVIDENCE
General (5.10.1) Identify the documented procedure(s) for control of nonconformities- include revision level and approval status. Does the procedure define the controls and related responsibilities and authorities for addressing nonconforming service execution and service-related product? Is the level of response proportionate to the severity of the nonconformity and its effect on the execution of service? Additional comments/audit evidence regarding Control of Nonconformities activities:
Q2 Audit Checklist
Page 31 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
REQUIREMENT
CAR
COMMENTS/EVIDENCE
Nonconforming Service Execution and Service-Related Product (5.10.2) Does the organization address nonconforming service execution or service-related product by the following sequence of activities: a) Taking action to correct the nonconformity; or b) When 5.10.2 a) is not possible or appropriate, by taking action to preclude the use of service-related product from its intended use or application; or c) When 5.10.2 a) and 5.10.2.b) are not appropriate, by authorizing release or acceptance under concession by a relevant authority and/or the customer? For nonconforming service execution, does the organization take corrective action in accordance with 6.4.2 that is appropriate to the effects, or potential effects, of the nonconformity? Additional comments/audit evidence regarding Nonconforming Service Execution and Service-Related Product activities:
REQUIREMENT
CAR
COMMENTS/EVIDENCE
Verification and Documentation (5.10.3) What controls are used to ensure that corrected nonconforming services or service-related product is re-verified to demonstrate conformity to the requirements? Are records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, and maintained? Additional comments/audit evidence regarding Verification and Documentation activities:
REQUIREMENT
CAR
COMMENTS/EVIDENCE
Customer Notification (5.10.4) What is the process for notifying customers in the event that the service execution does not conform to service design requirements or when nonconforming service-related product has been delivered or used in the execution of the service? Verify process controls and that customer notification records exist. Additional comments/audit evidence regarding Customer Notification activities:
Q2 Audit Checklist
Page 32 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 Complete the following using nonconformity report records: NCR #
NONCONFORMANCE
DISPOSITION ACTION
ACTION TO ELIMINATE NONCONFORMITY
RE-VERIFIED
REPORT DATE
Additional comments/audit evidence regarding Nonconformity Report Records activities:
5.11
MANAGEMENT OF CHANGE REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (5.11.1) Identify the procedure (s) for Management of Change (MOC) – include revision level and approval status. Has the organization identified the potential risks associated with the change and any required approvals prior to the introduction of such changes? Additional comments/audit evidence regarding Management of Change activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
MOC Implementation (5.11.2) Has the organization used the MOC process for any of the following that may impact the execution of service: a) Changes or proposed changes in the organizational structure; b) Changes in key personnel, whose absence or departure could negatively impact the service; c) Changes in critical supplier whose absence or departure could negatively impact the service; d) Changes in the management system procedures, including temporary changes and improvements resulting from corrective and preventive actions; e) Changes to original equipment manufacturer’s specifications, applications, and/or software for service-related product; f) Changes in approved design (see 5.4) including those that were originally agreed upon by the customer and those required by changes in legal and other applicable requirements? Additional comments/audit evidence regarding Management of Change activities:
Q2 Audit Checklist
Page 33 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098 REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
MOC Evaluation, Notification and Controls (5.11.3) Does or has the organization conduct a risk assessment (see 5.3) when evaluating a potential change? Does the organization notify relevant personnel, including the customer, of the change and residual or new risk due to changes that have either been initiated by the organization or requested by the customer? How does the organization ensure that relevant documents are amended? Is the organization maintaining records (see 4.5) of MOC activities? Additional comments/audit evidence regarding Management of Change activities:
6 QMS MEASUREMENT, ANALYSIS, AND IMPROVEMENT REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (6.1) Has the organization planned and implemented the monitoring, measurement, analysis, and improvement processes needed to ensure conformity to, and continually improve the effectiveness of the QMS? Does the quality management system measurement, analysis, and improvement include determination of applicable methods, including techniques for the analysis of data, and the extent of their use? Additional comments/audit evidence regarding Management of Change activities:
6.2
MONITORING, MEASURING AND IMPROVING REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Customer Satisfaction (6.2.1) Identify the procedure(s) for monitoring customer satisfaction– include revision level and approval status. Verify that the procedure addresses
customer feedback,
key performance indicators (KPIs), and
other information that the organization monitors to determine whether the organization has met customer requirements Have records of results of customer satisfaction information been maintained (see 4.5)? Additional comments/audit evidence regarding Customer Satisfaction activities:
Q2 Audit Checklist
Page 34 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
6.2.2
INTERNAL AUDIT REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
CAR
COMMENTS/EVIDENCE:
General (6.2.2.1) Identify the procedure(s) for planning and conducting internal audits– include revision level and approval status. Does the planning of internal audits take into consideration the results of previous audits and criticality of the process? Describe how the organization defines the audit criteria, scope, frequency, and methods used to ensure that all elements of the QMS claiming conformity are audited at least annually. Identify the date of the last internal audit of the management system was completed. Verify that outsourced suppliers that impact the quality of services or service-related product, located at the organization’s facility, are included as part of the internal audit of the organization. Additional comments/audit evidence regarding Internal Audit activities:
REQUIREMENT:
Performance of Internal Audits (6.2.2.2) Does the organization conduct internal audits to determine whether the QMS conforms to the requirements of API Q2 and is effectively implemented and maintained? Are internal audits performed by competent personnel? Are they independent of those who performed or directly supervised the activity being audited? Has an audit of all elements of the management system been audited prior to claiming conformance to the requirements of Q2? Additional comments/audit evidence regarding Performance of Internal Audit activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Audit Review and Closure (6.2.2.3) How does the organization identify response times for addressing detected nonconformities? Does the management responsible for the area being audited ensure that any necessary corrections and corrective actions are taken to eliminate detected nonconformities and their causes? Are there follow-up activities that include the verification of the actions taken (see 6.4.2)? Are records of the audits and their results maintained (see 4.5)? Additional comments/audit evidence regarding Internal Audit Review and Closure activities:
Q2 Audit Checklist
Page 35 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
Comment on the effective implementation of audits performed on the QMS based on the following:
Auditor Qualification and Competence:
CAR (Y/N)
Methodologies and Normative References used including API Spec requirements as applicable:
CAR (Y/N)
Audit Planning (Scope, Frequency, Importance, Results of Previous Audits): CAR (Y/N)
Roles and Responsibilities to Perform Audits (Auditors do not audit their own work): CAR (Y/N)
Nonconformities Identified (Number, Type, Detail):
Effective Follow-up to Nonconformities:
CAR (Y/N)
CAR (Y/N)
Additional comments/audit evidence regarding Internal Audit activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Analysis of Data (6.3) Identify the procedure(s) for analysis of data – include revision level and approval status. Does the procedure identify and describe the use of the techniques for the analysis of data? To what extent has the organization determined, collected and analyzed appropriate data to demonstrate the suitability and effectiveness of the QMS, and evaluated where continual improvement of the effectiveness of the QMS can be made? Does the Analysis of Data include data generated as a result of monitoring and measurement and from other sources? Has the analysis of data provided information relating to: Customer satisfaction (see 6.2.1);
Conformity to service design requirements ( see 5.4); Characteristics and trends of processes and service-related products including opportunities for preventive actions ( see 6.4.1 and 6.4.3); Supplier performance (see 5.6); and
Quality objectives (see 4.1.3)
Additional comments/audit evidence regarding Analysis of Data activities:
Q2 Audit Checklist
Page 36 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
6.4
IMPROVEMENT REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (6.4.1) Identify the procedure(s) for methods used to monitor, evaluate and improve the effectiveness and implementation of the QMS processes for the execution of the service and use of servicerelated product – include revision level and approval status. Does the procedure identify how the organization uses the following for the continual improvement of the effectiveness of the QMS: Quality policy;
Quality objectives;
Customer feedback;
Audit results;
Analysis of data;
Corrective and Preventative actions; and
Management review?
Additional comments/audit evidence regarding Improvement activities:
6.4.2
CORRECTIVE ACTION REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
[Action taken on nonconforming activity, i.e., the nonconformity has already occurred]
Identify the procedure(s) for corrective action – include revision level and approval status. What actions are taken by the organization to correct nonconformities and to take corrective actions, both internally and within the supply chain, to eliminate the cause of nonconformities in order to minimize the likelihood of their recurrence? Does the procedure define the requirements for: a)
Reviewing nonconformities complaints;
(including
customer
b)
Identifying the root cause of the nonconformity and implementing corrections;
c)
Evaluating the need for corrective actions to reduce the likelihood that nonconformities reoccur;
d)
Identifying the timeframe and responsible person(s) for making corrections and taking corrective action;
e)
Reviewing and ensuring the effectiveness of the corrections and corrective action taken; and
f)
Maintaining records of the corrections and corrective actions taken (see 4.5)
When the corrective action identifies the need for new or changed controls, does the procedure require that the MOC process (see 5.11) be applied to the proposed action?
Q2 Audit Checklist
Page 37 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
Review Records – Complete the following for Corrective Actions raised internally during the previous 12-month period (Identify CAR for those activities that fail to meet the requirements of the applicable standard, either from table below or as indicated in the previous two sections): CAR#
DATE:
NONCONFORMITY:
ACTION TAKEN:
DATE VERIFIED
Additional comments/audit evidence regarding Corrective Action activities:
6.4.3
PREVENTIVE ACTION REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
[Action taken to minimize the likelihood of occurrence of a nonconforming activity, i.e., the nonconformity has not yet occurred]
Identify the procedure(s) for preventive action – include revision level and approval status. What actions are taken by the organization to determine and implement preventive actions, both internally and within the supply chain, to eliminate the causes of potential nonconformities in order to minimize the likelihood of their occurrence? Does the procedure define requirements for: a) Identifying potential nonconformities and their potential causes; b) Evaluating the need for preventive action, including any immediate or short term action required, to prevent occurrence of nonconformities; c) Identifying the timeframe and responsible person(s) for implementing preventive action; d) Reviewing the effectiveness of the preventive action taken; and e) Maintaining records of results of preventive action taken (see 4.5) When the preventive action identifies the need for new or changed controls, does the procedure require that the MOC process (see 5.11) be applied to the proposed action? Review Records – Complete the following for Preventive Actions raised during the previous 12-month period: PAR# DATE: POTENTIAL NONCONFORMITY: ACTION TAKEN:
DATE VERIFIED
Additional comments/audit evidence regarding Preventive Action activities:
Q2 Audit Checklist
Page 38 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
6.5
MANAGEMENT REVIEW REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
General (6.5.1) Identify date(s) of the management reviews that have occurred within the last 12-month period: NOTE: Ensure review of QMS by Top Management
Has the management review been documented with sufficient evidence to evaluate the QMS’s continuing suitability, adequacy and effectiveness? Does this review include assessing opportunities for improvement and the need for changes to the QMS, including the quality policy and quality objectives? If no, note deficiencies.
Additional comments/audit evidence regarding Management Review activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Input Requirements (6.5.2) Does the input to management review include, but not limited to: a) Effectiveness of actions resulting from previous management reviews; b)
Results of internal audits ( see 6.2.2);
c)
Changes, including legal and other requirements, that could affect the QMS;
d)
Customer feedback (see 6.2.1);
e)
Process effectiveness, including the results of risk assessment (see 5.3);
f)
Status of corrective and preventive actions (see 6.4.2 and 6.4.3); and
g)
Review and analysis of failures in service and/or service-related products (see 6.3).
applicable
Additional comments/audit evidence regarding Input Requirements activities:
REQUIREMENT:
CAR
COMMENTS/EVIDENCE:
Output Requirements (6.5.3) Does the output from the management review include a summary assessment of the status of the QMS? Does the assessment include any required changes to the processes and any decisions and actions, required resources, and improvement of service and service-related products in meeting customer requirements? Has top management reviewed and approved the output of management reviews? Have records of management reviews been documented and maintained? Additional comments/audit evidence regarding Output Requirements activities:
Q2 Audit Checklist
Page 39 of 43
20550 Townsen Blvd, Suite 2105 Humble TX 77338 PH: 832-644-1743 / FX: 832-777-6098
CLIENT STREET ADDRESS CITY, STATE, ZIP PH: AUDIT DATE(s):
GENERAL SUMMARY EFFECTIVENESS OF THE QUALITY MANAGEMENT SYSTEM The following sections must be completed at the end of the audit process. The auditor is required to provide comments on the overall implementation of the QMS, as well as provide additional insight into the operation of the QMS as elicited through the following questions. All responses should be justified with audit evidence gathered during the audit. It is acceptable to reference previously documented audit evidence (either as positive or negative findings). However, reference to this evidence should not be considered an adequate substitute alone for the additional comments required. Please be comprehensive in your responses and use additional pages if required. General Requirements Provide a summary of the extent to which the organization has established and maintained a quality management system, according to the requirements of which are described in API Spec Q2. Comment on how the processes needed for the QMS have been identified and implemented and applied throughout the organization. In particular, identify apparent deficiencies. How effectively has the organization determined the sequence of the processes?
How effectively has the organization determined the criteria and methods needed to ensure that both the operation and control of the organization’s processes are effective? How effectively has the organization ensured the availability of resources and information necessary to support the operation and monitoring of its processes? How effectively does the organization monitor, measure where applicable, and analyze its processes?
How effectively has the organization implemented actions necessary to achieve planned results and continually improve its processes? Additional comments / audit evidence regarding positive / negative aspects of the QMS (including opportunities for improvement, etc.):
Q2 Audit Checklist
Page 40 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
CLOSING MEETING DETAILS / CHECKLIST Closing Meeting Date: Start Time: End Time:
CLOSING MEETING CHECKLIST: ITEM
Complete (Y / N / NA)
1. Complete Attendance Sheet 2. Summarize audit activities a. Discuss any areas not audited and why these areas were not audited 3. Review audit nonconformities and concerns 4. Review audit report comments 5. Discuss QMS effectiveness, positives, and areas for improvement a. Internal audit and management review effectiveness b. Positive observations c.
Areas / opportunities for improvements
6. Final confirmation of scope of assessments, audits and/or registration 7. Discuss audit team recommendation 8. Inform client of the right to appeal any audit findings, nonconformities, and the recommendation 9. Confirm required changes (as applicable) to facility contact information 10. Review confidentiality and conflict of interest policy 11. Leave copies of CARs with the facility Additional comments as necessary:
Q2 Audit Checklist
Page 41 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
AUDIT NONCONFORMITY/CONCERN SUMMARY SHEET CAR #
Q2 Audit Checklist
PG #
N/C
CLASSIFICATION Concern QMS Ref
SUMMARY (AREA) Spec Ref
Page 42 of 43
CLIENT STREET ADDRESS CITY, STATE, ZIP PH:
20550 Townsen Blvd, Suite 2105 Humble TX 77338
AUDIT DATE(s):
PH: 832-644-1743 / FX: 832-777-6098
AUDIT SUMMARY FINAL AUDITOR/AUDIT TEAM REMARKS:
COMMENTS BY ORGANIZATION’S REPRESENTATIVE:
I (we) attest that the foregoing information is accurate and has been collected by the audit team during the performance of an audit that was assigned to me (us) by IQAS LLC
Audit Team Leader
Date
Audit Team Member
Date
Audit Team Member
Date
By signing this document, it is not an admission of the acceptance of any nonconformities/concerns identified by the audit team. The signature only confirms that the audit was performed and that a copy of the audit report was left with the facility. IQAS LLC reserves the right to have final determination of the level of nonconformity identified in this audit report.
Management Representative of Audited Organization
Date
END OF REPORT
Q2 Audit Checklist
Page 43 of 43
