1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Surveillance Audit

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Bill_jvrsshurricane, Feb 20, 2019.

  1. Bill_jvrsshurricane

    Bill_jvrsshurricane New Member

    Joined:
    Nov 6, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I am brand new to this process when it comes to being the one responsible for the QMS, etc. Last year we did all of our internal audits in February, the management review in early March and then the surveillance audit was done in late March. This year, our surveillance audit is in late March again. Does my management review and internal audits need to be done prior to the surveillance audit? I made up a schedule where the audits were to be done throughout the year, February through November so that we weren't rushing to get them done. Again, I am brand new to this and in need of some serious guidance. I appreciate any and all help on this. P.S. I was supposed to learn this over a period of 3 years but my boss found another job late last year and I am learning things as I go.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Welcome!

    Firstly, what does your own QMS say about when you schedule these activities? If it's "one a year" minimum, then, yes, you'll be expected to do them once a year - to avoid an NC from your Certification Body.

    Secondly, ISO 9001 doesn't say WHEN to do them, just that they should be planned. Management Review should be "fitted" to your business P. D. C. A. cycle, since much of what goes on in Management Review is also about PDCA...

    Internal audits should NOT be done to just to some (arbitrary calendar) and there are good clues to when audits should be conducted: Based on importance (what are YOUR important processes?) and changes. Not all things need to be audited to the same frequency...
     
  3. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    You're fine if you doing them throughout the year. But you should have multiple management reviews as well. I would imaging the auditor would want to check what's been done between the last audit and the current audit. So having some activity during that time is probably beneficial.
     
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Really? Does that meet ISO 9001:2015 requirements? Choosing to audit something "just because" isn't compliant with the requirements. Selecting an (arbitrary) schedule/calendar just to show audits were done, might fool a CB auditor, but is a complete waste of time and, worse, delays management's understanding of why they are necessary, beyond "ISO-Says-So"...
     
  5. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    You're reading way too much into the response. OP was asking if they needed to be done before the surveillance audit. The answer was no, throughout the year is fine. The question and answer had nothing to do with how, when, why they scheduled.
     
    Bill_jvrsshurricane likes this.
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Without reference to what the OP's QMS states, or even the CB contract, it's not appropriate - in my experience - to give a simple yes/no answer, or to reply to them with "do them through the year", without regard to those other criteria. Did I read too much into it? No. I was merely bringing to attention the differences to be considered, since the OP is new and undoubtedly wants to avoid a) a nonconformity and b) the fullest answer as to how to move forward, when scheduling audits.
     
    Bill_jvrsshurricane likes this.
  7. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Based on ISO/IEC 17021-1:2015 (requirements for CBs):
    Objective of Stage 1 includes: "evaluate if the internal audits and management reviews are being planned and performed...";
    Stage 2 audit will include: "internal auditing and management review";
    Surveillance audit shall include: "internal audits and management review"

    So, if your internal audit and management review are "arbitrarily" set once a year, then the answer would be Yes.
     
  8. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    This is a better approach than once a year. Same can be applied to your management reviews.
     
  9. Bill_jvrsshurricane

    Bill_jvrsshurricane New Member

    Joined:
    Nov 6, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Ok, thanks everyone for the replies. I am reviewing our QMS now to see how what it says specifically about internal audits. I am going to have a management review next week and it will entail a follow up on the findings and actions taken to correct the findings and also a follow up on the nonconformances found in the last surveillance audit.
     
  10. Bill_jvrsshurricane

    Bill_jvrsshurricane New Member

    Joined:
    Nov 6, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Our QMS states that the frequency of measures (internal audits, KPM, and QMS metrics) is once per calendar year minimum. This is my current Management Review outline:

    AGENDA


    a) the status of actions from previous management reviews;

    b) changes in external and internal issues that are relevant to the quality management system;

    1) SWOT Presentation

    c) information on the performance and effectiveness of the quality management system, including trends in:

    1) customer satisfaction and feedback from relevant interested parties;

    2) the extent to which quality objectives have been met;

    3) process performance and conformity of products and services;

    4) nonconformities and corrective actions;

    5) monitoring and measurement results; Metrics Presentation

    6) audit schedule for 2019;(normally it would be audit findings)

    7) the performance of external providers;

    d) the adequacy of resources;

    e) the effectiveness of actions taken to address risks and opportunities

    for improvement. Discussion
     
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    The frequency of "measures"? Bill, this looks like an "ISO-In-a-Can" type of text. Measurement and monitoring of product and process aren't done even close to annually as a minimum (or anything else), neither are internal audits or management reviews. If your management waited a whole 12 months to measure something, you'd be bankrupt very shortly...

    You might, as part of your new-found responsibility, get to understand what you've inherited and just how far it misses the ISO 9001 "mark"...
     
    Last edited: Feb 25, 2019
  12. Bill_jvrsshurricane

    Bill_jvrsshurricane New Member

    Joined:
    Nov 6, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    This is my nightmare. If you only knew half of what I inherited. We don't even have an ERP system. Crazy right? But we are growing. Time to fix things now the proper way instead of the band-aid approach. Wish me luck. lol
     
  13. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good day @Bill_jvrsshurricane ;

    @Andy Nichols is spot on. I would assume that your organization already has meetings each day, week, month, etc..., which (in aggregate) likely cover all the required inputs of a management review. Be sure the required outputs are occurring and that there are the required evidence of these "management reviews" and use what you are already doing. Nothing worse (or ineffective) than being drug into a once a year pizza eating re-hash marathon of the year in review. And of course by then it's too late to take any actions.

    Hope this helps.

    Be well.
     
    Ellie likes this.
  14. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    That assumes life is static. Is Management review ever "complete?" Audits are an input to management review and are also ongoing. I can have a management review today that considers today's available inputs. I can have one next week, or next month, or whenever, that considers the inputs available at that time. Am I really subject to a major if it is not "complete."
     
    tony s likes this.
  15. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    What do we mean by a Complete Internal Audit? That must be included in a Management Review? You can have staggered audits and their results can be included in staggered management reviews. Both clauses 9.2 and 9.3 mentioned "planned intervals" and you don't need to audit everything every interval. Refer to the statements of ISO 9002:2016 below:

    Section 9.2.1: "While the organization should always try to ensure that its quality management system complies with all the applicable requirements of ISO 9001, there is no requirement for every clause of ISO 9001, or process in the quality management system, to be evaluated during every audit".

    Section 9.3.1: "Management review should be conducted at planned intervals; this could be daily, weekly, monthly, quarterly, semi‐annually or annually... It is not required that all the inputs to management review be addressed at one time, but instead they may be addressed during sequenced management reviews"
     
  16. Graham Thorpe

    Graham Thorpe Member

    Joined:
    Feb 2, 2019
    Messages:
    30
    Likes Received:
    12
    Trophy Points:
    7
    Location:
    Milton Keynes, UK
    So if I write an audit plan that covers all aspects of the system and that plan initially takes a year to complete I need to have done the cycle before assessment?
     
  17. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    The last time I checked ISO/IEC 17021-1:2015, particularly in sections 9.3.1.2.2, 9.3.1.3 and 9.6.2.2, I posted this above:
    I haven't read yet from any ISO standard that you have to complete first the audit plan before the CB audit. But if you signed with a CB who specify that requirement in the contract/agreement, then you are contractually bound to fulfill it.
     
  18. Graham Thorpe

    Graham Thorpe Member

    Joined:
    Feb 2, 2019
    Messages:
    30
    Likes Received:
    12
    Trophy Points:
    7
    Location:
    Milton Keynes, UK
    Thanks Tony,
    I never thought about it from the aspect of a contract with the CB.
    I am lucky as the first process up and running is MR so that will have a long history when we go for certification. I have not worked out our IA plan yet its not going to be like a regular set in stone cycle. We plan to risk assess our processes and base the IA plan on that and then adjust as we go along.
     
    tony s likes this.
  19. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    N
    No. Plus, you're not required to have a calendar of audits. Only biased CB auditors expect to see that.
     
  20. Graham Thorpe

    Graham Thorpe Member

    Joined:
    Feb 2, 2019
    Messages:
    30
    Likes Received:
    12
    Trophy Points:
    7
    Location:
    Milton Keynes, UK

    Thanks Andy,

    I still am on the road back and your comments, as are many on the forum, help loads. Sadly I now sit with a copy of the standard next to me to hone my thoughts.
    9.2.2 a) does suggest a 'calendar' but frequency is really the term. So it might be an audit of process X might only happen after event Y ?
     
    Andy Nichols likes this.