Need help in determining applicable clause for an audit finding (based on AS9120B)


During an internal audit I conducted (AS9120B standard), I found out that one of our contractual employees did not have a company badge ID. According to him, he has reported it to his manager, but unfortunately, it didn't look like it was done. There has been changes in the organization lately and to make the long story short, he never got issued one for months and was only able to get in the company premises with a temporary badge. But during the audit, he did not have one. What is even worse is the discovery of credentials sharing and some folks know about it, but are not saying something. These are all grave company violations and I just need help citing which applicable clause will it fall under:

Should it fall under:
- Leadership (5.1.1.j)?
- Ifrastructure (7.1.3.a & b)?
- Awareness (7.3.h)?

Truly appreciate your help. Thank you!

Bev D

Heretical Statistician
Super Moderator
It is a violation of our company policy - not necessarily the standard. Since this is an internal audit why don’t you just right it up?

Sidney Vianna

Post Responsibly
These are all grave company violations
If you claim they are violations, you should be able to identify what exactly they are violating. This type of "violation" is outside the scope of AS9120, but if this organization has to comply with ITAR, it does not bode well for them.

Advice. Don't misuse an internal quality system audit to attempt to fix all problems in an organization. Audits have scope and criteria. The issue you want to report does not relate to AS9120. It can still be reported as an observation, but, chances are, it will be ignored just like it has been ignored so far.

Good luck.

Big Jim

If there is a violation here it likely is to internal requirements. If you are to write it up, write it up to the internal document involved (procedure, work instruction, etc.). Read your internal documentation carefully and see if indeed there is a violation of your internal requirements and if so, write it up. If you think you have discovered a weakness, but not a violation, in the internal documents, write an observation.
Top Bottom