Interesting Nonconformance During Upgrade Audit to ISO 9001:2008

[JaneB]

These are the kind of non-substantive issues which kill. As you said, you need to pick you battles and it was easier to "fix" than to fight.

Yes indeed. How trivial and petty.

 

[amanbhai]

Re: Interesting NC During Upgrade To ISO-2008

One of the CB audit aspect is to check the use of mark, having provided guidance on how to use the mark after certification. Am I correct ?

OUr accreditation body is very unhappy with us for not using the accreditation body mark for our testing labs.

 

[Paul Simpson]

I think most of this has been covered now ... but hey,

[FONT=&quot]2 weeks ago I assisted an organization with their upgrade audit to the ISO 9001:2008 standard.

Note: They are/have been certified to the ISO-2000/AS9100-B standard for many years. Interestingly they had a re-cert audit last year (same time of year) & received re-cert to AS9100-B. For some reason the CB did not include the ISO upgrade in the scope of the audit; thus forcing the organization to spend more $$ this time around for requirements that were literally just assessed.?.?.?[/FONT]

A lot of CBs do this. Despite the fact that ISO says no further assessment work is required the CB takes advantage of a deadline to add a day or two. Brinksmanship often leading to profiteering.

[FONT=&quot]The audit itself went well and the upgrade will happen. They/we actually had only 2 NC's noted; one of which I find very questionable and I would like to get the thoughts of other professionals as to the validity of the NC.[/FONT]

[FONT=&quot]Note: I did tactfully discuss the NC with the CB auditor but he was sticking to his guns and it is a very, very, easy fix. That being said I didn't and do not want to start (as we say in the south) a pissing contest and make a mountain over a molehill. Keep in mind that while I understand the angle of proper disposition, you need to pick & choose your battles; sometimes it's better to just let sleeping dogs lie (clique).[/FONT]

Your choice. I understand the ‘sleeping dogs lie’ approach but personally find it often leads to problems down the road as the auditor feels they can lay their own particular law down.


Here is the NC as recorded on the report:

"The quality manual has not been updated to ISO 9001:2008"


"The organization shall establish and maintain a quality manual that
includes the scope of the quality management system, including details of and justification for any exclusions (see 1.2)"

The changes to the 2008 edition were minor without any significant changes to the requirements for the quality manual so my question would be - what updates are required? All the QM requirements are listed in 4.2.2. If there is anything listed that you don’t meet then there is an NC. If everything is met then at best you have an OFI based on an auditor’s opinion.

[FONT=&quot]Here's the thing, I understand that the QM should reflect 2008, however, in my opinion & understanding, an organization cannot publish any form of media stating conformity to a standard that they have not yet been "officially" granted certification to. Actually per this particular CB’s procedure, the only allowable form of certification publication must reflect what is on the certificate, exactly.

[/FONT] [FONT=&quot]So, is the NC valid? I feel it could/should have been handled differently. Should an organization change and circulate (externally) documentation stating certification to a standard that they have not yet been certified to?[/FONT] I don't think so.

As has been mentioned elsewhere you can claim compliance with any standard before you are certified but you might be in breach of trading standards law (here in the UK) if you make a claim that is found not to be true (generally only challenged when you have breached another contract with a customer).

[FONT=&quot]While I understand the angle that the QM should be conformant to the standard, it must be kept in mind that this document, the organizations QM, is circulated weekly as need be. This is dangerous ground in my view and if CB's write NC's in this regard it could lead us down a path we didn't anticipate.[/FONT]

It literally took me 5 minutes to correct this and define the root cause, which was fun to concoct.

Please share your thoughts....

Exactly. The ‘5 minutes’ is the tip of the iceberg. Designing your system to meet an auditor’s opinion is a slippery slope.

CB at my last job made us put the rev year.

didn't write an NC though. Noted it in the pre-audit QM review and we had it fixed before he showed up.

I'm thinking the auditor in the OP's post didn't do a pre-audit quality manual review.

Another ‘finding’ that is incorrect. Taking a silly example (I hope ): If you have a manual that refers to ISO 9002: 1987 the auditor might ask why it hasn’t been changed but the QM is your statement and you might want to address this obsolete edition - your choice. If you have forgotten to update the reference then an auditor may raise a finding if s / he thinks you might need a further reminder.

If, on the other hand, you make reference to the standard number on its own (without the year) again there is no nonconformity. Any assessment of your system is by agreement and / or contract against the edition you choose - normally the latest edition. But, as my post above addresses sometimes you are working to an old edition as you make a transition or by choice.

 

[Paul Simpson]

Re: Interesting NC During Upgrade To ISO-2008

OUr accreditation body is very unhappy with us for not using the accreditation body mark for our testing labs.

Many certification and accreditation bodies want you to advertise their services and also believe your use of their logo will help to tie you in because of the hassle of changing stationery etc.

 

[dv8shane]

Re: Interesting NC During Upgrade To ISO-2008

Or, you could remove altogether the reference to the revision level and simply state: "...complies with ISO 9001..." or "...complies with the current version of ISO 9001...".

Simple, no?

I actually state in my manual that where ISO9001 ISO 17025 and AS9100 are mentioned they are referring to the latest versions to which the organizations QMS is registered to so I do not have to go changing the revision of the QM every time they revise the standard, an example is the my upcoming switch to AS9100C. I would have had to revise every part of my quality manual where the standard is mentioned if I did not do this. It saves a lot of editing and revising time.

 

[ChrissieO]

Yes indeed. How trivial and petty.

Totally agree with you Jane, what a waste of time and effort.

If it could be fixed in 5 seconds, then why not fix during the audit and then the auditor mention it as an observation in the closing. This relates to the other topic discussion we were having about trivial non value added NCs.

On the point of compliance, I feel that if the auditor wanted to be very picky they could raise it, but if I was the auditor I wouldn't of wasted my breath. Perhaps He/She are targeted onhow many NCs the raise or is trying to justify his/her existance.

Chrissie

 

[JaneB]

If it could be fixed in 5 seconds, then why not fix during the audit and then the auditor mention it as an observation in the closing. This relates to the other topic discussion we were having about trivial non value added NCs.

Exactly.
IF they needed to make a point of it, as you say, a very pragmatic solution is to mention it only. And if a client was smart enough to fix it during the audit, then the auditor need only verify it and note that in the report.

It's all so damned trivial! With so many, many other important issues to focus on, I just loathe seeing time, effort and money wasted on such trivia.

And so easy to avoid, in any case.

 

[JaneB]

Exactly. The ‘5 minutes’ is the tip of the iceberg. Designing your system to meet an auditor’s opinion is a slippery slope.

Very, very slippery. And there's no fun to be had, let alone value, in adopting such a course.