Multiple Standard Interpretation Queries

M

mirrorcrax

#1
I have been lately plagued with a client who insists on dealing with a specific CB with whom I have witnessed multiple auditing issues whether in relation to auditing behavior, process or competence in accurately interpreting the standard.

Please respond to some of the fillowing queries, as i am interested in getting various perspectives on the hot debates I had with the CB auditors on some of the key issues related to interpretation of various clauses:

1. With regards to the extent of involvement of the organization in managing or controlling safety risks and ensuring legal compliance in the workplace, what exactly is required? The CB for instance expects the organization to perform risk assessment of all permanent and temporary contractor activities and assess legal compliance for their activities regardless of what the contract document states on such requirements. On my part I clarified that the key words are " to take into consideration contractor activities" and more importantly "within the workplace" which is defined as activities which "are under the control of the organization". Now, if there is no contractual requirement between the organization and contractor to perform such risk assessment or legal compliance would their activities still be considered under the organization's control?
2. The CB insist that food safety should be considered fully under the ohsas system to the extent of checking the calibration of food temperature gages in chillers, is that right? Is it withing the scope of the standard?
3. The CB insist that all employees should be aware of the scales used for rating likelihood and severity and be able to fluently explain it to their auditors regardless of the said employee's education, skill or experience. Efforts to convince the auditors that the standard requires employee participation and doesn't necessitate that all employees must be included and are aware of the intricacies of the risk assessment process as long as they are aware of the risks in their workplace and are aware of the controls in place and a group of employees awho are involved in the work being assessed are able to accurately explain the process, what do you think?
4. The CB auditors will insist that reference to relevant legal documents should be included in the risk register thus -in my opinion- misinterpreting the standard's requirement of considering legal requirements related to the risk assessment process not with regards to linking the activities being assessed to its corresponding legal requirements,what do you think?
5. The auditors insist that noise level monitoring must be done in the office despite the legal requierement being implementing a noise conservation program and monitoring noise levels at twa of more than 85dba per day, what do you think?
6. The auditors will interfere with the organization's choice of controls to reduce risk and raise ncr that they are unsuitable despite having no legal requirement which mandates such controls, what do you think?
7. In the country where this is happening, there are federal laws and state laws which relate to the federal laws and are more detailed, however the auditors insisted that all federal and state laws must be included in the compliance assessment is this right?
8. The CB auditors during the certification audit of the organization and without any notice to contractors commence auditing the contractors activities, demanding their competence reckrds and risk assessment records and calibration records despite having shown them that there is no contractual requirement for auditing contractors, furthermore, after an auditor finished asking a truck driver about safety risks and controls and assessing the driver's awareness in a very patronizing manner insisted that the driver operates the crane in the truck where the truck is parked despite the driver's request to move the truck to a clear area for safety which lead to an accident and the auditor noted it as proof of incompetence, what do you think?

There are many other debatable topics and behaviors but for now i would like your comments on the topics i mentioned, please.
 
Elsmar Forum Sponsor
R

Reg Morrison

#2
...SNIP... furthermore, after an auditor finished asking a truck driver about safety risks and controls and assessing the driver's awareness in a very patronizing manner insisted that the driver operates the crane in the truck where the truck is parked despite the driver's request to move the truck to a clear area for safety which lead to an accident and the auditor noted it as proof of incompetence, what do you think?
Wow....your description of the auditor's behaviors is borderline psychotic.

Focusing on this issue that I quoted, if I were your client, I would approach the cb and demand financial compensation for the accident, if indeed, the auditor forced the truck driver to deliberately operate the crane in an unsafe location.

This is almost criminal: baiting an auditee (possibly outside of the scope of the audit) to perform an unsafe operation. Auditors such as that need to be exposed and kicked out of the industry. The sooner, the better. If they do have a professional certification, a complaint should be filed for their misbehavior. This is an outrage.:mad:
 
F

Frankie11

#3
My response in red.

Please respond to some of the fillowing queries, as i am interested in getting various perspectives on the hot debates I had with the CB auditors on some of the key issues related to interpretation of various clauses:

1. With regards to the extent of involvement of the organization in managing or controlling safety risks and ensuring legal compliance in the workplace, what exactly is required? The CB for instance expects the organization to perform risk assessment of all permanent and temporary contractor activities and assess legal compliance for their activities regardless of what the contract document states on such requirements. On my part I clarified that the key words are " to take into consideration contractor activities" and more importantly "within the workplace" which is defined as activities which "are under the control of the organization". Now, if there is no contractual requirement between the organization and contractor to perform such risk assessment or legal compliance would their activities still be considered under the organization's control?
It would be nice to know which country you're in (and what legislation applies). Here in Australia for instance, we are legally responsible for our contractor's health and safety. There may be some merit to this one. It really depends on the work they're doing. e.g. when we hire crane drivers they must present us with a risk assessment (among other things). The people we get in to clean the office? No.

2. The CB insist that food safety should be considered fully under the ohsas system to the extent of checking the calibration of food temperature gages in chillers, is that right? Is it withing the scope of the standard?
I've never seen this before. If your company don't identify it as a hazard, or assess the risk as low and there is no legal requirement then the auditor can be ignored here.

3. The CB insist that all employees should be aware of the scales used for rating likelihood and severity and be able to fluently explain it to their auditors regardless of the said employee's education, skill or experience. Efforts to convince the auditors that the standard requires employee participation and doesn't necessitate that all employees must be included and are aware of the intricacies of the risk assessment process as long as they are aware of the risks in their workplace and are aware of the controls in place and a group of employees awho are involved in the work being assessed are able to accurately explain the process, what do you think?
Unless they are conducting the risk assessment, your employees do not need to know every detail of the process. Exactly what clause is this meant to be in breach of?

4. The CB auditors will insist that reference to relevant legal documents should be included in the risk register thus -in my opinion- misinterpreting the standard's requirement of considering legal requirements related to the risk assessment process not with regards to linking the activities being assessed to its corresponding legal requirements,what do you think?
This is an example of the auditor telling you HOW to comply with the standard. How you comply is up to you. I'm more familiar with AS4801 but I'm pretty sure the term 'risk register' does not make an appearance in OHSAS18001.

5. The auditors insist that noise level monitoring must be done in the office despite the legal requierement being implementing a noise conservation program and monitoring noise levels at twa of more than 85dba per day, what do you think?
Unless you've identified noise as a hazard (or there is a legal requirement) no. Unless there are noisy servers running or something else that could be an issue, noise testing an office is a complete waste of time and money.

6. The auditors will interfere with the organization's choice of controls to reduce risk and raise ncr that they are unsuitable despite having no legal requirement which mandates such controls, what do you think?
If there is evidence that control measures are not selected in accordance with the hierarchy of control or in consultation with relevant employees then this may be an NC. The auditor shouldn't be dictating specific control measures though.

7. In the country where this is happening, there are federal laws and state laws which relate to the federal laws and are more detailed, however the auditors insisted that all federal and state laws must be included in the compliance assessment is this right?
Not entirely sure what you're asking but you need to assess compliance to all specific parts of health and safety legislation that are relevant to your company. This may include standards, codes of practice and other guides that have been referred to by legislation.

8. The CB auditors during the certification audit of the organization and without any notice to contractors commence auditing the contractors activities, demanding their competence reckrds and risk assessment records and calibration records despite having shown them that there is no contractual requirement for auditing contractors, furthermore, after an auditor finished asking a truck driver about safety risks and controls and assessing the driver's awareness in a very patronizing manner insisted that the driver operates the crane in the truck where the truck is parked despite the driver's request to move the truck to a clear area for safety which lead to an accident and the auditor noted it as proof of incompetence, what do you think?
Agree with Reg. Also who was escorting this auditor?? Anyone?
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#4
I have been lately plagued with a client who insists on dealing with a specific CB with whom I have witnessed multiple auditing issues whether in relation to auditing behavior, process or competence in accurately interpreting the standard.

Please respond to some of the fillowing queries, as i am interested in getting various perspectives on the hot debates I had with the CB auditors on some of the key issues related to interpretation of various clauses:
My responses are in blue.

1. With regards to the extent of involvement of the organization in managing or controlling safety risks and ensuring legal compliance in the workplace, what exactly is required? The CB for instance expects the organization to perform risk assessment of all permanent and temporary contractor activities and assess legal compliance for their activities regardless of what the contract document states on such requirements. On my part I clarified that the key words are " to take into consideration contractor activities" and more importantly "within the workplace" which is defined as activities which "are under the control of the organization". Now, if there is no contractual requirement between the organization and contractor to perform such risk assessment or legal compliance would their activities still be considered under the organization's control?

If the contractor is brought in by you to do production or support tasks like janitorial, risk assessments should be done because they are tasks inherent in your operations. If the contractor is there to do once-per-year service on the facilities or something specialty like that, I would not expect a risk analysis for the task because it isn't in your scope of operations - the contractor is responsible for his or her own safety, and that of his/her employees. Your role is to select a contractor that would likely perform within your expectations as you've defined the process.

2. The CB insist that food safety should be considered fully under the ohsas system to the extent of checking the calibration of food temperature gages in chillers, is that right? Is it withing the scope of the standard?

This sounds like a quality system requirement. Temperature in the OHSAS would be for operator health and/or safety, not the goodness of the product.

3. The CB insist that all employees should be aware of the scales used for rating likelihood and severity and be able to fluently explain it to their auditors regardless of the said employee's education, skill or experience. Efforts to convince the auditors that the standard requires employee participation and doesn't necessitate that all employees must be included and are aware of the intricacies of the risk assessment process as long as they are aware of the risks in their workplace and are aware of the controls in place and a group of employees awho are involved in the work being assessed are able to accurately explain the process, what do you think?

I think the auditor is way off target and should stick to the relative responsibilities and authority of the auditees.

4. The CB auditors will insist that reference to relevant legal documents should be included in the risk register thus -in my opinion- misinterpreting the standard's requirement of considering legal requirements related to the risk assessment process not with regards to linking the activities being assessed to its corresponding legal requirements,what do you think?

OHSAS says the risk analysis is to be documented and legal requirements will be considered, but does not stipulate how. CB auditors don't get to stipulate that either. That said, I would have considered writing an OFI for connecting the risks to legal & Other requirements, then to the relative controls because it can help people keep track of the relationships between these things. :2cents:

5. The auditors insist that noise level monitoring must be done in the office despite the legal requierement being implementing a noise conservation program and monitoring noise levels at twa of more than 85dba per day, what do you think?

I think it's absurd to monitor noise levels in an office environment. That said, if a survey had been done to determine noise controls and PPE for the program, it might shut up a freaky auditor to just include the office in order to show the program was thorough.

6. The auditors will interfere with the organization's choice of controls to reduce risk and raise ncr that they are unsuitable despite having no legal requirement which mandates such controls, what do you think?

CB auditors should not be insisting on specific types of controls and we should be working to avoid turning a registration or surveillance audit into a compliance audit. I would not cite a regulation in an NCR for that reason. However, if I knew there really was one I would ask and probe until we determine the legal/other requirement isn't fully recognized in the system. But your remark tells me you've already done that.

7. In the country where this is happening, there are federal laws and state laws which relate to the federal laws and are more detailed, however the auditors insisted that all federal and state laws must be included in the compliance assessment is this right?

I would support including all of them because some of these laws may change and keeping track of changes is so much easier when you have a list.

8. The CB auditors during the certification audit of the organization and without any notice to contractors commence auditing the contractors activities, demanding their competence reckrds and risk assessment records and calibration records despite having shown them that there is no contractual requirement for auditing contractors, furthermore, after an auditor finished asking a truck driver about safety risks and controls and assessing the driver's awareness in a very patronizing manner insisted that the driver operates the crane in the truck where the truck is parked despite the driver's request to move the truck to a clear area for safety which lead to an accident and the auditor noted it as proof of incompetence, what do you think?

I would stop short of asking a contractor like a trucking company for a risk assessment, for one thing because the driver is not likely to have it or be involved in making it. I would also take care when auditing contractors, but might ask a limited number of questions when their activities could directly impact your site. It is easy to think of that happening in an EMS (such as delivering bulk chemicals. I might ask what they have prepared to help deal with a spill, because responsibilities in such situations tend to overlap somewhat).

There are many other debatable topics and behaviors but for now i would like your comments on the topics i mentioned, please.

I think your CB auditors need push back. If I were you I would file disputes with the CB for the NCRs we have identified as bunk. Kids, puppies and auditors need to be told right away when we do something wrong.

I hope this helps!
 
M

mirrorcrax

#5
Thank you all for the time you took replying, I appreciate your input.

1. In this country contractor management is required yes. But within contractual boundaries and scope of interface between organization and contractor.
With regards to contractors, they asked to have the risk assessment of all contractors as follows:
A. Ambulatory unit present on site: risk assessment for their rescue activities and location and proof of competence of their staff and legal compliance of their activities
B. Cleaners
C. Office boys: risk assessment of all their activities including assurance of compliance to applicable local food preparation safety requirements
D.on-site rented space for providing services such as snacks and beverages or rented space to car service center for providing agreed number of services to the organizations fleet of vehicles: auditors required to see risk registers, training records, calibration records of wheel balancing machine, msds of oil in use ...etc

........

8. The auditor was escorted by department head and safety team and the department head asked the auditor twice to move the truck out in a clear area, but auditor insisted that due to time restrictions the driver can operate the crane under the garage.

Thanks again for your inputs. Hope to get more inputs on this matter from other members :)
 
Thread starter Similar threads Forum Replies Date
V Software as medical device (SaMD) replicated for multiple clients through APIs IEC 62304 - Medical Device Software Life Cycle Processes 5
C Multiple owners for one listed device Medical Device and FDA Regulations and Standards News 1
A CE-IVD Technical File with Multiple IFUs EU Medical Device Regulations 4
K One CE Mark holder - multiple manufacturing sites EU Medical Device Regulations 3
K Multiple function device products EU Medical Device Regulations 0
O Are power distribution units Multiple Socket Outlets (MSOs)? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
Ron Rompen MSA on automated measurement system - Multiple Step Vision System Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 3
shimonv FDA News FDA guidance on Multiple Function Device Products (8/2020) Other US Medical Device Regulations 1
C Contract Review with Multiple Line items ISO 13485:2016 - Medical Device Quality Management Systems 7
I Cannot Export multiple sections from Excel to PDF without losing pagination Excel .xls Spreadsheet Templates and Tools 23
Q Legal Manufacturing Address Change – multiple registrations at same address 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
B QMS question in regards to multiple medical devices/products and N/A activities Other Medical Device Related Standards 12
Proud Liberal Power Query to combine multiple tables of unequal number of columns Statistical Analysis Tools, Techniques and SPC 1
D Reduction of software class based on multiple external risk controls IEC 62304 - Medical Device Software Life Cycle Processes 5
G Gauge R&R on multiple dimensions using 3D measurement system Capability, Accuracy and Stability - Processes, Machines, etc. 6
S Samples for GR&R - Can we get the 10 samples from multiple models Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 5
Proud Liberal Cp / Cpk on position using multiple MMC bonuses Capability, Accuracy and Stability - Processes, Machines, etc. 2
M Measuring Capability of Process with Multiple Specifications Capability, Accuracy and Stability - Processes, Machines, etc. 6
C FDA Registration Requirements for Multiple Sites 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
C Can a manufacturer (in South of Korea) have multiple Brazil Registration Holder (BRH) for same brend name? Other Medical Device Regulations World-Wide 1
S Multiple Authorized Reps in the EU for the same device? EU Medical Device Regulations 3
S Providing IFU (Instructions for Use) in multiple languages EU Medical Device Regulations 0
C FMEA - Multiple function failures considerations FMEA and Control Plans 3
B AS9100 Multiple Distributor warehousing locations under same Company AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
W SOP for Vigilance reporting covering multiple requirements Document Control Systems, Procedures, Forms and Templates 3
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
A Doubt on multiple inspection carrying out for same balloon number during Stage Inspection and Final Inspection? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
J DoE (Design of Experiments) - Multiple responses with different factors Using Minitab Software 2
L Control Plan - Multiple Process Steps FMEA and Control Plans 8
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
M Multiple missed POs grounds for SCAR? ISO 13485:2016 - Medical Device Quality Management Systems 32
G Single DFU for multiple medical devices in one box Other Medical Device Regulations World-Wide 0
J Brazil GMP license work with multiple BRH? Other Medical Device Regulations World-Wide 3
E Multiple socket-outlets - Medical Device Electrical Equipment IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
F Marketing a single medical device with multiple indications Other US Medical Device Regulations 4
M IATF 16949 - Multiple Locations - 3rd party audit scope IATF 16949 - Automotive Quality Systems Standard 1
Q IATF 16949 Scope - Producing multiple products IATF 16949 - Automotive Quality Systems Standard 5
S Language of procedures when operating in multiple countries ISO 13485:2016 - Medical Device Quality Management Systems 4
A Working for multiple CB's (Certification Bodies) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 17
K IEC 60601-1 Testing for Multiple Socket Outlet (MSO) IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
H CE Marking on Multiple-Components Medical Products EU Medical Device Regulations 8
O How to deal with Multiple Datums - Position with respect to Multiple Datum Feature Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
D Implementing 5S for Multiple Shop Floor Layout Workstations Lean in Manufacturing and Service Industries 2
P Multiple Certifications - Is there an order of precedence? Other ISO and International Standards and European Regulations 3
M FDA UDI with Multiple Packaging Configurations Other US Medical Device Regulations 3
G Gage R&R Across Multiple Sites in a Company Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 10
3 Egypt: Multiple Registrations of the Same Product Other Medical Device Regulations World-Wide 2
3 Multiple registrations / authorized representatives in Iran Other Medical Device Regulations World-Wide 4
R Excel Dashboard for Health Safety and Environmental KPI's for Multiple Sites Occupational Health & Safety Management Standards 4
3 Israel: 1 Medical Device, Multiple Registrations = Possible? Other Medical Device Regulations World-Wide 3

Similar threads

Top Bottom