J
Judy Deja
In management review, it is stated that you review the entire quality system once per year. If you cover all the elements in your internal audits, does the system audit have to be done (in addition) to remain in compliance?
Judy,
No, you do not have to, provided Internal Quality Audits cover all elements in the standard (over a defined period).
However, there are advantages to doing a complete Quality System audit. A system is made up of several activities, each dependent in some form or manner to the others. By doing section audits, you tend to look at the system 'parts' as being independent, which they are not (correlations may be weak or strong and not always obvious).
My suggestion: do a Quality System audit first. Identify areas of weakness and schedule follow-up section audits to help improve and reinforce standard practices.
Regards,
Kevin
No, you do not have to, provided Internal Quality Audits cover all elements in the standard (over a defined period).
However, there are advantages to doing a complete Quality System audit. A system is made up of several activities, each dependent in some form or manner to the others. By doing section audits, you tend to look at the system 'parts' as being independent, which they are not (correlations may be weak or strong and not always obvious).
My suggestion: do a Quality System audit first. Identify areas of weakness and schedule follow-up section audits to help improve and reinforce standard practices.
Regards,
Kevin
S
Sam
IMO, yes. The audit serves the purpose of providing evidence of your compliance with the requirements.
The review required in 4.1.3 is for continuing suitability and effectiveness; apples and oranges.
Now, if you want to be creative you can include in your audit checklist questions that relate to S&E. I tried this approach at a previous employer and it was accepted by the auditor, but not without question, i.e., how is S$E accomplished effectively without a team review.
The review required in 4.1.3 is for continuing suitability and effectiveness; apples and oranges.
Now, if you want to be creative you can include in your audit checklist questions that relate to S&E. I tried this approach at a previous employer and it was accepted by the auditor, but not without question, i.e., how is S$E accomplished effectively without a team review.
....more for the mix.
Marc answered a post a couple of days back about registered organizations having to have all ISO elements present for ISO registration. Marc stated that the elements (and points within each) had to be satisfied prior to registration. With this I agree entirely!! How is this accomplished?
Here are some of my observations:
I have seen it where all elements had to be present within the Quality Program and the Quality System, and both had to pass Suitability, Compliance, and effectiveness for Registration. This was with what I consider to be a reputable Registrar.
I have seen it where all elements had to be present within the Quality Program and mostly deployed within the Quality System, and where not, a plan for deployment would suffice. Effectiveness was of little consideration, but Suitability and Compliance were reviewed (as applicable). This was done by what I would consider a less-than-reputable registrar.
In both situations, both organizations were registered. Needless to say, the registration of the organization without complete compliance surprised the heck out of me. It happens often enough, I'm sure, but should not.
Also as an observation, the Surveillence Audits of Registrars have been less than a complete Quality System audit. They hit core elements (what they consider core) and a few additional elements when performing the surveillence. The goal of the Registrar is to see all elements over the three year registration period (sometimes duplicating the core elements, sometimes not). This I akin to the Internal Quality Audits, performed in areas or for documents rather than the complete system audit. It seems to be common practice both from my experience as an observer and from information I have read (here and elsewhere).
With this stated, my position is this: A system is not the sum of its parts. The parts are not separate, and as such, should not be audited separately. However, the practice of Registrars (beyond the initial registration audit) and the other auditing programs I have seen and used successfully, suggest to me otherwise. I guess I am a bit of a hypocrit, but I can change.
Regards,
Kevin
Marc answered a post a couple of days back about registered organizations having to have all ISO elements present for ISO registration. Marc stated that the elements (and points within each) had to be satisfied prior to registration. With this I agree entirely!! How is this accomplished?
Here are some of my observations:
I have seen it where all elements had to be present within the Quality Program and the Quality System, and both had to pass Suitability, Compliance, and effectiveness for Registration. This was with what I consider to be a reputable Registrar.
I have seen it where all elements had to be present within the Quality Program and mostly deployed within the Quality System, and where not, a plan for deployment would suffice. Effectiveness was of little consideration, but Suitability and Compliance were reviewed (as applicable). This was done by what I would consider a less-than-reputable registrar.
In both situations, both organizations were registered. Needless to say, the registration of the organization without complete compliance surprised the heck out of me. It happens often enough, I'm sure, but should not.
Also as an observation, the Surveillence Audits of Registrars have been less than a complete Quality System audit. They hit core elements (what they consider core) and a few additional elements when performing the surveillence. The goal of the Registrar is to see all elements over the three year registration period (sometimes duplicating the core elements, sometimes not). This I akin to the Internal Quality Audits, performed in areas or for documents rather than the complete system audit. It seems to be common practice both from my experience as an observer and from information I have read (here and elsewhere).
With this stated, my position is this: A system is not the sum of its parts. The parts are not separate, and as such, should not be audited separately. However, the practice of Registrars (beyond the initial registration audit) and the other auditing programs I have seen and used successfully, suggest to me otherwise. I guess I am a bit of a hypocrit, but I can change.
Regards,
Kevin
Just to clarify: All elements have to be addressed as opposed to present. Most elements have to be present - such as you cannot opt out of the Internal Audits requirement but some companies may not do design (and as such can exclude design from their registration scope and they need not have a defined design system).
The 9001:2000 is actually addressing this plainly with 1.2 Permissible Exclusions.
Marc,
Agreed! I was totally stupified. When the Management Rep called me to tell me they had passed, I was totally amazed. They hadn't done one corrective action, no internal audits were performed, and document control was in shambles. If I had placed a bet, I would have lost heavy! Additionally, the registration audit only covered 6 elements (the rest to do on subsequent surveillence audits)! 6! What a joke! This certainly does not promote confidence, not for me anyway.
Regards,
Kevin
p.s. As a point of clarification, IMO, before calling a registrar in for your registration audit, all elements must be audited internally. Otherwise, how can you assure that all elements have been addressed (as appropriate) and you are compliant with the program? My comment to Judy is in regard the fashion the elements are audited, as I take it from her post. Should a complete System Audit be performed, or can you break it into smaller 'element' audits, or, do you have to do both? My thoughts on that are above. Regards
[This message has been edited by Kevin Mader (edited 22 March 2000).]
Agreed! I was totally stupified. When the Management Rep called me to tell me they had passed, I was totally amazed. They hadn't done one corrective action, no internal audits were performed, and document control was in shambles. If I had placed a bet, I would have lost heavy! Additionally, the registration audit only covered 6 elements (the rest to do on subsequent surveillence audits)! 6! What a joke! This certainly does not promote confidence, not for me anyway.
Regards,
Kevin
p.s. As a point of clarification, IMO, before calling a registrar in for your registration audit, all elements must be audited internally. Otherwise, how can you assure that all elements have been addressed (as appropriate) and you are compliant with the program? My comment to Judy is in regard the fashion the elements are audited, as I take it from her post. Should a complete System Audit be performed, or can you break it into smaller 'element' audits, or, do you have to do both? My thoughts on that are above. Regards
[This message has been edited by Kevin Mader (edited 22 March 2000).]
It no longer surprises me what registrars let companies get away with - which, of course, denigrates the whole process and the 'meaning' (such as it is) of ISO9001 registration.
Anything for a buck.
I will also admit that the same is true of 'consultants' any more. There's thousands of inept 'newbies' out there. (Of course, I'm not one of them!
)
Anything for a buck.
I will also admit that the same is true of 'consultants' any more. There's thousands of inept 'newbies' out there. (Of course, I'm not one of them!
Marc,
I believe it would be rather difficult to sink to that level. You'd have to be in a walking coma.
The pursuit of the 'almighty dollar' drives a lot of good ideas down the tubes. That's really too bad!
Kevin
I believe it would be rather difficult to sink to that level. You'd have to be in a walking coma.
The pursuit of the 'almighty dollar' drives a lot of good ideas down the tubes. That's really too bad!
Kevin