ISO 9001 Nonconformances an how to handle them

C

Candace.Dahlman

I've done some various searches on the forum and unable to find exactly what I'm looking for. Here is my situation:

I was hired about 6 weeks ago as the Quality Manager at a drilling company who has carried ISO certification for 3 years. The recertification audit is coming up very soon. One of the first things I did was an internal audit of the QMS just to get a baseline of understanding. I wrote 3 major corrective actions:

1) The organization does not have a procurement process in place that describes the criteria for selecting suppliers, so, suppliers are not evaluated, approved or reevaluated.

2) There is not a documented process for selecting employees based on their qualifications and the only training the org documents is the safety training.

3) Management Review of Corrective Action - The organization had Corrective Actions open all the way back to 2011 (47 of them). I felt that this could be a CA against the CA System, but felt that if management review were reviewing status of CA's then they should have made sure the corrective actions were taken care of...

So, here are my dilemmas and questions.

The Procurement Process is bigger than a breadbox. And I've created a Corrective Action plan to implement this process in a controlled manner. It's going to take me longer than the time I have before the audit to get the process in place, much less have any objective evidence or set up the infrastructure with the users of the process. Question is - If I have a corrective action, will the ISO Auditor still issue a nonconformance?

On the selection of employees, I've been putting together a roles and responsibilities matrix that describes each job role, the responsibilities and the required qualifications as well as any training. I think that bridges us to where we need to go for this. Can you think of anything else that I need besides documenting it?

On the bunches of Corrective Actions - Would it be acceptable for me to just close all the CA's as OBE - it's a safe guess that we're not going to go back and create any documents or meeting minutes or anything for a job that is over. And again - if I have the corrective action as I work through this, will the ISO auditor cite it as a nonconformance?

I really appreciate any and all advice/suggestions. My new boss, the Senior VP is very supportive of my efforts, but every time I bring up an issue, he doesn't feel like it's really an issue because the last auditor didn't have a problem with how they did it. Oh, did I mention they had the same ISO Auditor for the certification and two surveillances, but we have a new guy for the recertification?

Thanks again,

Candy
 

AndyN

Moved On
Looks like you have a really good grasp of the situation, Candy. I wouldn't worry about the next auditor. If anything is brought up, clearly state that their previous auditor had let the system languish in that non-compliant state for a number of years and, should the auditor care to make an issue, you will be taking it up with the CB as to why they permitted their auditor to allow it! You will, however, welcome them back, in a year's time, to see the improvements. Otherwise, both the (new) auditor and the CB will be finding themselves without a client!
 

Chennaiite

Never-say-die
Trusted Information Resource
......If anything is brought up, clearly state that their previous auditor had let the system languish in that non-compliant state for a number of years and, should the auditor care to make an issue, you will be taking it up with the CB as to why they permitted their auditor to allow it! ....

Sorry to say, I wouldn't resort to what sounds like armtwisting. Instead I will try to put up a show that gives the New Auditor a feeling of things under control. And then, yes, pray to have a real Auditor on board and not a guy who is hungry for writing NCs.
 

harry

Trusted Information Resource
........................a drilling company who has carried ISO certification for 3 years. ......................................

1) The organization does not have a procurement process in place that describes the criteria for selecting suppliers, so, suppliers are not evaluated, approved or reevaluated.

2) There is not a documented process for selecting employees based on their qualifications and the only training the org documents is the safety training. .................................

From what you had described, it would be interesting to find how how they managed to get through the initial audit!!

There is every possibility that the procurement process may reside elsewhere such as with finance and the employment or selection process be with HR, where you may not be given automatic or easy access. Have you check with them?
 

John Broomfield

Leader
Super Moderator
Candy,

Your third party auditor would be foolish duplicate your reporting of these nonconformities.

I would be concerned about the capability of the corrective action process and the past disengagement of top management in making sure their management system continued to be suitable, adequate and effective.

May I suggest you compile a report of the performance of the management system for top management to review its performance. Then have them report the State of the System back to the employees so they know what their management system:

A. Does well
B. Does less than well
C. And what TM is doing about B

John
 
Last edited:
Top Bottom