In Reply to Parent Post by LUV-d-4UM
We are almost finished in the upgrade to ISO9001:2015. It has been a hard 3 days. The one thing that I am convince is this: The ISO9001:2015 has a "soul". Compared to ISO9001:2008 it is a "living" MANAGEMENT SYSTEM, not just a quality management system. Some Highlights are:
1. The auditor asked for a Quality Manual. Luckily the old manual was updated to the new one which was picked to the bones. The auditor asked to see documents that were not even required by the standard.
2. The risk-based thinking which was OK, needs improvement because the auditor "wants" to see a quantitative risk analysis such as FMEA (incidentally this auditor also audits to TS). I mentioned that Annex A does not prescribe any formal risk analysis.
3. The most important was Leadership. The Top Manager was on vacation!!!! I had to present the Context of the Organization. The absence of Top Management left a void during the audit.
We will get the ISO9001:2015 certificate after addressing the findings.
I wasn't there so I can't fully comment on how things went. That said, some of this isn't necessarily out of line.
1. Auditors need to determine what is in your system, so asking for familiar things is not out of line as exploratory questions. If he insists you need them and they are not required, that is wrong, but simply asking exploratory questions is not. For example, I often ask if they keep an approved supplier list simply because that is one of the ways many companies keep part of their supplier approval records. If they have one, that can help with the audit. If they don't, I just explain what I just did, and move on to explore what is required. Remember that if the organization makes it a requirement it is a requirement if the standard requires it or not.
2. You handled his request for an FMEA well as you also did in holding your ground about quantitative risk analysis. Again, though, if it was an exploratory question that could be fine, but if he is trying to create a requirement where none exists that's another matter. I'm reminded how far off base AS9100C got on this topic when auditors were taught to expect something like "green light", "amber light", and "red light" in their risk analysis.
3. Make no mistake, the new standard is all about top management getting on board. Any perceived lack of management commitment won't be accepted well. What I have heard about this so far certainly reaches beyond the actual wording of the standard, but it is what auditors are being driven to do from the CBs and probably from above them. The actual wording I heard from one CB was that it is no longer acceptable for top management to assign "some poor schmuck" to handle everything about the quality management system and side step it all himself. All this because the standard no longer uses the title 'management representative", substituting "top management" in the wording.
Thank you for your feedback. I hope others will also share their experiences as this new standard goes through its teething pains.