You are on page 1of 39

Audit Checklist

Conforms to
ISO 9001:2015 and API Q1 9th Addition
1 Point / Percentage Scoring
Observations: 1/2 point per occurrence - Example - 8 total questions in the section and 4 observations (ob)
1a were found (4 ob X 1/2) = 2 and then divided by the total activities questions / 8 = 75% score.
Minor Finding: 3 points per occurrence - Example - 8 total questions in the section and 2 minor (mi) were found
1b (2 mi X 3) = 6 and then divided by the total activities questions / 8 = 25% score.
Major Finding: 10 points per occurrence - Example - 8 total questions in the section and 1 major (ma) was
1c found (1 ma X 10) = 10 and then divided by the total activities questions / 8 = 0% score.
1d Note that in the score there will not be any negative percentage, any negative will = 0%
1e Note that ob, mi and ma are tallied in the total score divide by the activities for the result % Compliant
2 Score Banding
86 - 100% (Green) - Exceed Expectations requires continual improvements of the processes towards a Error
2a Free system and operating in a preventive work environment
71 - 85% (Amber) - Meets Expectations - requires minor improvements and continue to work the system with
2b targets and actions to get this into the green.
0 - 70% (Red) - Below Expectations - requires major improvements and continuous management attention to re-
2c planning along with strong targets and initiatives to get this into the green.
3 Audit Fill Sheet
3a General activity criteria questions
3b Make comments of issues and non-evidence found under the criteria questions, this is pre-formatted in blue.
In the comply level column, a result must be with a - yes, ob, mi or ma. Only not applicable na could be used in
3c facility were design is not a function of the work scope. NA will not tally in the score.
3d A yes, ob, mi or ma result has been conditionally formatted.
Yes (yes) - evidence is present with full compliance at all times with evidence of preventive measures showing
3e continual improvement.
Observations (ob) - evidence is present, however some discipline and commitment to fully comply at all times
3f would indicate some additional preventive measures would bring this in a continual improvement process.

Minor (mi) - would indicate some evidence and a process is present, however not working the workflow to the
documentation process, requires a CAR to rectify. (A minor on the check sheet will be noted as a "finding" on the
3g report.
Major (ma) - would indication no evidence, ignoring the process, complete lack of commitment or a complete
system area collapse, requires total management commitment along with a CAR to rectify. ( A major on the check
3h sheet will be noted as a "finding" on the report.
Responsible party would be the individual which will be the action leader to resolve the finding. Do not use function
3i or group must have accountability.
3j Correction target date would be the planned date for the finding being resolved.
3k Date corrected would be the date the finding would be actually resolved.
4 Rollup Details & Chart
4a Would be the overall view of the results from all audit sheets and chart information
4b Activities would be the quantity of criteria questions in the respective element
4c Corrections quantity is the sum of minors and major findings count.

4d All Minor and Major findings would require a formal CAR to be action for resolution and root cause identification
5 Other
5a Time required to submit proposed corrective actions will follow the dates set.
Observations (ob) - Not required but advised
Minor (mi) - 14 days
Major (ma) - 14 to 30-days
5b Audits are to preformed based on Risk
Low Risk - frequency of audit would be less
High Risk - frequency would be more

5c Audit results are to be reviewed at Management Review meetings and follow up audits.
5d Audit schedule will be planned and maintained using the audit plan and report

Guidelines
Guidelines
Business Unit - Full Audit System Checklist
Observations Minor Major % Complaint
No. Audit Area Activities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
1 Quality Management System 19 3 16 3 15 0 18 44.7% 2219.0%
2 Management Responsibility 57 16 39 2 51 0 53 75.4% 5017.9%
3 Risk Management 0 0 18 0 18 0 18 NA NA
4 Resource Management 15 7 18 0 25 1 24 10.0% 2400.0%
5 Product & Service Realization 104 26 168 2 192 0 194 81.7% 13684.2%
6 Measurement, Analysis and Improvement 67 17 61 7 68 0 75 56.0% 3337.3%
Totals 262 69 320 14 369 1 382 67.0% 5880.9%

Scoring % Compliant (Audit Score) % Compliant (Correction Score) Total Audit Score Total Correction Score

86 - 100% 16000.0%

71 - 85% 14000.0% 13684%

0 - 70%
12000.0%

10000.0%

8000.0%

6000.0%
5018%

4000.0% 3337%

2219% 2400%
2000.0%

45% 75% 10% 82% 56%


0.0%
Quality Management Management Risk Management Resource Management Product & Service Measurement, Analysis
System Responsibility Realization and Improvement
Opportunity for Improvement
Total OFI Value Improvement Total No. of OFI
$0 0
[$] Submissions

PONC IMPROVEMENT SUPERVISOR RESPONSIBLE CORRECTION CORRECTED


OFI# DATE LOCATION FROM CATEGORY DETAILS POSSIBLE ROOT CAUSES POSSIBLE SOLUTIONS COMMENTS
[$] ACTION PARTY TARGET DATE DATE
General Observation
Total No. of General
0
Observation(s)

CORRECTIVE ACTION CORRECTION


GOB# DATE LOCATION FROM CATEGORY DETAILS RESPONSIBLE PARTY CORRECTED DATE PHOTO
(TAKEN OR SUGGESTED) TARGET DATE
COMPLY CORRECTION DATE
Quality Management System LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

1.1 General QMS Requirements- Does the quality management system include:
*Requirement: The organization shall establish a documented and implemented QMS.
API 4.2.1 MI
*Requirement: The QMS shall include documented evidence of statements of the quality policy and applicable objectives.
ISO/API
5.2.1 & yes
6.2/4.1.3
*Requirement: The organization shall determine the processes needed for the QMS and their application throughout the
organization, determine the sequence and interaction of these processes. The organization shall determine external and
ISO/API internal issues that are relevant to its purpose and it's strategic direction and that affect its ability to achieve the intended
results of its QMS (Context) yes
4.1

Requirement: The organization shall determine the interested parties that are relevant to the QMS and the requirements of
ISO the interested parties. The organization shall monitor and review this information. ob
4.2
ISO/API *Requirement: The QMS shall include evidence of provisions for continual improvement.
yes
4.4.1/4.3.1
ISO/API *Requirement: The QMS shall include provisions to communicate performance measures to everyone in the organization.
yes
7.4/4.1.5
ISO/API Requirement: The QMS shall include quality records required by the standards.
yes
7.5.1/4.5
1.2 Quality Manual - Does the quality manual include: Obtain copy or review Doc. #
**Requirement: The Quality Manual shall include the manner in which the organization addresses each specific requirement
ISO/API of the applicable technical specification. (Includes legal (statutory and regulatory) and other applicable requirements to
which the organization claims compliance that are needed to achieve product conformity) yes
4.2/4.4.1

**Requirement: The Quality Manual shall include the scope of the quality management system including details of and
ISO/API
justification for exclusions. mi
4.3/4.4.1
COMPLY CORRECTION DATE
Quality Management System LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

1.3 Control of Documents - (Documented Information) Is there a documented procedure requiring that: Review Doc. #
Requirement: The Control of Documents Procedure shall address changes to documents to be reviewed and approved prior
ISO/API to issue and use. ob
7.5.2/4.4.3
ISO/API Requirement: The Control of Documents Procedure shall address how documents are reviewed, updated, and re-approved.
yes
7.5.2/4.4.3
ISO/API Requirement: The Control of Documents Procedure shall address the status of changes and revisions.
mi
7.5.2/4.4.3
ISO/API Requirement: The Control of Documents Procedure shall address relevant versions are available where the activity is being pe
ob
7.5.3/4.4.3
ISO/API Requirement: The Control of Documents Procedure shall address how documents are to be legible and readily identifiable.
yes
7.5.3/4.4.3
ISO/API Requirement: The Control of Documents Procedure shall address how external documents are identified, and their distribution i
yes
7.5.3/4.4.4
ISO/API Requirement: The Control of Documents Procedure shall address how obsolete documents are not used by mistake and are ident
yes
7.5.3/4.4.3
1.4 Control of Quality Records (Retained documented information) Doc # Retention List Doc #
The Control of Records Procedure shall address how quality records, including those originating from outsourced activities,
ISO/API are maintained and controlled to provide evidence of conformity to requirements and the effective operation of the QMS. yes
7.5.3/4.5
ISO/API Requirement: The Control of Records Procedure shall address how quality records are to be legible and retrievable.
yes
7.5.3/4.5
Requirement: The Control of Records Procedure shall address a documented procedure defining the controls needed for the
ISO/API
identification, collection, storage, protection, retrieval, retention time and disposition of quality. yes
7.5.3/4.5
Business Unit - Full Audit System
Observations Minor Major % Compliant
1 Quality Management System Activities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
1.1 General 7 1 6 1 5 0 6 50.0% 2228.6%
1.2 Quality Manual 2 0 2 1 1 0 2 0.0% 800.0%
1.3 Control of Documents 7 2 5 1 6 0 7 42.9% 2262.5%
1.4 Control of Quality Records 3 0 3 0 3 0 3 100.0% #DIV/0!
Totals 19 3 16 3 15 0 18 44.7% 2219.0%

Scoring % Compliant (Audit Score) % Compliant (Correction Score) Total Audit Score Total Correction Score

2500.0%
86 - 100%
2229% 2263%
2219%
71 - 85%
2000.0%
0 - 70%

1500.0%

1000.0%
800%

500.0%

100%
50% 43%
0.0% 45%
0%
General Quality Manual Control of Documents Control of Quality Records
COMPLY CORRECTION DATE
Management Responsibility LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
2.1 Management / Leadership commitment - Top management shall demonstrate leadership and commitment with respect to the QMS by:
ISO/API Requirement: Taking accountability for the effectiveness of the QMS
yes
5.1/4.2
Requirement: Ensuring the quality policy and quality objectives are established including KPIs for use in data analysis for the QMS and are
ISO/API compatible with the context and strategic direction of the organization. yes
5.1/4.2
*Requirement: Ensuring the integration of the QMS into the organization's business processes.
ISO/API
yes
5.1/4.2

*Requirement: Promoting the use of the process approach and risk-based thinking.
ISO/API
ob
5.1/4.2

ISO/API Requirement: Ensuring the resources needed for the effective implementation of the QMS are available.
mi
5.1/4.2-4.3
ISO/API Requirement: Communicating the importance of effective quality management and of conforming to the QMS requirements.
yes
5.1/4.2
ISO/API Requirement: Ensuring the QMS achieves its intended results. (Also see Management Review)
yes
5.1/4.2
ISO/API Requirement: Engaging, directing and supporting persons to contribute to the effectiveness of the QMS.
yes
5.1/4.2
ISO/API Requirement: Promote improvement.
ob
5.1/4.2
ISO/API Requirement: Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
yes
5.1/4.2
ISO/API Requirement: Defining and documenting responsibilities, authorities and accountabilities of personnel and communicate throughout the
5.1/4.2.1 organization. yes

2.2 Customer Focus - Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
ISO/API *Requirement: Customer and applicable statutory and regulatory requirements are determined, understood and consistently met.
yes
5.1.2/4.1.5
*Requirement: The risks and opportunities that can affect conformity of products and services and the ability to enhance customer
ISO/API satisfaction are determined and addressed. ob
5.1.2/4.1.5

ISO/API Requirement: The focus on enhancing customer satisfaction is maintained.


yes
5.1.2/4.1.5
2.3 Quality Policy - Top management shall establish, implement and maintain a quality policy that:
ISO/API **Requirement: Top management shall approve a documented Quality Policy.
yes
5.2/4.1.2
ISO/API Requirement: Is appropriate to the purpose and context of the organization and supports its strategic direction.
yes
5.2/4.1.2
Requirement: The Quality Policy shall include a commitment to comply with requirements and will continue to improve the effectiveness of
ISO/API the QMS. yes
5.2/4.1.2

ISO/API Requirement: The Quality Policy shall include a framework for establishing and reviewing quality objectives.
yes
5.2/4.1.2
Requirement: Is available and maintained as documented information (record); be communicated, understood and applied within the
ISO/API organization; be available to relevant interested parties, as appropriate. yes
5.2/4.1.2

ISO/API Requirement: The Quality Policy shall be reviewed for continuing suitability. (See Management Review)
yes
5.2/4.1.2
2.4 Quality Objectives - The organization shall:
COMPLY CORRECTION DATE
Management Responsibility LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
Requirement: Top management shall ensure quality objectives, including those needed to meet requirements for the product, are established
ISO/API at relevant functions and levels within the organization to enhance customer satisfaction. yes
6.2/4.1.3
ISO/API Requirement: Quality objectives shall be measurable and consistent with the quality policy.
yes
6.2/4.1.3
Requirement: Quality objectives shall be measurable; be measurable; be communicated; be updated, as appropriate and documented
ISO/API information (records) maintained. ob
6.2/4.1.3
2.5 Quality management system planning -
Requirement: Does top management ensure that criteria and methods needed for the operation and control of all QMS processes are
ISO/API
determined, management and effective and planning of the QMS is carried out in order to meet the requirements of the standards? yes
5.4.2/4.1.4

ISO/API Requirement: When planning the QMS does top management take actions to address risk and opportunities?
ob
6.1/5.11
ISO Requirement: When the organization determines the need for changes to the QMS, the changes shall be carried out in a planned manner.
yes
6.3
COMPLY CORRECTION DATE
Management Responsibility LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
2.6 Management representative/Organizational roles, responsibilities and authorities
Requirement: Top management shall appoint a member of management who, irrespective of other responsibilities, will have responsibility
ISO/API and authority. yes
5.5.2/4.2.3
Requirement: The appointed member of management shall ensure processes needed for the QMS are established, implemented,
ISO/API maintained and conforms to the requirements of the applicable standards. yes
5.5.2/4.2.3
Requirement: The appointed member of management shall reports to top management on the performance and needed improvements of the
ISO/API QMS. yes
5.5.2/4.2.3
Requirement: The appointed member of management shall ensure customer requirements are made aware and are promoted throughout the
ISO/API organization. yes
5.5.2/4.2.3
Requirement: The appointed member of management shall ensure that the integrity of the QMS is maintained when changes to the QMS are
ISO/API planned and implemented. ob
5.5.2/4.2.3
2.7 Internal / External communication
Top management shall ensure appropriate communication processes are established and communicated regarding the effectiveness of the
ISO/API QMS including on what, when, with whom, how to and who communicates. yes
7.4/4.1.5
Have processes been established to ensure that the importance of meeting customer, legal, results of analysis of data, and other applicable
ISO/API requirements been communicated at relevant functions within the organization. yes
7.4/4.1.5
2.8 Management review Doc #
ISO/API Requirement: Top management shall review the QMS at planned intervals to ensure its continuing suitability, adequacy, and effectiveness.
mi
9.3/6.5
API ** Top management must conduct an annual management review.
yes
6.5
Requirement: The management review shall include assessment of opportunities for improvement and needed changes to the QMS
API including the policy and objectives. ob
6.5

ISO/API Requirement: Records from management reviews shall be maintained.


yes
9.3/6.5
2.9 Review Input - Does the input to management review include: Doc. #
ISO/API Requirement: Effectiveness and status of actions taken from previous management review.
yes
9.3/6.5.2
ISO/API Requirement: Changes in external and internal issues that are relevant to the QMS
ob
9.3/6.5.2
ISO/API Requirement: Status of corrective and preventive actions
ob
9.3/6.5.2
ISO/API Requirement: Changes that could affect the QMS, including changes to legal and other applicable requirements (e.g. industry standards)
ob
9.3/6.5.2
ISO/API Requirement: Analysis of customer satisfaction and feedback from relevant interested parties
yes
9.3/6.5.2
ISO/API Requirement: The extent to which quality objectives have been met
yes
9.3/6.5.2
ISO/API Requirement: Analysis of supplier performance
yes
9.3/6.5.2
ISO/API Requirement: Review and analysis of product conformity, including nonconformances identified after delivery and use
yes
9.3/6.5.2
ISO/API Requirement: Results of audits
yes
9.3/6.5.2
ISO/API Requirement: Process performance
yes
9.3/6.5.2
COMPLY CORRECTION DATE
Management Responsibility LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
ISO/API Requirement: Inputs to the management review shall include results of risk assessments.
ob
9.3/6.5.2
ISO/API Requirement: The adequacy of resources
ob
9.3/6.5.2
ISO/API Requirement: Opportunities and recommendations for improvement.
ob
9.3/6.5.2
2.10 Review output - Does the output from the management review include any decisions and actions related to:
ISO/API Requirement: Assessment of the effectiveness of the QMS and any needed or required changes including decisions and required actions
ob
9.3/6.5.2
ISO/API Requirement: Improvement made to products and to customer requirements.
ob
9.3/6.5.2
ISO/API Requirement: Needed resources.
yes
9.3/6.5.2
ISO/API Requirement: Opportunity for improvement.
yes
9.3/6.5.2
ISO/API Requirement: Approved by top management and documented information retained.
yes
9.3/6.5.2
Business Unit - Full Audit System
Observations Minor Major % Compliant
2 Management Responsibility Activities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
2.1 Management Commitment 11 2 9 1 0 0 10 63.6% 2612.5%
2.2 Customer Focus 2 1 1 0 2 0 2 75.0% 5300.0%
2.3 Quality Policy 6 0 6 0 6 0 6 100.0% #DIV/0!
2.4 Quality Objectives 3 1 2 0 3 0 3 83.3% 8000.0%
2.5 QM System Planning 3 1 2 0 3 0 3 83.3% 8000.0%
2.6 Management Representative 5 1 4 0 5 0 5 90.0% 13400.0%
2.7 Internal Communication 5 1 2 0 2 0 2 90.0% 5400.0%
2.8 Management Review 4 1 3 1 3 0 4 12.5% 1442.9%
2.9 Review Input 13 6 7 0 13 0 13 76.9% 5750.0%
2.10 Review Output 5 2 3 0 5 0 5 80.0% 6650.0%
Totals 57 16 39 2 42 0 53 75.4% 4825.0%

Scoring % Complaint (Audit Score) % Complaint (Correction Score) Total Audit Score Total Correction Score

2613% 5300% 8000% 8000% 13400% 5400% 1443% 5750% 6650%


86 - 100% 120.0%

71 - 85% 100%
100.0% 4825%
90% 90%
0 - 70% 83% 83%
80%
80.0% 75% 77%

64%
60.0%

40.0%

20.0% 13%

0.0% 75%
COMPLY CORRECTION DATE
Risk Management LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

3.1 Risk Identification


*Requirement: A system shall be in place to identify risks associated with the techniques, tools and their application for risk identification,
assessment, and mitigation of the risk, manage the risks to acceptable levels and to be explained and understood by all employees.
ISO/API
na
6.1/5.3 How is this being done?
Evidence:
Finding:
Requirement: Risk assessment associated with product delivery shall include facility/equipment availability and maintenance.
ISO/API
na
6.1/5.3 Evidence:
Finding:
Requirement: Risk assessment associated with product delivery shall include supplier performance and material availability/supply.
ISO/API
na
6.1/5.3 Evidence:
Finding:
Requirement: Risk assessment associated with product quality shall include, as applicable: Delivery of nonconforming product.
ISO/API
na
6.1/5.3 Evidence:
Finding:
Requirement: Risk assessment associated with product quality shall include, as applicable: Availability of competent personnel.
ISO/API
na
6.1/5.3 Evidence:
Finding:
Requirement: What type of records are maintained as a result of assessment and management of the product and processes including
ISO/API actions taken?
na
6.1/5.3 Evidence:
Finding:
3.2 Contingency Planning
Requirement: A Contingency Planning Procedure shall be implemented to address the risk associated with the impact on delivery and quality
ISO/API of the product.
na
6.1.2/5.5 Evidence:
Finding:
Requirement: The Contingency Planning Procedure shall address actions required in response to significant risk scenarios to mitigate effects
ISO/API of disruptive incidents.
6.1.2/5.5. na
Evidence:
2
Finding:
Requirement: The Contingency Planning Procedure shall address identification and assignment of responsibilities and authorities.
ISO/API
Evidence: na
6.1.25.5.2
Finding:
ISO/API Requirement: The Contingency Planning Procedure shall address: Internal and External communication controls.
6.1.2/5.5. Evidence: na
2 Finding:
ISO/API Requirement: The Contingency Planning Procedure shall address: How outputs are documented, communicated and addressed.
6.1.2/5.5. Evidence: na
2 Finding:
3.3 Management of Change
Requirement: A Management of Change process shall be established by the organization.
ISO/API
Verify knowledge and understanding of the requirement
6.1.2/5.11 na
Evidence:
(8.5.6)
Finding:
Requirement: The MOC process shall address processes that may negatively impact the quality of the product and changes in the
organizational structure.
ISO/API
na
6.1.2/5.11 Verify in-process or completed MOCs for organizational structure.
Evidence:
Finding:
Requirement: The MOC process shall address processes that may negative impact the quality of the product and changes in key or essential
personnel.
ISO/API
na
6.1.2/5.11
COMPLY CORRECTION DATE
Risk Management LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
ISO/API
na
6.1.2/5.11 Verify in-process or completed MOCs for changes in key or essential personnel.
Evidence:
Finding:

Requirement: The MOC process shall address processes that may negative impact the quality of the product and changes in critical suppliers.
ISO/API
na
6.1.2/5.11 Verify in-process or completed MOCs for changes in critical suppliers.
Evidence:
Finding:
Requirement: The MOC process shall address processes that may negative impact the quality of the product and changes in the
management system including changes resulting from corrective and preventive actions.
ISO/API
na
6.1.2/5.11 Verify in-process or completed MOCs for changes in the management system.
Evidence:
Finding:
3.4 MOC Notification
Requirement: Relevant personnel, including the customer when required, shall be notified of changes in residual or new risks due to changes
that have been initiated by the facility or requested by the customer.
API
Verify the relevant personnel were notified of changes. na
5.11
Evidence:
Finding:
Requirement: Records of MOCs shall be maintained and stored.
ISO/API Review MOCs and verify storage location.
na
8.5.6/5.11 Evidence:
Finding:
Business Unit - Full Audit System
Observations Minor Major % Compliant
3 Risk Management Activities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
3.1 Risk Identification 0 0 6 0 6 0 6 NA NA
3.2 Hazard Control 0 0 5 0 5 0 5 NA NA
3.3 Management of Change 0 0 5 0 5 0 5 NA NA
3.4 Achievement of Objectives 0 0 2 0 2 0 2 NA NA
Totals 0 0 18 0 18 0 18 NA NA

Scoring % Compliant (Audit Score) % Compliant (Correction Score) Total Audit Score Total Correction Score

1200.0%
86 - 100%

71 - 85% 1000.0%

0 - 70%
800.0%

600.0%

400.0%

200.0%

0.0%
Risk Identification Hazard Control Management of Change Achievement of Objectives
COMPLY CORRECTION
Resource Management LEVEL
RESPONSIBLE PARTY
TARGET DATE

4.1 Provision of resources - Organizational Knowledge


###
*Requirement: The organization shall determine and allocate the resources needed to implement, maintain, and improve the effectiveness of
ISO/API the requirements of the QMS. yes
7.1/4.3.1
###
ISO/API *Requirement: The organization shall consider the capabilities of, and constraints on, existing internal resources
yes
6.14.1/4.3.1 ###
ISO/API Requirement: The organization shall consider what needs to be obtained from external providers.
yes
6.14.1/4.3.1 ###
Requirement: The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of
ISO products and services. This Knowledge shall be maintained and be made available to the extent necessary. yes
7.1.6
###
Requirement: When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to
ISO acquire or access any necessary additional knowledge and required updates. yes
7.1.6
###
4.2 ###
Human Resources - General
API *Requirement: Job responsibilities shall be developed and verified with each employee.
### yes
4.3.2
Requirement: The organization shall determine and provide the persons necessary for the effective implementation of its QMS and for the
ISO operation and control of its processes. ob
7.1.2
###
4.3 ###
Competence, Awareness and Training
*Requirement: The organization shall determine the necessary competence of person(s) doing work under its control that affect the
performance and effectiveness of the QMS. Personnel shall be competent based on the appropriate education, training, skills, and
ISO/API
experience needed to meet product and customer requirements. Evidence of the determination of competence of personnel shall be ma
7.2/4.3.2.3
recorded and maintained.
###
ISO/API **Requirement: Training needs and the frequency of training shall be identified and provided including IMS and specific job skills.
ob
6.2.2/4.3.2.3 ###
ISO/API Requirement: Training or other actions shall be provided to satisfy the needs of the QMS.
ob
7.2/4.3.2.3 ###
ISO/API Requirement: The effectiveness of training shall be evaluated.
ob
7.2/4.3.2.3 ###
ISO/API Requirement: Personnel shall be made aware of the quality policy and relevant quality objectives.
ob
7.3/4.3.2.3 ###
Requirement: Personnel shall be made aware of the relevance and the importance of their activities and how they contribute to the
ISO/API achievement of the quality objective and the implications of not conforming with the QMS. ob
7.3/4.3.2.3
###
ISO/API Requirement: Appropriate records shall be maintained of education, training, skills and experience for all employees.
ob
7.2/4.3.2.3 ###
4.4 ###
Environment for the operation of processes
Requirement: The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to
ISO achieve conformity of product and services. yes
7.1.3
###
4.5 ###
Work environment - Infrastructure
ISO/API Requirement: The work environment shall be managed to achieve conformity to product requirements.
na
7.1.4/4.3.3 ###
DATE
CORRECTED
Business Unit - Full Audit System
Observations Minor Major % Compliant
4 Resource Management Activities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
4.1 Provision of Resources 5 0 5 0 5 0 5 100.0% #DIV/0!
4.2 Human Resources - General 2 1 1 0 2 0 2 75.0% 5300.0%
4.3 Competence, Awareness and Training 7 6 1 0 7 1 6 0.0% 626.9%
4.4 Environment 1 0 1 0 1 0 1 100.0% #DIV/0!
4.5 Work Environment 0 0 5 0 5 0 5 NA NA
4.6 Preventive Maintenance 0 0 5 0 5 0 5 NA NA
Totals 15 7 18 0 25 1 24 10.0% 2400.0%

Scoring % Complaint (Audit Score) % Complaint (Correction Score) Total Audit Score Total Correction Score

6000.0%
86 - 100%
5300%
71 - 85%
5000.0% 2400%

0 - 70%

4000.0%

3000.0%

2000.0%

1000.0%
627%

100% 75% 100%


0.0% 10%
0%
Provision of Resources Human Resources - Competence, Awareness Environment Work Environment Preventive Maintenance
General and Training
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.1 Planning of Product Realization Doc. #


Requirement: A process shall be developed and in place for product realization consistent with the requirement of the other processes of the
ISO/API QMS. yes
8.1/5.2
Requirement: Planning shall be conducted and documented by the organization to address required resources and work environment
ISO/API management. yes
8.1/5.2

ISO/API Requirement: Planning shall be conducted and documented by the organization to address product and customer-specified requirements.
yes
8.1/5.2
ISO/API Requirement: Planning by the organization shall address: Legal and other applicable requirements.
yes
8.1/5.2
ISO/API Requirement: Planning by the organization shall address: Contingencies based on risk assessment.
ob
8.1/5.2
ISO/API Requirement: Planning by the organization shall address: Design and Development.
yes
8.1/5.2
Requirement: Planning by the organization shall address: Required verification, validation, monitoring, measurement, inspection, and test
ISO/API activities specific to the product and the criteria for product acceptance. yes
8.1/5.2

ISO/API Requirement: Planning by the organization shall address: Management of Change.


yes
8.1/5.2
Requirement: Planning by the organization shall address: Records needed to provide evidence that the product realization process meets the
ISO/API requirement. yes
8.1/5.2
5.2 Contract Review - Determination of requirements related to the product - The organization shall determine:
ISO/API Requirement: Requirements specified by the customer.
yes
8.2.2/5.1.2
ISO/API Requirement: Legal and other applicable requirements.
yes
8.2.2/5.1.2
ISO/API Requirement: Requirements not stated by the customer but considered necessary by the organization for the provision of the product
yes
8.2.2/5.1.2
Requirement: Where the customer provides no documented statement of the requirement, the customer requirements shall be confirmed by
ISO/API the organization and records maintained. yes
8.2/5.1.2
5.3 Review of requirements related to the product
ISO/API *Requirement: A standardized contract review process shall be developed and implemented.
yes
8.2.3/5.1.3
Requirement: The organization shall review the requirements related to provision of products. The review shall be conducted prior to the
ISO/API organization's commitment to deliver product to the customer and shall ensure yes
8.2.3/5.1.3

ISO/API Requirement: Requirements specified by the customer are identified and documented including delivery and post delivery activity.
yes
8.2.3/5.1.3
ISO/API Requirement: Requirements differing from those previously identified are resolved
yes
8.2.3/5.1.3
ISO/API Requirement: The organization has the capability to met the documented requirements.
yes
8.2.3/5.1.3
Requirement: Where contract requirements are changed, the organization shall ensure that relevant documents are amended and that
ISO/API relevant personnel are made aware of the changed requirements. yes
8.2.3/5.1.3

ISO/API Requirement: Records of the results of the review, including resulting actions, shall be maintained.
yes
8.2.3/5.1.3
ISO/API Requirement: Statutory and regulatory requirements applicable to the product and services
yes
8.2.3/5.1.3
Requirement: When product requirements are changed, the business unit shall ensure relevant documents are amended, and relevant
ISO/API
personnel is made aware of the changed requirements. yes
8.2.4/5.1.3
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.4 Customer Communication


ISO/API *Requirement: A process shall be developed and implemented for communicating NOV facility's successes to our customers.
yes
8.2.1/4.1.5.2
ISO/API Requirement: Effective arrangements for communicating with customers shall be made in relation to product information.
yes
8.2.1/4.1.5.2
Requirement: Effective arrangements for communicating with customers shall be made in relation to inquiries, contracts or order handling,
ISO/API
including amendments. yes
8.2.1/4.1.5.2
Requirement: Effective arrangements for communicating with customers shall be made in relation to Customer feedback, including customer
ISO/API complaints. yes
8.2.1/4.1.5.2

Requirement: Effective arrangements for communicating with customers shall be made when required by contract to provide information
ISO/API required by product quality plans and subsequent changes to those plans. Establishing specific requirements for contingency plans, when
yes
8.2.1/4.1.5.2 relevant.

5.5 Design and development planning


ISO/API Requirement: The organization shall maintain a documented procedure to plan and control the design and development of the product. yes
8.3.2/5.4.1
ISO/API Requirement: The requirements for a final review of the design shall be determined.
yes
8.3.2/5.4.1
ISO/API Requirement: The procedure shall identify the plan(s), including plan updates, used for design development.
yes
8.3.2/5.4.1
Requirement: The procedure shall identify the design and development stages including reviews. The organization shall also consider the
ISO/API nature, duration and complexity of the design and development activities. yes
8.3.2/5.4.1
Requirement: The procedure shall identify the internal and external resources, responsibilities, authorities, and their interfaces to ensue
ISO/API effective communication. yes
8.3.2/5.4.1
Requirement: The procedure shall identify the review, verification, and validation activities necessary to complete each design and
ISO/API development stage yes
8.3.2/5.4.1
Requirement: The need for involvement of customers and users in the design and development process and the requirements for
ISO/API subsequent provision of products and services. yes
8.3.2/5.4.1

ISO/API Requirement: The procedure shall identify the final review of the design
yes
8.3.2/5.4.1
ISO/API Requirement: The level of control expected for the design and development process by customers and relevant interested parties.
yes
8.3.2/5.4.1
Requirement: When the design and development activities are performed at different locations within the same organization, the procedure
ISO/API shall identify the controls required to ensure that the designs meet the requirements stated above. na
8.3.2/5.4.1
Requirement: When design and development are outsourced, the organization shall ensure the supplier meets the requirements outlined in
ISO/API purchasing. yes
8.3.2/5.4.1
ISO/API Requirement: The documented information (records) needed to demonstrate that design and development requirements have been met.
yes
8.3.2/5.4.1
5.6 Design and development inputs - Are there records of inputs relating to product requirements that include:
ISO/API **Requirement: Product design inputs shall be identified, documented reviewed for adequacy and lack of conflict.
yes
8.3.3/5.4.2
ISO/API **Requirement: Product design inputs shall include customer specified requirements.
yes
8.3.3/5.4.2
ISO/API Requirement: Product design input requirements shall be provided from external sources, including API product specifications.
yes
8.3.3/5.4.2
ISO/API Requirement: Applicable legal, statutory and regulatory product input requirements shall be determined and documented.
yes
8.3.3/5.4.2
Requirement: Historical performance inputs where applicable, information derived from previous similar designs shall be determined and
ISO/API documented. yes
8.3.3/5.4.2
COMPLY CORRECTION DATE
ISO/API
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
yes
8.3.3/5.4.2

ISO/API Requirement: Other inputs and requirements essential for design and development of the product shall be determined and documented.
yes
8.3.3/5.4.2
Requirement: Methodology, assumptions, and formulae documentation shall be determined and documented for product design and
ISO/API development. (Functional and performance requirements). Potential consequences of failure due to the nature of the product and services
shall be considered. yes
8.3.3/5.4.2

ISO/API Requirement: Results from risk assessments (See risk section)


ob
8.3.3/5.4.2
ISO/API Requirement: Records of product design inputs shall be maintained.
yes
8.3.3/5.4.2
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.7 Design and development outputs


Requirement: Outputs of design and development shall be documented in a form that enables verification to the design and development
ISO/API inputs. yes
8.3.5/5.4.3

ISO/API Requirement: Provide appropriate information for purchasing production and servicing.
yes
8.3.5/5.4.3
ISO/API Requirement: Identify or reference design acceptance criteria (DAC)
yes
8.3.5/5.4.3
ISO/API Requirement: Include identification of, or reference to, products and/or components deemed critical to the design
yes
8.3.5/5.4.3
ISO/API Requirement: Include results of applicable calculations
yes
8.3.5/5.4.3
ISO/API Requirement: Specify the characteristics of the product that are essential for its safe and proper use.
yes
8.3.5/5.4.3
ISO/API Requirement: Records of the design outputs shall be maintained.
yes
8.3.5/5.4.3
5.8 Design and Development Review
ISO/API **Requirement: The final design review shall be conducted, documented and approved by someone who did not develop the design.
mi
8.3.4/5.4.4
Requirement: Systematic reviews shall be conducted and shall evaluate the ability of the design and development activity to fulfill
ISO/API requirements. ob
8.3.4/5.4.4

ISO/API Requirement: The systematic review shall identify any problems and propose necessary actions.
ob
8.3.4/5.4.4
ISO/API Requirement: Representatives of functions concerned with the design and development stage review shall be included.
ob
8.3.4/5.4.4
ISO/API Requirement: Records of the results of the reviews and any necessary actions shall be maintained.
ob
8.3.4/5.4.4
5.9 Design and Development Verification
ISO/API Requirement: Verification shall be performed to ensure design and development outputs satisfy the design and development input requirements
yes
8.3.4/5.4.5
ISO/API Requirement: Records of the results of the verification and any necessary actions shall be maintained.
yes
8.3.4/5.4.5
5.10 Design and Development Validation and Approval
Requirement: Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting
ISO/API product is capable of fulfilling the requirements for the specified or known intended use or application. yes
8.3.4/5.4.6

ISO/API Requirement: Validation shall be completed prior to the delivery or implementation of the product when possible.
yes
5.4.6
ISO/API Requirement: Records of the results of validation and any necessary actions shall be maintained.
yes
5.4.6
ISO/API Requirement: The completed design shall be approved after validation.
yes
5.4.6
ISO/API Requirement: Final approval of the design shall be completed by competent individual(s) independent of the person(s) who developed the desi
yes
5.4.6
ISO/API Requirement: Records of design and development validation, approval, and necessary actions shall be maintained.
yes
8.3.4/5.4.6
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.11 Design and Development Changes


ISO/API **Requirement: Design and development changes shall have the same controls as the original design.
yes
8.3.6/5.4.7
ISO/API Requirement: Design and development changes shall be identified, authorized and records shall be maintained.
yes
8.3.6/5.4.7
ISO/API Requirement: Changes shall be reviewed, verified and validated, as appropriate, and approved before implementation.
yes
8.3.6/5.4.7
Requirement: Review of design and development changes shall include evaluation of the effect of the changes on constituent parts and
ISO/API delivered product and actions taken to prevent adverse impacts. yes
8.3.6/5.4.7

ISO/API Requirement: Records of the results of the review of changes and any necessary actions shall be maintained.
yes
8.3.6/5.4.7
5.12 Purchasing - Control of externally provided resources, product and services
Requirement: A process shall be developed and implemented to ensure purchased product or outsourced activities conform to specific
ISO/API requirements for procured goods and services. ob
8.4.1/5.6.1

ISO/API Requirement: Purchased products shall conform to specified requirements.


na
8.4.1/5.6.1
Requirement: The type and extent of controls applied to the supplier, and to the purchased products, shall depend on the effect of the
ISO/API purchased product on subsequent product realization or the final product. Including product or services provided directly to the customer(s)
by external providers on behalf of the organization. mi
8.4.1/5.6.1

ISO/API Requirement: The determination of criticality of activities or products as applicable to conformance of product or customer specifications.
yes
8.4.1/5.6.1
Requirement: The initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the
ISO/API
organization's requirements. ob
8.4.1/5.6.1.1

ISO/API Requirement: The type and extent of control applied to the supplier based on the criticality of the product or activity.
ob
8.4.2/5.6.1
ISO/API Requirement: The criteria, scope, frequency, and methods for a reassessment of suppliers. ob
8.4.2/5.6.1
ISO/API Requirement: The facility shall maintain a list of approved suppliers and scope of approval. ob
8.4.2/5.6.1
ISO/API Requirement: The type and extent of control to be applied to outsourced activities. ob
8.4.2/5.6.1
Requirement: The Initial Supplier Evaluation - For purchases of critical products, components or activities, the criteria for the initial evaluation
ISO/API
of suppliers by the organization shall be site-specific for each supplier and shall include below. ob
8.4.2/5.6.1

Requirement: The Initial Supplier Evaluation - Critical Purchases shall include the verification that the supplier's quality management system
ISO/API
conforms to the quality system requirements specified for supplier's by the organization. ob
8.4.2/5.6.1

Requirement: The Initial Supplier Evaluation - Critical Purchases shall include the assessment of the supplier to ensure the capability to meet
ISO/API
the desired purchasing requirements. ob
8.4.2/5.6.1

Requirement: The Initial Supplier Evaluation - Critical Purchases shall include: Assessment of the supplier by performing an on-site
ISO/API
evaluation of relevant activities. ob
8.4.2/5.6.1

Requirement: The Initial Supplier Evaluation - Critical Purchases shall include: Assessment of the supplier by performing first article
ISO/API
inspection to ensure conformance to stated requirements. ob
8.4.2/5.6.1.2

Requirement: The Initial Supplier Evaluation - Critical Purchases shall include: Identifying how the supplied product conforms to stated
ISO/API
requirements when limited by proprietary, legal, and/or contractual arrangements? ob
8.4.2/5.6.1.2

Requirement: The Initial Supplier Evaluation - Noncritical Purchases shall include: Verification of the supplier's quality management system
ISO/API
conforms to the quality system requirements specified for supplier's by the organization? ob
8.4.2/5.6.1.2
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

Requirement: The Initial Supplier Evaluation - Noncritical Purchases shall include: Identifying how the supplied product conforms to stated
ISO/API
requirements when limited by proprietary, legal, and/or contractual arrangements? ob
8.4.2/5.6.1.2

Requirement: The Initial Supplier Evaluation - Noncritical Purchases shall include: Assessment of the supplier to meet the organization's
ISO/API
purchasing requirements? ob
8.4.2/5.6.1.2

Requirement: The Initial Supplier Evaluation - Noncritical Purchases shall include: Assessment of the product upon delivery or activity upon
ISO/API
completion? ob
8.4.2/5.6.1.2

Requirement: The Initial Supplier Evaluation - Noncritical Purchases shall include: Identifying how the supplied product conforms to stated
ISO/API
requirements when limited by proprietary, legal, and/or contractual arrangements? ob
8.4.2/5.6.1.2

ISO/API Requirement: Critical and Noncritical suppliers shall be reevaluated following 5.6.1.3 ob
8.4.2/5.6.1.2
ISO/API Records of all evaluations and actions arising from evaluations shall be maintained. ob
8.4.2/5.6.1.2
ISO/API Requirement: A list of outsourced activities shall be maintained.
yes
8.4.2/5.6.1.2
Requirement: When an activity has been outsourced, the facility shall ensure that all applicable elements of the quality management system
ISO/API
are satisfied and maintain responsibility for product conformance to specified requirements, including API. na
8.4.2/5.6.1.2

ISO/API Requirement: Records of outsourced activities shall be maintained. na


8.4.2/5.6.1.2
5.13 Purchasing Information
Requirement: The organization shall ensure the adequacy of specified purchasing information prior to communication to the supplier.
ISO/API Purchasing information provided to the supplier shall be documented and adequately describe the product or activity to be purchased,
including acceptance criteria and where appropriate. yes
8.4.3/5.6.2

ISO/API Requirement: Requirements for approval of supplier's procedures, processes, equipment, product and services and their release.
yes
8.4.3/5.6.2
Requirement: Purchasing information shall include an applicable version of the specification, drawing, process requirements, inspection
ISO/API instructions, traceability, procedure(s), and other relevant technical data, etc. yes
8.4.3/5.6.2

Requirement: Information describing the product to be purchased shall include where appropriate: Requirements for qualification of supplier's
ISO/API
personnel, where appropriate. yes
8.4.3/5.6.2

Requirement: Verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises.
ISO/API
na
8.4.3/5.6.2

ISO/API Requirement: Control and monitoring of the external providers' performance to be applied by the organization.
ob
8.4.3/5.6.2
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.14 Verification of Purchased Product Doc. #


ISO/API **Requirement: Control features shall be established for verification of purchased product.
yes
8.6/5.6.3
Requirement: Inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements shall be
ISO/API implemented. yes
8.6/5.6.3
Requirement: Where it is intended to perform verification at the suppliers' premises, the intended verification arrangements and method of
ISO/API product release shall be stated in the purchasing information. yes
8.6/5.6.3

ISO/API Requirement: Evidence shall be provided to ensure purchased products and activities conform to specified requirements.
yes
8.6/5.6.3
ISO/API Requirement: Records of verification activities shall be maintained.
yes
8.6/5.6.3
5.15 Production and Service Provision Doc. #
ISO/API *Requirement: The organization shall maintain a documented procedure that describes controls associated with the production of product.
na
8.5.1/5.7.1
Requirement: Control features shall be established to control production and service activities including the implementation of actions to
ISO/API prevent human errors. na
8.5.1/5.7.1

**Requirement: Process controls shall be documented in routings, travelers, checklists, processes sheets, etc. including the required
ISO/API
inspection activities. na
8.5.1/5.7.1.3
Requirement: The documented process controls shall include or reference instructions and acceptance criteria for processes, tests,
ISO/API inspections, and required customer's inspection hold and witness points. na
8.5.1/5.7.1.3

ISO/API Requirement: Product realization capability documentation shall include evidence of review and verification.
na
8.5.1/5.7.1.4
ISO/API Requirement: Product realization capability documentation shall include evidence of validation.
na
8.5.1/5.7.1.4
ISO/API Requirement: Product realization capability documentation shall include evidence of monitoring and measurement.
na
8.5.1/5.7.1.4
Requirement: Product realization capability documentation shall include evidence of inspection and test activities including criteria for product
ISO/API acceptance. na
8.5.1/5.7.1.4

ISO/API Requirement: Production and service provisions shall be performed under controlled conditions.
na
8.5.1/5.7.1
ISO/API Requirement: Controlled conditions shall include, as applicable: The availability of information that describes the characteristics of the product. na
8.5.1/5.7.1
ISO/API Requirement: Controlled conditions shall include, as applicable: The availability of work instructions, when applicable.
na
8.5.1/5.7.1
ISO/API Requirement: Controlled conditions shall include, as applicable: The implementation of the product quality plan, when applicable.
na
8.5.1/5.7.1
ISO/API Requirement: Controlled conditions shall include, as applicable: The availability and use of testing, monitoring, and measuring equipment.
na
8.5.1/5.7.1
ISO/API Requirement: Controlled conditions shall include, as applicable: The implementation of monitoring and measurement activities.
na
8.5.1/5.7.1
Requirement: Controlled conditions shall include, as applicable: The implementation of product release, including delivery and post-delivery
ISO/API activities. na
8.5.1/5.7.1
Requirement: Controlled conditions shall include, as applicable: Ensuring design requirements and related changes are satisfied, where
ISO/API applicable na
8.5.1/5.7.1

ISO/API Requirement: The organization maintain a documented procedure that describes controls associated with its servicing of products. na
8.5.5/5.7.1.2
Requirement: The procedure shall address: Review and implementation of the organization's, customer-specific, product servicing, and other
ISO/API servicing requirements. na
8.5.5/5.7.1.2
COMPLY CORRECTION DATE
ISO/API
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
na
8.5.5/5.7.1.2
ISO/API Requirement: The procedure shall address: The availability and use of suitable servicing, testing, monitoring, and measurement equipment.
na
8.5.5/5.7.1.2
ISO/API Requirement: The procedure shall address: The availability of work instructions, when applicable
na
8.5.5/5.7.1.2 Requirement: The procedure shall address: Ensuring identification and traceability requirements are maintained throughout the servicing
ISO/API process
na
8.5.5/5.7.1.2
ISO/API Requirement: The procedure shall address: The implementation of monitoring and measurement activities
na
8.5.5/5.7.1.2
ISO/API Requirement: The procedure shall address: Process control documents
na
8.5.5/5.7.1.2
ISO/API Requirement: The procedure shall address: Requirements for release of the product that was serviced
na
8.5.5/5.7.1.2
Requirement: In determining the extent of post-delivery activities that are required, the org. shall consider statutory and regulatory
ISO/API requirements. na
8.5.5/5.7.1.2
Requirement: In determining the extent of post-delivery activities that are required, the org. shall consider the potential undesired
ISO/API consequences associated with its product and services. na
8.5.5/5.7.1.2

Requirement: In determining the extent of post-delivery activities that are required, the org. shall consider the nature, use and intended
ISO/API
lifetime of its products and services na
8.5.5/5.7.1.2

Requirement: In determining the extent of post-delivery activities that are required, the org. shall consider customer requirements and
ISO/API customer feedback. na
8.5.5/5.7.1.2
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.16 Validation of Processes for Production and Servicing


**Requirement: Control features shall be established for the qualification and validation of special processes (NDE, Welding, Heat Treat,
ISO/API etc.) for production/service provisions. na
7.5.2/5.7.1.5
Requirement: Processes shall be validated for production and service provisions where the resulting output cannot be verified by subsequent
ISO/API monitoring or measurement. na
7.5.2/5.7.1.5
Requirement: Processes shall be validated that includes any processes where deficiencies become apparent only after the product is in use
ISO/API or the service has been delivered. na
7.5.2/5.7.1.5

ISO/API Requirement: Validation shall demonstrate the ability of these processes to achieve planned results and identification of acceptance criteria. na
7.5.2/5.7.1.5
ISO/API Requirement: Arrangements for these processes shall include, as applicable: Defined criteria for review and approval of the processes.
na
7.5.2/5.7.1.5
ISO/API Requirement: Do arrangements for these processes include, as applicable: Approval of equipment and qualification of personnel.
na
7.5.2/5.7.1.5
Requirement: Arrangements for these processes shall include, as applicable: Use of specific methods, including identified operating
ISO/API parameters; identification of acceptance criteria na
7.5.2/5.7.1.5

ISO/API Requirement: Arrangements for these processes shall include, as applicable: Requirements for records.
na
7.5.2/5.7.1.5
ISO/API Requirement: Arrangements for these processes shall include, as applicable: Revalidation.
na
7.5.2/5.7.1.5
5.17 Product Quality Plans
Requirement: Product quality plans shall be developed and include the processes of the quality management system and the resources to be
API applied to a product. na
5.7.2

API Requirement: The product quality plan by contract shall address: Description of the product to be manufactured.
na
5.7.2
Requirement: The product quality plan by contract shall address: Required processes and documentation, including, required inspections,
API tests, and records, for conformance with requirements. na
5.7.2

API Requirement: The product quality plan by contract shall address: Identification and reference to control of outsourced activities.
na
5.7.2
Requirement: The product quality plan by contract shall address: Identification of each procedure, specification, or other documented
API
referenced or used in each activity. na
5.7.2

Requirement: The product quality plan by contract shall address: Identification of the required hold, witness, monitor, and document review
API
points. na
5.7.2

API Requirement: Revisions to product quality plans shall be documented and approved to ensure customer requirements are met. na
5.7.2
5.18 Identification and Traceability Doc. #
**Requirement: Control features shall be established for product identification and traceability which include production status identification
ISO/API maintenance. na
8.5.2/5.7.3

ISO/API **Requirement: Control features shall be established for controlling the use of the API Monogram in accordance with the applicable standard. na
8.5.2/5.7.3

ISO/API Requirement: Where appropriate, the product shall be identified by suitable means throughout product realization, including delivery and post de
na
8.5.2/5.7.3
ISO/API Requirement: The product status shall be identified with respect to monitoring and measurement requirements.
na
8.5.2/5.7.3
ISO/API Requirement: Controls shall be developed and in place to ensure maintenance or replacement of identification and/or traceability marks.
na
8.5.2/5.7.3
ISO/API Requirement: Where traceability is a requirement, the unique identification of the product shall be controlled and recorded.
na
8.5.2/5.7.3
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.19 Customer Property - External Providers Doc. #


ISO/API **Requirement: Control features shall be established for control of property belonging to customers or external providers.
na
8.5.3/5.7.5
ISO/API Requirement: Care shall be taken with customer property while it is under control or being used.
na
8.5.3/5.7.5
Requirement: Customer property provided for use or incorporation into the product shall be identified, verified, protected, safeguarded,
ISO/API preserved, and maintained (pm maintenance). na
8.5.3/5.7.5
Requirement: If any customer property is lost, damaged or otherwise found to be unsuitable for use, shall be reported to the customer and
ISO/API records shall be maintained. na
8.5.3/5.7.5

ISO/API Requirement: Records of control and disposition of customer-supplied property shall be maintained.
na
8.5.3/5.7.5
COMPLY CORRECTION DATE
Product & Service Realization LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

5.20 Preservation of Product Doc. #


ISO/API **Requirement: Control features shall be established to preserve product conformity.
na
8.5.4/5.7.6
ISO/API **Requirement: Stock shall be checked at specified intervals to evaluate deterioration.
na
8.5.4/5.7.6
ISO/API Requirement: Conformity of product during internal processing and delivery to the intended destination shall be preserved.
na
8.5.4/5.7.6
ISO/API Requirement: Preservation of product shall include identification and traceability marks, transportation, handling, packaging, storage and protec
na
8.5.4/5.7.6
ISO/API Requirement: Preservation of product shall apply to the constituent parts of a product.
na
8.5.4/5.7.6
ISO/API Requirement: Designated storage areas or stock rooms shall be identified to prevent damage or deterioration of product prior to delivery.
na
8.5.4/5.7.6
ISO/API Requirement: Records of assessments of customer-supplied property shall be maintained.
na
8.5.4/5.7.6
5.21 Control of Monitoring and Measuring Devices Doc. #
Requirement: The organization shall determine the testing monitoring and measurement requirements and the associated equipment
ISO/API needed to provide evidence of conformity to those requirements. na
7.1.5.2/5.8

Requirement: The organization shall maintain a documented procedure in order to ensure that testing, measurements and monitoring
ISO/API equipment is calibrated and maintained and that the equipment is used in a manner that is consistent with monitoring and measuring
na
7.1.5.2/5.8 requirements.

Requirement: The procedure shall address: Unique identifier, calibration status, frequency of calibration, at specified intervals prior to use,
ISO/API traceability to international or nation measurement standards, where no such standard exists, that basis used for calibration or verification
shall be recorded. na
7.1.5.2/5.8

Requirement: The procedure shall address: Calibration and verification method, including adjustments and readjustments, as necessary;
ISO/API acceptance criterial na
7.1.5.2/5.8

ISO/API Requirement: Control of equipment identified as out-of-calibration in order to prevent unintended use
na
7.1.5.2/5.8
Requirement: Where necessary to ensure valid results, measuring equipment shall be: Calibrated or verified at specified intervals, or prior to
ISO/API use, against measurement standards traceable to international or national measurement standards. na
7.1.5.2/5.8

Requirement: When the equipment is found to be out of calibration, an assessment of the validity of previous measurements and actions to
ISO/API be taken on the equipment and product, including maintaining records and evidence of notification to the customer if suspect product has
been shipped. na
7.1.5.2/5.8

ISO/API Requirement: Testing and measuring equipment shall be calibrated or verified, or both, against measured standards
na
7.1.5.2/5.8

ISO/API Requirement: Testing and measuring equipment shall have calibration status identifiable by the user for activities being performed at all times. na
7.1.5.2/5.8
Requirement: Testing and measuring equipment shall Be safeguarded from adjustments that would invalidate the measurement results or the
ISO/API calibration status. na
7.1.5.2/5.8

ISO/API Requirement: Testing and measuring equipment shall be protected from damage and deterioration during handling, maintenance and storage. na
7.1.5.2/5.8
Requirement: Testing and measuring equipment shall be used under environmental conditions that are suitable for the calibrations,
ISO/API inspections, measurements, and tests being carried out. na
7.1.5.2/5.8

ISO/API Records shall be maintained supporting the results of calibration and verification.
na
7.1.5.2/5.8
Requirement: When used in the monitoring and measurement of specified requirements, the ability of computer software shall satisfy the
ISO/API intended application. na
7.1.5.2/5.8
Business Unit - Full Audit System
Observations Minor Major % Compliant
5 Product & Service Realization Activities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
5.1 Planning of Product Realization 9 1 8 0 9 0 9 94.4% 24200.0%
5.2 Contract Review 4 0 4 0 4 0 4 100.0% #DIV/0!
5.3 Review of Requirements Related to the Product 9 0 9 0 9 0 9 100.0% #DIV/0!
5.4 Customer Communication 5 0 4 0 4 0 4 100.0% #DIV/0!
5.5 Design and Development Planning 11 0 12 0 12 0 12 100.0% #DIV/0!
5.6 Design and Development Inputs 9 1 8 0 9 0 9 94.4% 24200.0%
5.7 Design and Development Outputs 7 0 7 0 7 0 7 100.0% #DIV/0!
5.8 Design and Development Review 5 4 1 1 4 0 5 0.0% 1250.0%
5.9 Design and Development Verification 2 0 2 0 2 0 2 100.0% #DIV/0!
5.10 Design and Development Validation 6 0 6 0 6 0 6 100.0% #DIV/0!
5.11 Control of Design and Development Changes 5 0 5 0 5 0 5 100.0% #DIV/0!
5.12 Purchasing Process 22 19 6 1 24 0 25 43.2% 2600.0%
5.13 Purchasing Information 5 1 5 0 6 0 6 90.0% 16100.0%
5.14 Verification of Purchased Product 5 0 5 0 5 0 5 100.0% #DIV/0!
5.15 Control of Production and Service Provision 0 0 28 0 28 0 28 NA NA
5.16 Validation of Processes for Production and Service 0 0 9 0 9 0 9 NA NA
5.17 Product Control Plan 0 0 7 0 7 0 7 NA NA
5.18 Identification & Traceabiltiy 0 0 6 0 6 0 6 NA NA
5.19 Customer Property 0 0 5 0 5 0 5 NA NA
5.20 Preservation of Product 0 0 7 0 7 0 7 NA NA
5.21 Control of Monitoring and Measuring Devices 0 0 17 0 17 0 17 NA NA
5.22 Inspection & Testing 0 0 7 0 7 0 7 NA NA
Totals 104 26 168 2 192 0 194 81.7% 13684.2%

% Compliant (Audit Score) % Compliant (Correction Score) Total Audit Score Total Correction Score
Scoring
30000.0%
24200% 24200%
25000.0%
86 - 100%
20000.0% 16100%
15000.0%
71 - 85%
10000.0%
5000.0% 1250% 100%
2600%
94% 100% 100% 100% 100% 94% 100% 100% 100% 43% 90% 100%
0 - 70%

Validation of Processes for Production and Service


0.0%
Review of Requirements Related to the Product

Control of Design and Development Changes

Control of Production and Service Provision

Control of Monitoring and Measuring Devices


Design and Development Verification

Design and Development Validation


Design and Development Planning

Design and Development Review

Verification of Purchased Product


Design and Development Outputs
Planning of Product Realization

Design and Development Inputs


Customer Communication

Identification & Traceabiltiy

Preservation of Product
Purchasing Information

Product Control Plan

Inspection & Testing


Purchasing Process

Customer Property
Contract Review

0%
COMPLY CORRECTION DATE
Measurement, Analysis and Improvement (MAI) LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

6.1 General
ISO/API *Requirement: Key Performance Indicators (KPI) shall be determined, measured; reported, and trend analyzed conducted on a continuous basis.
yes
10.1/6.1
ISO/API Requirement: Processes implemented for MAI shall demonstrate conformity of the product.
yes
10.1/6.1
ISO/API Requirement: Processes implemented for MAI shall ensure conformity of the quality management system.
yes
10.1/6.1
ISO/API Requirement: Processes implemented for MAI shall continually improve the effectiveness of the quality management system.
yes
10.1/6.1
Requirement: Processes implemented for MAI shall include the determination of applicable methods, including statistical techniques and the extent
ISO/API of their use. yes
10.1/6.1
6.2 Customer Satisfaction Doc. #
Requirement: A Customer Satisfaction Procedure shall be developed that addresses the documentation and frequency of measurements to meet
ISO/API customer requirements. mi
9.1.2/6.2.1

ISO/API Requirement: Customer Satisfaction Procedure shall address the method of documenting and obtaining customer feedback.
ob
9.1.2/6.2.1
ISO/API Requirement: Customer Satisfaction Procedure shall address key performance indicators.
na
9.1.2/6.2.1
Requirement: Customer Satisfaction Procedure shall address obtaining any additional information used to determine whether the facility has
ISO/API satisfied customers in meeting identified requirements. ob
9.1.2/6.2.1

ISO/API Requirement: Customer Satisfaction records shall be maintained.


ob
9.1.2/6.2.1
6.3 Internal Audit (IA) Doc. #
ISO/API Requirement: An Internal Audit procedure shall be developed to define responsibilities for planning, conducting, and documenting internal audits.
mi
9.2/6.2.2
Requirement: The Internal Audit Procedure shall address the planned intervals to determine the quality management system of outsourced activities
ISO/API that impact the quality of the product, and that are performed at the organization's facility. na
9.2/6.2.2
Requirement: The Internal Audit Procedure shall address the planned intervals to determine the quality management system conforms to planned
ISO/API arrangements. At least every 12 months for API yes
9.2/6.2.2

Requirement: Internal Audits shall be conducted at planned intervals to determine whether the quality management system conforms to the
ISO/API
requirements of ISO 9001: and/or API Q1. ob
9.2/6.2.2
Requirement: Internal Audits shall be conducted at planned intervals to determine whether the quality management system is effectively
ISO/API implemented and maintained. ob
9.2/6.2.2

Requirement: Internal Audits shall be conducted at planned intervals to determine whether the quality management system conforms to quality,
ISO/API
safety, and environmental management system of the organization. na
9.2/6.2.2
Requirement: Internal Audits shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well
ISO/API as the results of previous audits and criticality of the process(as) being audited. yes
9.2/6.2.2

ISO/API Requirement: Internal Audits shall define the audit criteria, scope, frequency, and methods.
ob
9.2/6.2.2
ISO/API Requirement: Auditors conducting the Internal Audits shall conduct audits ensuring objectivity and impartiality of the audit process.
yes
9.2/6.2.2
Requirement: A documented procedure shall be developed to address the responsibility and requirements for planning, conducting, reporting audit
ISO/API results and the method of maintaining audit records. yes
9.2/6.2.2
Requirement: Management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected
ISO/API nonconformities and their causes. mi
9.2/6.2.2

ISO/API Requirement: Audit follow-up activities shall include the verification of the actions taken and the reporting of verification results.
yes
9.2/6.2.2
COMPLY CORRECTION DATE
Measurement, Analysis and Improvement (MAI) LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

ISO/API Requirement: Audits shall be conducted by competent personnel.


yes
9.2/6.2.2
ISO/API Requirement: Audit follow-up activities shall include the validation of the actions taken and the reporting of validation results.
yes
9.2/6.2.2
ISO/API Requirement: Results of internal audits and the status of corrective actions shall be reported in the management review.
yes
9.2/6.2.2
ISO/API Requirement: The location and method of storage of Internal Audit records of internal audits shall be defined and maintained.
yes
9.2/6.2.2
COMPLY CORRECTION DATE
Measurement, Analysis and Improvement (MAI) LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

6.4 Monitoring and Measurement of Processes


ISO/API Requirement: Suitable methods shall be applied for monitoring and measuring, where applicable, of the quality management system processes.
yes
9.1.1/6.2.3
ISO/API Requirement: Monitoring and Measurement of methods shall demonstrate the ability of the processes to achieve planned results.
yes
9.1.1/6.2.3
Requirement: When Monitoring and Measurement of planned results are not achieved, correction (short term solution) actions shall be taken as
ISO/API
appropriate to ensure conformity of the product. mi
9.1.1/6.2.3
6.5 Control of Nonconforming Product Doc. #
Requirement: The facility shall identify the controls, related responsibilities, and authorities for addressing and documenting the nonconforming
ISO/API product. yes
8.7/5.10
Requirement: A Control of Nonconforming Product procedure shall address nonconforming product identified during product realization and shall
ISO/API address product identification to prevent unintended use or delivery. yes
8.7/5.10
Requirement: The Control of Nonconforming Product procedure shall identify during the product realization the detected nonconformity and taking
ISO/API action to preclude its intended use or delivery. yes
8.7/5.10
Requirement: The Control of Nonconforming Product procedure shall identify during product realization the methods authorizing its use, release, or
ISO/API acceptance under concession by the relevant authority and, where applicable, by the customer. yes
8.7/5.10
Requirement: The Control of Nonconforming Product procedure identifies after delivery the Identifying, Documenting, and Reporting of
ISO/API nonconformance's or product failures identified after delivery. mi
8.7/5.10

Requirement: The Control of Nonconforming Product procedure shall address the controls for the nonconforming product identified after delivery:
ISO/API Ensuring the analysis of product nonconformance's or failure, provided the product or documented evidence supporting the nonconformity is
ob
8.7/5.10 available to facilitate the determination of the case.

Requirement: The Control of Nonconforming Product procedure shall address the controls for the nonconforming product identified after delivery:
ISO/API Taking the appropriate action to the effects, or potential effects, of the nonconformance when the nonconforming product is detected after delivery.
ob
8.7/5.10

Requirement: The Control of Nonconforming Product procedure shall address how the organization shall perform one or more of the following:
ISO/API Repair or Rework with subsequent inspection to meet specified requirements of the nonconforming product. yes
8.7/5.10

Requirement: The Control of Nonconforming Product procedure shall address how the organization re-grades the product for alternative applications.
ISO/API
na
8.7/5.10

Requirement: The Control of Nonconforming Product procedure shall address how the organization releases the nonconforming product under
ISO/API
concession. yes
8.7/5.10

ISO/API Requirement: The Control of Nonconforming Product procedure shall address how the organization rejects or scraps the nonconforming product. ob
8.7/5.10
Requirement: When nonconforming product is detected after delivery or use has started, actions shall be taken appropriate to the effects, or
ISO/API potential effects, of the nonconformity. ob
8.7/5.10
Requirement: Relevant management and the customer shall authorize the release of the nonconforming product under concession when: Product
ISO/API continues to satisfy the applicable DAC and/or criteria. na
8.7/5.10
Requirement: Relevant management and the customer shall authorize the release of the nonconforming product under concession when: The
ISO/API violated MAC are categorized as unnecessary to satisfy the applicable DAC and/or customer criteria. na
8.7/5.10
Requirement: Relevant management and the customer shall authorize the release of the nonconforming product under concession when: The DAC
ISO/API are changed, and the products satisfied the revised DAC and associated MAC requirements. na
8.7/5.10

ISO/API Requirement: The customer shall be notified of product not conforming to DAC or contract requirements that have been delivered.
na
8.7/5.10
ISO/API Requirement: Records of the nature of nonconformities and any subsequent action taken shall include concessions obtained.
yes
8.7/5.10
COMPLY CORRECTION DATE
Measurement, Analysis and Improvement (MAI) LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED
ISO/API
yes
8.7/5.10
COMPLY CORRECTION DATE
Measurement, Analysis and Improvement (MAI) LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

6.6 Analysis of Data Doc. #


Requirement: The organization shall define the methods & techniques used to ensure the proper collection & analysis of data. The analysis shall
ISO/API demonstrate the suitability and effectiveness of the QMS. ob
9.1.3/6.3
Requirement: Appropriate data shall be determined, collected and analyzed to demonstrate the suitability and effectiveness of the quality, safety, and
ISO/API environmental management system in order to evaluate when continual improvement of the QMS can be made. yes
9.1.3/6.3
Requirement: The analysis of data shall include data generated as a result of monitoring and measurement, internal audits, management reviews,
ISO/API and from other relevant sources. yes
9.1.3/6.3

ISO/API Requirement: The analysis of data shall provide information relating to customer satisfaction.
ob
9.1.3/6.3
ISO/API Requirement: The analysis of data shall provide information relating to conformance to product requirements.
mi
9.1.3/6.3
Requirement: The analysis of data shall provide information relating to characteristics and trends of processes and products including opportunities
ISO/API for preventive action. ob
9.1.3/6.3

ISO/API Requirement: The analysis of data shall provide information relating to suppliers and their performance.
ob
9.1.3/6.3
Requirement: The analysis of data shall provide information relating to nonconformities and product failures identified after delivery or use, provided
ISO/API the product or documented evidence is available to facilitate the determination of the cause. ob
9.1.3/6.3

ISO/API Requirement: The analysis of data shall provide information relating to quality objectives.
ob
9.1.3/6.3
6.7 Continual Improvement
*Requirement: The effectiveness of the quality management system shall be continually improved throughout by the use of the quality policy, quality
ISO/API objectives, audit results, analysis of data, corrective and preventive actions and management review. yes
10.3/6.4.1

ISO/API *Requirement: Process improvement activities shall be implemented and are ongoing.
yes
10.3/6.4.1
6.8 Corrective Action Doc. #
ISO/API **Requirement: A process shall be developed and is being used to verify the effectiveness of any corrective action taken.
yes
10.2/6.4.2
ISO/API **Requirement: The response time for the submission of corrective action plans shall be identified.
yes
10.2/6.4.2
ISO/API Requirement: Actions shall be taken to eliminate the cause of nonconformities in order to prevent recurrence.
yes
10.2/6.4.2
ISO/API Requirement: Corrective actions appropriate to the effects of nonconformities shall be encountered.
yes
10.2/6.4.2
ISO/API Requirement: A documented procedure shall be established to define requirements for reviewing nonconformities, including customer complaints.
yes
10.2/6.4.2
ISO/API Requirement: A documented procedure shall be established to define requirements for determining the causes of nonconformities.
yes
10.2/6.4.2
Requirement: A documented procedure shall be established to define requirements for evaluating the need for action to ensure nonconformities do
ISO/API
not reoccur. yes
10.2/6.4.2

ISO/API Requirement: A documented procedure shall be established to define requirements for determining and implementing action needed.
yes
10.2/6.4.2
ISO/API Requirement: A documented procedure shall be established to define requirements for records of the result of action taken.
yes
10.2/6.4.2 Requirement: A documented procedure shall be established to define requirements for reviewing corrective action taken and update risks and
ISO/API opportunities determined during planning, if necessary
ob
10.2/6.4.2
COMPLY CORRECTION DATE
Measurement, Analysis and Improvement (MAI) LEVEL
RESPONSIBLE PARTY
TARGET DATE CORRECTED

6.9 Preventive Action Doc. #


API **Requirement: A process shall be developed and is being used to verify the effectiveness of any preventive action taken.
mi
6.4.3
API Requirement: Actions shall be determined to eliminate the causes of potential nonconformities in order to prevent their occurrence.
yes
6.4.3
API Requirement: Preventive actions appropriate to the effects of potential problems shall be determined and documented.
yes
6.4.3
Requirement: A documented procedure shall be established to define the requirement for evaluating the need for action to prevent the occurrence of
API nonconformities. yes
6.4.3

API Requirement: A documented procedure shall be established to define the requirement for determining potential nonconformities and their causes. yes
6.4.3

API Requirement: A documented procedure shall be established to define the requirement for determining and implementing action needed.
yes
6.4.3
API Requirement: A documented procedure shall be established to define the requirement for records of results of action taken.
yes
6.4.3
API Requirement: A documented procedure shall be established to define the requirement for reviewing preventive action taken.
yes
6.4.3
Business Unit - Full Audit System
Observations Minor Major % Compliant
6 Measurement, Analysis and ImprovementActivities Before After Before After Before After Correction
Audit Score
Correction Correction Correction Correction Correction Correction Score
6.1 General 5 0 5 0 5 0 5 100.0% #DIV/0!
6.2 Customer Satisfaction 4 3 5 1 4 0 5 0.0% 1433.3%
6.3 Internal Audit (IA) 14 3 13 2 14 0 16 46.4% 2780.0%
6.4 Monitoring and Measurement of Processes 3 0 3 1 2 0 3 0.0% 1250.0%
6.5 Control of Nonconforming Product 12 4 13 1 16 0 17 58.3% 4490.0%
6.6 Analysis of Data 9 6 3 1 8 0 9 33.3% 1925.0%
6.7 Continual Improvement 2 0 2 0 2 0 2 100.0% #DIV/0!
6.8 Corrective Action 10 1 9 0 10 0 10 95.0% 26900.0%
6.9 Preventive Action 8 0 8 1 7 0 8 62.5% 3500.0%
Totals 67 17 61 7 68 0 75 56.0% 3337.3%

Scoring % Compliant (Audit Score) % Compliant (Correction Score) Total Audit Score Total Correction Score

86 - 100% 30000.0%
26900%

71 - 85% 25000.0%

0 - 70% 20000.0%

15000.0%

10000.0%
4490%
5000.0% 2780% 3500%
1433% 1250% 1925%
100% 46% 58% 33% 100% 95% 63%
0.0%
0% 0%