QFF-014 COP Checklist Guidelines

Version 2
Revision History: Update to reflect COP 7.1 requirements

Instructions - Code of Practice for CB Auditors R7.1 Checklist

Document Certification Bodies are required to follow the Code of Practice for CB Auditors R7.1 (COP) to be a
Description: certification audits. This document summarizes the requirements in the COP and roughly categor
audit process where relevant.

Intended Usage: CBs may use this document at various points during the audit process (see Category column) as a
that must be met under the COP. For example, Auditors, Technical Reviewers, and those respons
decisions can compare actual work to this checklist.
Certified organizations may use parts of the checklist to compare internal audit practices to those
are prepared for audits.

Instructions: The CB as a whole, and each individual audit, must meet all applicable requirements.

COP Requirements are met at different phases of the audit process: Plan, Execute, Report, Close.
specifically to the auditing against the Measurements Handbook. Some COP requirements are fu
while reviewing and updating the organization's TL 9000 profile.

The down-arrow in Column F (Category) of the checklist allows users to filter for Audit Phase (Pla
specifically to Measurements Handbook Plan/Execute/Close), or for CB activities (CB or Profile), w
used in real time to monitor compliance as an audit progresses.

Users can verify each requirement related to the CB or to an individual audit by marking Yes/No i
requirements that are identified as not being fully met.

The page is write-protected except for columns G, H, and I.

Note: Items in Coumn D that are bold and highlighted in yellow are those that have been previo
high-risk for noncompliance.

597721085.xls
 Effective Date: 4/13/2017
Approved By: OSWG

Auditors R7.1 Checklist

ce for CB Auditors R7.1 (COP) to be accredited to perform TL 9000
ents in the COP and roughly categorizes them by the point in the

t process (see Category column) as a reminder of the requirements

hnical Reviewers, and those responsible for making certification

pare internal audit practices to those of their CB, or to ensure they

pplicable requirements.

rocess: Plan, Execute, Report, Close. Some COP requirements apply

ook. Some COP requirements are fulfilled by overall CB practices, or
file.

ws users to filter for Audit Phase (Plan, Execute, Report, or Close, or

, or for CB activities (CB or Profile), which allows the checklist to be
es.

individual audit by marking Yes/No in Column G, and correcting any

ow are those that have been previously identified by ABs to be

597721085.xls
 Code of Practice for CB Auditors R7.1 Checklist
COP Section Requirement from Code of Practice
1 Definitions Exemptions are defined in the Measurement Handbook
and shall be noted in the organization’s registration profile
under “Exemptions”.

2 Definitions Exclusions (clause applicability) are defined in the

Requirements Handbook and shall be noted in the
organization’s registration profile under “Exclusions”.

3 Definitions Opportunities for Improvement – Documented

statements that may identify areas for potential
improvement in the organization’s system, but shall not
include specific recommendations nor require action by
the organization.

4 Section 2 The CB’s scope of accreditation shall cover the activity

Gen'l Reqs. being registered (i.e., Hardware, Software, or Services, or
any combination).

5 Section 2 For each three-year interval, 100% of the entire scope of

Gen'l Reqs. the organization being registered and all applicable TL
9000 requirements and measurements shall be audited.

6 Section 2 The Audit Report shall clearly document the portions of

Gen'l Reqs. the quality management system that were audited on
each surveillance visit.

7 Section 2 The CB audit team shall provide documented findings at

Gen'l Reqs. the end of each audit.

8 Section 2 CBs, or bodies related to a CB, that have provided

Gen'l Reqs. management system consulting services and/or paid
private training to a particular client may not conduct
certification services for that client, nor may they supply
auditors for a period of two years after the services were
provided.
9 Section 2 Audits shall be performed only by individuals who fulfill
Gen'l Reqs. the requirements of the Qualification and Experience
Requirements for TL 9000 Certification Body Auditors.
10 Section 2 Also, a majority of those responsible for making
Gen'l Reqs. certification decisions, or at least one with veto authority,
shall satisfactorily complete this training.
The certification decision shall be made by a qualified TL
9000 Lead Auditor with veto authority. The TL 9000 Lead
Auditor conducting the assessment cannot be the auditor
making the certification decision. The TL 9000 Lead
Auditor requirements are defined in Qualification and
Experience Requirements for TL 9000 Certification Body
Auditors

11 Section 2 Quality management system consultants to the

Gen'l Reqs. organization, if present during the audit, are limited to the
role of observer.
12 Section 2 All major nonconformities shall be resolved prior to the
Gen'l Reqs. issuance of the TL 9000 certificate. All non-conformances
are handled in accordance with the CB’s standard
operating procedure(s).

13 Section 2 CBs are authorized to cite conformance to TL 9000 on ISO

Gen'l Reqs. 9001 certificates, when they: a) contract with an
organization to follow this Code of Practice, and b) are
accredited by a QuEST Forum-recognized Accreditation
Body to issue TL 9000 certificates.
14 Section 2 The CB must have a process to settle disputes over
Gen'l Reqs. interpretations of the TL 9000 standard.
15 Section 3 CBs shall have a documented process to close major and
NCN Process minor nonconformities identified in a TL 9000 audit.

16 Section 3 A Corrective Action Plan (CAP) for each nonconformity

NCN Process shall be received by the CB within 30 days following the
Organization’s receipt of the audit report. This CAP shall
include containment/correction, root cause analysis, and
an implementation due date.

17 Section 3 CBs are required to respond to the proposed CAP within a

NCN Process timely manner.
18 Section 3 Exceptions to these resolution timeframes shall be
NCN Process approved by the CB, fully justified by the organization and
documented.

19 Section 3 Exceptions to these resolution timeframes shall be

NCN Process approved by the CB, fully justified by the organization and
documented.
20 Section 3 A TL 9000 certification shall not be issued until: (a) all
NCN Process major nonconformities are fully resolved; and (b) minor
nonconformities are fully resolved or corrective action
plans are defined consistent with the above-timing
requirements. A certified organization shall not receive re-
certification if there are overdue minor nonconformities
from the previous audit or any unresolved major
nonconformities at the time the certificate expires.Failure
to meet the deadline for closing a major nonconformity
after a surveillance audit shall lead to the withdrawal of
the TL 9000 certificate.

21 Section 3 CBs shall have a documented process to ensure that

NCN Process findings raised during audits are being recorded in
accordance with the findings definition listed in Section 1.

22 Section 3 This process shall include an evaluation of the quantity

NCN Process and type of audit findings raised: majors, minors, and
opportunities for improvements. The process shall
include investigation and, where necessary, performance
improvement of individual auditors who consistently
misclassify audit findings.

23 Section 3 All CBs shall submit quarterly audit data to QuEST Forum
Quarterly Data per QFE-016 CB Quarterly Data Submission document.
Failure to do so will result in CB suspension as detailed in
the CB Quarterly Data Submission document.
23 Section 4 The CB is required to obtain the following information and
Pre-Audit data from the Organization a minimum of three weeks (or
within an agreed timeframe) prior to scheduled audit:
1. List number of people within the registration scope for
the site audited.
2. List processes (for example, development, technical
assistance center, coding, manufacturing, training, or
repair) and applicable Requirement and Measurement
Handbooks’ requirement elements executed within the
scope of registration at the site to be audited. Note: An
example applicability matrix is available on the website
[reference link here].
List processes (for example, development, technical
assistance center, coding, manufacturing, training, or
repair) and applicable Requirement and Measurement
Handbooks’ requirement elements executed within the
scope of registration. For each site to be audited, list the
processes executed at the site. Note: An example
applicability matrix is available on the tl9000.org website.
3. List Product Categories applicable at the site
undergoing audit.
4. List Product(s) under TL 9000 registration by location
separated by Hardware, Software and Services and list all
major outsourced entities, for example, board
manufacturing, development, design) and their locations,
in support of the Product(s). See #2 Note above for an
example matrix.

24 Section 4 Comply with most current version of ISO/IEC 17021

On Site Conformity Assessment-Requirements for Bodies for
Providing Audit and Certification of Management Systems.

25 Section 4 Confirm Pre-Audit CB information Package data is still

On Site current.
26 Section 4 Review effectiveness of the corrective action system
On Site processes to include sampling of corrective actions that
are overdue and corrective actions not considered
overdue but are still open after nine months.

27 Section 4 When reviewing documentation requirements ensure that

On Site current practice is reflected in the documented procedure
and aligns with the applicable TL 9000 release.

28 Section 4 Review a sampling of customer TL 9000 audit findings and

On Site customer satisfaction results since the last CB audit.
29 Section 4 Follow-up on progress of any relevant formal complaints
On Site registered with the CB against the organization.

30 Section 4 Review root cause of pertinent product recalls to identify

On Site processes for additional focus within the audit.

31 Section 4 Use the Process Audit approach for TL 9000

On Site Measurements to include collection, validation and
submittal in accordance with Section 7 below.

32 Section 4 For those processes audited, the process review shall

On-Site include an assessment of the effectiveness of that process.
Requirements

33 Section 4 Upon initial certification and at least once during each 3

On-Site year certification cycle the CB shall conduct at least one
Requirements on-site audit of an active installation project. This audit
may be conducted per IAF MD4. All applicable process
requirements shall be covered during this allocated time.
The organization shall coordinate all necessary
arrangements with the customer and the audit team for
site access. All applicable process requirements shall be
covered during this allocated time.
During the remaining audit of the 3 year certification cycle
when an on-site audit is not performed:
The organization shall have an installer available at the
managing location or via phone conference for process
auditing purposes.
The organization shall provide evidence for all applicable
installation process requirements that can be
substantiated away from the site. (e.g. training records,
test records, calibration records etc..)
If the CB determines that the audit results require an on-
site visit the organization shall make appropriate
arrangements within a reasonable time frame.

34 Section 4 CB is required to monitor audit reports to ensure

Post-Audit conformance with ISO/IEC 17021 auditing requirements
Requirements and include evidence that items in this document are
addressed and documented in the audit report even if the
item is not applicable.
35 Section 5 The CB will follow the guidelines as defined in IAF
Electronic Audit Mandatory Document for the use of Computer Assisted
Requirements Auditing Techniques (“CAAT”) for Accredited Certification
of Management Systems (IAF MD-4). Auditor(s) and
auditee(s) participating in the e-audit must be fluent in
electronic data transferring.

36 Section 5 The following areas cannot be audited using e-audit

Electronic Audit techniques: laboratories, warehousing-distribution
Requirements centers, manufacturing sites, repair/service centers

37 Section 7 The CBs shall verify that the organization has a

Measurements documented system in place that covers:
#1 a. Measurements collection: Much, if not all, of
Measurements Handbook sections 3.5.2
sub sections a), c) through j), and the
collection/submission portion of b), can be verified prior
to going on-site.
b. Measurements validation, in accordance with
Measurements Handbook section 3.5.2. The CB shall audit
to the depth necessary to assure effective implementation
of TL 9000 requirements (see item 8 below).
c. Measurements reporting, in accordance with
Requirements Handbook section 5.4.1.C.1 and
Measurements Handbook sections 3.2 subsections a) and
b).

38 Section 7 Ensure the TL 9000 measurements are used internally by

Measurements the organization per section 3.1 Requirements for
#2 Measurements Usage. This includes reviews by
management, quality/strategic objective setting for
continual improvement, result/trend reviews, and
corrective action plans for any performance deviating
from the organization’s defined quality/strategic
objectives, in accordance with Requirement Handbook
sections 5.4.1.C.1, 5.6, 8.5.2 and its associated notes and
Measurement Handbook sections 3.1 first hyphen, 3.5.2
subsections i) and j).
39 Section 7 If any measurements are identified as ”EXEMPT”, as
Measurements defined in Measurements Handbook , sections 3.2 b) and
#3 4.2.8 b), the documented rationale for the exemption shall
be reviewed and accepted if valid by the CB auditor. The
CB auditor shall ensure this documentation has been
available for review if requested by the organization’s
customers. The claimed exemption(s) also shall be noted
on the organization's registration profile.

40 Section 7 The CB auditor shall verify that measurements are being

Measurements used in customer/organization relationships, in
#4 accordance with Measurement Handbook section 3.1.

41 Section 7 The CB auditor shall verify that necessary information is

Measurements being shared by the organization with its suppliers in
#5 accordance with the Measurement Handbook section
3.5.2 n) and o).

42 Section 7 The CB auditor shall verify that measurements are

Measurements reported to the TL 9000 Administrator [UTD] in full
#6 accordance with the Measurement Handbook sections 3.1
third hyphen, 3.2 subsections a) and b), 3.5.2 subsections
b) through h), and 3.5.2 k).
Additionally, the CB Auditor shall verify the following:
e. Any claimed exemptions are documented and valid
f. All items shown “EXEMPT” on the Data Submission
Receipt are in full compliance with the Measurement
Handbook and item 3 above
43 Section 7 If current performance shows an undesirable deviation
Measurements from the organization’s defined quality/strategic
#7 objectives for TL 9000 Measurements, the CB auditor shall
verify that corrective action has/is being taken, is
documented, and progress is being tracked, in accordance
with Measurements Handbook sections 3.1 a), 3.5.2
subsections i) and j), and 3.5.5 c), and Requirements
Handbook section 8.5.2.

44 Section 7 The CB auditor shall verify that measurements collected

Measurements are consistent with scope of registration, registration
#8 option [HSV], and product category, in accordance with
Measurements Handbook sections 3.2 subsections a) and
b), and 3.5.2 c). This can be done prior to the on-site
activities.

45 Section 7 CB auditors shall review the actual data submissions,

Measurements verifying proper implementation of the counting rules for
#9 required measurements. This check is to review data
consistency covering a minimum one-year period except
when the organization and/or new product have been
certified for less than one year in which case the data shall
be reviewed for at least as long as the organization and/or
new product has been certified.

46 Section 7 For the initial registration audit, pre-certification data

Measurements submissions (minimum of 3 consecutive months data)
#9 require verification. This shall be done to fulfill
Measurements Handbook requirement 3.3.1 first hyphen
and in accordance with sections 3.5.2 subsections a) and
b).

47 Section 7 When an Organization upgrades its registration to a new

Measurements version of the Measurements Handbook as part of its
#10 Surveillance or Re-certification Audit, at least the most
recent month’s data submission shall use the new version
of handbook. CB auditors will verify that all relevant
counting rule changes have been properly implemented
for the required measurements.
48 Section 7 While the sample size for the above requirement is left to
Measurements the auditing organization, it is expected that the depth of
#11 assessment for the sampled measurements assures
accurate and comprehensive calculation, counting rules,
reporting mechanisms, and validation of the
measurements. The actual time spent auditing the
measurements shall be documented and shall be verified
by the technical report reviewer.

49 Section 7 CB auditors shall confirm that the registration information

Measurements (for example, scope, product category, and locations)
#12 already contained in the Registration Management System
covered (“RMS”) is current and accurate during each assessment,
to support the verification of Measurements Handbook
sections 3.4.1 and 3.5.2 c).

50 Section 7 CB auditors shall confirm that the product categories

Measurements chosen by the organization are correct for their products,
#13 - already in accordance with Measurements Handbook section 3.5.2
covered c). This can be done prior to the on-site activities.
Auditors R7.1 Checklist
Checklist Item Category Verified? Action Request to Resolv
Exemptions properly noted on registration profile Profile

Exclusions (clauses not applicable) properly noted on Profile

registration profile

Opportunities for improvement do not give specific Report

recommendations or require action

CB is accredited for the specialties (H, S, V) covered in CB

this organization's certificate

100% of organization's scope has been audited every 3 Plan

years

Audit report documents the scope of this audit Report

Audit report issued within 30 days of audit: documented Report

findings, conclusions, significant audit trails, and
recommendations

CB/related body has not provided consulting or private CB

training for past 2 years

Each auditor meets Qualification and Experience Plan

Requirements
Majority of those making certification decision, or one CB
person with veto authority, also meets Qualification and
Exerience Requirements
The certification decision shall be made by a qualified TL
9000 Lead Auditor with veto authority.

Consultants to organization function only as observers Execute

during audit

All major nonconformities are resolved per CB's Close

procedures prior to the issuance of the TL 9000
certificate. Reference CBs Documented process for
closing NCs (COP Sec. 3)

CB contracts with organization to follow Code fo CB

Practices and is accredited via QuEST Forum to issue
certificates

CB has a dispute resolution process for TL 9000 CB

interpretation
CB must have documented process for closing NCs. CB

Corrective Action Plan received from client within 30 Close

days of report. Contains containment/correction, root
cause analysis, and action plan implementation due date

CB gives timely response to CAP Close

For Major NC: Organization gives evidence of CAP Close

implementation within 90 days of audit report.
(Exceptions to time justified by organization, approved
by CB, documented)

For minor NC: Organization gives evidence of CAP Close

implementation before the next scheduled audit.
(Exceptions to time justified by organization, approved
by CB, documented)
No certification/recertification is issued until Majors Close
are fully resolved and minors are on track per #19
above.

Followed CBs documented procedure for ensuring Report

proper assignment of of Major, Minor, and OFI per this
Code of Practice

CB evaluates quantity and type of findings (Major, CB

Minor, OFI) across individual auditors.
Investigation/performance improvement of individual
auditors where necessary.

All CBs shall submit quarterly audit data to QuEST Forum CB

per QFE-016 CB Quarterly Data Submission document.
Failure to do so will result in CB suspension as detailed in
the CB Quarterly Data Submission document.
CB collected required pre-audit information at least 3 Plan
weeks before scheduled audit, used it to plan the audit,
and maintained records of the information gathered.
(For the site being audited the following are captured:
1. Number of people in scope;
2. Processes and the applicable TL 9000 requrements
and measurements within scope. For each site to be
audited, all the processes executed at the site are
listed.
3. Applicable product categories
4. Products separated by HSV and all major outsourced
entities;
5. Changes since last audit)

Comply with ISO/IEC 17021 CB

Confirm Pre-Audit CB information Package data is still Execute

current.
Review CA system effectiveness: sample overdue CA's Execute
and any open more than nine months

Accurate documented procedures, aligned with Execute

applicable TL 9000 release

Sample customer TL 9000 audit findings and customer Execute

satisfaction results since last CB audit
Progress on formal complaints registered with CB Execute
against organization

Root cause of recalls (identify processes for additional Execute

focus during audit)

Use the Process Audit approach for TL 9000 Execute

Measurements to include collection, validation and
submittal in accordance with Section 7 below.

Process effectiveness of all processes audited Execute

For Product Category 7.1.1: on-site audit of active Execute

installation project at initial certification and at least
once every 3 years that covers all applicable process
requirements. This audit may be conducted per IAF
MD4. During other (not on-site) audits, interview
installer and review applicable records. Organization
arranged on site when determined to be necessary by
CB.

Monitor audit reports per ISO/IEC 17021. Report

Address/document all items even if not applicable.
Follow IAF Mandatory Document for Use of Computer Plan
Assisted Auditing Techniques.

E-audit techniques are not used for: laboratories, Plan

warehousing-distribution centers, manufacturing sites,
repair/service centers

Evidence of compliance wtih MHB 3.5.2 items a) MHB

through o) Execute

Evidence of compliance with MHB 3.1 and RHB 5.4.1.C.1, MHB

5.6, and 8.5.2: Execute
- Reviews by management
- Quality/strategic objective setting for continual
improvement
- Result/trend reviews
- Corrective action plans for deviation from objectives
Evidence of compliance with MHB 3.2 and 4.2.8: MHB
Organization reports all applicable TL 9000 Execute
measurements.
CB approves documented valid reasons for any
measurement exclusions or data submission
exemptions. Exemptions are noted on registration
profile.

Evidence that Measurements are used in MHB

customer/organization relationships per 3.1 Execute

Evidence that necessary information is being shared by MHB

the organization with its suppliers in accordance with Execute
the Measurement Handbook section 3.5.2.n)

Evidence of Review of DSRs for: MHB

- Passed Execute
- Exempt (documented, valid, and noted on profile)
- Notes or advisories (verify investigation)
- Probations
- DSRs for every Product Category in scope and HSV per
profile, using provided tools

Evidence of 3.5.2 b)-h) and k), including:

- on time data submission
- data provided for new products, releases, or versions
starting at GA (4.2.6)
- data provided for new products in existing PC within 6
months of GA
- submit 3 months of data for scope expansion and new
PCs
- submit corrections for erroneous data per 3.5.2 k)
Evidence of compliance with Measurements Handbook Execute
sections 3.1 a), 3.5.2 subsections i) and j), and 3.5.5 c),
and Requirements Handbook section 8.5.2.
- compare internal measurements to industry data, take
steps to improve
- TL 9000 measurement reports to management
- correct measurement process non-conformances
within auditor specified time
- corrective action

Reference Section 7 Measurements #6 above Plan

(Note: verify any applicable changes to Product Category
Table Appendix A are accurately applied by the
organization)

Evidence of data review to verify counting rules. MHB

Review consistency over one year or for length of Execute
organization or product certification if shorter.

Evidence of review of pre-certification data submissions MHB

(minimum of 3 consecutive months data) for new Execute
certifications (or scope changes including addition of
product categories)

For upgrade to new MHB Release, evidence of: MHB

- Verify that at least the most recent month's data uses Execute
the new version of the handbook
- Verify counting rule changes are implemented
Verify the depth of assessment for the sampled MHB Plan
measurements assures accurate and comprehensive
calculation, counting rules, reporting mechanisms, and
validation of the measurements. (Technical reviewer
should verify that audit records demonstrate this
depth). Confirm time spent auditing the measurements
was documented.

Confirm accurate information in the RMS profile (verify MHB Close

both public and private profiles)

Confirm correct product categories are selected (check MHB Plan

any additions or deletions in scope, and the effects of
any changes to product category tables)
Owner