Audit Nonconformity on Defining 'Outsourced' Infrastructure Maintenance

K

klcuellar

#1
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
 
Elsmar Forum Sponsor

harry

Trusted Information Resource
#2
1. I edited the title of the thread to reflect the nonconformity on your handling of the outsourced process rather than the process itself.

2. 4.1 (General Requirements) of the standard is quite clear on this issue. You would normally extend control to such a process through a service agreement or contract and all you need to mention in your QMS is that control of this process is through a service agreement or contract.
 
I

isoalchemist

#3
Great advice from Harry!

Let me add that they are a supplier so some evaluation is required. Also make sure they are on the Approved Supplier List
 

John Broomfield

Leader
Super Moderator
#4
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
 

Jim Wynne

Leader
Admin
#5
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for ts submission to our certifying body.

please do comment and share your insights. thanks!
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
 

Jim Wynne

Leader
Admin
#6
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
A "service level agreement," as you describe it, is a contract.
 
#7
A "service level agreement," as you describe it, is a contract.
I will go one step further.
A Service level agreement or Contract in itself are not controls. These contract papers rest in file and do not exercise any control.
What you have put into the contract in terms of proof that the tasks are done to your satisfaction by the outsourced agency (the Building Maintenance and Housekeeping, and the Maintenance of Vehicles.) periodically and your accepting the same after your review and satisfaction are your controls.
While the agreement may be accepted as a corrective action, the dynamic controls ongoing will be such of these periodic records which also will have your intervention in terms of your review and acceptance.
Make a list of all such records which you wish to periodically review in the agreement, and these will be the records of your control over the outsourced process.
 
#8
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
 
#10
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
Wait a while .....
We are concluding here and we even have no idea of the OP's business.
In all fairness I believe these are processes that are integral in the OP's QMS and they fairly outsource. The lacking perhaps was identification and needed controls within the QMS.
 
Thread starter Similar threads Forum Replies Date
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K FAA Audit - Major nonconformity for lack of timely calibration of two devices EASA and JAA Aviation Standards and Requirements 5
M Measurement Unit Rounding Nonconformity - Notified Body Audit Registrars and Notified Bodies 6
R Corrective Action for Nonconformity in ISO/TS 16949 Recertification Audit IATF 16949 - Automotive Quality Systems Standard 2
H Internal Audit Major Nonconformity or Not? Quality Manager and Management Related Issues 24
L Audit Nonconformity for FMEA - Transit, Warehousing and Shipping ISO 13485:2016 - Medical Device Quality Management Systems 4
D What should the QMS Auditor do if a Major Nonconformity is found during an Audit? Internal Auditing 11
U Customer Audit Nonconformity on Internal Audit Program done by Corporate QA General Auditing Discussions 19
K Observation - Potential Nonconformity - How to address this Audit Finding? General Auditing Discussions 9
P Internal Audit NC (Nonconformance) is not closed - Is it a nonconformity? IATF 16949 - Automotive Quality Systems Standard 11
C Quality Objectives - Is this an audit nonconformity? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 162
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
J ISO/TS 16949 audit nonconformity from Auditor on laboratory scope General Measurement Device and Calibration Topics 5
M Major/Minor Nonconformity - Nonconformance from last audit found again Nonconformance and Corrective Action 15
C Supplier Audit - Looking for a quality audit checklist General Auditing Discussions 3
E Opening meeting for Third-Party Audit--Who should say what? General Auditing Discussions 22
R EU MDR Remote vs In-Person Audit EU Medical Device Regulations 1
F Attendance possibility for a certification audit ISO 13485:2016 - Medical Device Quality Management Systems 7
D Audit Report details when ISO 13485:2016 and cGMP 21 CFR 820 are applicable ISO 13485:2016 - Medical Device Quality Management Systems 6
R Looking for ISO 13485 Internal Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
G IATF Remote Location audit timing IATF 16949 - Automotive Quality Systems Standard 3
G During internal audit - finding poor action plans ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
C Need help in determining applicable clause for an audit finding (based on AS9120B) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Opening meeting - internal audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Ed Panek Audit Protocol? Simultaneous surveillance and recertification audits. ISO 13485:2016 - Medical Device Quality Management Systems 11
D Is a lost calibrated tool an non-conformance for an audit? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 58
D IATF16949 external audit plan IATF 16949 - Automotive Quality Systems Standard 3
B 8.5.1.1 Control Plan - question audit NC IATF 16949 - Automotive Quality Systems Standard 5
D ISO 9001:2015 Recertification Audit Timing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Mr Roo Discovered dishonesty after performing an internal audit General Auditing Discussions 4
Q 10.3 Continual improvement - How to audit it? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
H Audit Checklist for European Authorized Representative EU Medical Device Regulations 0
Q Product audit assessment IATF 16949 - Automotive Quality Systems Standard 4
S Customer audit report review and approval ISO 13485:2016 - Medical Device Quality Management Systems 3
Moncia Integrated QMS and audit Other ISO and International Standards and European Regulations 5
G Audit & Agreements for "Test Laboratory" Supplier? US Medical Device Regulations 4
J New QMS Auditor - seeking opportunities to gain audit experience Career and Occupation Discussions 3
M IATF external audit NC closure IATF 16949 - Automotive Quality Systems Standard 4
W IATF 9.2.2.1 Internal Audit how to determine risk IATF 16949 - Automotive Quality Systems Standard 12
M Multiple time zones in the Audit Trail Qualification and Validation (including 21 CFR Part 11) 7
X Looking for 17025 auditor to perform internal audit on IT software testing laboratory ISO 17025 related Discussions 3
A API Q1 9th Edition Surveillance Audit - Quality Policy Oil and Gas Industry Standards and Regulations 2
S Audit Finding - Design History File (DHF) Index: few (3 to 4) reports not identified ISO 13485:2016 - Medical Device Quality Management Systems 3
xfngrs 3 year audit cycle IATF 16949 IATF 16949 - Automotive Quality Systems Standard 10
Q NACE Code 25.6 no reduction in CB audit days? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
J 9001 Internal Audit of Client Onboarding process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
H Streamlining audit response and corrective action processes ISO 13485:2016 - Medical Device Quality Management Systems 9
Q Corrective Action Notification - Registration Audit ISO 13485:2016 - Medical Device Quality Management Systems 12
chris1price Irradiation site for dose audit Other Medical Device Related Standards 2
PQ Systems 5 Ways to Reduce Stress on Your Next Audit Using GAGEpack Software 0

Similar threads

Top Bottom