Permissible Exclusions - ISO 9001

[Paul Simpson]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

Sidney is spot on. You can only exclude things that aren't being done. If they are being done but are outsourced then your organization is still responsible and has to exercise control.

Re: The other N/C on Q.Policy the auditor is not correct as no non compliance exists at this point as there are no obsolete policies out there (I presume) s / he may have a genuine concern (observation) that if you change your QP there is not a hope in he11 of you getting all the old editions back!

 

[Helmut Jilling]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

Sidney is spot on. You can only exclude things that aren't being done. If they are being done but are outsourced then your organization is still responsible and has to exercise control.

Yes, but the control is often exercised by the other location. Assuming it is also certified, then it is a linked process, and can be audited under the other audit. However, if the remote location is not certified itself, then it has to be audited.

Either way, though, I believe Sidney is correct in that it has to be defined in the process list, etc.

 

[tyker]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

Sidney is spot on. You can only exclude things that aren't being done. If they are being done but are outsourced then your organization is still responsible and has to exercise control.

I'm going to disagree with you, Paul.

For the organization as described, I think the requirement of ISO 9001 clause 1.2 applies which allows the exclusion of any activity from clause 7 (Purchasing being clause 7.4) where the "... requirements cannot be applied due to the nature of an organization...".

 

[Helmut Jilling]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

I'm going to disagree with you, Paul.

For the organization as described, I think the requirement of ISO 9001 clause 1.2 applies which allows the exclusion of any activity from clause 7 (Purchasing being clause 7.4) where the "... requirements cannot be applied due to the nature of an organization...".

Good point. But in this case, the activity is being performed. But, it is performed outside their facility by a sister facility. Therefore, Purchasing is part of their process, but it would have to be identified as a remote link or an outsourced process. I think it would be a remote location.

It would have to be audited at the other facility at some regular frequency.

 

[Paul Simpson]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

I'm going to disagree with you, Paul.

For the organization as described, I think the requirement of ISO 9001 clause 1.2 applies which allows the exclusion of any activity from clause 7 (Purchasing being clause 7.4) where the "... requirements cannot be applied due to the nature of an organization...".

I might have known there'd be trouble.

Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes. Control of such outsourced processes shall be identified within the quality management system.

I'd planned to quote this in a reply to hjilling but will leave it here anyway.

Now IMHO the whole organization should be audited across all the sites (ideally by the same CB under the control of the same lead auditor) to get the full benefit of the process approach but that is another thread (in fact I remember posting about it).

I'll read my standard and get back to you ...

Still if I'm wrong there are worse things ..... like lying about your age.

 

[tyker]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

Good point. But in this case, the activity is being performed. But, it is performed outside their facility by a sister facility. Therefore, Purchasing is part of their process, but it would have to be identified as a remote link or an outsourced process. I think it would be a remote location.

It would have to be audited at the other facility at some regular frequency.

Did I miss something here? I thought I was agreeing with your previous post #58 in this thread. Never mind, I know how fickle auditors can be.

Gary Phillips post stated that the registrar wanted these activities listed as "not applicable...". Is there a material difference between that statement and excluding it from the scope? Is the organization or its customers going to get any benefit from this interpretation?

In any case, the registrar is wrong to only consider design and development for exclusion and, if I were Gary, having established that point I'd carry on with the argument and try and re-establish the exclusion.
I might lose the argument but I'm used to that.

 

[Sidney Vianna]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

I had suggested the perusal of N630 - Guidance on Outsourced Processes. Such document states:

NOTE: In some situations, the organization might not “purchase” the outsourced process in the traditional sense. As mentioned in 2.1 it might, for example, receive the service from a corporate head office or from another division within a group of organizations, without any monetary transaction taking place. Under these circumstances, however, ISO 9001:2000 Clauses 7.4 and 4.1 are still applicable.

 

[tyker]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

Thanks Sidney, I'm very close to conceding defeat although I might still argue about the enforcement of a note in a guidance document.

None of the third party auditors I've worked with have made reference to the TC 176 guidance modules or the Auditing Practices Group documents that you have referenced in other posts (and I appreciate your efforts in this respect). Even if the registrars' administrators are fully conversant with all these interpretations (which I doubt) many quality managers certainly aren't. Is it fair to impose interpretations on us which aren't clearly spelt out in the standard or scheme rules?

Wouldn't it be nice if all the interpretations found necessary for ISO 9001 were to be clearly identified as requirements in the revised version for 2009?

Ok this is seriously I'll give up now.

 

[Paul Simpson]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

Thanks Sidney, I'm very close to conceding defeat although I might still argue about the enforcement of a note in a guidance document.

What, and I haven't even got back to my standard. That's the trouble with threads that Sidney gets involved in ...

None of the third party auditors I've worked with have made reference to the TC 176 guidance modules or the Auditing Practices Group documents that you have referenced in other posts (and I appreciate your efforts in this respect). Even if the registrars' administrators are fully conversant with all these interpretations (which I doubt) many quality managers certainly aren't. Is it fair to impose interpretations on us which aren't clearly spelt out in the standard or scheme rules?

Absolutely ... another thread surely.

Sidney brought this information to the cove (thanks again, Sid) but how prevalent is it in the certification community.

On a related topic, I remember a manager of mine (who shall remain unnamed) who invested a lot of time and effort in making sure his auditors were kept up to date with developments in the industry. He got me to develop training / guidance for mechanical engineers auditing machinery manufacturers to make sure they were up to speed with the (then) new requirements of the Machinery Directive.

I wonder what happened to him, perhaps tyker remembers?

Wouldn't it be nice if all the interpretations found necessary for ISO 9001 were to be clearly identified as requirements in the revised version for 2009?

Ok this is seriously I'll give up now.

It does beg the question as to what status a lot of these "guidance documents" have.

 

[Gary L. Phillips - 2007]

Re: ISO 9001:2000 Permissible Exclusions - Need an opinion

What a flurry, I have begun.
In my original post (and in our QM) I stated that ONLY D&D were excluded from our system, and that the others WERE outsourced.

We a unique organization for a number of reasons: Our parent organization is a British corporation operating on a global scheme, mostly in defence or other high level governmental programs and are located throughout the world.

1. Our facility produces a new state of the art future weapon system for the US government which requires us to be a wholly owned US company, and we are a subcontractor to our parent corporation as a build to print shop - assembly, integration, test, delivery and the customer acceptance test at one of US Proving grounds.

2. All drawings and specifications have been produced by up line company in the UK - blessed by the US Government, and we are not able to change any aspects of those documents.- Hence D&D is excluded.

3. Another portion of the parent corporation is tasked with all supply chain management activities relating to the weapon system components, and monitor these suppliers through a variety of methods, including selection, evaluation, and auditing. While there is a staff of 6-8 persons at our facility, they report directly to their own corporate identity with a dotted line to our local Dirrector. This corporate function has also contracted all IT support for all organizations in N. America. - Hence outsourced but not by our local organization. We do have links and hand offs for many issues and where locally we need items i.e.: measurement devices, calibration service, NDT testing, Registration service we submitt all particulars to the procurement personnel for agreement negotation of costing, etc and the complete the rest of the process. We do verify purchased goods including weapon system components locally by our own quality staff. - again this is described in our quality system

Purchasing, IT support, and NDT testing are not excluded but outsourced. We also internally -by the Quality function- monitor and audit these three activities on site as all NDT testing is performed locally on site.

All of this is in our QM and also depicted in the process interaction chart of the QM. I can not understand why after 3 years our Registrar thinks that we are excluding Pur. IT and NDT processes as we are difinately not!

Lastly, I do not know why they declare and mandate their own interpetations on exclussions. I have looked at our contract, which states that we only exclude D&D requirements, however, were we to determine that any other area of Clause 7 where requirements "cannot be applied due to the nature of our process and/or product" - 9K:2K 1.2 Application; our registrar will not even consider much allow for exclusion.

More lost respons e work for no good business reason !!

BTW, thanks to HJilling, Tyker, Sydney, and Paul for all of your comments.