ISO 9001 Lead Auditor Training

MODULE 8 - Perspective On First, Second and Third Party Audits  

8.5 Second Party
A second party audit is carried out on a potential or current supplier by a purchasing organization, usually to use the audit result as part of the purchasing equation. This is just one method of conforming to clause 7.4.1 of ISO 9001.

ISO 9000 Training - Few companies, even in this age of quality enlightenment, decide to buy from another company on the basis of a quality audit alone. Many purchasers place orders despite, rather than because of, the results of quality audits on suppliers.
Purchasers must consider how much assurance is necessary to get for a particular product or on a particular project. A number of aspects will need consideration:
• Degree of standardization
• Quality history
• Ability to inspect the purchased product
• Complexity
• Uniqueness
• Consequences of product failures
• Special controls of the process, etc.

ISO 9001 Training - Upon consideration of these and other similar factors, a decision can be reached on the relative importance of the supplier having a fully conforming system. This should mean that even if a supplier had a very attractive price and delivery, they would not be given a contract where risk was involved because of the weaknesses in their Quality System.

The converse is also true. It should be the case that suppliers with good (proven) system should gain commercial advantages over their competitors. Most typically, the situations revealed from audits are of some intermediate state. Purchasers then write into their contracts the requirements designed to focus on the highlighted “weaknesses” – possibly through inspection or surveillance at the point where work is being carried out.

The described second party scenario is very typical of the way that quality assurance systems evolved and began to be introduced into the supply chain. Auditors representing the major purchasers were seen as very powerful by many of the (smaller) companies being audited.

If a supplier did not conform to specified requirements, then they could lose the business of that customer. From this situation developed the need for a very strict code of ethics practiced by the auditors.

The growth of second party audits demands a more standardized approach and the ISO 9001 scheme is designed to support audits of all types.

8.5.1 Process of a Second Party Audit
1. Purchaser considers purchasing
2. Sets up audit system
3. Considers risk
4. Decides to audit
5. Audit carried out
6. Audit reported
7. If outcome successful then,
8. Order placed
9. Level of control established
10. Rating
11. Follow-up.

8.6 Third Party
The third party ISO 9001 registration scheme is designed to reduce, and perhaps remove the need for, many second party audits, by providing a list of companies whose systems have been assessed as conforming. This assurance to potential customers means they might not have to audit the suppliers themselves if they can rely on the third party registration.

The auditee pays for the audit by employing a Registrar to audit them on a regular basis. The auditee (if successful) is entered into the Registrar’s “Register of Licensees” and is able to use that recognition in their marketing efforts. The purchaser may also use the “Register of Licensees” and possibly reduce their second party audits. The supplier may not have to undergo as many audits by their customers as they had previously.

ISO 9001 Auditor Training - The Registrar, in order to have its professionalism and integrity independently assessed, establishes a quality system comprising policy, organization, and procedures. The Registrar is assessed in the USA against these and other criteria by the RAB (Registrar Accreditation Board). If successful, it is given accredited status and recognition of this achievement is shown not only on the certificate given to the Registrar, but also on the certificates issued by the Registrar to its clients. The symbol of the accreditation body appears on the certificate issued by the Registrar to indicate it is accredited for the scope of the audit and its subsequent registration of the client.

The Registrar has to maintain its accreditation by conforming to, and developing as necessary, its own quality management system. One of the activities it must undertake to maintain the accreditation is first party auditing. The Registrar must look at its own policy, organization, and procedures to see whether they continue to be conforming; whether they are defined, put into practice, and are effective. 

"Understanding ISO 9001" provides a detailed explanation of each ISO 9001 clause (requirements).

ISO 9001 FAQ provides answers to commonly asked questions about the ISO 9000 family of quality management standards.