Informational Required Documents/Records in ISO 9001:2015

Antonio Vieira

Involved - Posts
Trusted Information Resource
The table Annex A - CONTEXT OF AUDITING STATUTORY AND REGULATORY REQUIREMENTS WITHIN ISO 9001:2015, states for "Context for auditors ", clause 7.1 "Requirements for infrastructure, equipment, competence and qualification of personnel are common in public services such health and social services, education, etc.
Facilities open to the public are subject to licensing permits that define requirements for the infrastructure."

On this case, we can not open this organization to public without that "a safety procedure" related to evacuation in case of fire or other safety issue.
In my opinion this is another grey area of 9001 auditing scope...
 
Elsmar Forum Sponsor

John C. Abnet

Leader
Super Moderator
bring it to the attention of the audited organization

As stated...."i.e." ."...bring it to the attention..."

Remember the intended purpose. To simply ensure that the organization is aware there is some potential risk to workers/visitors. There is no requirement for how this is done.

Be well.
 

Sidney Vianna

Post Responsibly
Leader
Admin
On this case, we can not open this organization to public without that "a safety procedure" related to evacuation in case of fire or other safety issue.
In my opinion this is another grey area of 9001 auditing scope...
I don't think it is a grey area. It is a matter of context as a facility that allows for the public to be present is providing a service and that service has to comply with applicable regulations, which includes safe access and evacuation. This scenario/context is totally different than a manufacturing organization producing some type of hardware as a product and the workforce is not the public.
 

Antonio Vieira

Involved - Posts
Trusted Information Resource
Now they are asking that the Quality Policy on a board on the wall must be dated and signed by the top management...
 

Paul Simpson

Trusted Information Resource
On this ISO/IAF APG document, it´s not easy to understand this statement: "If environmental, health and safety, or other non-QMS related compliance obligations are found non-compliant, the QMS auditor may bring it to the attention of the audited organization, clarifying that it is not a
QMS finding."
When, on a QMS audit, finding a health and safety legal issue that the organization is not doing, should the auditor write an OFI in the report, or should him/her just say it to the auditee?
I remember in the good (?) old days when I worked in third-party certification we spent a lot of time discussing this point and we even brought in lawyers to provide advice. The outcome was that any individual auditor if they found a safety issue when on audit, for example, should (in no particular order)
  • Decide if they believe they are at risk and, if so, remove themselves from danger, even if it meant leaving the site
  • Contact the office to take advice from someone who may have better health & safety knowledge
  • Bring it to the attention of their guide at the time. They should take it up within their own organisation and decide if anything was to be done
  • Record details in their notes of the situation they have seen
  • NOT record it in the audit report. It is not part of the contract the CB is working under if they have been contracted to audit the QMS
  • Discuss the situation with the CB after the audit. The CB then decides if the customer's workplace is safe for the CB to send its employees/contractors to.
In a separate post, Antonio, you mention the organisation has an obligation to interested parties, including visitors (including the CB auditor). This is true and the organisation should, under national OHS law, look after the safety of visitors. This does not bring it under the scope of ISO 9001 and clause 7.1.3. All of the Context requirements in clause 4.1/2 apply only to the quality management system.
 

Big Jim

Admin
Now they are asking that the Quality Policy on a board on the wall must be dated and signed by the top management...

That's an overreach. It is not a requirement of the standard.

It was common practice during the times of the 2000 and 2008 versions of the standard but wasn't actually required even then. The thinking was to show that top management was the person that approved them, nice, but not a requirement.
 

Randy

Super Moderator
Now they are asking that the Quality Policy on a board on the wall must be dated and signed by the top management...

OK fine, then ask them to show you the requirement and when they can't, ask them to pack their stuff, get out of the building and contact the CB with a complaint about them making stuff up. Do it now or just forget it and do whatever stupid thing they demand of you from this point on.

I'm doing a certification surveillance audit the next 3 days, I saw a dozen quality policy postings today and I'll see 100 more by Thursday and I don't care, they're not controlled documents, they are not required to be controlled and they're just used a a reference/refresher.
 

Antonio Vieira

Involved - Posts
Trusted Information Resource
OK fine, then ask them to show you the requirement and when they can't, ask them to pack their stuff, get out of the building and contact the CB with a complaint about them making stuff up. Do it now or just forget it and do whatever stupid thing they demand of you from this point on.

I know perfectly well that this is not an ISO 9001 standard requirement.
In my humble opinion the audit should precisely had finished there, but top management wants to have “good relations” with the auditor and CB…
And this was just one of many not required (by the standard) things asked during the audit…
 

Paul Simpson

Trusted Information Resource
Now they are asking that the Quality Policy on a board on the wall must be dated and signed by the top management...
I had a hilarious example of a company that 'published' its policy around the site. The policies were all unsigned (not a problem, IMHO) but they kept a copy of the policy signed by the MD (President) locked away in a drawer as evidence that it had been approved.

It begs the question as to who the company thought the approval was for and how they thought employees might want evidence that the MD supported the policy.
 

lnk15

On Holiday
here are the mandatory records (note that records marked with * are only mandatory in cases when the relevant clause is not excluded):
  • Monitoring and measuring equipment calibration records* (clause 7.1.5.1)
  • Records of training, skills, experience and qualifications (clause 7.2)
  • Product/service requirements review records (clause 8.2.3.2)
  • Record about design and development outputs review* (clause 8.3.2)
  • Records about design and development inputs* (clause 8.3.3)
  • Records of design and development controls* (clause 8.3.4)
  • Records of design and development outputs *(clause 8.3.5)
  • Design and development changes records* (clause 8.3.6)
  • Characteristics of product to be produced and service to be provided (clause 8.5.1)
  • Records about customer property (clause 8.5.3)
  • Production/service provision change control records (clause 8.5.6)
  • Record of conformity of product/service with acceptance criteria (clause 8.6)
  • Record of nonconforming outputs (clause 8.7.2)
  • Monitoring and measurement results (clause 9.1.1)
  • Internal audit program (clause 9.2)
  • Results of internal audits (clause 9.2)
  • Results of the management review (clause 9.3)
  • Results of corrective actions (clause 10.1)
 
Top Bottom