Customer wants to audit our supplier audits - seems inappropriate

We are due for a customer audit soon. They have sent the audit agenda. One of the things they want to audit is our audits of our suppliers. They are specifically wanting to see the non-conformances and follow-up.

It seems inappropriate to me to share our suppliers' information. Per my auditor training, all the information gathered in an audit is confidential.

Currently I intend to let them know that we can't share that type of information, but I would like to hear from others if/how they've handled similar requests.


Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
I understand the discomfort in sharing some sensitive data, but can't you have the customer reps signing an NDA? And I do think the customers are practicing supply chain management. They "manage" you as a supplier and the expectation is that you "manage" your suppliers. It seems to me that they want to gather evidence that your supplier assessments are robust and your suppliers (their sub-suppliers) are performing meaningful root cause analysis and effecting meaningful corrective actions.

Supply chain management is getting more complex by the day, but I do see the rationale and desire for customers to assess sub-tier suppliers and how direct suppliers manage their external sources; after all more and more business risks are being introduced by such sub-tier vendors.

Good luck.


Trusted Information Resource
Seems reasonable to me. I think you need to distinguish between the sensitive data that an auditor may see during an audit and the confidential information that is present in an audit report/corrective action.

As an auditor I expect to see the design file for a product so that I can assess the design process is being followed, I don't document the highly sensitive contents, I just document that I saw the file and there was a non conformnace because it did not contain a design review as required by etc etc.

As Sidney suggested an NDA should be adequate


Staff member
Super Moderator
Sidney, Marcelo, and pkost are correct. This can be particularly helpful if you have customer complaints that involve products you purchase from your suppliers (their sub-tier suppliers). It can potentially be a good exercise to improve supplier performance for both you and your customer.


Involved In Discussions
I will not revisit what the others above me have said, I agree with their statements.

i will, however, add when addressing this question previously I have presented the customer with partially redacted audit reports. The names and addresses of the supplier was removed along with any identifying information, but the body of the report including non-conformance and follow ups were given.

Also ensure you get the customer auditor to sign an appropriately worded NDA or CDA, but this should be standard practice for all customer audits.


Quality Manager
I was going to say something similar to Joshua. I think there is room to meet what they want and still be mindful of organizational needs. We actually had a competitor in town purchase an out of town coating facility and they used its paperwork to find customers other shops were getting work from.

Not that your customer would do that to you, just giving a real life example of weird stuff that can happen.
Thanks all for the feedback. We do have an NDA with our customer. I was concerned about audit overreach, so others' experience is very helpful. This is the first time in my 15 years that I've had an auditor request this level of detail (and we are frequently audited to ISO/VDA/IATF). I would be less uncomfortable with this in a registrar audit, but with a customer audit, I feel like we're airing our suppliers' dirty laundry (there is potential for this customer to be a direct customer to our supplier).


Staff member
It's an excellent question and I like how you're approaching it. Thing is... Supply Chains are becoming (or should at least in principle) more collaborative; upstream and downstream should be helping each other.

I think if your supplier audit program is reasonably robust and you do establish with these customers to not share any of the information outside the audit, I think you should be fine.

Ronen E

Problem Solver
Staff member
(there is potential for this customer to be a direct customer to our supplier)
Are you adding value?...

On topic: I would redact any sensitive specifics, including - as necessary - technical details. It's reasonable to require to audit your auditing process and your diligence, but this should not be an excuse to indirectly audit your suppliers.

If what they're after is actually auditing your suppliers, let it come to the light and formalise it in written agreements.
Thread starter Similar threads Forum Replies Date
C Charging a customer who wants to audit our QMS? ISO 13485:2016 - Medical Device Quality Management Systems 16
M Signed PSW directly to End customer, Tier 1 wants their own PPAP IATF 16949 - Automotive Quality Systems Standard 6
Nicole Desouza Sampling plan for a customer who wants AQL 1.0 (per ANSI Z1.4) AQL - Acceptable Quality Level 5
P Customer wants a Part Material Change - New PPAP required? APQP and PPAP 3
G Customer wants PPAP on Old Parts to New Standards APQP and PPAP 8
N Customer wants a PPAP/PSW on some Prototype Parts APQP and PPAP 6
S Boss wants customer delivery signature specimen form Customer and Company Specific Requirements 16
T Customer wants customized Software for Medical Device EU Medical Device Regulations 5
M Customer wants a Containment Plan Nonconformance and Corrective Action 8
J C of C - Customer wants their internal procedures and standards indicated with rev AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 23
J Customer wants a P-value with our initial Process Studies Statistical Analysis Tools, Techniques and SPC 4
Fender1 Management Wants to Exclude a Customer Product Line from Registration Scope ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
V Customer wants to know what CC and SC's are on supplier prints. APQP and PPAP 2
I Repair and Service Facility - Customer wants PPAP for Refurbished Equipment APQP and PPAP 3
M Customer wants each dimension, including reference, in PFMEA FMEA and Control Plans 6
W Customer wants 'Risk Based Compliance' for our Plastic Component Other Medical Device and Orthopedic Related Topics 3
J Choice of Control Limits - Customer wants to control at 4.5 sigma Statistical Analysis Tools, Techniques and SPC 23
J Customer wants to Reduce GD&T Tolerances on Sheet Metal Subassemblies Manufacturing and Related Processes 8
J RoHS Compliance - Steel - Customer wants additional samples tested RoHS, REACH, ELV, IMDS and Restricted Substances 32
A Customer wants to invoke AS9103 on one time buy of 25 piece order. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Customer wants AS9103 applied to 30 piece order. Quality Tools, Improvement and Analysis 2
J SPC on Multiple Cavities - Customer wants SPC done on each notch - Cylindrical part Statistical Analysis Tools, Techniques and SPC 16
M How to show the effect of the failure mode on the manufacturing process as a customer of product design process? FMEA and Control Plans 0
K SaMD and Customer Integrations Medical Information Technology, Medical Software and Health Informatics 2
JoCam Non CE marked device for customer review Other Medical Device Regulations World-Wide 0
L Question regarding "Customer Property" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
Sortinghat Locating Customer Supplier Manuals Customer and Company Specific Requirements 5
S Rude Customer Auditor General Auditing Discussions 18
M Customer Specific Requirements - Packaging Spec IATF 16949 - Automotive Quality Systems Standard 10
D Automotive Customer asking for ISO 14001 Certification from suppliers ISO 14001:2015 Specific Discussions 3
D Customer requirements on specific standards Various Other Specifications, Standards, and related Requirements 6
Crimpshrine13 Customer Scorecards - Missing Scorecard from one Customer IATF 16949 - Automotive Quality Systems Standard 27
B Customer Preference Testing Customer and Company Specific Requirements 2
T No Customer Response to an SCR Manufacturing and Related Processes 2
D Customer Specific Requirements / Customer Requirements for Indirect Customers IATF 16949 - Automotive Quality Systems Standard 10
H Customer Specific Change in a SaaS SAMD IEC 62304 - Medical Device Software Life Cycle Processes 1
B Put on escalation by customer? is there a requirement to notify registrar? IATF 16949 - Automotive Quality Systems Standard 6
P 7.5.10 Customer property - applies to leased/rented equipment? ISO 13485:2016 - Medical Device Quality Management Systems 10
M Customer Property - ISO 13485:2016 Clause 7.5.10 ISO 13485:2016 - Medical Device Quality Management Systems 9
R Cpk demands from automotive customer Capability, Accuracy and Stability - Processes, Machines, etc. 8
briteme4 Customer Requests FAI on Tooling Fixture AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
D Suggestions for Ishikawa for hyperdetailed customer - plastic molding automotive parts Nonconformance and Corrective Action 9
J WAIVED ON Q1 - We Don't have to comply with FORDS customer specific requirements IATF 16949 - Automotive Quality Systems Standard 3
A Customer Approval (Medical Devices) Document Control Systems, Procedures, Forms and Templates 4
M Reduce occurrence rating based on the PMS data and customer complaint data ISO 14971 - Medical Device Risk Management 2
M IATF16949 Clause - Customer notification related IATF 16949 - Automotive Quality Systems Standard 4
G Too many customer complaints Customer Complaints 16
lanley liao Does the customer`s trademark belong to customer-supplied property? Oil and Gas Industry Standards and Regulations 2
J Customer Complaint & SCAR, false data Nonconformance and Corrective Action 14
S Annual Inspection Layout - Based on Customer print ? IATF 16949 - Automotive Quality Systems Standard 8

Similar threads

Top Bottom