ISO/TS 16949 - Sharing Certification Audit Report (NCR's) with the Customer

[AYDOSE]

Hi Everybody,

I want to learn quality experts opinion for below subject.

One of our automotive customer request from us share the nonconformities found by the certification body to use as an evidence of their supplier performance evaluation during their audits.

IMO valid ISO/TS certificate was sufficient for this requirement. So I wonder if you faced such a request from your customer's and what is your opinions?

Thank you and best regards

 

[QualitySpirit]

Hi Everybody,

I want to learn quality experts opinion for below subject.

One of our automotive customer request from us share the nonconformities found by the certification body to use as an evidence of their supplier performance evaluation during their audits.

IMO valid ISO/TS certificate was sufficient for this requirement. So I wonder if you faced such a request from your customer's and what is your opinions?

Thank you and best regards

I would refuse to provide it as it is a confidential document between your organization and the certification body and may contain information of other customers that you have to treat it with confidentiality.

You should ask them to send you maybe a self-assessment form for supplier audit that you could fill in and return it.

 

[Sidney Vianna]

I would refuse to provide it as it is a confidential document between your organization and the certification body and may contain information of other customers that you have to treat it with confidentiality.

If you refuse to share the information, the customer will obviously get suspicious. If there is sensitive information about another customer/program, you can redact it.

A certificate issued to a louzy supplier still is a certificate; it's an attribute, not a variable.

I certainly applaud customers asking to see granular information about the audit results, AS LONG AS they commit themselves NOT to misuse the information.

 

[normzone]

We've had this discussion elsewhere before, perhaps here, perhaps on our sister forum.

If you decline to share, they can learn something about you from that.

If you choose to share, they can learn something about you from that.

What would you prefer that they learn?

 

[AYDOSE]

All,
Thank you for sharing your comments

 

[Englishman Abroad]

All,

Perhaps someone with CB or 3rd party auditing experience can help:

what information is available to OEMs via the IATF database? (Just certificate validity; Number of Non conformities; Or complete audit report? ).

Thanks

 

[QualitySpirit]

All,

Perhaps someone with CB or 3rd party auditing experience can help:

what information is available to OEMs via the IATF database? (Just certificate validity; Number of Non conformities; Or complete audit report? ).

Thanks

I have given my view as an IATF auditor.
IATF OEM's only have access to the validity of the certificate and the scope of certification in the IATF database.

There is no requirement in the IATF rules for the client to provide the report to their customers. In IATF rules, there are only requirements to provide audit reports to "IATF" in section 3.1e) or to "Certification body" in case of remote support location audited by a different CB section 5.5 option 2, or in case of transfer audit 7.1.1 h.

IATF16949 has already outlined how a customer can develop their suppliers and the QMS clearly. They can do second party audits by themselves but requesting to get the third party audit report is something in my point of view an inappropriate request.

In addition, audit reports are complicated even to auditors. how the organization can be sure they understand which points are confidential information of one customer that should be hidden to the other customers - it could be some project names recorded in auditor notes that the organization overlooks and fails to remove that part before sending to another customer that could be considered a nonconformity to the requirement 8.1.2 Confidentiality.

It does not need to contain something suspicious like when someone (except the bank or my next employers) asked to see my payslips while there is nothing suspicious in it, I consider the request inappropriate and would refuse that.

 

[Sidney Vianna]

They can do second party audits by themselves but requesting to get the third party audit report is something in my point of view an inappropriate request.

Imagine we go back to the days when suppliers undergo a barrage of second party audits. How much does that cost the supplier? What about the inescapable micromanagement that 2[sup]nd[/sup] party auditors tend to practice?

As in any relationship, TRUST is imperative. In my view point, if sharing a CB auditor report(s) saves the supplier a 2[sup]nd[/sup] party audit, it is a HUGE gain for the supplier. But, then again, not everyone makes rational decisions.

 

[QualitySpirit]

Imagine we go back to the days when suppliers undergo a barrage of second party audits. How much does that cost the supplier? What about the inescapable micromanagement that 2[sup]nd[/sup] party auditors tend to practice?

As in any relationship, TRUST is imperative. In my view point, if sharing a CB auditor report(s) saves the supplier a 2[sup]nd[/sup] party audit, it is a HUGE gain for the supplier. But, then again, not everyone makes rational decisions.

Thank you for giving the comments. IATF does not require a customer go 2nd party audit for all suppliers every year.

There is a requirement of supplier monitoring where suppliers performances are closely monitored and then the second party audit will be chosen based on prioritization - if suppliers are doing good, no delay no defect - everybody happy and no audit.

On the other hand, if the delivery is always delayed, and bad parts are constantly shipped. Getting a CB audit report would not help much. The customer should do a specific/focused supplier audit on the portion of their interests and get them fixed rather and sitting in the office and look at 3rd party audit report hoping someday the supplier will improve.