The QMS standards are totally mute about registration/certification cycles. 17021-1 has requirements for internal audits performance and reviews prior to the Stage 2 assessment, but I thought the op was inquiring about the frequency of ongoing internal audits.
Looking for Some Help with ISO 9001:2015 - Internal Audit Frequency ??
- Thread starter ddddavidddd
- Start date
Elsmar Forum Sponsor
Yes the standards are mute as to the registration/certification cycles. Yet the clients are always in one, and the CB is looking for evidence of effectiveness review of the entire QMS within that time. This would be brought up during the recertification audit.
I’ll wade in on the question regarding “how one knows if the organization is compliant to everything if every process isn’t audited in the same cycle as the registrar uses”.
Two things can occur in a compliant process to make it non compliant:
(1) The process is deliberately changed to be noncompliant
(2) the process as written is no longer followed
Assuming your processes were compliant at one time (how else could you be certified?*)
(1) is handled (micro audit) by change control review
(2) if the noncompliance has a trivial effect - who cares. If found correct it. If it has a substantial effect you will price the problem and investigate for cause and find the noncompliance and correct. An investigative audit if you will.
It seems to me that planning to audit by event For less critical process and not by some arbitrary time interval is more efficient and effective. And it doesn’t violate requirements as others have said since the “3 year” cycle is a myth.
*yeah I know all audits are samples of processes so something could be missed; but that brings us back to trivial vs actually causing a detectable & noticeable problem. And isn’t that what the standard is really about? Quality products.
Two things can occur in a compliant process to make it non compliant:
(1) The process is deliberately changed to be noncompliant
(2) the process as written is no longer followed
Assuming your processes were compliant at one time (how else could you be certified?*)
(1) is handled (micro audit) by change control review
(2) if the noncompliance has a trivial effect - who cares. If found correct it. If it has a substantial effect you will price the problem and investigate for cause and find the noncompliance and correct. An investigative audit if you will.
It seems to me that planning to audit by event For less critical process and not by some arbitrary time interval is more efficient and effective. And it doesn’t violate requirements as others have said since the “3 year” cycle is a myth.
*yeah I know all audits are samples of processes so something could be missed; but that brings us back to trivial vs actually causing a detectable & noticeable problem. And isn’t that what the standard is really about? Quality products.
After Randy pointed out that I was wrong about the 3 year cycle I looked closer and realized where I got it wrong. I have been working on an IATF 16949 system and it is called out that all processes have to be audited every three years there.
But NOT in ISO 9001.
I am sorry for any confusion that I added early on.
But NOT in ISO 9001.
I am sorry for any confusion that I added early on.
Randy
Super Moderator
Hey good deal. You're doing fine.
Similar threads
