Notified Body - Minor Nonconformances - They have withheld all certificates

kellylisa

Registered
Hi,
firstly apologies if this has been addressed elsewhere - i don't use this forum very often and I can't navigate it very well yet.

I am a QA Consultant for a company that hhave just had their Re-cert audit (several weeks prior to my arrival).
the N.B has found a few MINOR nonconformances, which will be addresses whilst there is a transition of the QMS to meet new 9001:2015 and 13485:2016 requirements.

However, the Auditor themself has made suggestions (as is their right) to make some alterations to address the Minors found - yet until all these changes have been made to their specification, they have withheld all certificates. As such, the company i am working for do NOT hold in date certificates for their products!

I know that an auditor can offer suggestions to assist the company to address issues, but i was under the impression that they were NOT allowed to specifically state that something MUST be included/amended word-for-word (for want of a better description). E.g whilst we are addressing issues all over the QMS and its prcedures related to the overhaul - surely they are NOT allowed to state that unless we include XYZ that they will not send us new certificates. Every step that they have questioned us we have provided evidence and have stated that in the overhaul we WILL include these MINOR findings...if they continue along this road, the company will not have any certificates UNTIL the overhaul has been completed!!

We only have a few minors - nothing that affects traceability/risk/integrity of product to the point where it is anywhere near a MAJOR...
Are they allowed to continue to withhold the certificates in this manner? It's felt that the auditor is completely overstepping and that they are dragging their heels unnecessarily and ultimately will be to the detriment of the company (as we are unable to send out DOCs and Apostilled copies of up to date certs!)

all help/advice gratefully received
:)
 
Last edited:

dwperron

Trusted Information Resource
This case will depend on the Accrediting Body involved. The AB's that I have worked with (A2LA, NVLAP, ANAB) have policies for extensions of certificates while nonconformance issues are resolved. There will be a date by which you need to complete your efforts, and there can be a maximum number of extensions offered. But I know of no requirement that an AB must extend a certification, that would be their own internal policy. You need to check with the AB about that.

As for them requiring that XYZ be included, if the audit has found a nonconformance and XYZ must be included to rectify it (such as the lack of a supplier approval process) then they can surely withhold certification until this is corrected. An auditor does not have the right to require you to correct it his way, but has the right to judge whether or not you now are in compliance with the standard. Unfortunately, it is sometimes easier to humor the auditor.....

One last thing. You mentioned that "Every step that they have questioned us we have provided evidence and have stated that in the overhaul we WILL include these MINOR findings...". The corrective actions resulting from an audit are to completed, not proposed. You need to provide objective evidence that you HAVE, not WILL, addressed the issue.
 

Golfman25

Trusted Information Resource
IDK. Every audit we have had required corrective action on the minor non-conformances prior to final approval and recommendation of the audit. I think you need to fix them first. Then transition to the new standard.
 

Sidney Vianna

Post Responsibly
Leader
Admin
However, the Auditor themself has made suggestions (as is their right) to make some alterations to address the Minors found - yet until all these changes have been made to their specification, they have withheld all certificates. As such, the company i am working for do NOT hold in date certificates for their products!
Firstly, the certificates in question (9001 and 13485) are NOT product certificates. These are management system certificates. Secondly, if the auditor is not involved with the CE-marking process for the products, this is NOT a Notified Body, but a Certification Body. The differences are huge between the role of NB's and CB's.

Thirdly, as I have advised other people, multiple times, you did not hire an auditor, but, and instead, you signed a contract with a certification body. Don't let an auditor self appoint him/herself as the sole point of contact with the CB and become a bottleneck of communication. You might be being held hostage by a rogue auditor. Talk to someone in the Technical Review function of the CB.

Fourthly, what you described above and below, is NOT acceptable behavior by the auditor. They can not demand you redefine the system to include text and words to his/her liking. They must NOT inject themselves in the root cause determination and corrective action proposal.

I know that an auditor can offer suggestions to assist the company to address issues, but i was under the impression that they were NOT allowed to specifically state that something MUST be included/amended word-for-word (for want of a better description).

Fifthly, what you describe apparently contravenes paragraph 9.5.2 of ISO 17021-1:2015, which says that, for minor nonconformities, the CB can grant certificates, after it has reviewed and accepted the client's plan for correction and corrective action.

If they accepted the plan, they should not withhold the certificate and you are entitled to file a complaint with the CB and their respective accreditation body.
 
Top Bottom