Nonconformance Found Outside the Audit Scope - Supplier Audit

GStough

Leader
Super Moderator
I'm wondering if anyone else has had this happen. During a supplier audit (which is not a full QMS audit), while interviewing and reviewing records for an element of the Standard (ISO 13485, in this case) that is part of the audit scope, you discover a nonconformance of an element that is NOT part of the audit scope. Do you write this as a nonconformance or, since that element was not part of the audit scope, do you write it as an opportunity for improvement (observation)?

I would love to hear your experiences....:)
 

Coury Ferguson

Moderator here to help
Trusted Information Resource
Re: Nonconformance Found Outside the Audit Scope

Gidget,

In my opinion, if a NC is found, even though it might have been outside the scope (You can always find something within the scope to identify with) it should be written in my opinion. Why let something pass that could lead to any further unsatisfactory items within the Organization.

But, just my opinion.
 

GStough

Leader
Super Moderator
Re: Nonconformance Found Outside the Audit Scope

Gidget,

In my opinion, if a NC is found, even though it might have been outside the scope (You can always find something within the scope to identify with) it should be written in my opinion. Why let something pass that could lead to any further unsatisfactory items within the Organization.

But, just my opinion.

Thanks, Coury! That was my inclination, as well. :agree1::yes::cool:
 

Sidney Vianna

Post Responsibly
Leader
Admin
This being a second party audit, there are no cast in stone rules. If the deficiency found has a potential to impact the supplier ability to consistently deliver conforming products, yes, I would report the issue and tell the supplier that you expect corrective action to resolve it.

If this were a 3[sup]rd[/sup] party audit, I would react differently.
 

Paul Simpson

Trusted Information Resource
Interesting question, Gidget. I'd answer 'it depends' on what the objective(s) of the audit are. If you are auditing a supplier then you may have one of more of the following:
  • Do they have the capability of complying with ISO 13485?
  • Can they produce products in accordance with your organizations / international standards?
  • Are they a supplier you want to work with?
The last of these brings in everything that you believe is relevant, IMHO.
 

Mark Meer

Trusted Information Resource
If it's outside the scope, you don't write it up as a nonconformity.
...after all, what requirement are you going to cite that they are not conforming to?

That being said, certainly bring it to the attention of the organization - either in report as an opportunity for improvement, or communicated to some responsible party - so they can act on it if they deem necessary...
 

Big Jim

Admin
Re: Nonconformance Found Outside the Audit Scope

Only if it's Medical Device QMS related, EHS stuff nope

+1

In my opinion.

Generally, if you find a nonconformance during the course of an audit that pertains to the standard you are auditing to, it should be treated as a nonconformance.

Writing an observation or an opportunity for improvement would be considered a soft nonconformance and that is frowned on.

It is not unusual to stumble onto a nonconformance that is outside of the scope of the audit. They don't get a pass because it wasn't the main focus of the audit.

There is no reason for a 2nd party audit (supplier audit) to be treated differently. Doing so weakens the entire ISO scheme.
 

Paul Simpson

Trusted Information Resource
Re: Nonconformance Found Outside the Audit Scope

Well, surprise, surprise, Jim and I are not completely aligned.;)

+1

In my opinion.

Generally, if you find a nonconformance during the course of an audit that pertains to the standard you are auditing to, it should be treated as a nonconformance.
Not all audits are conducted solely against standards. If you read ISO 19011 (latest draft) audits are carried out against audit criteria:
3.2 audit criteria
set of policies, procedures or requirements used as a reference against which audit evidence (3.3) is compared
So for any audit there are typically more documents in play than the standard (ISO 13485 in this case).

Writing an observation or an opportunity for improvement would be considered a soft nonconformance and that is frowned on.
You appear to be applying 3rd party criteria to a 2nd party audit. Nobody is going to frown on how a customer describes a finding on one of its suppliers.

It is not unusual to stumble onto a nonconformance that is outside of the scope of the audit. They don't get a pass because it wasn't the main focus of the audit.
Now in a second party audit I'd agree (in fact I did so below). For third party I'd disagree but wouldn't want to derail the discussion ;).

There is no reason for a 2nd party audit (supplier audit) to be treated differently. Doing so weakens the entire ISO scheme.
As above, I don't believe we should be transferring 3rd party expectations to 2nd party audits. I'm not sure what 'ISO scheme' can be weakened by this. :confused:
 

howste

Thaumaturge
Trusted Information Resource
Re: Nonconformance Found Outside the Audit Scope

Every audit has a client - the person (or organization) requesting the audit. They are the ones who define the rules and are the "customer" of the audit activities. If it's in the client's best interest to document a nonconformity, it should be documented. If it's not in their best interest, maybe not. In the case of a supplier audit the supplier may or may not have to respond to the nonconformity depending on what the contract (or other legal agreement) is between the customer and supplier.
 
Top Bottom