On several occasions while conducting a third-party surveillance audit, I’ve gotten the following query--or a variation thereof: “One of our customers called us last week and wants to come in to do an audit in three weeks. Why can’t they just accept the results of the audit that you’re doing? After all, they’re auditing us to the same requirements. Isn’t registration to ISO 9001 supposed to stop these multiple customer audits?”
It does seem to be a dreadful waste of time. When any auditor comes in, there’s the need to have staff available for interviews. There’s at least one individual--usually the quality manager--who loses one or more days escorting the auditor throughout the facility. Schedules are disrupted; important tasks get sidelined.
On top of that wasted time is the frustration that comes from the not unreasonable anticipation that the ISO 9001 certificate should negate the need for all these additional audits. It’s an undeniable fact that part of the intent of conformity assessment is to ensure parity among subscribers to an identified standard. Registration to ISO 9001, or a comparable sector-specific quality management system (QMS), is intended to signify adherence to an impeccable level of quality. The logical conclusion would of course be that if there’s parity, there should be no need for additional assessment.
So the answer to the client’s question is, “Yes, there is parity among organizations that are registered to ISO 9001 or any similar QMS standards model, but….”
The “but” comes into play because several factors complicate the situation. Many organizations have additional needs that exceed the scope of the typical QMS model--of which ISO 9001 is the most ubiquitous. For example, 80 percent of your customer base may have no need for electrostatic discharge precautions or sterilization processes, but you have two big customers for which those kinds of procedures are essential. You can still have a robust system that fulfills all the ISO requirements and still not satisfy your customers’ needs. Because the requirements aren’t within the scope of a generic QMS, the only way customers will know if you conform to their particular requirements is if they perform their own audits.
In other cases, your organization may have decided to branch out into new markets. The ISO 9001 registration that originally served the bulk of your existing customers at the time you first received your certification may not be adequate for some of the new clients you’re courting. They may consider your registration to be the minimum calling card to be in the running for a slot on their preferred supplier list. They could have a whole litany of additional requirements that are very specific to their market or product offerings.
Many customer requirements can appear to be extraordinary to smaller organizations with uncomplicated processes. Although some may relate to the actual product, others may relate to process control, record retention, confidentiality, or traceability. Herein are some of the requirements I’ve observed during the last few years.
• A biomedical company required the supplier of its packaging materials to have documented pest-control procedures.
• A manufacturer of sensitive phase-change products needed a temperature-controlled off-site storage facility.
• A medical device manufacturer required the maintenance of device-history records, with extensive traceability of all components.
This is just a sampling of customer requirements that aren’t specified in generic standards.
An audit gives customers an opportunity to assess your organization’s capability as well as explain to you any additional requirements. If they’re in a regulated industry, they might also save you some headaches by advising you of statutory requirements that accompany a contract with their organization.
Customer audits are a great opportunity for dialogue about expectations and deliverables. It gives both parties the chance to discuss what works well and what might need improvement.
Audits can be an opportunity for you to shine. Although an ISO 9001 certificate on the wall is a great communication of your commitment to quality, it’s still one step removed from the actual demonstration of your organization’s capability and sustainability.
Do customer audits take time? Yes. But, think of the “wow” moment when your customers see that you have a QMS that not only exceeds ISO 9001 requirements but is robust and agile enough to also meet theirs.
Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.
She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.
As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.
© 2023 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
