Auditing to ISO 9001:2008 - How do we qualify ourselves?

[AndyN]

Sorry Andy.

You still have more information of this potential TS nonconformity than me. I am not yet in a position to call it a nonconformity. Your case for auditors reporting incomplete nonconformity statements is incomplete.

Again, nonconformity statements should comprise the requirement, evidence and nature and should be correct, complete and clear.

I think this discussion has run it's course (as far as I'm concerned) since it's taken a major deviation from an earlier posting (not having auditor be 'expert' in 'ISO')

I guess we're going to have to draw a veil over it.........

 

[neelu]

O.K - you're going to have to humor me here. I was the auditor that made this discovery. The gauges had been there (my report) but are no longer available. Why is planning at fault? They were in the CP, they were there at some time but they've been moved (where we have no clue at this point)

I can't see how you make the 'jump' to planning being ineffective or non-compliant! I believe this is another 'role-played' (in our posts) example of what might happen with real internal auditors! If I were the Quality Planning Process Owner, responsible for the CP, I'd be all over the auditor for saying I didn't provide the resources.......

This is a real, live audit finding of mine from a few years ago (as a consultant doing a TS gap assessment). The gauges had found their way to another machining center (it turned out) due to a process change!

So, John, IMHO it has little or nothing to do with planning, but process changes! The gauges were available, just not where they were 'planned' to be!

To me, clause 7.1 is the sum total of the planning done by various process owners in the org. So if the person using the test gauge is not provided with adequate equipment, person responsible for measurement process(inprocess or final) has not planned properly; hence is'nt the relevant clause 7.5.1 or 8.2.4 ?

 

[howste]

You are still confirming my belief - internal auditors shouldn't be deciding the 'clause'. We are (by my suggestion) somewhat expert in this industry and even we don't agree!

IMO having the "perfect clause" identified is not as important as the fact that a deficiency in the system has been identified and that it will be resolved. If the process is missing some gaging, and the result of the NC is that corrective action is taken, great! If the system is restored so that the gaging won't go missing again, I don't care what clause (or other internal requirement) was quoted in the NC.

Having said that, I also believe that an attempt must be made to identify a clause (or requirement) that's convincing enough that management will not try to weasel out of it, and will take action. I personally always try to reference a clause in the standard (whichever standard I'm auditing to at the time) in nonconformities. I think picking an appropriate clause can help to encourage the people taking action to look at it from a system or "big picture" perspective.

Again, nonconformity statements should comprise the requirement, evidence and nature and should be correct, complete and clear.

I agree. In addition I believe the statements should, when possible, include the actual or potential effect of the nonconformity on the organization and/or the customer. This gets management's attention. Show them where the problem is costing them money and they are more likely to assign resources to address the problem instead of pencil whipping a response.

 

[AndyN]

This discussion continues to amaze me!

Does anyone seriously believe that any manager really factors any understanding of 'clause numbers' into their tactical or strategic thinking and operation of a business process? If you know someone who does, I'd like their names and telephone numbers!

I certainly don't dispute that a well written nc is totally important to resolving a quality system problem. Identifying an ISO clause to 'hang it on' isn't, although surely, to assign some indication of which process (internal requirement) is the issue should be. I think you guys have fallen into the normal view of reporting is 'one size fits all', for an IA as well as for a CB auditor.

Do we truely believe putting an ISO clause on an nc is going to stop management "wriggling out" of a corrective action? I feel like John McEnroe (you cannot be serious, man!) and I'm surprised at that comment! '7.1' '7.6' or '6.2.2', certainly doesn't feel like a 'big stick' to me!

True, a 'perfect clause' may not be totally necessary, but wouldn't the MR like to know where the 'leaks in the hull' are with some accuracy? Management Reviews going to be lively if they're off base with their report!

Surely, if an internal audit program is to be properly managed, it should be directing audits to look at what we've learned from past audits (see ISO 9004 on this). Based on what I'm reading here, I'd like to see the look on the Quality Planning (APQP) Process Owner's face, when an audit is scheduled of that process because someone moved some gauges in manufacturing!!!

If you are the Audit Program Manager, better start pulling your resume together!

 

[howste]

This discussion continues to amaze me!

Does anyone seriously believe that any manager really factors any understanding of 'clause numbers' into their tactical or strategic thinking and operation of a business process? If you know someone who does, I'd like their names and telephone numbers!

Did someone say that? I know I didn't. Understanding of clauses (requirements) is different than being able to spout clause numbers.

I certainly don't dispute that a well written nc is totally important to resolving a quality system problem. Identifying an ISO clause to 'hang it on' isn't, although surely, to assign some indication of which process (internal requirement) is the issue should be. I think you guys have fallen into the normal view of reporting is 'one size fits all', for an IA as well as for a CB auditor.

When a nonconformity is written against a requirement, sometimes I've seen that they will remove the requirement from a procedure instead of taking action to meet it. If it's a requirement of a relevant standard or regulation, there could be serious trouble. At least if I provide them with a clause (not just a number, but a requirement) they will at least know what the standard or regulation requires and can make a more informed decision.

Do we truely believe putting an ISO clause on an nc is going to stop management "wriggling out" of a corrective action? I feel like John McEnroe (you cannot be serious, man!) and I'm surprised at that comment! '7.1' '7.6' or '6.2.2', certainly doesn't feel like a 'big stick' to me!

Management will do whatever they choose. Our job is to provide them information so that they know what the consequences will be.

True, a 'perfect clause' may not be totally necessary, but wouldn't the MR like to know where the 'leaks in the hull' are with some accuracy? Management Reviews going to be lively if they're off base with their report!

Requirements or clauses don't point to processes anyway. Writing a nonconformity against 7.1 doesn't mean we "blame" the Planning Process for a problem. It simply means that the system has a deficiency of a requirement in that area of the standard. The people taking corrective action should be doing cause analysis anyway to determine the source of the problem.

As you implied above, management can do whatever they want with the information we give them, including finding a scapegoat in another process or "wriggling out" of doing anything at all. Of course when they choose the action (or inaction), they also choose the consequences.

Surely, if an internal audit program is to be properly managed, it should be directing audits to look at what we've learned from past audits (see ISO 9004 on this). Based on what I'm reading here, I'd like to see the look on the Quality Planning (APQP) Process Owner's face, when an audit is scheduled of that process because someone moved some gauges in manufacturing!!!

If you are the Audit Program Manager, better start pulling your resume together!

If I scheduled an audit of a specific process based on a nonconformity, it should be because the root cause analysis told me that area needed attention, not because of a clause number...

By the way, you make it sound like an audit is a punishment. Surely not!

 

[Hemanta]

The changes in ISO 9001:2008 are not too many and not too extensive.

Transition to ISO 9001:2008 is possible as part of the Continuing Assessment or Re-Assessment - I guess 1 additional audit man-day will suffice.

To get an idea on the changes in ISO 9001:2008 visit this link:
nasscom-emerge.collectivex.com/discussion/topic/show/105470

 

[Sidney Vianna]

I guess 1 additional audit man-day will suffice.

Suffice :mg:? Suffice for what? There are no additional requirements? Why additional time?

 

[Hemanta]

Suffice :mg:? Suffice for what? There are no additional requirements? Why additional time?

Unfortunately that's the way the CBs want it. Most of the CBs these days are citing the stringent requirements of ISO 17021 (which came into full effect from Sep'08).

Transition to ISO 9001:2008 will be done by checking the documents for the changes made as required by the "changes in ISO 9001:2008". And the 1 man-day is for that.

In fact, I also disagreed initially, but seems there's no choice. If the CB's don't do it this way they face the risk of loosing their accreditation.

 

[Sidney Vianna]

If the CB's don't do it this way they face the risk of loosing their accreditation.

You are (probably unintentionally) disseminating misinformation. The Accreditation Bodies have not imposed ANY requirement on to CB's to expand their surveillance activities and add extra time to verify compliance with ISO 9001:2008.

 

[Randy]

The changes in ISO 9001:2008 are not too many and not too extensive.

Transition to ISO 9001:2008 is possible as part of the Continuing Assessment or Re-Assessment - I guess 1 additional audit man-day will suffice.

To get an idea on the changes in ISO 9001:2008 visit this link:
nasscom-emerge.collectivex.com/discussion/topic/show/105470

Well you guess wrong!

The transition will be something performed between the opening meeting and lunch and will take all of about...oh my, it's done already.

Could you explain what your experience in the industry is that qualifies you to make absolute statements like the last couple of ones?