Standards

I have had the opportunity to have been through 2, with sister companies.

My first experience (Nov 2017) was that our auditing body did a thorough job. The first company was fairly large, so they had 3 auditors there for 3 days. They spent an average of 2 hours per department. They went through documentation and the auditor that I was assigned to shadow walked through processes. By the end, we had a few minor findings, but all in all, I felt that they were satisfied and that we had grasped the 2015 standard. (the most interesting concept to grasp there was the Top Management accountability- before they were used to being accountable  up the ladder, but with the new standard they were also accountable down the ladder as well.)

With the second audit (June 2018), it was with a much smaller company. We had 1 auditor there for 1.5 days. He gave it a quick areal view of our processes, gave us some advice (byo of OFI's and Observations) and rushed to the next company. Our most interesting concept to grasp was RISK. This small business runs like a small town, change is not easy to come by. When I bring up risk, I get pushback of over or under exaggeration. Many have the mindset of "it hasn't happened, so it won't happen". One of the Auditor's comments was that the ISO does not give levels of risk (that was a concept brought over from the first sister company). we had rated our risks and we had short worded sentences on what we were doing to address that risk. What we were not doing was seriously considering those low rated risks... we were more or less "accepting" those medium risks (which is why it was an Observation).

I am interested in hearing from those who have completed the transition to ISO 9001:2015. Were you surprised by anything that occurred during the audit?  Do you believe you were well-prepared for the audit? Did you have any problems interpreting the new sections of the standard correctly? I ask the questions as a recent auditee. Thank you. 

Expected to complete our transition this August.

Some new aspects of ISO 9001:2015 I thought I would share my view on,

1) Context of organization is a welcome addition where one could attempt to capture the situation the business is currently in, and drive some of the initiatives that could be looked at during audits for improvement

2) Actions for risks is another pro-active measure, capturing the essence of preventive steps, could already be existing if companies are used to FMEA developments. Nonetheless, one could start with critical tasks/improvements from historic data of customer complaints, in-process failures, etc

3) Vendor evaluation for services including areas like calibrating agency services, outsourced process services could make the effort bit more, but prioritising what one would like to first start upon rather than full list of service providers may not be entirely looked down by auditors.


Cheers

It's been almost a year since our transition audit. We passed without any issues, though I was more nervous than I probably should have been. Our first Quality Manager retired about four months before the audit and I threw me for a loop!


I like ISO 9001:2015 better because it is far less a manufacturing standard than its predecessor. The risk requirements work a lot better for us than the preventive action requirement did. I think our auditor was still a little uncomfortable auditing to the new standard, though. It must be hard when there is significantly less documentation!

My biggest impression with the experience was that the external body seemed a bit overwhelmed with the new requirements and they kept them at a very high (aerial view) level and let them verify that we has processes compliant to the standard, but kept them away from following audit trails as deeply as I'm used to.  I'm hoping that subsequent surveillance audits dig a little deeper and provide some more robust value add.