Above all, work with your customer. If you have an SQE with some sense, you'll only have to provide data regarding the change.
Just to expand on Enghabashy's statement; the 2nd party audit does NOT need to be performed by you, depending on how you have written your supplier development/management process. For example, if the supplier is registered/certified to IATF 16949, then that would (in general) suffice, AS LONG AS you state that in your process.
We do monitor and make sure that our suppliers stay up to date with there ISO Certification. My next question for you is where does it state that in the ISO Requirements that we can do that for PPAP's? I just want to make sure to cover my self with proof.Spentzosk: Yes, in my opinion this would comply with ISO 9001 requirements. However, simply stating that your suppliers are ISO certified does not end your responsibilities. You need to monitor your suppliers, to ensure that they maintain their registration/certification. You also need to work WITH your suppliers to assist them in improving their services to you. There may also be Customer Specific Requirements which you need to adhere to as well.