Auditor changing ISO 9001 AUDIT scope midstream - Cannot exclude all of 7.3 anymore

Casana

Blueberry Nut
#1
Hi all,

We have several production facilities covered under one ISO 9000 certificate. The design for our products is done by our company's technology business unit which is a completely separate business unit within our company. For this reason we have always excluded 7.3 from our scope and our auditing company never questioned it.

I should mention that a branch of the 'technology group' resides at one of our sites and services all production sites by providing the product design and technical support.

This year our auditing company assigned us a new auditor, who after auditing some of our production sites (in other words, in the middle of the audit) is saying we cannot exclude 7.3 anymore because its being done right at one of our sites. AND he is adding extra time to our audit schedule in order audit 7.3 (to be done while auditing the site where the technology group also resides).

I can understand saying that we cannot exclude all of 7.3 anymore, though I believe that we should still be able to exclude activities handled by a separate business unit (or at least consider them as "outsourced"). The location of the design function in my opinion is irrelevant, they're just renting space locally.

The part I have a BIG BEEF with is the changing of the audit scope midstream. I believe we should have been told that NEXT time we need to be up to snuff regarding 7.3. Who's right (if anyone)?

I'd *love* to hear if anyone has thoughts on this??
Thanks!
 
Elsmar Forum Sponsor
#2
First of all, if the activities of the design are included in the audit of the business technology center, then it should not be part of the local site audit. I would accept auditing the local stuff as part of the BTC since the auditor is there anyway, however....

It sounds like historically, your local sites were not part of 7.3. A change of scope would have to impact the contract between you and the registrar. I am confident that the auditor does not have the authority to change the contract. I would contact your registrar, asking what requirement has changed.
 
#3
Surprise, surprise........

is probably how the auditor felt at the time. Whatever their protocol is will govern how it's handled on-site, but technically, the auditor did the correct thing. The engineering/design function, however it is 'managed' should be defined in the scope and/or other QMS documentation. As an 'ex-registrar' auditor, there's some empathy for the situation, since calling it an exclusion in the past (or under a 1994 ISO cert.) wasn't really correct. Also, the auditor feels 'trapped' because the previous visits didn't highlight it, I'm guessing.:confused:
So, perhaps, how it was handled is a genuine cause for your concern. A call to the operations management could have been made, with you there at the time, rather than an auditor's unilateral action, but who knows even if their HQ would know what to do? I know of one registrar whose management over rules the auditor all the time to 'save face' with the customer and keep the revenue flowing!!:eek:

I hope you can have the situation fixed appropriately to include those pesky engineers.......:lmao:

Andy
 

Helmut Jilling

Auditor / Consultant
#4
Casana said:
Hi all,

We have several production facilities covered under one ISO 9000 certificate. The design for our products is done by our company's technology business unit which is a completely separate business unit within our company. For this reason we have always excluded 7.3 from our scope and our auditing company never questioned it.

I should mention that a branch of the 'technology group' resides at one of our sites and services all production sites by providing the product design and technical support.

This year our auditing company assigned us a new auditor, who after auditing some of our production sites (in other words, in the middle of the audit) is saying we cannot exclude 7.3 anymore because its being done right at one of our sites. AND he is adding extra time to our audit schedule in order audit 7.3 (to be done while auditing the site where the technology group also resides).

I can understand saying that we cannot exclude all of 7.3 anymore, though I believe that we should still be able to exclude activities handled by a separate business unit (or at least consider them as "outsourced"). The location of the design function in my opinion is irrelevant, they're just renting space locally.

The part I have a BIG BEEF with is the changing of the audit scope midstream. I believe we should have been told that NEXT time we need to be up to snuff regarding 7.3. Who's right (if anyone)?

I'd *love* to hear if anyone has thoughts on this??
Thanks!

If an error was made in the past, the auditor is obligated to try to correct it during the audit where it is discovered. There is nothing written that allows us the discretion to "decide" we'll get it later.

The more difficult question is whether you can exclude at your site. I would say no, but I have to qualify my comment. It would have to be audited at the design center for sure, but generally we pick up the trail (linkage) at the local site, after auditing it at the technical center. If your organization is design responsible, you can't exclude it, only indicate which parts are not performed here at the local site.

I would side with the auditor at least 2/3 or 3/4's of the way. The new ISO does not allow Design to be arbitrarily excluded anymore.
 
M

MikeL

#5
Outsourced is still in

Even if the design function is outsourced you are still responsible (see end of 4.1). You can exclude design if it is the customer's design or it a standard product (like mowing lawns).

I tend to agree with auditor although it should be handled by the registrar not the auditor.
 
D

dmp06

#6
7.3 deals with process and well as product. Process designs, including the development of your quality and environmental systems fall within the requirements of 7.3.

Good Luck
 

Randy

Super Moderator
#7
dmp06 said:
7.3 deals with process and well as product. Process designs, including the development of your quality and environmental systems fall within the requirements of 7.3.

Good Luck
I'm sorry but someone needs to see what you're smoking.......

7.3...in fact all of section 7 is limited to those activities identified as necessary to achieve customer satisfaction, that's why it is called "PRODUCT REALIZATION" and not company management. Using your line of thought the planning of the company Christmas party would fall under 7.3 because it is essentially a "designed" process. Next you'll say that an organization must put the supplier of toilet papaer on the approved supplier list....

I addition...the auditor cannot change the scope of the audit. The scope, criteria and objectives are the property of the client and the auditor can only recommend the scope be changed.

It's early, I have a cold and I haven't been sleeeping well so I'm cranky....
 
D

dmp06

#8
Not up for a debate

I did not understand your comment, that someone needs to see what I am smoking. If you can't reply to a post without bashing, then don't reply.

Maybe you need to do some research on 7.3, and not be so quick to add ridiculous things to the interpretations regarding Christmas parties and toilet paper.

Also, I didn't even comment on the auditor changing the scope. As I see it, the auditor was following a process audit format. Too bad you don't understand how a process audit trail can lead to things outside of the scope.

dmp

CQA, EMLA, CQE
 
#9
Been there, done that.........

c'mon guys. Enough with the bad blood:rolleyes:

The audit is a 9001:2000, so 'Process Design' isn't in - that's a TS requirement, dmp06.:read:

:applause: Hjilling said it well. Plus, it's really the responsibility of the MR to call management on these things, so as to avoid getting wacked during an audit. The 3rd party did what they should have, even if they did it kinda unilaterally. Don't forget the MR's job is to maintain compliance, so this issue probably should have come up a long time ago. Yeah, the registrars are culpable, but the accreditation authorities issued memoranda a long time ago about the practice of registering organizations to 9002 when they were design responsible (didn't make much impact, did it?:nope: )

Andy
 
R

Rob Nix

#10
dmp,

One thing to keep in mind when reading posts in threads is that we cannot always read the emotions, personalities, and intents of the poster (sometimes emoticons help). :yes: Randy does not "bash" people personally, and simply was adding "color" to his post to make a point. We really must have a bit thicker skin when it comes to the give and take of information and ideas in a forum such as this. I'm sure Randy doesn't take your "Too bad you don't understand how a process audit trail can lead to things outside of the scope" comment as a personal affront. Mostly we have fun here, feel strongly about some subjects, make light of others, but all in all, enjoy the interaction. :agree1:

There are perhaps many ways this 'subject situation' could have been handled. I would have finished the audit as planned, but wrote up in comments (for the closing meeting and for the registrar's review) the need to address this change in scope. Don't get too excited, Casana. Just work through it with your registrar and auditor and make sure you clearly communicate your contract and audit plans prior to the next audit. Have fun.
 
Thread starter Similar threads Forum Replies Date
K Changing the Auditor within a Notified Body ISO 13485:2016 - Medical Device Quality Management Systems 4
Mikishots AS91X0 Third Party Auditor Cycling and Changing Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
J Changing External Auditor Service General Auditing Discussions 13
C Tri-annual in 2008, auditor changing and thinking of changing CB - advice needed. Registrars and Notified Bodies 10
M Changing Positions: System Quality Assurance vs. Internal Quality Auditor Career and Occupation Discussions 20
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
W Redacting Info Before Giving to Auditor ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T Quality auditor legal right to see Board meeting minutes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
V Certified Auditor - Need of additional certification specific to industry ( GMPs) ASQ vs ECA vs others Professional Certifications and Degrees 1
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 14
R American Petroleum Institute - Becoming an API Auditor Professional Certifications and Degrees 2
B Lowest cost way to pass Lead Auditor exam ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
Z Auditor Findings ISO 14001:2015 vs. 45001:2015 ISO 14001:2015 Specific Discussions 6
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 7
A Becoming an ISO27001 3rd Party Auditor Career and Occupation Discussions 4
L ASQ's Biomedical Auditor Course Test ASQ - American Society for Quality 1
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
G Same parts but new customer - What will the auditor ask me? IATF 16949 - Automotive Quality Systems Standard 2
Gun46 ISO 9001 : 2015 Lead Auditor Exam General Auditing Discussions 16
K %GRR was between 10-30% so we have to have a "backup plan" per auditor IATF 16949 - Automotive Quality Systems Standard 15
S ISO 13485 Lead Auditor - Debate between our Quality Team and Regulatory Auditor - Internal Auditor Training ISO 13485:2016 - Medical Device Quality Management Systems 17
R ISO 45001 Lead Auditor Exam paper Training - Internal, External, Online and Distance Learning 1
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
A Our auditor told if we didn't have a patent we would have to do a validation or verification ISO 13485:2016 - Medical Device Quality Management Systems 6
W Certification for IATF Lead Auditor will expire in 2020 IATF 16949 - Automotive Quality Systems Standard 2
D Impartiality of Internal Auditor ISO 9001/13485 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
Ed Panek Auditor driving us nuts - ESD requirements ISO 13485:2016 - Medical Device Quality Management Systems 23
A OHSAS 18001 external auditor finding personal interpretation? Occupational Health & Safety Management Standards 5
S IRCA Lead Auditor training and Exam tips Training - Internal, External, Online and Distance Learning 5
L ASQ CBA biomedical auditor - CBA primer material is enough to study? ISO 13485:2016 - Medical Device Quality Management Systems 6
B VDA 6.3 Qualification as Process Auditor training course and exam VDA Standards - Germany's Automotive Standards 0
F ISO 21001 Educational Organizations Management - How to become an auditor Other ISO and International Standards and European Regulations 1
J Getting training either from ASQ or from SAI Global - ISO 9001 Lead Auditor training Training - Internal, External, Online and Distance Learning 1
P ASQ Certified Biomedical Auditor (CBA) Certification Preparation 2019 ASQ - American Society for Quality 3
M Medical Device Design Control Auditor Recommentations General Auditing Discussions 19
G Third party auditor mentions no grace period for calibration Calibration Frequency (Interval) 22
D Where (in US) can I get the VDA Auditor Edition book? VDA Standards - Germany's Automotive Standards 3
S AIAG CQI Auditor Qualification and 3rd Party Certification Requirements General Auditing Discussions 2
M IATF 16949 7.2.3 Internal Auditor Competency - Trainer's competency Internal Auditing 7
C Recommendations for UK-based ISO 13485 internal auditor training ISO 13485:2016 - Medical Device Quality Management Systems 1
Sidney Vianna AS9100 News July 2019 AAQG/RMC CB Auditor Workshop - Presentation Materials AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Scope of Facility - Our auditor asked us last week for our "Scope of the Facility" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
A ISO 9001 lead auditor as Full time career India Career and Occupation Discussions 2
J Manufacturing Process Auditor Requirements - IATF 16949 IATF 16949 - Automotive Quality Systems Standard 9
GreatNate ISO 9001:2015 Lead Auditor Course? (who to take with) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
A External Auditor issue with Internal Audits Internal Auditing 7
Q Internal Auditor competence for ISO 14001 ISO 14001:2015 Specific Discussions 11
S IATF 16949: Is "Certified" Internal Auditor mandatory? IATF 16949 - Automotive Quality Systems Standard 9

Similar threads

Top Bottom