1、Designation: F2839 11Standard Practice forCompliance Audits to ASTM Standards on Light SportAircraft1This standard is issued under the fixed designation F2839; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revision, the year of last revisi
2、on. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This standard practice establishes the minimum set ofrequirements for auditing programs, methods, and systems, theresponsibilitie
3、s for all parties involved, and qualifications forentities conducting audits against ASTM standards on LightSport Aircraft.1.2 This standard provides requirements to enable consis-tent and structured examination of objective evidence forcompliance that is beneficial for the LSA industry and itsconsu
4、mers. It is the intent of this standard to provide thenecessary minimum requirements for organizations to developaudit programs and procedures.1.3 This standard does not purport to address all of thesafety concerns, if any, associated with its use. It is theresponsibility of the user of this standar
5、d to establish appro-priate safety and health practices and determine the applica-bility of regulatory limitations prior to use.2. Terminology2.1 Definitions:2.1.1 action planan audited entitys plan to address auditfindings that describes response actions, parties responsible fortheir execution, and
6、 expected completion dates.2.1.2 audit (compliance audit)a systematic, documented,and objective review of an audited entity to evaluate itscompliance status relative to audit criteria.2.1.3 audit criteriathe set of requirements that are appli-cable to the audited entity and specified in the audit sc
7、ope.Examples may include standards, regulations, and laws.2.1.4 audit datainformation obtained during an audit tosupport audit findings.2.1.5 audit findinga statement of audited entity conditionsat the time of the audit by evaluation against audit criteria.Audit findings shall be based upon verifiab
8、le audit data andmay be either positive or negative with respect to audit criteria.2.1.6 audit objective(s)broad statement(s) of what theaudit intends to accomplish.2.1.7 audit plandocumentation that describes the audit.2.1.8 audit programan auditing entitys overarching col-lection of approaches, me
9、thods, systems, etc. toward the goalof achieving an audit objective(s) and in compliance with thisstandard.2.1.9 audit protocola method designed to collect informa-tion to support the audit objective(s) based upon audit criteria.2.1.10 audit purposereason for the audit.2.1.11 audit reporta written s
10、ummary of audit findingsthat is objective, clear, concise, constructive, and timely.2.1.12 audit scopea description of what is to be audited.The audit scope shall include a description of the period underreview, the audited entity, and the audit criteria.2.1.13 audit teamone or more auditors respons
11、ible forconducting an audit. The audit team may be supported bytechnical experts and auditors-in-training.2.1.14 audited entitya facility, organization, or partthereof, that is the subject of an audit.2.1.15 auditing entitythe organization that provides theaudit program and authorizes, or initiates
12、the audit process. Theauditing entity may be internal or external to the audited entity.2.1.16 auditora person qualified to conduct an audit.2.1.17 independencea condition characterized by organi-zational standing where an auditor is free to conduct an auditwithout being controlled or influenced by
13、others.2.1.18 lead auditoran auditor designated to lead andmanage the audit.2.1.19 objectivitya condition characterized by the absenceof bias, influences, and conflicts of interest that affect or havethe potential to compromise audit findings.2.1.20 open issuespotential audit findings that cannot be
14、verified or resolved without additional information.2.1.21 period under reviewthe time interval over whichconditions at the audited entity are evaluated against auditcriteria.2.1.22 recordsdocumentation and other forms of recordedinformation.2.1.23 working papersrecords collected and developed byan
15、auditor through the use of audit protocols.1This practice is under the jurisdiction of ASTM Committee F37 on Light SportAircraft and is the direct responsibility of Subcommittee F37.70 on Cross Cutting.Current edition approved June 1, 2011. Published July 2011. DOI: 10.1520/F2839-11.1Copyright ASTM
16、International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.3. Significance and Use3.1 The purpose of this standard practice is to provide theminimum requirements for the conduct of compliance audits.3.2 The intended use of standard is to provide a basis for an
17、internal or external entity to develop an audit program. Anaudit program defines specific requirements for the executionof audits for a particular objective. An example of an auditprogram would be an external (third party) audit of LSAmanufacturers quality assurance system.3.3 Compliance to this sta
18、ndard would insure that auditprograms and those who develop and execute them arefollowing a consensus set of minimum requirements.3.4 This standard does not mandate either internal or exter-nal audits.3.5 An auditing entity cannot request or approve an audit.3.6 Other Audit CriteriaOther audit crite
19、ria may be in-cluded in the audit scope if specified in the audit plan.Examples include safety, technical, operational, and manage-ment requirements. Items that are outside the scope of audit-able criteria may be submitted as observations for possibleresolution. However these are not binding and are
20、 not manda-tory.3.7 Additional ServicesAdditional services are outside thescope of an audit objective. Examples of such services areconsultation to resolve negative or open findings or any otherservice where the auditing entity conducts an activity otherthan an audit for the audited entity.3.8 Compl
21、iance AssuranceAn audit is only an indicatorof the compliance health of the facility and/or organizationduring only the period under review and therefore has limitedcompliance assurance and is not assumed to be exhaustive.3.9 Level of Review is VariableThe audit scope may varyto meet different audit
22、 objectives. For example, the audit scopemay include only selected audit criteria, selected period underreview, or selected portions of a facility or organization.4. Audit Program4.1 The auditing entity shall develop and document an auditprogram that conforms to this practice prior to carrying out a
23、naudit. The audit program and its documentation is internal tothe auditing entity.4.2 The audit program shall specify an audit purpose andaudit objective(s).4.3 The audit program shall specify the procedures andguidelines that will be used to conduct the audit process inSection 5, including target t
24、imelines. As practical, the programshould also provide drafts of audit-specific information such asaudit scope, audit plan, and audit reports.4.4 The audit program shall contain requirements for recordmanagement as specified in Section 10.4.5 The audit program shall define criteria for audit statusl
25、evels. Examples of audit status include pass/fail, open/closed,or complete/incomplete.4.6 The audit program shall include auditor qualifications asspecified in Section 11.4.7 The audit program shall define guidelines and proce-dures for identifying and reporting any compromise of auditorqualificatio
26、ns.5. Audit Process5.1 An audit shall at a minimum involve three activities.These are: preparation activities, execution activities, andreporting activities.5.2 PreparationPreparation activities occur before execu-tion and are intended to plan, organize, and communicate theexecution and reporting ac
27、tivities for a specific audit. Theresult of the preparation activities is the audit plan (Section 6).The audit plan shall be agreed upon between the auditor andthe audited entity in a timely manner prior to the execution ofan audit.5.3 ExecutionThe audit plan is carried out between theaudit team and
28、 audited entity during this activity. Theseactivities may occur remotely and/or during an on-site visit, asspecified by the audit plan. Execution activities shall includecommunication activities Section 7 and data gathering activi-ties Section 8.5.4 ReportingReporting activities occur after audit ex
29、ecu-tion between the auditor and audited entity. Reporting deliver-ables and milestones occur following execution; however,preparatory work may occur at other times during the process.Reporting shall include documentation activities specified inSection 9.6. Audit Plan6.1 An audit plan shall contain
30、the following:6.1.1 The audit objective;6.1.2 Audit scope;6.1.3 Identities of the auditing entity, audited entity, andaudit team;6.1.4 Audit schedule;6.1.5 Record management and confidentiality procedures;and6.1.6 Logistics.6.2 Background InformationBackground informationshould be used as appropriat
31、e to develop the audit plan orrefine an existing audit plan. Background information mayconsist of records, process and site descriptions, operation andmaintenance manuals, compliance inspection reports, previousaudit reports, notices of violations, and other relevant informa-tion.6.3 ScheduleA sched
32、ule of audit activities shall be devel-oped and documented. The schedule shall clearly document theexpected timeline between the auditing and audited entity withrespect to audit execution, reporting audit findings, and actionplans as applicable.6.4 On-site LogisticsIf an on-site visit is planned, is
33、suessuch as scheduling a site orientation meeting, identifying sitecontacts, scheduling the site visit dates, and resolution oflodging and transportation logistics should be addressed.7. Communication7.1 Communication between the audited and auditing enti-ties during an audit shall include an openin
34、g conference at thestart of an audit and a closing conference at the end of an audit.Conferences at some interval during the audit may also beincluded as applicable and specified in the audit plan.NOTE 1The opening and closing conferences are intended to facilitateF2839 112clear communication betwee
35、n the audit team and audited entity. Thesecommunications may occur in person or via remote communication meansas detailed in the audit plan.7.2 Opening ConferenceThis conference brings togetherthe audit team and appropriate members of the audited entitystaff to confirm the audit plan and other neces
36、sary details. Themeeting should facilitate the subsequent gathering of informa-tion by the audit team and encourage discussion of anyquestions or concerns. The audited entity should provide anoverview of the facility operations for the audit team during theopening conference.7.3 Closing ConferenceTh
37、e closing conference summa-rizes the overall results of the audit and provides an opportu-nity for audited entity personnel to discuss and question draftaudit findings. Reporting procedures should be discussed at theclosing conference including time frames, a process for resolv-ing challenged audit
38、findings, and for closing or reporting anyopen issues.7.4 Team Meeting(s)Meetings of the audit team should beconducted as necessary to share information and ensure timelyand consistent completion of the audit. Draft audit findings andaudit plan issues should be discussed among audit teammembers prio
39、r to the closing conference.8. Protocols8.1 Audit data shall be gathered and evaluated by the auditteam to support audit findings consistent with the auditobjective. The audit team should utilize a combination of auditprotocols to ensure consistency in gathering audit data. Typesof audit protocols i
40、nclude:8.1.1 Physical InspectionsPhysical inspections of the au-dited entitys facilities, documentation, working practices,quality systems, etc. This protocol primarily applies to on-sitevisits.8.1.2 InterviewsInterviews to obtain information on au-dited entity practices and procedures that are subj
41、ect to theaudit scope and plan. Appropriate management, staff, employ-ees, and, if applicable, contractors, may be interviewed.8.1.3 Records ReviewRecords may include but are notlimited to reports submitted to regulatory entities, procedures,design and analysis methods, and manufacturing processes.8
42、.2 Gathered data is considered a record and is subject torecord management.9. Documentation9.1 Audit protocols should be completed and documented,or explanations provided for open issues, in accordance withthe audit plan.9.2 Audit ReportA final audit report shall be issued by theauditing entity to t
43、he audited entity that presents audit findingsand status.9.2.1 A draft audit report should be developed for reviewand comment.9.2.2 Audit findings that are resolved within the periodunder review shall be included as audit findings in the auditreport and may be noted as resolved.9.2.3 Final audit fin
44、dings shall be based upon the mostrecent verifiable audit data from the period under review that isavailable to the audit team.9.2.4 Any comments on audit findings, a draft audit report,or the final audit report shall be made in a timely manneraccording to the timelines agreed upon in the audit plan
45、.Failure to provide comments within this timeline shall notprevent issuance of the final audit report.9.3 Action PlanThe audited entity shall develop a writtenaction plan to follow-up on negative findings and open issuespresented in the audit report. This action plan shall besubmitted to the auditin
46、g entity.9.3.1 For findings that require corrective action, a record ofthe completion of the corrective action should be documentedand submitted to the auditing entity.9.3.2 The action plan shall be documented in a timelymanner as specified in the audit plan.9.3.3 The action plan shall include measu
47、res to preventreoccurrence of the finding.9.3.4 If the audited entity disagrees with a finding, thisdisagreement shall be documented and submitted to the audit-ing entity.9.3.5 In all cases, the audited entity is ultimately responsiblefor compliance to audit criteria requirements.10. Record Manageme
48、nt10.1 Records collected by audit protocols are consideredeither audit data or working papers and shall be managed.Records may be, but are not limited to, physical items ordocuments, copies of such items or documents, and electronicdata of various forms.10.2 The content of all records, whether audit
49、 data orworking papers, shall be considered confidential to the entity towhich the content or data belongs, unless otherwise specified inthe audit plan.10.3 Management of records shall include the following:10.3.1 Procedures for handling and disclosure of confiden-tial records.10.3.2 Policy for record retention, including the dispositionof records.10.4 Working Papers management shall include the follow-ing additional requirements:10.4.1 A system to facilitate working paper review andprotect against tampering.10.4.2 A system for managing corr
