ISO 28000 Internal Audit Checklist wanted

Elsmar Forum Sponsor
#3
Hi !

I'm looking for a ISO28000 Internal Audit checklist. Anyone happen to have one ?

Cheers,
As with just about all other ISO standards which require internal audits, audit checklists based on the ISO standard have minimal benefit. You'd be best advised to develop your own, based on the actual management system policies, processes, procedures, risks etc that your organization has developed.

Taking the standard's requirements and turning them into 'yes' and 'no' type questions isn't a very effective audit toll, IMHO...
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#4
I disagree. Checklists can easily be a part of internal audits.

The next time you board an airplane you should be happy the pilots use checklists. Vilifying check lists doesn't help. As a licensed pilot I wouldn't get in a cockpit without one.

Checklists can also be part of the learning experience. Not everyone has been working with (for example) ISO 9001 for 15 to 20 years.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#5
As with just about all other ISO standards which require internal audits, audit checklists based on the ISO standard have minimal benefit. You'd be best advised to develop your own, based on the actual management system policies, processes, procedures, risks etc that your organization has developed.

Taking the standard's requirements and turning them into 'yes' and 'no' type questions isn't a very effective audit toll, IMHO...
I disagree. Checklists can easily be a part of internal audits.

The next time you board an airplane you should be happy the pilots use checklists. Vilifying check lists doesn't help. As a licensed pilot I wouldn't get in a cockpit without one.

Checklists can also be part of the learning experience. Not everyone has been working with (for example) ISO 9001 for 15 to 20 years.
Both of you are correct. The usefulness of a generic checklist like the one Ted graciously shared depends pretty much on the stage of the journey the organization is.

If an organization just embarked on the journey of implementing ISO 28000, a generic checklist is very useful to basically determine glaring gaps. As the system matures, generic checklists lose their effectiveness, and, as Andy mentioned, it is critical for the organization to delve in terms of conformance and effectiveness of their own operational controls and specific processes.
 
#6
I disagree. Checklists can easily be a part of internal audits.

The next time you board an airplane you should be happy the pilots use checklists. Vilifying check lists doesn't help. As a licensed pilot I wouldn't get in a cockpit without one.

Checklists can also be part of the learning experience. Not everyone has been working with (for example) ISO 9001 for 15 to 20 years.
I'm not saying don't use a checklist - just that using one based solely on the ISO requirements isn't appropriate for an internal audit! I'm not vilifying checklists..I use them myself. The reality is that many audit programs begin with the ISO requirements and never get past that. Internal auditors go around asking questions which are the requirements rephrased as a question and no-one knows how to answer them! Result? Ineffective audits!
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#7
That is the result of the auditor not being trained effectively. It has nothing to do with whether they use a checklist or not. A company expecting effective internal audits won't get them if the auditor isn't trained (or in some way qualified) to do internal audits.
 
#8
That is the result of the auditor not being trained effectively. It has nothing to do with whether they use a checklist or not. A company expecting effective internal audits won't get them if the auditor isn't trained (or in some way qualified) to do internal audits.
This is true - whatever tool you put in their hands will not be effective. I'm also reminded of the 'bad old days' of QS-9000, when good auditors were told to use the QSA, which was one of the sames 'turn-the-standard-into-questions' checklists - which drove good auditors into bad habits!

Hopefully, the OP will have had/get some training on effective auditing...
 
K

KTSiow

#9
Thank You for the prompt reply. Does anyone has a copy of the ISO19011 standard ? I'm trying to create an integrated audit checklist that addresses the ISO requirements for ISO9001, 14001 and 28000.

Cheers,
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#10
The ISO 19011 standard is a copyrighted document. We do not allow sharing of, or even asking for, copies of copyrighted documents here.

Thank you.
 
Thread starter Similar threads Forum Replies Date
MichaelDRoach Oganization's Self Declaration of Conformance to ISO 28000 wording example wanted Supply Chain Security Management Systems 1
B ISO 28000 Implementation Gantt Chart Supply Chain Security Management Systems 5
E Certification of ISO 28000 Lead Auditors - Which organisations are actually qualified Supply Chain Security Management Systems 3
D I wish to know about ISO 28000, ISO 14001 and OHSAS 18001 Other ISO and International Standards and European Regulations 7
Marc ISO 28000 - Supply Chain Security Management Systems Supply Chain Security Management Systems 0
Sidney Vianna ANAB Accreditation Program for ISO 28000 for Supply Chain Security. Any interest? Other ISO and International Standards and European Regulations 0
C ISO/ PAS 28000 Implementation Guide - I'm interested in its risk based approach Other ISO and International Standards and European Regulations 4
Sidney Vianna ISO 28000 - Specification for security management systems for the supply chain Supply Chain Security Management Systems 3
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
P ISO 13485:2016 MDSAP Certification Fee Survey ISO 13485:2016 - Medical Device Quality Management Systems 2
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
C SOP Template needed for ISO 13485 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 4
T ISO 13485 8.3 - Non-Conforming Materials - on-line rework or part of process? ISO 13485:2016 - Medical Device Quality Management Systems 11
T ISO 9001 8.5.2. - Identification and traceability to Identify Outputs - Services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
T Outsourced process in ISO 45001 Occupational Health & Safety Management Standards 2
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
M Gap analysis on ISO 14971:2019 with previous revision ISO 14971 - Medical Device Risk Management 2
T ISO 9001:2015 - Small Shop ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T ISO 17025:2017 requirement 5.7.b. about maintenance the integrity of the management system ISO 17025 related Discussions 1
M ISO 9001:2015 case study sample ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Sample of Nonconformity report for ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Q ISO 9001 8.5.1 - Control of production and service performance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
B Do IFU designs have to be document controlled under ISO 13485? Document Control Systems, Procedures, Forms and Templates 1
H ISO 13485 - Separate Microbiology Audits ISO 13485:2016 - Medical Device Quality Management Systems 3
M Case study help as per ISO 9001: 2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
M Case study solution help required as per ISO 9001 : 2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C Production and Post Production feedback - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 4
T ISO 13485 - 5.5.1 Responsibility and authority - Small Company Independence ISO 13485:2016 - Medical Device Quality Management Systems 13
A Refusal to discuss ISO 9001 obligations... what to do? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
A What does this sentence "this symbol shall be used in the orientation shown" mean in ISO 780:2015? Other Medical Device Related Standards 4
B Can we be ISO 9001 certified without a physical office? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D Test summary report example for design validation wanted - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 1
J Informational ISO 24971:2020 Released ISO 14971 - Medical Device Risk Management 0
S ISO 45001 and outsourcing the transporation of products Occupational Health & Safety Management Standards 3
S Documenting Design Verification Test Results (ISO 9001) Design and Development of Products and Processes 1
A Question on ISO 14001:2015 - Are annual audits required? ISO 14001:2015 Specific Discussions 8
N Which EN ISO 17664 version compliance to EU MDR? Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 3
Sidney Vianna Informational New edition of ISO 29001 released (June 2020) Oil and Gas Industry Standards and Regulations 0
R Who is the customer in the ISO/IEC 17025:2017? ISO 17025 related Discussions 1
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
L Combining 3 ISO 9001 registrations into 1 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
C Compliance with ISO 17025 requirement 8.4.2 - Controls - Records recovery ISO 17025 related Discussions 4
N EN ISO 13640:2002 vs EN ISO 23640:2011 Other Medical Device Related Standards 1
O ISO 13485 vs. GMP - Comparison matrix wanted EU Medical Device Regulations 0
K ISO 15223-1 Do Not Reuse and Do Not Resterilize Other Medical Device Related Standards 5
A ISO 10002:2018 Checklist Needed (Complaints Handling) Customer Complaints 5
N Sampling Plan for Internal Audits - ISO 2859 or 3951 - Or Neither? Internal Auditing 6
O ISO 13485 - Is management review required before stage 1? ISO 13485:2016 - Medical Device Quality Management Systems 6
BeaBea ISO 9001 Customer Feedback Methods - What has worked for your company? Service Industry Specific Topics 16
Similar threads


















































Top Bottom