AC7000 REV.

161 Thorn Hill Road

AUDIT CRITERIA Issue Date 16-Nov-2020

Warrendale, PA 15086-7527 Revision Date 18-Apr-2023

Superseding Rev NC

Nadcap
AUDIT CRITERIA FOR
NADCAP ACCREDITATION

*TO BE USED ON AUDITS STARTING ON OR AFTER 23-Jul-2023*

1. SCOPE

These Audit Criteria contain the common questions and instructions for
all Task Groups and is a supplement to the specific Task Group Audit
Criteria in which the accreditation is being conducted.

2. GENERAL INSTRUCTIONS

Pre-audit documentation shall be in English unless another language is

acceptable to the Auditor. Refer to Task Group Audit Criteria for pre-
audit documentation requirements.

The audit shall be conducted in English, unless another language is

acceptable to the Auditor.

The supporting evidence submitted to PRI shall be in English.

2.1 Instructions to the Auditor

In completing this assessment, the Auditor(s) shall respond with a “Yes”

or “No” to address compliance with each statement of requirement. All
“NA” responses require an explanation to be included. For any negative
responses, the Auditor must clearly indicate if the “No” reflects
noncompliance with respect to existence, adequacy, and/or
compliance. Existence relates to evidence of a documented procedure
or policy, and compliance relates to evidence of effective
implementation.

PRI operating procedures provide that "This report is published by PRI to advance the state of technical, engineering, and quality
sciences. The use of this report is entirely voluntary, and its applicability and suitability for any particular use, including any patent
infringement arising there from, is the sole responsibility of the user”

PRI values your input. To provide feedback on this document, please contact the appropriate commodity staff engineer.
(Contact information is located at http://www.eauditnet.com under “Contact Us”.)

Copyright 2023 Performance Review Institute. All rights reserved.

t-frm-1115 19-Mar-2021
Nadcap AC7000 Revision A -2-

2.2 Instructions to the Auditee

2.2.1 Prior to the Audit

The Auditee shall complete a self-audit to applicable Audit Criteria and

slash sheets, including job audits, in preparation for this audit (See
Section 3). All “NA” answers must be explained. Performing a thorough,
objective self-audit against each question in the Audit Criteria is the
critical first step in the Nadcap accreditation process. This can
significantly reduce the number of nonconformance reports (NCR)
issued by the Auditor and the time required to achieve accreditation. All
nonconformances should be corrected prior to the actual audit.
Nonconformances of a technical nature found during the actual audit
may, at the Task Group’s discretion, require a Verification of Corrective
Action (VCA) audit at the Auditee’s expense.

The location and identification of all applicable documentation shall be

indicated on the self-audit form. This will greatly expedite the audit and
avoid the expense of additional audit days. It is essential that reference
numbers for the applicable procedures, work instructions, or other
relevant documentation be noted at each question/section. Where the
question only requires witnessing or observation of compliance then a
simple ‘yes’ response is acceptable. Failure to do so shall result in a
nonconformance report.

The completed self-audit shall be uploaded to www.eAuditNet.com at

least 30 days prior to the start date of the Nadcap audit. Failure to
upload the self-audit at least 30 days prior to the start of the Nadcap
audit shall result in an NCR. Other pre-audit documents required by the
Task Group Audit Criteria should be uploaded at least 30 days prior to
the audit start date as well. Reference OP 1105 Audit Process for
acceptable file types for upload.
Note: The information posted in eAuditNet in the Self-Audit and Pre-
Audit Documents section is only accessible to the Auditee and the
Auditor assigned to the audit. The information is automatically deleted
from eAuditNet when the audit is closed, or 120 days after the audit
end date. Please be aware that if the required Pre-Audit documents are
not provided, additional time may be added to the audit to complete the
review on-site.

2.2.2 During the Audit

2.2.2.1 International Traffic in Arms Regulations (ITAR)/Export Administration

Regulations (EAR)

The Auditee shall clearly identify the Export Control status of all parts
being used in the audit. Technical information on parts which have
been designated “Export Controlled – License Required” (EC-LR)
cannot be input into eAuditNet.

2.2.2.2 Opening Meeting

Nadcap AC7000 Revision A -3-

The Auditee should make arrangements for an opening meeting and a

brief plant tour prior to the start of the audit. Key members of the
Auditee’s staff should attend the opening meeting, so the audit
purpose, methods and assessment processes can be discussed. The
Auditor must provide a proposed agenda at the opening meeting, and
coordinate with the Auditee, taking into account operator/technician
shifts, trips to satellite site(s), available material, etc. The Auditor shall
confirm the scope of the audit, explain how the audit process works,
and explain the basis on which Job Audit/Observation of Test will be
selected.

2.2.2.3 Daily Debrief

An in-briefing and/or out-briefing shall be carried out each day, as

determined through collaboration of Auditor and Auditee, to review the
status of the audit and explain any identified NCR(s).

2.2.2.4 Auditee Responsibilities

The Auditee is responsible to provide working space for the Auditor with
desks or tables, chairs, telephone, etc. Reproduction services are to be
provided as required. This is not a fulltime assignment.

The Auditee is to provide necessary support to Auditor to ensure

requested audit information is available to the Auditor in a reasonable
period of time.

2.2.2.5 Closing Meeting

A final closing meeting shall be conducted at the completion of the

audit. Each NCR shall be reviewed, and the Auditee shall be given the
opportunity to provide any additional information. A preliminary copy of
the NCR(s) found by the Auditor shall be provided to the Auditee, the
final verbiage of the NCR(s) shall be submitted in eAuditNet.
Note: The Audit Report Reviewer or the applicable Task Group may,
upon review, change the Auditor’s determination of an NCR or
observation.

2.2.3 Following the Audit

Submittal of Corrective Actions/Objective Evidence

In accordance with OP 1106 Audit Report Processing, the Auditee has

21 days from the date the audit is submitted to Auditee Review in
eAuditNet to submit corrective action and supporting objective evidence
for each nonconformance, if applicable. The response and objective
evidence shall be entered directly into eAuditNet.

When objective evidence is considered restricted technical data, it shall

be emailed to restricteddata@p-r-i.org in PDF format, with the Audit
Number, Commodity, NCR, and Audit Reviewer listed on the email. The
Audit Report Reviewer shall not be included on the email to
restricteddata@p-r-i.org.
Nadcap AC7000 Revision A -4-

2.2.3.1 Review of the Audit Report

Responsibility

Responsibility for meeting submittal deadlines rests with the Auditee.

Failure to comply with specified dates will result in significant delays in
accreditation and a potential reduction in the length of accreditation.

PRI Staff or the Task Group may, after review of the audit report,
require additional information or may elect to issue additional NCRs.
NOTE: The final authority for the audit report, acceptability of corrective
actions, and accreditation decision is the Task Group.

3. SELF AUDIT REQUIREMENTS

3.1 Did the Auditee upload a copy of their completed self-audit to eAuditNet YES NO
at least 30 days prior to the audit, utilizing the version(s) of the Audit
Criteria applicable to this audit?
Guidance: The self-audit must include all Audit Criteria identified in the
Audit Scope in eAuditNet. Nadcap recommends the self-audit be
performed 90-120 days prior to the scheduled audit. In the event of
Audit Criteria revisions, Nadcap publishes the Audit Criteria and sends
out a notification 90 days prior to the Audit Criteria becoming effective.
In this case, an audit against the changes is acceptable if it
supplements the existing self-audit performed prior to the release of the
revised Audit Criteria. See OP 1104 Audit Scheduling.

3.2 For each question in the Audit Criteria, has the Auditee identified where YES NO
the objective evidence* of compliance is located. (*procedure and
paragraph, Audit Criteria, record, physical location, etc.)

3.3 Does the self-audit include all job audits as required by the Task YES NO NA
Group?
Guidance: Task Group job audit requirements are defined in the Audit
Criteria or the OP 1114 Appendix.
NA applies for AQS Audit Criteria that do not require job audits.

4. IDENTIFICATION OF SUBSCRIBER DESIGN AUTHORITIES

4.1 Did the Auditee identify their known Subscriber design authorities for YES NO
the processes in this audit scope in eAuditNet?
Guidance: Subscriber design authorities are called Subscriber
customers in eAuditNet.
When selecting the Subscriber customers in eAuditNet, there are
options for “None”, “Unknown”, and “Other”.

5. QUALITY SYSTEM APPROVALS SECTION NA

Guidance: Section NA is applicable for National Aerospace
NonDestructive Testing Boards (NANDTB)
Nadcap AC7000 Revision A -5-

5.1 Enter data below from actual certificate to identify the quality system
approvals:
Guidance: Review OP 1104 Audit Scheduling, as failure to provide a
valid quality system certificate may result in failure of the audit and/or
suspension/withdrawal of accreditation.

5.1.1 Auditing/Certifying Agency: _______________

5.1.2 Audit Criteria or Standard: _______________

5.1.3 Certificate Issue Date: (Use format dd-mmm-yyyy, e.g., 11-Dec-2022) _______________

5.1.4 Certificate Expiration Date: (Use format dd-mmm-yyyy, e.g., 11-Dec- _______________
2022)

5.2 (Info Only) The name and address of the facility matches that on the YES NO
certificate?

5.3 The above certificate/information has been reviewed, recorded in this

Audit Criteria, and verified by the Auditor.

6. VERIFICATION OF CORRECTIVE ACTIONS

6.1 Does the Auditee’s quality system ensure that corrective actions YES NO NA
implemented for all nonconformances identified in the previous Nadcap
Audit maintain effectiveness?
Guidance: The previous Nadcap audit is an initial audit, a re-entry
audit, or a reaccreditation audit from the same Task Group and
includes any associated audits, i.e., add scope, verification.
NA applies only when this is an initial audit or the prior audit resulted in
zero NCRs. Reaccreditation audits and Initial Reentry Audits require
verification of implementation of corrective actions. Repeat
nonconformances from the previous audit are to be counted as non-
sustaining NCRs.
For Subscriber Accreditation Option B audits, if the audit was not
performed by PRI, the corrective actions from the prior internal audit
performed by the Subscriber shall be reviewed.
Nadcap AC7000 Revision A -6-

7. PROCESS CHANGE MANAGEMENT SECTION NA

Guidance: This section is concerned with unintended effects on
process output resulting from changes to the process that typically
occur after initial validation due to continuous process improvements,
raw material changes, new equipment, tooling, plant upgrades,
significant changes to part quantities, personnel, etc.

At the beginning of the audit, the Auditor will inquire about process
changes that have occurred since the previous audit and validate the
process change management system during job audits by looking at
specific process items that have been identified by the Task Group as
being important (located in the Audit Handbook for the relevant Task
Group).

Section NA applies to AQS audits (e.g., AC7004), testing facilities

where ISO/IEC 17025 or AC7006 is the supporting quality system and
no non-standard methods, laboratory-developed methods and standard
methods used outside their intended scope or otherwise modified are in
the scope of the audit, and Auditees audited to only AC7114/11.

7.1 Is there evidence that the process change control system is being YES NO
used?
Guidance: The process change control system, including customer
notification when required, refers to the system that identifies changes
to the process (including items like machines, tools, jigs, fixtures,
equipment, materials, consumables, software, authorized persons,
process parameters, etc.) and evaluates the potential impact the
changes have on the process output.

The Auditee shall provide evidence indicating process changes were

identified and evaluated for potential impact on process output.

Specific examples of process variables with the potential to impact

output that apply to this audit can be found in the Audit Handbook for
the relevant Task Group.

7.2 Does an authorized person(s) review changes identified by the process YES NO
change control system along with their potential impact on output, and
approve any changes that are implemented?
Guidance: Confirm authorized persons have been designated in
accordance with customer requirements, or in the absence of customer
requirements, per an internally defined system.

7.3 Has the process been revalidated prior to implementing any changes YES NO NA
approved by the authorized person(s) to ensure the desired product
outcome/compliance?
Guidance: The Auditee shall consider customer requirements to
revalidate and notify their customer as applicable.

NA applies when no changes have been evaluated since the last audit.
Nadcap AC7000 Revision A -7-

8. AUDITEE POLICIES AND REQUIREMENTS IN REGARD TO

FRAUDULENT ACTIVITIES

8.1 Does the Auditee have a policy (e.g., fraudulent, ethics, counterfeit,
etc.) which covers:

8.1.1 Definition of fraudulent activity? YES NO

Guidance: An example of a definition for fraudulent activity can be
found in OP 1103 Definitions.

8.1.2 Potential consequences of fraudulent activity? YES NO

8.1.3 Actions upon discovery at the individual level, company level, or in YES NO
purchased goods and services (e.g., counterfeit or misrepresented
goods or services)?

8.1.4 Applicability to all employees? YES NO

9. AUDITEE PROCESS TO VERIFY COMPLIANCE TO AUDITEE

POLICY AND USE OF ACCEPTANCE AUTHORITY MEDIA (AAM)
Guidance: Examples of Acceptance Authority Media are stamps,
electronic signatures, passwords.

9.1 Does the Auditee have a process to discover, investigate, and disclose
fraudulent activity to customers and external bodies (such as
Certification or Accreditation Bodies, Nadcap, etc.) which includes:

9.1.1 Identification of personnel responsible for the implementation and YES NO

oversight of this process?
Guidance: Personnel could be a person, a title, a department, etc.

9.1.2 Verification of the appropriate use of AAM to the Auditee's policy, YES NO
including detection of potential AAM application errors, out of sequence
use, misrepresentation (e.g., uncertified personnel, falsification of
documents, etc.) and training deficiencies (proper use of AAM)?