Proposed Change to 3rd Party Audit Process - Limiting Scope of Audit

Should CB audits limit the scope to orders of customers that require certification?

  • No

    Votes: 7 43.8%
  • Yes

    Votes: 9 56.3%
  • Can't opine

    Votes: 0 0.0%

  • Total voters
    16
  • Poll closed .

Sidney Vianna

Post Responsibly
Staff member
Admin
#1
As someone who's been involved with accredited management system certification for almost 30 years, I've seen a lot of things changing in the sector. As some of us know, the questioning about the efficacy of accredited certification is ongoing. Some people don't believe that a CB would deliberately decertify an organization, as this, basically means that revenue stream will disappear for the CB. I beg to differ, as I have been involved in decertification proceedings a number of times.

Nevertheless, without a question, the accredited management system certification process could certainly benefit from some evolutionary and some revolutionary changes. On the evolution front, one of the changes I strongly support is to limit scope of audits to product/service lines related to customers that require 3[sup]rd[/sup] party certification from suppliers. Let's remember: the primary beneficiary of ISO 9001 and a registrant's certification is/are the registrant's customers.

The current process where an audit team shows up and "randomly" audit business processes to ascertain compliance, is not proper. If a registrant's customer does not value nor require a supplier to attain certification, why should 3[sup]rd[/sup] party auditors waste their time with that product line? Auditors should, instead, focus their effort and time with the business processes related to the product lines for customers that value and require suppliers to be certified.

Do you agree? Comments?
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
My opinion is yes. However, there are processes such the non-conformance system. How do you approach that type of process?

Years ago in automotive I went through QS-9000 and TS 16949 where companies would only have certain lines audited and which were part of the certification. In those cases, for example, lines which did not run automotive products were excluded from the audit and the registration. None the less, processes such as calibration, the non-conformance and corrective action systems, etc. were company wide and there was no way to "separate" them.
 

Ron Rompen

Trusted Information Resource
#3
I am of much the same mind as Marc when it comes to this. It is difficult enough to create a single QMS for the customers who require one; to have another one (even a non-formal one) for those customers who don't require registration only causes chaos and confusion.

When I started in quality (back when we were building parts for the dinosaurs) the company that I was with made parts for both automotive and non-automotive customers. When QS9000 was foisted on us, we at first thought to have it ONLY for those customers (automotive) who required it, and to just continue on the way we were going with all the others. But with flexible manufacturing cells, multi-purpose tooling, and crosstrained operators, it was causing a lot of confusion and error trying to remember which 'rule' was to be followed with which part.

In my opinion, it is much easier to develop your system to meet the most stringent of your customer requirements, and implement it across the board. Yes, its a little more work to create and maintain it, but it prevents those horrible moments in the middle of an audit that we all dread.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#4
My opinion is yes. However, there are processes such the non-conformance system. How do you approach that type of process?
All relevant QMS processes would be audited. The major difference is that the samples used during the audit would be limited to the products/services ordered by customers that require the registrant to be certified.

It is difficult enough to create a single QMS for the customers who require one; to have another one (even a non-formal one) for those customers who don't require registration only causes chaos and confusion.
I am NOT proposing different processes/systems. I am proposing a focus by the CB audit team on the processes/systems as they relate to customers which require certification. If the primary beneficiary of 9001 and certification are the registrant's customers as very appropriately mentioned by Dr. Nigel Croft, CB auditors should focus on the products related to the customers which value (and require) certification.
 

Golfman25

Trusted Information Resource
#5
All relevant QMS processes would be audited. The major difference is that the samples used during the audit would be limited to the products/services ordered by customers that require the registrant to be certified.
Yes, so in regards to something like Corrective Action, you only look at applicable parts. That's what our TS auditors do. They only want to see CA for automotive parts. We could have a dozen for other and it didn't matter.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#6
They may only look at "applicable" parts, but I bet their sample size is the same as if they looked at other parts as well. I doubt any time is gained.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#7
The goal is not to save time either. The goal is to focus on the orders from the customers who require certification from their suppliers. One of the typical complaints we hear comes from customer organizations that have problem certified suppliers. Well, a possible reason might be that customer has requirements which were never assessed by a CB team, as the random sample might mean somebody's else orders were audited.

And, I should have mentioned, this would apply to the "vanilla" certification, not the industry augmented schemes, as those already have additional requirements associated with the scope of the audit. Another aspect of the proposal is the fact that this would only work in B[sub]2[/sub]B scenarios. For organizations involved with consumer goods, B[sub]2[/sub]C, this would not apply.
 
Last edited:

Marc

Hunkered Down for the Duration
Staff member
Admin
#8
Yes, so in regards to something like Corrective Action, you only look at applicable parts. That's what our TS auditors do. They only want to see CA for automotive parts. We could have a dozen for other and it didn't matter.
It's kind of weird when you think of it. By doing that I would think you can't claim to be ISO 9001 unless they limit the scope of your certification.

I don't know how it works these days. I thought it used to be that the company got both an ISO 9001 cert and a TS 16949 cert. I must be mis-remembering.

The goal is not to save time either. The goal is to focus on the orders from the customers who require certification from their suppliers. One of the typical complaints we hear comes from customer organizations that have problem certified suppliers. Well, a possible reason might be that customer has requirements which were never assessed by a CB team, as the random sample might mean somebody's else orders were audited.

And, I should have mentioned, this would apply to the "vanilla" certification, not the industry augmented schemes, as those already have additional requirements associated with the scope of the audit. Another aspect of the proposal is the fact that this would only work in B[sub]2[/sub]B scenarios. For organizations involved with consumer goods, B[sub]2[/sub]C, this would not apply.
Like I say - All in all I don't have a problem with limiting the scope of a certification. I have seen companies go so far as to exclude certain internal lines/processes completely and treating them as an external supplier even though they're in the same building.

I'm not convinced it would make much difference with companies having problems with certified suppliers, though. A company either makes "quality" products, or it doesn't. I have a hard time thinking "Well, the company makes good XXX products for customers X, Y and Z, but not for customers A, B and C." I come back to my belief that ISO 9001 certification is rather useless. If a company is having problems with a supplier ISO 9001 registration isn't going to solve that.

If I was running a company I would never put in a requirement for a supplier to be registered to ISO 9001. I'd want data on the company as a whole, and if it was that important I'd do a supplier audit to my own criteria in the supplier approval process.

And I think that it probably isn't unusual that some customers have requirements which are never assessed by a CB team. What about companies that have 100 or more customers? Would the CB check to see if customer requirements are met for all customers?
 

Sebastian

Trusted Information Resource
#9
1. One of our second party auditors during auditing supplier's manufacturing premises had noticed few containers with parts without any identification. Supplier representatives asked replied: "These are not parts manufactured for you."

2. I had visited one of our customer's plants due to claims they have regarding quality of our products. I suspected it was caused by dirty games of receiving department & sorting companies members, so I have asked them, why the same product manufactured by the same our Production Operator supplied to other plant of their group is not claimed. They told me: "We have here higher quality level than other plants."

Why I am saying this. Establishing separated system for subscribed OEM and separate one for non-subscribed OEM, telling people (especially production line members) they must follow strictly requirements because this product is intended for automotive customer and in other case "take it easy", as it goes for ISO 9001 one will result in significant problems in company automotive business.

Sidney already mentioned this subject in other place and I give example of company I work for, certified according to ISO/TS 16949 for several years without having subscribed customer. Currently we have and I still found satisfactory praxis that activities related to subscribed customers have highest priority during planning and performing 3rd part audits, but activities related to other customers are also audited, due to e.g. significant sales share, quantity of claims and existence of newly implemented projects.
 

Big Jim

Trusted Information Resource
#10
I see value in what Nigel Croft and Sydney are saying, but I also see some potential snags in application. I think it could be worked out though. I would think you could do that for certain elements of the standard, and others would need to be applied universally. Determining which to do what with could be a headache, but with with some actual cases to work with it could become reasonably smooth.

I must add though, that this can be done now depending on how the organization handles their scope statement.

I have a client that mixes production with items that are part of their ISO scheme with some that are not. Only about 10% of production falls into the ISO scheme. They have red job cards for the ISO product to help tell them apart.

I have a machine shop client with 10 work cells. Two of them are dedicated to AS9100 and eight of them to ISO. Again, they use different colored travelers to tell the jobs apart.

I have a machine shop client that feels he can live with all the AS9100 requirements for all of his work with the exception of first article so he has a statement with his scope statement that he only does first article for AS9100 customers and not for customers that have no such requirement. They don't want to worry about a first article for the part that farmer John brings in to have a replacement made for his antique tractor.
 
Thread starter Similar threads Forum Replies Date
V Do we need to enclose Draft version of Proposed Changes in Change Control US Food and Drug Administration (FDA) 8
S Proposed Quality Improvement - Thoughts? Medical Device and FDA Regulations and Standards News 3
M Informational US FDA – CDRH Proposed Guidances for Fiscal Year 2020 (FY 2020) Medical Device and FDA Regulations and Standards News 0
P Proposed revision of IEC 62304 - 2019 IEC 62304 - Medical Device Software Life Cycle Processes 6
M Informational TGA Consultation: Proposed clarification of the regulatory requirements for medical device systems and procedure packs Medical Device and FDA Regulations and Standards News 2
M Informational TGA Consultation: Proposed changes to medical device essential principles for safety and performance Medical Device and FDA Regulations and Standards News 0
Q Proposed Kpis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Watchcat Informational Proposed Rule - De novos - 2019 Other US Medical Device Regulations 1
M Informational IMDRF proposed document – IMDRF terminologies for categorized Adverse Event Reporting (AER): terms, terminology structure and codes (Edition 4) – Anne Medical Device and FDA Regulations and Standards News 0
M Informational US FSA – Surgical staples – Guidance and proposed rules Medical Device and FDA Regulations and Standards News 0
M Informational IMDRF – Proposed update to Clinical Evaluation documents Medical Device and FDA Regulations and Standards News 0
M Informational TGA – Several proposed changes to classification to better align with the EU MDR Medical Device and FDA Regulations and Standards News 0
M Informational TGA Consultation: Proposed regulatory scheme for personalised medical devices, including 3D-printed devices Medical Device and FDA Regulations and Standards News 0
T FDA proposed labeling standalone software cloud based US Food and Drug Administration (FDA) 4
M Medical Device News FDA Withdrawals Two Proposed Rules Other US Medical Device Regulations 0
M Medical Device News FDA News - 03-10-18 - CDRH FY 2019 Proposed Guidance Development and Focused Retrospective Review of Final Guidance Other US Medical Device Regulations 0
M Medical Device News Health Canada - Proposed Changes - List of Recognized Standards for Medical Devices Canada Medical Device Regulations 3
M Proposed System: Revision = Modification Date; Approval = Access Permissions Document Control Systems, Procedures, Forms and Templates 1
M Updates on proposed EU Medical Device Regulations - June 2016 EU Medical Device Regulations 20
E Status of proposed changes to Medical Device Directive EU Medical Device Regulations 0
Ajit Basrur New Guideline from ICH proposed on Lifecycle Management - Q12 Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
L The proposed changes to ISO 14001: Better or just bigger? ISO 14001:2015 Specific Discussions 5
0 Feedback on proposed restructure of Quality Management System (QMS) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
Ronen E Proposed reclassification of Ultraviolet (UV) Lamps intended to tan the skin Other US Medical Device Regulations 1
P Proposed Changes to the Medical Device Directive (and IVDD) EU Medical Device Regulations 0
S Proposed FDA Board of Directors - 2013 US Food and Drug Administration (FDA) 1
D Ticketing System to Manage Five Service Lines for proposed QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Ajit Basrur FDA - CDRH Fiscal Year 2013 (FY 2013) Proposed Guidance Development US Food and Drug Administration (FDA) 0
1 510 K Webinar on Proposed Changes Other US Medical Device Regulations 4
M Proposed EU MDD (Medical Device Directive) Revision(s) - 2012 - 2013 EU Medical Device Regulations 16
S US FDA Unique Device Identification (UDI) Proposed Rule 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 18
K Opportunities for Improvement - Proposed Items in Management Review Meetings Management Review Meetings and related Processes 4
Michael Malis FDA to release proposed 510(k) improvements today US Food and Drug Administration (FDA) 1
Paul Simpson Proposed New Management Systems Standards Structure - July 2010 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Michael Malis CLSI Proposed Guideline for Validation and Verification of Tubes for Blood Collection US Food and Drug Administration (FDA) 1
M New GHTF proposed documents - CAPA and Audits of Control of Suppliers Other Medical Device and Orthopedic Related Topics 4
M An Honest Gauge R&R Analysis - Proposed usage of Donald Wheeler Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 15
bio_subbu US FDA Proposed Rule for Combination Product Reporting US Food and Drug Administration (FDA) 1
Ajit Basrur Proposed documents from GHTF (Global Harmonization Task Force) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
tsmith7858 Proposed Food Safety Legislation for USA Food Safety - ISO 22000, HACCP (21 CFR 120) 1
N Feedback on Proposed plan for Management Review Management Review Meetings and related Processes 17
C Is there a new Part 3 in the CFR 14? Or is a NPRM (Notice of Proposed RuleMaking)? Federal Aviation Administration (FAA) Standards and Requirements 2
M Proposed subforum: Quality Systems for Hospitals & Healthcare Providers Hospitals, Clinics & other Health Care Providers 11
L Predictive Maintenance activities - Please review my proposed form/criteria IATF 16949 - Automotive Quality Systems Standard 6
A Proposed Revision to the Medical Device Directive Medical Devices Directive 93/42/EEC ISO 13485:2016 - Medical Device Quality Management Systems 2
Marc Proposed Federal Rules On E-Document Destruction - Fed. R. Civ. P. 37 Records and Data - Quality, Legal and Other Evidence 0
Randy An EMS as a Supplemental Environmental Project (SEP) to help offset proposed penalty Miscellaneous Environmental Standards and EMS Related Discussions 5
C 8D - proposed corrective action, and then a corrective action implementation Preventive Action and Continuous Improvement 2
M Is There a Revision History or Change Log for Canadian Regulations? Canada Medical Device Regulations 3
C Brazil - Product Code (and brand) Change Other Medical Device Regulations World-Wide 0
Similar threads


















































Top Bottom