Auditor Competence

The ISO 17021 conformity assessment standards state the requirements for bodies providing audit and certification of management systems. ISO 17021-3:2017 provides the competence requirements for auditing and certification of “quality” management systems.

If you are a certification body auditor, do you have this knowledge? If you are an internal auditor, shouldn’t you possess the same level of knowledge?

Fundamental concepts and quality management principles

Each Quality Management System (QMS) auditor must have knowledge of:

a) fundamental concepts and quality management principles and their application;
b) terms and definitions related to quality management;
c) process approach, including related monitoring and measurement;
d) role of leadership in an organization and its impact on the QMS;
e) application of risk-based thinking, including the determination of risks and opportunities;
f) application of the PDCA (Plan, Do, Check, Act) cycle;
g) structures and interrelationships of documented information specific to quality management;
h) quality management related tools, methods, techniques, and their application.

Context of the organization

The audit team must have business sector knowledge to determine whether an organization has appropriately determined:

a) external and internal issues, relevant to its purpose and its strategic direction, and that affect its ability to achieve the intended results of its QMS;
b) needs and expectations of interested parties relevant to the organization’s QMS, including the requirements for the products and services of the organization;
c) boundaries and applicability of the QMS to establish its scope.

NOTE: A business sector is understood to be the economic activities covering a broad range of related technical areas.

Client products, services, processes, and organization

The audit team must have knowledge of:

a) terminology and technology specific to the technical area;
b) statutory and regulatory requirements applicable to the product or service specific to the technical area;

NOTE: Statutory and regulatory requirements can be expressed as legal requirements.

c) characteristics of products, services, and processes specific to the technical area;
d) infrastructure and environment for operation of processes affecting product and service quality;
e) provision of externally provided processes, products and services;
f) impact of organization type, size, governance, structure, functions and relationships on development and implementation of the QMS, its documented information, and certification activities.

You can order ISO 17021-3:2017 at this ISO web page for about $40.