ISO 9001:2015 8.5.6 and 7.5.3 Document Control Questions

AndyN

Moved On
Don't forget changes! Changes can also have a significant affect - changes of people, suppliers, customers/customers requirements, process, technology too etc.
 

Devin A

Involved In Discussions
Wonderful, thank you very much! I can't wait to have all these procedures ironed out and running smooth. It seems the old quality managers limited us far more than was needed. Also didn't help that we weren't adhering to most of it but that's a whole other can of worms. Now that I'm starting to get a grasp on this ISO stuff I'll do my best to get things in order and have us actually running smooth for once rather than brushing most of our documented procedures aside and then trying to figure out how we're going to survive the audit when it's coming up :lmao:. Without all the useless limiting (many of the limits put in place in our procedures that weren't required my ISO didn't even really have any benefit to us), hopefully we can start doing what we say we're doing haha.
 

Devin A

Involved In Discussions
Don't forget changes! Changes can also have a significant affect - changes of people, suppliers, customers/customers requirements, process, technology too etc.
I'll bring that up with VP, but couldn't that be filed under risk? A change of process is a risk. Or will the external auditor be specifically looking for that?
 

AndyN

Moved On
I'll bring that up with VP, but couldn't that be filed under risk? A change of process is a risk. Or will the external auditor be specifically looking for that?
If you are OK with that, and can talk to it that way, you'll be golden. I prefer using an understanding of changes, because that's the terminology used in the standard - your understanding that change = risk, is a good demonstration of risk based thinking...
 

KimGr

Involved In Discussions
How in-depth do the surveillance audits tend to be?
It really depends on your auditor. Not all auditors are created equal. Did you have N/Cs? The history of that might be telling. Do you have a schedule yet? They do the heavy hitters (management review, internal audits, etc.) every audit but past that may have different focus items each audit. Don't panic, the worst that can happen is majors and that just speeds up your timeline to get things fixed. The best thing you can show your auditor is improvement, that you are trying, and that the company is committed.
 

AndyN

Moved On
How in-depth do the surveillance audits tend to be?
Firstly it depends on the amount of time and if the auditor has to travel far to get to you. After that, you should have a schedule and they might set aside some time to prepare their report, but often not. The auditor should review: and significant changes to the QMS, internal audits, management reviews (if any), metrics/performance, customer complaints/feedback, corrective actions - including any from previous audits they did and admin like use of CB/AB logos.
 

Devin A

Involved In Discussions
Alright. So if we were to do poorly on the audit (say a few major N/Cs) is there a chance of them yanking our certification? Or would we just have to very quickly address them?
 

Mikey324

Quite Involved in Discussions
It's common to see such things in a procedure - as if it actually means anything. Trainers often issue a certificate, but it doesn't attest to anything but the fact the client paid the bill! Unless it's an accredited course, certificates are meaningless.

What's more important is that an internal auditor is competent. It's not too difficult to come up with some criteria which shows how an internal auditor is competent to do an audit.

This is spot on. i have seen many people take auditor training outside the company and come back with 0 idea of how to apply what they have learned. When we transitioned to ISO/IATF 16949, we had a trainer (an accredited 3rd party auditor) come on site and provide training. Examples used were from our day to day operation, so future auditors could relate.

Even after they complete training, i do not consider them competent. They did complete class work and get a certificate, but can they put these skills into practice? In order to be released as an internal auditor, they must complete a minimum of 2 internal audits supervised by the lead auditor. If the audits show the required understanding, they are considered competent. If the audits show they dont meet the competency requirements, more supervised audits and additional training is necessary.

My question is not "can they get a certificate?", but do they meet the competency requirements of the organization?
 
Top Bottom