ISO 9001 Audit Manday and New Records Requirements


Vash Stampede


Hi everyone,

Its been so long now since I visit the forum. I've visit this once in a while and this is cool and user-friendly. This is great, hoping that we could also have a website like this in the future.

BTW, I had a tremendous problem right now, I don't know if this would fit here or under the Registrar.

We were an ISO9001 certified company and was hoping to upgrade this year for the ISO9K2K. However, we had some problems on improving the system for safekeeping the records. And since we need complete all records and since our certificate would expire this november, we opt to be certified in the ISO9001:1994. I contact our registrar about this. And a quotation was immediately send to us. Here are the concerns:

Number of mandays is 8. They'll going to audit you for 8 days. The cost is almost $5000. For a re-certification audit. Did the cost for Re-certification these days for the 1994 version is really as high as this?

Any feedback would be appreciated.

Thanks a lot,
vash stampede


Fully vaccinated are you?
Audit Mandays

All registrars are different. There is a 'Mandays' listing - I think it's in the Cove members directory. I know it's in the Cove Premium directory in the Implementing ISO 9001 directory.

But these are guidelines. The registrar should have laid out for you a 3 year plan for when they expected to do. Including frequency - yearly or every 6 months.

There are a few issues. First is you don't say how many employees at you facility. The audit mandays is dependent upon that number.

Secondly, you don't state your frequency (6 months or 1 year).

Last - Every registrar has varying costs per manday. Many are not local so you're also possibly looking looking at transportation and other expenses. Comparing registrars is what you have to do if you're not happy with your current registrar.

I will say that US$5000 for 8 mandays is only US$625 a manday. Not too bad.

How about it, members? What's a manday cost you?

Al Dyer

$1, 200 per day per auditor. Not including expenses. Sounds like your getting a good deal, who is your registrar?

The 8 mandays may be completed in 4 but the cost doesn't change.


Fully vaccinated are you?
> 8 mandays may be completed in 4

By 2 auditors. or in 2 by 4 auditors, etc. My largest QS client site was 6 auditors for 4 1/2 days.

Aaron Lupo

Just an FYI, our Registrar charges us about 22k a year for. They charge 1200 bucks a manday and the rest is service fee for this service fee for that. I went out and got a quote for less than a 1/3 the price and presented it to the owners who said we are going to keep using the one we are now becuase of name recogintion. I said to myself thats a bunch of BS because the quote I went out and got was from a very large well known registrar. Anyway my point is I think we are getting screwed by our registrar at 22k a year for goodness sake we only have 85 employees.

E Wall

Just Me!
Trusted Information Resource
Record Retention Requirements

Originally posted by Vash Stampede
We were an ISO9001 certified company and was hoping to upgrade this year for the ISO9K2K. However, we had some problems on improving the system for safekeeping the records. And since we need complete all records and since our certificate would expire this november, we opt to be certified in the ISO9001:1994.
The Record Retention requirements have gotten more strict, but remember to draw that line (mark the date you start) and keep the records from then on...
As for safekeeping...I'm not aware how big your organization is, but a fairly economical approach may be using CD Burners to back-up data too. You can rotate re-writables for the a non-re-writeable for each week or month which ever suits your needs.

Just a thought to try and help....I hate to see anyone have to go through expense of recertifying to the 1994 since it will only be good for 2 more years (from this Dec 15).

BTW our auditor charges $1200/manday +travel & expenses, which from others replies seems consistant with the major registrars.

Best wishes, Eileen


Fully vaccinated are you?
Record Retention Requirements

> The Record Retention requirements have gotten more strict

How so? I haven't seen this as an issue yet. I hate to miss something.

E Wall

Just Me!
Trusted Information Resource

Significance of the changes is based on individual company needs and the 'exclusions' (if any) that are justified and pursued. My comments are italicized.

From ISO 9000:2000 In a Nutshell
Clause 4 - Explicitly requires that records be controlled (4.2.3)
also, the word 'quality' has been removed in conjunction with records"
(which by elimination expands {for most} review of all records to be considered {at least one time function} for inclusion/determination of retention requirements).

"Clause 7 - Organizations must ensure that records provide evidence that the processes and resulting product meet requirements. (7.1)"

"New Requirements:
Clause 6 - The requirement for organizations to keep training records has been broadened to include records of education, experience, training, and skills.

Clause 7 - The following records were included in ISO 9001:1994; however, the requirements to record results and necessary actions has been added:
* Records for contract review must be more explicit. Rather than having a general record requirement, ISO 9001:2000 specifies that the results of the review and sesultant actions must be recorded. (7.2.2)
* Reviews at suitable stages of design and development must be conducted. The results of the design and development reviews and necessary actions must be recorded and maintained. (7.3.4)
* The results of verification and necessary actions must be recorded and maintained. (7.3.5)
* The results of validation and necessary actions must be recorded and maintained. (7.3.6)
* The results of the reivew of change and necessary actions must be recorded and maintained (7.3.7)
* The results of supplier evaluations and necessary actions must be recorded and maintained. (7.4.1)
* The results of calibration and verification must be recorded and maintained. (7.6)

Clause 8 - Records must be kept for preventive action (8.5.3)"

Granted many of these activities are being done, but not necessarily in a standardized format nor necessarily 'captured' in the system records. As for Clause 7 item 7.6 as listed, I don't agree...this has been there the whole time as I interpreted it. Also, for those of us that were 9002...we now have to address areas where previously we left it up to corporate. Since we DO participate with design reivew/development...I'd rather see proper processes/procedures implemented rather than exclusion just because it's easier to point elsewhere.

Other changes - "What's Not Included:
* The requirement for collection, indexing, access, and filing has been removed.
* The requirement for records of nonconformities accepted by the customer is no longer stated.
* The specific reference to subcontractor records in 4.16 has been removed.
* The legibility requirement of records has been removed but is implied in 4.2.3
* The requirement for a suitable environment to prevent damage, deterioration, and prevention of loss has been removed.
* The requirement for making records available to the customer under contract is no longer stated.
* The note that reminds the user that records can be any type of media has been removed, but it's implied in a note in 4.2.1."

"In a Nutshell -
...ISO 9001:2000 requires auditors to look more closely at the results and actions of the activities instead of just at the paperwork."

I have not included the list of "What Remains the Same" from the book.
As many have stated previously...just because something is no longer 'required'; don't just toss it out. Evaluate its value and determine whether or not it's in your best interest to leave in place. And for many that were doing an 'excellent' job in the record retention area...they will make very short work of this.

However, for those of us (my company included) that have to fight and struggle to get any attention/focus in this area...and/or will be expanding our identified records, this will take more time.

I have been here 3.5 yrs and it (record retention system) was sketchy at best when I started, streamlined and more organized when I set it up 3 yrs ago...but has never been 100% (including basic how long something should be kept), and no matter how much I beg, plead, cajole, isn't a priority...and isn't stressed by mgmt. Top that off with very light reviews in this area by the registrar (because they always look at MY records which are in top-notch order) and in short - I haven't had any support to stress the need/requirement factor.

Maybe I am obsessive/compulsive or anal-retentive...but I like neat, organized, indexed, records! I guess because it was drilled in during my time in both miliary and construction (legal requirements alone make ppwk tracking a MUST) work. Anyone remember the military 'Marks' system for organizing records? and Flour Daniel has (had during the 2 jobs I work for them...and they were only evaluating/starting pursuing ISO 9000 on the second project I was with them on) a numbered and organized filing system similar to military which make record searching a breeze after records are in storage (where some must be kept 20+ yrs).

Okay...this novella has worn out my wrists...maybe I'll try to use the voice activated software next time within the forum? It would have helped if I thought of trying that earlier. Oh well, I'll sleep in my braces tonight and be ready for tomorrow!

PS to my previous post: We were a 1 manday - twice a year audit plan.... but they included 1/2 day for reporting and 1/2 day for that made total of 2 per audit...4 mandays/yr @ $1,200 + travel & expenses... = appx. $10 - 12 grand annually.


Fully vaccinated are you?
Um, wow! I didn't expect that much detail, however I really, really appreciate it! Thanks!

E Wall

Just Me!
Trusted Information Resource
Slow day? lol, lets just say...I'm taking stress mgmt as a priority!

Spent the last few weeks working through a network server 'migration' that (as you may guess....) did not go 100% to plan. Perserverance (spelling is off???) pays though and most everyone was satisfied and there were minimal interupts felt by most. Irony: My computer didnt' survive the 'migration' so I have a (much slower and limited) loaner...Murphy's law right?

Also have family in NY (on LI) and 3 in-laws work in DC. Last weeks attack hit close to home, no 'personal' tragedies though so I feel very fortunate. Something to be proud of: My companies products are power backup batteries for telecommunications...and we are supporting the ensuing rescue/recovery operations by providing much needed power supplies for the cell phone commucations. We have a warehouse in Brooklyn ready to supply whatever is needed.

So, I'm reigning myself in...tend to jump through hoops taking care of others needs and smuthering my own...but am determined not to actually am prioritizing my stuff and slowing down a bit. Wont' last long...I just don't have the patience for it, but a nice change of pace.

My thoughts and prayers go out to all who were personally touched by this National Tragedy.
Take care all, Eileen

PS: For whatever reason my long post appeared twice...I don't have access to delete the first one, will you do this for me Marc?
Top Bottom