The company sends quality requirements as an addendum (boilerplate type) that describe a multitude of requirements including the notification and handling of NCM; CAPA program; SPC; Key Characteristics. These are listed as they believe to be able to respond to if the supplier’s processes go south.
So the obvious questions is, did the auditor ask for and review these, or did anyone think to offer them up to the auditor? Or was it a lack of discussion from the auditor and no-one knew what they were looking for, to be able to reply with an example of this boilerplate?