Quality Assurance: Code Of Conduct

A quality assurance code of conduct establishes the behavioral standards, ethical obligations, and professional responsibilities that govern QA practitioners, auditors, and organizational functions within a quality system. Codes of conduct operate alongside technical standards — such as ISO 9001 and CMMI — to define how quality work must be performed, not merely what outputs are required. Noncompliance with conduct standards can invalidate audit findings, trigger regulatory scrutiny, and expose organizations to liability under federal procurement and industry-specific regulations.

Definition and Scope

A QA code of conduct is a formalized set of principles that binds individuals performing quality assurance functions to standards of integrity, impartiality, competence, and confidentiality. The scope typically extends to all personnel with authority over inspection decisions, audit findings, nonconformance dispositions, and supplier qualifications.

The American Society for Quality (ASQ) maintains a published Code of Ethics that applies to its certified members across disciplines including Quality Engineer (CQE), Quality Auditor (CQA), and Quality Manager (CQM) credentials. The code addresses 4 core domains: fundamental principles, relations with the public, relations with employers and clients, and relations with colleagues. The quality-assurance-ethics-obligations page addresses the specific regulatory layer underlying these obligations.

ANSI/ISO/ASQ Q9001-2015, the U.S.-adopted version of ISO 9001:2015, requires that personnel performing quality functions possess demonstrated competence and operate without conflicts that compromise impartiality — a conduct standard embedded in clause 7.2 (Competence) and clause 9.2 (Internal Audit). The quality-assurance-regulatory-framework provides the broader statutory context in which conduct standards operate.

Federal procurement adds a mandatory layer. The Federal Acquisition Regulation (FAR) 52.203-13 requires contractors to implement a Code of Business Ethics and Conduct, including a quality-related component, for contracts exceeding $6 million with performance periods over 120 days (FAR 52.203-13, ecfr.gov).

How It Works

A QA code of conduct functions through 4 operational mechanisms:

  1. Adoption and acknowledgment — Practitioners receive a formal written code and sign an acknowledgment that creates a documented record of awareness. Regulated industries including aerospace, pharmaceuticals, and medical devices require this acknowledgment as a controlled document under their quality management systems.
  2. Conflict-of-interest screening — Before assignment to audits, inspections, or supplier qualification activities, practitioners disclose relationships that could impair objectivity. ISO 19011:2018, the international standard for auditing management systems, specifies in clause 5.2 that audit program managers must evaluate independence threats and document mitigation.
  3. Competence verification — Conduct standards require that practitioners operate only within their validated scope. ASQ certification programs, including the CQA credential, require demonstrated proficiency across 6 defined body-of-knowledge domains and mandate 18 recertification units every 3 years.
  4. Breach investigation and sanction — Violations are processed through a defined corrective action pathway. Depending on severity, sanctions range from retraining and restricted assignment to decertification and regulatory referral.

Common Scenarios

Three conduct scenarios recur across QA-regulated industries:

Auditor impartiality failures occur when an internal auditor reviews processes they directly manage. ISO 19011:2018 clause 7.2.2 prohibits auditors from auditing their own work. In practice, organizations resolve this by cross-assigning auditors from separate functional units or engaging third-party auditors — the structure detailed in quality-assurance-third-party-audit.

Falsification or omission in records represents the most severe class of conduct breach. Under 21 CFR Part 211 (FDA Current Good Manufacturing Practice regulations for finished pharmaceuticals), falsification of quality records constitutes a federal offense subject to criminal prosecution (21 CFR Part 211, ecfr.gov). The FDA's enforcement history includes Warning Letters citing record integrity failures as primary violations.

Supplier qualification conflicts arise when a QA practitioner holds a financial interest in a vendor being evaluated. FAR 9.503 defines organizational conflicts of interest for federal contractors, and analogous provisions appear in AS9100D (aerospace QMS standard), which requires supplier evaluation procedures to be free from commercial bias.

Decision Boundaries

Distinguishing a code of conduct from adjacent QA documents prevents misapplication:

Code of Conduct vs. Quality Manual — A quality manual defines the structure and scope of the quality management system. A code of conduct governs the human conduct layer: the obligations of individuals operating within that system. The two documents are complementary but not interchangeable.

Code of Conduct vs. Standard Operating Procedure (SOP) — SOPs specify process steps for technical tasks such as calibration or inspection. A code of conduct addresses behavioral expectations that apply across all processes — objectivity, disclosure, and professional judgment — rather than task-specific execution sequences.

Mandatory vs. voluntary application — Codes issued by professional bodies such as ASQ bind credentialed members as a condition of certification. Codes embedded in regulatory frameworks (FDA, FAR, AS9100D) carry statutory or contractual enforcement authority regardless of individual certification status. An organization may be subject to both layers simultaneously, with the more restrictive standard taking precedence.

Internal vs. third-party scope — Internal QA staff are governed by organizational codes and applicable regulatory requirements. Third-party auditors and certification body personnel are additionally subject to the accreditation body's conduct requirements — in the U.S., the ANSI National Accreditation Board (ANAB) sets impartiality and conduct requirements for certification bodies operating under ISO/IEC 17021-1.

Organizations operating under AS9100D, IATF 16949 (automotive), or ISO 13485 (medical devices) must ensure their internal conduct frameworks satisfy the sector-specific overlay requirements of each standard — including mandatory management review of conduct-related nonconformances and documented corrective action closure timelines.

Read Next

Quality Assurance: Ethics Obligations for Practitioners These obligations are codified across multiple frameworks — including those published by the American Society for Quality... Quality Assurance: US Regulatory Framework Enforcement authority is distributed across more than a dozen federal agencies, each operating under distinct statutory mandates. Quality Assurance: Third-Party Audit Standards These standards establish the criteria, competencies, and procedural requirements that auditors and certification bodies must...