The following application article is part of a larger set of articles
published under the title ISO 9000 in Scientific
Computing as a special supplement to Scientific Computing & Automation
magazine.
Whether you plan to do a pre-assessment audit or just go for a full-blown
final audit depends on your level of preparation.
If you've done numerous internal audits and your registrar has visited your
facility, you may be able to by-pass the pre-assessment audit. However,
the general feeling is that the relatively low cost of a pre-assessment
audit provides added insurance that you are on track -- particularly because
many areas of the standard are open to interpretation -- and prevents the
discovery of unexpected major nonconformances during the final audit.
"The pre-assessment typically addresses each clause of the standard
at a reduced penetration level," explains James Davies, BSI. "It
should be done three months before the final assessment so that corrective
action can take place. We've found that 95% pass if a pre-assessment was
done."
Beckman's U.K. site didn't undergo a pre-assessment, but "we got a
few warning shots during the initial registrar visits and knew the registrar
valued internal audits," remarks Rob Ireland. "Every procedure
was audited three times before the final audit."
Many companies use the pre-assessment audit as a touchstone. "We chose
to do an early pre-assessment audit to ensure early in the process that
we were going in the right direction," states Marq Ransom, Waters Chromatography.
"If we missed something, we would have been in trouble later."
Preparing for an external audit involves three steps.
First, you need to schedule the audit. This sounds simplistic but with the
heavy demand ISO 9000 registrations, many registrars have lead times of
six months or more. Select a target date and stick with it, or you may have
difficulty rescheduling.
Second, submit your top level quality policy manual to your registrar for
a desk audit about a month before the site audit. "When we submitted
our Quality Policy," Ransom recalls, "our registrar wanted a higher
level of detail -- things that we had placed in the procedures. They also
wanted all level two manuals before the audits, which gave them the opportunity
to do their homework."
Third, prepare the guides who will accompany the auditors during the audit,
and prepare your employees for auditor questions. Typically, companies use
their internal auditors as guides. Guides should be knowledgeable about
ISO 9000, about the business, and about the scope. During audits, guides
should only interfere if the auditor moves out of the scope of the registration.
Hewlett Packard's Will Cowan advises on how to prepare staff. "Train
people on how to behave when the auditor is in the building. It's important
to realize that people are inclined to say too much. That's because auditors
keep asking questions to ensure that they get to the bottom of an issue.
But the auditor's questioning style leads people to think that they should
document processes that don't need to be documented. Therefore the guides
need to know when and how to say that to the auditors."
At Varian, Fred Klink explains that "in marketing, a kickoff meeting
was held to review procedures and tell people what to expect during the
audit. For R&D, however, we focused people on where to look things up.
Copying is not allowed at Varian so we let people know that it's OK not
to know the answer to an auditor's question so long as they knew where to
look it up. Above all, don't guess."
Bio-Rad's John Goetz summarizes with this checklist: "First, get everyone
prepared to describe what they're doing with confidence. In particular,
have them know the quality policy. Second, ensure an orderly, organized
production floor at all times, particularly in regards to labelling and
location. Finally, wrap up any corrective actions and document changes before
the audit."