SBS - The Best Value in QMS software

Audit Nonconformity on Defining 'Outsourced' Infrastructure Maintenance

K

klcuellar

#1
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
 
Elsmar Forum Sponsor

harry

Super Moderator
#2
1. I edited the title of the thread to reflect the nonconformity on your handling of the outsourced process rather than the process itself.

2. 4.1 (General Requirements) of the standard is quite clear on this issue. You would normally extend control to such a process through a service agreement or contract and all you need to mention in your QMS is that control of this process is through a service agreement or contract.
 
I

isoalchemist

#3
Great advice from Harry!

Let me add that they are a supplier so some evaluation is required. Also make sure they are on the Approved Supplier List
 

John Broomfield

Staff member
Super Moderator
#4
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
 

Jim Wynne

Staff member
Admin
#5
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for ts submission to our certifying body.

please do comment and share your insights. thanks!
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
 

Jim Wynne

Staff member
Admin
#6
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
A "service level agreement," as you describe it, is a contract.
 

somashekar

Staff member
Super Moderator
#7
A "service level agreement," as you describe it, is a contract.
I will go one step further.
A Service level agreement or Contract in itself are not controls. These contract papers rest in file and do not exercise any control.
What you have put into the contract in terms of proof that the tasks are done to your satisfaction by the outsourced agency (the Building Maintenance and Housekeeping, and the Maintenance of Vehicles.) periodically and your accepting the same after your review and satisfaction are your controls.
While the agreement may be accepted as a corrective action, the dynamic controls ongoing will be such of these periodic records which also will have your intervention in terms of your review and acceptance.
Make a list of all such records which you wish to periodically review in the agreement, and these will be the records of your control over the outsourced process.
 

Big Jim

Super Moderator
#8
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
 

somashekar

Staff member
Super Moderator
#10
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
Wait a while .....
We are concluding here and we even have no idea of the OP's business.
In all fairness I believe these are processes that are integral in the OP's QMS and they fairly outsource. The lacking perhaps was identification and needed controls within the QMS.
 
Thread starter Similar threads Forum Replies Date
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K FAA Audit - Major nonconformity for lack of timely calibration of two devices EASA and JAA Aviation Standards and Requirements 5
M Measurement Unit Rounding Nonconformity - Notified Body Audit Registrars and Notified Bodies 6
R Corrective Action for Nonconformity in ISO/TS 16949 Recertification Audit IATF 16949 - Automotive Quality Systems Standard 2
H Internal Audit Major Nonconformity or Not? Quality Manager and Management Related Issues 24
L Audit Nonconformity for FMEA - Transit, Warehousing and Shipping ISO 13485:2016 - Medical Device Quality Management Systems 4
D What should the QMS Auditor do if a Major Nonconformity is found during an Audit? Internal Auditing 11
U Customer Audit Nonconformity on Internal Audit Program done by Corporate QA General Auditing Discussions 19
K Observation - Potential Nonconformity - How to address this Audit Finding? General Auditing Discussions 9
P Internal Audit NC (Nonconformance) is not closed - Is it a nonconformity? IATF 16949 - Automotive Quality Systems Standard 11
C Quality Objectives - Is this an audit nonconformity? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 162
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
J ISO/TS 16949 audit nonconformity from Auditor on laboratory scope General Measurement Device and Calibration Topics 5
M Major/Minor Nonconformity - Nonconformance from last audit found again Nonconformance and Corrective Action 15
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 0
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 66
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
S Quarterly Dose Audit Medical Device and FDA Regulations and Standards News 5
H When is a SOC 2 audit necessary? IEC 27001 - Information Security Management Systems (ISMS) 3
J NCR- Failure of contract review process - NADCAP audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 5
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 12
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 1
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2
D Major NC from last audit not fixed not sure how to fix General Auditing Discussions 9
X Sample SOC2 audit report (or a redacted one) IEC 27001 - Information Security Management Systems (ISMS) 0
D Lead time to schedule an ISO 13485 audit General Auditing Discussions 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
W How do you phrase your internal audit questions? Internal Auditing 3
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 2
V Csv, excel format - audit trail file of HPLC system ( Empower, openlab, EZchrom or any other ) Qualification and Validation (including 21 CFR Part 11) 0
G Not accepting a non conformity during an audit General Auditing Discussions 11
K IATF audit day requirements table 5.2 IATF 16949 - Automotive Quality Systems Standard 6
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 11
M IATF - Internal Audit 3 year span Internal Auditing 4
Q Audit report template ISO 9001/14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6

Similar threads

Top Bottom