Re: ISO 9001:2000 Permissible Exclusions - Need an opinion
Folks, just one question for now (below)...
We have been registered to the 9K:2K for nearly three years, and have just completed our last surveillance audit before end of cycle assessment – and I do not wish to post our registrar’s business identity publicly. During the audit last week we had two N/Cs written which I feel were off the radar. First, the auditor informed me that the QM (which has been reviewed numerous times by the same auditor and his office staff) contained an ‘exclusion’ for Purchasing which the registrar is now rejecting as they will only accept an exclusion relating to Design and Development, and “all other exclusions must be listed as “not applicable or not applicable at this time” – our registrar’s own internal interpretations. Quite thrown back I was, as our scope clearly identifies 7.4.1 Purchasing Process and 7.4.2 Purchasing Information as being outsourced to one of our parent corporation’s division, and 6.3 Infrastructure relating to IT support function and communication (both contractually arranged at the corporate level not by our facility) this same division completely manages both the entire supply chain and IT function and also monitors their activities by the Divisional Program Quality Manager -- also noted in the Quality Manual scope is that we do carry out 7.4.3 Verification of Purchased Product at our facility. Locally, we have only outsourced all NDT testing to a well qualified specialist company for whom NDT testing is their bread and butter; of course, all operators are completely certified in their specific tasks and all activities are monitored real time locally by self or others from our quality function. Corporate procurement personnel and one IT guru are on site and these functions are additionally monitored and also audited by our internal audit staff to ensure compliance with requirements.
Design and Development is the sole responsibility of our up-line corporate entity to whom we have a complete and legal subcontract agreement with, as we are a wholly owned US company, and are a build to print shop. This is actually our only exclusion.
Details and justification of the D&D exclusion as well as the reasons for outsourcing the above processes are clearly identified in text and also in a rather comprehensive process interaction chart in our Quality Manual.
One additional N/C was raised which when reading alludes to complete lack of control of required documentation, listed was all procedures and the Quality Policy statement. The QP issue evolved around his concern of availability of this specific document at all points of use. The QP is part of the badges issued to all employees, signed copy kept in each of the employee training folders, actual signed (by the Director of Operations) statements (3) located in the administration building, entranceway to the production building and also posted outside the employee break room, and posted on the primary business page on our company website. It took me about three minutes searching to locate the *pdf file showing the physically signed copy (back-up only in case of damage/loss of the original signed documents). All of these Quality Policy statements have been actually looked at each time he has conducted an audit of our facility. Incidentally, our Quality Manual specifies that the local website is the official source and library for all documents (except those sensitive which are kept by specific functional Managers). No other issues were discovered relating to any document or their lack of control.
Am I missing something here??? I personally would not want to talk an auditor out of a finding if it is indeed an N/C issue; however, I do not relish writing detailed responses to items which are definitely not nonconformities.
More to follow…
Gary
(We need a little running-around-in-circles smiley.)
I wonder why? 
I am always Fuzzy when I am not my other nicknames...
