Experience auditing Information System ISO 9001:2000 based

Once upon a time I was assigned to audit the office of Information Systems in Regional / branch in east Java on assignment from my boss at headquarters - Central Jakarta.

Previously we had four in the Laboratory Information System was given in depth training about:

- "Effective Internal Audit and Corrective / Preventive Action" which was held by the Business Excellence.

- Intensive ISO 9001:2000 Internal Quality Auditor Skills Training organized by the PQM.

Important elements of the audit:

- SOP
- IK (Work Instruction)
- Log
- Document
- MoU

Audit Preparation:
- Checklist, which includes pertanyaan2 will check with the auditee in accordance with the applicable SOPs in place of the auditee.

The steps in the audit that is done:

- Opening Ceremony, is an introduction between auditors and auditees as well as a request for permission to audit the auditors.

- Checking the Document, Please note there is a clause in the ISO inspection documents that must be met, namely:

* Clausul 4.2.3 Document Control: how do (standards) organizations to control all quality documents circulating in the Quality System. How does the filing method, the revision / amendment, distribution, withdrawal, communication / socialization, and approval of documents in the organization.

* Clausul 4.2.4 Quality Control Notes: how do (standards) organizations to control the quality of notes in circulation. How long should be retained (retention), where, what to do after passing through the store.

* Clausul 8.2.2 Internal Quality Audit: how to (standard) organization to implement an Internal Quality Audit process, from planning, execution, reporting, repair action, up to verification.

* Clausul 3.8 Control Products Not Available: on how to (standard) organization if it finds the product that is not compliant (NC / Non Conformity), both within the organization and after continued into the process / organization outside of our organization.

* Clausul 8.5.2 Corrective Action: how organizations to implement corrective action if it finds any problems or lack of compliance, ranging from problem identification, root problems, solutions, until verification.

* Clausul 8.5.3 Precautions organization how to improve the performance of its Quality System continually through the identification of potential problems and ideas for improvement.

Clausul This is the basis, including IT systems auditing.


- Type of document most of my first check is SOP. SOP seen clearly in the existing work procedures in the IT department. I live to see the SOP compliance with reality on the ground everyday.

- If there are steps that do not fit, the same error over and over again as I enter the NC / Non Conformity. if only a small part of the sub systems are categorized as observations only.

- Check us in the audit is a question that had been prepared earlier in Cehcklist. confirmation of each question by writing the answer on the question.

- Sometimes need to see the lack of shrewdness Auditor SOP compliance.

- Once is enough time to conduct audits (as scheduled) further preparations to make the internal quality audit reports.

- Before the closing ceremony, the audit report to confirm it (Process Owner) process owner. whether the findings were acknowledged by the owner of the process. can in protest but usually finding the right is recognized and we provide corrective action.

- Closing Ceremony, closing the audit process, which was attended by leaders of branches and staff. well say goodbye to return to headquarters.

Basically the audit was not to find fault, but to help organizations improve the system becomes better.