Integrated QMS and audit

Moncia

Quite Involved in Discussions
Good morning

I have two questions please. I took over existing QMS which supposed to be integrated - but I do see very little of that. The current system consist of ISO 9001 for two locations and ISO 14001 for one ( we will run gap analysis soon to see if we can incorporate our Manchester site under the scope of our ISO 14001) So as you can see its becoming complex system . Can you please advise, share good ideas / practice how to properly integrate these two. We are in the process of implementing another standard - ISO 50001. But I need to review and revise what we have before I start adding new standard on top of it
Talking about ISO 9001 with 14001 and 50001 - does anyone have experience with integrating all three? Any advice will be greatly appreciated as I am not sure what I'm doing :(
Second part of my question - is there an integrated third party audit?
I sat at the surveillance audits for our ISO 9001 for two locations and 14001 - they are all split and separate even thought it is the same registrar. What surprised me was three different auditors looked at exactly the same documents during first parts of their respective audits - wasting 1.5 days. Seriously they all started from the same generic docs. so my question is - as we have an integrated QMS - is there an integrated audit option we can request. I think its a waste of everybody's time going over and over the same documents three times
Please advice

Thank you
 

Randy

Super Moderator
is there an integrated audit option we can request. I think its a waste of everybody's time going over and over the same documents three times

Yep, and if your current registrar can't do it change registrar's because from your statements they seem to either be incapable or they might be billing you for work in a fashion that doesn't have to be done. Everything you're asking has been in play for over 2 decades and effectively done, it ain't new, it's not unusual and I've already done over half a dozen integrated 3rd party audits this year and I'm doing one this week (maybe not to 50001).
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
Hello, Moncia,

The approach of a gap analysis is a good one paired up with the understanding of how the standards overlap. There are common elements between them, so if there is a gap with one standard, there may also be a gap with another.

When we integrated multiple management system standards in a previous position, we found it easier to create a structure based on our own Business Management System (BMS). Our foundations were in Plan-Do-Study-Act (PDSA) and we created a matrix showing how each standard fit into the PDSA cycle (sometimes, this meant pulling a section of a standard apart, so part of it was in S with another part in A. However, this was our system and we challenged every external auditor to tell us we were wrong - none did.

When it came to procedures, we created common procedures wherever possible. If there were exceptions, specific to a particular standard, we made a note of that in our procedure. Work instructions contained relevant information for all standards that were a part of our BMS.

We also used common "tools" - one document control system, one internal audit system, one corrective action system, etc. This not only helped us gather data into common repositories allowing for "big data analysis," it also helped create a culture that this was OUR system. We didn't do things for ISO XXXX, we made ISO XXXX work for us.

As for external audits, we did eventually integrate them as our integration matured. Early on, we kept them separate, while ensuring our external auditors stayed within their respective scope.
 

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
I suggest you contact your cert provider on this. We once had a 9001 and 13485 system that were separate except the document control and change process was shared. Our 9001 body rejected that and forced us to keep them separate.
 

Moncia

Quite Involved in Discussions
Yep, and if your current registrar can't do it change registrar's because from your statements they seem to either be incapable or they might be billing you for work in a fashion that doesn't have to be done. Everything you're asking has been in play for over 2 decades and effectively done, it ain't new, it's not unusual and I've already done over half a dozen integrated 3rd party audits this year and I'm doing one this week (maybe not to 50001).

I will definitely be asking for quotes - now that I am sure I can ask for an integrated audit. I was not impressed with what I saw when I sat at the current external audits
 

Sidney Vianna

Post Responsibly
Leader
Admin
I will definitely be asking for quotes - now that I am sure I can ask for an integrated audit. I was not impressed with what I saw when I sat at the current external audits
You need to become aware of the IAF Mandatory Document # 11, then. Definitions and terminology also play a role:

A combined audit is when an organization is being audited against the requirements of two or more management systems standards together.

An integrated audit is when an organization has integrated the application of requirements of two or more management systems standards into a single management system and is being audited against more than one standard.

And, don't forget to scroll down the page and browse the similar threads sections as this issue has been discussed a number of times, already. Good luck.

Integrated QMS and audit
 
Top Bottom