Non Conformance for Adding to Control Plan

[Howard Atkins]

I just had a survellance audit and the auditor tried to give me a non conformance because I had added to the control plan as a result of corrective actions. I told him that I can add what I like to the control plan with out permission. In the end he accepted this.
Just shows .!!

[Dawn]

Who was your Registrar?

[Howard Atkins]

Standards institute of Israel who were being audited themselves by RVA from Holland

[Marc]

I've been thru plenty of audits - doesn't surprise me one bit. It has been one of my complaints for a number of years.

[Kevin Mader]

We are all human I guess, even Registrars. I have had a few issues myself, but so far I have been able to work through the issues. My advice to those who have or haven't been through it: be nice, explain your position well. If that does not work, differ the issue to the next level for consideration. If that doesn't work, satisfy any Corrective Actions request, don't invite that auditor back, and consider searching for a new Registrar. It's your money.

[Marc]

Kevin:

I disagree with interpretations being a matter of all of us 'being human'. It is an issue of experience and understanding mixed with intent. I have worked with many standards over the years. I cut my teeth on military specifications. I got my first job in quality because I told the company I understood them (MIL SPEC). I studied the appropriate ones for the product as required by contracts. I often had to explain how the company I worked for 'meets the intent' of a spec. I got into ISO as I thought it was comparatively easy - and it is.

We come down to interpretations. And with QS came rediculousness (spelling?). But then, QS is a customer requirement and ISO is an international specification, if you will.

Anyway, I approach every client from the First meeting with a diatribe which approximates the following:

"I cannot do this for you. QS9000 and ISO900x are, as a group, requirements in so far as registration is concerned. I have to transfer my knowledge to someone. And - when that person is ready, that person will understand the requirements and the intent of the details of the requirements with respect to their business and company systems."

"Auditors are often problematic in part because there has been a rush by marginally qualified people to and thru the Lead Auditor Certification Process."

I had one auditor who was a college professor who smelled money. When it came to interpretations, he was often a wash. Yes - I know the 'time in business' aspect but even that does not ensure consistent interpretations.

I do admit the college professor would listen to reason and we often 'worked through it' to a convergent point as you say.

"You will have to be ready to fight with the auditor over points of contention. Auditors are often simply not right in their interpretation. In my very first ISO9001 audit, within 30 minutes of the start of the audit we were given our first 'minor'. The auditor said it was not easy for him to tell the differences between the current quality manual and the last version. I had written a documentation database for the company. All revisions were detailed except for that one. We had taken the old quality manual and completely revised it - like major, major revision. In the database field where we listed the changes, we simply put a statement which said "Due to the dramatic and extensive changes, the changes are not listed here. Please compare the two manuals if you need to tell differences." We did this because it didn't make much sense to list 100 pages of changes (which is what it would have taken if each specific change had been listed and addressed). I asked the auditor where in ISO9001 it said it has to be easy for him to tell the differences. He hemmed and hawed and thumbed the spec and finally said "It's implied". Well, now, bull ****. He never did buy off on it - we kept that minor. I can say, however, the rest of the audit went quite well. I think I cowed the guy. Attacked him right off the bat with a Show Me Where.... But then - we were all ready to explain how we complied. We were ready!

The point is you have to understand the spec and the intent and be ready to explain and argue your position or auditors will end up running right over you and you'll end up doing things to your systems 'because the auditor said so'. Choose your battles well, but there are times when battle is neccessary.

It's not 'human nature' - it's a matter of interpretation, understanding of intent, and being Ready To Explain! Don't get me wrong - I have run into a lot of very qualified auditors. None the less, one must be ready.

I tell clients: I'm little more than a piano teacher. I can teach you how to play faster than you can learn yourself. I can teach you how to read music. I can teach you what the conventions are. I can teach you how to play the game. BUT - when the concert starts my fingers cannot be on the piano keys. You must play your own concert. And you have to be ready for it. I can't do it for you.

Every client I have had has been 'first audit' successful. And they know their stuff - they are READY! Much like Formal Logic and Debate in college, this is a game any company can win.

Nor do I mean to detract from the 'goodness' of ISO9001 (or many aspects of QS9000). I believe there is 'goodness' in them both. This is to say, for example, a defined, substantial, 'robust' design process is 'goodness' just as well designed and executed Nonconformance and Corrective Action systems have 'goodness'. They are beneficial and important systems to any business.

OK - now rip me up!

[Don Winton]

Good show, Howard.

Marc,

Rip you up - I cannot. You made all points very well. I also grew up with MIL standards. Interpretation is not a problem with GSA auditors, IT IS A WAY OF LIFE! During my experience, the GSA ( o )’s did not even want to see the standard. They had their minds made up and did not want to hear your side. But that is another story.

I agree that with QS came ridiculousness (sp) which is part of the reason I try to shy away from QS issues. But, then again, to this point that has not been a problem for me. My company is going for ISO with the FDA’s QSR. But interpretation is going to be an issue with the FDA inspectors anyway, so I draw on my MIL experience. I found that out during my ISO preassessment. My auditor was a former FDA inspector with EU qualifications. She kept wanting my system to comply her interpretation of the QSR (This was an ISO preassessment), which I successfully defended as not being required. I will deal with the FDA during an FDA assessment. In short: If you need it, have it. If you do not need it, do not have it, but be ready to explain WHY you do not and how you meet the intent of the standard.

Your handling of the auditor during the first assessment you mention struck a nerve. Not with what happened, but it appears from your account that this assessor’s attitude may be typical of some (not all). They come into YOUR facility to examine YOUR system, but set themselves up as the experts. Your ‘Show Me Where’ should have been enough to drop the noncompliance, but it would seem he did not want to admit an error in front of what he now perceives as a peer. Once you demonstrated your knowledge and experience, he appears to have backed off somewhat. Perhaps my interpretation is not accurate.

One last item: “The point is you have to understand the spec and the intent and be ready to explain and argue your position or auditors will end up running right over you and you'll end up doing things to your systems 'because the auditor said so'. Choose your battles well, but there are times when battle is necessary.” On this item and others when dealing with interpretation, I draw from Sun-Tzu:

“One Who Knows When He Can Fight, and When He Cannot Fight, Will Be Victorious.”
“One Who Recognizes How to Employ Large and Small Numbers Will Be Victorious.”
“One Whose Upper and Lower Ranks Have the Same Desires Will Be Victorious.”
“One Who, Fully Prepared, Awaits the Unprepared Will Be Victorious.”
“One Whose General Is Capable and Not Interfered With by the Ruler Will Be Victorious.”

Regards,
Don

[Kevin Mader]

Marc,

Perhaps I did stretch the definition of a human being a bit to far. Good points on the qualifications of an auditor, I can't rip you there (or anywhere really). I agree that with the explosion of ISO900x, Registrars bent the guidelines for hiring auditors too much. You also make an excellent point that by defending your contentions you may cause the auditor to do some silent reconsideration (even if it is not at the point at hand but rather future points of consideration). I think a good auditor wouldn't be discouraged enough not to probe, but one that does not have the understanding and confidence probably would. I guess the advice I gave is based on the fact he has the power, right or wrong, to sway the outcome (honey vs. vinegar, an NFL referee).

You raised an interesting question (at least to me) about QS9000 and the registrar. All of us have read a lot about the qualifying of QS auditors. The question I have for you (and anyone wanting to contribute) is how have these auditors faired in comparison with the ISO auditors you have encountered? Better or worse? Knowledgeable or Not? How about their interpretations on the "should" items as there is room for interpretation and implementation? Of course these questions can be answered some better, some worse. What I wanted to see was more in line with the actual experiences and solutions. Perhaps this should have been raised as a new topic, I will leave that at your discretion.