3 Definitions

 Terms, definitions and books related to quality and audits

3

The beginning of wisdom is the definition of terms. Socrates


Some terms and definitions currently used in this module:

Accident: undesired event causing death or health and environmental damages

Asset: any element of value for the organization

Audit client: everyone requesting an audit

Audit conclusions: outcome of an audit

Audit criteria: everything against which audit evidence is compared

Audit findings: every deviation from audit criteria

Auditee: everyone who is audited

Auditor: everyone who is trained to conduct audits

Competence: personal skills, knowledge and experiences

Conformity: fulfillment of a specified requirement

Continual improvement: permanent process allowing the improvement of the global performance of the organization

Control: ensure compliance with the specified criteria

Corrective action: action to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence

Customer: anyone who receives a product

Document (documented information): any support allowing the treatment of information

Deviation: failure to meet a given threshold

Hazard: situation that could lead to a potential incident

Incident (information security): unwanted ad unexpected event that can compromise information security

Information security: controls to protect the confidentiality, integrity and availability of information

Interested party: person, group or company affected by the impacts from an organization

ISMS: Information security management system

Nonconformity: non-fulfillment of a specified requirement

Organization: a structure that satisfies a need

Product (or service): every result of a process or activity

Quality: aptitude to fulfill requirements

Quality objective: quality related, measurable goal that must be achieved

Problem: the distance that has to be overcome between real and desired situation

Procedure: set of actions to carry out a process

Record: document providing objective evidence of achieved results

Requirement: explicit or implicit need or expectation

Review: survey of a file, product, process so as to verify if pre-set objectives are achieved

Risk: likelihood of occurrence of a threat or an opportunity

Stakeholder: person, group or company that can affect or be affected by an organization

Statement of Applicability (SoA): document describing the objectives and security controls

Supplier (external provider): an entity that provides a product

Top management: group or persons in charge of the organizational control at the highest level

Work environment: set of human and physical factors in which work is carried out

Examples of interested parties: investors, customers, external providers, employees and social, public or political organizations

In the terminology of quality management systems, do not confuse the following:

Remark 1: each time you use the term "improvement opportunity" instead of nonconformity, malfunction or failure, the auditee will gain a little more confidence in you.

Remark 2: the use of ISO 19011 and ISO 27000 definitions is recommended. The most important thing is to determine  a common and unequivocal vocabulary for everyone in the company.

Remark 3: the customer can also be the user, the beneficiary, the initiator, the client, the prime contractor, the consumer.
Remark 4: ISO 19011 version 2018 uses the terms procedure (procedure ), record (rec ) and documented information together. We also use the terms procedure and record together with the term documented information.

For other definitions, comments, explanations and interpretations that you don’t find in this module and in annex 06, you can consult: explicationsrec

When I think of all the books still left for me to read, I am certain of further happiness. Jules Renard

explicationsBooks for further reading on internal audits:

smileyMinute of relaxation. Paganini's violin concert performed with facial expressions.

Top of the page