ISO 9001:2015 4.2 and 6.1 - Interested Parties - How much detail is required?

[Printerman]

I had one of those.....wanted me to do all sorts of things that are not listed in the standard. Hence my original question!

 

[leftoverture]

Your auditor is asking for more than the standard requires. In that way I think he is either misguided or he is overbearing.

I do not know where you are getting that idea from. I didn't even mention my auditor or anything about our audit. Perhaps you misunderstood what I wrote, but I'm not sure what.

Sent from my LG-TP260 using Tapatalk

 

[dsanabria]

No. Not really. We had to specifically identify our interested parties, that was not done. But in terms of risk assessment, we had plenty in place already so it was a matter of re-education to make sure everyone understood how their activities were related to risk mitigation.

Sent from my LG-TP260 using Tapatalk

The statement written above implies that an outside sourced identified weakness (it reads as if an auditor found issues and ask you to resolved it or add to it).

If it was done by a consultant hmmm, if it was done by an auditor - overreaching.

I agree with BIG JIM conclusion - it was the way it was written - no entity was specified as to how you came to that conclusion of adding interested parties.

but thanks for the clarification if it was done internally.

 

[leftoverture]

Well, sorry if you got that impression but that is not the case. The standard requires that interested parties be identified and so we did that. Our auditor had nothing to do with it.

Sent from my LG-TP260 using Tapatalk

 

[Big Jim]

No. Not really. We had to specifically identify our interested parties, that was not done. But in terms of risk assessment, we had plenty in place already so it was a matter of re-education to make sure everyone understood how their activities were related to risk mitigation.

Sent from my LG-TP260 using Tapatalk

Sorry that I assumed that an auditor had compelled you you create a list of your interested parties.

 

[leftoverture]

Well, you can tell from my post earlier that I am opposed to doing anything "extra" just to meet the standard. But...the 2015 standard does require that you identify interested parties. So whether we did it on our own (which we did) or a consultant or auditor told us it had to be done, it still had to be done. So it would not have been questionable or overreaching coming from either source. If you can't identify your interested parties, you do not meet the requirements of the 2015 standard. That's just a fact.

Sent from my LG-TP260 using Tapatalk

 

[dsanabria]

Well, you can tell from my post earlier that I am opposed to doing anything "extra" just to meet the standard. But...the 2015 standard does require that you identify interested parties. So whether we did it on our own (which we did) or a consultant or auditor told us it had to be done, it still had to be done. So it would not have been questionable or overreaching coming from either source. If you can't identify your interested parties, you do not meet the requirements of the 2015 standard. That's just a fact.

Sent from my LG-TP260 using Tapatalk

The overreaching of a third party auditor comes when they are asking you to document and provide a list of interested parties. The auditors could ask you how the interested parties were identified and simple answer such as - during contract review (i.e. certain suppliers, certain internal qualifications of individuals, certain restrain on outside visitors,,,) and that is all that is required.

Now, if the auditor is requiring more than that then.. the auditor is over reaching.

 

[Big Jim]

Well, you can tell from my post earlier that I am opposed to doing anything "extra" just to meet the standard. But...the 2015 standard does require that you identify interested parties. So whether we did it on our own (which we did) or a consultant or auditor told us it had to be done, it still had to be done. So it would not have been questionable or overreaching coming from either source. If you can't identify your interested parties, you do not meet the requirements of the 2015 standard. That's just a fact.

Sent from my LG-TP260 using Tapatalk

There is no record keeping attached to this clause so a list isn't needed unless you determine one is needed.

Any company that has been in business knows who their interested parties are. The standard does not and no auditor should be asking for a list or for you to recite all of them.

AS9100D requires that you have documented information about them, but guidance from there says that such a list can be by category rather by individual names. A list of such categories could include: customers, suppliers, and regulatory bodies.

The appendix to ISO 9001 and AS9100 states clearly that it is up to you to determine who the relevant interested parties are and what of their requirements are pertinent to your quality management system. This is YOUR choice, not an auditors.

So make meeting this requirement as easy as you want while still meeting requirements or as difficult as you want. Wisdom would indicate taking the easy road.