Given that things are changing in the world of 3rd party conformity assessment .. and I have some time on my hands .. and because I need to make some remote study material available for some of my students to keep them ticking over, I’ll be putting together a few new posts. This post outlines the value of the Stage 1 Review in conformity assessment. Given that things are changing, temporarily you’d hope. it looks like an increasing number of these will be conducted remotely. In principle I have no issue with this, provided the integrity of the activity can be maintained, and it continues to be fit for purpose.
The Purpose of the Stage 1 Audit
The Stage 1 Audit is often referred to as the readiness review. Once a 2nd or 3rd party body has determined how many days will be appropriate for the audit, they will invariably set aside 1 day for this readiness review, and program in the remaining days usually a week or so later, but conditional on the outcome of the Stage 1 Review.
The possible outcomes are to either proceed as planned with the Stage 2 Audit, or delay. The choice should actually be an easy one. Any major nonconformances will lead to a delay, minor nonconformances won’t. Major nonconformances suggest major weaknesses, significant corrective action and usually a period of implementation and further accumulation of evidence of conformity (records). Not the sort of thing that can be corrected within a few days. Effectively the auditor is telling the auditee that it would be a bad idea to proceed as planned as the outcome right now would not be a good one, however delaying the Stage 2 Audit for some weeks could meet with a more favourable result.
You Can’t Look At Everything
Stage 1 Audits are short preliminery reviews of general readiness. You simply haven’t got time to look at everything or to examine records in any detail. You are merely determining that a deep dive won’t be a waste of time, and when you ask for certain things, the auditee will be able to produce something worth looking at. So the auditor has to be selective and identify the documents that are the main building blocks of the QMS (for example significant Planning documentation), and also to identify the records that give the best indicator of a fully implemeted PDCA based QMS.
So Which Records?
You can’t look at all records because you don’t have time, so you need to be selective and focus on the elements of the QMS that will be the best barometer of whether the system is implemented and working, so what would that be?
Well, thinking logically, the PDCA cycle is both sequential and iterative. So which quarter would give the best indicator the loop had been closed? Well, the LAST loop of course, which maps onto Sections 9 and 10 of the standard. These are the records you really need to see. If there is a good body of “Check-ACT” records, we have a closed loop.
And Onto The Plan
You don’t need a Plan to conduct a Stage 1 Audit. You are invariably working only with one person (the system manager) with whom you need an appointment, but as you aren’t moving around and disrupting any work activities, you don’t need a plan. Stage 2, however, will need a plan, so one of the additional tasks for the auditor whilst conducting the Stage 1 Audit, is to gather any and all significant practical and logistical issues that will affect the Stage 2 Audit Plan. The first thing I ask is how long is induction? If my team will be expected to watch a mind numbing 40 minute video about walkways, sirens, smoking and skips, I need to know, otherewise we’ll be one hour behind in our plan before we start work on day 1.
Many years ago, the old “Document Review”, where you’d be sent a load of hard copy documents in an envelope and you had to try to take a reading off the contents, it would be quite common for that readiness review to give a false positive. When you have boots on the ground and you can see things and people, clarify etc, its much more reliable. These days technology offers many additional ways to more reliably perform a readiness review without necessarily being “on site”, so I have no real issue with it.
Stage 2, on the other hand, where you need to establish conformity to all of your Section 7 and 8 requirements? Much, much less so …