ISO 9001:2015 – Newsletter – Issue 134

Issue 134 – How do you handle Customer audits?

ISO 9001:2015…

How do you handle Customer audits?

I appreciate receiving emails with questions and/or comments from readers of this Newsletter… please continue to do so since it provides me with ideas on what these publications should cover.  In my last Newsletter (ISO 9001:2015 Newsletter Issue 133) we discussed the topic of  “How do you know if a document needs to be controlled?”, and now in this Newsletter we will discuss “How do you handle Customer audits?”.

The ISO 9001:2015 Element numbering…

Element 4 – Context of the organization
Element 5 – Leadership
Element 6 – Planning
Element 7 – Support
Element 8 – Operation
Element 9 – Performance evaluation
Element 10 – Improvement

Why do Customer’s conduct audits of their Suppliers?… Let me begin by saying that one of the reasons why the ISO 9001 Standard was published in the first place (back in 1987) was to reduce the number of Customer audits that a Supplier/Vendor had to endure.  The idea was that if you went ahead and certified your quality management system (QMS) to this International Standard then all you would have to do is send a copy of your ISO 9001 certificate to your Customer and that would be that.  Over the past many years (and decades) there has been a proliferation of industry-specific customization of the ISO 9001 Standard.   Examples would be ISO 13485 (medical devices), AS 9100 (aerospace) and IATF 16949 (automotive) to name just a few.  Why did this occur?  It was primarily due to the fact that these different industries saw that the ISO 9001 document was not specific or detailed enough for their contractual purposes.  Plus it hasn’t helped that ISO 9001 has become more and more vague over the decades.

Are you getting more audits by your Customers?… Why this even came up as a topic for our Newsletters is that a few of our Clients have expressed frustration with the increasing number of Customer audits they’ve had to handle over the last few years.  In the past, sending a copy of your ISO 9001 Certificate to your Customer once a year would suffice… then this evolved into filling out a simple 1 page questionnaire and then attaching a copy of your Certificate… then it became a more complex multi-page questionnaire (along with needing to reach a minimum score)… and now fast forward to today and some Suppliers are having to host a team of Customer auditors over 2 or 3 days.

I suspect the reason for this new approach by Customers is most likely due to the fact that a few of my Clients supply some of their products to the automotive industry.  The challenge is that these Customers are holding their Suppliers to a different quality Standard… they are using either IATF 16949 criteria, or VDA 6.3 requirements (European automotive criteria)… and both of these Standards have many, many more specific quality requirements than what is found in the ISO 9001:2015 Standard.

So let’s get back to the question in the title of this Newsletter?…  Something that I think Suppliers need to remember is to resist the urge to “agree” with whatever the Customer wants.  Be careful with “agreeing” to take corrective action on all items that the Customer’s auditors identified, which can itself cause a lot of effort and use of resources, and could still put you on a slippery slope because this likely won’t be the last audit you will receive from that Customer!

My first recommendation is to find somebody in your organization who will take a step back and do some math to make sure these Customers (that are asking for all of this extra effort) will actually commit to placing enough Orders to justify this added expense.

My second recommendation is to ONLY take “action” on any Customer audit findings that would have ALSO been raised during a regular ISO 9001 audit, which is the only Standard that you have agreed to be AUDITED to (…this should be viewed as a fair and justifiable response back to your Customer).

My last recommendation is to make sure you log any Customer audits into your audit tracking system that you currently use for both internal and external audits (…and if there are multiple findings from any one Customer audit, just make reference to an associated tracking spreadsheet instead of logging/entering each separate audit finding received from your Customer).