How long is delay?

qcman

Registered Visitor
We had a couple osha violations and received the report 2 weeks ago. The issues were quickly resolved and submitted for approval ( have not received response back yet). Anyhow we received a minor during our ISO 9001 audit for not reporting the violations to our registrar based on the contract verbiage below. Specifically " without delay" Since they cant define what time frame constitutes delay I am wondering what the group thinks? My thought was after submitting corrections would be sufficient.


" In the event the Client receives a Notice of Violation for any significant breach of regulatory requirements or suffers a serious incident applicable to the management system certification (i.e., safety incident when certified to an Occupational Health and Safety Management system such as ISO 45001, or environmental incident if certified to ISO 14001), the Client is obligated to notify registrar without delay of such incidence. "
 

geoffairey

Involved In Discussions
Contractually, I would interpret this as “As soon as you reasonably can” after receiving the notification.

If you feel that you reported it in a timely manner, I would push back.

I’d be more interested in the use of the term *Significant* in deciding whether whatever happened should have been reported to the CB at all.
 

Sidney Vianna

Post Responsibly
Leader
Admin
We had a couple osha violations and received the report 2 weeks ago. The issues were quickly resolved and submitted for approval ( have not received response back yet). Anyhow we received a minor during our ISO 9001 audit for not reporting the violations to our registrar based on the contract verbiage below. Specifically " without delay" Since they cant define what time frame constitutes delay I am wondering what the group thinks? My thought was after submitting corrections would be sufficient.


" In the event the Client receives a Notice of Violation for any significant breach of regulatory requirements or suffers a serious incident applicable to the management system certification (i.e., safety incident when certified to an Occupational Health and Safety Management system such as ISO 45001, or environmental incident if certified to ISO 14001), the Client is obligated to notify registrar without delay of such incidence. "
The OSHA notices of violation are out of scope for a 9001 audit. The language from the contract that you copied talks about relevant regulatory issues and it is boilerplate clause for all different management system standards. An OSHA violation is related to occupational health and safety. This has nothing to do with the QMS. Talk to the technical manager at the CB and void this “caca de toro” NC.
 

qcman

Registered Visitor
The OSHA notices of violation are out of scope for a 9001 audit. The language from the contract that you copied talks about relevant regulatory issues. An OSHA violation is related to occupational health and safety. This has nothing to do with the QMS. Talk to the technical manager at the CB and void this “caca de toro” NC.
That was my exact reply to the auditor. I do plan on having that conversation for your stated reasons.
 

yodon

Leader
Super Moderator
I hope, @qcman , that you will update this post after your discussion with the CB.

I am hoping to hear they agree, but the wording in the finding was interesting, almost sounding like it was pulled from the agreement.

In 9001, section 1, Scope, they say:

This International Standard specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements,

(I added the emphasis) I keep seeing posturing from auditors expanding the scope beyond just the indicated standard. For example, in the medical device industry, in the EU, device companies need to comply with the data protection regulation (GDPR). This would seem like an "applicable regulatory requirement" that could fall under the scope. This finding pushes the envelope a bit further, requiring notification. Lines are getting fuzzier, it seems.
 

Golfman25

Trusted Information Resource
As Sidney said it's Not Applicable. The contract language even says such -- "safety incident when certified to an Occupational Health and Safety Management system." As this is in the ISO 9000 forum, I assume we are talking that. I would push back really hard. Good luck.
 

Golfman25

Trusted Information Resource
I hope, @qcman , that you will update this post after your discussion with the CB.

I am hoping to hear they agree, but the wording in the finding was interesting, almost sounding like it was pulled from the agreement.

In 9001, section 1, Scope, they say:

This International Standard specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements,

(I added the emphasis) I keep seeing posturing from auditors expanding the scope beyond just the indicated standard. For example, in the medical device industry, in the EU, device companies need to comply with the data protection regulation (GDPR). This would seem like an "applicable regulatory requirement" that could fall under the scope. This finding pushes the envelope a bit further, requiring notification. Lines are getting fuzzier, it seems.
My experience is that it was generally read to mean "applicable to the product." So if you're automotive, there are a series of automotive regs that need to be met. If you in say child toys, there are consumer product requirements that need to be met. OHSA is too broad and applies to some extent to every workplace -- not products/services.
 

yodon

Leader
Super Moderator
OHSA is too broad
I would agree, but playing devil's advocate (not to say that every CB is satanic, by any means!), wouldn't OSHA be an "interested party"?

Again, I'm really hoping the scope can be well-defined and limited to the specific standard, but I just keep seeing thees examples.
 

Johnnymo62

Haste Makes Waste
needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements,

The company isn't to be evaluated. The products and services are.
 
Top Bottom