Recent ISO 9001 Re-registration Audit Questions

M

mcgilla

#1
Hello everyone,

I'm actually looking to get some feedback on interpretations of a few things. We've just gone through our re-registration audit late last week. And while we didn't get any findings, our auditor's style is one that he hints towards things he's going to look at during our next surveillance. He was auditing our production processes and asked a few employees what our Quality Policy means to them. I wouldn't have given any better responses than many of my workers, however they didn't mention "continual improvement". Our policy states that, of course, but I feel this is getting to a nit picking stage of auditing our company. I don't see where it can be interpreted as needing to say those exact words. That's what I'm wondering about in your interpretations.. do my employees "HAVE" to say continual improvement. When my workers were questioned by our auditor about continual improvement, they all agreed that's what we do all of the time. It's a normal environment to them.

Second comes to another critical area of the standard.. Internal Auditing. He got hung up on "reporting results" meaning literally writing a report. I interpret that differently in that if I can report on the results in management review, that satisfies the standard. He specifically wanted observations, findings, recommendations, opportunity for improvement all on a report. The dynamic of our management staff is not one of fluff. We tell each other what was found, assign people who handle the task/action items, report the closing date, verify the action and discuss. What was not necessarily captured is our "discussion". Am I being too simplistic in my interpretation of reporting results. We've found that simple really allows for a great system. Our staff wears many hats, as I'm sure most everyone's does, so I'll have a mutiny on my hands if everyone has to read/write a lengthy report outside of management review of our system.

I appreciate any feedback.

Ed
 
Elsmar Forum Sponsor
L

lk2012

#2
Hi Ed,
your Auditor was having a bit of a grumpy nitpicker day wasn't he?

On the quality policy situation, I'd just add it to your colleague's training - you can even say that it's something the Auditor wants to hear. We have a similar situation, everyone's got to rattle off 'Zero Defect Policy' in that exact wording because that's what Volkswagen and the likes expect people to hear. :ca:

As for the internal audit reports - do your reports clearly show:
- audited department / process
- clauses you audited against
- audit findings
- observations / opportunities for improvement
- non-conformances
- corrective actions (or link to associated corrective action report) incl. responsibility
- sign-off

If yes, that should demonstrate the audit reporting process. You can always show supporting evidence such as minutes of meetings / progress reports / communication in emails... I know it's really difficult when the organisation's quite small and people really have to better things to do at work than fill in reports and forms. Give it a go and see how your Auditor likes it.

Worst-case scenario, you can always ask the Registrar to delegate your audit to a different auditor on the grounds of unprofessional conduct. Don't suffer in silence.
Good luck :cfingers:
Lil
 
J

Jamie_

#3
Has your auditor mentioned the lack of internal audit reports before? I personally have always had our auditors do audit reports along with issuing C/PARS if needed. IA reports are such an inherent part of the process to me, it never occurred to me that some don't do them - so I'm wondering if they said anything at any previous surveillance audits?

Fwiw audit reports don't have to be a nightmare. I personally write a detailed report, because that's how I like to do it and my handwriting completely illegible so I'd need to type my notes up anyway. But for my auditors who take well organized and legible notes the audit report can be a brief summary and refer to notes.

Questioning about including continuous improvement in their answers is weird to me. When he questioned them they affirmed you have this covered, so why does it need to be in their initial responses? To me that would seem to encourage coaching rather than assessing their genuine responses. Sounds counterproductive to me.
 
M

mcgilla

#4
Lil,

Yes, he was definitely having a grumpy day. The auditor mentioned that after auditing in Asia where, when you ask about the quality policy that is 1 page long, everyone stands at attention and recites it word for word, that there's no excuse for not being able to describe it in their own words. Yes, definitely grumpy.

In terms of Internal Audits, it's been a work in progress, it was cumbersome before and we're definitely leaning it out and trying to make sure we get everything we need, but also that it's something of value. No one wants to do anything that doesn't help the company, that's the thing he hasn't really grasped yet and since he only see's us as a snapshot audit instead of living what we do... ok now I'm writing a book, but the list of things for "reporting" I can see where I can improve things a bit and keep it lean.

Jamie, this was the first mention of it, nothing at previous surveillance audits. About two years ago we updated our procedure to this format and all was well. I won't pick on this particular auditor, we've had several during our registered time that will compliment our process one audit and then pick it apart the next. Probably the most inconsistent lot of people I've ever had to deal with. Had he started mentioning a non-conformance, I would have argued. But in referencing the standard to look to improve our process, it just says "reporting results" that doesn't mean a report to me, just a communication of those results. But I think Lil has got my gears turning for the streamlining of things.

Thanks for responses thus far.
Ed
 
L

lk2012

#5
I know exactly what your auditor meant by people standing up to attention rattling off the policy word-by-word. He forgot to add that they might not always understand the real life use of it though. ;)
As an Auditor, I'd rather see people understanding the gist of the policy and telling it in their own words, or even better in their own actions, than mindlessly regurgitating words.

Good luck with your streamlining, let us know if there's anything I or other Covers can do to help :bigwave:
 
J

Jamie_

#6
A page long and they can recite it? I have ours printed on cards and everyone keeps one in their plastic ID pocket. Ours is 16 words long and I'd quit before I'd attempt to get everyone to memorize it, much less a page. That's terrifying!

I really like your approach to make sure what you're doing has value - nothing will get people to ignore procedures faster than a lot of busy work done solely for the benefit of the registrar - it has to mean something.
 
P

pldey42

#7
If it's any help, clause 5.3.d requires the quality policy to be communicated and understood; it doesn't say, "and recited verbatim."

Clause 8.2.2 does require records of internal audits to be maintained and that's typically done with reports or a spreadsheet or database of findings (nonconformities etc.) not so much for auditors, but to enable corrective actions to be tracked to closure and for trend analysis, for example the same NC recurring; if it's all done verbally (and the OP seems to suggest that it is) there's a risk of things falling between stools, even with the best will in the world. If it takes an hour to interview someone and there's a nonconformity, it surely only takes a few minutes more to write it up - one sentence to quote the requirement and another sentence for the nonconformity. together with the evidence.

E.g. Clause 5.3.d requires the quality policy to be communicated. Of 12 people interviewed, 6 said, "What quality policy?" Not that, in this case, they did.

Pat
 
M

mcgilla

#8
If it's any help, clause 5.3.d requires the quality policy to be communicated and understood; it doesn't say, "and recited verbatim."

Clause 8.2.2 does require records of internal audits to be maintained and that's typically done with reports or a spreadsheet or database of findings (nonconformities etc.) not so much for auditors, but to enable corrective actions to be tracked to closure and for trend analysis, for example the same NC recurring; if it's all done verbally (and the OP seems to suggest that it is) there's a risk of things falling between stools, even with the best will in the world. If it takes an hour to interview someone and there's a nonconformity, it surely only takes a few minutes more to write it up - one sentence to quote the requirement and another sentence for the nonconformity. together with the evidence.

E.g. Clause 5.3.d requires the quality policy to be communicated. Of 12 people interviewed, 6 said, "What quality policy?" Not that, in this case, they did.

Pat
Information in spreadsheets and nonconforming databases exist with regard to any issue. The auditor wanted a written report on the audit, much more than even the few sentences you suggest. I questioned adding a bit more detail to where we already log our internal audit items, actions, completion dates, responsibility, etc. and he wanted a report. He's writing a report to give to my organization, our auditors need to write reports.

I'm not arguing against any suggestions by any means, just his interpretation of what reporting results required. We've had this gentleman for a couple of years now, I know our registrar will circle a new auditor in within the next year or two and I'll get to learn the new person's tendencies. He had just never brought it up as an issue in the past few audits, until last week.

I'll need to ask more questions in the future and not just be the occasional lurker.. great feedback!!
 

somashekar

Staff member
Super Moderator
#9
I questioned adding a bit more detail to where we already log our internal audit items, actions, completion dates, responsibility, etc. and he wanted a report.
I am wondering what actions you mean here ...
Are they the audit outputs., the conforming and non-conforming situations with your audited sample information ?
If you do not have these, then you are not having records of audit.
 
M

mcgilla

#10
We do have those, records was not an issue, there are plenty of records, the issue and discussion was lack of a written report. My question to the auditor was basically if I put the information on our spreadsheet instead of in two different electronic formats, if that would satisfy his need for a written report. He really wanted a narrative of every conformance and non-conformance. For instance, he left 8 bullet points with me on our effective processes and areas for potential improvement. I will get no less than a 10 page report from him listing document numbers with revision information and the narrative of his conversation with the people he audited.

Our internal dynamic is not that narrative, we like points of interest, fix them and check their effectiveness. I just have to meld that with a little narrative into our system and I'll argue all day that we absolutely meet the requirement.
 
Thread starter Similar threads Forum Replies Date
F Recent ISO 9001 audit - Pallet/spool heat treat records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D Recent changes to ISO 14971 - SOP required for managing standard revisions ISO 13485:2016 - Medical Device Quality Management Systems 1
H Listing the gaps between EN ISO 14630:2012 and recent vesions Other Medical Device Related Standards 1
L Lessons Learned from our recent ISO/TS 16949:2009 Surveillance Audit IATF 16949 - Automotive Quality Systems Standard 2
W Non-Conformance from recent Audit carried out on Purchasing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
S IFU on web page - Consequences if the most recent one is not uploaded EU Medical Device Regulations 3
A Internal Audit - Findings - Recent Internet Audit (Prior to Certification) IEC 27001 - Information Security Management Systems (ISMS) 7
T Before recent Quality Standards - History Coffee Break and Water Cooler Discussions 11
G Free ASTM Standards? Recent Court Ruling making their standards free? Various Other Specifications, Standards, and related Requirements 10
G Recent Updates to 21 CFR Part 820? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
B What is the most recent version of MEDDEV 2.4/1 rev8 ISO 13485:2016 - Medical Device Quality Management Systems 6
J AS9100 & recent amendments to FAA Title 14 (14 CFR) Federal Aviation Administration (FAA) Standards and Requirements 2
Steve Prevette A recent presentation on SPC and "Leading Indicators" Statistical Analysis Tools, Techniques and SPC 23
J Angularity or Composite profile - Angularity callout on a recent print Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
ScottK Observations on recent interviewees... Career and Occupation Discussions 8
A Where to Find the Most Recent Standards? Other ISO and International Standards and European Regulations 7
RoxaneB A much "needed speeding ticket" - Results of recent external audit General Auditing Discussions 7
P Recent article from the BBC website (American Automotive) World News 20
ScottK My recent ISO9001 Kickoff Presentation - powerpoint .ppt - By request ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
W Recent graduate from Texas A&M University Career and Occupation Discussions 6
A Anyone Hear about a recent AS Mandate Letter from UTC and Boeing? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
T Some Recent Linux Info After Work and Weekend Discussion Topics 1
D GM Controlled Shipping Restriction due to a recent quality issue Customer and Company Specific Requirements 2
A ISO 11607-1: 2019 main changes Other Medical Device Related Standards 2
G National Structural Steel Specification 7th Edition - Do I now have to be audited against ISO 3843-3 as well as ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J ISO 13485 System 'soft start' - How to best reflect this in initial audits, management review minutes and other records? ISO 13485:2016 - Medical Device Quality Management Systems 3
L How to understand the clause 6 Planning of ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 4
B ISO 8536-4 Contamination Index ISO 13485:2016 - Medical Device Quality Management Systems 0
S Practical Implementation of ISO 14971 ISO 14971 - Medical Device Risk Management 6
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
L Process changes and biocompatibility (ISO 10993-1) Other Medical Device Related Standards 1
J Recommendations for online ISO 19011 training? Training - Internal, External, Online and Distance Learning 6
D ISO 13485 8.2.1 and 8.2.2 - Customer Feedback and Customer Complaints ISO 13485:2016 - Medical Device Quality Management Systems 5
S Requirements to obtain ISO 50001 Certification ISO 14001:2015 Specific Discussions 2
A ISO 11135:2014, B.1.4, BI resistance x product bioburden ISO 13485:2016 - Medical Device Quality Management Systems 6
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 4
J Sister-company providing parts is only ISO 9001 registered IATF 16949 - Automotive Quality Systems Standard 7
M Getting started in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 21
G Copy of withdrawn ISO 9001:1994 Quality Management Standard ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
P ISO 80369 and endoscope port/lumen Other ISO and International Standards and European Regulations 4
C ISO 639-1 Languages Other Medical Device Related Standards 0
B ISO 11607-2 "Critical Parameter" vs. "Process Parameter" Other Medical Device Related Standards 3
S ECG Cable Banana to Snap or Tab electrode Adapters -- ISO 10993 Requirement Other Medical Device Related Standards 0
I ISO 2233:2000 Question - Medical Device Shipping/Transportation Validation Other ISO and International Standards and European Regulations 1
P ISO Class 8 particle count (annual certification vs monitoring) ISO 13485:2016 - Medical Device Quality Management Systems 4
T ISO/IEC 17065 certification scheme Help Other ISO and International Standards and European Regulations 7
A Does ISO 9001:2015 cover all the requirements of ISO 10012:2003? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
G Logistic organization and controls - IATF/ISO 9001 audit Nonconformance and Corrective Action 2

Similar threads

Top Bottom