Rigid rules for handling supplier audit findings

[shimonv]

Hi Folks,
Have you seen supplier management procedures with rigid rules for handling supplier audit findings depending on supplier type and audit type?

For example, how would you handle a major finding during initial assessment of a non-critical supplier versus critical suppler? and how would it be different if this were to occur during surveillance audit?

My experience has been to keep things open and at the discretion of the QA manager, but I would appreciate hearing what is your best practice.

Thanks!
Shimon

 

[GStough]

Hi Shimon,

Are you asking from the position of the supplier being audited or the customer auditing the supplier? This might help us better understand your situation.

Thanks...

 

[Mike S.]

Rigid rules are usually not wise, IMO. Everything needs to be looked at in context. Not all minors or majors are equal in importance.

 

[shimonv]

Hi Shimon,

Are you asking from the position of the supplier being audited or the customer auditing the supplier? This might help us better understand your situation.

Thanks...

Hi GStough,
I am asking form the customer prospective.

 

[shimonv]

Perhaps the term 'rigid rules' is too biased on my part... How about guidelines for dealing with minor/major depending on supplier type and audit type? perhaps we can make a little recommendation matrix out of it.

Thanks.

 

[William55401]

I would suggest minimizing grey area. Guidelines, discretion, and rationales are great ways for device orgs to lose their way. As a compliance consultant who has observed many well intentioned rationales, I would suggest writing procedures and following them. When you can't, change the procedure.

 

[yodon]

The standard expects you to take a risk-based approach (in all things) so your efforts managing the critical supplier issues would be likely elevated from what you do with the non-critical supplier. Presuming the effects of the issues with the critical supplier could result in harm or regulatory non-compliance, it makes sense to kick it up a notch.

 

[shimonv]

In a sense I agree with all of you.. but again, I go back to the original question:
"Have you seen supplier management procedures with rigid rules for handling supplier audit findings depending on supplier type and audit type?
For example, how would you handle a major finding during initial assessment of a non-critical supplier versus critical suppler? and how would it be different if this were to occur during surveillance audit?"

I have not seen a good structural semi-rigid risk-based approach for categorising supplier audit findings per supplier type per audit type.
Have you? can you share some ideas?

 

[Jim Wynne]

In a sense I agree with all of you.. but again, I go back to the original question:
"Have you seen supplier management procedures with rigid rules for handling supplier audit findings depending on supplier type and audit type?
For example, how would you handle a major finding during initial assessment of a non-critical supplier versus critical suppler? and how would it be different if this were to occur during surveillance audit?"

I have not seen a good structural semi-rigid risk-based approach for categorising supplier audit findings per supplier type per audit type.
Have you? can you share some ideas?

The definition of "nonconformity" is "non-fulfillment of a requirement." I don't see the need for categorization (minor, major, etc.) of nonconformities in supplier (or internal) audits. The handling of these things should be based on risk, and not a subjective categorization.

 

[shimonv]

Thanks Jim. Old-school logic. I like it.

Shimon