An organization's Internal Audit Office certified to ISO 9001:2015

[Eredhel]

I deeply worries me when I see you advise people to take shortcuts with ISO and not use the requirements to their advantage.

What section of ISO 9001 did you call out as a finding for a fire extinguisher?

 

[Eredhel]

Btw I've worked with material where a Class D fire extinguisher was relevant to product safety. But I'm guessing that's not what you were calling out so I'm curious as to why.

 

[Kronos147]

You seriously wrote an audit finding against a fire extinguisher on a 9001 audit?

Yes, I care about people.

If there was a fire started by machinery in that room, it could become a tomb.

A bazillion dollar company and they leave the one fire extinguisher in the room with an out of service sign for six months.

Which clause did you write that finding against? Did they win the appeal?

6.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable,

a) buildings, workspace and associated utilities,
b) process equipment (both hardware and software), and
c) supporting services (such as transport, communication or information systems).

They leased the facility and support services. There was not even any reference to a request for service to be referenced.

Hard to meet customer requirements without a staff or operating equipment due to a fire that could have been prevented by following basic fire code.

ISO looks at statutory and regulatory too.



And yes, the appeal won.

 

[Eredhel]

It seems a large stretch to take "the infrastructure needed to achieve conformity to product requirements " and apply it to broader safety concerns. I don't think a fire extinguisher is what is intended when it comes to product conformity. Are there any documents to support that?

 

[Sidney Vianna]

6.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable,

a) buildings, workspace and associated utilities,
b) process equipment (both hardware and software), and
c) supporting services (such as transport, communication or information systems).

They leased the facility and support services. There was not even any reference to a request for service to be referenced.

Hard to meet customer requirements without a staff or operating equipment due to a fire that could have been prevented by following basic fire code.

ISO looks at statutory and regulatory too.

I am going to be very forceful and blunt about this one, because this has been discussed here so many times and I am surprised that experienced auditors would still not understand the issue. I don't have time to search all previous threads on the subject, so I will just post an ISO Paper on this; please see attached. The key paragraph in that paper as it relates to this type of scenario reads:

Nonconformities should be issued only in situations where identification has been made of system deficiencies or of direct violations in respect of statutory and regulatory requirements applying to the products and services of the organization.

ISO 9001 requirements related to statutory and regulatory aspects are LIMITED to the product/service in question. Auditors verifying compliance to ISO 9001 are straying away from the scope if they start digging into environmental, occupation health & safety, food safety (in the cafeteria) issues, etc...

 

[AndyN]

Thank you Sidney...

 

[AndyN]

6.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable,

a) buildings, workspace and associated utilities,
b) process equipment (both hardware and software), and
c) supporting services (such as transport, communication or information systems).

They leased the facility and support services. There was not even any reference to a request for service to be referenced.

Hard to meet customer requirements without a staff or operating equipment due to a fire that could have been prevented by following basic fire code.

ISO looks at statutory and regulatory too

Having had a foot in the door from the very outset of the CB world, it really dismays/frustrates and amazes me that nearly 30 years later, this is the type of thing (just one example, I see similar scope creep almost weekly) STILL being written up. Frankly, it's no wonder that clients see ZERO value in the actual audits.

 

[Kronos147]

1) It was appealed

2) Client "won"

3) I hope their staff is safe

4) How is allowing the building to burn down not going to affect the ability to ship product?

5) This was in my first year as an auditor. I won't make this anything more than a verbal observation in the future. (I learned my lesson.)

 

[Eredhel]

That's just not what ISO 9001 is about, and it's not what 6.3 is about in regards to product conformity. Could a burned building keep a product from shipping? Sure, but it's not ISO 9001's scope. There are a lot of things we do as an ISO9001/AS9100 supplier that are necessary for us and have great value that have nothing to do with either standard.