Auditor Findings ISO 14001:2015 vs. 45001:2015

[Zearl]

We recently had an audit for 14001:2015 as well as previous audits that resulted in nonconformances regarding safety and health issues (such as safety shower problem, gas cylinder not secured, etc. While we definitely want to be notified of any such issues, I question whether minors should result from these type of findings. It seems one can make an argument for anything due to some ambiguity in 2015 standards. For example, showers are said to be under emergency preparedness and response (8.2) as well as fire extinguishers, etc.

Also mentioned was ANY operational controls, whether quality or safety are also fair game for nonconformances, and vice-versa (ex: if auditing 9001:2015, environmental or safety operational controls are fair game).

If this is so, why have separate standards? Simply certify under 9001 and forget anything else. We are considering this as a result.

Have argued this with this particular auditor to no avail. Now the auditor is stating tie-in with 9001 7.4 (Environment for the operation of processes) to environmental operational controls, compliance, etc.).

Maybe Randy has a comment, as I know he has been at this a long time. I have been management rep for 20 + years and never seen a similar auditor.

Anybody with similar experiences?

P.S. Auditor is qualified 9001/14001/45001 standards.

 

[Sidney Vianna]

The auditor is OBVIOUSLY gone wild. Audits have scope and criteria. Section 0.5 of ISO 14001:2015 CLEARLY stipulates it has NO requirements for occupational health & safety. So, the auditor has gone awry, for sure. Emergency Preparedness in the context of ISO 14001 relates to the ENVIRONMENT. Exxon Valdez rings a bell. Union Carbide and Bhopal as well.

Appeal the NC's under the premise that they are outside of the scope of the audit. For sure, the auditor can report the findings as comments/observations, but NEVER as a NC.

 

[Randy]

I'm with Sidney, in fact I recently tossed a couple NC's for being way out of audit scope for the exact reasons you gave. If your doing quality and see something safety or environmental a verbal comment might be acceptable (but only if you've got the competence to do so) but it's not going into the report and it sure ain't going to be a NC and I'd most likely not do a written OFI or observation either...... Oh, and if you find a document control or some other minor problem that might cross multiple standards, pick one of them, don't write the same NC 3 times for the same stinking problem....That's BS!!!!

 

[Zearl]

Sidney/Randy,
Thanks so much for taking the time to respond. I knew I was right on this one. I appreciate the confirmation. Will help in
discussions with management.

As far as the auditor, he also does our 9001:2015 certification. Last audit he wrote 4 NC's for really one area, MOC's for
section 8.5.6. However the clause he chose was 6.3, which should be HIGH LEVEL changes to QMS, not production and service
process changes. Other three for same issue were 7.5.2 (review and approval), 6.1.1 (effectiveness of actions taken to address risks and opportunities) and 7.2 competence. I guess he needed his quota. At the most I would have written two or just one under operational
control or 8.5.6. The whole issue was really not following operational control arrangements. Granted it was a mess and needed some focused attention. I will say it has definitely gotten the attention.

I did not understand the 6.1.1 write up, since IMHO, the MOC system itself is how the risk of personnel not knowing about process changes or new chemicals to assure continuing conformity are addressed. The MOC process as planned was just not being followed for one particular production area.

 

[Sidney Vianna]

Assuming the auditor followed the expected protocol, an exit/de-briefing meeting should have taken place when he disclosed the audit results. That's the BEST TIME and OPPORTUNITY for you to clarify the write ups. Did you ask for clarifications then?

Second guessing the auditor train of thought by people who were not present at the event is very hard.

 

[Zearl]

I argued over the 6.1.1 write-up and he basically did not say much of anything except to promise to go find
other issues to write up.

One could make the case for 7.2 since the MOC's weren't being processed correctly. Also 7.5.2 since the process manager appeared
to not be reviewing status of the MOC's relevant to his process and areas were missing from MOC.
6.3 I don't think so, because these were MOC's for production, not high level QMS changes. He probably just accidently referenced
wrong clause. 6.3 is something that comes out in management review records (high level).

I agree second guessing is hard in this case. I believe he just wanted to raise the issue up to
high level and was also looking for NC's to write. But the evidence is all for the same issue. MOC's
were not being closed out correctly, tracked by process management, etc. The MOC process is now
robust and monitored closely as the auditor noted in the 14001 audit.

There are other circumstances leading to these findings that I do not feel I should disclose here.

As I said, I've been doing this for 20 plus years (not that I claim to be anywhere an expert), and
things are definitely somewhat amiss with this auditor IMHO.

Left to myself, I would have fixed it long ago, but this old MR is in the middle between the auditor
and new management.

 

[Dazza]

As a certification body auditor (10 years experience and UK based) for 9001, 14001 and 45001, based upon what has been stated (9001), I would have made comments during the audit BUT not documented as observations and definitely NOT an NC, as likely to be outside the scope of the audit.

As for the comment "he basically did not say much of anything except to promise to go find other issues to write up.", I would consider either contacting their office and expressing concerns and that you want another auditor at the next few visits, or change certification bodies.
Auditors should not, IMHO, be looking to "get" the company at each visit and only report on what is found as part of the sampled evidence. I have gone months without writing an NC, if I do not find it, I do not keep looking until I do, not paid a bonus or anything for NC's written, if the company presents evidence that is meeting the requirements of the standard and/or their own processes, that is it. I normally look at 6 to 10 pieces of evidence (depending upon complexity) for my sample.

I agree with Randy - "if you find a document control or some other minor problem that might cross multiple standards, pick one of them, don't write the same NC 3 times for the same stinking problem....That's BS!!!!"