It's not second guessing everything, it's checking if the system meets the requirements imho. How can I do that without asking questions? Without asking questions to check, THEN I would be second guessing imho.
Would you be able to do an audit just by having the audited organization write you small sentences about how they work, like you did in the post where you asked me if the organization complied to the ISO?
I mean, if that is really enough, why can´t you do an audit like that? By email? Would you approve a certificate to an audit done at a distance where the organization gives a simple answer like "We wrote our one end-to-end process on the wall of our conference room, along with inputs/deliverables and responsibilities. All 6 people contributed to defining those processes. The owner agreed and said "That's what we do."
They write you this by email. You are not allowed to reply with more questions, that would be second guessing them.
Would you considerthey met the requirements, without asking any other question?
7.5.3.1 - documented information needed by the QMS and by this norm must be controlled to assure:
a) it will be available and adequate for use, where and when it is necessary.
b) it will be sufficiently protected (for example, against loss of confidentiality, improper use or integrity loss)
how do you know from this little information that A and B were met?
I will simplify my audits. I will just ask if they met all ISO requirements. They will answer yes. I will say, thank you, no non-conformities. It seems to be nothing works here, but no matter, you said yes and if I ask you something else, that would be second guessing you...
Let's say you are performing the Internal Audit, and you decided to look at the "documentation needed..." You saw what Andy describes, what would be the nonconformity and how would you identify it as?
1. a) Is it available and adequate for use when it is necessary? This would be my answer: Yes it is available for use. Anyone who needs to know this information has access to it.
2. b) It will be sufficiently protected...? This would be my answer: It is in an office that is protected from damage, loss and confidential.
Where did I violate the standard with my answers?