Audit Timeline

Employees, Training, Working, Learning, Duties, Tasks, DFSS, Innovation, Audit, Auditing

Question

What is the ASQ recommended time frame between an auditee receiving a final audit plan and the audit commencing at the auditee’s site?

Answers

From Charlie Cianfrani:

ASQ does not have a recommendation!

From George Hummel:

This is not an ASQ requirement.  A CB generally sends an audit schedule/plan three weeks before the audit.

From Jim Werner:

Typically, the final audit plan has been agreed to by both the auditor and the auditee and it includes the date(s) the audit is to take place. This means that the audit plan includes the audit schedule in one document.  There are many books written, with examples, on this topic.  The ASQ Audit Division is a good source.

For more on this topic, please visit ASQ’s website.

Is Certification Revocable?

Data review, data analysis, data migration

Question

If a company is ISO 9001: 2015 certified, is it revocable?

Answers

From Jim Werner:

A company can indeed have its certification revoked.  Being certified means the company has established a qualify management system that meets the requirements of ISO9001:2015.  The failure of the company to continue to meet those requirements can result in de-certification.

From George Hummel:

Most CBs will revoke a certificate if the client does not answer an audit non-conformance.  Their contract may define other instances.  The questioner should review his or her organization’s contract.

From Charles Cianfrani:

Certified companies receive surveillance audits periodically. If the company fails to maintain compliance with ISO 9001:2015 requirements, eventually (after a series of intermediary steps related to resolution of nonconformity have been unsatisfactorily pursued) their certification can be voided.

For more on this topic, please visit ASQ’s website.

Clauses vs. Elements in ISO Standards

Training, completed training, competance

Question

What, if any, is the difference between the words “clause” and “element” in ISO standards?
Specifically, “customer shall conduct an internal audit addressing all elements of the management system.”  And, at what level is this in the standard, eg, 4 or 4.1 or 4.2.1

Answer

1) The difference between the words “clause” and “element” in ISO standards? – No difference.

2) “Customer shall conduct an internal audit addressing all elements of the management system”. –  Customers do not perform internal audits on suppliers.  If this person means that  customer requires a full QMS audit, so does the standard.  “All elements” probably means all QMS processes.

3) At what level is this in the standard, eg, 4 or 4.1 or 4.2.1 – 4 is the clause/element; 4.1.& 4.2 are “sub-clauses”

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
http://www.globalcert-usa.com/
Dayton, OH

For more on this topic, please visit ASQ’s website.

ISO 9001: 2015 Design and Development Clause

Prepare for ISO 9001: 2015

Question

We are service providers in NDT and inspection field. I want to know how to implement the design and development clause from ISO 9001: 2015.

Answer

There are two ways to approach this:

One is to use the process developed in ISO 9001:2008, 7.1 where you probably have a “quality plan” for the execution of the service delivery (ISO 9001:2015, 8.1).

The second approach is to design the process itself (ISO 9001:2015, 8.3).  That involves these activities:

INPUT
• Development of a design plan
Who will do what when with what?
Necessary control points
• Identification of customer requirements as inputs, along with inputs from similar previous service offerings
• Identify any special service characteristics, such as safety issues, regulatory compliance
Consequences of failure
• Identify products/services to be purchased/outsourced
THROUGHPUT
• Documentation of these inputs
• Preparation of an output in a format appropriate to the organization
OUTPUT
• A comparison of the outputs with the input requirements and an approval, if required
Outputs should include process monitoring and measuring requirements
• Outputs can include verification, design review and validation*
• A mechanism to handle process design changes

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
http://www.globalcert-usa.com/
Dayton, OH

For more information on this topic, please visit ASQ’s website.

ISO 9001 Electronic Records

Reviewing confidential files, training records, human resources files
Q: I have a few questions about employee training records.  My company is certified to ISO 9001:2008 Quality management systems–Requirements, and we are considering transitioning to electronic records. However, we don’t know what the requirements are from an ISO perspective. Specifically, we want to know:1. Do we need to retain hardcopy originals, or can we just keep the scanned electronic copies?

2. Does a record need to be in each individual’s file, or can there be a spreadsheet, cross reference-type matrix?

3. How long do they need to be retained?

4. Are there different requirements for environmental and safety type training records?

A: Thank you for contacting the ASQ Ask the Experts Program. Responses to your specific inquiries follow:

1.You may retain records in any format or media you desire.  You do not need both hardcopy and electronic.

2. You may use a spreadsheet matrix.

3. Retention times are your determination. Consult with the corporate attorney as to any requirements from the U.S. Equal Employment Opportunity Commission to protect yourself if there is a lawsuit (assuming your organization is located in the United States).

4. Check with the U.S. Occupational Safety and Health Administration (OSHA) and the U.S. Environmental Protection Agency (EPA) regarding requirements for these records.  These are outside the scope of ISO 9001.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

For more on this topic, please visit ASQ’s website.

ISO 9001 Statutory and Regulatory Requirements

About ASQ's Ask the Standards Expert program and blog

Q: I manage the quality management program at my company according to ISO 9001:2008 — Quality management systems –Requirements.  I was hoping to find some assistance in the area of statutory and regulatory requirements.  Can you provide me with some help in regards to what this means in terms of the standard?

A: Statutory and regulatory requirements are product related.  They may be federal, state or local.  They would depend upon your industrial classification.  Once you have that, you can cross check the classification with the Code of Federal Regulations (CFR).  Since the CFR are subject to change, someone in your organization should be charged with the responsibility for researching updates (there are organizations that provide this service). As far as international is concerned, the country of destination would need to be researched.  Often, a customs broker can be of assistance here.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner, Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

For more on this topic, please visit ASQ’s website.

ISO 9001 Second-Party Audits and Confidential Information

Reviewing confidential files, training records, human resources files

Q: I am auditing contractors involved in a huge project of ours, and from time to time when I ask for information (risk register, management review meetings, etc.), they say it is confidential.

Where is the limit for confidentiality and how I should deal with it? Actually, it seems like the contractor is using it as a trick.

A: What is not clear from your question is the contractual arrangements you have with your suppliers.  If the contract has a confidentiality clause and calls for second party audits, there is no excuse for withholding information.   ISO 9001:2008 — Quality management systems –Requirements does not address confidentiality.  That is best addressed in the specific arrangements between supplier and customer.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

For more on this topic, please visit ASQ’s website.