审核指南中英文对照版

International Organization for StandardizationInternational Accreditation ForumDate:21 September 2004ISO 9001 Auditing Practices GroupThe ISO 9001 Auditing Practices Group is an informal group of quality management system (QMS) experts, auditors and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF). It has developed a number of guidance papers and presentations (see QMS auditing topics below) that contain ideas, examples and explanations about the auditing of QMSs. These reflect the process-based approach that is essential for auditing the requirements of ISO 9001:2000 Quality management systems - Requirements.The guidance is primarily aimed at QMS auditors, consultants and quality practitioners, but is not definitive. The papers and presentations reflect a number of different views in QMS auditing. As such, their content may not always be consistent. It is not intended that the guidance will be used as specified requirements, an industry benchmark, or as criteria that all QMS auditors, consultants or practitioners have to follow. QMS auditing topics The need for a 2-stage approach to auditing 2阶段审核的必要性 Measuring QMS effectiveness and improvements测量QMS的有效性及其改进 Identification of processes 过程的识别 Understanding the process approach 过程方法的理解 Determination of the “where appropriate” processes 确定”适当的”过程 Auditing the “where appropriate” requirements审核”适当的”要求 Demonstrating conformity to the standard 证明符合标准 Linking an audit of a particular task, activity or process to the overall system Auditing continual improvement 审核持续改进 Auditing a QMS which has minimum documentation审核QMS文件化的最低要求 How to audit top management processes 如何审核最高管理层 The role and value of the audit checklist审核检查表的角色和价值 Scope of ISO 9001:2000, Scope of Quality Management System and Defining Scope of Certification ISO9001：2000的范围，质量管理体系的范围和定义认证范围 How to Add Value during the audit process审核过程如何增值 Auditing competence and the effectiveness of actions taken审核能力要求和采取措施的有效性 Auditing Statutory and Regulatory requirements审核法规和指令要求 Auditing the Quality Policy andQuality Objectives审核质量方针和质量目标 Auditing ISO 9001, Clause 7.6 Control of monitoring and measuring devices审核ISO9001, 7.6条款监视和测量装置的要求 Making effective use of ISO 19011ISO19011的有效应用 Auditing Customer Feedback processes审核顾客反馈过程 Documenting a Nonconformity文件化不符合项 Guidance for reviewing and closing nonconformities评审和关闭不符合项指南 Auditing Internal Communications审核内部沟通 Auditing Preventive Action审核预防措施 Auditing Service Organizations审核服务组织 Auditing the Effectiveness of the Internal Audit审核内部审核的有效性 Auditing Electronic Based Management Systems审核电子管理体系A Zip file of all the above documentsis also available.可获得以上文件的ZIP档。Feedback from users will be used by the ISO 9001 Auditing Practices Group to determine whether additional guidance documents should be developed, or if these current ones should be revised. Comments on the papers or presentations can be sent to the following email address: .The other papers and presentations may be downloaded from the web sites:.uk/iso-tc176-sc2The need for a 2 stage approach to auditing2阶段审核的必要性Auditing ISO 9001:2000 requires auditors to obtain a good understanding of an auditees quality management system (QMS) and the nature of its business. This is why it is beneficial for an organization to be visited prior to its certification audit and for a1st stage audit to be conducted.审核ISO9001：2000要求审核员很好地理解受审核方的质量管理体系和业务性质。这就是在认证审核前访问组织，建立第一阶段审核的好处。This 1st stage audit is primarily for scoping and planning a certification audit (the stage 2 audit) and to allow the auditor to obtain an understanding of the organisation. For example, to gain knowledge of its QMS, policies, objectives, risks, processes, locations, etc. It is also may be used for the auditing body to communicate its needs and expectations to the auditee.第一阶段审核可初步确定认证审核(第二阶段审核)范围并进行策划，让审核员了解组织。如了解质量管理体系，方针，目标，风险，过程，现场等信息。也可用于审核机构与受审核方沟通需求和期望。Activities performed at a preliminary 1st stage audit include第一阶段审核活动包括: Identification of the key risks of the business and related statutory, regulatory aspects and compliance识别业务的主要风险和相关的法令法规及其符合性 An assessment of whether the auditees defined processes are adequate to meet its objectives and customer requirements评价受审核方确定的过程是否充分，并满足目标和顾客要求 Conducting aDocumentation Review 进行文件审核 This review should determine if the organisations QMS documentation adequately covers all the requirements of ISO 9001:2000. The review would normally be carried out at the auditees premises (unless otherwise requested and justified). As a result of this activity, a report should be provided that notes any deficient areas. As part of the documentation review, the auditor should assess the extent and availability of supporting procedures and process descriptions. Collecting necessary information regarding the scope of the organizations management system, processes and location(s) 确定组织的质量管理体系文件是否充分覆盖了ISO9001：2000的要求。此评审通常基于受审核方的前提下进行(除非有另外的要求和证明)。结果应提供报告描述不足之处。作为文件评审的一部分，审核员应评价支持程序和过程描述的程度和可获得性。收集关于组织管理体系，过程和场所的必要信息。 Drafting the future certification documentation, including the Scope statement起草下一步认证文件，包括范围的确定 Planning the certification (stage 2) audit, including the requirements for audit team selection策划认证 (第二阶段) 审核，包括审核组选择的要求 Obtaining evidence that internal audits and management reviews are being planned, or performed, effectively 获得内部审核和管理评审有效策划或实施的证据 Checking that the QMS is implemented and ready for the stage 2 audit, including appropriate level of documents and supporting records.检查实施的质量管理体系及为第二阶段审核的准备，包括必要的文件和支持记录的水平。If the system is lacking in any way, the auditor should note this in the audit report, so that the organisation has an opportunity to rectify deficiencies prior to its certification (2nd stage) audit. 如果体系有缺失，审核员应记录在审核报告中，以便组织在认证(第二阶段)审核前矫正缺失。 Agreeing a date for the stage 2 audit确定第二阶段审核日期Identification of processes过程的识别1. Distinguishing between the concepts of a process and an activity 过程和活动概念的区别If an auditee cannot distinguish between the concepts of a process and an activity, the auditor can briefly explain the differences by using the guidance (clause 2.4) and definition (3.4.1) in ISO 9000:2000 as background information. The auditor must be able to adapt to the auditees situation. It is the auditors responsibility to understand the auditees systems and approach.如果受审核方不能区别过程和活动的概念，审核员可以ISO 9000:2000的指南和定义作为背景知识简要地解释其不同之处。审核员应有能力适应受审核方的状况。理解受审核方体系和方式是审核员的职责。During the audit, the auditor should determine whether there is a problem of difference of terminology only, or whether there is a lack of real implementation of the process approach by the auditee. There may be a need to issue an NCR if the auditee is not fully implementing the requirements stated in ISO 9001:2000, Clause 4.1. If this is simply a terminology problem, there should be no need to issue an NCR, if all the requirements of in Clause 4.1 are satisfied.在审核期间，审核员应确定仅是术语不同的原因，还是受审核方过程方法实施的缺失。如果受审核方不能满足ISO 9001:2000条款4.1规定的要求，则需要发出NCR。如果满足了条款4.1的要求，仅是简单的术语问题，则不需要发出NCR，The auditee has the right to use its own terminology, provided the requirements of the standard are met. The auditor should mentally develop a cross-reference list to ensure consistency and better understanding.倘若满足标准要求，受审核方有权利使用他自己的术语。审核员应在心里建立一个对照表以确保一致性和更好地理解。2. A process has defined objective(s), input(s), output(s), activities, and resources 定义的过程目标、输入、输出、活动和资源If the auditee does not understand that a process must have defined (but not necessarily measurable) objective(s), input(s), output(s), activities, and resources, the auditor should try reformulating the questions to the auditee avoiding the use of QM jargon, e.g. Can you explain to me your operations here? What are the basic jobs carried out in your department? What information do you need to start your work? Where does it come from? Who receives the result of your work? How do you know if youve done your job correctly? etc.如果受审核方不了解过程需定义(不适当可测量的)目标、输入、输出、活动和资源，审核员应试着换一种形式，以便受审核方避免使用质量管理行话，如你能向我解释你的运作吗？你部门的基本工作是什么？你开始工作需要哪些信息？这些信息从何处获得？谁接受你工作的结果？你如何理解正确的工作？等。This should help the auditor to establish whether the processes (as per ISO 9001: 2000) are already defined, have clear inputs, outputs, objectives and so on.这些帮助审核员确定是否已定义过程，有清晰的输入，输出，目标等。3. Processes should be analysed, monitored and/or measured, and improved应分析，监视和/或测量,改进过程If after applying the audit techniques outlined above, there is an absence of any records or other proof to demonstrate that the processes are analysed, and/or monitored, and/or measured, and/or improved, there would appear to be non-conformity with part of ISO 9001:2000 Clause 4.1.如果用以上的审核技术，发现记录的不足或不足以证明过程已分析、监视、测量、改进，这会成为ISO 9001:2000 条款 4.1的不符合项。4. The auditee/auditor considers that each clause or sub-clause of ISO 9001:2000must be defined as a separate process 受审核方和审核员认为ISO9001:2000的每个条款须定义为一个独立的过程If the auditor considers this as the right approach, he should refer to relevant ISO documents, (notably the ISO/TC 176/SC 2 document N544 ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach) which clearly indicates the contrary. If the auditee considers this as the right approach, it is recommended that the techniques outlined in section 2 (above) should be used.如果审核员认为这是正确的方法，他应参考ISO文件(ISO/TC 176/SC 2文件 N544 ISO9000介绍和支持文件包：过程方法的使用和概念指南)，规定正好相反。如果受审核方认为这是正确的方法，建议其使用第2节的技术。5. Is the process approach as described in the Introduction to ISO 9001:2000 a requirement of the standard? 过程方法是ISO9001:2000标准前言的一项要求吗？The description of the process approach in the Introduction to ISO 9001:2000 is purely informative and not a set of additional requirements. ISO9001:2000前言描述的过程方法完全是正常的要求，不是附加要求。Understanding the process approach理解过程方法Helping an auditor to interpret the process approach帮助审核员解释过程方法If an auditor does not understand or misunderstands the process approach, direct him or her to recognized information sources, such as the standard ISO 9000:2000 Quality management systems Fundamentals and Vocabulary and the ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach for management systems (document ISO/TC176/SC2/N544, available from .uk/iso-tc176-sc2). 如果审核员不了解或误解过程方法，他或她应了解相关的信息资源，如标准ISO9000:2000质量管理体系-原理和术语和(ISO/TC 176/SC 2文件 N544 ISO9000介绍和支持文件包：管理体系的过程方法使用和概念指南，可从.uk/iso-tc176-sc2网站获得)。A certification body/registrar should ensure that all its auditors have received sufficient training regarding the new requirements in ISO 9001:2000, particularly those on the process approach. Thus, an auditor should realise that several steps are needed, including the following认证机构或注册方应确保其所有审核员都接受了足够的ISO 9001:2000新要求的培训，尤其是过程方法。因此审核员应清楚以下的几个步骤: - determining the processes and responsibilities necessary to attain the quality objectives of the organisation确定必要的过程和职责以达成组织的质量目标;- determining and providing the resources and information necessary确定并提供必要的资源和信息;- establishing and applying methods to monitor and/or measure and analyse each process确定并应用监视和测量和分析每个过程的方法;- establishing and applying a process for continual improvement of the effectiveness of the QMS确定并应用持续改进质量管理体系的有效性的过程.The process approach concept must be so well understood by auditors that they are not limited by the terminology in the standard; however, auditees may use their own “in-house” terminology. Auditors must be aware that the application of the process approach will be different from organisation to organisation, depending on the size and complexity of the organisation and its activities. Special consideration should be given to the situation in small and medium enterprises (SMEs), so that auditors should not expect so many processes in their QMSs.审核员应清楚地理解过程方法的概念，不仅限于标准的术语；可是，受审核方可能用他们自己的术语。审核员应认识到不同组织的过程方法应用，基于组织及其活动的规模和复杂程度。尤其要考虑到中小型企业的情况，审核员不应期望在他们的质量管理体系有太多过程。Helping an auditee to interpret the process approach帮助受审核方说明过程方法If an auditor is faced with a complete misunderstanding by an auditee, this situation should normally be identified at the 1st stage audit审核员面对完全误解的受审核方的情况通常在第一阶段审核中发现.The auditor should refer the auditee to recognized information sources, such as those indicated in the section above. (In particular, the referenced ISO/TC 176/SC 2/N544 document sets out different steps in the process approach and provides useful guidance with examples)审核员应参考受审核方的信息资源，如以上章节显示的信息(通常参见ISO/TC 176/SC 2/N544文件设定的过程方法的步骤和提供的指南. The auditee should also pay sufficient consideration to受审核方应充分考虑- the establishment of process objectives过程目标的建立,- process planning过程策划,- the availability of suitable records可获得适当的记录.Auditees frequently identify too many processes; some or all of them are activities, which do not fulfil the requirements of a process, in the sense that ISO 9001:2000 uses the concept. In this situation, an auditor should (in the 1st stage audit) propose that the auditee performs a redefinition of its processes, based on e.g. the criticality of the activities. This might be particularly relevant for SMEs.受审核方通常会识别许多的过程，其中一部分或全部是活动，不符合ISO 9001:2000中使用的过程要求。这种情况下，审核员应(在第1阶段审核中)建议受审核方基于活动的危险程度重新定义过程。通常在中小型企业可能遇到。Determination of the “where appropriate” processes确定适当的过程Terminology术语Where the terminology used by the auditee is different to that used by the auditor, the auditor should understand the concepts in ISO 9001:2000 using ISO 9000:2000 and make a mental or written cross reference between the terminology of the auditee and his/her own for the same concepts, avoiding the use of QM jargon当受审核方用的术语和审核员不同时，审核员应运用ISO 9000:2000理解ISO 9001:2000的概念，并在心里或写出书面的对照表，确定受审核方和他自己对同一个概念所用的术语，避免使用质量管理行话.The definition of process过程的定义If the definition of process is not interpreted in the same way by the auditor and the auditee, the auditor should seek to understand the auditees point of view and not impose his own view unless it is clear (supported with enough objective evidence) that the requirements of the standard are not met. The same is true if the auditor believes that certain processes have not been correctly identified or are missing如果审核员和受审核方对过程的定义不能一致时，审核员应理解受审核方的观点，而不能强加他自己的观点，除非确定不能满足标准要求(足够的客观证据.支持)。审核员确定过程识别不正确或遗漏时也同样处理.Exclusions 删减The auditor should refer to clause 1.2 of ISO 9001:2000, to the ISO/TC 176/SC 2/N524 document ISO 9000 Introduction and Support Package: Guidance on ISO 9001:2000, Clause 1.2 Application for further guidance, and the APGs guidance on Scopes.审核员宜参考ISO 9001:2000的1.2条款，ISO/TC 176/SC 2/N524文件ISO9000介绍和支持文件：ISO 9001:2000的1.2条款“应用”指南和APG的范围指南.The auditor should obtain objective evidence that the auditee cannot exclude a specific requirement, before reaching a conclusion.审核员应在做出审核结论之前获取受审核方不能删减要求的客观证据。It is good practice for an auditor to utilize the standard ISO 9000:2000 Quality management systems - Fundamentals and vocabulary and ISO/TC 176/SC 2/N524 as support documents, to explain the arguments to the auditee.审核员利用标准ISO 9000:2000质量管理体系-基础和术语和ISO/TC 176/SC 2/N524作为支持文件，解释和受审核方的争议是一个很好的办法。Auditing “where appropriate” requirements审核适当的要求The auditee should determine the application of the ISO 9001 “where appropriate requirements, as this will affect its ability to satisfy its customers requirements. (It may be useful to refer the auditee to ISO 9001:2000 clause 1.1 where an organization a) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements”.) 受审核方应确定ISO9001”适当的”要求的应用，因为这些会影响到满足顾客要求的能力。(请受审核方参考ISO 9001:2000条款1.1“当组织 A需要证明其持续提供满足顾客和适用法规要求产品的能力时”)。An auditor should ensure that the where appropriate requirements are really appropriate in relation to the proposed/actual scope of the auditees quality management system. Therefore the basis of audit should be against this criterion, which should form the benchmark when deciding what is appropriate or not. 审核员应确保”适当的”要求对于提议或实际的受审核方的质量管理体系范围确实是”适当的”。因些确定是否适当时，审核基准应基于标准。Issues that should be considered include应考虑的问题包括:- Does this requirement add value to this element of confidence, without the where appropriate being addressed? 没有确定“适当”时，此条款的要求是否可增值？- Does it increase the risk that the organisation cannot meet its customer requirements? (This may be more than a specific set of customer requirements, as it can include the demands and expectations of end users, consumers, or the supply chain).是否增加组织不能满足顾客要求的风险？(这可能超过一组特定顾客的要求，因为也包括最终使用者、消费者或供应链的要求和期望)。Need for experience to make a judgement on a technical issue 技术问题判定的经验需求。An auditing body should be able to demonstrate that its auditor has the necessary sector knowledge, competence and auditing skills. The auditor needs to be able to demonstrate knowledge of a process that is being examined and to be able to apply their skill in evaluating whether the where appropriate requirements are appropriate or not.审核机构应有能力证明其审核员具备必要的知识、能力和审核技能。审核员需证明过程相关的知识经过测试，有能力应有其技能评价”适当的”要求是否适当。The auditor will need to understand how the where appropriate requirements fit into the context of how a process is established and its expected outcomes. When the requirements are not considered to be appropriate, the audit should provide objective evidence to demonstrate that the system is effective and that customer requirements are being consistently met. 审核员需要理解适当的要求如何适合建立的过程及其期望的输出。当这个要求认为“不适当”时，审核应提供客观证据以证明体系是有效的，并可持续满足顾客要求。An auditing body should have the necessary processes in place to ensure that an auditor has the specific skills for the organisation that is to be audited.审核机构应有必要的过程以确保审核员对于受审核组织具备所需的特定技能。Demonstrating conformity to the standard证明符合标准“Performing the aud