ISO 9000:2000 Series TickIT Auditor/Lead Auditor Training ... - IRCA
ISO 9000:2000 Series TickIT Auditor/Lead Auditor Training ... - IRCA
ISO 9000:2000 Series TickIT Auditor/Lead Auditor Training ... - IRCA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Certification criteria for<br />
<strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> <strong>Series</strong> <strong>TickIT</strong><br />
<strong>Auditor</strong>/<strong>Lead</strong> <strong>Auditor</strong> <strong>Training</strong> Course
ights reserved. No part of this publication may be reproduced, stored in a retrieval<br />
All<br />
or transmitted in any form or by any means - electronic, mechanical,<br />
system<br />
recording or otherwise, without prior permission of the CQI International<br />
photocopying,<br />
of Certificated <strong>Auditor</strong>s (<strong>IRCA</strong>).<br />
Register<br />
Acknowledgements:<br />
Course Criteria have been prepared with the assistance of Ken Johnson C.Eng,<br />
These<br />
FCQI for the <strong>TickIT</strong> <strong>Auditor</strong> <strong>Training</strong> and Qualification Committee (TATQC), a joint<br />
FBCS,<br />
Computer Society/<strong>IRCA</strong> Committee.<br />
British<br />
March 01 First issue VD SF<br />
01/1<br />
November 00 Draft 1 KSJ SF<br />
00/1<br />
Copyright <strong>IRCA</strong> – 2001<br />
Rev Date Details TAM Director
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
CONTENTS<br />
1. INTRODUCTION<br />
2. LEARNING OBJECTIVES<br />
3. ENABLING OBJECTIVES – KNOWLEDGE & SKILLS<br />
4. TRAINING METHODS<br />
5. COURSE CONTENT<br />
6. COURSE DURATION<br />
7. TUTORS & DELEGATES<br />
8. VARIATIONS<br />
9. DELEGATE ASSESSMENT & EXAMINATION<br />
10. COURSE PUBLICITY & ADVERTISING<br />
APPENDIX 1: NOTES FOR GUIDANCE<br />
___________________________________________________________________________________<br />
Page 1 <strong>IRCA</strong>/2212/07/1 Jan 07
of the certification requirements common to all courses are detailed in Section 2 of<br />
Many<br />
Approval Requirements for Organisations Providing Certified <strong>Auditor</strong> <strong>Training</strong>. These<br />
<strong>IRCA</strong>/<strong>2000</strong>;<br />
course requirements are in addition to the requirements of <strong>IRCA</strong>/2212 and are mandatory.<br />
general<br />
is essential, therefore, that applicants for certification of, and existing providers of any <strong>IRCA</strong><br />
It<br />
<strong>TickIT</strong> <strong>Auditor</strong>/<strong>Lead</strong> <strong>Auditor</strong> training course are familiar with the requirements of<br />
certified<br />
<strong>IRCA</strong>/<strong>2000</strong>.<br />
completion of an <strong>IRCA</strong> certified <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> <strong>Series</strong> <strong>TickIT</strong> <strong>Auditor</strong>/<strong>Lead</strong> <strong>Auditor</strong><br />
Successful<br />
course will satisfy the training requirements for <strong>IRCA</strong> certification to all grades of Quality<br />
training<br />
<strong>Training</strong> Organisations which are approved by <strong>IRCA</strong> to provide this course may use the <strong>TickIT</strong> Logo 1<br />
<strong>TickIT</strong> name and logo are protected marks governed by the <strong>TickIT</strong> Logo Regulations.<br />
The<br />
of the Logo Regulations and the <strong>TickIT</strong> Guide are available from the DISC <strong>TickIT</strong> Office.<br />
Copies<br />
Standards Institution<br />
British<br />
Chiswick High Road<br />
389<br />
W4 4AL<br />
London,<br />
+44 (0)20 8996 7427<br />
Tel:<br />
+44 (0)20 8966 7429<br />
Fax:<br />
tickit@bsi-global.com<br />
email:<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
Management System (QMS) auditor, and for IATCA <strong>Auditor</strong> & IATCA Senior <strong>Auditor</strong>.<br />
1<br />
Internet: www.tickit.org<br />
___________________________________________________________________________________<br />
Page 2 <strong>IRCA</strong>/2212/07/1 Jan 07
These criteria have been prepared by the International Register of Certificated<br />
1.1<br />
(<strong>IRCA</strong>) to assist approved training organisations seeking certification of an<br />
<strong>Auditor</strong>s<br />
<strong>9000</strong>:<strong>2000</strong> <strong>Series</strong> <strong>TickIT</strong> <strong>Auditor</strong>/<strong>Lead</strong> <strong>Auditor</strong> training course. The criteria are in<br />
<strong>ISO</strong><br />
with the Uniform Requirements for the Provision of <strong>Auditor</strong> <strong>Training</strong><br />
accordance<br />
issued by the International <strong>Auditor</strong> and <strong>Training</strong> Certification Association<br />
Courses<br />
(IATCA).<br />
To satisfy the training requirements for initial certification as an <strong>IRCA</strong> <strong>TickIT</strong> auditor,<br />
1.2<br />
shall have successfully completed a training course, which has been<br />
applicants<br />
by <strong>IRCA</strong> as being in compliance with these criteria, within the three years<br />
certified<br />
to making application.<br />
prior<br />
The principal aim of this course is to equip delegates with the knowledge and skills<br />
1.3<br />
to perform audits of management systems against <strong>ISO</strong> 9001, in accordance<br />
required<br />
<strong>ISO</strong> 10011, or its successor; <strong>ISO</strong> 19011. All references in this document to <strong>ISO</strong><br />
with<br />
<strong>ISO</strong> 9001 and <strong>ISO</strong> 9004 are to the year <strong>2000</strong> issue versions unless otherwise<br />
<strong>9000</strong>,<br />
The training provided by this course shall, wherever practicable, be set in a software<br />
1.4<br />
Information Technology (IT) context (see Appendix 2). The primary reference<br />
and<br />
to be used for this purpose shall be <strong>ISO</strong> <strong>9000</strong>-3:1997 and the Issue 5<br />
documents<br />
Guide.<br />
<strong>TickIT</strong><br />
These criteria specify the requirements for training courses including the knowledge<br />
1.5<br />
skills to be covered during the course. It is mandatory that training courses are<br />
and<br />
and delivered in accordance with these criteria, although training<br />
designed<br />
may exercise flexibility in the inclusion of additional material, and in<br />
organisations<br />
Learning objectives describe in outline what delegates shall be able to do by the end<br />
2.1<br />
the course. Delegates will need to demonstrate acceptable performance in all of<br />
of<br />
areas in order to complete the course successfully, and training organisations<br />
these<br />
need to demonstrate a factual and objective approach to the assessment of<br />
will<br />
Describe the purpose of a quality management system and explain the 8<br />
2.1.1<br />
of quality management.<br />
principles<br />
Explain the purpose, content and interrelationship of <strong>ISO</strong> <strong>9000</strong>, <strong>ISO</strong> 9001,<br />
2.1.2<br />
9004 and <strong>ISO</strong> 10011 or its successor, <strong>ISO</strong> 19011.<br />
<strong>ISO</strong><br />
Interpret requirements of <strong>ISO</strong> 9001 in the context of an audit in a software<br />
2.1.3<br />
IT systems business environment using the guidance given in <strong>ISO</strong> <strong>9000</strong>-<br />
and<br />
Describe the roles and responsibilities of <strong>TickIT</strong> auditors and <strong>TickIT</strong> lead<br />
2.1.4<br />
auditors.<br />
Plan and conduct an audit in accordance with <strong>ISO</strong> 10011 or its successor,<br />
2.1.5<br />
19011, demonstrating ability to:<br />
<strong>ISO</strong><br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
1. INTRODUCTION<br />
stated.<br />
the structure and selection of specific training methods used during the course.<br />
2. LEARNING OBJECTIVES<br />
delegate performance.<br />
By the end of the course delegates will be able to:<br />
3 and the Issue 5 <strong>TickIT</strong> Guide.<br />
a) plan and prepare effectively<br />
___________________________________________________________________________________<br />
Page 3 <strong>IRCA</strong>/2212/07/1 Jan 07
gather objective evidence, through effective interviewing, observation,<br />
b)<br />
and note taking<br />
sampling<br />
analyse and interpret information in order to determine conformance<br />
c)<br />
requirements.<br />
with<br />
Report the audit, including writing valid, factual and value-adding non-<br />
2.1.6<br />
reports.<br />
conformity<br />
Undertake audit follow-up activities, including evaluating the effectiveness<br />
2.1.7<br />
corrective action.<br />
of<br />
order for delegates to achieve the overall learning objectives, they will need to acquire and<br />
In<br />
specific knowledge and skills. These are specified below as “enabling objectives” and<br />
develop<br />
Explain the purpose and business benefits of a quality management<br />
a)<br />
system.<br />
Explain <strong>ISO</strong> 9001 related concepts and terminology of quality<br />
c)<br />
systems, drawing on <strong>ISO</strong> <strong>9000</strong> definitions in a software<br />
management<br />
Explain the terms certification/registration and accreditation, describe<br />
d)<br />
certification/registration and accreditation processes and state the<br />
the<br />
and benefits of a certified/registered quality management<br />
purpose<br />
system.<br />
Explain the <strong>TickIT</strong> Uniform Accreditation Arrangements and the <strong>TickIT</strong><br />
e)<br />
Scheme.<br />
Sector<br />
Explain the purpose, content and interrelationship of <strong>ISO</strong> <strong>9000</strong>, <strong>ISO</strong><br />
a)<br />
<strong>ISO</strong> 9004 and <strong>ISO</strong> 10011 or its successor; <strong>ISO</strong> 19011.<br />
9001,<br />
Highlight, during the transition period, and in accordance with<br />
c)<br />
needs, the differences between the 1994 and <strong>2000</strong> versions of<br />
delegates’<br />
Describe the difference between auditable standards and guidance<br />
d)<br />
documents.<br />
Explain the intent and requirements of each clause of <strong>ISO</strong> 9001, drawing<br />
f)<br />
<strong>ISO</strong> 9004, <strong>ISO</strong> <strong>9000</strong>-3 and the Issue 5 <strong>TickIT</strong> Guide as appropriate to<br />
on<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
3. ENABLING OBJECTIVES – KNOWLEDGE & SKILLS<br />
can be considered as stepping-stones to the achievement of learning objectives.<br />
3.1 KNOWLEDGE<br />
By the end of the course delegates shall be able to:<br />
3.1.1 General<br />
b) Explain the 8 principles of quality management.<br />
and IT systems business environment.<br />
3.1.2 Standards<br />
b) Outline the process for the continuing development of these standards.<br />
<strong>ISO</strong> 9001.<br />
e) Describe the structure of <strong>ISO</strong> 9001.<br />
illustrate the broader intent of the <strong>ISO</strong> 9001 requirements.<br />
___________________________________________________________________________________<br />
Page 4 <strong>IRCA</strong>/2212/07/1 Jan 07
List the benefits of documenting a quality management system and<br />
g)<br />
approaches for doing so in a variety of situations but particularly<br />
suggest<br />
Explain the difference between legal compliance and conformance with<br />
h)<br />
standards.<br />
<strong>ISO</strong><br />
Differentiate between the scope of audit and the scope of <strong>ISO</strong> 9001,<br />
i)<br />
the <strong>TickIT</strong> component of the audit, and describe the basis on<br />
especially<br />
exclusion of <strong>ISO</strong> 9001 management system requirements might<br />
which<br />
permissible.<br />
be<br />
Describe the roles and responsibilities of <strong>TickIT</strong> auditors, <strong>TickIT</strong> lead<br />
a)<br />
auditees and guides, in accordance with <strong>ISO</strong> 10011 or its<br />
auditors,<br />
Explain the management responsibilities of the <strong>Lead</strong> <strong>Auditor</strong> in<br />
b)<br />
the audit and the audit team.<br />
managing<br />
Explain the need for effective communication with the auditee<br />
d)<br />
the audit process.<br />
throughout<br />
Be aware of the role of <strong>IRCA</strong> and IATCA in the approval of training<br />
e)<br />
and certification of auditors.<br />
courses<br />
Outline <strong>IRCA</strong> <strong>TickIT</strong> auditor certification requirements (<strong>IRCA</strong> 162<br />
f)<br />
refers).<br />
Describe typical forms of pre-audit contact and their purpose, including<br />
a)<br />
they might be appropriate.<br />
when<br />
State the purpose of a document review/stage one audit and describe a<br />
c)<br />
document review process and outputs.<br />
typical<br />
Identify objectives and considerations for an on-site, process-based, audit<br />
d)<br />
plan.<br />
Identify considerations for planning an audit of an activity for which<br />
f)<br />
are no documented procedures.<br />
there<br />
Explain how to approach a process audit, including audit of process<br />
a)<br />
outputs and results of the process in terms of outcomes and<br />
inputs,<br />
how process measures, quality objectives and continual<br />
explain<br />
would be addressed through such an audit.<br />
improvement<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
in a software and IT systems business environment.<br />
j) Explain the process approach to management systems.<br />
3.1.3 Audit process and responsibilities<br />
successor, <strong>ISO</strong> 19011.<br />
st nd rd<br />
in purpose and conduct between 1 , 2 and 3 c) Describe differences the<br />
audits.<br />
party<br />
g) Explain the need for auditor confidentiality.<br />
h) Outline the content and intent of the <strong>IRCA</strong> code of conduct.<br />
3.1.4 Audit planning<br />
b) Explain the purpose and significance of the audit scope.<br />
e) Explain the use, benefits and potential limitations of a checklist.<br />
3.1.5 Conducting the audit<br />
___________________________________________________________________________________<br />
Page 5 <strong>IRCA</strong>/2212/07/1 Jan 07
Describe the purpose of, typical content of, and attendees typically<br />
b)<br />
at audit meetings, including opening and closing meetings, audit<br />
present<br />
Explain the process of, and different methods for, gathering objective<br />
e)<br />
during an audit.<br />
evidence<br />
Explain the typical role of top management in an audit and suggest<br />
f)<br />
for auditing top management commitment.<br />
approaches<br />
Describe typical systems for grading non-conformity reports and the<br />
b)<br />
and further actions required for different grades of non-<br />
implications<br />
Explain the terms correction, corrective action and preventive action and<br />
c)<br />
the roles and responsibilities for taking and verifying corrective<br />
describe<br />
Identify types of objective evidence that may be required to demonstrate<br />
d)<br />
implementation of corrective and preventive action.<br />
effective<br />
Draw links between the 8 quality management principles and the<br />
a)<br />
of <strong>ISO</strong> 9001 particularly in a software and IT systems<br />
requirements<br />
Interpret and apply <strong>ISO</strong> 9001 appropriately in an audit situation with<br />
a)<br />
reference to <strong>ISO</strong> <strong>9000</strong>-3 and the Issue 5 <strong>TickIT</strong> Guide.<br />
particular<br />
Suggest what objective evidence might be needed to demonstrate<br />
b)<br />
with <strong>ISO</strong> 9001 requirements.<br />
conformance<br />
Identify activities and/or processes which organisations may be<br />
c)<br />
to exclude from their scope.<br />
permitted<br />
Undertake the roles of an auditor and audit team leader, including<br />
a)<br />
and co-ordination of the audit team.<br />
management<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
team meetings and auditee feedback/review meetings.<br />
c) Differentiate between documents and records.<br />
d) Describe the benefits and limitations of sampling.<br />
3.1.6 Reporting and follow up<br />
a) State the purpose and typical content of a non-conformity report.<br />
conformity.<br />
action.<br />
e) Explain the purpose of surveillance visits.<br />
3.2 SKILLS<br />
By the end of the course delegates shall be able to:<br />
3.2.1 General<br />
business environment.<br />
3.2.2 Standards<br />
3.2.3 Audit process and responsibility<br />
3.2.4 Audit planning<br />
a) Establish audit resource requirements.<br />
___________________________________________________________________________________<br />
Page 6 <strong>IRCA</strong>/2212/07/1 Jan 07
Prepare an on-site audit plan that is appropriate to the sequence and<br />
c)<br />
of the organisation’s processes.<br />
interaction<br />
Perform a document review or stage one audit in order to assess<br />
e)<br />
documentation meets <strong>ISO</strong> 9001 requirements and to determine<br />
whether<br />
adequate arrangements are in place to justify proceeding with<br />
whether<br />
implementation audit.<br />
the<br />
gain an understanding of the process, including its purpose, inputs,<br />
-<br />
controls and related quality objectives<br />
outputs,<br />
Demonstrate sensitivity to the needs and expectations of the auditee,<br />
c)<br />
local customs and culture.<br />
including<br />
Make sense of the information gathered in the context of <strong>ISO</strong> 9001 and<br />
d)<br />
audit organisation.<br />
the<br />
Evaluate objective evidence gathered and correctly identify conformance<br />
a)<br />
non-conformance with requirements.<br />
and<br />
Recognise and report positive audit findings and opportunities for<br />
b)<br />
improvements.<br />
Write and grade non-conformity reports based on objective evidence<br />
c)<br />
during the course of the audit.<br />
obtained<br />
Make recommendations for certification/supplier approval based on<br />
e)<br />
findings.<br />
audit<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
b) Write an audit scope.<br />
d) Produce an audit checklist.<br />
3.2.5 Conducting the Audit<br />
a) Participate in opening and closing meetings.<br />
b) Conduct an audit interview and demonstrate ability to:<br />
- control opening and closing meetings<br />
- use a checklist effectively and follow audit trails<br />
- build rapport with the auditee<br />
- question<br />
- listen<br />
- make notes<br />
- search documents<br />
- select sufficient and relevant samples<br />
- provide feedback to the auditee<br />
3.2.6 Reporting and follow up<br />
d) Write a meaningful and accurate summary of the audit.<br />
f) Present audit findings and recommendations to the client.<br />
___________________________________________________________________________________<br />
Page 7 <strong>IRCA</strong>/2212/07/1 Jan 07
Evaluate proposals for corrective action and differentiate between<br />
g)<br />
and corrective action.<br />
correction<br />
Courses shall be highly participative. <strong>Training</strong> methods selected should seek to<br />
4.1<br />
and engage delegates throughout the duration of the course.<br />
involve<br />
Knowledge-based sessions may be tutor led, but shall allow for some interaction<br />
4.2<br />
delegates, enabling tutors to test learning and delegates to clarify their<br />
with<br />
Skill-based content shall be addressed through the participation of all delegates in<br />
4.3<br />
practical activities.<br />
appropriate<br />
Skills content may be supported by tutor input sessions to address the underpinning<br />
4.4<br />
requirements, e.g., best practice techniques for running meetings,<br />
knowledge<br />
Methods for validating delegates’ achievement of the Learning Objectives (2.1.1 –<br />
4.5<br />
and for providing timely feedback to delegates shall be included in the course.<br />
2.1.7)<br />
Delegates shall participate in skills-based practical activities for a minimum of 50% of<br />
4.6<br />
course duration.<br />
the<br />
<strong>Training</strong> aids, such as videos, that are directly relevant may be used to supplement<br />
4.7<br />
training by the tutors. These may be commercial training videos or videos<br />
the<br />
during the course to record and review the performance of delegates. No<br />
produced<br />
than three hours of the total course time may be devoted to non-interactive,<br />
more<br />
Timekeeping, planning and programme management are essential elements in the<br />
4.8<br />
of an audit. Whilst <strong>IRCA</strong> recognises that effective training is responsive<br />
performance<br />
delegates’ needs, any deviations from the timetable shall be managed to ensure<br />
to<br />
all learning objectives are adequately covered and delegates kept informed of<br />
that<br />
changes. Tutors shall set a good example to delegates and maintain good<br />
significant<br />
and timekeeping throughout the course.<br />
discipline<br />
<strong>Training</strong> organisations shall submit session plans or tutor notes for each individual<br />
4.9<br />
session. These shall specify:<br />
training<br />
training methods or use of exercises etc. are optional, this shall be clearly<br />
Where<br />
in session plans.<br />
indicated<br />
At the beginning of the course presentation the course provider shall provide the<br />
5.1<br />
with a description of the learning objectives, course format and<br />
delegates<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
4. TRAINING METHODS<br />
understanding, as required.<br />
interview techniques etc..<br />
passive training aids.<br />
a) learning objectives for the session<br />
b) duration of the session<br />
c) nature of the activity and training method to be used<br />
d) organisational arrangements, tutor and delegate briefing details<br />
e) deliverables required from delegates for practical sessions<br />
f) materials, exercises and equipment required to run the session.<br />
5. COURSE CONTENT<br />
programme, delegate responsibilities and delegate evaluation processes and criteria.<br />
___________________________________________________________________________________<br />
Page 8 <strong>IRCA</strong>/2212/07/1 Jan 07
All aspects defined in Clause 2 Learning Objectives and amplified in Clause 3<br />
5.2.1<br />
Objectives.<br />
Enabling<br />
Local requirements, culture, practices or approaches to auditing and the<br />
5.2.2<br />
of <strong>ISO</strong> 9001 as appropriate for each country in which the course<br />
application<br />
The total course time devoted to direct instruction and to assigned team and<br />
6.1<br />
activities shall be at least 40 hours net, calculated as detailed in<br />
individual<br />
This course shall be presented over five consecutive days, unless otherwise<br />
6.2<br />
in writing by <strong>IRCA</strong>. The following considerations will be taken into<br />
authorised<br />
If the course is given through translators, the time shall be increased as necessary to<br />
6.5<br />
the learning objectives.<br />
satisfy<br />
The course shall be run with two designated tutors, both of whom shall be present<br />
7.2<br />
the full duration of the course. At least one tutor shall satisfy the requirements<br />
for<br />
a lead tutor as stated in <strong>IRCA</strong>/<strong>2000</strong>. Additional resources or trainee tutors may<br />
for<br />
used for specific activities, however the two tutors remain responsible for the<br />
be<br />
Where the number of delegates is 4 to 10 inclusive, the course may be run with one<br />
7.3<br />
tutor, who shall be present for the full duration of the course. That tutor<br />
designated<br />
In addition to fulfilling the requirements for tutors as detailed in <strong>IRCA</strong>/<strong>2000</strong>, tutors<br />
7.4<br />
be able to demonstrate a level of understanding of the <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> series of<br />
shall<br />
that at least meets the learning objectives as detailed in these criteria.<br />
standards<br />
tutors shall be thoroughly experienced in the principles and practices of QMS<br />
Both<br />
Requests for variations to any of these criteria, or in respect of any special<br />
8.1<br />
will be considered for approval on written submission by the<br />
circumstances,<br />
training organisation to <strong>IRCA</strong>. Any such request shall be made<br />
approved<br />
upon the reason for the variation request becoming apparent.<br />
immediately<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
5.2 The course shall cover:<br />
is presented.<br />
6. COURSE DURATION<br />
<strong>IRCA</strong>/<strong>2000</strong>.<br />
account by <strong>IRCA</strong> when evaluating any request for variation:<br />
a) reasons for the requested variation<br />
b) modifications to the training programme/schedule<br />
c) assessment of impact on the learning process.<br />
6.3 Although not mandatory, <strong>IRCA</strong> recommends that this course be residential.<br />
6.4 All delegates shall be in attendance for the full duration of the course.<br />
7. TUTORS & DELEGATES<br />
7.1 The number of delegates per course shall not exceed 20, nor be less than 4.<br />
entire presentation.<br />
shall satisfy the requirements for a lead tutor.<br />
management and audit in software and IT systems business environments.<br />
8. VARIATIONS<br />
___________________________________________________________________________________<br />
Page 9 <strong>IRCA</strong>/2212/07/1 Jan 07
There are TWO independent elements in the assessment of each delegate’s<br />
9.1<br />
of the learning objectives, both of which shall be satisfied if the delegate<br />
attainment<br />
assessment: Delegates will be required to demonstrate acceptable<br />
Continuous<br />
of performance in the 7 learning objectives (2.1.1 – 2.1.7) to<br />
achievement<br />
complete the course. Some of these requirements will be tested in the<br />
successfully<br />
but training organisations shall incorporate the testing of objectives<br />
examination,<br />
2.1.5 and 2.1.6 into formal continuous assessment processes. Refer<br />
2.1.3,<br />
<strong>IRCA</strong>/<strong>2000</strong>.<br />
written examination: Which shall be one of the <strong>IRCA</strong> set papers (reference<br />
A<br />
latest revision).<br />
<strong>IRCA</strong>/146<br />
Delegates shall sit a written examination of two hours duration using one of the<br />
9.2<br />
issues of <strong>IRCA</strong> set papers. The examination paper has four sections. All<br />
current<br />
shall be attempted, a maximum of 100 marks is available, and the pass<br />
questions<br />
shall be 70. Delegates shall be required to achieve at least 40% in each section.<br />
mark<br />
The approved training organisation may modify these examinations papers to reflect<br />
9.3<br />
software and IT business environment as indicated below, but shall not change<br />
the<br />
Minor changes in the wording may be made to reflect local language<br />
9.3.1<br />
differences<br />
Changes in wording to better reflect the specific context, e.g. the software<br />
9.3.2<br />
IT systems business environment. These changes shall NOT represent<br />
and<br />
The NCR form may be replaced by a similar form which is routinely used by<br />
9.3.3<br />
approved training organisation.<br />
the<br />
A maximum of 25% of each paper may be replaced as indicated below but<br />
9.3.4<br />
such that the structure of the paper is changed.<br />
NOT<br />
Section 1: May replace 5 of the 15 questions with alternative questions,<br />
a)<br />
to be worth 1 mark.<br />
each<br />
Section 2: May replace 2 of the 5 questions with alternative questions.<br />
b)<br />
questions will require a brief written answer, each of which will<br />
These<br />
Section 3: May replace 1 of the 3 questions with an alternative question.<br />
c)<br />
question will require a detailed written answer, and will be worth<br />
This<br />
Section 4: May NOT make changes except as permitted by clause 9.3.2<br />
d)<br />
i.e. change of context.<br />
above,<br />
Send to <strong>IRCA</strong> the alternative question (identifying clearly which<br />
b)<br />
it is intended to replace) and its solution for approval before it<br />
question<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
9. DELEGATE ASSESSMENT & EXAMINATION<br />
is to satisfactorily complete the course:<br />
the structure of the paper:<br />
substantive changes to either the question or the solution.<br />
be worth 5 marks.<br />
10 marks.<br />
9.3.5 On replacing a question, the approved training organisation shall:<br />
a) Provide a solution and marking scheme for the alternative question.<br />
is incorporated into <strong>IRCA</strong> examination papers.<br />
___________________________________________________________________________________<br />
Page 10 <strong>IRCA</strong>/2212/07/1 Jan 07
Course advertising and promotional literature shall not state or imply that this<br />
10.1<br />
satisfies more than the training requirements for certification as an <strong>IRCA</strong><br />
course<br />
Promotional material shall clearly state that, prior to the commencement of the<br />
10.2<br />
all delegates are expected to have some understanding of the content,<br />
course,<br />
and implementation of the <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> series of standards, <strong>ISO</strong> <strong>9000</strong>-<br />
application<br />
and the Issue 5 <strong>TickIT</strong> Guide.<br />
3<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
10. COURSE PUBLICITY & ADVERTISING<br />
<strong>TickIT</strong> auditor.<br />
___________________________________________________________________________________<br />
Page 11 <strong>IRCA</strong>/2212/07/1 Jan 07
3.1.2 f) requires that delegates be able to explain the intent and requirements of each<br />
Clause<br />
particularly in respect of software and IT systems businesses, and all clauses will be<br />
clause<br />
for inclusion in the examination. However, it is recognised that delegates may<br />
considered<br />
knowledge of <strong>ISO</strong> requirements before attending the course, either from previous<br />
have<br />
experience or pre-course work. <strong>Training</strong> organisations will not be expected to<br />
training,<br />
a clause by clause analysis of <strong>ISO</strong> 9001, but will need to satisfy themselves that this<br />
present<br />
2.1.3 requires delegates to interpret and apply <strong>ISO</strong> 9001 requirements in a software<br />
Clause<br />
IT systems business environment.<br />
and<br />
3.2.2 b) requires delegates to suggest what objective evidence might be needed to<br />
Clause<br />
requirements.<br />
satisfy<br />
requirements should be tested through practical exercises and it is recognised that<br />
These<br />
will only be able to gain this practical experience of very limited parts of <strong>ISO</strong> 9001.<br />
delegates<br />
organisations should use their judgement in deciding which requirements to<br />
<strong>Training</strong><br />
on in such practical activities.<br />
concentrate<br />
move to a process approach to auditing will have particular impact on the planning and<br />
The<br />
of audits. The following notes are for guidance and include considerations<br />
conducting<br />
· Audit plan includes all activities applicable to the scope of audit and the audit standard<br />
· Audit trails are established from top level policy to all relevant functions and levels in<br />
· Audit programme enables links between policy, objectives, targets, monitoring and<br />
· Audit programme reflects the structure, sequence and interrelationship of processes in<br />
· Audit programme is sufficiently flexible and enables objective evidence to be gathered<br />
· Audit programme reflects the organisation’s goals and priorities.<br />
· The purpose, inputs, outputs, controls and resources applicable to each process are<br />
· Links are established between processes and high level and local quality objectives.<br />
· The outputs of the process are compared with desired outcomes, the purpose of the<br />
· The steps in the process and associated responsibilities are determined, where<br />
· Inter-relating processes are identified.<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
APPENDIX 1: NOTES FOR GUIDANCE<br />
Coverage of <strong>ISO</strong> 9001<br />
objective is met.<br />
Process Auditing<br />
auditors may need to make when planning and conducting process audits.<br />
Planning the on-site audit:<br />
(e.g., <strong>ISO</strong> 9001 or the contract).<br />
the organisation.<br />
continual improvement to be established.<br />
the organisation.<br />
to verify activities and results.<br />
Conducting the audit:<br />
clear.<br />
process and any specific quality objectives.<br />
necessary.<br />
___________________________________________________________________________________<br />
Page 12 <strong>IRCA</strong>/2212/07/1 Jan 07
· Process measures are identified.<br />
· Evidence of continual improvement is sought.<br />
· Needs of internal and external customers are clear.<br />
in the year <strong>2000</strong> issue version of <strong>ISO</strong> 9001 have implications for the process of<br />
Changes<br />
review. In many instances it will not be possible to assess whether <strong>ISO</strong> 9001<br />
document<br />
are satisfied in principle from looking only at the quality manual and<br />
requirements<br />
<strong>Auditor</strong>s will need to take a more holistic approach to assessing the adequacy<br />
procedures.<br />
system documentation (not just procedures) and may perform part or all of this activity<br />
of<br />
<strong>Training</strong> organisations should reflect this more holistic approach in both input<br />
on-site.<br />
organisations will need to develop continuous assessment processes to assess<br />
<strong>Training</strong><br />
performance, as required in Clause 9.1. Such assessment processes should allow for<br />
delegate<br />
and objective evaluation, supporting the concept of factual decision making, and<br />
fair<br />
by appropriate records.<br />
supported<br />
· To assess the ability to plan for an audit, written audit plans and/or checklists might be<br />
Interactive skills of conducting an audit can be assessed by observing performance of<br />
·<br />
activities and assessing them against defined performance criteria (such<br />
these<br />
criteria could be based on the enabling objectives contained in this<br />
performance<br />
document).<br />
is intended that the assessment process will support the learning process with constructive<br />
It<br />
timely feedback given to delegates. Where practicable, training organisations may build<br />
and<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
Document Review<br />
sessions and exercises.<br />
Assessment of Delegate Performance<br />
Methods of assessment should be suitable for the activity being assessed, e.g.:<br />
evaluated against a marking scheme.<br />
in opportunities for delegates to improve and be reassessed.<br />
Session Plans<br />
A sample of a session plan is provided on the following page.<br />
___________________________________________________________________________________<br />
Page 13 <strong>IRCA</strong>/2212/07/1 Jan 07
of the session: To provide delegates with practical experience in preparing an audit<br />
Purpose<br />
checklist.<br />
exercise<br />
Introduce<br />
through the exercise brief, highlighting the following points:<br />
Talk<br />
to prepare a checklist that will enable the delegates to conduct an<br />
Task:<br />
process based audit of that area of the case study organisation.<br />
effective,<br />
If the delegates require further help on how to approach the exercise,<br />
·<br />
suggested steps that they might follow in order to accomplish<br />
highlight<br />
the output from this exercise is part of the formal continual<br />
Note:<br />
and will therefore be marked.<br />
assessment,<br />
exercise<br />
Run<br />
to monitor pairs regularly, and provide clarification, support and<br />
Tutors<br />
<strong>Lead</strong> a brief discussion of the exercise, i.e., how they went about it,<br />
·<br />
was easy/difficult etc. Draw out any general points observed by<br />
what<br />
Provide feedback to delegates on the results of the exercise and any<br />
·<br />
points for improvement at the earliest opportunity.<br />
further<br />
delegate<br />
Handout<br />
"preparing an<br />
brief:<br />
chart process<br />
Flip<br />
steps<br />
checklist<br />
Audit<br />
sheets<br />
pro-forma<br />
checklist<br />
Audit<br />
scheme<br />
marking<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
Sample Session Plan<br />
SESSION PLAN<br />
Course Title: <strong>ISO</strong> 9001: <strong>2000</strong> <strong>TickIT</strong> <strong>Auditor</strong>/<strong>Lead</strong> <strong>Auditor</strong><br />
Session Title: Preparing an audit checklist Session Number: 6 Duration: 1 hr 30 mins<br />
Objectives:<br />
Learning<br />
Identify documents and sources of information required to produce a checklist.<br />
q<br />
q<br />
Produce an audit checklist to be used in audit practical later in the course.<br />
Tutor Notes: <strong>Training</strong> Activities and Methods<br />
Materials<br />
and Equipment<br />
Introduction<br />
· Explain that this session builds on the previous session in which the<br />
OHP session 6 intro<br />
preparation of an audit checklist was discussed and demonstrated.<br />
· Opportunity to try it out in practice.<br />
audit checklist"<br />
Process:<br />
· Pairs exercise.<br />
the task.<br />
Output:<br />
· Audit checklist (either on the pro-forma sheets, or using any format<br />
preferred by the delegates)<br />
· A list of the documents and sources of information used in the<br />
preparation of the checklist.<br />
coaching as required.<br />
Time for exercise: 1 hour<br />
Feedback from exercise<br />
· Collect output from delegates<br />
tutors during the exercise.<br />
Marking exercise<br />
· Mark each submission in accordance with the marking scheme.<br />
___________________________________________________________________________________<br />
Page 14 <strong>IRCA</strong>/2212/07/1 Jan 07
Establishing requirements, including implied requirements<br />
1.<br />
Application of <strong>ISO</strong> 9001 to in-house development<br />
2.<br />
Overview of software development and testing methods, including RAD<br />
3.<br />
Planning and risk management<br />
4.<br />
Reviews<br />
5.<br />
Verification, Testing, Validation, Field Testing and Acceptance Testing<br />
6.<br />
Process/product monitoring and measurement<br />
7.<br />
Configuration Management<br />
8.<br />
Backup, Security and Archiving<br />
9.<br />
Contemporary Issues (e.g. Security management, Outsourcing, Facilities<br />
10.<br />
screen-based quality systems)<br />
Management,<br />
Current Quality Initiatives (e.g. EFQM, CMM, <strong>ISO</strong>/IEC TR 15504, Bootstrap)<br />
11.<br />
Established and more recent National and International Standards in the IT Sector<br />
12.<br />
<strong>ISO</strong> 12207, <strong>ISO</strong> 9126, <strong>ISO</strong> 14598, BS 7799 and TL<strong>9000</strong>,)<br />
(e.g.<br />
about and discussion of the above topics may be introduced through examples<br />
Information<br />
the course material, exercises, tutorial sessions, handouts and videos. (See Clause 1.5<br />
in<br />
references have been made to <strong>ISO</strong> <strong>9000</strong>-3:1997, the guidance material therein must<br />
Where<br />
related to <strong>ISO</strong> 9001:<strong>2000</strong> using Annex B, Table B.1<br />
be<br />
course providers may use Part E of the Issue 5 <strong>TickIT</strong> Guide as this contains the<br />
Alternatively,<br />
of the <strong>ISO</strong> <strong>9000</strong>-3:1997 material allocated as appropriate to each clause of <strong>ISO</strong><br />
majority<br />
is likely that <strong>ISO</strong> <strong>9000</strong>-3:1997 will be revised and re-issued in 2001/2. In which case, the<br />
It<br />
in the revised standard will take precedence over <strong>ISO</strong> <strong>9000</strong>-3:1997 and the Issue 5<br />
guidance<br />
CERTIFICATION CRITERIA FOR THE <strong>ISO</strong> <strong>9000</strong>:<strong>2000</strong> SERIES TICKIT AUDITOR TRAINING COURSE<br />
__________________________________________________________________________________<br />
APPENDIX 2: NOTES FOR <strong>TickIT</strong> SECTOR GUIDANCE<br />
Recommended topics for inclusion in the context of software and IT auditing<br />
above).<br />
9001:<strong>2000</strong>.<br />
<strong>TickIT</strong> Guide.<br />
___________________________________________________________________________________<br />
Page 15 <strong>IRCA</strong>/2212/07/1 Jan 07