Q: I am a consultant and I have helped a dozen of companies receive certification to ISO 9001-2015: Quality management systems–Requirements. A recent client requested a specific registrar that is different than the one I have used before. That registrar states that per ANAB, the stage 1 audit must be conducted on site at the company being certified. My prior registrar claims that they do not know of this requirement. After a review of the documents and records sent to them, they conduct the stage 1 in a teleconference. Who is right?
A: No one can speak for ANAB and the requirements they have for certification bodies (CBs) for each standard except ANAB. For some standards, ANAB documents specifically state that stage 1 audits can be conducted on-site or remotely. However, in some cases, ANAB requires CBs to apply for accreditation to use Computer Assisted Auditing Techniques (CAAT).
I would recommend that a representative of the organization seeking certification formally ask for an explanation as to why remote auditing techniques cannot be used to conduct a stage 1 audit for conformity to ISO 9001:2015.
For more information about remote auditing techniques for internal and external audits you may want to consider reviewing material in the book eAuditing Fundamentals: Virtual Communication and Remote Auditing published by ASQ Quality Press.
ASQ Fellow, ASQ CQA
ASQ Quality Press Author
Member of the U.S. TAG to ISO/TC 176 on Quality Management and Quality Assurance
Quality WBT Center for Education/J.P. Russell and Associates
Find more about remote auditing on ASQ’s website.
Making Remote Work
10 Auditing Rules
Q: Our organization had its last external (third party) audit in December 2011 for ISO 9001:2008 — Quality management systems — Requirements. We planned to have our next audit the week of November 26, 2012, but the auditor has become ill and cannot come at that time.
Do we need to have our surveillance audit within one year of the last audit? I am considering rescheduling for the first quarter of 2013.
A: Thank you for contacting ASQ’s Ask the Experts. With regard to your inquiry, surveillance audits are usually conducted by most registrars on an annual basis. Your registrar has complete responsibility for ensuring the availability of their audit staff to conduct these audits as they are required.
In the event that no other auditors can be provided by your registrar, it would be their responsibility to ensure the audit is rescheduled to another mutually agreed upon date and, if necessary, extend your organization’s ISO 9001:2008 certification status as appropriate.
Your organization’s ability to maintain to an active QMS certification status should not be dependent upon the availability of the registrar’s auditor. I recommend that you contact your registrar to confirm the next date for your surveillance audit.
I hope this helps.
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
For more information on this topic, please visit ASQ’s website.
Q: During a quick review of a recently revised standard, ISO 19011:2011– Guidelines for auditing management systems, we noticed that it is shorter than ANSI/ISO/ASQ 19011S:2008.
Also, we are wondering why there are no references to auditing the requirements in ANSI/ISO/ASQ Q9001-2008 Quality management systems.
Could someone please address our concerns?
A: With the expansion in scope of ISO 19011:2011 to cover all management system audits, the intent of the ISO 19011 standard is to provide guidance that is applicable to every management system discipline – not just quality management system audits.
One of the problems with the more general scope of ISO 19011:2011 is that it less helpful for addressing specific issues – such as internal audits of an organization’s quality monitoring and measuring processes. This is why the ASC Z1-auditing subcommittee has initiated the process of developing supplemental guidance documents for internal audits and supply chain audits. If there are specific issues or questions that you are interested in, you can ask that it be included in this supplemental guidance document (email firstname.lastname@example.org).
As to the difference in length – with the U.S. adoption of ISO 19011:2011, the 2008 U.S. Supplement was made obsolete. What the Z1-auditing subcommittee is planning to do is to capture whatever guidance in that document is still important in the new supplemental guidance documents being drafted.
Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
For more on this topic, please visit ASQ’s website.
Q: What is the difference between the ISO 9001:2008 and ISO 19011:2011 literature on your web site? Please provide a detailed explanation and their use.
A: I can see where the confusion might arise, as the numbers are very similar! But the contents are quite different.
ISO 9001 Quality management systems–Requirements is the mother of all quality management systems. It lays out the minimal requirements for an acceptable way of managing your business for quality. In the beginning, it was developed as a requirements document to lay on your suppliers. Then it became the foundation for registration (other countries might call this certification) of your own management approach to quality. About a decade ago, various business sectors – aerospace, automotive, medical devices, laboratories, etc., all used the ISO 9001 document as the base for their specific approaches. They didn’t take anything away, but added additional requirements. By far, the greatest use today is for registration/certification. This is somewhat sad, in that the standard itself is a beautiful way of managing the resources within the enterprise. Registration can get quite bureaucratic and not worth the expense.
ISO 19011:2011 Guidelines for the auditing management systems is the international auditing standard (my specialty). It was first developed as a means to get all the various registration agencies around the world to do their audits in a consistent manner. It also had support from the multinational companies that had factories – and thus registrations – all around the world and often with different cultures. Norms in Canada are not the same as China! Unfortunately, this registration emphasis in the standard made it somewhat hard for internal auditors and supplier auditors to use it. Plus, there is no requirement to use the standard, other than within the registration industry.
For these reasons, the U.S. wrote a supplement for the 2002 version of this standard, giving guidance on how to use the principles for internal audits and small organizations [note: development is underway to offer similar supplements for the ISO 19011:2011 version — anticipated end of 2012/early 2013.]. ASQ is the only place to get this version, which includes the supplement, along with the base document. As this auditing standard was revised, it picked up environmental auditing and safety auditing in the scope.
The Audit Guy
Columbia Audit Resources