ISO 9001 internal audit

Q: In an ISO 9001 internal audit process, can we include the total quality management (TQM) function? If so, which clause of ISO 9001 refers to it?

A: With regard to the ISO 9001:2008 internal audit process and its relationship to TQM, it should be noted that TQM was a concept used by many organizations worldwide prior to the existence of ISO 9001 quality management systems.

A few of the commonalities that are shared between TQM and ISO 9001:2008 include their focus on:

  • Reducing costs.
  • Increasing profits.
  • Leadership’s involvement.
  • Ensuring customer satisfaction.
  • Ensuring employee competency and involvement.
  • Resource management.
  • Quality system planning.
  • Developing of mutually beneficial supplier relationships.
  • Accomplishing of objectives that support the organization’s mission (such as quality policy).

The primary difference that sets ISO 9001:2008 apart from TQM is that ISO 9001 has defined requirements for establishing documented procedures and records to provide evidence of conformance. The concepts of TQM permeate quality systems that are based on ISO 9001:2008 requirements.

If your internal audit criteria are based on ISO 9001, you’re also verifying that TQM concepts are being used in the quality system. More information regarding TQM is provided in Juran’s Quality Handbook, fifth edition.1

Also, consider reviewing the eight quality management principles provided in subclause 0.2 of the introduction to ISO 9000:2005.2 These principles are applicable to all the whole family of quality management system standards.

Bill Aston
Managing director
Aston Technical Consulting Services LLC
Kingwood, TX


  1. Joseph M. Juran, Juran’s Quality Handbook, fifth edition, McGraw-Hill, 1999.
  2. International Organization for Standardization, ISO 9000:2005—Quality management systems—Fundamentals and vocabulary, Introduction, subclause 0.2.

For more information

For more information about TQM, visit ASQ’s Knowledge Center TQM page at http://bit.ly/TQMresources.

Find more information about ISO 9000 at http://bit.ly/9000seriesstandards.

Separate certifications?

Q: Our company designs and manufactures commercial and automotive semiconductor products. We used to maintain dual certification (ISO 9001 and TS 16949) for all of our manufacturing and assembly locations, but recently dropped the ISO 9001 certification. My questions are:

  1. If we manufacture automotive and nonautomotive products in the same location site, without dedicated separation, does the TS 16949 certification eligibility apply to the entire site?
  2. Can we include the nonautomotive designs in the TS 16949 certificate scope, or would we need a separate ISO 9001 certificate to cover those activities?

A: Yes, TS 16949 requirements would apply to all of your automotive processes whether they produce or support only automotive products. This is actually the way you’d want to do it—it would be more complicated to try to have two systems for automotive and nonautomotive products. If you have only one certification, the scope of your audits should include your whole product line, not just your automotive products.

The answer to your second question also is related to the scope of your certification. If you are not design-responsible for the automotive side of your business, there is a risk that your TS 16949 audits (internal and external) do not include your design function.

If you want your design activity in scope, work with your registrar to roll it into your scope of certification.

Although you should be able to cover it under one certification, it will be up to the registrar if it will want you to split it out into a separate ISO 9001 certification. The impact of that difference should be minimal.

Denis J. Devos
Professional engineer
Devos Associates Inc.
London, Ontario

Raw data required?

Q: I sent a sample for testing to a lab that is ISO/IEC 17025-accredited, and it provided me with the test results. However, when I asked the lab for the raw data to support the testing performed so I could keep it on record for future investigational use, it refused and stated it is not a good manufacturing practices (GMP) lab, and as an ISO/IEC 17025-accredited lab, it is not obligated to provide the raw data. It said the raw data could be shown to the regulatory authorities. Is this true?

A: Because the lab is accredited to ISO/IEC 17025, it’s useful to review a few relevant passages from that standard.

ISO/IEC 17025 clause states:

The laboratory shall retain records of original observations, derived data and sufficient information to establish an audit trail, calibration records, staff records and a copy of each test report or calibration certificate issued, for a defined period. The records for each test or calibration shall contain sufficient information to facilitate, if possible, identification of factors affecting the uncertainty and to enable the test or calibration to be repeated under conditions as close as possible to the original. The records shall include the identity of personnel responsible for the sampling, performance of each test and/or calibration and checking of results.1

The third paragraph of ISO/IEC 17025 clause 5.10.1 states:

In the case of tests or calibrations performed for internal customers, or in the case of a written agreement with the customer, the results may be reported in a simplified way. Any information listed in 5.10.2 to 5.10.4 which is not reported to the customer shall be readily available in the laboratory which carried out the tests and/or calibrations.2

Furthermore, the second paragraph of ISO/IEC 17025 clause states:

When a statement of compliance with a specification is made omitting the measurement results and associated uncertainties, the laboratory shall record those results and maintain them for possible future reference.3

The ISO/IEC 17025 accredited labs are required to retain test results when they do not report the results on the test certificate (or report) to the customer.

A word of caution: The lab may have a record retention policy (it should be documented in its quality system per ISO/IEC 17025 clause Ensure that future record requests are made within the record retention policy period.

In the future, it would be best to specify in the purchase requisition what test data the customer requires from the test lab. This forms the basis for a contractual requirement and can be contested legally if the lab does not fulfill the customer’s requirements if it accepted the purchase requisition. Note that this would apply to ISO 9001-certified and ISO/IEC 17025-accredited labs.

The lab’s other argument that it is not a GMP lab and, as an ISO/IEC 17025-certified lab, not obligated to provide the raw data is not consistent with the requirements of ISO/IEC 17025.

The customer should file the refusal to provide data as a complaint to the lab under the clauses cited and ask the lab for corrective action under ISO/IEC 17025 clause 4.8 (complaints) and 4.11 (corrective action).

If an ISO/IEC 17025-accredited lab refuses to provide corrective action under the requirements stated in this article, it is possible to escalate this complaint to its accrediting body.

Dilip A. Shah
E = mc3 Solutions
Medina, OH


  1. International Organization for Standardization and International Electrotechnical Committee, ISO/IEC 17025—General requirements for the competence of testing and calibration laboratories, clause
  2. International Organization for Standardization and International Electrotechnical Committee, ISO/IEC 17025—General requirements for the competence of testing and calibration laboratories, clause 5.10.1.
  3. International Organization for Standardization and International Electrotechnical Committee, ISO/IEC 17025—General requirements for the competence of testing and calibration laboratories, clause

Average Rating


Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers