Redacting Info Before Giving to Auditor

#1
What is your practice for providing auditors from a CB with documents?

Our remote auditor (recertification audit) asked us to send over some batch tickets and the owner president of our company told us after the fact that we need to redact all of the formula information because the formula doesn't technically belong to us, we just follow it.
Is this necessary? I know the auditor is supposed to maintain confidentiality.

Obviously a little late now for us to do anything about it, but I'd still like to know what the Cove thinks.
 
Last edited:
Elsmar Forum Sponsor

Ninja

Looking for Reality
Trusted Information Resource
#2
FWIW (not sure if it would hold up under tight scrutiny),
We took our customer's requirement to be ISO/QS/IATF Certified as implicit permission to share required/requested permission in order to be audited.

We would steer the auditor primarily to internally owned formulae, and resist for "customer owned proprietary IP"...but if the auditor insisted (one time only) we would share that as well...and note it in our records.
Not sure how we would have done this on remote audit...no way we would have "sent over" any formula info...we didn't even email it within the company for security. I think we would have redacted heavily as the owner has requested.
 
#3
FWIW (not sure if it would hold up under tight scrutiny),
We took our customer's requirement to be ISO/QS/IATF Certified as implicit permission to share required/requested permission in order to be audited.

We would steer the auditor primarily to internally owned formulae, and resist for "customer owned proprietary IP"...but if the auditor insisted (one time only) we would share that as well...and note it in our records.
Not sure how we would have done this on remote audit...no way we would have "sent over" any formula info...we didn't even email it within the company for security. I think we would have redacted heavily as the owner has requested.

I should probably clarify that I mean my boss when I said owner, but I suppose that won't change the answer much.
Our company isn't a high security place by any means, and initially the president said "send whatever you need to, I don't really care."

Thanks for your input, it's good to know that this is something that companies do.
 

John C. Abnet

Teacher, sensei, kennari
Staff member
Super Moderator
#4
Good day @Whiskey ;
Considering proprietary information "up front" can help you with his. For example, one organization I worked for performed the heat treatment process(es) on the products we manufactured. We ensured that documents such as control plans (an automotive "contract" with the customer as to HOW a product and its processes are controlled during manufacture), simply identified/"pointed to" our internal document ("recipe"). The customer (in this case an automotive manufacturer....for example, Chrysler), would sometimes perform audits and ask to see the controls. They were shown how the control plan "pointed' to our internal recipe,, but they were not allowed to have of photograph or copy of the recipe (although we did allow them to lay eyes on "it" so that they were assured it was in place and in use).

The same can/should/(must?) apply for your 3rd party auditors. Some information is legally restricted for distribution by an NDA arrangement with your customer, and some are simply company proprietary secrets. The auditor only needs to verify that your organization has verified that the processes are consistent with requirements and see evidence of that verification. The auditor does not need to and should not ask to see proprietary information. Do not share what your organization or your customers have deemed proprietary. For the auditor to mandate this is for the auditor to require your organization to violate its own/and customer rules of engagement. (By the way, it helps if your organization identifies by category WHAT information is proprietary so all associates have a consistent approach. This also allows the "no you can't see that" to be based on a process requirement and depersonalizes the situation).

NOTE:
Often it may be possible to show an auditor one example from a complex set of proprietary information without giving/sharing enough to benefit any outside parties who may want to steal intellectual property.

Hope this helps.

Be well.
 
#5
Good day @Whiskey ;
Considering proprietary information "up front" can help you with his. For example, one organization I worked for performed the heat treatment process(es) on the products we manufactured. We ensured that documents such as control plans (an automotive "contract" with the customer as to HOW a product and its processes are controlled during manufacture), simply identified/"pointed to" our internal document ("recipe"). The customer (in this case an automotive manufacturer....for example, Chrysler), would sometimes perform audits and ask to see the controls. They were shown how the control plan "pointed' to our internal recipe,, but they were not allowed to have of photograph or copy of the recipe (although we did allow them to lay eyes on "it" so that they were assured it was in place and in use).

The same can/should/(must?) apply for your 3rd party auditors. Some information is legally restricted for distribution by an NDA arrangement with your customer, and some are simply company proprietary secrets. The auditor only needs to verify that your organization has verified that the processes are consistent with requirements and see evidence of that verification. The auditor does not need to and should not ask to see proprietary information. Do not share what your organization or your customers have deemed proprietary. For the auditor to mandate this is for the auditor to require your organization to violate its own/and customer rules of engagement. (By the way, it helps if your organization identifies by category WHAT information is proprietary so all associates have a consistent approach. This also allows the "no you can't see that" to be based on a process requirement and depersonalizes the situation).

NOTE:
Often it may be possible to show an auditor one example from a complex set of proprietary information without giving/sharing enough to benefit any outside parties who may want to steal intellectual property.

Hope this helps.

Be well.
Great points! Thanks :)
 
Thread starter Similar threads Forum Replies Date
Q Request Calibration Info Calibration and Metrology Software and Hardware 16
Watchcat REGULATORY WATCHCAT - De novo info updated and consolidated Other US Medical Device Regulations 0
Brizilla User Profile - How do I edit my profile info? Elsmar Xenforo Forum Software Instructions and Help 3
O Any info on release date of FDA “Computer Software Assurance for Manufacturing and Quality System Software” document? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
B What regulates DICOM Viewer? Wat are the mandatory info that shall be displayed on the screen? Other Medical Device Related Standards 1
GreatNate Document Control info - What is required on a controlled form/document for ISO 9001: 2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S MDR Annex II Design & Manufacturing info - 'Adjuvants' definition EU Medical Device Regulations 3
Marc Google - New Privacy Info - July 2016 World News 3
M List of Contact Info for Asian Regulatory Authorities Other Medical Device Regulations World-Wide 0
H Any info on Forensic IVD market in India ? CE Marking (Conformité Européene) / CB Scheme 1
somashekar Info about a specific federal regulation - End use and end user information Misc. Quality Assurance and Business Systems Related Topics 2
U Root Cause for a Form not having all info (traceability standard and the gage number) Problem Solving, Root Cause Fault and Failure Analysis 14
S How to Capture Low Volume Process Info? Lean in Manufacturing and Service Industries 3
M Device Identification (UDI): How to avoid redundant info? Other US Medical Device Regulations 5
S Major Changes in Indian H&S Legislation - Info. for Indian Covers Occupational Health & Safety Management Standards 0
L Fourier Analysis for NVH - Reference info to understand the Fourier Analysis method General Measurement Device and Calibration Topics 4
A FPA (Failure Prevention Analysis) and FMA (Failure Mode Avoidance) info wanted FMEA and Control Plans 6
J Where to find info about equivalent standards? ESD issues Other ISO and International Standards and European Regulations 4
Q Suppliers info into my Documents Control (Documents of External Origin)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
smryan 1-sample t required info question Using Minitab Software 6
Ajit Basrur Info on online Masters course related to Medical Devices required Training - Internal, External, Online and Distance Learning 2
S Medical Device Design Verification and Validation - info Other Medical Device and Orthopedic Related Topics 1
D Info for Health and Safety in Software Development companies Occupational Health & Safety Management Standards 6
R AS9102 Info - Must each Assembly Component have FAI AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
Q Does Anyone Have Info on ECRI Institute? Other Medical Device and Orthopedic Related Topics 8
S Excel Training Matrix wanted - Moving employee training info from Access to Excel Training - Internal, External, Online and Distance Learning 11
D Info needed for a 510k of a high-pressure line? Especially Design Controls 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
R Essential info on the name place of a CE marked medical product EU Medical Device Regulations 1
C Updating the IPC1752 info RoHS, REACH, ELV, IMDS and Restricted Substances 3
C New workshop at different address - Do I have to update the establishment info? US Food and Drug Administration (FDA) 6
GStough What Is Your Experience - Receiving Info for Online Provisional QMS Auditor Exam? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 7
X Anyone w/experience - Internal part Chem Labels in a Sensitive Info. environment? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
P Some Info on ISO 9001:2008 revision ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J Contract Review - Please help me define the requirement 7.2.2 Info needed Contract Review Process 9
Ajit Basrur FDA Proposes Guidance for Dissemination of Info on Unapproved Uses of Med Products US Food and Drug Administration (FDA) 0
S ISO 9001 Nuggets of Information - A Short Snippet of Info on ISO Each Week ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
P OHSAS 18001 Training slides or training info Occupational Health & Safety Management Standards 3
Crusader Aluminum T6-T61 Heat Treating - What Info/Std Do I Need? Various Other Specifications, Standards, and related Requirements 8
J Product Realization Plant Layout - Moving to a Larger Building - Need info Manufacturing and Related Processes 7
R New virus alert info - E-mail package - Backdoor.Haxdoor.O After Work and Weekend Discussion Topics 6
M Looking for Chrysler Lay-offs, plant closings, new investments, and other DCX info Customer and Company Specific Requirements 2
M APQP timeline and definitions - Info I thought I would share APQP and PPAP 8
V Ford 2nd Tier info - Ford is asking us for a list of all of our suppliers Customer and Company Specific Requirements 29
J Where can I find more info on spaghetti charts? Lean in Manufacturing and Service Industries 10
Wes Bucey Too much info? - OR not enough? Sex Offender Registry Coffee Break and Water Cooler Discussions 48
T OHSAS 18001 Adoption Statistics - Does anyone have any info or statistics? Occupational Health & Safety Management Standards 3
P Info needed on Software for document control Document Control Systems, Procedures, Forms and Templates 6
M Lean - Seeking info on training our employees Training - Internal, External, Online and Distance Learning 12
Q Legal issues regarding 14001 - Electronic equipment industry (routers) - Seeking info ISO 14001:2015 Specific Discussions 4
S Specialised Medical Device, Pharma & Electrical Adhesives, Coatings - Seeking Info ISO 13485:2016 - Medical Device Quality Management Systems 1

Similar threads

Top Bottom