Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

ISO 13485:2016 Clause 8.4 - Analysis of Audit Observations

#1
Hello All,

I have a dilemma. I had a customer in about 2 weeks ago perform a supplier audit on my facility. He gave me a finding for observations and recommendations for improvement identified during audits are not being analyzed nor are the results of any analyses being maintained and cited Clause 8.4. Never in my career have I seen anyone do this with audit observations, only follow up on them the next year. Customer wants root cause and corrective actions (as well as an effectiveness check) on this finding. Personally, I think the guy was reaching and I am not sure how to even root cause this. There is nothing in my Global QMS requiring this either (I work for a very large MD company, so we have a global system). Anyone have any thoughts on this? Thanks in advance!
 
#2
Since it's a customer audit, you can basically do what you want. Go thru root cause and corrective action to please the guy. Ignore it completely and see what happens. Or send it over to sales and let them handle it. Good luck.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#3
Both 8.4 and 5.6 require that audit results to be reviewed and analyzed. So, the customer auditor is not wrong. Assuming the observations and opportunities for improvement are meaningful, your organization should be reacting to them, and not simply ignoring these findings simply because they don't raise to a level of nonconformity. Remember that ISO 13485:2016 still contains requirements for preventive actions and such findings (observations, OFI's, etc.) from internal and external audits are a good source of preventive actions.
 
#4
Sidney - While I agree with what you are saying, we do go back and review previous year's audit reports and verify if observations have been addressed. Many times we incorporate them into other changes we have made over the year. I am unsure as to why it is necessary to also trend them.

In addition, ISO 19011 indicates in Section 6.4.10 that recommendations for improvement are not binding.
 
Last edited:

Sidney Vianna

Post Responsibly
Staff member
Admin
#5
I am unsure as to why it is necessary to also trend them.
The standard does not require trend analysis. Did the customer auditor require any trending? I did not see that in your original post.

As long as you can demonstrate the comments are being reviewed and, when appropriate, acted upon, you would be in compliance with the Standard. Compliance with customer auditor expectations, on the other hand, can be quite an elusive proposition....:naughty:

Good luck.
 
#6
Hello All,

I have a dilemma. I had a customer in about 2 weeks ago perform a supplier audit on my facility. He gave me a finding for observations and recommendations for improvement identified during audits are not being analyzed nor are the results of any analyses being maintained and cited Clause 8.4. Never in my career have I seen anyone do this with audit observations, only follow up on them the next year. Customer wants root cause and corrective actions (as well as an effectiveness check) on this finding. Personally, I think the guy was reaching and I am not sure how to even root cause this. There is nothing in my Global QMS requiring this either (I work for a very large MD company, so we have a global system). Anyone have any thoughts on this? Thanks in advance!
Sometimes happens that auditors , give observations with minimum knowledge of the business and you have to spend time to evaluate, if applicable, and conclude they are not.
But other good auditors really report meaningful observations.
Other point you are, a supplier and in some way you have to give response to such observations.
If you do nothing, maybe next month, You Will notice this customer Is not placing orders to You.
 
#7
Sometimes happens that auditors , give observations with minimum knowledge of the business and you have to spend time to evaluate, if applicable, and conclude they are not.
But other good auditors really report meaningful observations.
Other point you are, a supplier and in some way you have to give response to such observations.
If you do nothing, maybe next month, You Will notice this customer Is not placing orders to You.
We do plan on responding and monitoring in our QMRs, however I am not sure how to root cause this.
 
#8
We do plan on responding and monitoring in our QMRs, however I am not sure how to root cause this.
We do plan on responding and monitoring in our QMRs, however I am not sure how to root cause this.
A root cause analysis is done when want to eliminate the cause of a nonconformance.
Here , there is not a noconformance, but you can put in the head of the fish what they reported.
E.g. need to improve the inspections, ok, put in the head "improve of inspections" then look in material,man, machine, environment, why inspections need improvement.
Maybe old instruments, people competency,etc., if you do this excercise, surely you'll find possible causes.
Show your customer you are doing something, you re concerned of this issue.
 

Ronen E

Problem Solver
Staff member
Super Moderator
#9
Whether a formal NC or "just" an observation / OFI, CA is intended for preventing recurrence. It's different from a correction, which seems to be what the customer is looking for: They seem to think that something was missing in your procedures, and they want it fixed. Once this issue is fixed, it will not recur because this "deficiency" in the procedures will be gone and can't reappear like magic. So in that sense CA is irrelevant and RCA is unnecessary (you look for the RC to be able to eliminate it and prevent recurrence). If you're very keen on implementing a CA you need to zoom out and look for something that may recur - you need to ask yourself "why did we have such a deficiency in our procedures?", then it'll make sense to look for ways to make sure it won't happen again (starting with RCA).

Of course, you can take it as "an opportunity" for a PA (are you looking for such?) and do the whole shebang with RCA, verification etc. The question is - is it worth the resources?

Other than that, it comes down to how important that specific customer is to the overall business.
 
Top Bottom