APG-对“能力”和“所采取措施的有效性”的审核

- 1 - 日期：2004年 10月 14日 ISO 9001 审核实践组指南 对“能力”和“所采取措施的有效性”的审核 本文件用于指导认证审核员理解ISO 9001:2000条款6.2.2对“能 力”和“所采取措施的有效性”的要求（所采取的措施如培训）。 这些要求通常都是在审核产品实现过程时来审核的，而不是孤立地 对这些要求进行审核。但是，有些组织有单独的人力资源过程，在其中 可以找到大部分所需的证据。 本文件介绍了组织为确保人员能力和评价所采取的用于满足能力需 求的措施有效性而进行的典型活动，并对审核员应当寻找哪类证据提供 了指南，必要时举例说明。 为满足ISO 9001:2000的能力/有效性要求，组织通常需要做几件 事： ● 确定从事影响质量的工作的人员所需要的能力； ● 确定哪些已经在进行这些工作的人员已具备了所需要的能力； ● 决定还需要哪些进一步的能力； ● 决定怎样获得这些进一步的能力——人员培训（外部或内部的）、 理论或实践培训、聘用有能力的新员工、指派现有的有能力的人 员从事不同的工作； ● 人员的培训、聘用或重新安排； ● 评价为满足能力需求而采取的措施的有效性； ● 定期审查人员能力。 - 2 - 在整个过程中，要求组织保留教育、培训、技能和经验的适当 记录。但是，ISO 9001:2000并没怎样建立这个过程或需要保留的记 录的确切性质。 当审核组织符合能力要求的情况时，审核员通常会寻求下述方面的 证据： 1. 组织需要确定从事影响质量的工作的人员需要具有什么能力 指南——审核员的目标应当是确定组织是否采用了系统的来确 定这些能力，并对该方法是否有效进行了验证。过程的结果可能体现为 清单、登记表、数据库、人力资源、能力发展计划、、项目或 产品计划等。 审核员可以先同最高管理者进行讨论，以确保他们理解对所需要的 能力进行识别的重要性。通过这些讨论，还可能得到有关新的或变化的 活动或过程的信息，这些新的或变化的活动或过程可能会导致组织内不 同的能力要求。 在考虑新的投标或合同时，可能也需要对能力进行审查。审核员可 以在相关记录中找到能力评审的证据。当分包方的活动会对过程和/或 产品质量特性产生影响时，合同文件中可能包括能力要求。 在监督审核期间，审核员需要确定组织是否已经确定了新的或变化 了的能力需求。 2. 有能力的人员是否被安排在控制过程和产品的质量特性所需的工作 岗位上？ 指南——审核员应当验证组织通过某种形式的评价过程来确保能力 要求与组织的活动相适应，以及挑选出的有能力的人员确实证明了其能 力。这个过程还应当确保对所有的不足都采取了措施，并且人员的有效 性得到了测评。审核员应当验证对质量有影响的活动是由选出的有能力 - 3 - 的人员完成的。整个审核过程中都有可能找到相关的证据，重点应当关 注那些受人员影响较大的那些过程、活动、任务和产品。审核员可以检 查组织的工作说明书、检测或检验活动、监视活动、管理评审记录，职 责和权限的规定、不合格品记录、审核报告、顾客投诉、过程确认记录 等。 3. 组织需要评价为满足能力需求而采取的措施的有效性 指南——组织可以通过一系列方法来评价所采取措施的有效性，包 括角色扮演、同行评议、观察、审查评审培训和/或任职记录和/或面谈 （具体实例可参见ISO 19011表2）。具体评价方法的适宜性取决于许多 因素。例如，可以检查培训记录以验证成功举办了培训课程（但请注 意，仅此一项不足以证明接受培训者具备了能力）。但是，在评价审核 员在审核中的表现是否令人满意时，就不能采用这种方法，而是需要通 过观察、同行评议、面谈等方法来评价。组织可能需要综合通过教育、 培训和/或工作经验方面的证据来证明人员具备了能力。 4. 能力的保持 指南——审核员需要验证组织建立了某种形式的有效的监视过程， 并根据该过程采取了措施。监视过程的方式包括持续的职业发展过程 （就像ISO 19011中给出的例子）、人员及其表现的定期评价或对相关个 人或小组负责的产品进行定期检验、检测或审核。能力要求的不断变化 可能表明组织采取积极的方式来保持人员的绩效水平。 - 4 - Date: 14 October 2004 ISO 9001 Auditing Practices Group Guidance on: Auditing 'competence' and the 'effectiveness of actions taken' The following information is provided to guide auditors performing certification audits in understanding the ISO 9001:2000 clause 6.2.2 requirements for 'competence' and 'effectiveness of actions taken', e.g. training. These requirements are usually audited as part of a product realization process audit and not in isolation. However, it is recognised that some organizations will have separate human resource processes, where most of the evidence needed can be found. This document identifies typical activities performed by organizations to ensure the competence of their personnel and to evaluate the effectiveness of actions taken to satisfy those competence needs, and gives guidance to auditors regarding the types of evidence they should aim to find, and provide examples where appropriate. To satisfy the competence/effectiveness requirements of ISO 9001:2000, an organization will typically need to do several things:- • Identify what competencies are required by personnel performing work which affects quality • Identify which personnel already performing the work have the required competencies • Decide what additional competencies are required • Decide how these additional competencies are to be obtained – training of personnel (external or internal), theoretical or practical training, hiring of new competent personnel, assignment of existing competent personnel to different work • Train, hire or reassign personnel • Review the effectiveness of actions taken to satisfy competence needs • Periodically review competence of personnel Throughout the process, the organisation is required to maintain appropriate records of education, training, skills and experience. However, ISO 9001:2000 does not specify how the process will be established or the exact nature of the records to be maintained. In auditing an organisation’s compliance with the competence and training evaluation requirements, an Auditor would typically be seeking evidence that the following issues are addressed:- 1 - An organisation needs to identify what competencies are required by personnel performing work that affects quality. Guidance - The objective of the auditor should be to determine whether there is a systematic approach in place to identify these competencies and to verify that the approach is effective. The outcome of the process may be a list, register, database, human resources plan, competencies development plan, contract, project or product plan, etc. - 5 - Discussions could initially be held with top management to ensure they understand the importance of identifying the competencies required. These may also be a potential source of information regarding new or changed activities or processes, which may lead to different competency requirements in the organization. A review of competencies might also be needed when a new tender or contract is being considered. Evidence of this could be found in related records. Competence requirements may be included in contract documents where the activities of subcontractors can have an impact on processes and/or product quality characteristics. Auditors need to determine whether the organisation has identified new or changed competence needs during surveillance audits. 2 – Are competent people assigned to those work place activities necessary to control the quality characteristics of its processes and products? Guidance - Verify that some form of evaluation process is in place to ensure that the competencies are appropriate to the organization's activities, and that the personnel selected as competent are demonstrating these competencies. Also, the process should ensure that any deficiencies are being acted upon and the effectiveness of personnel is being measured. Verify that the activities that affect quality are performed by persons selected as competent. Evidence may be obtained throughout the audit with an emphasis on those processes, activities, task and products where human intervention may have the greatest impact. The auditor may review job descriptions, testing or inspection activities, monitoring activities, records of management reviews, definition of responsibilities and authorities, nonconformity records, audit reports, customer complaints, processes validation records etc. 3- The organization needs to evaluate the effectiveness of the actions taken to satisfy the competence needs Guidance - The organization may use a number of techniques including role-play, peer review, observation, reviews of training and employment records and/or interviews (see ISO 19011, Table 2, for further examples). The appropriateness of a particular evaluation method will depend on many factors. For example, training records could be viewed to verify that a training course had been successfully completed (but note, this alone would not provide evidence that the trainee is competent). However, this same method would not be acceptable to evaluate whether an auditor performed satisfactorily during an audit. Instead, this may require observation, peer review, interviews, etc.. The organization may need to demonstrate the attainment of competence of its personnel through a combination of education, training and/or work experience. 4 – Maintenance of competence. Guidance – The auditor needs to verify that some form of effective monitoring process is in place and being acted upon. Ways of doing this include a continuing professional development process (such as the one described in ISO 19011), regular appraisals of personnel and their performance, or the regular inspection, testing or auditing of product for which individuals or groups are responsible. Ongoing changes in competence requirements may indicate that an organization is proactive in maintaining personnel performance levels.