Hello,
we`ve just had our IATF transition audit and I`ve been given a major non-conformity for not having the List of all the process controls and the alternate control methods. As I see things, right they are very difficult for me as we have a large number of control plans (the best place to find your process controls). I am convinced that not even the auditors understand this requirement clearly.
Yes, it does say to have a list of all process controls (which like I said they are detailed in each control plan) but also to have an approved back-up or alternate methods.
So, what does "approved" mean, keeping in mind that all these control methods have been previously part of a PPAP and thus validated? Do we need to validate these alternate methods as well? If not, how do we prove that they are right for our intentions? If we have to include severity based on
FMEA and internal approvals does it mean it will be another control plan?
The auditor has given us some hints about having only a generic list of alternate control methods, but I smell new non-conformities if we stick only to this.
I`ll welcome everyone's thoughts on this as I believe its a pretty complicated requirement.
Thank you