In this type of audit – also known as an internal audit or self-audit – both the audits and the audits belong to the same organization. For example, a manufacturer where headquarters may be concerned about the productivity of a factory elsewhere and may send an (internal) audit team to help identify areas for improvement. An ISO-certified supplier can also perform a first-party assessment to declare conformity with specific ISO standards.
Second party audit: A second party audit refers to a customer conducting an audit with a supplier or contractor. For example, a medical device company that has contracted a laboratory to perform sterility testing may perform a second-party audit to ensure that the laboratory meets QSR requirements and to demonstrate to regulatory investigators that the contractor complies with this. The same company can check a parts supplier to ensure it meets ISO 9001 or ISO 13485 standards. It may also evaluate a potential raw material supplier through an audit, although some auditors may argue that such a process is more of a supplier’s audit than an audit.
- Third party audits : Audits by third parties or by a certification body that is independent of the costumer-supplier relationship and free of conflicts of interest.
Intendend for certificatio and legal, regulatory and similar purposes.
Audit by third parties: neither customer nor supplier performs this type of audit. A regulatory authority or an independent body conducts an external audit for compliance, certification or registration. An example is an FDA investigator conducting a CGMP inspection at a pharmaceutical company. Another example is a College of American Pathologists (CAP) team that inspects a blood bank for accreditation. ISO conformity assessments are not conducted by ISO itself, but by third parties from the private sector or regulatory authorities in countries where ISO standards are legal.
- Desk Audits : Is a non-physical audit. During a Desk audit, the content of the burden of proof is checked remotely. Whether these audit types are possible differs per audit / certification and what the schemes / standards prescribe and allow.
- Virtual Audits : Is not a physical but a virtual audit. In this type of audit, an audit is performed virtually between the auditor and the audited party. The virtual audit is performed in a secure SSL and AES 256 bit encrypted environment. The burden of proof and documentation is also virtually shared in an SSL and AES 256 bit encrypted environment.
- On Site Audits : Is a physical audit on location. During this audit, the audit is performed during a site visit.