SBS - The best value in QMS software

Audit Nonconformity on Defining 'Outsourced' Infrastructure Maintenance

K

klcuellar

#1
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
 
Elsmar Forum Sponsor

harry

Super Moderator
#2
1. I edited the title of the thread to reflect the nonconformity on your handling of the outsourced process rather than the process itself.

2. 4.1 (General Requirements) of the standard is quite clear on this issue. You would normally extend control to such a process through a service agreement or contract and all you need to mention in your QMS is that control of this process is through a service agreement or contract.
 
I

isoalchemist

#3
Great advice from Harry!

Let me add that they are a supplier so some evaluation is required. Also make sure they are on the Approved Supplier List
 

John Broomfield

Staff member
Super Moderator
#4
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
 

Jim Wynne

Staff member
Admin
#5
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for ts submission to our certifying body.

please do comment and share your insights. thanks!
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
 

Jim Wynne

Staff member
Admin
#6
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
A "service level agreement," as you describe it, is a contract.
 

somashekar

Staff member
Super Moderator
#7
A "service level agreement," as you describe it, is a contract.
I will go one step further.
A Service level agreement or Contract in itself are not controls. These contract papers rest in file and do not exercise any control.
What you have put into the contract in terms of proof that the tasks are done to your satisfaction by the outsourced agency (the Building Maintenance and Housekeeping, and the Maintenance of Vehicles.) periodically and your accepting the same after your review and satisfaction are your controls.
While the agreement may be accepted as a corrective action, the dynamic controls ongoing will be such of these periodic records which also will have your intervention in terms of your review and acceptance.
Make a list of all such records which you wish to periodically review in the agreement, and these will be the records of your control over the outsourced process.
 

Big Jim

Super Moderator
#8
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
 

somashekar

Staff member
Super Moderator
#10
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
Wait a while .....
We are concluding here and we even have no idea of the OP's business.
In all fairness I believe these are processes that are integral in the OP's QMS and they fairly outsource. The lacking perhaps was identification and needed controls within the QMS.
 
Thread starter Similar threads Forum Replies Date
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K FAA Audit - Major nonconformity for lack of timely calibration of two devices EASA and JAA Aviation Standards and Requirements 5
M Measurement Unit Rounding Nonconformity - Notified Body Audit Registrars and Notified Bodies 6
R Corrective Action for Nonconformity in ISO/TS 16949 Recertification Audit IATF 16949 - Automotive Quality Systems Standard 2
H Internal Audit Major Nonconformity or Not? Quality Manager and Management Related Issues 24
L Audit Nonconformity for FMEA - Transit, Warehousing and Shipping ISO 13485:2016 - Medical Device Quality Management Systems 4
D What should the QMS Auditor do if a Major Nonconformity is found during an Audit? Internal Auditing 11
U Customer Audit Nonconformity on Internal Audit Program done by Corporate QA General Auditing Discussions 19
K Observation - Potential Nonconformity - How to address this Audit Finding? General Auditing Discussions 9
P Internal Audit NC (Nonconformance) is not closed - Is it a nonconformity? IATF 16949 - Automotive Quality Systems Standard 11
C Quality Objectives - Is this an audit nonconformity? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 162
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
J ISO/TS 16949 audit nonconformity from Auditor on laboratory scope General Measurement Device and Calibration Topics 5
M Major/Minor Nonconformity - Nonconformance from last audit found again Nonconformance and Corrective Action 15
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 7
M IATF - Internal Audit 3 year span Internal Auditing 2
Q Audit report template ISO 9001/14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 8
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7
Sidney Vianna IATF 16949 News Update on the IATF CARA Project (“Common Audit Report Application”) - 12/2020 IATF 16949 - Automotive Quality Systems Standard 1
R ISO 17025 vertical audit checklist wanted Document Control Systems, Procedures, Forms and Templates 2

Similar threads

Top Bottom