ISO 9001:2015 8.5.6 and 7.5.3 Document Control Questions

Thankfully since I took over, customer issues have dropped drastically! I think that's in part because I came from being an operator so when I see an issue, rather than just saying there's an issue, I can sit with the operator and show them exactly what's going wrong and how to fix it. Quite a useful tool in my toolbox!
As for managing risks.. I'll have to think on that one haha. VP and I are going to sit down about the COTO report today and figure out what's there and what we need to do.
The customer issues we have had have been very very minor and they didn't require corrective actions or anything. We just talked about what was going wrong and I assured them I'd get it sorted out and get good product to them!
We've addressed all of our nonconforming issues from our last audit so hopefully we can skate by with only a few minors with this one. Given the whole quality department upheaval and an inexperienced person taking over the department there's no hope of a perfect audit, but if we pass we pass! By the next one I'll be ready for it!
 
Download Free White Paper
Elsmar Forum Sponsor
So a quick question about 9.2 as a whole. In our internal audit procedure it states that the audits need to be done by a certified auditor, though I see no such requirement in the ISO clause itself. Could we scrap that line? Our only certified auditors are.. Well.. Not the most detail oriented and have almost no understanding of ISO. At least I've looked in the book a little! :ROFLMAO:
 
Do you know who trained them? They do not need to be certified but they do need to be competent. Do they have a training record? I would base my SOP on what they currently have then fix that after the audit even if you skate by. Outside training is a good thing to have.
 
It's common to see such things in a procedure - as if it actually means anything. Trainers often issue a certificate, but it doesn't attest to anything but the fact the client paid the bill! Unless it's an accredited course, certificates are meaningless.

What's more important is that an internal auditor is competent. It's not too difficult to come up with some criteria which shows how an internal auditor is competent to do an audit.
 
Thank you very much! We had one of our "certified" guys do our internal audit recently and I just looked through them and just.. Wow. He wrote maybe 30 words total, half of which were "N/A" :lmao:. I'll ask VP to change the procedure so I can go through and do some. We may also alter our procedure to state they're done annually at the end of the year to kind of sidestep that one for the audit.. Buuut I think I'd do a few if I have time beforehand anyways.
 
See 9.2.2 a - make sure that you are covering importance, changes, and results of previous audits in your schedule. You are not required to audit annually so if you just write that you are open to a N/C. Basically, audit where you need to based on risk. There is another good thread out there and AndyN above mentioned something about having a book he wrote on the subject.
 
Devin A said:
Thank you very much! We had one of our "certified" guys do our internal audit recently and I just looked through them and just.. Wow. He wrote maybe 30 words total, half of which were "N/A" :lmao:. I'll ask VP to change the procedure so I can go through and do some. We may also alter our procedure to state they're done annually at the end of the year to kind of sidestep that one for the audit.. Buuut I think I'd do a few if I have time beforehand anyways.
Click to expand...

Internal audits shouldn't take much time. I usually get them done in 2 - 3 hours. Don't forget, you're not auditing the whole QMS each time. You have the freedom to define the scope and criteria for the audit as suits your needs. Doing one a year isn't going to be much use and ISO 9001:2015 doe a better job of pointing audit process owners towards what might be considered. Suffice it to say, if you're doing an internal audit and it looks like the CB does, except the auditor is a member of your staff, you're doing it wrong!
 
So if I'm understanding that right, we could just write something along the lines of internal audits will be done as deemed needed based on process risk? 9.2.1 states that they must be done at "planned intervals" which makes me feel like I'm understanding what you said wrong haha.
 
That's too vague. You are right! You do have to have planned intervals, meaning that you have a schedule (see a1 & a2). The timing of the schedule itself should be based on importance, performance (status) and risk (look back at how you did/look ahead at plans like new tech or business). If you have a process that's not doing well - audit them first. You then have to have an allowance in there for the schedule to change, again based on poor performance and risk (changes in the business or processes), like having a new person in charge of quality in Q3 ;) [although that one sounds like an opportunity style risk vs negative]. Hope I didn't confuse you further.
 
That makes more sense. So have an interval stated, but also state that the interval may shift based on risk and performance?
 
You must log in or register to reply here.

Similar threads

J
Document & Record Control Procedures
2 3
Replies
22
Views
2K
Stijloor
Stijloor
J
AS9100 - QA Intern Help!!
2
Replies
18
Views
1K
Steve Weber
Steve Weber
Quality_Goblin
Document Change Log
Replies
9
Views
1K
QandR
QandR
D
Internal Audit Plan and Audit Checklist per AS9100
2
Replies
12
Views
2K
Jtavo
J
R
Combining Documents and Records in one sheet
Replies
7
Views
633
Enghabashy
Enghabashy
Back
Top Bottom