Customer wants to audit our supplier audits - seems inappropriate

We are due for a customer audit soon. They have sent the audit agenda. One of the things they want to audit is our audits of our suppliers. They are specifically wanting to see the non-conformances and follow-up.

It seems inappropriate to me to share our suppliers' information. Per my auditor training, all the information gathered in an audit is confidential.

Currently I intend to let them know that we can't share that type of information, but I would like to hear from others if/how they've handled similar requests.


Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
I understand the discomfort in sharing some sensitive data, but can't you have the customer reps signing an NDA? And I do think the customers are practicing supply chain management. They "manage" you as a supplier and the expectation is that you "manage" your suppliers. It seems to me that they want to gather evidence that your supplier assessments are robust and your suppliers (their sub-suppliers) are performing meaningful root cause analysis and effecting meaningful corrective actions.

Supply chain management is getting more complex by the day, but I do see the rationale and desire for customers to assess sub-tier suppliers and how direct suppliers manage their external sources; after all more and more business risks are being introduced by such sub-tier vendors.

Good luck.


Trusted Information Resource
Seems reasonable to me. I think you need to distinguish between the sensitive data that an auditor may see during an audit and the confidential information that is present in an audit report/corrective action.

As an auditor I expect to see the design file for a product so that I can assess the design process is being followed, I don't document the highly sensitive contents, I just document that I saw the file and there was a non conformnace because it did not contain a design review as required by etc etc.

As Sidney suggested an NDA should be adequate


Staff member
Super Moderator
Sidney, Marcelo, and pkost are correct. This can be particularly helpful if you have customer complaints that involve products you purchase from your suppliers (their sub-tier suppliers). It can potentially be a good exercise to improve supplier performance for both you and your customer.


Involved In Discussions
I will not revisit what the others above me have said, I agree with their statements.

i will, however, add when addressing this question previously I have presented the customer with partially redacted audit reports. The names and addresses of the supplier was removed along with any identifying information, but the body of the report including non-conformance and follow ups were given.

Also ensure you get the customer auditor to sign an appropriately worded NDA or CDA, but this should be standard practice for all customer audits.


Quality Manager
I was going to say something similar to Joshua. I think there is room to meet what they want and still be mindful of organizational needs. We actually had a competitor in town purchase an out of town coating facility and they used its paperwork to find customers other shops were getting work from.

Not that your customer would do that to you, just giving a real life example of weird stuff that can happen.
Thanks all for the feedback. We do have an NDA with our customer. I was concerned about audit overreach, so others' experience is very helpful. This is the first time in my 15 years that I've had an auditor request this level of detail (and we are frequently audited to ISO/VDA/IATF). I would be less uncomfortable with this in a registrar audit, but with a customer audit, I feel like we're airing our suppliers' dirty laundry (there is potential for this customer to be a direct customer to our supplier).


Staff member
It's an excellent question and I like how you're approaching it. Thing is... Supply Chains are becoming (or should at least in principle) more collaborative; upstream and downstream should be helping each other.

I think if your supplier audit program is reasonably robust and you do establish with these customers to not share any of the information outside the audit, I think you should be fine.

Ronen E

Problem Solver
Staff member
(there is potential for this customer to be a direct customer to our supplier)
Are you adding value?...

On topic: I would redact any sensitive specifics, including - as necessary - technical details. It's reasonable to require to audit your auditing process and your diligence, but this should not be an excuse to indirectly audit your suppliers.

If what they're after is actually auditing your suppliers, let it come to the light and formalise it in written agreements.
Thread starter Similar threads Forum Replies Date
C Charging a customer who wants to audit our QMS? ISO 13485:2016 - Medical Device Quality Management Systems 16
Nicole Desouza Sampling plan for a customer who wants AQL 1.0 (per ANSI Z1.4) AQL - Acceptable Quality Level 5
P Customer wants a Part Material Change - New PPAP required? APQP and PPAP 3
G Customer wants PPAP on Old Parts to New Standards APQP and PPAP 8
N Customer wants a PPAP/PSW on some Prototype Parts APQP and PPAP 6
S Boss wants customer delivery signature specimen form Customer and Company Specific Requirements 16
T Customer wants customized Software for Medical Device EU Medical Device Regulations 5
M Customer wants a Containment Plan Nonconformance and Corrective Action 8
J C of C - Customer wants their internal procedures and standards indicated with rev AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 23
J Customer wants a P-value with our initial Process Studies Statistical Analysis Tools, Techniques and SPC 4
Fender1 Management Wants to Exclude a Customer Product Line from Registration Scope ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
V Customer wants to know what CC and SC's are on supplier prints. APQP and PPAP 2
I Repair and Service Facility - Customer wants PPAP for Refurbished Equipment APQP and PPAP 3
M Customer wants each dimension, including reference, in PFMEA FMEA and Control Plans 6
W Customer wants 'Risk Based Compliance' for our Plastic Component Other Medical Device and Orthopedic Related Topics 3
J Choice of Control Limits - Customer wants to control at 4.5 sigma Statistical Analysis Tools, Techniques and SPC 23
J Customer wants to Reduce GD&T Tolerances on Sheet Metal Subassemblies Manufacturing and Related Processes 8
J RoHS Compliance - Steel - Customer wants additional samples tested RoHS, REACH, ELV, IMDS and Restricted Substances 32
A Customer wants to invoke AS9103 on one time buy of 25 piece order. AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
A Customer wants AS9103 applied to 30 piece order. Quality Tools, Improvement and Analysis 2
J SPC on Multiple Cavities - Customer wants SPC done on each notch - Cylindrical part Statistical Analysis Tools, Techniques and SPC 16
P Customer Corrective Action Requests in OASIS? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
Ooi Yew Jin Customer E audit preparation Quality Manager and Management Related Issues 2
Q Managing a "special" customer into the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
C Certificate of Conformance Form - COC for each customer a controlled document? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
R Who is the customer in the ISO/IEC 17025:2017? ISO 17025 related Discussions 1
BeaBea ISO 9001 Customer Feedback Methods - What has worked for your company? Service Industry Specific Topics 16
T Root Cause Failure Analysis - Not following Customer packaging Specification Problem Solving, Root Cause Fault and Failure Analysis 5
V Customer Print Specifications on PFMEA FMEA and Control Plans 13
S Issuing of CoC to Customer in a Word or Excel format ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Design Transfer Template capturing Customer Specific Requirements Other Medical Device Related Standards 3
W Direct to customer export of medical device (class I: prescription lenses + frame) US Food and Drug Administration (FDA) 2
S How to treat a customer complaint ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
I ISO 9001:2015 Section 9.3.2 C1 "customer satisfaction and feedback from relevant interested parties" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
JoCam Labeling to Customer Requirements EU Medical Device Regulations 1
T Advice needed - Environmental MS - unwritten but customer requests policy document ISO 14001:2015 Specific Discussions 5
Q Customer Satisfaction through On-Time Delivery ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
Pau Calvo PPAP customer requirements in the APQP APQP and PPAP 22
T Nonconforming product at customer detected by a routine inspection by field service Nonconformance and Corrective Action 9
0 PPM calculation of customer complaints for PMS Customer Complaints 10
A Definition of customer in ITP (Inspection & Test Plan) Contract Review Process 3
I MSA requirement for 5 Micrometers + CP changes need customer approval? IATF 16949 - Automotive Quality Systems Standard 2
F Struggling with a root cause analysis - Customer Returns - Escape issue Problem Solving, Root Cause Fault and Failure Analysis 15
S Best software for customer support/complaints? Customer Complaints 0
F ISO 17025 8.6.2 Customer Feedback Analysis ISO 17025 related Discussions 5
N Customer asking if their notified body can audit us ISO 13485:2016 - Medical Device Quality Management Systems 5
N ISO 9001:2015 Customer Complaints Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
PhilM Nonconformance report, Customer complaint investigations and RMAs ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
G Problem Resolution Report Monitoring - Customer complaint or PRR as general motors use Customer Complaints 12
Ron Rompen 2D matrix issue - Parts (machined steel) returned from the customer Design and Development of Products and Processes 0
Similar threads

Top Bottom