Don't get worried here. What you do is contact the lead auditor of the team who will be coming. This is often difficult as they are typically auditing... Sometimes you have to go through an account manager. The point is you have to discuss the base systems to begin with - which actually should have been done when a company interviewed registrars. That is the initial time to say "Our major systems are set up this way". Some companies hire a consultant like myself and we can give guidance on what and how.
If all your documentation is online in the US, how do the people in the far east have access to documents they need?
You say this will be a desk audit. Is it a pre-assessment? A gap analysis? I ask because the 'typical' sequence is:
Document Review
Pre-Assessment
Assessment
If you are doing a 'pre-pre-assessment' (often called a Gap Analysis) I'd just take your top manual(s).
When you say Desk Audit, I think pre-assesment as that's what I push for in most pre-assessments. I have fewer worries about whether people are doing what is written than I do (at this stage) about whether the systems as a whole comply within the definitions of the auditor. I don't want the registrar coming back at the registration audit and 'finding' that the company did not address something. By the time of the registration audit everyone should have already agreed that all of the systems have been reviewed, that every element of the standard is addressed and where, and that for the most part the registration audit will be 'process' oriented - seeing if people are actually doing what they are supposed to be doing and that the systems actually do work (as proven by reviews of records within the company - training records, POs, you name it). The registration audit is where they look closely at level IIIs and local work instructions in general.
If you take your manuals, that should do the trick at this stage. But ask yourself - if you need a procedure which is on a server in the US (or is part of an online software system such as an MRP system), how can you get a copy if you really need it and how long will it take.
> What do the companies send to the auditor?
Ask them what they want. Call them and ask.
> Could a company not have any discrete tier I manual or tier II manual and still go through the desk top audit?
Yes - this is where most companies have matrices to link requirements of the standard(s) to their documentation. Typically, however, companies have at least a skeleton of a quality manual.
The released ISO9001 says:
"4.2.2 Quality manual
The organization shall establish and maintain a quality manual that includes
a) the scope of the quality management system, including details of and justification for any exclusions (see 1.2),
b) the documented procedures established for the quality management system, or reference to them (read matrix or section references), and
c) a description of the interaction between the processes of the quality management system."
To fulfill line item c) I use flow chart(s) to illustrate on a high level how systems interact. In fact, there is a thread here in one of the forums (probably the ISO 9001:2000 forum) recently on how ISO 9001 now 'requires' flow charts. As I remember, this is the paragraph cited from whence the 'requirement' comes. To me it's a non-issue - I'm a flow chart fanatic and have been for over 10 years.
Line item a) is going to be like the elusive laboratory scope requirement in QS-9000 - open to interpretation on what the content should be.
[This message has been edited by Marc Smith (edited 04 January 2001).]