ISO 9001:2015 Exclusions

It's true that very few people know how to audit competency, but the standard does not define it in the same way as the organization does. Therefore, I venture to say that most auditors will satisfy themselves that the organization has recorded the employees having met their internally defined competency standards. Are you disappointed with the auditors for not declaring training records are nonconforming because a record of training does not in itself confirm competency? I have done that with forklift driver certification, but I assigned the NC to Legal and Other because the client did not know that hands on training is required to certify a forklift driver.

I can appreciate your clients are not happy with their audit experience, but I must recognize the auditors were not there to defend themselves and I have to wonder how well the clients understand the requirement they complain about. I also wonder if they disputed the corrective actions that were frivolous, and the outcomes of the disputes?

I can imagine getting bogged down in the word "and", especially if the client thinks the standard is saying "and/or."

Andy, how long ago were you a CB LA/supervisor? And when, and for how many years were you a CB auditor? Or, how long ago and how many 3rd party audits did you lead?

 

There's no need to "defend" anything. The job's a relatively simple one. Clients come to me fully understanding the requirement. ISO 9001:2008 isn't rocket science. Competency is simple to audit: "How have you defined the skills and knowledge which need to be demonstrated?" "Did you determine anyone wasn't competent?" "Did you take any action to bring them to competency?" Diving into records (only) isn't a reasonable audit of that requirement.

With the word "and" there's nothing to debate. Nothing to do with the standard, it's what the client defined. And what is any auditor doing debating one word for heaven's sake? They've lost all credibility.

After 30 years of 3rd party certification, this isn't any improvement of any kind.

 

The fact is we do employ people who cannot demonstrate the required skills! Things change and when you understand the 4 phases of adult learning, it becomes apparent that skills people had in the past, don't necessarily keep them competent today. Trust me, this is something my clients discover every day. To believe anything else is dangerous...

 

Engineers who cannot complete a P/DFMEA correctly. They don't link the Process Flow to the FMEA to the Control Plan and to Instructions. Need I go on?

 

1) Are the documents structured to facilitate these information links? That is, a bunch of blanks that engineers did not fill in?

2) Is there clear process definition that directs links from process flow to FMEA to Control Plan to instructions?

3) Did the engineer receive training or direction on the requirements to establish links from process flow to FMEA to Control Plan to instructions?

A good auditor will look at the process and determine the correct clause to issue a nonconformity to. Competency should be last on the list, not first:

If #1 is no, it is a process issue.
If #2 is no, it is a process issue.
If #3 is no, it is a knowledge management issue.

Only after process is addressed should we look to human shortcomings. That said, organizations do need to define competency. You didn't describe how it was clear they didn't do that.