AUDITOR GUIDELINES 1 Overview of Audit Process

1 AUDITOR GUIDELINES . 1 overview of audit process The flow chart below shows the overall Process for auditors carrying out audits for IMS. International. Stages within this Process are detailed further in this document. Scheme Documents for specific schemes, AS 9100, ISO 14001 & BS 18001 may detail additional or alternative requirements. Responsibilities Supporting Inputs Receive AAA, AUDITOR Appointment Sign and return to Administration Acknowledgement IMS with Audit (Form 3). report Send completed Receive client's Document Operations Document review Documented Review Yes Manager report to IMS Management System required?

2 From IMS. No Receive and review Stage 1, Stage 2, Operations previous Audit report Surveillance or Manager and CAP's if Reassessment applicable Prepare and send See Section to IMS appropriate AUDITOR IMS to forward onto completed Audit client Plan (Form 4). Audits to be planned and undertaken in See section AUDITOR accordance with Undertake Audit IMS requirements and provisions of ISO 19011. Complete Audit See section AUDITOR report form Where required, Refer Auditee to IMS. AUDITOR Auditee send Website for guidance corrective action on completing plan to IMS Admin IMS Manages Audit informed of Administration Certification outcome Process 2 AUDITOR Requirements Doc 05 / 13 Page 1 of 15.

3 AUDITOR GUIDELINES . General Before undertaking any Audit for IMS, an AUDITOR must undertake the following: Supply a copy of and all relevant certificates to IMS to enable identification of competent scope areas;. Complete Form 30, AUDITOR Competence Record;. Scope Review forms and Risk Assessments completed;. Read the IMS Quality Manual, Quality Policy and relevant IMS Scheme Documents;. Read IMS Auditee GUIDELINES ;. Read IMS procedures for certification, confidentiality and AUDITOR training (Proc 6, Proc 7 and Proc 11);. Sign Contractor Agreement. Competence All auditors and technical experts used by IMS are regularly monitored, including via observed assessments, post Audit reviews, to ensure continued competence and to identify training needs.

4 The procedure for this is set out in Proc 11. auditors are also required to keep IMS informed of any training they undertake independently, and to provide copies of certificates as appropriate. All auditors will be required to have read ISO 19011 (the new GUIDELINES for QMS and/or EMS auditing), and to have passed an IRCA-registered lead AUDITOR course, or other relevant training programme. IRCA registration is desirable, though not essential. Competence requirements for auditors and technical experts have been defined for all technical areas in which IMS provides certification services. All auditors and technical experts used by IMS have been assessed in terms of their competence for each technical area, and auditors and technical experts are assigned with reference to this.

5 Any concerns of auditors regarding their competence assessment, or their competence for any specific assignment should be referred to Head Office. auditors must have passed and IRCA-Registered Lead AUDITOR course to ISO 9001:2000. TickIT if auditing under the TickIT scheme, in addition to the competencies stated above the AUDITOR must also have knowledge of The TickIT Guide . auditors for schemes other than ISO 9001 will also need to satisfy any scheme-specific requirements as detailed in the relevant IMS Scheme Document. Doc 05 / 13 Page 2 of 15. AUDITOR GUIDELINES . 3 Audit Process Confidentiality and Impartiality auditors are required to ensure that any information gained as a result of work undertaken for IMS International is not disclosed to any third party unless such information is public knowledge, or disclosure is required by law.

6 This includes all and any information relating to IMS International, the auditee or the auditee's customers. IMS International's procedures, documentation and software are protected by copyright and should not be shared with unauthorised parties. When signing the AUDITOR Acknowledgement letter for an Audit , auditors must make known any matter that could compromise their impartiality or objectivity. In particular, auditors should not have carried out any consultancy work for the client in the previous three years. Doc 05 / 13 Page 3 of 15. AUDITOR GUIDELINES . Document Review Responsibilities Supporting Inputs Receive AAA, AUDITOR Appointment Sign and return to AUDITOR Acknowledgement IMS with Audit (Form 3).

7 Report Receive AUDITOR Documented Electronic or Paper Management System from IMS. Compare against ISO 9001, 14001, AS. AUDITOR relevant standards 9100, AS 9120, BS. and GUIDELINES 18001 etc Raise Non- conformances and AUDITOR Observations as appropriate Complete Audit Form 9A. AUDITOR report form Send to IMS. Administration AUDITOR NC's Raised? Yes Audit report should detail NC's submitting AUDITOR and specify evidence or closed out verification during the Audit Process No Liaise with client Keep IMS. AUDITOR to close out NC's if Administration up to necessary date with progress Proceed to next AUDITOR Audit as necessary Doc 05 / 13 Page 4 of 15.

8 AUDITOR GUIDELINES . Audit Planning auditors are responsible for planning audits, and ensuring that the client receives an Audit plan at least 10 working days before the day of the Audit . In preparing the Audit plan, the AUDITOR should consider the following: Initial Audits should cover all relevant aspects of the standard against which the client is being assessed;. The Visit Planner table within the Audit Report (Form 9) identifies areas of the relevant standard that must be covered at every surveillance visit;. All other areas of the relevant standard must be covered at least once during the three-year surveillance cycle.

9 For Initial Audits, the AUDITOR should use the client's Management System documentation to identify areas for specific focus, to determine appropriate timescales and identify relevant people to interview during the Audit ;. For Surveillance Visits, auditors should consider previous Audit reports, including non-compliances and observations raised, and in particular areas identified for checking on the Visit Planner table in order to determine areas to focus on during the Audit ;. auditors should also plan the Audit to ensure that all relevant parts of the auditee's business covered by the scope and proposed certificate are covered.

10 This should also take account of multiple locations where appropriate;. The AUDITOR should send the appropriate completed Audit Plan template (Form 4) to IMS Administration at least 14 working days before the Audit ; Administration shall forward a copy to the client. The plan should, as a minimum, give the proposed timescales for the Audit , identify which areas each AUDITOR will be covering, and give the auditee a clear idea of which staff will be required and when. The Audit Plan should be considered as a useful tool for both the Audit team and the auditee, but should not be seen as set in stone.