- Whistleblower Hotline
- Request Quote
Welcome to The O-Forum! Read this first! Then, feel free to introduce yourself here! If you need immediate, real-time support for the Oxebridge ISO 9001 or AS9100 Template Kits, click here to join our Slack chat channel.
Something went down at IAQG and or ANAB, because a recent spate of nonconformities issued to AS9100 users shows that certification body auditors are hammering hard on the clauses related to purchase order (PO) flowdowns.
In only the past two months, Oxebridge clients have reported at least seven minor nonconformities — and one major (which is being disputed, so keep reading) — on sub-clauses related to either 8.2 or 8.4. Specifically, it appears that auditors have been instructed to focus on how the company reviews incoming customer POs (under clause 8.2) and then how they then flow down those customer requirements via outgoing POs (under clause 8.4.)
Some of these findings have been bogus, while others are totally valid. Let’s knock the bogus ones out first, though.
At least half of the findings issued to Oxebridge clients wrongly asserted that the company was obligated to flow down all the bullet list requirements from AS9100D clause 8.4.3 (a) through (m) on their outgoing purchase orders. This is untrue. A while back I filed a request for clarification on this point with IAQG and they have, in fact, updated their official clarifications document to assure that only the applicable bullets (a) through (m) are to be flowed down. The problem was caused by, natch, the ISO 9001 drafting team who left out the term “as applicable” in the latest edition, which acts as the backbone for the AS9100 text. But the official IAQG ruling is that bullets (a) through (m) are all “as applicable.” You would not, for example, flow down training requirements for staff if you are ordering parts from Grainger or Amazon.
So Oxebridge has been successful in getting a number of these minor NCRs thrown out because the auditors were improperly interpreting the standard. This included the major NCR I mentioned earlier, which was artificially elevated due to this kind of improper interpretation by the auditor.
But many of the findings are also valid. The scenario goes like this: your company receives a customer PO, and does a poor job of reviewing the requirements and fine-print “T’s and C’s” (terms and conditions.) Buried in there is a requirement to flow some of those requirements down to your suppliers. Having failed to review the incoming PO properly, you’re outgoing POs are then insufficient, too. The auditor need only compare the incoming customer PO vs. your outgoing supplier PO to catch this.
Again, some auditors are wrongly asserting that you have to flow down all customer requirements to all suppliers, which is crazy. You are allowed to apply some logic here. You’re not going to flow down the “conflict-free minerals” requirement if you’re buying paint from Sherwin-Williams, and you won’t flow down compliance to the Dodd-Frank Act to your calibration lab.
Where the auditors are right, however, is when you neglect to flow down the requirements that do matter. This may mean flowing down ITAR compliance, for example, to the plating house receiving your customer’s drawings.
Because CB auditors are suddenly raging on this issue, be sure you have implemented the following in some manner:
This will be a headache at first, but will quickly become routine after you have this well implemented for your repeat customers and repeat suppliers. But it’s critically important, since the POs are legal documents that dictate the requirements for the various parties. If you fail to deliver on a customer’s PO requirement, they can reject your product or, worse, sue you. If your supplier fails to deliver want you want, you can’t reject or sue if your PO didn’t have the proper language on it.
I’m not sure why CBs suddenly woke up to auditing this clause after how many decades, but they are awake, and you need to be ready.
This blog post was very interesting since of course like any mature company our purchase orders to suppliers are pages long attempting to incorporate every requirement needed and then some.
My worry and it while it good the IAQG has given clarification on 8.2 & 8.4 there are quite a few shall statements. In the past and I will continue I have been more then willing to engage an auditor, especially when they attempt to write a finding and there isn’t a corresponding requirement that can be used.
The shall scattered throughout those sections look to be something an auditor could hang their hat on, any comments or suggestions greatly appreciated and keep up the good work Chris.
Very good advice about Flowdowns. They are a Royal pain in the *&%# in many cases. I have seen what looks like a simple 1 page Purchase Order turn into four 3 inch thick ring binders by the time we followed the website and other related URLs. That in itself takes a long time to review, and even longer to implement if it is something outside the normal operations protocols.
Do I have your permission to cut and paste your 5 points into an internal document, as guidance?
Many thanks as usual for your astuteness and clarification.
I read this with great interest.
We are a small 2 man business that has been producing specialty equipment for the Military for over 30 years. Last June (2018) we received an order from a department we have never dealt with before.
Their Request for Quote, was unlike anything we had seen before, first thing that popped out was requiring a Quality Manual. We have never had one. All items we produce have been approved by the DOD.
Anyway, I researched the Quality Manual and finally came across this Oxebridge template. Which is excellent. Thank you.
However, I’m not sure how this flow down will actually affect us. This particular item has been purchased for years by all departments of the Forces. Meaning all our procedures and processes have not changed, except for improvements. Normally we just receive an order for a quantity of part number (whatever) we fill it and ship it. Our prices are fixed and the government orders what they want from our website. Everything meets their requirements for standards and specifications, with this exception on this order wanting the quality manual. We are not required to be certified either.
Do you have any advice for us?
If all they require is a quality manual, then generating a quick one from the template is probably sufficient. They just want to check the box that you have a QMS.
Things will get dicey if they decide to come audit your QMS. Then you’ll have some lifting to do. But if they only want a manual, just give them a manual.