Audited to ISO 13485 standard although customer was aware we're not and have no plans to be

#11
Eddie: Customers will audit to whatever they want! They may be looking to see what the "gaps" are so they can manage the risks associated with continuing to be supplied by your organization. Of course, as others have pointed out, using criteria you're not implementing, doing the audit and then issuing corrective actions may also indicate their auditor isn't competent...

If they have issued supplier corrective actions, then I'd be asking your purchasing contact (different from the auditor?) to determine if they have a plan to buy more and will ultimately be requiring compliance to ISO 13485. If not, I'd go one further and let your purchasing contact know that, since you've received the SCARs but have never claimed compliance to 13485, that there's a cost to replying to the SCARs and that will be passed on in price increases. I'd wager a large sum of money, the auditor and the buyer aren't even on the same page...
 
Elsmar Forum Sponsor

moounir

Involved In Discussions
#12
I like this discussion as I am usually on the manufacturer side and not the supplier one. As a Medical Device Manufacturer, we are under stress as we want to keep our ISO 13485 certificate. So if we have done enough to be compliant internally, we still need to control the external partners.

One way to control them is to ask them to be certified ISO 13485. This is the Graal for a medical device manufacturer as the stress goes down when during their own audit they can show to an auditor that its supplier is ISO 13485 certified. It avoids questions.

When we have a supplier or service provider that is not ISO 13485, then we have more work from our side.

One important thing is to define your criteria to select a supplier. If the activities of this supplier are not impacting the ISO 13485 certificate (Cleaning of medical devices, sterilization, final packaging..) then we can define on a risk analysis that the product or service provided is not a risk for the final product. So the usage of ISO 14971 for the manufacturer can be a trigger to ask a supplier to comply with an ISO 13485 requirement.

Usually, we use some grading of our suppliers for that. Critical, normal or low risk. This help also to define what we need to ask for each of them. As you can imagine one that is considered critical will be under focus. Also because the manufacturer's notified body can decide to go to audit him.

But out of all those considerations, most importantly, communication with the supplier on what we expect from him is key. This should be provided on an agreement. And this agreement should be signed by both. So if your agreement is asking you, for example, to inform immediately any change on your process, then you have immediately to send a letter with the changes and the reason for that. And this can be an ISO 13485 requirement or not. It doesn't mean that you are compliant to ISO 13485.

ISO 13485 is only a guarantee, but manufacturers can still ask you to be compliant with some of these requirements outside of this standard. You should just agree to comply with them.

A standard is only a set of requirements that are packaged on a document. But each of those requirements can be taken individually to be applied depending on the product or service you offer.

As one of the answers said, our manufacturers are raising prices when we ask them too much.

I hope this helps with the discussion.
 

Kim B

Starting to get Involved
#13
Thank you for the string above, very valuable information.

What are the thoughts for a manufacturer not to be ISO13485 compliant as we move forward with MDR? My understanding is the supplier shall be ISO13485 compliant to support the products - is this accurate? Must they be ISO compliant to provide cables or bolts for MDR? Please advise. Thanks - Kim
 

Jean_B

Trusted Information Resource
#14
What are the thoughts for a manufacturer not to be ISO 13485 compliant as we move forward with MDR?
My understanding is the supplier shall be ISO13485 compliant to support the products - is this accurate?
Must they be ISO compliant to provide cables or bolts for MDR?
TLDR (I'm doing a lot of these long posts lately...); No. The MDR does not require a part supplier to be ISO 13485 certified. The implementing standards (e.g. EN ISO 13485, (EN) ISO 14971, etc), common specifications, and specific guidance (i.e. CEN TR 17223) have not required a specific certification for suppliers (so far).
A generic cable or bolt supplier, whose part is not crucial in preventing harm (in single-fault condition usually) is not by law required to be ISO 13485 certified. If they do serve such a crucial role, the legal manufacturer must exercise control (commonly at least through contract) and usually (but not always) notifies the supplier of the important fact. Sadly why such stringent controls flow down to such a supplier is not always made clear, but I recommend it to all legal manufacturers to do so. Requirements without a known base run the risk of being ignored.


Noting that most of this concerns suppliers up-stream. Not suppliers (of a service) such as distributors, importers or authorized agents or actual legal manufacturers (obviously; though even there ISO 13485 is technically not a requirement but is the easiest path). They have specific characteristics and responsibilities within the regulatory framework and supply chain as economic operators, that explanation on them is best left for some other discussion.

So what is required? To qualify and control your suppliers based on Risk. This risk on the product side usually heavily builds on both DFMEA and PFMEA. Also of note will be so called 'critical suppliers' characterized by IEC 60601-1, which will often increase the control you impose on the them/their parts.
What is the common solution to the above? Require such risky suppliers to have a QMS (or necessary and sufficient sub-parts of it, e.g. PPAP validation etc), and to make it demonstrable (so you can also show it to the Notified Bodies). The demonstration is usually achieved either by being audited by you as the manufacturer or by relying on someone else having audited them and certified them.
Now there is no requirement that their QMS must conform to ISO 13485. There's not even one that it must conform to ISO 9001. But these are often used as they are common-place and well-known (not that that guarantees the quality in them), and summarize best practices you should expect of suppliers.

In the past, manufacturers have required ISO 13485 of companies that would find it hard to be in-scope of it. (likely due either a bit of a simple-minded approach or external auditor pressure). But this developed into a scope expansion for the standard (and a good reason to have a look at what you are allowed to exempt or claim non-applicability from as a supplier if you are indeed required to conform). As proof note the differences in scope between the prior version and the current version:
  • Prior: "This International Standard specifies requirements for a quality management system that can be used by an organization for the design and development, production, installation and servicing of medical devices, and the design, development, and provision of related services."
  • Current: "This International Standard specifies requirements for a quality management system that can be used by an organization involved in one or more stages of the life-cycle of a medical device, including design and development, production, storage and distribution, installation, servicing and final decommissioning and disposal of medical devices, and design and development, or provision of associated activities (e.g. technical support).
    The requirements in this International Standard can also be used by suppliers or other external parties providing product (e.g. raw materials, components, subassemblies, medical devices, sterilization services, calibration services, distribution services, maintenance services) to such organizations. The supplier or external party can voluntarily choose to conform to the requirements of this International Standard or can be required by contract to conform."
So only if a supplier is required through agreed contract, then a supplier must conform to (a scoped-down) ISO 13485. But you can press back on the manufacturer, asking why your probably existing QMS/ISO 9001 would not be enough to satisfy control. Ask for his risk-assessment and what control over you he needs, and whether other types would be sufficient (Certificates of Analysis/Conformity, Raw data sharing, periodic audits against contract). Do note that change control is your biggest friend. If the only thing you have as a supplier is change control (including the requisite specification control) you're more than halfway there usually.
Their special concerns should be about consistency of materials or process capability (validation) and record keeping as well. It might extend to personal qualification, as some specific types of product warrant experts to be involved in activities (i.e. testing/analysis).

What are prime organizations for which ISO 13485 holds value over other QMS set-ups? Probably contract design, contract manufacturer (who is not the legal manufacturer), sub-assembly manufacurers with significant risks in PFMEA (of a nature not covered by generic QMS requirements, e.g. cleanrooms viable/non-viable), (product) testing facilities on high-risk (or certification decision) aspects of the device.
Some other enterprising soul has perhaps done it more in-depth but this is a good start.

Salient EU 2017/745 comments used to guide the above:
  • Article 10: "The quality management system shall address at least the following aspects: ... (d) resource management, including selection and control of suppliers and sub-contractors;"
    • Note CEN TR 17223 states "Covered. EN ISO 13485 includes requirements on the evaluation and selection of suppliers, their monitoring and their re-evaluation."
    • For the associated annex IX, Chapter 1 2.2, paragraph 2, b indent 3 it states "Covered. EN ISO 13485 has requirements for cases when an organization outsources and activity, and these requirements link with the requirements for evaluation and selection of suppliers, their monitoring and their re-evaluation."
  • Article 93. 3. 9b) "In order to fulfil the obligations laid down in paragraph 1, the competent authorities: .. (b) shall carry out both announced and, if necessary, unannounced inspections of the premises of economic operators, as well as suppliers and/or subcontractors, and, where necessary, at the facilities of professional users."
  • Annex II: 3. Design and Manufacturing information "(c) identification of all sites, including suppliers and sub-contractors, where design and manufacturing activities are performed."
  • Annex VII: (Requirements to be met by NB, Conformity assessment activities) 4.5.2 (a) second indent: "— identify links between, and allocation of responsibilities among, the various manufacturing sites, and identify relevant suppliers and/or subcontractors of the manufacturer, and consider the need to specifically audit any of those suppliers or subcontractors or both," and (b) third indent: "— if not already covered by the audit programme, audit the control of processes on the premises of the manufacturer's suppliers, when the conformity of finished devices is significantly influenced by the activity of suppliers and, in particular when the manufacturer cannot demonstrate sufficient control over its suppliers,"
  • Annex VII: (Surveillance activities and post-certification monitoring) 4.10 "The notified body shall have documented procedures:— defining how and when surveillance activities of manufacturers are to be conducted. Those procedures shall include arrangements for unannounced on-site audits of manufacturers and, where applicable, subcontractors and suppliers carrying out product tests and the monitoring of compliance with any conditions binding manufacturers and associated with certification decisions, such as updates to clinical data at defined intervals,"
  • Annex IX 3.2 "The manufacturer shall give authorisation to the notified body to carry out all the necessary audits, including on- site audits, and supply it with all relevant information, in particular: — the data stipulated in the part of the quality management system relating to manufacture, such as quality control reports and test data, calibration data, and records on the qualifications of the personnel concerned."
 

Ronen E

Problem Solver
Staff member
Moderator
#15
How we usually addressed these issues was to state that [...] we would take it under advisement and add it to our continual improvement plan. This was usually enough to appease most customers.
From a diplomatic perspective that's perfect; the interesting question is whether they ever followed up to check whether you actually implemented anything. If they didn't, it goes to show that the SCARs raised were only lip service or a mechanistic formality to begin with.
 
Last edited:

Ronen E

Problem Solver
Staff member
Moderator
#16
Not suppliers (of a service) such as distributors, importers or authorized agents
Distributors and importers are not suppliers, strictly as such. A supplier is an entity the manufacturer (customer in this case) pays to. Manufacturers don't pay distributors (strictly as such). Distributors pay manufacturers - when they purchase the devices. An entity generating sales without taking title for the device (i.e. without paying for it) is termed an Agent.
Also of note will be so called 'critical suppliers' characterized by IEC 60601-1
Can you please kindly point to where (what clause) current IEC 60601-1 characterizes the so called 'critical suppliers'?

Thanks,
Ronen.
 

Jean_B

Trusted Information Resource
#17
Distributors and importers are not suppliers, strictly as such. A supplier is an entity the manufacturer (customer in this case) pays to. Manufacturers don't pay distributors (strictly as such). Distributors pay manufacturers - when they purchase the devices. An entity generating sales without taking title for the device (i.e. without paying for it) is termed an Agent.
You are correct in the terminology. However, the Medical Device Single Audit Program imposes the association (e.g. Chapter 1, task 5 "
Australia (TGA):
If an Australian Sponsor undertakes an activity that is outsourced by the manufacturer, or required, to be under the control of the manufacturer, verify that the roles and responsibilities of the Australian Sponsor are documented in the manufacturer’s quality management system and that the sponsor is qualified and controlled as a supplier. For example, but not limited to; a labeling activity to ensure that the name and address of the Australian Sponsor accompanies the device [TG(MD)R Reg 10.2], the installation of a device, or the servicing of a device.
Canada (HC):
Verify that the roles and responsibilities of any regulatory correspondents, importers, distributors, or providers of a service are clearly documented in the organization’s quality management system and are qualified as suppliers and controlled, as appropriate.", Chapter 6 task 18 requires manufacturers to require of distributors to maintain distribution records and to make these available for inspection).
The EU MDR put obligations on the manufacturer to ensure the activities with respect to traceability and aiding in field safety corrective actions/recalls are done well, by extension leading to some amount of control of especially distributors and importers (usually at the contract/agreement level but still). Given that many companies would be controlling these as suppliers due to MDSAP anyway, folding such retention and response responsibilities into that process is better than to leave it to contract management alone.
I've seen retention periods for records critical to such a matter fall short (and there's no getting them back if they've been disposed of), and there is always the debate with distributors on whether it's just an excuse to be able to skip them in the supply chain in the future. Showing the regulatory framework and requirements on it helps.
It does mean that a distributor might be requested to open up for audits by a legal manufacturer in the future for example, since that is one of the supplier control mechanisms. Perhaps an unforeseen consequence of the integration of multiple regional requirements into a single QMS.

Can you please kindly point to where (what clause) current IEC 60601-1 characterizes the so called 'critical suppliers'?
Keeping me on the straight: it doesn't characterize critical suppliers, its Test Report characterizes critical components (see also Determining Critical Components for conformity with IEC 60601-1), whose suppliers often inherit the moniker critical supplier by association.
Whether that is an effective and efficient way to go about it is debatable. People often expect a critical component supplier to be controlled better than non-critical component suppliers by virtue of the name, but the type of control is not directly linked to it being on that list. Change notification (a contract or incoming inspection matter) might be sufficient for some, while audit of production and test might be needed to ensure a sufficient level for others, yet a non-active device might have a component for which the latter type of control is essential but it wouldn't flag on such a list in a company. However, if imposed by an auditor that you need stringent controls on critical component suppliers, many a time it is difficult to refuse.
 

Ronen E

Problem Solver
Staff member
Moderator
#18
You are correct in the terminology. However, the Medical Device Single Audit Program imposes the association (e.g. Chapter 1, task 5 "
Australia (TGA):
If an Australian Sponsor undertakes an activity that is outsourced by the manufacturer, or required, to be under the control of the manufacturer, verify that the roles and responsibilities of the Australian Sponsor are documented in the manufacturer’s quality management system and that the sponsor is qualified and controlled as a supplier. For example, but not limited to; a labeling activity to ensure that the name and address of the Australian Sponsor accompanies the device [TG(MD)R Reg 10.2], the installation of a device, or the servicing of a device.
Canada (HC):
Verify that the roles and responsibilities of any regulatory correspondents, importers, distributors, or providers of a service are clearly documented in the organization’s quality management system and are qualified as suppliers and controlled, as appropriate.", Chapter 6 task 18 requires manufacturers to require of distributors to maintain distribution records and to make these available for inspection).
The EU MDR put obligations on the manufacturer to ensure the activities with respect to traceability and aiding in field safety corrective actions/recalls are done well, by extension leading to some amount of control of especially distributors and importers (usually at the contract/agreement level but still). Given that many companies would be controlling these as suppliers due to MDSAP anyway, folding such retention and response responsibilities into that process is better than to leave it to contract management alone.
I've seen retention periods for records critical to such a matter fall short (and there's no getting them back if they've been disposed of), and there is always the debate with distributors on whether it's just an excuse to be able to skip them in the supply chain in the future. Showing the regulatory framework and requirements on it helps.
It does mean that a distributor might be requested to open up for audits by a legal manufacturer in the future for example, since that is one of the supplier control mechanisms. Perhaps an unforeseen consequence of the integration of multiple regional requirements into a single QMS.
(Emphasis added)
Wow. You've burried the issue in so many facts and arguments (most of them correct, by the way) that it's almost impossible to remember what was the point of contention :)
Okay, so in the context of MDSAP (at least AU and Canada) distributors should be treated as suppliers. But that doesn't change the fact that they are not suppliers, and also the fact that ISO 13485 itself (which is the OP context) is silent in that regard.
Last, addressing your sentence which I highlighted - Many?... I don'y see manufacturers flocking over to MDSAP. Maybe in 5-10 years that statement will be true.
 

Ronen E

Problem Solver
Staff member
Moderator
#19
Keeping me on the straight: it doesn't characterize critical suppliers, its Test Report characterizes critical components (see also Determining Critical Components for conformity with IEC 60601-1), whose suppliers often inherit the moniker critical supplier by association.
Not really. Please refer to my post (#22) in that thread, backed by posts from >1 fairly-well esteemed community members.
Perhaps the standardised IEC 60601 Test Report requires listing critical components, but does it define/characterise which ones actually are, or should be?
If Critical Components aren't well defined, they can hardly be a clear path to identifying Critical Components' Suppliers.
However, if imposed by an auditor that you need stringent controls on critical component suppliers, many a time it is difficult to refuse.
Even if we momentarily suspend "Show Me the Shall" (SMtS) and accept whatever comes out of an auditor (any auditor?) as gospel, it should be quite hard to enforce a requirement that is ill-defined. How can someone require you apply special controls to a subset of suppliers, when a clear and valid rule for inclusion of members in that subset is not available?
 

Jean_B

Trusted Information Resource
#20
The face of compliance to requirements, compliance to requirements and intent behind requirements are three different things. While we want the last of the three, due to ambiguity and complexity we often end up spending far more time on the first two which in turn affects what is perceived as the things you must do to pass (the combination of requirements and faux-requirements).

True experts are a minority on both the auditing and auditee side, and standards (even when written by those experts) drift over time to the common consensus of them. In a world where time is seen as of the essence, sometimes yielding quickly (yet still unjustly) is a path chosen by (top) management. This also counts for the testhouses who use the standard test report as the base for testing (perhaps again a management decision, as I've experienced the tester group to consist of a larger proportion of well-versed people), introducing technically non-required expectations as hard hurdles (faux-requirements) to get into the market.

Technically faux-requirements are not enforcable, but you can choose between simply doing them or expending (a often disproportionate amount) of resources (time, money, personnel) to get what you want without doing them. As long as intent is met at a minimal cost way (both from the regulator side for (face of) compliance and the manufacturer side for getting past the compliance check), whether with or without faux-requirements, this is unlikely to change. The current dynamic between the manufacturers that need the certificates and the organizations that can issue them plays into this.

So while I could go the path of only describing the factually correct path, I also included the context of what usually happens in practice (whether just or unjust, right or wrong).

If a company has 13485 (a starting assumption of MDSAP) and MDSAP requires companies to treat certain parties as (if) suppliers, then those parties are likely to be streamlined into the existing 13485 process for that aspect. Having multiple processes specific to each regional requirement is less the norm than having a process that (tries to) handle a generic intent with the regional nuances integrated.

As for how many companies already made the jump to MDSAP versus doing it separately (and currently leaving Canada)? I'll grant you that number is still relatively low it should increase as consultants and the sector gain experience and increase the cultural mindset that MDSAP isn't all that much more than 13485 with regulatory requirements combined in a neat(-ish) package.
Despite that I look at it from the viewpoint of intent. While the idiosyncracies of the minutae of each regional regulation are enough to drive people mad, the intent behind those regulations is the same. Aiming a system at the intent instead of the letter of the law/regulation/standard will often give you better results, and in this case put you ahead of the game. MDSAP does/tried to do that. Make use of its useful bits, tolerate the less costly useless stuff and only fight the really stupid stuff.

As for critical component identification (to get back off-topic on that), the linked document in that thread states in 4.7:
"4.7.1 The fourth section contains a table describing critical components and/or materials.
4.7.2 The information to be included in the critical components and materials table shall be based on the following:
a) The CTL clarification: "A safety critical component can only be determined upon a preliminary examination/evaluation of the electrical diagram/design/construction. When the design of the product is such that a determined component, in case of failure, can compromise the safety aspect, this component is defined as "safety critical".
b) Components, which have specific requirements in the end product standards.
c) Components, which have requirements in the National Standards included in the evaluation
d) Materials, which are critical to maintain compliance with the standard (such as corrosion requirements, flammability)
e) Professional judgment of the CBTL/NCB.
The evidence used to verify component compliance may be included as an attachment in the CB Test Report or available in the project folder. See also OD 2039 for further instructions.
NOTE: Additional information can be provided in the free text field of a Description row. For an example see Annex E.
"
b and c should be linked. a, d and e are relatively subjective, or at least subject to progressive insight as feedback is gathered and assessed through risk management. Can and does this go wrong a lot of the time? Yes. Our imperfect world with imperfect people. But even the trying makes us safer.
Back on-topic in an auditor-keeps-to-scope kind of way: whether they are justly or unjustly critical components doesn't matter as much for this thread topic: if listed as such they are especially prone to being checked for adequate and suitable supplier control. Thus the practical advice to not forget qualifying such suppliers.

Sorry about the verbose nature of it (and usually I like such nice discussions with a bit more beer, which sadly won't work as you're on the other side of the world).
 
Thread starter Similar threads Forum Replies Date
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
A ISO 13485 - Requirement for Sub-Systems Audited per Year? ISO 13485:2016 - Medical Device Quality Management Systems 13
M We were Recently Audited (ISO 13485 & Related) - With 3 Minors! ISO 13485:2016 - Medical Device Quality Management Systems 6
A ISO 13485 Clause 8.2.2 - Internal auditor from within the company to be audited Internal Auditing 2
W First time being audited (ISO 9001), asking for advice ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G National Structural Steel Specification 7th Edition - Do I now have to be audited against ISO 3843-3 as well as ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q ISO 9001:2015 - Is Strategic Planning audited? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
J Safety Special Equipment (e.g. lift, boiler) shall be audited by ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
C Nonconformances - Recently Audited on Recertification of ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
A ISO 9001:2008 Assessment - Has anyone been audited yet? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 52
A ISO TS 16949 Certification Rules - Ensuring that all ISO/TS aspects has been audited IATF 16949 - Automotive Quality Systems Standard 1
S Audited against ISO 9002/3/1:1994 until December 2003? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
M Informational EU – Draft Functional specifications for the European Database on Medical Devices (Eudamed) – First release (High(1)) to be audited Medical Device and FDA Regulations and Standards News 0
Q IATF 16949 - Product audit - Must each product be audited? IATF 16949 - Automotive Quality Systems Standard 6
R Are DMR (device master record) and DHR (device history record) inspected by FDA or audited by an NB ISO 13485:2016 - Medical Device Quality Management Systems 6
A Supplier refusing to be Audited Supplier Quality Assurance and other Supplier Issues 16
lyobovnik Matters being audited, independence, participation and direct responsibility 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
D No evidence of certain processes on our scope being audited at our remote location IATF 16949 - Automotive Quality Systems Standard 4
W Determining the Status and Importance of the Processes and Areas to be Audited Internal Auditing 7
Marc How will "continual improvement" be audited? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J Can a Lead Auditor be Audited? Internal Auditing 7
somashekar Where does RoHS stuff get audited by CB's? Quality Manager and Management Related Issues 3
J Why are remote supporting functions audited first? IATF 16949 - Automotive Quality Systems Standard 2
Claes Gefvenberg IMS (Integrated Management System) Audited for a week... Other ISO and International Standards and European Regulations 10
T Can a company's website content be audited? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Q What should be Audited in a Product Audit IATF 16949 - Automotive Quality Systems Standard 14
M Do processes that are audited need to be documented? General Auditing Discussions 8
J Has anyone been audited to the new 2008 standard? Any surprises? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
L Being audited on AS9100 30th July - need example flow chart AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
D How do you justify that not all Suppliers need to be Audited? IATF 16949 - Automotive Quality Systems Standard 17
J Being Audited Right Now... Not every department Internal Audited ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Does the Head of the Department being audited have the right to amend audit report? General Auditing Discussions 15
Z What are the Common Audited Procedures? Internal Auditing 5
R Failure analysis process or activity need to be audited? Internal Auditing 3
Q Do All Shifts Need to be Audited For Every Procedure? Internal Auditing 8
R After the corporate facility has been TS16949 audited does a 90 day time clock start? IATF 16949 - Automotive Quality Systems Standard 3
D Auditor stating we have to be audited to 13485:2003 before we are audited ISO 13485:2016 - Medical Device Quality Management Systems 15
C Auditing a Tooling Shop - Does that area need to be audited to TS 16949 IATF 16949 - Automotive Quality Systems Standard 2
J External Nonconformance Not Corrected - Audited same area and found same problem IATF 16949 - Automotive Quality Systems Standard 9
T Witness audit panic - When our registrar is audited during their audit of us General Auditing Discussions 20
V Product Audit - What is actually required to be audited during product audit? Various Other Specifications, Standards, and related Requirements 5
P Pre-Audit Tips for Employees - Preparing Employees to be Audited General Auditing Discussions 24
M Help! Im am being audited and have CS1 against me IATF 16949 - Automotive Quality Systems Standard 7
G Can Work Instructions be audited? 'Local' vs. Corporate policies and procedures ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
B Registrar being audited during our recertification - Can we we refuse? Registrars and Notified Bodies 6
O Question - No Systemwide Internal Audits - But the auditor just audited Internal Auditing 15
T Does your auditor give you a "schedule" (what times/who will be audited?) IATF 16949 - Automotive Quality Systems Standard 6
S If I audit my Processes, Have I audited the Standard? General Auditing Discussions 28
Y QMS Audit, Process Audit, Product Audit - Can these be audited together? Process Audits and Layered Process Audits 7
Raffy Internal Auditing - Showing independence of process being audited Internal Auditing 4

Similar threads

Top Bottom