Audit Nonconformity on Defining 'Outsourced' Infrastructure Maintenance

K

klcuellar

#1
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
 
Elsmar Forum Sponsor

harry

Trusted Information Resource
#2
1. I edited the title of the thread to reflect the nonconformity on your handling of the outsourced process rather than the process itself.

2. 4.1 (General Requirements) of the standard is quite clear on this issue. You would normally extend control to such a process through a service agreement or contract and all you need to mention in your QMS is that control of this process is through a service agreement or contract.
 
I

isoalchemist

#3
Great advice from Harry!

Let me add that they are a supplier so some evaluation is required. Also make sure they are on the Approved Supplier List
 

John Broomfield

Staff member
Super Moderator
#4
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for its submission to our certifying body.

please do comment and share your insights. thanks!
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
 

Jim Wynne

Staff member
Admin
#5
we're having a hard time identifying the appropriate corrective action for our nonconformity during our last external audit.

the nonconformity states that the control to be applied to outsourced process (Infrastructure Maintenance) was not defined within our Quality Management System.

Infra which includes the Building Maintenance and Housekeeping, and the Maintenance of Vehicles. these two were not currently included in our documented QMS. and as our correction, we'll be including these in our current documentation/QMS Manual.

however, we're having a hard time on what will be our long-term action or corrective action. we need to identify this asap as we have deadline for ts submission to our certifying body.

please do comment and share your insights. thanks!
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
 

Jim Wynne

Staff member
Admin
#6
klcuellar,

A Service Level Agreement can work very well where no contract exists.

The SLA specifies the objectives and what each party commits to do in fulfilling the objectives such as points of contact, providing access and reviewing costs before doing any work over a certain amount.

The SLA is a controlled document that may comprise the following sections:

A. Purpose
B. Scope
C. Objectives
D. Party A Responsibilities and deliverables
E. Party B Responsibilities and deliverables
F. Corrections and improvements
G. Audit and review

...or just C thru E.

The root causes for lacking this or similar tool are for you to determine but usually include something along the lines of "outsourced services provided without any problems to date".

Best wishes,

John
A "service level agreement," as you describe it, is a contract.
 

somashekar

Staff member
Admin
#7
A "service level agreement," as you describe it, is a contract.
I will go one step further.
A Service level agreement or Contract in itself are not controls. These contract papers rest in file and do not exercise any control.
What you have put into the contract in terms of proof that the tasks are done to your satisfaction by the outsourced agency (the Building Maintenance and Housekeeping, and the Maintenance of Vehicles.) periodically and your accepting the same after your review and satisfaction are your controls.
While the agreement may be accepted as a corrective action, the dynamic controls ongoing will be such of these periodic records which also will have your intervention in terms of your review and acceptance.
Make a list of all such records which you wish to periodically review in the agreement, and these will be the records of your control over the outsourced process.
 
#8
You don't say what standard is involved here. In ISO 9001:2008, 4.1 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

Before there's a nonconformity, a determination must be made as to whether the processes in question "...[affect] product conformity to requirements..." A reasonable argument could be made in many cases that the two processes you mention don't apply to this requirement.
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
 

somashekar

Staff member
Admin
#10
I absolutely agree. This nonconformance looks to have been written by an over zealous auditor. You should open discussion with the auditor and if need be with your certification body as soon as possible to see about having it withdrawn.
Wait a while .....
We are concluding here and we even have no idea of the OP's business.
In all fairness I believe these are processes that are integral in the OP's QMS and they fairly outsource. The lacking perhaps was identification and needed controls within the QMS.
 
Thread starter Similar threads Forum Replies Date
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K FAA Audit - Major nonconformity for lack of timely calibration of two devices EASA and JAA Aviation Standards and Requirements 5
M Measurement Unit Rounding Nonconformity - Notified Body Audit Registrars and Notified Bodies 6
R Corrective Action for Nonconformity in ISO/TS 16949 Recertification Audit IATF 16949 - Automotive Quality Systems Standard 2
H Internal Audit Major Nonconformity or Not? Quality Manager and Management Related Issues 24
L Audit Nonconformity for FMEA - Transit, Warehousing and Shipping ISO 13485:2016 - Medical Device Quality Management Systems 4
D What should the QMS Auditor do if a Major Nonconformity is found during an Audit? Internal Auditing 11
U Customer Audit Nonconformity on Internal Audit Program done by Corporate QA General Auditing Discussions 19
K Observation - Potential Nonconformity - How to address this Audit Finding? General Auditing Discussions 9
P Internal Audit NC (Nonconformance) is not closed - Is it a nonconformity? IATF 16949 - Automotive Quality Systems Standard 11
C Quality Objectives - Is this an audit nonconformity? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 162
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
J ISO/TS 16949 audit nonconformity from Auditor on laboratory scope General Measurement Device and Calibration Topics 5
M Major/Minor Nonconformity - Nonconformance from last audit found again Nonconformance and Corrective Action 15
J Help to understand and response to API AAR during the re-certification audit Oil and Gas Industry Standards and Regulations 11
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 3
Mikey324 External calibration - Finding in our 3rd party audit General Measurement Device and Calibration Topics 58
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
J Stage 2 audit initial cert, few data points ISO 13485:2016 - Medical Device Quality Management Systems 4
S Corrections not allowed during audit ISO 13485:2016 - Medical Device Quality Management Systems 7
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
R GFE Audit - Violation? GFE Location Controls AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Help Me. Non conformitty in External Audit IATF 16949 - Automotive Quality Systems Standard 13
M How to answer ISO9001:2015 audit finding of old revisions of documents being used? Document Control Systems, Procedures, Forms and Templates 8
B UKRP to what level should you audit Class I Technical Documentation? UK Medical Device Regulations 0
I Audit is tomorrow but I refused to participate Misc. Quality Assurance and Business Systems Related Topics 16
I ISO 17025:2017 / ANAB 3125 - Articulating / Communicating Risks vis-a-vis Audit Findings ISO 17025 related Discussions 2
D Verify Audit Trail of SaaS system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
D Re-labeler - audit the supplier EU Medical Device Regulations 2
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
A PPAP question for audit APQP and PPAP 16
D Number of people to be interviewed during an internal audit? Internal Auditing 10
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 1
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 69
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
S Quarterly Dose Audit Medical Device and FDA Regulations and Standards News 5
H When is a SOC 2 audit necessary? IEC 27001 - Information Security Management Systems (ISMS) 5
J NCR- Failure of contract review process - NADCAP audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 18
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2

Similar threads

Top Bottom