|
- UID
- 21662
- 积分
- 45447
- 积极性
- 81
- 来自
- 上海
- 在线时间
- 2497 小时
- 注册时间
- 2007-10-14
|
18#
发表于 2008-10-11 20:00
| 只看该作者
我下面把1#帖子翻译的国际标准化组织审核实践小组的原文摘录如下,供参考:
International Organization for Standardization International Accreditation Forum
Date: 10 February 2005
ISO 9001 Auditing Practices Group
Guidance on: Documenting a Nonconformity
The focus of any management system audit is to determine if the management system has been developed, is effectively implemented, and is being maintained. An organization becomes registered/certified on the basis that it has effectively implemented a management system that conforms to the requirements of ISO 9001: 2000. So, the emphasis of a management system audit should be on verifying conformity, not on documenting nonconformities.
Auditors should maintain a positive approach and look for the facts, not faults. However, when the audit evidence determines that there is a nonconformity, then it is important that the nonconformity is documented correctly.
What is a nonconformity? According to the definition in ISO 9000: 2000 (3.6.2), a nonconformity is "non-fulfillment of a requirement".
There are three parts to a well-documented nonconformity:
• the audit evidence to support auditor findings;
• a record of the requirement against which the nonconformity is detected;
• the statement of nonconformity.
While all of these need to be addressed, in actual practice, it is the audit evidence that is the first part to be identified and documented. This is because a competent auditor will observe situations that he or she “feels” may be a potential nonconformity during an audit, even though he or she may not be 100 percent certain at that point in time. The competent auditor will then document the audit evidence for the potential nonconformity in his/her audit notes, before pursuing additional audit trails, in order to confirm if it actually is a nonconformity.
If there is no audit evidence – there is no nonconformity. If there is evidence – it must be documented as a nonconformity, instead of being softened with another classification (e.g. “observations”, “opportunities for improvement”, “recommendations”, etc.). In the longer term, neither the organization, its customers, nor the CRB benefit by the use of softer classifications, as this risks the nonconformity being given a lower priority for corrective action.
The audit evidence should be documented and be sufficiently detailed, to enable the audited organization to find and confirm exactly what the auditor observed.
The next step the auditor will need to take is to identify and record the specific requirement that is not being met. Remember, a nonconformity is non-fulfillment of a requirement, so if the auditor cannot identify a requirement, then the auditor cannot raise a nonconformity.
Requirements can come from many sources; for example, they may be specified in ISO 9001: 2000, in the organization’s management system (internal requirements), in applicable regulations, or by the organization’s customer. Once the nonconformity against a specific requirement is confirmed, this needs to be documented. The record may be something as simple as a reference to the standard and relevant clause.
(Note; ISO 9001 contains clauses that include more than one requirement. It is important that the auditor identifies and records the specific requirement relating to the nonconformity clearly, for example, by writing-out the exact text of the requirement from the standard that is applicable to the audit evidence. This may also apply to other sources of requirements.)
The final (and most important) part of documenting a nonconformity is the writing of a statement of nonconformity. The statement of nonconformity drives the cause analysis, correction and corrective action by the organization, so it needs to be precise.
The statement of nonconformity should:
• be self-explanatory and be related to the system issue
• be unambiguous, linguistically correct, and as concise as possible
• not be a restatement of the audit evidence, or be used in lieu of audit evidence.
To summarize, a well-documented nonconformity will have three parts:
• the audit evidence,
• the requirement, and
• the statement of the nonconformity.
If all three parts of the nonconformity are well documented, the auditee, or any other knowledgeable person, will be able to read and understand the nonconformity. This will also serve as a useful record for future reference.
In order to provide traceability, facilitate progress reviews, and evidence of completion of corrective actions, it is essential that nonconformities are recorded and documented in a systematic manner. A simple way of achieving this is through the use of a Nonconformity Report (NCR) form. Please see annex A below, for an example of such a form.
Annex A – Example of a Nonconformity Report (NCR) form
NCR # Client: File No
Function/Area/Process:
Site:
Std. and Clause No(s):
Section 1- Details of non-conformity:
Description
Auditor : Auditee representative acknowledgement:
Category:
Date:
Section 2- Auditee Proposed Action Plan
(Attach separate sheet if required)
Root Cause analysis (how/why did this happen?):
Correction (fix now) with completion dates:
Corrective Action (to prevent recurrence) with completion dates:
“Auditor” review and acceptance of Corrective Action Plan:
Auditee representative: Date:
Section 3- Details of “Auditor” verification of Auditee implementation of action plan
Section 4- NCR closed out by “Auditor” on (date):
“Auditor” Team Leader name: |
|
