Using Customer Audits as part of the Internal Audit Plan for ISO9001

ScottK

Not out of the crisis
Leader
Super Moderator
#1
Lets say you are an ISO9001 registered company and supply companies that audit you regulary (drug, device, auto, aerospace, etc).

Let's also say times are very lean and you're failing to meet your internal audit plan because you are now doing the job of someone else who got laid off in addition to your own.

Is it possible to use these customer audits as part of said system, treating them as you would a consultant you might hire to do your internal audits?
Perhaps review the areas covered during these customer audits and then supplementing them to ensure all the processes you need to audit in a given time period are covered?

I'm just tyring to think out of the box. I'm not in such a situation, in fact I'm expanding my internal audit program, but looking at my upcoming customer audit schedule my whole QMS will be audited multiple times over in the next sic months by very qualified auditors.

I know it defeats the purpose of getting people inside the company involved but it does still contribute to continual improvement.
 
Elsmar Forum Sponsor
D
#2
Lets say you are an ISO9001 registered company and supply companies that audit you regulary (drug, device, auto, aerospace, etc).

Let's also say times are very lean and you're failing to meet your internal audit plan because you are now doing the job of someone else who got laid off in addition to your own.

Is it possible to use these customer audits as part of said system, treating them as you would a consultant you might hire to do your internal audits?
Perhaps review the areas covered during these customer audits and then supplementing them to ensure all the processes you need to audit in a given time period are covered?

I'm just tyring to think out of the box. I'm not in such a situation, in fact I'm expanding my internal audit program, but looking at my upcoming customer audit schedule my whole QMS will be audited multiple times over in the next sic months by very qualified auditors.

I know it defeats the purpose of getting people inside the company involved but it does still contribute to continual improvement.
I've asking myself the very same question. I do not have enough trained competent personal at the moment to satisfy my audit needs. However, as you mentioned, I receive many csutomer audits yearly. Thanks for the post.
 

Stijloor

Leader
Super Moderator
#3
Lets say you are an ISO9001 registered company and supply companies that audit you regulary (drug, device, auto, aerospace, etc).

Let's also say times are very lean and you're failing to meet your internal audit plan because you are now doing the job of someone else who got laid off in addition to your own.

Is it possible to use these customer audits as part of said system, treating them as you would a consultant you might hire to do your internal audits?
Perhaps review the areas covered during these customer audits and then supplementing them to ensure all the processes you need to audit in a given time period are covered?

I'm just trying to think out of the box. I'm not in such a situation, in fact I'm expanding my internal audit program, but looking at my upcoming customer audit schedule my whole QMS will be audited multiple times over in the next sic months by very qualified auditors.

I know it defeats the purpose of getting people inside the company involved but it does still contribute to continual improvement.
Scott,

If customer audits are fairly common at your organization, you should include these 2nd Party (Customer) audits in your internal audit procedure. Make sure that the audit reports, results, observations and nonconformities are duly reported, reviewed and corrective actions completed. When you tie all this in with Management Review (item "a" talks about audit results), then you have killed two birds with one stone. Customer audit scopes may be limited. So, at a regular basis, you determine what other processes remain to be audited, and include those in your (updated) audit schedule.

Stijloor.
 

ScottK

Not out of the crisis
Leader
Super Moderator
#4
I've asking myself the very same question. I do not have enough trained competent personal at the moment to satisfy my audit needs. However, as you mentioned, I receive many csutomer audits yearly. Thanks for the post.
I was just googling for guidances and don't see anything specifically regarding this.
I'm thiking that
A) define it well in a procedure how you go about using customer audit reports supplemented by your own to meet the requirements of 8.2.2
B) document customer findings in your CAPA system

you should be covered.

8.2.2 never says internal audits need to be performed by internal personnel

does anyone have the ISO definition of Internal Audit?
 

Randy

Super Moderator
#5
does anyone have the ISO definition of Internal Audit?
Yep...ISO 9000:2005

audit
systematic, independent and documented process (3.4.1) for obtaining audit evidence (3.9.4) and evaluating it objectively to determine the extent to which audit criteria (3.9.3) are fulfilled

NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization (3.3.1) itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity (3.6.1). In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.

NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers (3.3.5), or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations, such as those providing certification/registration of conformity to ISO 9001 or ISO 14001.

NOTE 3 When two or more management systems (3.2.2) are audited together, this is termed a combined audit.

NOTE 4 When two or more auditing organizations cooperate to audit a single auditee (3.9.8), this is termed a joint audit.


And lets not forget ISO 9001:2008, 8.2.2

8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality
management system
 

ScottK

Not out of the crisis
Leader
Super Moderator
#6
Isn't hiring a third party to conduct an internal audit on a org's behalf an accepted practice?
The organization has conducted the internal audit by hiring a temp, so to speak.

stretching that sentinment a little further we can do an internal audit of the 2nd party audit results and therefore have audited the areas the second party did. Why should we repeat all that work? Then we can hit the processes not covered with a true internal audit.

8.2.2 also says "taking into consideration the status and importance of the processes and areas to be audited"... if I have processes that have been audited multiple times already by a 2nd party - then I can bump those down the importance factor and focus on areas and processes not already covered.
 

Colin

Quite Involved in Discussions
#7
My view on this is that 2nd party audit results can be very helpful and should be considered as 1 of the inputs to management review but they should not be instead of your own internal audits.

In most systems, 2nd and 3rd party audits are largely checking conformance with the standard whilst internal audits tend to be more focused on checking for conformance with the procedures. This means that internal audits should get into more detail than external audits.
 

ScottK

Not out of the crisis
Leader
Super Moderator
#8
My view on this is that 2nd party audit results can be very helpful and should be considered as 1 of the inputs to management review but they should not be instead of your own internal audits.

In most systems, 2nd and 3rd party audits are largely checking conformance with the standard whilst internal audits tend to be more focused on checking for conformance with the procedures. This means that internal audits should get into more detail than external audits.
I find second party audits to be very thorough for the most part. Thorough as far as the areas they are checking... they certainly don't cover the entire standard.
But when you get audited on average once a month it'll hit nearly everything in the course of a year.
 

Randy

Super Moderator
#9
Here's the deal, whether or not an internal audit is performed by organic or external personnel isn't in question, it's the relationship the audit relative to the organization and the purpose (it's called objective) of the audit.

Are you seriously going to let a customer audit ALL of your system and organizational processes or only open your doors to information that is only relevant to them?

Are you seriously going to let your customer audit communications and other information that may be relevant to other your customers such as their individual specifications and maybe proprietary inforation which is only shared with you?:lmao: Gotta good lawyer?

Let customers audit each others stuff that you do for them:lol: That dog ain't gonna hunt as we say here.

Scott, Yes, you can use data (results) from your customer audits as part of the input into your internal audit, but not as your internal audit. Why? Mainly because you (your organization) have no ownership of their audit process which is an absolute for internal audits.
 

Stijloor

Leader
Super Moderator
#10
Here's the deal, whether or not an internal audit is performed by organic or external personnel isn't in question, it's the relationship the audit relative to the organization and the purpose (it's called objective) of the audit.

Are you seriously going to let a customer audit ALL of your system and organizational processes or only open your doors to information that is only relevant to them?

Are you seriously going to let your customer audit communications and other information that may be relevant to other your customers such as their individual specifications and maybe proprietary information which is only shared with you?:lmao: Gotta good lawyer?

Let customers audit each others stuff that you do for them:lol: That dog ain't gonna hunt as we say here.

Scott, Yes, you can use data (results) from your customer audits as part of the input into your internal audit, but not as your internal audit. Why? Mainly because you (your organization) have no ownership of their audit process which is an absolute for internal audits.
I do not think that your concerns were part of Scott's question. I do not believe that it is the intent to have customer auditors come in and audit ALL processes and activities. But customer audits (just as in Scott's case) will happen and I believe that the audit results should be considered in the audit process. Nothing wrong with being pragmatic as long as the intent is clear that 2nd Party audits will not replace internal audits in its entirety.

Stijloor.
 
Thread starter Similar threads Forum Replies Date
G How to assess Customer Satisfaction without using surveys ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
R Customer using their own version of the AIAG PPAP Forms APQP and PPAP 5
E Using Customer Unit as Reference Standard General Measurement Device and Calibration Topics 14
A Marketing Survey Analysis of Customer Surveys using Minitab Using Minitab Software 1
J Using 3 Basics to find Position - Customer says to use the X, Y and Z Basics Inspection, Prints (Drawings), Testing, Sampling and Related Topics 16
Ajit Basrur Anyone using Net Promoter Scorecard (NPS) to Measure Customer Loyalty? Misc. Quality Assurance and Business Systems Related Topics 4
S Process Monitoring using SPC software Quality Assurance and Compliance Software Tools and Solutions 1
R Using Scrapped NC items for training Medical Device and FDA Regulations and Standards News 14
M What is the Risk of Using Obsolete Versions of C=0 & ANSI/ ASQ Z1.4 Sampling Plans? ISO 13485:2016 - Medical Device Quality Management Systems 8
F Using non-randomized clinical study for change in existing 510(k) device? US Food and Drug Administration (FDA) 1
J Using MD on a flight EU Medical Device Regulations 9
K Using Google Drive/Docs ISO 13485:2016 - Medical Device Quality Management Systems 16
J What risk to cover when NOT using ISO 17025 accredited/certified labs for calibration ISO 17025 related Discussions 3
T Poisson regression using Minitab Statistical Analysis Tools, Techniques and SPC 3
T Using NICE for guidance during CER CE Marking (Conformité Européene) / CB Scheme 0
T Using Review articles from Pubmed for CER CE Marking (Conformité Européene) / CB Scheme 8
Tagin Using a meme generator to poke fun at quality Funny Stuff - Jokes and Humour 2
D Finding Optimum Design Parameters using Taguchi method? Using Minitab Software 2
V MSA - Using a R&R study for a Tape Measure Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 19
D Using electronic lab notebooks in the design control process ISO 13485:2016 - Medical Device Quality Management Systems 3
M Using a Non Certified vendor Supplier Quality Assurance and other Supplier Issues 5
H Using/Selling power banks with your product as a "mobile version" CE Marking (Conformité Européene) / CB Scheme 3
cgaro62 Using internal audits as part of document reviews Document Control Systems, Procedures, Forms and Templates 21
R Select the 1 Supplier based on the Parts Durability from 6 Supplier Samples using Minitab Using Minitab Software 11
M MSA angle issue - Nylon parts using Aberlink 3D Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 0
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
J Using of CE marking - Two CE markings on the product CE Marking (Conformité Européene) / CB Scheme 5
R Using R package to implement Bayesian phase I/II dose-finding design for three outcomes ISO 13485:2016 - Medical Device Quality Management Systems 6
S Defibrillator Protection applicability When using Multiple applied parts IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
P Using Zinc Plated Steel in a Cleanroom Other Medical Device Related Standards 3
J Incoming Inspection Records using Excel File ISO 13485:2016 - Medical Device Quality Management Systems 2
J Using ring gauges General Measurement Device and Calibration Topics 2
M Load Cell Calibration using a totalizer on a flow meter General Measurement Device and Calibration Topics 0
P Can Neoprene be Cleaned Using Isopropyl Alcohol (IPA) Manufacturing and Related Processes 4
GreatNate Anyone using the Intellect QMS software? Quality Assurance and Compliance Software Tools and Solutions 1
chris1price Sterilization using beta radiation Other Medical Device Related Standards 2
M Using the phrase "herein referred to" Document Control Systems, Procedures, Forms and Templates 8
B Struggling with using the 5.6 version Ford Capacity Analysis Report APQP and PPAP 5
cnbrosa Study Type 1 on a CMM using a measuring support Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
rerusk1 MRB (Material Review Board) Process using MS Sharepoint or MS Teams Manufacturing and Related Processes 2
K 510k FDA review, will they accept Biocompatibility result generated using feasibility product lots? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
B AS9100D 7.1.5.2 Calibration or Verification Method using outside cal lab AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
U Medical Device CE Marking - Using a disposable bearing CE Marking (Conformité Européene) / CB Scheme 3
D Calibration tolerance question using Pipettes Medical Device and FDA Regulations and Standards News 3
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
W Using tailoring guidelines to tailor a QMS procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Y We found out we have been using a equipment without validation for past 4 years Quality Manager and Management Related Issues 6
D Using Laboratory Notebooks in R&D and Design and Development ISO 13485:2016 - Medical Device Quality Management Systems 3
C Importer shell game - Using a third party logistics provider (3PL) in the EU EU Medical Device Regulations 5
S Work performed in Canada on US patients using US device Canada Medical Device Regulations 1

Similar threads

Top Bottom