1、Designation: F2839 11 (Reapproved 2016)Standard Practice forCompliance Audits to ASTM Standards on Light SportAircraft1This standard is issued under the fixed designation F2839; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revision, the y
2、ear of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This standard practice establishes the minimum set ofrequirements for auditing programs, methods, and systems,
3、theresponsibilities for all parties involved, and qualifications forentities conducting audits against ASTM standards on LightSport Aircraft.1.2 This standard provides requirements to enable consis-tent and structured examination of objective evidence forcompliance that is beneficial for the LSA ind
4、ustry and itsconsumers. It is the intent of this standard to provide thenecessary minimum requirements for organizations to developaudit programs and procedures.1.3 This standard does not purport to address all of thesafety concerns, if any, associated with its use. It is theresponsibility of the us
5、er of this standard to establish appro-priate safety and health practices and determine the applica-bility of regulatory limitations prior to use.2. Terminology2.1 Definitions:2.1.1 action planan audited entitys plan to address auditfindings that describes response actions, parties responsible forth
6、eir execution, and expected completion dates.2.1.2 audit (compliance audit)a systematic, documented,and objective review of an audited entity to evaluate itscompliance status relative to audit criteria.2.1.3 audit criteriathe set of requirements that are appli-cable to the audited entity and specifi
7、ed in the audit scope.Examples may include standards, regulations, and laws.2.1.4 audit datainformation obtained during an audit tosupport audit findings.2.1.5 audit findinga statement of audited entity conditionsat the time of the audit by evaluation against audit criteria.Audit findings shall be b
8、ased upon verifiable audit data andmay be either positive or negative with respect to audit criteria.2.1.6 audit objective(s)broad statement(s) of what theaudit intends to accomplish.2.1.7 audit plandocumentation that describes the audit.2.1.8 audit programan auditing entitys overarching col-lection
9、 of approaches, methods, systems, etc. toward the goalof achieving an audit objective(s) and in compliance with thisstandard.2.1.9 audit protocola method designed to collect informa-tion to support the audit objective(s) based upon audit criteria.2.1.10 audit purposereason for the audit.2.1.11 audit
10、 reporta written summary of audit findingsthat is objective, clear, concise, constructive, and timely.2.1.12 audit scopea description of what is to be audited.The audit scope shall include a description of the period underreview, the audited entity, and the audit criteria.2.1.13 audit teamone or mor
11、e auditors responsible forconducting an audit. The audit team may be supported bytechnical experts and auditors-in-training.2.1.14 audited entitya facility, organization, or partthereof, that is the subject of an audit.2.1.15 auditing entitythe organization that provides theaudit program and authori
12、zes, or initiates the audit process. Theauditing entity may be internal or external to the audited entity.2.1.16 auditora person qualified to conduct an audit.2.1.17 independencea condition characterized by organi-zational standing where an auditor is free to conduct an auditwithout being controlled
13、 or influenced by others.2.1.18 lead auditoran auditor designated to lead andmanage the audit.2.1.19 objectivitya condition characterized by the absenceof bias, influences, and conflicts of interest that affect or havethe potential to compromise audit findings.2.1.20 open issuespotential audit findi
14、ngs that cannot beverified or resolved without additional information.2.1.21 period under reviewthe time interval over whichconditions at the audited entity are evaluated against auditcriteria.1This practice is under the jurisdiction of ASTM Committee F37 on Light SportAircraft and is the direct res
15、ponsibility of Subcommittee F37.70 on Cross Cutting.Current edition approved Oct. 1, 2016. Published October 2016. Originallyapproved in 2011. Last previous edition approved in 2011 as F2839 11. DOI:10.1520/F2839-11R16.Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohock
16、en, PA 19428-2959. United States12.1.22 recordsdocumentation and other forms of recordedinformation.2.1.23 working papersrecords collected and developed byan auditor through the use of audit protocols.3. Significance and Use3.1 The purpose of this standard practice is to provide theminimum requireme
17、nts for the conduct of compliance audits.3.2 The intended use of standard is to provide a basis for aninternal or external entity to develop an audit program. Anaudit program defines specific requirements for the executionof audits for a particular objective. An example of an auditprogram would be a
18、n external (third party) audit of LSAmanufacturers quality assurance system.3.3 Compliance to this standard would insure that auditprograms and those who develop and execute them arefollowing a consensus set of minimum requirements.3.4 This standard does not mandate either internal or exter-nal audi
19、ts.3.5 An auditing entity cannot request or approve an audit.3.6 Other Audit CriteriaOther audit criteria may be in-cluded in the audit scope if specified in the audit plan.Examples include safety, technical, operational, and manage-ment requirements. Items that are outside the scope of audit-able c
20、riteria may be submitted as observations for possibleresolution. However these are not binding and are not manda-tory.3.7 Additional ServicesAdditional services are outside thescope of an audit objective. Examples of such services areconsultation to resolve negative or open findings or any otherserv
21、ice where the auditing entity conducts an activity otherthan an audit for the audited entity.3.8 Compliance AssuranceAn audit is only an indicator ofthe compliance health of the facility and/or organization duringonly the period under review and therefore has limited com-pliance assurance and is not
22、 assumed to be exhaustive.3.9 Level of Review is VariableThe audit scope may varyto meet different audit objectives. For example, the audit scopemay include only selected audit criteria, selected period underreview, or selected portions of a facility or organization.4. Audit Program4.1 The auditing
23、entity shall develop and document an auditprogram that conforms to this practice prior to carrying out anaudit. The audit program and its documentation is internal tothe auditing entity.4.2 The audit program shall specify an audit purpose andaudit objective(s).4.3 The audit program shall specify the
24、 procedures andguidelines that will be used to conduct the audit process inSection 5, including target timelines. As practical, the programshould also provide drafts of audit-specific information such asaudit scope, audit plan, and audit reports.4.4 The audit program shall contain requirements for r
25、ecordmanagement as specified in Section 10.4.5 The audit program shall define criteria for audit statuslevels. Examples of audit status include pass/fail, open/closed,or complete/incomplete.4.6 The audit program shall include auditor qualifications asspecified in Section 11.4.7 The audit program sha
26、ll define guidelines and proce-dures for identifying and reporting any compromise of auditorqualifications.5. Audit Process5.1 An audit shall at a minimum involve three activities.These are: preparation activities, execution activities, andreporting activities.5.2 PreparationPreparation activities o
27、ccur before execu-tion and are intended to plan, organize, and communicate theexecution and reporting activities for a specific audit. Theresult of the preparation activities is the audit plan (Section 6).The audit plan shall be agreed upon between the auditor andthe audited entity in a timely manne
28、r prior to the execution ofan audit.5.3 ExecutionThe audit plan is carried out between theaudit team and audited entity during this activity. Theseactivities may occur remotely and/or during an on-site visit, asspecified by the audit plan. Execution activities shall includecommunication activities S
29、ection 7 and data gathering activi-ties Section 8.5.4 ReportingReporting activities occur after audit execu-tion between the auditor and audited entity. Reporting deliver-ables and milestones occur following execution; however,preparatory work may occur at other times during the process.Reporting sh
30、all include documentation activities specified inSection 9.6. Audit Plan6.1 An audit plan shall contain the following:6.1.1 The audit objective;6.1.2 Audit scope;6.1.3 Identities of the auditing entity, audited entity, andaudit team;6.1.4 Audit schedule;6.1.5 Record management and confidentiality pr
31、ocedures;and6.1.6 Logistics.6.2 Background InformationBackground informationshould be used as appropriate to develop the audit plan orrefine an existing audit plan. Background information mayconsist of records, process and site descriptions, operation andmaintenance manuals, compliance inspection re
32、ports, previousaudit reports, notices of violations, and other relevant informa-tion.6.3 ScheduleA schedule of audit activities shall be devel-oped and documented. The schedule shall clearly document theexpected timeline between the auditing and audited entity withrespect to audit execution, reporti
33、ng audit findings, and actionplans as applicable.F2839 11 (2016)26.4 On-site LogisticsIf an on-site visit is planned, issuessuch as scheduling a site orientation meeting, identifying sitecontacts, scheduling the site visit dates, and resolution oflodging and transportation logistics should be addres
34、sed.7. Communication7.1 Communication between the audited and auditing enti-ties during an audit shall include an opening conference at thestart of an audit and a closing conference at the end of an audit.Conferences at some interval during the audit may also beincluded as applicable and specified i
35、n the audit plan.NOTE 1The opening and closing conferences are intended to facilitateclear communication between the audit team and audited entity. Thesecommunications may occur in person or via remote communication meansas detailed in the audit plan.7.2 Opening ConferenceThis conference brings toge
36、therthe audit team and appropriate members of the audited entitystaff to confirm the audit plan and other necessary details. Themeeting should facilitate the subsequent gathering of informa-tion by the audit team and encourage discussion of anyquestions or concerns. The audited entity should provide
37、 anoverview of the facility operations for the audit team during theopening conference.7.3 Closing ConferenceThe closing conference summa-rizes the overall results of the audit and provides an opportu-nity for audited entity personnel to discuss and question draftaudit findings. Reporting procedures
38、 should be discussed at theclosing conference including time frames, a process for resolv-ing challenged audit findings, and for closing or reporting anyopen issues.7.4 Team Meeting(s)Meetings of the audit team should beconducted as necessary to share information and ensure timelyand consistent comp
39、letion of the audit. Draft audit findings andaudit plan issues should be discussed among audit teammembers prior to the closing conference.8. Protocols8.1 Audit data shall be gathered and evaluated by the auditteam to support audit findings consistent with the auditobjective. The audit team should u
40、tilize a combination of auditprotocols to ensure consistency in gathering audit data. Typesof audit protocols include:8.1.1 Physical InspectionsPhysical inspections of the au-dited entitys facilities, documentation, working practices,quality systems, etc. This protocol primarily applies to on-sitevi
41、sits.8.1.2 InterviewsInterviews to obtain information on au-dited entity practices and procedures that are subject to theaudit scope and plan. Appropriate management, staff,employees, and, if applicable, contractors, may be interviewed.8.1.3 Records ReviewRecords may include but are notlimited to re
42、ports submitted to regulatory entities, procedures,design and analysis methods, and manufacturing processes.8.2 Gathered data is considered a record and is subject torecord management.9. Documentation9.1 Audit protocols should be completed and documented,or explanations provided for open issues, in
43、accordance withthe audit plan.9.2 Audit ReportA final audit report shall be issued by theauditing entity to the audited entity that presents audit findingsand status.9.2.1 A draft audit report should be developed for reviewand comment.9.2.2 Audit findings that are resolved within the periodunder rev
44、iew shall be included as audit findings in the auditreport and may be noted as resolved.9.2.3 Final audit findings shall be based upon the mostrecent verifiable audit data from the period under review that isavailable to the audit team.9.2.4 Any comments on audit findings, a draft audit report,or th
45、e final audit report shall be made in a timely manneraccording to the timelines agreed upon in the audit plan.Failure to provide comments within this timeline shall notprevent issuance of the final audit report.9.3 Action PlanThe audited entity shall develop a writtenaction plan to follow-up on nega
46、tive findings and open issuespresented in the audit report. This action plan shall besubmitted to the auditing entity.9.3.1 For findings that require corrective action, a record ofthe completion of the corrective action should be documentedand submitted to the auditing entity.9.3.2 The action plan s
47、hall be documented in a timelymanner as specified in the audit plan.9.3.3 The action plan shall include measures to preventreoccurrence of the finding.9.3.4 If the audited entity disagrees with a finding, thisdisagreement shall be documented and submitted to the audit-ing entity.9.3.5 In all cases,
48、the audited entity is ultimately responsiblefor compliance to audit criteria requirements.10. Record Management10.1 Records collected by audit protocols are consideredeither audit data or working papers and shall be managed.Records may be, but are not limited to, physical items ordocuments, copies o
49、f such items or documents, and electronicdata of various forms.10.2 The content of all records, whether audit data orworking papers, shall be considered confidential to the entity towhich the content or data belongs, unless otherwise specified inthe audit plan.10.3 Management of records shall include the following:10.3.1 Procedures for handling and disclosure of confiden-tial records.10.3.2 Policy for record retention, including the dispositionof records.10.4 Working Papers management shall include the follow-ing additional requirements:10
