Internal Auditing Requirements before ISO 9001 Registration

[Gman2]

We are scheduled for registration next spring, which trust me is super aggressive but we are already committed.
I know everything has to be internally audited before registration but what does that mean exactly? Do we do a standard type audit to make sure we are compliant with everything in the standard or do we do process audits only?

And let’s say I starts audits now with processes in place that have not been touched in over 5-6 years (like calibration for example). I knew going in that we have no current system in place for calibration, just some remnants of the old system but nothing even close to being compliant.

Do we still audit and document the findings? And will it count towards are internal audits as for as the registrar is concerned? Or do we have to wait until we have a process in place and THEN audit it?
Because the audit report right now would be a major nonconformance due to no system in place. I could write it up that way and then issue the NC and CA and document all of that but is that what they will be looking for?


G

 

[Marc]

You can audit your systems at any time, and you should. That is typically part of your Gap Analysis. From those internal audits you should know what you have and be able to plan what you have to do.

Prior to your registration audit, your internal audits should be reviewed and each area in which nonconformances were found must be re-audited.

You do not want to do a registration audit until your internal audits are completed and nonconformances have been corrected, evidence of which will be your re-audit of nonconforming areas.

 

[somashekar]

I know everything has to be internally audited before registration but what does that mean exactly?

Like all the other requirements in the standard, Internal audit is one such. The main difference being that you would have never done this. All other requirements would be existing in one or another process (Mostly). When you do a gap analysis to the standard's requirement, you will identify what specific needs to be done and what corrections needs to be put in existing processes. Obviously Internal audit becomes a specific gap.
When gap analysis and actions to bridge is done to the best of your abilities, you begin the Internal audit process.
This is what it must mean to you.

Do we do a standard type audit to make sure we are compliant with everything in the standard or do we do process audits only?

I would say both because you are beginning. When your gap analysis is good, compliance to standard will be seen. What is of importance is the process audit as in your interactive process, meeting your requirement and effective.

I knew going in that we have no current system in place for calibration, just some remnants of the old system but nothing even close to being compliant. Do we still audit and document the findings?

Such a big gap analysis output, why audit now ? You have to put the system in place first. Then check (Internal audit) what you have established.

And will it count towards are internal audits as for as the registrar is concerned? Or do we have to wait until we have a process in place and THEN audit it?

What matters is what counts to you. Look at your logic, not the registrar ...

Because the audit report right now would be a major nonconformance due to no system in place. I could write it up that way and then issue the NC and CA and document all of that but is that what they will be looking for?

Do not worry major or otherwise. Would you do this way for the benefit of your company even if there was no ISO 9001 registration requirement ... ?

 

[lk2012]

I agree with the previous post.
You can also do an initial audit - to find out the state of things (and raise non-conformances if that's the best way to get people moving). Then implement a new process / improvements (make sure you involve the process owners and it's not just 'oh whatever the Quality guy wants us to do for the audit'). And then, after a while, you do another audit to check progress / effectiveness of the improvement activities.
As an Auditor, I'd rather see that the company has done their analysis, they've faced the situation head-on and are improving than just waiting for the improvements to happen later. Later usually doesn't happen at all.
Best of luck!