8.2.2 correlates to the old 4.17 of ISO 9001:1994. The new standard states that your company must plan and conduct periodic internal audits to determine whether your quality management system:
a) Conforms to the ISO 9001:2000 standard, and
b) Has been effectively implemented and maintained.
Your company may take into consideration the status and importance of the activities and areas to be audited and the results of previous audits when planning your audit program. You must define the audit scope, frequency and methodologies. Your audits must be conducted by someone other than the personnel who perform the activity being audited.
You must also have a documented procedure that includes the responsibilities and requirements for conducting audits, ensuring the audit is independent, recording the results of the audit and reporting the results of the audit to management.
ISO 9001:2000 Requirements
8.2.2 Internal Audit
NOTE: There are no new requirements in Internal Audit from the 1994 version.
The company shall conduct internal audits at planned intervals to determine whether the quality management system
a) Conforms to the planned arrangements (see 7.1), to the requirements of ISO 9001:2000 and to the quality management system requirements established by the company, and
b) Is effectively implemented and maintained.
An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process.
Auditors shall not audit their own work.
The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure.
The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results (see 8.5.2).
NOTE See ISO 10011-1, ISO 10011-2 and ISO 10011-3 for guidance.
ISO 19011 - Quality and Environmental Management Systems Auditing Forum Discussions