SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system development

[Douglas E. Purdy]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

It is clear from the SI that second party audits can be done on suppliers who have not got certified to ISO9001-2000. But there are some questions
a) Should the second party audits be done against ISO9001 or TS standard?
b) What happens to the non-conformities? Can we use same procedure as been followed for internal audits?
c) What is the time frame for closing these NC's?
d) Is prioritisation applicable for second party audits also?
e) For specialy designated small suppliers, what are the clauses or elements where waiver can be given?
f) Does this SI supercede or cancel the requirement of 7.4.1.2 where it says "unless otherwise specified by customer, suppliers of the organisation shall be third party registered to ISO9001-2000 by an accredited third party certification body".


Thanks,
Andy

I have not seen ISO 17021 - Section 9. Does it answer any of your questions?

Here would be my take on some of your questions:
A) I would say that 7.4.1.2 would have you performing audits to ISO/TS 16949. Remember that conformity to ISO 9001 is the first step. That is stated in both the Clause and the SI.
B) & C) The Audit System you create for the 2nd party audit would say what to do with the nonconformities and any time frame you establish.
D) I would say that the prioritization goes for all suppliers who are not 3rd party registered.
E) I would say that within the scope of ISO 9001 and ISO/TS 16949 that exceptions or exclusions would only be in Product Realization.
F) I wasn't going to tackle this one, but here is my take: the SI gives the option for a second party audit process. So unless specified by your customers, your suppliers do not have to be 3rd party registered to ISO 9001. You can establish and implement a Second Party Audit system instead. If the supplier is not a 'specially designated small supplier' then your audit system is to bring the supplier to conformity with TS. While you can determine which requirements can be made an exception or excluded for those 'specially designated small suppliers.'

Just my take on the matter,
Doug

 

[ChuckHughes]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

Thanks to all who alerted me to this new interpretation

I take this view: In a worst case situation (i.e. vendor is critical to you, they are not certified, do not have an internal audit program and you don't know how they do things) the product you are buying is delivered without some of the safeguards that an internal audit program and periodic registrar visits may provide you. You are at greater risk without these activities and you have to mitigate this additional risk.

With that, you need to develop a program that defines a second party audit capability (who goes where, gets what type of auditor training, report formats, etc). More importantly you need to establish some kind of criteria for action if your auditors find out the vendor ignores customer complaints, maintains a vigorous "paint it black, ship it at night" program, exhibits no reasonable control over product inspection or other horrors:mg: .

I think the problem of how to set up a second party audit program is easier than having to decide what to do on the basis of audit reports. You have to determine what to do with the vendor from a business management standpoint.

 

[vanputten]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

I would assume that those that have questions on SI 5 have already read and understand ISO 17021 and ISO 19011 as references in the SI. I would also asssume that those with questions have taken the time to CRITICALLY read the SI.

Don't just skim over the SI and ask questions. Read all of the referenced documents. Then come back to the Cove with your position and questions on the SI, supported by ISO 17021 and ISO 19011.

Keep in mind that the drive for certainty in an uncertain world can cause confusion.

Regards,

Dirk

 

[Douglas E. Purdy]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

I would assume that those that have questions on SI 5 have already read and understand ISO 17021 and ISO 19011 as references in the SI. I would also asssume that those with questions have taken the time to CRITICALLY read the SI.

Don't just skim over the SI and ask questions. Read all of the referenced documents. Then come back to the Cove with your position and questions on the SI, supported by ISO 17021 and ISO 19011.

Keep in mind that the drive for certainty in an uncertain world can cause confusion.

Regards,

Dirk

I guess that shuts me up!

Regards,
Doug

 

[Helmut Jilling]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

Thanks to all who alerted me to this new interpretation

I take this view: In a worst case situation (i.e. vendor is critical to you, they are not certified, do not have an internal audit program and you don't know how they do things) the product you are buying is delivered without some of the safeguards that an internal audit program and periodic registrar visits may provide you. You are at greater risk without these activities and you have to mitigate this additional risk.

With that, you need to develop a program that defines a second party audit capability (who goes where, gets what type of auditor training, report formats, etc). More importantly you need to establish some kind of criteria for action if your auditors find out the vendor ignores customer complaints, maintains a vigorous "paint it black, ship it at night" program, exhibits no reasonable control over product inspection or other horrors:mg: .

I think the problem of how to set up a second party audit program is easier than having to decide what to do on the basis of audit reports. You have to determine what to do with the vendor from a business management standpoint.

Your statements and conclusions are pretty good. There are certain guidelines given in various documents, such as those Dirk referenced. Your inference is correct that just because a vendor is or is not certified does not guarantee their product will be good. But it is based on an assumption that if they have a system, it would give them a measure of standardization. Good incoming process control would still be needed.

 

[Helmut Jilling]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

It is clear from the SI that second party audits can be done on suppliers who have not got certified to ISO9001-2000. But there are some questions
a) Should the second party audits be done against ISO9001 or TS standard?
b) What happens to the non-conformities? Can we use same procedure as been followed for internal audits?
c) What is the time frame for closing these NC's?
d) Is prioritisation applicable for second party audits also?
e) For specialy designated small suppliers, what are the clauses or elements where waiver can be given?
f) Does this SI supercede or cancel the requirement of 7.4.1.2 where it says "unless otherwise specified by customer, suppliers of the organisation shall be third party registered to ISO9001-2000 by an accredited third party certification body".


Thanks,
Andy

Re: item F: SI's do not generally cancel, but clarify and modify the meaning of a requirement. Suppliers shall be registered to ISO 9001 and compliant to TS. There is a general 3 year period for you to develop them to that point. There are some that are too small, or limited, or where circumstances are such that they will not become certified. In those cases, the SI gives direction what can be done further. Not in place of the genral requirement.

 

[Helmut Jilling]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

Sidney or Anyone who wants to respond,

So they have done away with the Guideline in FAQs and the associated four steps. Now all we have is the "first step" as stated in this Sanctioned Interpretation. It appears to me that I do not have any direction in complying with the requirement, "The organization shall perform supplier quality management system development with the goal of supplier conformity with this Technical Specification," if my suppliers are already 3rd party registered to ISO 9001. Am I reading this correctly?

(See also ISO 17021:2006), Section 9.

What kind of a sentence is this? So if we now have to perform 2nd party audits to comply with 7.4.1.2 we have to buy another standard in order to be compliant with TS?

Impressive!
Doug

If your supplier is already 3rd party registered, and compliant to TS, and performing well, then your "development" of that supplier is complete. If those 3 conditions are not met, then the intent of supplier development has not been met, and your "development" should continue.

ISO 17021 is a relatively new docuemnt attempting to help clarify some of the expected rules. You are a big boy, in a big industry. Sometimes we have to buy a new book or two... It comes with the territory?

 

[Helmut Jilling]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

Before my head explodes:
If my customer has already waived the requirement for third-party ISO9001 registration, do I need to go back and get them to waive 2nd party audits as well?

I have a dozen suppliers of custom components that I consider small. They ship me less than 1,000 parts per year that end up in an automotive application. The burden of 2nd party auditing them and generating enough records to satisfy my DNV auditor is not justified based on the quality & quantity delivered.

On the up side - lacking a customer waiver - this allows a way for people to use suppliers that will never ISO9001 register, without running afoul of 7.4.1.2.

Icy, I don't have anything definitive to cite, and maybe we need a little more info. But as an auditor, I would be inclined to take a customer waiver of 3rd party registration to cover that particular 7.4 requirement as well. I would thin that was the intent of the waiver. Don't see why not. But, remember, you would need that waiver from all the customers who would be affected by that vendor's product.

 

[Andrews]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

I do not have ISO 17021:2006 and ISO 19011:2002 standards. Can some one tell me what this standard mentions with regard to second party audit planning, supplier readiness and supplier performance, and management of the audit program, the audit activities and the competence of the auditors.

Thanks

 

[ChuckHughes]

Re: SI 5 06 - ISO/TS 169494:2002 7.4.1.2 Supplier quality management system developme

I do not have ISO 17021:2006 and ISO 19011:2002 standards. Can some one tell me what this standard mentions with regard to second party audit planning, supplier readiness and supplier performance, and management of the audit program, the audit activities and the competence of the auditors.

Thanks

This discussion has motivated me to purchase the new 17021. Hardly an opportunity purchase....not like a new tool...

Both documents are focused on development and maintenance of a creditable audit program. The only area that I see may have some additional value to this discussion is Section 4.2 of 17021 that deals with Impartiality. 17021 is written for Certification Bodies and issues of ownership/partnership or other business relationships that may jeopardize impartiality are discussed here. I think this may also be an issue with 2nd party audits of suppliers with whom the organization has some arrangement of mutual benefit. Section 4.2 points out four areas called "threats to impartiality":

1. Self interest threats: Interests the client has in assessing the auditee as compliant [my words here and below, not 17021]. How about "spin off businesses"? My owner's cousin runs the company that supplies us with parts (See 4. Intimidation below)
2. Self review threats: Looking at your own work. Don't send an engineer to audit a vendor that builds parts according to your prints. Can I assign purchasing people, QC inspectors, Shipping and Receving people?
3. Familiarity: The vendor has bailed us out of many jams and we love them.
4. Intimidation: If the vendor audit report shows noncompliant areas, what will my registrar's anal-retentive auditor think about my status. Am I gaining another finding from my registrar everytime I write a nonconformance to my vendor?

Some food for thought in each of these.

It is still snowing.......