(4) weeks after starting my current job the company I work for had a 24 Month Surveillance Audit. The auditor wrote up several Area's of Concern. He stated that any lack of response, action or a recurrence of any AOC's on our next audit may result in a nonconformance. I believe that this auditor is acting more like a business consultant than an auditor. WHat is our obligation regarding the Area's of Concern. They aren't nonconformances. :(

WHat is our obligation regarding the Area's of Concern. They aren't nonconformances. :(Unless you have to respond to them, because of a potential contractual clause with your CB (what I doubt), the established protocol does not force you to react to anything other than valid non-conformities (nc's).

Many auditors report issues other than nc's, such as noteworthy efforts, opportunities for improvement, observations (aoc's), etc...

I was not there during the auditor's exit meeting, but s/he might have tried to communicate that such AOC's, if not attended to, could raise to the level of a non-conformity. In other words, not a threat, but a warning.

I would suggest you don't simply dismiss the AOC's. Evaluate the feedback to see if they have any merit. Who knows? They might trigger some preventive actions in your system.

Some AOC can degrade into non-conformities, weed those out first and address them. Then ask for a different auditor.

Ask your customer representative at the registrar to provide their document defining the use of the term AOC.

(4) weeks after starting my current job the company I work for had a 24 Month Surveillance Audit. The auditor wrote up several Area's of Concern. He stated that any lack of response, action or a recurrence of any AOC's on our next audit may result in a nonconformance. I believe that this auditor is acting more like a business consultant than an auditor. What is our obligation regarding the Area's of Concern. They aren't nonconformances. :(

Your auditor has been very nice to you. Not knowing the nature of the AOC's, h/she could have possibly raised these AOC's as nonconformities.

Take a hard look at these AOC's and decide what action to take. Some may see this different, but most auditors act with your organization's interest in mind.

Stijloor.

Your auditor has been very nice to you. Not knowing the nature of the AOC's, h/she could have possibly raised these AOC's as nonconformities.
Maybe, maybe not. If they should have been called nonconformities, then the lack of a formal N/C from the CB could result in a lack of attention from management and a weak (or no) response. If they aren't nonconformities, but are weaknesses that could potentially lead to nonconformities then they've been nice by warning you of a potential pitfall.
Take a hard look at these AOC's and decide what action to take. Some may see this different, but most auditors act with your organization's interest in mind.

Stijloor.
Agreed. Look at the AOC's and see if they warrant preventive or corrective action. If they do, take action. If they don't, don't.

You can also look here at this Post (http://elsmar.com/Forums/showthread.php?t=24212) There was a discussion on OFIs.