Q&A - Audits

The Contact Us function at the top of every page on the tl9000.org and questforum.org websites is the preferred means for asking questions and receiving answers from the subject matter experts of the QuEST Forum. Over the last few years many questions have been answered through this means. The number of each question is the ticket number in the Contact Us tracking system.

These questions generally relate to TL 9000 pre-certification issues and TL 9000 certification audits.

Question 12919 — Can you provide me with an audit or compliance checklist for TL 9000?

Answer — There is no audit or compliance checklist available from the QuEST Forum. You will need to consult the TL 9000 Requirements and Measurements handbooks for information about being TL 9000 certified and work with your consultant and/or Certification Body on the documentation required.

Question 10696 — Suppose an organization has a staff of 320 people and has an ISO 9001 registration with Certification Body A. They have 30 people working on a telecom product for a customer who requires them to have a TL 9000 certification. They wish to proceed with TL 9000 certification with Certification Body B for the TL 9000 only.

Q1: What are the man-day requirements?
Q2: Does Certification Body B have to repeat all of the ISO 9000 requirements if Certification Body A has a recognized accreditation for the ISO 9001 certification.
Q3: Is it OK to just have TL 9000 certification for this 1 product for this 1 customer covering only the 30 people involved.

Answer — Question 1: Man day requirements are defined by IAF MD5 and QuEST Forum “TL 9000 Auditor Time” at http://www.tl9000.org/abcb/documents/TL_9000_Auditor_Time_R4.pdf .
Question 2: Yes
Question 3: Yes

Question 11229 — I have been asked if integrated audits can be done for TL 9000 and ISO 14001. An integrated audit is one where common clauses, in this case between ISO 9001 and 14001, would only need be audited once. If this is permitted, what is the maximum amount of credit that can be claimed for such common clauses in an integrated audit?

Answer — Integrated audits are certainly allowed by the QuEST Forum but the expectation of the QuEST Forum is that the time defined in the TL 9000 Auditor Time Chart will be applied to the audit for the TL 9000 audit. TL 9000 adders are unique and no time can be subtracted for that portion. For ISO 9001 and 14001 clauses see IAF MD5.

Question 11468 — The auditor timetable states that "The on-site auditor time table includes an additional 0.5 day for auditing the measurements. This 0.5 day was determined for up to 4 product categories." The first two divisions in the table are only for 0.5 audit-days. How is that supposed to be interpreted since this leaves nothing for auditing the rest of the TL 9000 requirements?

Answer — As you note, the 0.5 days for auditing measurements is based on the assumption that the Organization is generating measurements for up to 4 product categories. The two entries in the surveillance audit table with 0.5 audit days are for locations with less than 65 employees. The expectation is that when this is the case, in document “TL 9000 Auditor Time”, Notes 6, 6.1, and 11.2 are likely to apply. That is, the audit days can be adjusted based on the size of the site, their involvement in reporting measurements, the number of product categories involved, etc. In other words, it is expected that these smaller sites will likely have limited scope and therefore, is subject to potential reductions in time from the published table. Of course any adjustments must be supported by the CB's documented procedure for auditor time reductions (see Note 11.4).

Please be aware that the chart identifies the minimum audit days and when appropriate, additional days should be added to allow the necessary time for a thorough TL 9000 assessment.

Question 11581 — What is the 'intent' of TL 9000 concerning internal auditing of the QMS based on TL 9000? Are all clauses of TL 9000 required to be audited (internally) each year? Or can a company focus in certain areas, ensuring that all clauses are audited sometime within a set timeframe (such as three years)?

Answer — There is no specific answer to this question. The organization has to determine the depth, breadth, and frequency of its internal audit program needed to ensure that its quality management system is adequate and meets all requirements on a continuing basis.

Question 11791 — We are into managed services for Telecom networks & planning to go for TL 9000 certification. We understand that the certification audit by registrar will consist of two stages. Request you to please elaborate on the individual scope of Stage-1 and Stage-2 audits.

Are there any guidelines issued by QuEST Forum for the certification bodies to define the scope of Stage -1 & Stage-2 audits or it is up to the certification bodies to define the scope on their own?

Answer — The QuEST Forum does not issue any special guidelines for audits. The QuEST Forum approves Accreditation Bodies who accredit Certification Bodies that use ISO 17021 guidance for audits.

Stage 1 audits consist of a review of the organization’s management system documentation (e.g. quality manual, required procedures, etc.) and a determination of the organization’s readiness for the Stage 2 audit. The items to be addressed can be found in clause of ISO/IEC 17021. The Stage 2 audit is basically the general certification audit. Items to be addressed can be found in clause

Question 11874 — Since we have multiple product lines (some not Telco), some of our sites have only ISO 9001 registration because they do not perform same work as our TL 9000 certified sites. We have received a request from a potential customer who does not require TL 9000 certification. However, the work is to be shared between an ISO 9001 site and a TL 9000 site. Our next external audit is in October long term (2011), and the ISO 9001 site should become TL 9000 then. Due to the fact that this is the first time this has happened and it has just materialized can we treat our ISO 9001 site as a supplier to our TL 9000 site until they are certified or do you have other suggestions?

Answer — As long as the ISO 9001 site is not listed on your TL 9000 profile, they may be treated as a supplier with respect to your TL 9000 registration.

Question 12147 — I am an auditor working for a TL 9000 certification body. I am writing in regard to the "Code of Practice” Requirements for conducting an e-Audit as part of the TL 9000 Registration Process, obtained from the QuEST Forum web site.

Our company currently has a TL 9000 certified client located in Juarez, Mexico that will be coming due for a recertification assessment in a few months. As you are probably aware, the area is currently experiencing increased violence among the populace, to the point that the U.S. State Department has issued an advisory recommending that non-Mexican person not visit the area. The certified company itself has determined that it will not be sending U.S. citizens into the area for this assessment. Our company does not have TL 9000 qualified assessors that are Mexican citizens, and we likewise are not prepared to send our non-Mexican personnel into the area. To continue supporting our client, we are requesting that an exception to the rule against e-auditing of a TL 9000 manufacturing operation be granted in this instance.

Answer — While we are sympathetic to the situation, QuEST Forum can not grant a waiver to the e-auditing restriction. To do so would create a precedent that QuEST Forum simply can not support at this time. There are 39 TL 9000 Certified Locations in Mexico and another 6 locations in other countries with US State Department travel warnings. It should be noted that what is being proposed would also seem to violate the IAF restrictions in MD-4. In addition, ANAB’s “Heads Up 138” indicates that certificates cannot be extended beyond the certificate expiration date.

Question 12200 — Is it mandatory to implement ISO 9001 before implementing TL 9000 standard?

Answer — It is not mandatory to implement ISO 9001 before TL 9000. They both can be done at the same time.

Question 12469 — During the technical review, one of our clients was audited against the requirements of TL 9000 and found to have not submitted the required Measurement Data to QuEST Forum. The certification decision was held up and the client was not certified. The client informed us that they have submitted the required measurement data to the QuEST Forum and this was verified by the auditor. We want clarification if the client can be certified based on the audit and recently submitted Measurement Data to QuEST Forum?

Answer — First, the CB was required to identify the issue as a major nonconformity during the audit. Catching this as a major during a technical review is not acceptable or compliant. Having said that, the organization may be certified if organization satisfied the requirements for addressing the major nonconformity, corrective action was verified as complete, and all aspects of Measurement Handbook requirements of 3.5.2 are satisfied. NOTE: Just submitting the data will not be sufficient.

Question 12907 — A recent accreditation body audit found an error in a certification body audit where the client had made an error in calculating the OTD. The specific wording of the nonconformance is "OTD data of May, Jun, and Jul was not calculated correctly according to counting rules. The organization only calculated the total lot which was shipped not including the lot which needed to be shipped but not shipped." The field auditor classified this as a minor nonconformance but the accreditation body auditor wrote a nonconformance stating that it should have been classified as a major. Was the accreditation body auditor correct in this judgment?

Answer — Yes. Based on the information provided, this would be a major nonconformance since there was a failure to implement the counting rule requirements. The reason for this is there was a complete failure to implement rule 5.4.4 b) 7) "The monthly OTD data shall include all orders having the CRD occurring during the month being reported." Each measurement rule is treated as an individual requirement. Therefore the first criteria for a major non-conformance "The absence of, or the failure to implement and maintain, all aspects of one or more requirements for certification/registration" applies.

Question 13150 — I want to know that the annual surveillance assessment after TL 9000 certification becomes due after: a) 1 year from date of Stage 2 audit or b) 1 year from date of certification.

Answer — Per ISO/IEC 17021:2006 Conformity assessment -- Requirements for bodies providing audit and certification of management systems Surveillance audits shall be conducted at least once a year. The date of the first surveillance audit following initial certification shall not be more than 12 months from the last day of the stage 2 audit.

Question 13256 — Can we use a supplier that is not accredited by QuEST Forum to provide TL 9000 certifications and or audits?

Answer — No. The only certification bodies that can certify an organization to TL 9000 are the CBs accredited by one of the five Accreditation Bodies authorized by the QuEST Forum.

See http://tl9000.org/abcb/ab.html and http://tl9000.org/abcb/cb.html

Question 13398 — I would like to know more about the role of consultants during the TL9000 certification process. Specifically, are consultants allowed to be on site when an organization is being assessed/audited by a Third-Party certification body?

Answer — All registrars (certification bodies) are required to comply with the Code of Practice for TL 9000 Certification Bodies Release 6.0. Bullet 1 under the “On-Site Auditing Requirements” portion of Section 4 of the Code states

“While on site the auditor for the certification body is required to: 1. Comply with most current version of ISO/IEC 17021 Conformity Assessment-Requirements for Bodies for Providing Audit and Certification of Management Systems.”

Clause Observers of ISO/IEC 17021 states:

“The presence and justification of observers during an audit activity shall be agreed to by the certification body and client prior to the conduct of the audit. The audit team shall ensure that observers do not influence or interfere in the audit process or outcome of the audit. NOTE Observers can be members of the client's organization, consultants, witnessing accreditation body personnel, regulators or other justified persons.”

In normal practice, consultants can be present during the audit but they are not allowed to answer questions posed by the auditor. If the consultant constantly tries to influence or interfere with the audit process or its outcome, the auditor can request that they leave the area.