Mock Exam

Question 1

Which three best describe the ‘Do’ phase in the PDCA cycle according to ISO 9001:2015? (2 Marks)

A. Implement the established plans.

B. Monitor and measure processes.

C. Execute tasks based on resources allocated.

D. Create a plan to capture identified opportunities.

E. Act on feedback received.

F. Ensure alignment with the organization’s policies.

Answer 1

Correct Answer:A, C, F

Explanation:The ‘Do’ phase emphasizes implementing what was planned, executing tasks, and ensuring policy alignment.

Question 2

Audit concepts and auditor responsibilities

Select three roles from the list below that are commonly involved in the audit process according to ISO 19011-2018: (1 Mark)

A. Management representative

B. Audit supplier

C. Lead auditor

D. Observer

E. Audit reviewers

F. Guides

Answer 2

Correct Answers:A, C, F

Explanation:

The “Management Representative” is the main contact for the audit team within the auditee’s organization, making option A correct.

“Lead auditor” has the responsibility to lead and manage the audit, thus option C is correct.

“Guides” assist the audit team, especially with logistical arrangements, making option F correct.

Question 3

In the context of auditor responsibilities, select four factors that should be considered when identifying the appropriate personnel for the audit: (2 Marks)

A. Personal preferences of the auditee.

B. Auditor’s knowledge of the relevant management system discipline.

C. Familiarity with the organization’s competitors.

D. Awareness of the industry sector specific context.

E. Auditor’s previous audit findings.

F. Knowledge of relevant regulations and legislation.

Answer 3

Correct Answers:B, D, E, F

Explanation:

An auditor’s knowledge of the management system discipline ensures that they understand the specific domain they are auditing, making option B correct.

Awareness of the industry sector specific context ensures that the audit is relevant and contextual, making option D correct.

Auditors should consider previous audit findings to ensure continuity and follow-up on past issues, making option E correct.

Knowledge of relevant regulations and legislation ensures that the audit addresses all legal and statutory requirements, making option F correct.

Question 4

You are a 3rd party auditor planning to audit “EcoAuto,” a company specializing in electric vehicles. While reviewing their provided internal audit reports in preparation for the audit, you notice that the reports lack any evidence of management review or follow-up actions.

What should you do in this case?(1 Mark)

A. Exclude internal audit reports from the scope of your audit.

B. Delay the audit until EcoAuto can provide complete internal audit reports.

C. Request EcoAuto to provide evidence of management review prior to the audit.

D. Proceed with the audit but consider this as a potential area for nonconformity.

E. Report EcoAuto to the certification body for failing to provide complete documents.

Answer 4

Correct Answer: C

Explanation:Requesting EcoAuto to provide evidence of management review prior to the audit aligns with the need for preparedness and verifying compliance with ISO 9001:2015, Clause 9.3.3. This step ensures that you have all necessary documented information for a comprehensive audit.

Question 5

You are leading an audit for a global e-commerce company, WebShop, which has data centers in multiple countries. During the planning phase, you are informed that one of the data centers in Europe is under investigation for not complying with local data protection laws.

What is the most suitable action for you to take as the audit team leader?(2 Marks)

A. Exclude the European data center from the audit scope and proceed as planned

B. Postpone the audit until the investigation is complete.

C. Replace the European data center with another area of focus within the company that has similar risks.

D. Continue with the audit as planned, including the European data center.

E. Cancel the audit as the investigation poses too much of a risk for an accurate assessment.

Answer 5

Correct Answer: D

Explanation: Option D is the best choice because it allows the audit to proceed while also capturing the risks associated with the ongoing investigation. This approach provides a more comprehensive view of the organization’s compliance with data protection laws, which is critical for a global e-commerce company like WebShop.

Question 6

You are auditing a pharmaceutical company that specializes in the production of vaccines. You engage with various departments during your audit, including R&D, Production, and Quality Control. You learn that the company has recently expedited developing and producing a new vaccine due to rising health concerns. The R&D department asserts that they have followed all protocols, and the Quality Control team confirms that the new vaccine meets all regulatory requirements. However, you notice that documentation related to this expedited process needs to be completed. The Production Manager assures you that the situation’s urgency justified certain “shortcuts” in the usual procedures.

What three records would you seek to confirm whether management processes related to the expedited development and production of the new vaccine are being effectively implemented? (3 Marks)

A. R&D project plans and milestone achievements.

B. Regulatory approval documents for the new vaccine.

C. Internal audit reports on the expedited development process.

D. Minutes of meetings discussing the expedited development and risks.

E. Employee training records on emergency development protocols.

F. Inventory records of vaccine ingredients and supplies.

G. Customer feedback and adverse event reports.

Answer 6

Correct Answers:C, D, G

Correct Answer Explanation:

Internal audit reports on the expedited development process (C): These reports would provide evidence of internal oversight and adherence to protocols, even during expedited development.

Minutes of meetings discussing the expedited development and risks (D): These would offer insights into management’s strategic approach and risk assessment related to the expedited vaccine development.

Customer feedback and adverse event reports (G): These records are crucial for understanding how the vaccine is performing post-market and would indicate whether the expedited development led to any overlooked quality or safety issues.

Incorrect Answer Explanation:

R&D project plans and milestone achievements (A): While these would show planning stages, they may not provide comprehensive insights into the quality and risk management of the expedited process.

Regulatory approval documents for the new vaccine (B): These are important for legal compliance but may not reflect the internal management processes that were followed during expedited development.

Employee training records on emergency development protocols (E): These would indicate staff preparedness but may not provide a full picture of how effectively overall management processes were carried out.

Inventory records of vaccine ingredients and supplies (F): While important for traceability and production, these records may not directly indicate the effectiveness of the expedited management processes.

Question 7

You are auditing a pharmaceutical company that has recently expanded its operations to include the production of vaccines. During the audit, you encounter the Head of Operations who seems anxious and mentions that they are currently undergoing multiple regulatory inspections. He expresses concern about the team’s bandwidth to accommodate the audit without affecting daily operations.

In light of the Head of Operations’ concerns and the company’s recent operational expansion, what two approaches would you adopt to build rapport with the auditee and effectively assess the quality management of the new vaccine production line?(3 Marks)

A. Propose a phased audit approach to minimize disruption to daily operations.

B. Request access to recent internal quality audits related to vaccine production.

C. Offer to coordinate audit activities with other ongoing regulatory inspections.

D. Recommend a joint meeting with the quality and operations teams to outline the scope and objectives of the audit.

E. Suggest deferring less critical audit activities to focus on the new vaccine production line.

F. Initiate a dialogue to understand the specific challenges tied to the vaccine production expansion.

Answer 7

Correct Answers:C, F

Correct Answer Explanation:

Offer to coordinate audit activities with other ongoing regulatory inspections: This approach is likely to ease the Head of Operations’ concerns about team bandwidth and shows sensitivity to the company’s current situation.

Initiate a dialogue to understand the specific challenges tied to the vaccine production expansion: Opening a conversation about the particular challenges related to the new vaccine line helps in establishing a trusting relationship and ensures that the audit is focused on key areas.

Incorrect Answer Explanation:

Propose a phased audit approach to minimize disruption to daily operations: While this is a considerate approach, it may not directly address the immediate concerns about team bandwidth and ongoing regulatory inspections.

Request access to recent internal quality audits related to vaccine production: Although valuable for the audit, asking for this data upfront could add to the concerns about team bandwidth.

Recommend a joint meeting with the quality and operations teams to outline the scope and objectives of the audit: While this could be beneficial in a normal situation, it may be too demanding given the current multiple inspections.

Suggest deferring less critical audit activities to focus on the new vaccine production line: This could be seen as bypassing important aspects of a comprehensive audit, potentially leading to gaps in the evaluation.

Question 8

You are conducting an audit at a food processing company that specializes in organic products. The company is looking to renew its ISO 9001 certification and has recently implemented a new inventory management system. You are auditing the organization’s supply chain department and are in a discussion with the Supply Chain Manager (SCM).

Discussion with Supply Chain Manager (SCM):

You:”Can you describe how the new inventory management system supports traceability?”

SCM:”The system assigns a unique identifier to each batch of products, and we can trace each product back to its source.”

You:”What measures are in place to ensure the accuracy of inventory records?”

SCM:”We conduct cycle counts every month, and discrepancies are investigated and corrected.”

Question:

You need to determine the extent to which ISO 9001 requirements are met concerning inventory management.

Which of the following statements is false?(2 Marks)

A. You would confirm that the unique identifiers are documented and traceable.

B. You would verify the effectiveness of the monthly cycle counts.

C. You would assess if cycle counts are only conducted by senior management.

D. You would examine the corrective actions taken for inventory discrepancies.

E. You would check if the inventory management system is validated regularly.

Answer 8

Correct Answer:C. You would assess if cycle counts are only conducted by senior management.

Correct Answer Explanation:

This statement is false as ISO 9001:2015 does not specify that cycle counts should only be conducted by senior management. The relevant clause in ISO 9001:2015 (Clause 7.1.6) deals with organizational knowledge, not specifically who should conduct cycle counts.

Incorrect Answer Explanation:

A. Confirming that unique identifiers are documented and traceable aligns with ISO 9001’s requirements for documented information (Clause 7.5).

B. Verifying the effectiveness of the monthly cycle counts aligns with ISO 9001’s focus on monitoring, measurement, analysis, and evaluation (Clause 9.1).

D. Examining corrective actions aligns with ISO 9001’s requirements for dealing with nonconformities and corrective actions (Clause 10.2).

E. Regular validation of the inventory management system is part of the requirements for control of production and service provision (Clause 8.5.1).

Question 9

You are auditing a construction company that specializes in commercial buildings. The company is in the process of renewing its ISO 9001 certification. You are auditing the company’s safety protocols and are in a discussion with the Safety Manager (SM).

Discussion with Safety Manager (SM):

You:”How are safety objectives aligned with the company’s overall quality policy?”

SM:”Safety objectives are formulated in line with our quality policy and are reviewed quarterly by the management team.”

You:”How do you ensure that safety objectives are measurable?”

SM:”Each safety objective is tied to specific metrics, like incident rates and employee training completion rates.”

Question:

You need to evaluate the company’s arrangements for planning, focusing on how safety objectives are consistent with the quality policy and are measurable.

Which of the following statements are true?(3 Marks)

A.You would confirm that safety objectives are aligned with the company’s quality policy.

B. You would check if safety objectives are only communicated to the management team.

C. You would verify that metrics for safety objectives include both leading and lagging indicators.

D. You would assess whether safety objectives are subject to change without notice.

E. You would examine if the safety objectives are reviewed and updated on a quarterly basis.

Answer 9

Correct Answers:

A. You would confirm that safety objectives are aligned with the company’s quality policy.

E. You would examine if the safety objectives are reviewed and updated on a quarterly basis.

Correct Answer Explanation:

A. This statement is true, as ISO 9001:2015 emphasizes the need for aligning specific objectives, like safety, with the overall quality policy.

E. This statement is true because ISO 9001:2015 requires regular review and updating of objectives, consistent with the scenario.

Incorrect Answer Explanation:

B. This statement is false because ISO 9001:2015 encourages broad communication of objectives to all relevant parties, not just the management team.

C. This statement is not explicitly supported or contradicted by the scenario or ISO 9001:2015. The standard requires measurable objectives but doesn’t specify the types of indicators.

D. This statement is false as ISO 9001:2015 encourages planned changes and does not support objectives being subject to change without notice.

Question 10

You are auditing an aerospace manufacturing company that specializes in jet engine components. The company is in the process of renewing its ISO 9001 certification. You are auditing the company’s quality control department and are in discussion with the Quality Control Manager (QCM).

Discussion with Quality Control Manager (QCM):

You:”How are you monitoring and measuring the performance of the quality management system?”

QCM:”We utilize various KPIs such as ‘Product Defect Rate,’ ‘On-Time Delivery,’ and ‘Customer Satisfaction.’ We also conduct internal audits bi-annually to assess our compliance with policies and objectives.”

You:”How do you analyze and evaluate this data?”

QCM:”We use statistical tools for analysis, and the results are reviewed in quarterly management reviews. We then compare these against our planned objectives and quality policy.”

You:”What is the internal audit frequency and scope?”

QCM:”Internal audits are conducted twice a year, covering all processes and departments.”

Question:

Based on your audit responsibilities, which of the following actions would you undertake to evaluate the auditee’s arrangements for monitoring, measuring, analysis, and evaluation of the quality management system?(3 Marks)

A. Verify that statistical tools are used for the analysis and evaluation of data.

B. Check if the internal audits are focused only on the quality control department.

C. Confirm that KPIs like ‘Product Defect Rate’ and ‘On-Time Delivery’ are being used.

D. Review whether the results of the KPIs are considered during quarterly management reviews.

E. Assess if the internal audits are conducted more frequently than stated.

Answer 10

Correct Answers:

C. Confirm that KPIs like ‘Product Defect Rate’ and ‘On-Time Delivery’ are being used.

D. Review whether the results of the KPIs are considered during quarterly management reviews.

Correct Answer Explanation:

C. Aligns with ISO 9001:2015 clause on monitoring, measurement, analysis, and evaluation. Confirming the use of specific KPIs is essential for evaluating the effectiveness of the quality management system.

D. Also aligns with ISO 9001:2015 clause on monitoring, measurement, analysis, and evaluation. Ensuring that KPI results are reviewed in management reviews is critical for continual improvement.

Incorrect Answer Explanation:

A. While statistical tools are used for analysis, confirming their use is not directly tied to the effectiveness of the quality management system itself.

B. This is incorrect as the scenario states that internal audits cover all processes and departments, not just the quality control department.

E. The internal audit frequency is bi-annual, as stated, making this option incorrect for evaluation.

Question 11

You are conducting an ISO 9001 audit of a manufacturing company that produces automotive parts. During the audit, you discover that the organization has not maintained documented information to demonstrate that their monitoring and measuring equipment is calibrated. You raised a nonconformity against clause 7.1.5 of ISO 9001.

Select the words that best complete the sentence:(2 Marks)

“The organization failed to maintain documented information for the________and________of monitoring and measuring________.”

Options:

calibration/equipment/verification/conformance/tools/validation/inspection/certification

Answer 11

Correct Answer:

“The organization failed to maintain documented information for the calibration and verification of monitoring and measuring equipment.”

Explanation:

“Calibration”: This is the correct choice as it specifically refers to the adjustment or grading of equipment, which is aligned with ISO 9001:2015 Clause 7.1.5 that deals with monitoring and measuring resources.

“Verification”: This is the correct choice as it pertains to the checking that something (in this case, equipment) meets specified requirements, also covered under ISO 9001:2015 Clause 7.1.5.

“Equipment”: This is the correct choice as it is the general term referring to what is being calibrated and verified, consistent with the requirements of ISO 9001:2015 Clause 7.1.5.

Question 12

You are conducting an ISO 9001 audit of a company specializing in the design and manufacture of electronic devices. During the audit, you review the company’s internal audit procedures and find that although they conduct internal audits, the audit results are not reported to relevant management. Furthermore, there is no documented evidence to show that corrective actions are taken based on the audit findings. You raised a nonconformity against clause 9.2.

Select the words that best complete the sentence:(2 Marks)

“The company conducts internal audits but fails to_____the results to relevant management and lacks documented evidence of________actions based on the________.”

Options:

report/preventive/resolutions/discuss/recommendations/share/findings/corrective

Answer 12

Correct Answer:

“The company conducts internal audits but fails to report the results to relevant management and lacks documented evidence of corrective actions based on the findings.”

Explanation:

“Report”: This is the correct as the scenario states that the internal audit results are not reported to relevant management. This is in line with ISO 9001:2015 Clause 9.2, which discusses the need for internal audits and reporting the results.

“Corrective”: This is the correct as the scenario highlights the absence of documented evidence to show that corrective actions are taken. This aligns with ISO 9001:2015 Clause 9.2.

“Findings”: This is the correct as it refers to the audit findings based on which actions should be taken. This is consistent with ISO 9001:2015 Clause 9.2.

Question 13

You’re an auditor evaluating a manufacturing company’s quality management system for automotive components. This company relies on both its in-house staff and external suppliers to carry out various processes. Throughout your audit, you’ve noticed two critical shortcomings. Firstly, the company has not conducted any evaluations of its external providers’ performance. Secondly, there is no established system in place to manage changes to products provided by external suppliers. (2 Marks)

Audit Evidence:

No performance assessment criteria for external providers. ______(ISO 9001:2015 Clause 8 extract)

Lack of a system for managing changes to externally provided products. ________

Controlled conditions for in-house production processes are well-documented _________

There is a gap in monitoring the quality of externally provided components __________

ISO 9001:2015 Clause 8 extract:

8.4.1 controls to be applied to externally provided processes
8.4.3 reqirements for external providers interactions with the organization
8.4.2 ensuring that externally provided processes do not adversely affect
8.1 implementing control of the processes

Answer 13

Explanation:

1 = B: This issue aligns with clause 8.4.1, which talks about the controls to be applied to externally provided processes, products, and services.

2 = A: This relates to clause 8.4.2, which discusses the organization’s responsibility to ensure that externally provided processes do not adversely affect its ability to deliver conforming products.

3 = D: This matches clause 8.1, which focuses on planning, implementing, and controlling the processes needed to meet product and service requirements.

4 = C: This pertains to 8.4.3, which focuses on the requirements for interactions between the organization and its external providers.

Question 14

An organization is in the technology sector, primarily focusing on software development. As part of its ongoing efforts to align its quality management system with ISO 9001, the leadership team is taking several actions. (3 Marks)

Select the words that best complete the sentences:

a) To gain a comprehensive view of its strategic direction, the organization needs to _____both external and internal issues.

b) The leadership team is focused on_____the needs and expectations of stakeholders like customers, suppliers, and regulators.

c) For effective operation and control of its quality management processes, the organization must _____criteria and methods, including performance indicators.

recognize/document/understand/evaluate/monitor/review/implement/maintain/identify/address/establish

Answer 14

Correct Answers:

a) To gain a comprehensive view of its strategic direction, the organization needs to understand both external and internal issues.

b) The leadership team is focused on establish the needs and expectations of stakeholders like customers, suppliers, and regulators.

c) For effective operation and control of its quality management processes, the organization must evaluate criteria and methods, including performance indicators.

Explanation:

a) Understand: According to Clause 4.1, the organization needs to “understand” both external and internal issues that are relevant to its strategic address direction and its ability to achieve the intended results of its quality management system.

b) Establish: Clause 4.2 stresses that the organization should “establish” the needs and expectations of interested parties like customers, suppliers, and regulators, as they have a potential effect on the organization’s ability to consistently provide quality products and services.

c) Evaluate: In line with Clause 4.4.1, it is vital for the organization to “evaluate” the criteria and methods needed for the effective operation and control of its quality management processes. This includes monitoring, measurements, and related performance indicators.

Question 15

As a Lead Auditor, you’re examining an organization’s compliance with ISO 9001:2015. You observe the following: (3 Marks)

a) The organization has not clarified who is responsible for ensuring process effectiveness. The organization must_____responsibilities and authorities for these processes.

b) The company has no documented evidence to show that employees have the necessary training for their roles. The organization should______documented information as evidence of competence.

c) Infrastructure used in product creation, such as machinery, has no maintenance records. The organization needs to_____the infrastructure necessary for the operation of its processes.

assign/establish/determine/monitor/maintain/retain/review

Answer 15

Correct Answers:

a) The organization has not clarified who is responsible for ensuring process effectiveness. The organization mustassignresponsibilities and authorities for these processes.

b) The company has no documented evidence to show that employees have the necessary training for their roles. The organization shouldretaindocumented information as evidence of competence.

c) Infrastructure used in product creation, such as machinery, has no maintenance records. The organization needs tomaintainthe infrastructure necessary for the operation of its processes.

Explanation:

a) Assign: According to Clause 7.1.6, the organization must assign responsibilities and authorities for the processes related to the quality management system.

b) Retain: Clause 7.2 specifies that the organization should retain appropriate documented information as evidence of competence.

c) Maintain: As per Clause 7.1.3, the organization is required to determine, provide, and maintain the infrastructure necessary for the operation of its processes.

Question 16

You are performing a Stage 2 audit for an automotive manufacturing company. During the audit, you meet with the Head of Human Resources to review the company’s training and competence records. You find that although the company has a training program, there is no documented evidence that employees working in the production line have received specific training in quality control techniques.

You:”Could you elaborate on the training provided to production line employees in terms of quality control?”

Head of HR:”We have general orientation and safety training, but specific quality control training is given on-the-job by supervisors.”

You:”Is this training documented or recorded in any way?”

Head of HR:”No, it’s more of an informal process.”

You:”Are you aware that competence in specific areas like quality control needs to be documented?”

Head of HR:”I wasn’t aware that it had to be documented. We assumed that on-the-job training would suffice.”

You decide to raise a nonconformity against section 7.2 of ISO 9001. Select the word(s) that best complete the sentence:(2 Marks)

“There is no_____evidence that employees involved in production have been______in quality control techniques, as required for the______of their work.”

Options:

skilled/documented/validated/trained/requirements/competence/nature/certified/regulatory/quality

Answer 16

Correct Answer:

“There is no documented evidence that employees involved in production have beentrained in quality control techniques, as required for the nature of their work.”

Explanation:

Documented: This term aligns with ISO 9001:2015 section 7.2, which requires organizations to maintain documented information as evidence of competence.

Trained: The term “trained” directly pertains to the need for employee training in specific areas, as per ISO 9001:2015 section 7.2.

Nature: This term aligns with the requirements of section 7.2, as it emphasizes that the type of work (in this case, quality control) necessitates specific training or competence.

Question 17

You are conducting a third-party audit of a logistics company. During your review, you find an internal audit report indicating a nonconformity against section 9.1.3 of ISO 9001. The nonconformity states:

“The company has failed to analyze data relating to the performance of its third-party carriers, leading to frequent delays in shipments.”

What action would you take as an auditor following up on this audit? Chooseoneof the following options?(2 Marks)

A. You would ask for shipping delay records to validate the claim.

B. You would request to see if the issue was addressed in management review meetings.

C. You would inquire about any corrective actions taken to address the delays.

D. You would ask for customer feedback relating to shipping delays.

E. You would assess the effectiveness of any corrective actions implemented to resolve the issue.

F. You would verify if the company is monitoring and measuring the performance of its third-party carriers.

Answer 17

Correct Answer:E

Explanation:The correct option is E, “You would assess the effectiveness of any corrective actions implemented to resolve the issue.” ISO 9001:2015 section 9.1.3 emphasizes the need to analyze performance and effectiveness data. By evaluating the effectiveness of corrective actions, the auditor ensures that the organization has adequately addressed the root cause of the nonconformity, thus aligning with the requirements of the standard.

Question 18

Audit concepts and auditor responsibilities

Considering the audit process for first-party, second-party, and third-party certification audits, select THREE of the following statements that correctly describe the audit objectives: (2 Marks).

A. First-party audits primarily focus on external supplier evaluations.

B. Third-party audits aim to provide an independent assessment for external stakeholders.

C. Second-party audits are conducted by external organizations to assess conformity.

D. First-party audits are internal audits conducted by the organization for self-assessment.

E. Third-party audits are internal audits conducted by the organization for self-assessment.

F. Second-party audits focus on evaluating a supplier’s performance against contractual obligations.

Answer 18

B. Third-party audits aim to provide an independent assessment for external stakeholders.

C. Second-party audits are conducted by external organizations to assess conformity.

D. First-party audits are internal audits conducted by the organization for self-assessment.

Question 19

From the following list, identify the TWO audit methods or activities that may NOT require direct human interaction: (1 Mark)

A. On-site audits

B. Remote audits with live video conferencing

C. Automated system log reviews

D. Face-to-face interviews

E. Automated vulnerability scanning

F. Document reviews via shared platforms

Answer 19

Correct Answers:C, E

Explanation:
Automated system log reviews are conducted using tools that automatically scan and analyze system logs for anomalies. Therefore, option C doesn’t require direct human interaction.
Automated vulnerability scanning involves tools that identify vulnerabilities in systems without human intervention, making option E correct.

Question 20

Regarding auditor responsibilities, select the TWO roles from the following list that are primarily responsible for ensuring effective communication with the auditee throughout the audit process: (2 Marks)

A. Audit client

B. Audit team leader

C. Auditors

D. Auditees

E. Guides

F. Observers

Answer 20

Correct Answers:B, C

Explanation:
The audit team leader manages the audit team and ensures effective communication with the auditee, making option B correct.
Auditors directly interact with auditees during the audit process, gathering evidence and verifying information. Hence, effective communication is essential for auditors, making option C correct.

Question 21

Planning the audit

You are planning a Stage 2 audit for “FoodSafe,” a company that produces organic snacks. The audit’s objective is to assess conformity with ISO 9001. Given the complexity of the food safety regulations, you ponder on the audit’s duration.

What would be an appropriate consideration regarding the audit’s duration? (2 Marks)

A. Limit the audit to one day to reduce disruptions in FoodSafe’s operations.

B. Allocate sufficient time to thoroughly examine all relevant processes and regulations.

C. Extend the audit duration to also cover non-food safety related aspects.

D. Shorten the audit duration to focus only on the critical food safety processes.

E. Match the duration to the number of auditors available.

Answer 21

Correct Answer:B

Explanation:Duration should be sufficient to thoroughly cover all processes, objectives, and criteria set for the audit. Given that FoodSafe operates in a regulated industry (food production), sufficient time must be allocated to cover all necessary regulations and processes.

Question 22

You’re the audit team leader for a third-party certification audit of a large agricultural firm, GreenField Inc., with multiple farms across the country. The audit was scheduled for the summer, but you learn that one of the farms has been severely affected by an unexpected drought, leading to crop failure.

What should be your course of action as the audit team leader?(1 Mark)

A. Proceed with the audit as planned, including the drought-affected farm.

B. Remove the affected farm from the scope of the audit and proceed with the audit as planned.

C. Postpone the audit to allow GreenField Inc. to recover from the drought’s impact.

D. Conduct a risk assessment and adjust the audit plan to focus on other equally important farms.

E. Cancel the audit, citing that GreenField Inc. is currently not suitable for auditing.

Answer 22

Correct Answer:D

Explanation: Option D is the most appropriate action because it allows the audit to proceed while taking into account the new risks introduced by the drought. By conducting a risk assessment and adjusting the audit plan, the audit can focus on other farms that are equally important, thereby maintaining the integrity of the audit.

Question 23

You are the audit team leader for a third-party audit on a pharmaceutical company that has recently diversified into producing COVID-19 vaccines. The audit is primarily focused on quality management and compliance with pharmaceutical regulations. You discover that the company has hastily set up a new vaccine production line without fully integrating it into its existing quality management system. The audit is scheduled to last three days, but the audit team suspects it will take longer to thoroughly evaluate the new production line.

Which two would be the most suitable courses of action for you as the audit team leader? (1 Mark)

A. Proceed with the audit as planned, focusing only on the existing pharmaceutical lines.

B. Extend the duration of the audit to include a comprehensive evaluation of the new vaccine production line.

C. Exclude the new vaccine production line from the audit scope and proceed as planned.

D. Postpone the audit until the company fully integrates the new vaccine production line into its existing quality management system.

E. Proceed with the audit as planned but highlight in the report that the new vaccine production line was not audited.

Answer 23

Correct Answers:B, E

Explanation:

Option B: According toISO 19011:2018clause 6.3.2.2, audit planning should address the scope, criteria, and objectives, including the locations and duration of audit activities. Extending the duration to evaluate the new production line ensures that the audit objectives are met and covers the increased scope and complexity of the audit.

Option E: as perISO 19011:2018clause 6.3.2.1, audit planning should consider the risks of the audit activities on the auditee’s processes. Proceeding with the audit as planned but highlighting the limitation in the report aligns with risk-based planning. This option ensures that the audit objectives are met while acknowledging the limitations due to the new production line.

Question 24

Conducting the audit

You are auditing a software development company seeking ISO 9001:2015 certification. During the audit, you discover that the Development Team often deploys updates to their software without going through a formal testing phase. They claim that their agile approach allows them to fix any issues ‘on the fly’ and that their customers are generally satisfied. The Quality Assurance Manager states that this approach has been approved because it speeds up deployment.

What three records would you seek to confirm whether management processes related to software quality are being effectively implemented? (3 Marks)

A. Code review logs from the Development Team.

B. Customer satisfaction surveys and feedback.

C. Internal audit reports of the software development process.

D. Minutes of Management Review Meetings discussing software quality.

E. Software version control and change logs.

F. Training records for the Development Team on secure coding practices.

G. Records of risk assessments related to software development.

Answer 24

Correct Answers:C, D, G

Correct Answers Explanation:

Internal audit reports of the software development process (C): These would provide evidence on how well the organization monitors and reviews its software development activities, aligning with the Plan-Do-Check-Act cycle mandated by ISO 9001:2015.

Minutes of Management Review Meetings discussing software quality (D): These records would offer insights into management’s commitment and approach to maintaining software quality, which is consistent with the leadership and planning clauses of ISO 9001:2015.

Records of risk assessments related to software development (G): Risk-based thinking is a key element of ISO 9001:2015, and these records would show how the organization identifies and manages risks related to software development.

Incorrect Answers Explanation:

Code review logs from the Development Team (A): While important for internal quality checks, these logs focus on technical aspects and may not provide a comprehensive view of the management processes, which is the focus of the question.
Customer satisfaction surveys and feedback (B): Customer feedback is valuable but may not directly reflect the effectiveness of internal management processes related to software quality.

Software version control and change logs (E): These logs may indicate how changes are managed but don’t necessarily reflect the effectiveness of overarching management processes.

Training records for the Development Team on secure coding practices
(F): While training is essential, these records are more aligned with competence and awareness but may not provide a full view of the effectiveness of management processes for software quality.

Question 25

You are auditing a financial services company that specializes in wealth management. The company has recently undergone a significant organizational change, including the implementation of a new customer relationship management (CRM) system. During your audit, you meet the Chief Information Officer (CIO) who seems defensive and is reluctant to share information. She states that the organization has been through a lot of changes and feels that the audit is an additional burden at this time. Your objective is to ensure a thorough audit while being sensitive to the challenges the company is currently facing.

Given the defensive posture of the CIO and the ongoing organizational changes, whattwoapproaches would you employ to build rapport with the auditee and effectively assess the newly implemented CRM system? (2 Marks)

Question 20Answer

A.

Insist on immediate access to all CRM system records to ensure audit integrity.

B.

Acknowledge the organizational changes and offer to work around the CIO’s schedule for audit activities.

C.

Send an extensive list of questions about the CRM system in advance to prepare the CIO for the audit.

D.

Seek a brief initial meeting with the CIO to understand the objectives and concerns related to the new CRM system.

E.

Focus the audit exclusively on the CRM system, ignoring other organizational changes to save time.

F.

Engage in a multi-departmental assessment to see how the new CRM system is affecting different parts of the organization.

Answer 25

Correct Answers:B, D

Correct Answer Explanation:

Acknowledge the organizational changes and offer to work around the CIO’s schedule for audit activities: This approach is sensitive to the auditee’s current challenges and helps in building rapport. It also aligns with the objective of being sensitive to the needs and expectations of the auditee.

Seek a brief initial meeting with the CIO to understand the objectives and concerns related to the new CRM system: This allows for open communication and can help in establishing trust. It also gives insights into the auditee’s understanding and implementation of internal changes.

Incorrect Answer Explanation:

Insist on immediate access to all CRM system records to ensure audit integrity. This approach could strain the relationship further and is not sensitive to the auditee’s current challenges.

Send an extensive list of questions about the CRM system in advance to prepare the CIO for the audit: This could be seen as burdensome given the ongoing organizational changes.
Focus the audit exclusively on the CRM system, ignoring other organizational changes to save time: This approach would not be comprehensive and could miss out on evaluating how the CRM system fits into broader organizational changes.

Engage in a multi-departmental assessment to see how the new CRM system affects different parts of the organization: While comprehensive, this may be overwhelming for the auditee given their current challenges.

Question 26

Scenario:You are conducting an audit at a software development company that specializes in cloud-based solutions. The organization is seeking ISO 9001 certification for the first time and operates from multiple global locations. You are auditing the organization’s quality assurance department where software testing is conducted. You are interviewing the Quality Assurance Manager (QAM).

Discussion with Quality Assurance Manager (QAM):

You:”Can you elaborate on how software testing cycles are planned and executed here?”

QAM:”We follow a sprint-based approach. Each testing cycle lasts two weeks, and we prioritize test cases based on risk assessments.”

You:”How do you ensure the test environments are controlled?”

QAM:”Each test environment is isolated and follows a version control system. Access is restricted to authorized personnel only.”

Question:

You need to assess the extent to which ISO 9001 requirements are met with respect to software testing controls.

Which of the following statements is false?(3 Marks)

A. You would verify the mechanisms for risk-based test case prioritization.

B. You would assess how access to test environments is restricted and controlled.

C. You would inquire about any third-party tools used for version control.

D. You would confirm that test cases are formally reviewed before execution.

E. You would check if software testing cycles are aligned with business objectives.

F. You would validate that a change management process is documented and in use.

G. You would confirm that only Quality Assurance personnel perform software testing.

Answer 26

Correct Answer:F. You would validate that a change management process is documented and in use.

Correct Answer Explanation:

F. This statement is false because it assumes that a change management process specifically needs to be documented and in use for software testing controls. While change management is important, ISO 9001:2015 does not explicitly require it to be documented for this specific context.

Incorrect Answer Explanation:

A. Verifying risk-based test case prioritization aligns with ISO’s focus on risk-based thinking.
B. Assessing access control mechanisms is consistent with ISO’s requirements for controlled environments.
C. Inquiring about third-party tools falls under the purview of understanding the resources used.
D. Confirming formal review processes aligns with ISO’s emphasis on planning and control.
E. Checking alignment with business objectives is a part of quality management principles.
G. Confirming the roles aligns with ISO’s requirements for competence and awareness.

Question 27

You are an auditor at a pharmaceutical manufacturing company that specializes in the production of generic medications. The company is undergoing its ISO 9001 renewal audit. During the audit, you engage with the Production Manager (PM), the Quality Assurance Manager (QAM), and various team members.

Discussion:

You:”Can you walk me through the process of a batch production from start to finish?”

PM:”Certainly. We start by sourcing raw materials from verified suppliers, followed by quality checks. The production process is then initiated, adhering to specific SOPs. Post-production, another round of quality checks is conducted before the batch is approved for release.”

You:”How do you ensure that these processes are effective in meeting customer and regulatory requirements?”

QAM:”We do internal audits, and we also have KPIs like ‘Batch Rejection Rate’ and ‘Customer Complaints.’ These KPIs are reviewed monthly.”

You:”What sampling methods are used during quality checks?”

QAM:”We use both random and stratified sampling methods depending on the nature of the quality attribute being assessed.”

Question:

Based on the audit discussion and your responsibilities, which of the following activities would you undertake to collect and verify appropriate objective evidence and to evaluate the effectiveness of operational processes? (3 Marks)

A.

Validate that the sourced raw materials come from verified suppliers.

B.

Review the effectiveness of the internal audit process solely based on the ‘Batch Rejection Rate’ KPI.

C.

Examine the variety of sampling methods used in quality checks.

D.

Confirm that production adheres to generic industry practices rather than specific SOPs.

E.

Assess whether the KPIs for evaluating process effectiveness are reviewed and updated on a monthly basis.

Answer 27

Correct Answers:

A. Validate that the sourced raw materials come from verified suppliers.
C. Examine the variety of sampling methods used in quality checks.

Correct Answer Explanation:

A. Aligns with ISO 9001:2015 clause on external provision and ensures that the raw materials meet the necessary quality requirements.
C. Aligns with ISO 9001:2015 clause on monitoring, measurement, analysis, and evaluation. Sampling is an important aspect of this, and verifying the appropriateness of the sampling methods used is key in an audit.

Incorrect Answer Explanation:

B. Relying solely on one KPI would not give a comprehensive view of the effectiveness of the internal audit process, making this option incorrect.
D. The company adheres to specific SOPs for production, making this option incorrect.
E. While reviewing and updating KPIs is important, it is not directly related to the collection and verification of objective evidence during an audit, making this option incorrect.

Question 28

You are conducting an ISO 9001 audit of a software development company that specializes in customized business solutions. While auditing the human resources department, you discover that they have an orientation program for new hires. However, the program does not include any training or awareness related to the company’s quality policy or quality objectives. You raised a nonconformity against clause 7.3 of ISO 9001.(2 Marks)

Select the words that best complete the sentence:

“The orientation program for new hires lacks training onproceduresand awareness ofqualityobjectives, which are essential elements forcompliance.”

Options:

awareness/ quality objectives/policy/standards/employeeonboarding/compliance/ guidelines/ Procedure

Answer 28

Correct Answer:

“The orientation program for new hires lacks training onpolicyand awareness ofquality objectives, which are essential elements foremployee onboarding.”

Explanation:

“Policy”: This is the correct choice as it refers to the company’s quality policy. According to ISO 9001:2015 Clause 7.3, the quality policy should be understood and applied within the organization.

“Quality Objectives”: This is the correct choice as it refers to the quality objectives of the organization. These objectives should be known and understood by relevant personnel as per ISO 9001:2015 Clause 7.1.6.

“Employee Onboarding”: This is the correct choice as the orientation program is part of the employee onboarding process, which should include training and awareness on essential elements like the company’s quality policy and objectives.

Question 29

You are an audit team leader conducting a Stage 2 ISO 9001 audit for ABC Manufacturing, a company that specializes in automotive parts. During your audit, you discover that the organization has a robust system for monitoring product quality but lacks a formal process for addressing customer complaints. The Operations Manager is concerned about this gap and asks for your opinion on how they can improve their quality management system (QMS) to be more customer-centric. You raise a nonconformity against clause 9.1.2 related to customer satisfaction.(2 Marks)

Select thetwobest options of how the auditor should best respond to the Operations Manager’s question.

A. The auditor should recommend specific customer complaint software.

B. The auditor should evaluate the existing mechanisms for customer feedback.

C. The auditor should decline to give a personal opinion on the matter.

D. The auditor should advise the organization to prioritize product quality over customer complaints.

E. The organization should develop its own process for handling customer complaints.

F. The auditor should suggest organizing a workshop on customer complaint management.

G. The auditor should recommend an annual review of customer complaints.

Answer 29

Correct Answers:B, C

Correct Answer Explanation:

Option B: This is correct because the auditor’s role is to evaluate existing processes and mechanisms to identify any gaps or areas for improvement. This aligns with ISO 9001:2015 clause 9.1 related to monitoring, measurement, analysis, and evaluation.

Option C: Correct, as the auditor should remain impartial and not give personal opinions. This maintains the integrity of the audit process as specified in ISO 9001:2015 clause 5.1.2 on leadership and commitment.

Incorrect Answer Explanation:

Option A: Incorrect, as it is not the auditor’s role to recommend specific solutions like software. This could compromise the auditor’s impartiality, as indicated in ISO 9001:2015 clause 5.1.2.

Option D: Incorrect because prioritizing product quality over customer complaints would not align with a holistic approach to quality management as prescribed by ISO 9001:2015 clauses 9.1 and 10 on improvement.

Option E: While the organization should indeed develop its process, the auditor’s role is to evaluate existing systems rather than to prescribe specific actions, as guided by ISO 9001:2015 clause 9.1.

Option F: Recommending a workshop is beyond the scope of an auditor’s responsibilities and could compromise impartiality, as per ISO 9001:2015 clause 5.1.2.

Option G: Recommending an annual review might be a good practice, but it is not the auditor’s role to make such recommendations. The focus should be on evaluating existing processes, in line with ISO 9001:2015 clause 9.1.

Question 30

You are conducting an internal audit of a company that specializes in custom software development. The organization has multiple ongoing projects, each with different clients and technical requirements. As part of your audit, you are reviewing the company’s software development processes, from requirement gathering to software delivery and post-delivery support. During the audit, you notice that there is no documented process for requirement verification with the client after the initial discussion, and you find that in some instances, this has led to rework.(3 Marks)

Audit evidence:

No documented process for requirement verification after initial client discussions. _______ (ISO Clause 8 extract)

Instances of rework have been identified in the project. ______

The organization has a detailed project initiation document for each project. _________

Client communication records do not indicate any follow-up on requirements. ______

Options:

8.5.1 monitoring and measurement activities.
8.1 implementing control of the processes.
8.2.4 relevant persons are made aware
8.2.3.1 requirements specified by the customer

Answer 30

Explanation:

1 = A: Aligns with clause 8.2.3.1, which requires customer requirements to be confirmed and documented.
2 = D: Falls under clause 8.5.1, which deals with monitoring and measurement activities to verify criteria.
3 = B: Matches with clause 8.1, which focuses on implementing control of processes.
4 = C: Pertains to 8.2.4, which is about making relevant persons aware of changed requirements.

Question 31

An organization is in the business of manufacturing medical devices. They interact with multiple stakeholders including regulatory bodies, suppliers, and customers. (3 Marks)

Select the words that best complete the sentences:

a) To ensure compliance with the stringent regulations, the organization should____and meet the statutory and regulatory requirements.

b) Before entering into a contract with a new supplier, the organization should_____the supplier’s capability to meet quality standards.

c) It is crucial for the organization to_____documented information related to quality assurance tests.

Options:

update/follow/know/learn/review/understand/retain/assess/maintain/determine/amend

Answer 31

Explanation:

a) Follow: Ensuring compliance with stringent regulations necessitates that the organization not only understands but also actively “follows” the statutory and regulatory requirements. This aligns with Clause 5.1.2 which emphasizes that customer and applicable statutory and regulatory requirements are determined, understood, and consistently met.

b) Assess: Before entering into a contract with a new supplier, the organization should “assess” the supplier’s capability to ensure they meet the quality standards. This is essential for risk management and quality assurance, in line with Clause 7.1.4 which requires the organization to provide the necessary resources for the operation of its processes and to achieve conformity of products and services.

c) Retain: Documented information related to quality assurance tests should be “retained” as evidence of conformity and effective operation of the quality management system, as per Clause 7.5.3.1 which requires documented information to be available and suitable for use, where and when it is needed.

Question 32

ABC is a worldwide fast-food organisation. One of the branches, in downtown Cape Town, decided to implement an ISO 9001 quality management system and you are the audit team leader (with two other auditors) that will carry out the certification audits, Stage 2.

ABC receive the orders by phone or internet; some of the employees deliver the ordered food to indicated addresses. The normal menu includes 15 different types of hamburgers; however, in the last two weeks, due to a shortage of a special type of meat, they can only prepare six of the 15 varieties.

During the internal meeting of the audit team, you ask one of the auditors to describe what she has observed. She audited the reception of orders from customers (via phone or internet) and the communication of the orders to the kitchen. She noticed that the menu offering food on the website is still the normal one, with 15 different hamburgers, and during a 30-minute period, she observed many customers reluctantly accepting something other than the hamburger they preferred.

She discusses different options with the team. Match each option to the relevant clause of the standard:

Matchthe below options discussed by the team with the clause of ISO 9001:2015 (2 Marks)

A. ABC has not determined the risk associated with a shortage of meat.

B. ABC has not identified the shortage of meat as a nonconformity to its QMS.

C. ABC does not meet the claims for the products it offers.

D. ABC did not take action to amend its website content to reflect menu changes.

E. ABC did not monitor the performance of the supplier of meat.

F. The employee that receives the orders is not aware of how to deal with the problem within the QMS.

Options:
6.1/7.4/8.2.3/10.2/8.4/7.3 (ISO 9001 2015 Clauses)

Answer 32

Explanation:

A – 6.1: ABC has not determined the risk associated with a shortage of meat. This falls under the clause for planning actions to address risks and opportunities.

B – 10.2: The shortage of meat should be considered as a nonconformity to the QMS, which is covered under the clause for corrective actions.

C – 8.2.3: This clause deals with the review of requirements related to the products and services. ABC not meeting the claims for the products it offers is a violation of this clause.

D – 7.4: Communication is vital in a QMS. The failure to amend website content to reflect menu changes aligns with this clause, which talks about communication requirements.

E – 8.4: This clause is related to the control of externally provided processes, products, or services. Not monitoring the performance of the meat supplier falls under this clause.

F – 7.3: Clause 7.3 is about ensuring that persons doing work under the organization’s control are aware of the QMS requirements. The employee not knowing how to deal with the problem is a violation of this clause.

Question 33

1.3) Whichthreeof the following actions are typically associated with the ‘Check’ phase according to ISO 9001:2015? (2 Marks)

A. Establishing new objectives.

B. Monitoring processes.

C. Measuring resulting products and services.

D. Identifying potential risks.

E. Evaluating alignment with planned activities.

F. Reporting the results of monitoring.

Answer 33

You have correctly selected 2.

Correct Answer:B, C, F

Explanation:The ‘Check’ phase involves monitoring processes, measuring outcomes, and reporting results.

Question 34

2.1) Selectthreeactivities that are typical of conducting on-site audit activities according toISO 19011:2018: (1 Mark)

A. Taking unofficial breaks during the audit.

B. Gathering and verifying objective evidence.

C. Conducting audit meetings.

D. Distributing the audit report without approval.

E. Preparing documented information for the audit.

F. Organizing social gatherings with the auditee.

Answer 34

Correct Answers: B, C, E

Explanation:

Gathering and verifying objective evidence is fundamental during on-site audit activities, making option B correct.

Conducting audit meetings, such as opening and closing meetings, is a typical on-site activity, validating option C.

Preparing documented information is a preparatory and often ongoing task during the audit, making option E correct.

Question 35

2.3) Selectthreepurposes of a stage 1 audit according toISO 19011:2018: (1 Mark)

A. To finalize the audit report.

B. To review documented information.

C. To assess the organization’s readiness for the stage 2 audit.

D. To verify the effective implementation of the quality management system.

E. To determine the budget of the audit.

F. To identify the logistical arrangements for stage 2.

Answer 35

Correct Answers:B, C, F

Explanation:

Reviewing documented information helps to ensure that the organization has met all documentation requirements, making option B correct.

The primary aim of a stage 1 audit is to evaluate the organization’s readiness for the stage 2 audit, validating option C.

Identifying logistical arrangements is important to prepare for the next stage of the audit, making option F correct.

Question 36

2.5) WhichTHREEof the following are responsibilities of the lead auditor according toISO 19011:2018?(2 Marks)

A. Finalizing the audit budget.

B. Determining audit objectives and criteria.

C. Deciding the certification status of the auditee.

D. Ensuring effective communication with the auditee.

E. Providing feedback to the auditee’s top management.

F. Organizing the audit schedule.

Answer 36

Correct Answers:B, E, F

Explanation:

Determining the audit objectives and criteria is typically the responsibility of the lead auditor, making option B correct.

Providing feedback, especially if it pertains to strategic or high-level findings, often involves the lead auditor, making option E correct.

Organizing the audit schedule, which includes defining the timing and sequence of audit activities, often falls under the lead auditor’s responsibilities, validating option F.

Question 37

4.3) You are auditing an aerospace manufacturing company that produces components for commercial airlines. The organization is looking to renew its ISO 9001 certification. You are auditing the production floor and are in discussion with the Production Manager (PM).

Discussion with Production Manager (PM):

You:”How are the manufacturing processes monitored for quality?”

PM:”We have real-time monitoring systems that alert us to any deviations in quality parameters.”

You:”What steps are taken when a deviation is detected?”

PM:”The affected production line is halted, and an immediate investigation is initiated to identify the cause.”

Question:

You need to assess the extent to which ISO 9001 requirements are met in the area of manufacturing process quality control.

Which of the following statements is false?(2 Marks)

A. You would verify that real-time monitoring systems are in place for quality control.

B. You would assess the procedures for halting the production line in case of deviations.

C. You would confirm that only the Production Manager is authorized to restart the production line.

D. You would examine the steps taken for immediate investigations when deviations are detected.

E. You would check if employee training records related to quality control are maintained.

Answer 37

Correct Answer:C. You would confirm that only the Production Manager is authorized to restart the production line.

Correct Answer Explanation:

This statement is false as ISO 9001:2015 does not specify that only a particular role such as the Production Manager is authorized to restart a production line. The standard focuses on competent personnel and proper authorization but does not limit this to a specific role.

Incorrect Answer Explanation:

A. Verifying real-time monitoring systems aligns with ISO 9001’s requirements for monitoring and measurement.

B. Assessing procedures for halting the production line is consistent with ISO 9001’s emphasis on operational planning and control.

D. Examining steps for immediate investigations aligns with ISO 9001’s requirements for dealing with nonconformities.

E. Checking employee training records is consistent with ISO 9001’s requirements for competence and awareness.

Question 38

4.4) You are conducting an audit at a software development company that specializes in enterprise resource planning (ERP) solutions. The company is seeking its initial ISO 9001 certification. You are auditing the company’s customer support department and are in discussion with the Customer Support Manager (CSM).

Discussion with Customer Support Manager (CSM):

You:”How are customer support objectives set?”

CSM:”Objectives are derived from customer feedback and industry benchmarks. They are aligned with our quality policy.”

You:”How do you ensure these objectives are measurable and communicated?”

CSM:”We use specific KPIs like first-response time and customer satisfaction scores. These are shared in monthly team meetings.”

Question:

You need to evaluate the company’s arrangements for planning, with a focus on how customer support objectives are consistent with the quality policy and measurable.

Which of the following statements are true?(2 Marks)

A. You would verify that customer support objectives are derived from relevant sources like customer feedback.

B. You would check if customer support objectives are only applicable to new hires in the department.

C. You would confirm that specific KPIs are used to make the objectives measurable.

D. You would assess if customer support objectives are publicly posted on the company website.

E. You would examine if monthly team meetings for sharing objectives are formally documented.

Answer 38

Correct Answers:

A. You would verify that customer support objectives are derived from relevant sources like customer feedback.

C. You would confirm that specific KPIs are used to make the objectives measurable.

Correct Answer Explanation:

A. This statement is true, as ISO 9001:2015 emphasizes the need for objectives to be relevant and aligned with the quality policy, which includes using customer feedback as a relevant source.

C. This statement is true because ISO 9001:2015 requires that objectives be measurable, and the use of specific KPIs satisfies this requirement.

Incorrect Answer Explanation:

B. This statement is false, as ISO 9001:2015 requires that objectives be applicable across relevant functions and levels within the organization, not just to new hires.

D. This statement is not supported or contradicted by ISO 9001:2015. The standard does not require that objectives be publicly posted.

E. This statement is not explicitly true or false based on ISO 9001:2015. While the standard encourages documentation, it does not specify the formality of such documentation.

Question 39

4.5) You are auditing an automotive manufacturing company specializing in electric vehicles. The company is undergoing its ISO 9001 renewal audit. As part of your responsibilities, you review the minutes of a recent management review meeting. According to the minutes, the meeting covered various topics such as alignment of the quality management system with market trends, review of key performance indicators (KPIs), and identification of areas for improvement.

Key Points from the Minutes of the Management Review Meeting:

Discussion on aligning the quality management system with market trends and customer expectations.

Review of KPIs in relation to quality objectives and identification of areas for improvement.

Consideration of operational efficiencies and challenges, including those in the supply chain.

Question:

Based on the minutes of the management review meeting and your audit responsibilities, which of the following actions would you undertake to evaluate the management’s review of the suitability, adequacy, and effectiveness of the quality management system? (3 Marks)

A. Confirm that market trends and customer expectations are considered in the review.

B. Assess if the KPIs are solely reviewed by the quality manager.

C. Verify that areas for improvement have been identified in the review.

D. Check if production efficiency is the sole focus of the review.

E. Examine whether supply chain challenges are ignored in the review.

Answer 39

Correct Answers:

A. Confirm that market trends and customer expectations are considered in the review.

C. Verify that areas for improvement have been identified in the review.

Correct Answer Explanation:

A. Aligns with ISO 9001:2015 requirements for management reviews, which emphasize evaluating the quality management system’s suitability and effectiveness in light of various factors, including market trends and customer expectations.

C. Also aligns with ISO 9001:2015, which requires that areas for improvement be identified to consider the quality management system effective and suitable.

Incorrect Answer Explanation:

B. Incorrect, as the minutes suggest a collective review process, not one solely conducted by the quality manager.

D. Incorrect, as the minutes indicate that multiple aspects were considered, not just production efficiency.

E. Incorrect, as the minutes explicitly mention that challenges in the supply chain were discussed.

Question 40

4.6) You are conducting an ISO 9001 audit of a pharmaceutical manufacturing company. During your audit, you proceed to the Quality Control lab where samples of active pharmaceutical ingredients are tested. You notice that the lab technicians are using a paper-based logbook to record test results, but there’s no evidence of these results being reviewed or approved by authorized personnel. Additionally, you don’t see any documented procedure that defines how these records should be controlled, maintained, or disposed of. You raised a nonconformity against clause 7.5.3 of ISO 9001.

Select the words that best complete the sentence:(3 Marks)

“The lab’s paper-based logbook for recording test results lacks _____ by authorized personnel and does not adhere to any documented _____ or control, maintenance, or_____.”

Options:

policy/approval/retention/procedure/review/disposal/verification/guidelines

Answer 40

Correct Answer:”The lab’s paper-based logbook for recording test results lacksreviewby authorized personnel and does not adhere to any documentedprocedurefor control, maintenance, ordisposal.”

Explanation:

“Review”: This is the correct choice for [A] as the scenario explicitly states that there’s no evidence of these results being reviewed by authorized personnel. This aligns with ISO 9001:2015 Clause 7.5.3, which requires control of documented information.

“Procedure”: This is the correct choice for [B] as the scenario indicates that there is no documented procedure that defines how these records should be controlled. This is also covered under ISO 9001:2015 Clause 7.5.3.

“Disposal”: This is the correct choice for [C] as it relates to the absence of any documented guidelines for how these records should be disposed of, consistent with the requirements in ISO 9001:2015 Clause 7.5.3.

Question 41

4.13) You are the lead auditor preparing to assess an organization’s quality management system. Your focus is on how well the organization has planned for various elements critical to the quality management system. You have identified the following audit evidence to collect:

As the lead auditor, you need to map the audit evidence you plan to collect with the relevant sub-clauses of ISO 9001 Clause 6.Matchthe evidence to the corresponding sub-clauses. (3 Marks)

Documents outlining the budget and resources allocated for quality management initiatives. ______

Records of staff training on the importance of quality objectives. ______

Metrics on how frequently the organization reviews its risk assessments _______

A log detailing the changes made to the quality management system over the past year. _______

Options:

6.2 Quality objectives and planning to achieve them.. be consitent with the quality policy be measurable

6.1.2 The organization shall plan.. the evaluate the effectiveness of these actions

6.1 Actions to address risk and opportunities.. give assurance that the quality management system can achieve its intended results

6.3 Planning of changes.. the purpose of the changes and their potential consequences

Answer 41

Explanation:

1 = C: Documents outlining the budget and resources allocated for quality management initiatives pertain to Clause 6.2, which deals with quality objectives and their planning.

2 = D: Records of staff training on the importance of quality objectives are related to Clause 6.1.2, which outlines the planning and evaluation of actions to address risks and opportunities.

3 = B: Metrics on how frequently the organization reviews its risk assessments align with Clause 6.1, focusing on actions to address risks and opportunities.

4 = A: A log detailing the changes made to the quality management system over the past year falls under Clause 6.3, discussing planning of changes and their potential consequences.

Question 42

4.14) In an organization that manufactures electronic components, the Quality Management team is tasked with ensuring compliance with ISO 9001:2015. During the annual performance evaluation, several activities are under scrutiny.

Select the words that best complete the sentences:(2 Marks)

a) To assess the quality of the products, the team must_____relevant data from monitoring and measurements.

b) To understand how well the organization is meeting customer expectations, it is necessary to ______customers’ perceptions.

c) The results from internal audits are used to _____ the effectiveness of the quality management system.

Options:

measure/collect/analyze/review/inspect/determine/monitor/evaluate/validate/summarize/compare

Answer 42

Explanation:

a) Analyze: According to Clause 9.1.3, the organization is required to “analyse and evaluate appropriate data and information arising from monitoring and measurement” to assess various performance indicators, including the conformity of products and services.

b) Monitor: Per Clause 9.1.2, the organization must “monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled.” This is crucial for evaluating the degree of customer satisfaction.

c) Evaluate: As per Clause 9.2.1, internal audits are conducted to provide information on whether the quality management system is effectively implemented and maintained. The term “evaluate” aligns with the need to assess the effectiveness of the system based on the audit results.

Question 43

Domain 5: Reporting and Closing out the audit

5.1) You are the Lead Auditor for a food processing company that has recently been ISO 9001 certified. During your audit, you discover a nonconformity with Clause 7.1.5, Monitoring and Measuring Resources. Specifically, the organization has not calibrated its temperature-measuring devices, which are critical for food safety.

In the closing meeting, you explain to the Quality Control Manager that effective corrective action needs to be taken to resolve this nonconformity.

Select the word(s) that best complete the sentence:(3 Marks)

To resolve this issue, the organization must first_____the causes of the nonconformity and then_____measures that effectively address this gap in the quality management system.

Options:

investigate/examine/explore/implement/scrutinize/introduce/formulate/develop

Answer 43

Explanation:

The correct answer is “investigatethe causes of the nonconformity and thendevelopmeasures that effectively address this gap in the quality management system.” This aligns with Clause 10.2 of ISO 9001:2015, which mandates that organizations must take corrective action that is appropriate to the effects of the nonconformities encountered.

“Investigating” the causes is necessary for understanding the root cause of the nonconformity, and “developing” measures would be the subsequent step to address it effectively.

Options like “explore” or “examine” do not fully capture the intent of determining the root cause, as specified in Clause 10.2. Similarly, “introduce” or “formulate” are not as specific as “develop” when it comes to outlining what kind of measures need to be taken to address the nonconformity effectively.

Question 44

5.2) You are a Lead Auditor for an automotive manufacturing company that has been ISO 9001 certified for several years. During your audit, you identify a nonconformity related to Clause 7.5, Documented Information. Specifically, you find that control plans for new products are not being adequately maintained or updated.

At the closing meeting, you stress the importance of resolving this issue to the Quality Control Manager.

Which of the following options would provide part of the acceptable corrective actions to close out the nonconformity at the follow-up audit? (2 Marks)

A. Assign a dedicated team to review and update all existing control plans periodically.

B. Implement a digital document management system to streamline the updating process.

C. Include control plan maintenance as a key performance indicator (KPI) for the Quality Control department.

D. Conduct training sessions on the importance of control plan maintenance for relevant employees.

E. Initiate a monthly review meeting to discuss and update control plans as necessary.

Answer 44

Correct Answer:A

Correct Answer Explanation:

This corrective action is consistent with Clause 7.5 of ISO 9001:2015, which mandates the organization to maintain documented information to support the operation of processes. Assigning a dedicated team ensures that the control plans are not just reviewed but updated as required, thus aligning with the standard’s requirements.

The other options, while potentially helpful, do not directly address the root cause of the nonconformity:

Option B could be part of a broader solution but does not ensure that control plans are actually reviewed or updated.

Option C makes control plan maintenance a KPI but does not provide a mechanism for ensuring they are updated.

Option D focuses on training but does not guarantee that control plans will be maintained or updated.

Option E initiates a review meeting but does not specify who is responsible for ensuring that updates are made.

Question 45

5.6) You are an auditor conducting a Stage 2 audit for a manufacturing organization that produces automotive parts. You are reviewing the company’s process for internal audits and corrective actions. You notice that the company has conducted several internal audits, but the records do not show any follow-up actions or verifications to ensure that corrective actions have been effectively implemented.

You:”Can you explain the process for following up on internal audits and corrective actions?”

Quality Manager:”We usually close out the audits once the report is submitted. We trust our departments to take necessary actions.”

You:”Is there any documented evidence or verification to confirm that corrective actions have been effective?”

Quality Manager:”No, we haven’t been doing that.”

You:”Are you aware that follow-up actions are required to ensure the effectiveness of corrective actions?”

Quality Manager:”I thought completing the audit was enough.”

You decide to raise a nonconformity against section 9.2.2 of ISO 9001. Select the word(s) that best complete the sentence:(3 Marks)

“The organization has not maintained_____evidence of_____for _____ actions taken as a result of internal audits.”

Options:

formal/documented/reviewed/follow‑up/verification/corrective/evaluated/procedures/considered/implemented

Answer 45

Correct Answer:”The organization has not maintaineddocumentedevidence ofverificationforcorrectiveactions taken as a result of internal audits.”

Explanation:

Documented: The term “documented” is consistent with ISO 9001:2015 section 9.2.2, which requires that the organization maintain documented information as evidence of the implementation of the audit program and the audit results.

Verification: The term “verification” relates directly to the need for follow-up activities to ensure that corrective actions are effective, as stipulated in ISO 9001:2015 section 9.2.2.

Corrective: This term accurately describes the type of actions that should be followed up on, aligning with ISO 9001:2015 requirements for effective corrective actions.

Question 46

5.7) You are an auditor conducting a Stage 2 audit for a food processing company. The company has recently implemented a new software system for tracking inventory and production schedules. During the audit, you notice that the staff have not been adequately trained on the new system, resulting in frequent errors and delays.

You:”Can you explain the training process for the new software system?”

Production Manager:”We had a quick overview session when the system was installed, but nothing formal after that.”

You:”Are the staff comfortable using the new system?”

Production Manager:”Not really, they are still figuring it out. We’ve had some errors and delays because of this.”

You:”Is there a plan to provide additional training to the staff?”

Production Manager:”No, we haven’t thought about that yet.”

You decide to raise a nonconformity against section 7.2 of ISO 9001. Select the word(s) that best complete the sentence:(3 Marks)

“The organization has not_____the _____associated with_____the new software system.”

Options:

competence/considered/requirements/training/planned/implemented/reviewed/documented/addressed

Answer 46

Correct Answer:”The organization has notaddressedthecompetenceassociated withtrainingthe new software system.”

Explanation:

Addressed: This term aligns with ISO 9001:2015 section 7.2, which requires organizations to ensure that persons doing work under its control are competent. Lack of training suggests that this requirement has not been “addressed.”

Competence: The term “competence” directly corresponds to the ISO 9001:2015 section 7.2 requirement to ensure that employees are competent to perform their roles effectively.

Training: This term is relevant because the lack of effective training is the root cause of the issue, and it aligns with ISO 9001’s emphasis on competence and training.

Question 47

5.8) You are a third-party auditor for a software development company that has recently undergone an internal audit. The internal audit identified a nonconformity against section 10.2 of ISO 9001, stating:

“The company has corrected software bugs reported by customers but has not identified the root causes to prevent them from recurring.”

As an auditor focusing on following up the audit, what would be your course of action? Chooseoneof the following options. (2 Marks)

A. You would ask for a list of all software bugs that were corrected.

B. You would inquire if the corrected software bugs were discussed during management review meetings.

C. You would ask for evidence that the root causes of the software bugs have been analyzed.

D. You would review any changes made to the software development process.

E. You would evaluate the corrective actions taken to ensure that they are effective in preventing the recurrence of the software bugs.

F. You would confirm that the company is aware of the difference between correction and corrective action.

Answer 47

Correct Answer:E

Explanation:The correct option is E, “You would evaluate the corrective actions taken to ensure that they are effective in preventing the recurrence of the software bugs.” ISO 9001:2015 section 10.2 emphasizes the need for organizations to eliminate the root cause of nonconformities and prevent them from recurring. Therefore, verifying the effectiveness of corrective actions is crucial.

Question 48

2.3) SelectTHREEkey responsibilities of the audit client in line withISO 19011:2018: (1 Mark)

A. Deciding the audit methodology.

B. Ensuring that the audit team has the necessary resources.

C. Establishing the audit program.

D. Conducting the audit.

E. Reviewing the audit report.

F. Training the audit team.

Answer 48

Correct Answer:B, C, E

Explanation:

Ensuring that the audit team has the necessary resources is crucial for the successful execution of the audit, making option B correct.

Establishing the audit program, which defines the sequence and timing of audit activities, is typically a responsibility of the audit client, validating option C.

The audit client often reviews the audit report to understand the findings and implications, making option E correct.

Question 49

Domain 3 - Planning the audit

3.1) You are auditing “CleanEnergy,” a company that specializes in renewable energy solutions. Given the broad range of activities, you consider the methods to use for the audit.

What method is generally most appropriate for such a comprehensive audit? (1 Mark)

A. On-site visits only.

B. Remote audits only.

C. A mix of on-site and remote audits.

D. Solely reviewing documented information.

E. Conducting employee interviews only.

Answer 49

Correct Answer:C

Explanation:A mix of on-site and remote audits allows for a comprehensive assessment of CleanEnergy’s diverse activities. It combines the depth of on-site inspection with the breadth that remote audits can provide.

Question 50

3.6) You are an audit team leader for an audit focused on data security at a financial institution. During the planning stage, you identify that the organization has a hybrid infrastructure, combining on-premises servers and cloud-based solutions. You also notice that one of your team members is an expert in cloud security but has limited experience with on-premises solutions. The audit is scheduled to last three days and is critical for the institution’s upcoming accreditation.

Whichtwoof the following actions should you take to ensure an effective and efficient audit? (2 Marks)

A. Allocate more time to audit the cloud-based solutions to leverage the team member’s expertise.

B. Assign the team member only to audit the cloud-based solutions and bring in another expert for on-premises solutions.

C. Replace the team member with someone who has expertise in both cloud and on-premises solutions.

D. Keep the team member and provide them with a crash course on on-premises solutions before the audit.

E. Proceed with the audit as planned, allocating equal time for both cloud and on-premises solutions.

Answer 50

Correct Answers:B, C

Explanation:

Option B: According toISO 19011:2018clause 6.3.3, work assignments should take into account the competence of auditors. Assigning the team member only to areas where they have expertise ensures a more effective and efficient audit.

Option C: PerISO 19011:2018clause 6.3.3, assigning work to audit team members should consider their competence. Replacing the team member with someone who has broader expertise aligns with this clause and ensures that the audit objectives will be effectively achieved.

Question 51

Domain 4: Conducting the audit

4.1) You are auditing a logistics company specializing in cross-border shipping. The company recently adopted a digital tracking system to improve the transparency and efficiency of its operations. The Operations Manager is confident that this system has reduced shipping delays and improved customer satisfaction. However, during your conversations with the frontline staff, you discover that the new system often malfunctions, causing delays in updating shipment statuses. The IT department acknowledges these issues but considers them minor glitches that are being addressed.

Whatthreerecords would you seek to confirm whether management processes related to adopting and functioning the new digital tracking system are being effectively implemented?(3 Marks)

A. IT incident reports related to the digital tracking system.

B. Customer feedback and complaints regarding shipment tracking.

C. Minutes of meetings discussing the implementation and issues of the new system.

D. Employee training records on the new digital tracking system.

E. Internal audit reports reviewing the digital tracking system.

F. Software vendor qualification and evaluation records.

G. Performance metrics related to shipping times and delays.

Answer 51

Correct Answers:A, C, E

Correct Answer Explanation:

IT incident reports related to the digital tracking system (A): These reports would offer insights into the system’s reliability and how issues are being managed and resolved.

Minutes of meetings discussing the implementation and issues of the new system (C): These would provide context for the decision-making process, the assessment of risks, and the measures taken to address issues.

Internal audit reports reviewing the digital tracking system (E): These would provide an independent assessment of the system’s performance and its alignment with operational objectives.

Incorrect Answer Explanation:

Customer feedback and complaints regarding shipment tracking (B): While useful for understanding customer satisfaction, these records may not provide comprehensive insights into the internal management processes.

Employee training records on the new digital tracking system (D): While these indicate staff preparedness, they may not give a full picture of the effectiveness of the management processes.

Software vendor qualification and evaluation records (F): These records are important for initial selection but may not reflect the ongoing effectiveness of the management processes.

Performance metrics related to shipping times and delays (G): These focus on operational outcomes but don’t necessarily provide a comprehensive view of management processes.

Question 52

4.2) You are auditing a manufacturing company that produces automotive parts. The company recently adopted a new waste management system to minimize its environmental impact. During the audit, you meet the Sustainability Manager, who is apprehensive about the operational disruptions that the audit might cause. She is particularly concerned because the waste management system is still in the pilot phase and requires close monitoring.

Given the Sustainability Manager’s concerns and the pilot phase of the new waste management system, whattwoapproaches would you adopt to build rapport with the auditee and effectively assess the company’s new sustainability initiative? (3 Marks)

A. Suggest a flexible audit schedule that accommodates the team’s monitoring activities for the new system.

B. Request access to initial performance metrics of the waste management system for review.

C. Clarify the scope of the audit to ensure it focuses on critical components of the waste management system.

D. Arrange a preliminary discussion to understand the objectives and metrics for the new waste management system.

E. Confirm the regulatory compliance benchmarks that the new waste management system aims to meet.

F. Inquire about any upcoming milestones related to the new waste management initiative.

Answer 52

Correct Answers:A, D

Correct Answer Explanation:

Suggest a flexible audit schedule that accommodates the team’s monitoring activities for the new system: This approach is sensitive to the operational demands of the pilot phase and helps to build rapport with the Sustainability Manager.

Arrange a preliminary discussion to understand the objectives and metrics for the new waste management system: This helps to focus the audit on areas most relevant to the company’s sustainability goals and indicates a collaborative approach.

Incorrect Answer Explanation:

Request access to initial performance metrics of the waste management system for review: While this data is important, requesting it could add to the concerns about operational disruptions.

Clarify the scope of the audit to ensure it focuses on critical components of the waste management system: While this is generally a good practice, it doesn’t directly address the immediate concerns of the Sustainability Manager.

Confirm the regulatory compliance benchmarks that the new waste management system aims to meet: Although this is relevant information, it may not be the immediate focus of the audit and could be seen as adding complexity.

Inquire about any upcoming milestones related to the new waste management initiative: While pertinent, this may not alleviate the immediate concerns about operational disruptions.

Question 53

4.4) You are auditing a food processing company that specializes in organic products. The company is looking to renew its ISO 9001 certification. You are auditing the company’s supply chain processes and are in discussion with the Supply Chain Manager (SCM).

Discussion with Supply Chain Manager (SCM):

You:”How are supply chain objectives aligned with the company’s quality policy?”

SCM:”We set objectives that align with our commitment to organic sourcing and quality assurance. These objectives are reviewed semi-annually.”

You:”How do you ensure these objectives are measurable?”

SCM:”We use metrics like supplier on-time delivery rates and quality incident counts to measure our objectives.”

You need to evaluate the company’s arrangements for planning, particularly how supply chain objectives are consistent with the quality policy and are measurable.

Which of the following statements are true?(2 Marks)

A. You would verify that supply chain objectives are reviewed at least semi-annually.

B. You would confirm that supplier on-time delivery rates are not considered in measuring objectives.

C. You would assess if supply chain objectives are communicated to external stakeholders.

D. You would check the alignment of supply chain objectives with the company’s commitment to organic sourcing.

E. You would inquire if supply chain objectives are only reviewed during quality incidents.

Answer 53

Correct Answers:

A. You would verify that supply chain objectives are reviewed at least semi-annually.

D. You would check the alignment of supply chain objectives with the company’s commitment to organic sourcing.

Correct Answer Explanation:

A. This statement is true as it aligns with ISO 9001:2015’s requirement for regular review of objectives, consistent with the scenario.

D. This statement is true because it aligns with ISO 9001:2015’s emphasis on ensuring that specific objectives, like those for the supply chain, are consistent with the overall quality policy.

Incorrect Answer Explanation:

B. This statement is false. The scenario explicitly states that supplier on-time delivery rates are used as a metric, aligning with ISO 9001:2015’s requirement for objectives to be measurable.

C. This statement is not supported or contradicted by ISO 9001:2015. While the standard encourages communication of objectives, it does not specify to whom they must be communicated.

E. This statement is false. The scenario states that objectives are reviewed semi-annually, not only during quality incidents, in line with ISO 9001:2015’s requirements for regular review.

Question 54

4.5) You are auditing a renewable energy company that specializes in solar panel installations. The company is pursuing ISO 9001 certification for the first time. As part of your audit, you review documentation and records related to their quality management system. You notice that they have a system for tracking customer complaints, nonconformities, and corrective actions. The records also indicate periodic reviews to monitor the effectiveness of these actions and to identify opportunities for continuous improvement.

Question:

Based on the documentation and records reviewed, which of the following actions would you undertake to evaluate the auditee’s arrangements for continuous improvement, especially in dealing with nonconformity and corrective action? (3 Marks)

A. Confirm that a system is in place for tracking customer complaints.

B. Assess if corrective actions are only considered for major nonconformities.

C. Verify that the effectiveness of corrective actions is periodically reviewed.

D. Check if the focus is solely on customer complaints for continuous improvement.

E. Examine whether the system includes identification of opportunities for continuous improvement.

Answer 54

Correct Answers:

A. Confirm that a system is in place for tracking customer complaints.

C. Verify that the effectiveness of corrective actions is periodically reviewed.

Correct Answer Explanation:

A. This aligns with ISO 9001:2015 requirements for dealing with nonconformities and taking corrective actions. Tracking customer complaints is part of this process, which feeds into the company’s continuous improvement efforts.

C. This aligns with ISO 9001:2015 requirements for continuous improvement, specifically the need to review the effectiveness of corrective actions to ensure they are achieving the desired outcomes.

Incorrect Answer Explanation:

B. Incorrect, as ISO 9001:2015 does not stipulate that corrective actions should only be considered for major nonconformities; they should be appropriate to the effects of the nonconformities encountered.

D. Incorrect, as ISO 9001:2015 emphasizes a broader approach to continuous improvement, not just focusing on customer complaints.

E. Although the identification of opportunities for continuous improvement is important, the question’s focus is more on dealing with nonconformity and corrective action.

Question 55

You are an auditor conducting an internal audit at Alpha Corp, a software development company. The scope of the quality management system (QMS) covers software development, client relations, and after-sales services. During the audit, you notice the following:

Alpha Corp hasn’t conducted a management review in over a year.

The company has no mechanism for analyzing customer satisfaction.

There is a lack of documented information about the performance and effectiveness of external providers.

The results of internal audits are not being reported to relevant management.

Matcheach audit evidence with the applicable ISO 9001 Clause 9 extract. (3 Marks)

No management review for over a year _____

No mechanism for analyzing customer satisfaction _____

Lack of documented information on the performance of external providers _____

Not reporting the results of internal audits to relevant management. _____

Answer 55

Explanation:Refer to ISO 9001:2015

1 = A: The absence of a management review for over a year corresponds to Clause 9.3.1, which states that top management shall review the Quality Management System at planned intervals.

2 = D: The lack of documented information on the performance of external providers relates to Clause 9.1.3, which emphasizes the need for analyzing and evaluating the performance of external providers.

3 = C: Not reporting the results of internal audits to relevant management aligns with Clause 9.2.2, which specifies that the results of the audits should be reported to relevant management.

4 = B: The absence of a mechanism for analyzing customer satisfaction can be associated with Clause 9.1.2, which requires monitoring and reviewing customer satisfaction information.

Question 56

4.12) You are the lead auditor for a healthcare organization that is ISO 9001:2015 certified. During your audit, you focus on the organization’s arrangements for dealing with nonconformities in patient care and medication management. You are also interested in evaluating top management’s commitment to continually improving the quality management system.

You plan to review various pieces of audit evidence.Matcheach type of audit evidence with the appropriate excerpt from ISO 9001:2015’s Clause 10. (3 Marks)

Documented reviews of nonconformities in medication management _____

Evidence of top management’s decisions related to quality management system improvements _____

Analysis results evaluating the impact of corrective actions on patient care _____

Risk and opportunities register updated after a nonconformity event _____

Answer 56

Explanation:

1 = D: Documented reviews of nonconformities in medication management align with Clause 10.2.2, requiring the retention of documented information regarding the nature of the nonconformities and any subsequent actions taken.

2 = A: Evidence of top management’s decisions related to QMS improvements corresponds with Clause 10.1, which emphasizes the need for improvement and indicates management’s commitment to the QMS.

3 = B: Analysis results evaluating the impact of corrective actions on patient care align with Clause 10.3, focusing on continual improvement in the effectiveness of the QMS.

4 = C: The risk and opportunities register updated after a nonconformity event fits with Clause 10.2.1, outlining the organization’s need to react to nonconformities and take appropriate action.

Question 57

4.14) You are the Lead Auditor in an organization that provides IT solutions. During the audit, you encounter various scenarios that require a closer look to ensure compliance with ISO 9001:2015, particularly Clause 8.

Select the words that best complete the sentences:(2 Marks)

a) Before delivering the final software solution, the organization needs to _____ its functionality to ensure it meets customer requirements.

b) In cases of service interruptions, the organization should _____ actions to prevent recurrence.

c) When a new version of a software product is released, the organization must _____ the changes to ensure they align with quality standards.

Options:

validate/control/plan/record/implement/identify/verify/review/design/document/analyze

Answer 57

Explanation:

a) Validate: According to Clause 8.5.1, the organization must validate the products and services to ensure they meet the specified requirements for the specified intended use or application.

b) Plan: As per Clause 8.5.4, the organization should control, correct, and deal with nonconforming process outputs, products and services. Planning actions to prevent recurrence is in line with this requirement.

c) Document: Clause 8.5.6 emphasizes the need for documenting changes in production or service provision. This ensures that changes are traceable and can be audited for quality compliance.

Question 58

5.1) You are a Lead Auditor conducting an internal audit at a healthcare facility that has recently received ISO 9001 certification. During the audit, you discover a nonconformity in relation to Clause 7.1.5, Monitoring and Measuring Resources. Specifically, the facility has not calibrated its medical equipment as per the documented schedule.

In the closing meeting, you highlight to the Chief Medical Officer that this nonconformity needs urgent attention.

Select the word(s) that best complete the sentence:(3 Marks)

The facility must _____ the root cause of the nonconformity and _____ corrective actions that are effective.

Options:

establish/investigate/examine/implement/identify/initiate/apply/enforce/corrective/actions/preventive/actions/quick/fixes

Answer 58

Correct Answer:

The facility mustidentifythe root cause of the nonconformity andimplementcorrective actions that are effective.

Explanation:

The correct answer is “identify the root cause of the nonconformity and implement corrective actions that are effective.” This is in line with Clause 10.2 of ISO 9001:2015, which emphasizes the need to identify the root cause of the nonconformity and to implement appropriate corrective actions to eliminate it and prevent its recurrence.

Other options like “investigate” or “examine” are part of the process but do not fully encapsulate the requirement to “identify” the root cause as specified in Clause 10.2. Similarly, “initiate” or “apply” corrective actions don’t capture the specific requirement to “implement” corrective actions.

Question 59

5.6) You are conducting a Stage 2 audit for a pharmaceutical manufacturing company that produces a range of over-the-counter medications. During your audit, you discover that there is a lack of documented procedures for handling customer complaints about product quality.

You:”How does your organization handle customer complaints about product quality?”

Quality Manager:”We have a general practice of documenting complaints in a log and forwarding them to the appropriate department.”

You:”Are there documented procedures in place to ensure that complaints are adequately addressed?”

Quality Manager:”No, we don’t have a formal documented procedure for handling customer complaints.”

You decide to raise a nonconformity against section 10.2 of ISO 9001. Select the word(s) that best complete the sentence: (3 Marks)

“The organization has not _____ a documented _____ for _____ customer complaints about product quality.”

Options:

established/handling/process/procedure/reviewed/addressing/implemented/method/recorded

Answer 59

Correct Answer:

“The organization has notestablisheda documentedprocedureforhandlingcustomer complaints about product quality.”

Explanation:

Established: The term aligns with ISO 9001:2015 section 10.2, which requires organizations to establish procedures to handle nonconformities and take corrective action. In this case, a procedure for handling customer complaints has not been “established.”

Procedure: This term directly corresponds to the need for documented procedures as mandated by ISO 9001:2015 section 10.2 for handling nonconformities and taking corrective action.

Handling: This term is appropriate as it specifies the act of managing or dealing with customer complaints, aligning with ISO 9001’s focus on customer satisfaction and corrective action.

Question 60

5.7) You are auditing a company that manufactures medical devices. During the audit, you interview the Production Manager who is responsible for ensuring that the final products meet quality standards.

You:”How do you verify that the final products meet the required quality standards?”

Production Manager:”We have a quality control team that inspects each batch visually, but we don’t perform any additional tests unless we spot an issue.”

You:”Is there a mechanism in place to ensure that the products meet regulatory requirements?”

Production Manager:”We generally rely on the quality control team’s visual inspection for that.”

You decide to raise a nonconformity against section 7.1.5 of ISO 9001. Select the word(s) that best complete the sentence: (3 Marks)

“The organization lacks a _____ method for _____ the conformity of medical devices to regulatory _____ .”

Options:

ensuring/robust/verification/validating/resources/monitoring/reliable/requirements/standards

Answer 60

Correct Answer:

“The organization lacks arobustmethod forensuringthe conformity of medical devices to regulatoryrequirements.”

Explanation:

A = Robust: This term is aligned with ISO 9001:2015 section 7.1.5, which emphasizes the need for suitable resources to ensure valid and reliable monitoring and measurement. A “robust” method would entail more than just visual inspection.

B = Ensuring: This term is appropriate as it aligns with the emphasis on ensuring product quality and regulatory compliance in ISO 9001:2015.

C = Requirements: This term fits well as it references the regulatory requirements that medical devices must meet, a key focus of ISO 9001:2015 section 7.1.5.

Question 61

2.2) Your team is about to audit “AutoDrive Inc.,” a company that produces autonomous vehicles. You’re discussing the components that will shape the audit process.

WhichTHREEof the following components are key to the audit process? (1 Mark)

A. Finalizing the audit budget.

B. Determining audit objectives specific to the automobile industry.

C. Deciding the certification status of AutoDrive Inc.

D. Gathering and verifying objective evidence from AutoDrive’s production line.

E. Conducting a competitor analysis for AutoDrive Inc.

F. Preparing documented information about AutoDrive’s safety protocols.

Answer 61

Correct Answers:B, D, F

Explanation:

Determining audit objectives specific to the automobile industry ensures that the audit for AutoDrive Inc. is relevant to its domain, validating option B.

Gathering objective evidence, especially from a company’s production line like AutoDrive’s, ensures the audit’s findings are based on factual and observable data, making option D correct.

Given the nature of the industry, understanding and reviewing safety protocols is critical. Preparing documented information about these protocols ensures a systematic approach to the audit, hence option F is accurate.

Question 62

2.4) Post-audit of “HealthFirst,” a pharmaceutical company, you’re in the follow-up phase. Certain roles become significant during this phase.

WhichTHREEroles have pivotal responsibilities during the audit follow-up phase? (1 Mark)

A. Audit sponsor.

B. Lead auditors.

C. Audit scheduler.

D. Audit team members.

E. HealthFirst’s internal audit client.

F. Guides during the audit process.

Answer 62

Correct Answers:B, D, E

Explanation:

Lead auditors play a crucial role in managing the audit process, ensuring that all findings are adequately addressed during the follow-up phase, making option B correct.

Audit team members, having been involved in the audit, might assist in verifying corrective actions or gathering additional evidence during the follow-up, validating option D.

The internal audit client at HealthFirst would be keen to ensure that the findings from the audit have been addressed and that any corrective actions have been implemented, making option E correct.

Question 63

Domain 3 - Planning the audit

3.1) You’re auditing “FashionCo,” a clothing retailer. They have both online and offline sales channels. You wonder about the resources needed for an effective audit.

What resources should you particularly consider?(1 Mark)

A. High-speed internet access for remote verification of online activities.

B. Access to FashionCo’s financial records.

C. On-site cafeteria for the audit team.

D. Video recording equipment for documentation.

E. A large team of auditors to cover all areas.

Answer 63

Correct Answer:A

Explanation:Given that FashionCo operates both online and offline sales channels, high-speed internet access would be crucial for remote verification of online activities, making this resource particularly important for an effective audit.

Question 64

3.3) You’re preparing to audit “SafeHome Inc.,” a company that provides home security solutions. You receive their documented procedures for product testing, but find that all documents are in a draft state and lack any formal approval.

What is the best course of action?(1 Mark)

A. Omit the product testing procedures from your audit plan.

B. Include the issue in the closing meeting but not the opening meeting.

C. Discuss the draft state of the product testing procedures in the opening meeting

D. Send a pre-audit nonconformity notice to SafeHome Inc.

E. Contact SafeHome Inc.’s legal department to discuss the issue.

Answer 64

Correct Answer:C

Explanation:The draft status of the product testing procedures should be discussed in the opening meeting, as it is directly related to the review and preparation of documented information for an audit.

Question 65

3.6) You’re an audit team leader responsible for auditing a pharmaceutical company that recently acquired a smaller company specializing in the production of generic medicines. The audit is supposed to cover both the parent company and the acquired subsidiary. During your risk-based audit planning, you identify that the smaller company has never undergone a formal audit for its quality management system and is unfamiliar with the audit process. The audit is scheduled for next month and is part of a regulatory compliance requirement.

Whichtwoof the following actions should you take to ensure a successful audit? (2 Marks)

A. Allocate more time to the subsidiary, considering they are inexperienced with audits.

B. Exclude the subsidiary from the audit scope since they have never been audited before.

C. Develop a detailed audit checklist that is beginner-friendly for the subsidiary.

D. Conduct a pre-audit meeting with the subsidiary to familiarize them with the audit process.

E. Continue with the existing audit plan, treating both companies equally regardless of their familiarity with audits.

Answer 65

Correct Answers:A, D

Explanation:

Option A:ISO 19011:2018clause 6.3.2.1 emphasizes a risk-based approach to planning the audit, taking into account the auditee’s context. Allocating more time to the subsidiary, given their unfamiliarity with audits, aligns with this approach.

Option D: According toISO 19011:2018clause 6.3.2.2, audit planning should address or reference logistics and communications arrangements. Conducting a pre-audit meeting with the subsidiary would facilitate better communication and help to set expectations, thereby ensuring a smoother audit process.

Question 66

Domain 4: Conducting the audit

4.1) You are auditing a food manufacturing company that has recently launched a line of organic products. The company claims that these products have been well-received in the market and are produced in a separate facility to avoid cross-contamination. During your tour of the manufacturing plant, you notice that some areas appear to lack adequate sanitation measures. The Quality Assurance Manager insists that all organic products undergo rigorous testing to meet food safety standards.

Whatthreerecords would you seek to confirm whether management processes related to the production and quality assurance of the organic product line are being effectively implemented? (3 Marks)

A. Test results from the Quality Assurance department for the organic products.

B. Supplier qualification records for organic raw materials.

C. Internal audit reports on the organic product line.

D. Employee training records related to organic product handling and safety.

E. Minutes of meetings discussing the launch and quality control of the organic product line.

F. Customer feedback and complaints related to the organic products.

G. Records of sanitation and cleanliness audits for the organic production facility.

Answer 66

Correct Answers:B, C, G

Correct Answer Explanation:

Supplier qualification records for organic raw materials (B): These records are crucial for verifying the organic claims and ensuring the raw materials meet the required standards.

Internal audit reports on the organic product line (C): These would offer an unbiased review of how the organic line is managed, from sourcing to production to quality control.

Records of sanitation and cleanliness audits for the organic production facility (G): Given the observations during the plant tour, these records would be vital in assessing whether the facility meets food safety standards.

Incorrect Answer Explanation:

Test results from the Quality Assurance department for the organic products (A): While important, these results focus on the end product and may not provide a comprehensive view of the management process.

Employee training records related to organic product handling and safety (D): These would show staff competency but may not give a full picture of the management processes.

Minutes of meetings discussing the launch and quality control of the organic product line (E): These records may offer insights into planning and decision-making but may not provide details on the implementation and ongoing management.

Customer feedback and complaints related to the organic products (F): While this feedback is valuable for understanding customer satisfaction, it may not provide a full view of the internal management processes.

Question 67

4.2) You are auditing a healthcare organization that specializes in telemedicine services. The organization has recently implemented a new electronic health record (EHR) system. During the audit, you encounter the Chief Medical Officer (CMO), who expresses concerns about patient data security and the learning curve associated with the new EHR system.

Given the CMO’s concerns about data security and the recent implementation of the EHR system, what two approaches would you adopt to build rapport with the auditee and effectively assess the security and efficacy of the new system? (2 Marks)

A. Propose an audit schedule that minimizes interference with patient care activities.

B. Request a list of data security protocols associated with the new EHR system.

C. Clarify the audit’s objectives concerning data security and system effectiveness.

D. Arrange for an initial meeting to discuss the parameters of the EHR system and its security features.

E. Confirm any third-party certifications the EHR system has received for data security.

F. Inquire about any incident reports related to the new EHR system to assess its reliability.

Answer 67

Correct Answers:A, C

Correct Answer Explanation:

Propose an audit schedule that minimizes interference with patient care activities: This approach is sensitive to the operational needs of the healthcare organization, which is particularly crucial in a patient-care setting.

Clarify the audit’s objectives concerning data security and system effectiveness: This ensures that both parties are aligned in terms of what the audit aims to assess, thereby setting a cooperative tone for the engagement.

Incorrect Answer Explanation:

Request a list of data security protocols associated with the new EHR system: While important for the audit, this request may add to the current workload and concerns of the CMO.

Arrange for an initial meeting to discuss the parameters of the EHR system and its security features: While this could provide valuable insights, it might be too time-consuming given the concerns about patient care.

Confirm any third-party certifications the EHR system has received for data security: While this could provide assurance, it may not address the immediate concerns related to the learning curve and data security.

Inquire about any incident reports related to the new EHR system to assess its reliability: Important for the audit, but could raise concerns if the system is still new and undergoing evaluations.

Question 68

4.3) You are conducting an audit at a financial services company that specializes in investment banking. The organization is seeking its initial ISO 9001 certification. You are auditing the company’s client onboarding process and are in discussion with the Head of Client Services (HCS).

Discussion with Head of Client Services (HCS):

You:”How do you ensure compliance with regulatory requirements during client onboarding?”

HCS:”We have a checklist that aligns with both local and international regulations, and this checklist is updated quarterly.”

You:”What measures are in place to ensure client data security?”

HCS:”All client data is encrypted, and access is restricted to authorized personnel.”

You need to assess the extent to which ISO 9001 requirements are met concerning client onboarding.

Which of the following statements is false?(3 Marks)

A. You would examine the frequency at which the compliance checklist is updated.

B. You would check if there is a formal process for client feedback after onboarding.

C. You would inquire about the encryption standards used for client data security.

D. You would confirm if the checklist includes considerations for future business expansions.

E. You would assess whether all employees have unrestricted access to client data.

Answer 68

Correct Answer:E. You would assess whether all employees have unrestricted access to client data.

Correct Answer Explanation:

This statement is false because ISO 9001:2015 emphasizes the importance of restricting access to sensitive information such as client data. It does not support unrestricted access for all employees.

Incorrect Answer Explanation:

A. Examining the frequency of checklist updates aligns with ISO 9001’s requirements for maintaining documented information.

B. Checking for a formal client feedback process is consistent with ISO 9001’s emphasis on customer focus and improvement.

C. Inquiring about encryption standards is in line with ISO 9001’s focus on information security as part of operational controls.

D. Confirming if the checklist considers future business expansions aligns with ISO 9001’s focus on planning for changes in the context of the organization.

Question 69

4.4) You are auditing a telecommunications company that specializes in broadband services. The company is seeking its initial ISO 9001 certification. You are auditing the company’s network operations center (NOC) and are in discussion with the Network Operations Manager (NOM).

Discussion with Network Operations Manager (NOM):

You:”How are network reliability objectives set?”

NOM:”Objectives are established based on customer requirements and our quality policy. They are reviewed in quarterly management reviews.”

You:”How do you ensure these objectives are measurable?”

NOM:”We use metrics such as network uptime and latency to ensure our objectives are quantifiable.”

You need to evaluate the company’s arrangements for planning, focusing on how network reliability objectives are aligned with the quality policy and are measurable.

Which of the following statements are true?(3 Marks)

A. You would confirm that network reliability objectives are based on customer requirements.

B. You would check if network reliability objectives are only discussed in executive meetings.

C. You would verify that network uptime is one of the metrics used for measurability.

D. You would assess if network reliability objectives are reviewed more frequently than other objectives.

E. You would examine whether quarterly management reviews are used for revisiting the objectives.

Answer 69

Correct Answers:

A. You would confirm that network reliability objectives are based on customer requirements.

E. You would examine whether quarterly management reviews are used for revisiting the objectives.

Correct Answer Explanation:

A. This statement is true, as it aligns with ISO 9001:2015’s emphasis on customer focus when setting quality objectives.

E. This statement is true, as it aligns with ISO 9001:2015’s requirement for regular review of objectives.

Incorrect Answer Explanation:

B. This statement is false, as ISO 9001:2015 requires objectives to be communicated and reviewed across relevant functions and levels, not just in executive meetings.

C. This statement is not necessarily false, but it is explicitly supported by the scenario. Network uptime is mentioned as a metric, aligning with ISO 9001:2015’s requirement for objectives to be measurable.

D. This statement is not supported or contradicted by ISO 9001:2015. The standard does not specify the frequency with which different objectives should be reviewed.

Question 70

4.8) You are conducting an ISO 9001 audit of a financial services company. During the audit, you review the company’s data protection protocols. You find that although the company has established protocols for data protection, there is no evidence that these protocols have been reviewed or updated to reflect changes in data protection laws. You raise a nonconformity against clause 8.5.3.

Select the words that best complete the sentence:(3 Marks)

“Although the company has established protocols for _____ , there is no evidence that these protocols have been _____ or updated to reflect changes in _____ .”

Options:

compliance/dataprotection/managed/reviewed/laws/regulations/updated/policies

Answer 70

Correct Answer:

“Although the company has established protocols fordata protection, there is no evidence that these protocols have beenreviewedor updated to reflect changes inlaws.”

Explanation:

“Data Protection”: The correct choice, as it specifies what the established protocols are for, aligning with ISO 9001:2015 Clause 8.5.3, which focuses on property belonging to customers or external providers.

“Reviewed”: The correct choice, as it describes what has not been done to the existing protocols, also covered under ISO 9001:2015 Clause 8.5.3.

“Laws”: The correct choice, as it describes what the protocols should reflect changes in, consistent with ISO 9001:2015 Clause 8.5.3.

Question 71

4.10) You are auditing SafeHaven, a manufacturer of safety equipment for industrial use. While reviewing their quality management system, you find that their internal audits are conducted by the same team that is responsible for the processes being audited.

Select thetwobest options for how the auditor should proceed upon discovering that SafeHaven’s internal audits are not independent. (2 Marks)

A. The auditor should review the records of past internal audits for effectiveness.

B. The auditor should ask if the organization has procedures for corrective action based on audit findings.

C. The auditor should inquire about how the internal audit team is selected.

D. The auditor should assess whether top management is committed to the quality management system.

E. The auditor should examine if the internal audit results are used for continual improvement.

F. The auditor should verify if the organization has a documented process for internal audits.

G. The auditor should assess the organization’s methodology for risk management.

Answer 71

Correct Answers:C, F

Correct Answer Explanation:

Option C: Correct, the auditor should inquire about how the internal audit team is selected to ensure independence and objectivity, in accordance with ISO 9001:2015.

Option F: Correct, it’s essential to verify if the organization has a documented process for internal audits, as required by ISO 9001:2015.

Incorrect Answer Explanation:

Option A: While reviewing past audits is important, it doesn’t directly address the issue of audit independence.

Option B: Procedures for corrective action based on audit findings are important but are not the primary concern here.

Option D: The commitment of top management, although crucial, is not directly related to the independence of internal audits.

Option E: Use of internal audit results for continual improvement is important but not the primary focus here.

Option G: The organization’s risk management methodology, while important, is not directly related to the independence of internal audits.

Question 72

4.14) You are the Lead Auditor for an organization in the healthcare sector. The audit’s focus is on compliance with ISO 9001:2015, specifically Clause 7. Your observations lead you to the following scenarios: (2 Marks)

a) The organization’s laboratory has state-of-the-art equipment but lacks trained staff to operate it efficiently. This situation calls for the organization to _____ its human resources.

b) Clinical procedures are well-documented but stored in a decentralized manner, making access difficult for healthcare providers. The organization needs to _____ its documented information.

c) The hospital has been facing frequent power outages affecting patient care. The organization should ______ its infrastructure to prevent such incidents.

Options:

train/allocate/assess/centralize/review/maintain/enhance/monitor/diversify/calibrate/upgrade

Answer 72

Explanation:

a) Train: According to Clause 7.2, the organization shall determine the necessary competence of person(s) doing work under its control. Training is essential for the effective implementation of its quality management system.

b) Centralize: Clause 7.5.3 outlines the need for controlling documented information to ensure it is available and suitable for use, where and when it is needed. Centralizing documentation enhances accessibility and control.

c) Upgrade: Clause 7.1.3 mandates that the organization determine, provide, and maintain the necessary infrastructure for the operation of its processes. Upgrading infrastructure would be in compliance with this requirement.

Question 73

5.1) You are the Lead Auditor auditing a manufacturing plant that produces automotive parts. The organization has been ISO 9001 certified for two years. During your audit, you find a nonconformity with Clause 9.1.1, General Monitoring and Measurement. The plant has not analyzed and evaluated results from their monitoring activities.

In the closing meeting, you discuss this nonconformity with the Quality Manager and stress that corrective actions should be effective and sustainable.

Select the word(s) that best complete the sentence:(3 Marks)

The organization is required to _____ the nonconformity andexecutecorrective action that is appropriate to the effects of the nonconformities encountered.

Options:

determine/evaluate/analyze/review/initiate/complete/take/effective/actions/preventiveactions

Answer 73

Correct Answer:

The organization is required toreviewthe nonconformity andtakecorrective action that is appropriate to the effects of the nonconformities encountered.

Explanation:

The correct answer is “review the nonconformity and take corrective action that is appropriate to the effects of the nonconformities encountered.” This aligns with Clause 10.2 of ISO 9001:2015, which specifies that organizations should review nonconformities and take appropriate corrective actions. The term “review” is consistent with the need to fully understand the nonconformity, and “take” aligns with the requirement to enact corrective action.

Options like “determine” or “analyze” are processes that may be involved but don’t specifically align with the terminology in Clause 10.2. “Initiate” or “execute” corrective actions are steps in the process, but the standard specifically mentions the need to “take” corrective action.

Question 74

5.6) You are auditing an automotive parts manufacturing company. During your audit, you engage with the Quality Control Manager who is responsible for monitoring the quality of the manufactured parts.

You:”How do you ensure that the manufactured parts meet both customer and regulatory requirements?”

Quality Control Manager:”We perform random checks on the parts, but we don’t have a formal process for ensuring they meet all specifications.”

You:”Do you maintain records of these random checks?”

Quality Control Manager:”We only document checks if we find an issue. Otherwise, we don’t keep records.”

Question:

You decide to raise a nonconformity against section 8.5.2 of ISO 9001. Select the word(s) that best complete the sentence:(3 Marks)

“The organization has not _____ a _____ method for ______ the conformity of automotive parts to customer and regulatory requirements.”

Options:

formalized/established/ensuring/identification/validating/requirements/documented/inspection/reviewing

Answer 74

Correct Answer:

“The organization has not established a formalized method for ensuring the conformity of automotive parts to customer and regulatory requirements.”

Explanation:

Established: This term aligns with ISO 9001:2015 section 8.5.2, which discusses the need to establish processes for production and service provision.

Formalized: This term is appropriate because it suggests a structured, organized approach, which is consistent with the expectations set by ISO 9001:2015 for production and service provision.

Ensuring: This term fits well with the emphasis on ensuring that products meet requirements, as stipulated in ISO 9001:2015.