Audit Logs - What do you do when registrars ask for them?

L

Louis Reimer

#1
Question for everyone?

When registrars asked for copies of your audit logs, do you give them freely without censoring out company and contact information?
 
Elsmar Forum Sponsor
G

Gert Sorensen

#2
Re: Audit Logs What do you do when registrars ask for them

I will always supply our notified body with all the information that they ask for. If I am to get my moneys worth, then I need to provide all information in order to get the best evaluation and feedback that I possibly can. :)
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#3
Re: Audit Logs What do you do when registrars ask for them

There shouldn't be a concern regarding copies being provided to the CB when asked. If I understand what the CB Auditor is asking for, it is to provide the objective evidence of the audits being performed.
 
#4
Re: Audit Logs What do you do when registrars ask for them

First of all, I have to admit that no registrar has asked for copies of our internal audit documentation. They have merely asked to see it. If they did ask, they would get it, though. I'm in total agreement with Gert & Coury.

/Claes
 
A

Aaron Lupo

#5
Re: Audit Logs What do you do when registrars ask for them

Question for everyone?

When registrars asked for copies of your audit logs, do you give them freely without censoring out company and contact information?
Let them see it unless you have something you are trying to hide, however, if that is teh case you have bigger problems. In any case the Registrar has signed a confidentiality agreement.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#6
I agree with the responses. You show them, and briefly explain how they help you make sure the audit program runs as designed.

Let me add that logs aren't necessarily the same thing as audit reports and audit notes, in which your company's sensitive details would most likely be buried.

Logs instead are, in my experience, built to show what audits took place with whom and when, results and actions on results, reassessment and closure dates, and perhaps short notes the auditor uses to manage the audit process.

It's about structure, not content, and shows there is a method to make sure all the steps in the process take place. This can be done with spreadsheets as well as with simpler methods like paper, and more complex methods as proprietary software.
 
L

Louis Reimer

#7
Let me clarify, I perform third party audits for various registrars and maintain audit logs for submittal for renewal of my RABQSA certifications. Over the last few months I have been asked to supply several years of my audit logs to requesting registrars.

Some of the agreements I have signed with these various registrars is that I will not divulge proprietary information that includes their clients and contact information. These logs include this information.
 
F

fuzzy

#8
Let me clarify, I perform third party audits for various registrars and maintain audit logs for submittal for renewal of my RABQSA certifications. Over the last few months I have been asked to supply several years of my audit logs to requesting registrars.

Some of the agreements I have signed with these various registrars is that I will not divulge proprietary information that includes their clients and contact information. These logs include this information.
Well that's a diffrent kettle of fish...maybe because this is posted in the Internal Audit sub-section it was assumed:eek: ...but hopefully there are other contract auditors that can offer advice. :confused: I have not encountered this issue in my own work. Can you provide a simple version: Date / Place (geographic location) / Type (QMS, std, 2nd or 3rd party, etc). would that satisfy the requestors? :2cents:
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#9
Yes, this is an entirely different matter. My bad...:eek:

Have you considered asking your contracting registrars how they want you to fulfill this requirement without breaching the confidentiality clause? Do they have their own log formats which would avoid this problem?

Otherwise I agree with Fuzzy. Any one else care to weigh in?
 
L

Louis Reimer

#10
I have been censoring the information only letting them see city and state, type of audit, scope and who the registrar I represented and the contact info for that registrar.

Have asked some of my co-auditors and they have provide them in their entirety or they have not been asked to submit them.

I'm still interested in what others have done.
 
Thread starter Similar threads Forum Replies Date
W Internal Audit Non Conformance Tracking Logs and NC Systems ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
Sidney Vianna IATF 16949 News Update on the IATF CARA Project (“Common Audit Report Application”) - 12/2020 IATF 16949 - Automotive Quality Systems Standard 1
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2
Z Rapid audit template for plastic parts manufacturing process Manufacturing and Related Processes 12
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
S Quality Audit Training Activities Quality Manager and Management Related Issues 2
G IATF Rules for COVID 5th revision - Re-certification audit timing IATF 16949 - Automotive Quality Systems Standard 3
E MDR internal audit Internal Auditing 1
Ed Panek Remote Audit GOTOMEETING thoughts Coffee Break and Water Cooler Discussions 22
B ISO 9001 - "Remote Audit Fee" Registrars and Notified Bodies 13
L IATF external audit virtual (remote) IATF 16949 - Automotive Quality Systems Standard 13
M Audit Criteria Training Materials Internal Auditing 1
K New supplier audit as per V3.1 by French Automotive OEM General Auditing Discussions 2
S Complexity Rating - CB adding another audit day for "high complexity" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
K MDSAP Audit Approach 2020 for Brazil Other Medical Device Regulations World-Wide 1
K MDSAP Audit Approach 2020 ISO 13485:2016 - Medical Device Quality Management Systems 3
J Audit Checklist for Integrated Management System for ISO 9001:2015, ISO 14001 & OHSAS18001 (IMS) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7

Similar threads

Top Bottom