Follow up on Major Audit Finding

J

jeffr

#1
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
 
Elsmar Forum Sponsor
R

Reg Morrison

#3
Marcelo is right. The rules (ISO 17021) say:
9.1.15 Actions prior to making a decision
The certification body shall confirm, prior to making a decision, that
a) the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification;
b) it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all nonconformities that represent
1) failure to fulfil one or more requirements of the management system standard, or (MAJOR)
2) a situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs; (MAJOR)
c) it has reviewed and accepted the client's planned correction and corrective action for any other nonconformities.
So, there is some subjectivity at play, so you need to get the answer from your registrar. Different registrars could treat the same situation in different ways.
 
J

jeffr

#4
Not sure why this was moved, but this pertains to ISO 9001:2008

Not aware of any special rules.

Jeff
 

Mikishots

Trusted Information Resource
#5
Not sure why this was moved, but this pertains to ISO 9001:2008

Not aware of any special rules.

Jeff
This pertains to ISO 19011 because you're asking what the response from the external auditors would be. Certification recommendations are squarely in the lap of ISO 19011 and have no part of ISO 9001: 2008.
 
#6
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
Are you suggesting that they are coming in for a visit to clear just 3 non-conformities? It's been my experience that you can submit your corrective actions, audits etc and they can at least down grade the major to a minor and then close it at the first surveillance. You may want to ask why they can't do this. They may just be looking to bill you an extra day...
 
R

Reg Morrison

#7
This pertains to ISO 19011 because you're asking what the response from the external auditors would be. Certification recommendations are squarely in the lap of ISO 19011 and have no part of ISO 9001: 2008.
Actually it pertains to ISO 17021. ISO 19011 is a guidance requirement and no longer invoked by accreditation bodies.

It's been my experience that you can submit your corrective actions, audits etc and they can at least down grade the major to a minor and then close it at the first surveillance. You may want to ask why they can't do this. They may just be looking to bill you an extra day...
According to ISO 17021, before a certification decision can be made, the registrar has to verify effectiveness of correction and corrective actions. In my experience, most registrars will require an onsite visit before they consider a major NC closed. According to the OP, the major was against document control. If we make a mental exercise and "guess" that too many obsolete documents were being used during the stage 2 audit, it would be justified to perform a re-visit to assess for themselves that obsolete documents are no longer being used and they have changed the system that allowed people to used outdated documents. I think it would be very hard to assess that, remotely, based on submitted information via an email.
 
#8
And, Reg, you stated the NC be "Closed". It's been a long standing practice to down grade to a minor when the quantity and severity didn't justify a special visit. I don't see anything in ISO/IEC 17021 precluding such an option. I did make the point of it being downgraded - and hence still left "open" for verification at the next visit...
 
R

Reg Morrison

#9
Well, while it is true that registrars use the ?downgrade? path, that is a "loophole" because ISO 17021 states:
The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future surveillance audits) will be needed to verify effective correction and corrective actions.
ISO 17021 does not explicitly prohibit ?downgrading? of NC?s.

But in order to "downgrade" a nonconformity, the auditor would have to be "satisfied" with the evidence being submitted for review, instead of performing another onsite visit.

And that is the "subjectivity" that I mentioned in my first post in this thread. Some auditors would like to see for themselves (as required by ISO 17021) the EFFECTIVENESS of correction and corrective action. Others (more concerned in keeping the certification effort affordable for their customers) would accept customer-supplied evidence to downgrade the NC.

Depending on the actual nature of the NC, and the necessary corrections and corrective actions, a revisit could be totally justified. Or, like you said, it could be just another way of parting the client from their money.
 
P

pldey42

#10
Hi,

Recently had a registration audit and received 2 minors and one major (document control). We have put a lot of work in fixing everything and a question came up.

When the auditor returns to review the corrective action of the major, what would happen if we overlooked an item/area and it was discovered during the audit and it was at the level of a minor NC.

Would we be recommended for certification pending corrective documentation ?

Would we be recommended for certification pending corrective documentation and another Corrective Action Audit ?

thanks,

Jeff
I think you should ask the person who raised the question how the answer helps.

You can't plan to overlook something. And if you do, you can't be sure it will be regarded as minor, given the subjective nature of grading NCs. So if the answer to the question is, "Sure, go ahead and overlook stuff, it's minor," what are you going to do differently? Shrug, say "We've done a lot of work," and hope for the best? Is that the way you'd like your new QMS to continue?

I would regard an NC in a corrective action as an indicator that CA, itself, is unreliable. If both CA and document control are unreliable, that's a poor basis for a QMS that should bring stability to processes.

Also, that an issue was overlooked raises questions about the effectiveness of the review of the CA that's required in 8.5.2.f - and in turn, calls the internal audit process into question if that was used for the CA review.

The suggestion that a lot of work has been put into the fix might be an indicator that resources are scarce and management commitment weak. And minor oversights have a habit of becoming major NCs if they're not discouraged.

(I'm surprised to learn that CBs can downgrade majors to minor sight unseen; once they know the client and have seen several CAs effectively closed, maybe, but on the first certification audit?)

If it were me (and many would be glad it's not) I'd take the opportunity to turn the question back to whomever asked it - especially if they're a senior manager - and ask them how much they want certification, and to please help assure there are no minor NCs here, or anywhere else, by supporting proper resourcing and auditing of CAs.

Many successful quality managers I've seen use fear of failing audits to get things done. (Yes, Deming said drive out fear, and he was right, but that's another discussion.) If there's wriggle room - as this discussion indicates there might be - they keep it to themselves as a quiet, undeclared contingency plan - to use, for example, if they overlook something themselves!

Just 2c
Pat
 
Thread starter Similar threads Forum Replies Date
J Requirement of on-site follow up for Major CARs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
qualprod Ineffective follow up of people performance - Audit Nonconformance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
K Post Market Clinical Follow up and CE Marking for Class IIb medical X-Ray products CE Marking (Conformité Européene) / CB Scheme 1
MrTetris When a follow-up summative evaluation is not required? IEC 62366 - Medical Device Usability Engineering 1
C Spares Market Supplier - Do we need to follow AS9110 or AS9100? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
qualprod Which standard to follow, local or international? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Marc US wind capacity surpasses hydro, overall generation to follow World News 0
A Not all characteristics follow a Normal Distribution - How do you do SPC Chart Capability, Accuracy and Stability - Processes, Machines, etc. 5
A Difference Between Complaints and Feedbacks in terms of Follow-Up Actions Needed Customer Complaints 3
T Difference betwee General vs. Follow-up Inspections US Food and Drug Administration (FDA) 3
P For medical device regulations in India, do I follow CDSCO or BIS ? Other Medical Device Regulations World-Wide 1
S ISO 9001:2008 Lead Auditor Exam Fail - How to follow up? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A How do you motivate employees to follow the QMS? Quality Manager and Management Related Issues 18
F Does United Kingdom (UK) follow ISO 17025 and ISO 17020? ISO 17025 related Discussions 14
T Are Customers required to follow a Manufacturers Maintenance Schedule? ISO 13485:2016 - Medical Device Quality Management Systems 3
E Timeline for Issuance of ISO 9001:2008 Certificate after Follow Up Audit Registrars and Notified Bodies 4
D Need to follow-up Internal Audit 'Observations' ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
Mikishots The Follow-Up Look Coffee Break and Water Cooler Discussions 1
M ISO/TS 16949:2009 Follow-up Audit Visits to create more Revenue IATF 16949 - Automotive Quality Systems Standard 12
GStough Is "Did Not Follow Procedures" Sufficient for RCA? Problem Solving, Root Cause Fault and Failure Analysis 30
S Post Market Clinical Follow up (PCMF) Clarification EU Medical Device Regulations 6
T Selecting which MDD 93/42/EEC Annex to follow - PACS software system CE Marking (Conformité Européene) / CB Scheme 2
H Follow up mail for the submitted resignation, reminder mail of submitted resignation Career and Occupation Discussions 4
D CAPA Follow-up - Format for Addressing the Assessment ISO 13485:2016 - Medical Device Quality Management Systems 4
B How many days after an interview should I follow up on the status of the interview? Career and Occupation Discussions 10
M What Indicator should we use to follow Incident Containment Nonconformance and Corrective Action 2
B How to handle/follow supervisor and department head with different supervisory style? Quality Manager and Management Related Issues 7
D CSA and UL Process and Materials Follow Up Audits Qualification and Validation (including 21 CFR Part 11) 3
Q Engineering Documents Names should follow Quality Naming Coding? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
C Operator Forgot to Follow Procedure - Now What? Manufacturing and Related Processes 6
G Legacy Product - Do we need follow QSR 820? Design Verification and Validation 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 12
R Internal Audit Report Nonconformance Follow Ups Internal Auditing 5
A Microbiological Laboratory Waste Disposal Procedure(s) do you follow? General Measurement Device and Calibration Topics 4
L Lost in the Post-Market Surveillance Clinical Follow-up EU Medical Device Regulations 1
Anerol C What protocol do you follow to stop the production line? Nonconformance and Corrective Action 9
J Certification Body follow up on clearing Audit Nonconformances Registrars and Notified Bodies 4
Y Phone Interview for Job - Help on Follow Up Career and Occupation Discussions 3
B What MDD (Medical Device Directive) Annex to follow for Class I device? EU Medical Device Regulations 14
L Calibration of Dial Thickness Gauge - What reference standard need I follow? General Measurement Device and Calibration Topics 5
T How to establish KPI Disposal and Follow Up Process Quality Tools, Improvement and Analysis 7
J Preventive Action Follow Up Preventive Action and Continuous Improvement 11
K Post-Market Clinical Follow-up as part of Post Market Surveillance? EU Medical Device Regulations 15
D Dealing With a Chinese Supplier to follow up on quality problems Quality Manager and Management Related Issues 26
L Surveys for post-market clinical follow-up EU Medical Device Regulations 1
G Change of procedure for handling new projects - do the ongoing ones need to follow? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B Newbie, easy to follow guide for organizing/assembling very first PPAP booklet APQP and PPAP 3
D 'Post market surveillance' versus 'Post Market Clinical Follow Up' EU Medical Device Regulations 18
D Is post-market clinical follow-up needed for IVD-MDs? MDD (Annex X, 1.1c) EU Medical Device Regulations 5
C Should Preventative Action follow a Corrective Action Nonconformance and Corrective Action 27
J Control of Product Drawings - Engineers don't follow the same protocol ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21

Similar threads

Top Bottom