Customer wants to audit our supplier audits - seems inappropriate

#1
We are due for a customer audit soon. They have sent the audit agenda. One of the things they want to audit is our audits of our suppliers. They are specifically wanting to see the non-conformances and follow-up.

It seems inappropriate to me to share our suppliers' information. Per my auditor training, all the information gathered in an audit is confidential.

Currently I intend to let them know that we can't share that type of information, but I would like to hear from others if/how they've handled similar requests.

:censored::unsure:

:thanks:
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
I understand the discomfort in sharing some sensitive data, but can't you have the customer reps signing an NDA? And I do think the customers are practicing supply chain management. They "manage" you as a supplier and the expectation is that you "manage" your suppliers. It seems to me that they want to gather evidence that your supplier assessments are robust and your suppliers (their sub-suppliers) are performing meaningful root cause analysis and effecting meaningful corrective actions.

Supply chain management is getting more complex by the day, but I do see the rationale and desire for customers to assess sub-tier suppliers and how direct suppliers manage their external sources; after all more and more business risks are being introduced by such sub-tier vendors.

Good luck.
 

pkost

Trusted Information Resource
#4
Seems reasonable to me. I think you need to distinguish between the sensitive data that an auditor may see during an audit and the confidential information that is present in an audit report/corrective action.

As an auditor I expect to see the design file for a product so that I can assess the design process is being followed, I don't document the highly sensitive contents, I just document that I saw the file and there was a non conformnace because it did not contain a design review as required by etc etc.

As Sidney suggested an NDA should be adequate
 

GStough

Staff member
Super Moderator
#5
Sidney, Marcelo, and pkost are correct. This can be particularly helpful if you have customer complaints that involve products you purchase from your suppliers (their sub-tier suppliers). It can potentially be a good exercise to improve supplier performance for both you and your customer.
 

JoshuaFroud

Involved In Discussions
#6
I will not revisit what the others above me have said, I agree with their statements.

i will, however, add when addressing this question previously I have presented the customer with partially redacted audit reports. The names and addresses of the supplier was removed along with any identifying information, but the body of the report including non-conformance and follow ups were given.

Also ensure you get the customer auditor to sign an appropriately worded NDA or CDA, but this should be standard practice for all customer audits.
 

Eredhel

Quality Manager
#7
I was going to say something similar to Joshua. I think there is room to meet what they want and still be mindful of organizational needs. We actually had a competitor in town purchase an out of town coating facility and they used its paperwork to find customers other shops were getting work from.

Not that your customer would do that to you, just giving a real life example of weird stuff that can happen.
 
#8
Thanks all for the feedback. We do have an NDA with our customer. I was concerned about audit overreach, so others' experience is very helpful. This is the first time in my 15 years that I've had an auditor request this level of detail (and we are frequently audited to ISO/VDA/IATF). I would be less uncomfortable with this in a registrar audit, but with a customer audit, I feel like we're airing our suppliers' dirty laundry (there is potential for this customer to be a direct customer to our supplier).
 

BradM

Staff member
Admin
#9
It's an excellent question and I like how you're approaching it. Thing is... Supply Chains are becoming (or should at least in principle) more collaborative; upstream and downstream should be helping each other.

I think if your supplier audit program is reasonably robust and you do establish with these customers to not share any of the information outside the audit, I think you should be fine.
 

Ronen E

Problem Solver
Staff member
Moderator
#10
(there is potential for this customer to be a direct customer to our supplier)
Are you adding value?...

On topic: I would redact any sensitive specifics, including - as necessary - technical details. It's reasonable to require to audit your auditing process and your diligence, but this should not be an excuse to indirectly audit your suppliers.

If what they're after is actually auditing your suppliers, let it come to the light and formalise it in written agreements.
 
Thread starter Similar threads Forum Replies Date
C Charging a customer who wants to audit our QMS? ISO 13485:2016 - Medical Device Quality Management Systems 16
Nicole Desouza Sampling plan for a customer who wants AQL 1.0 (per ANSI Z1.4) AQL - Acceptable Quality Level 5
P Customer wants a Part Material Change - New PPAP required? APQP and PPAP 3
G Customer wants PPAP on Old Parts to New Standards APQP and PPAP 8
N Customer wants a PPAP/PSW on some Prototype Parts APQP and PPAP 6
S Boss wants customer delivery signature specimen form Customer and Company Specific Requirements 16
T Customer wants customized Software for Medical Device EU Medical Device Regulations 5
M Customer wants a Containment Plan Nonconformance and Corrective Action 8
J C of C - Customer wants their internal procedures and standards indicated with rev AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 23
J Customer wants a P-value with our initial Process Studies Statistical Analysis Tools, Techniques and SPC 4
Fender1 Management Wants to Exclude a Customer Product Line from Registration Scope ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
V Customer wants to know what CC and SC's are on supplier prints. APQP and PPAP 2
I Repair and Service Facility - Customer wants PPAP for Refurbished Equipment APQP and PPAP 3
M Customer wants each dimension, including reference, in PFMEA FMEA and Control Plans 6
W Customer wants 'Risk Based Compliance' for our Plastic Component Other Medical Device and Orthopedic Related Topics 3
J Choice of Control Limits - Customer wants to control at 4.5 sigma Statistical Analysis Tools, Techniques and SPC 23
J Customer wants to Reduce GD&T Tolerances on Sheet Metal Subassemblies Manufacturing and Related Processes 8
J RoHS Compliance - Steel - Customer wants additional samples tested RoHS, REACH, ELV, IMDS and Restricted Substances 32
A Customer wants to invoke AS9103 on one time buy of 25 piece order. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Customer wants AS9103 applied to 30 piece order. Quality Tools, Improvement and Analysis 2
J SPC on Multiple Cavities - Customer wants SPC done on each notch - Cylindrical part Statistical Analysis Tools, Techniques and SPC 16
D Suggestions for Ishikawa for hyperdetailed customer - plastic molding automotive parts Nonconformance and Corrective Action 9
J WAIVED ON Q1 - We Don't have to comply with FORDS customer specific requirements IATF 16949 - Automotive Quality Systems Standard 2
A Customer Approval (Medical Devices) Document Control Systems, Procedures, Forms and Templates 4
M Reduce occurrence rating based on the PMS data and customer complaint data ISO 14971 - Medical Device Risk Management 2
M IATF16949 Clause 9.1.2.1e - Customer notification related IATF 16949 - Automotive Quality Systems Standard 4
G Too many customer complaints Customer Complaints 16
lanley liao Does the customer`s trademark belong to customer-supplied property? Oil and Gas Industry Standards and Regulations 2
J Customer Complaint & SCAR, false data Nonconformance and Corrective Action 14
S Annual Inspection Layout - Based on Customer print ? IATF 16949 - Automotive Quality Systems Standard 8
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
S Calibration/Verification of customer fixtures IATF 16949 - Automotive Quality Systems Standard 6
D CB and customer audits considered as internal audits? General Auditing Discussions 9
O Informational Ford Motor Company Customer Specific Requirements for IATF 16949:2016 - 08 Jan 2021 Customer and Company Specific Requirements 0
G Bad Parts cause Customer line stop IATF 16949 - Automotive Quality Systems Standard 13
O IATF 16949 News Ford Motors Customer Specific Requirements Update - Nov 2020 IATF 16949 - Automotive Quality Systems Standard 5
D Question regarding customer feedback process ISO 13485:2016 - Medical Device Quality Management Systems 3
D Change Approval Requirements - Does every change need formal customer approval? Design and Development of Products and Processes 17
B Retention Samples when Customer Leaves Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
M Email Template that go to a customer and then get returned to us for RMA/Warranty Document Control Systems, Procedures, Forms and Templates 1
B FCA US Customer Specific IATF 16949- Critical Characteristics 8.6.2 Customer and Company Specific Requirements 0
D ISO 13485 8.2.1 and 8.2.2 - Customer Feedback and Customer Complaints ISO 13485:2016 - Medical Device Quality Management Systems 5
J Customer Complaint Response 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
V Quality review Meeting with Customer for complaints we received Customer Complaints 6
D IATF16949 - Interpretation of Customer Requirements clauses IATF 16949 - Automotive Quality Systems Standard 3
S Obligation to accept customer audits? IATF 16949 - Automotive Quality Systems Standard 23
D IATF16949 7.5.3.2.1 Record Retention - Our Product or Customer Product? Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 1
S Customer Specific Requirements (CSR) not signed/approved IATF 16949 - Automotive Quality Systems Standard 17
B FCA US IATF 16949 Customer Requirements updates Customer and Company Specific Requirements 3
G Same parts but new customer - What will the auditor ask me? IATF 16949 - Automotive Quality Systems Standard 2

Similar threads

Top Bottom