Any shortcomings found at audit are reported as findings and they are as follows:
Severity Level 1 Finding
Any non-compliance with a regulation or requirement or the service provider’s own arrangements, processes or procedures which creates a serious safety/security hazard. Urgent and satisfactory corrective action to mitigate the hazard is required in not more than 7 days. Depending on the severity of the non-compliance, the finding may require the provisional suspension or variation of any approval or certificate
Severity Level 2 Finding
Any non-compliance with a regulation or requirement or the Service Provider’s own arrangements, processes or procedures. A corrective action timescale normally of up to 90 days to be agreed based on the associated potential safety/security hazard.
Note: Where a period of more than 90 days is deemed appropriate or necessary the agreed period should reflect the level of risk judged to be involved.
An audit may also identify an Observation which is:
The potential for a non-compliance to develop if no action is taken or there is an opportunity for a safety/security improvement.
Once an observation is presented at the out brief it is closed. Any action to address the observation after the out brief does not need to be reported to ASSI, but it can be. Future audits may check any previous observations. This will be to make sure a non-compliance has not arisen or to see how the safety management system is working.
To close a finding
It is important to fully close a finding with evidence by the agreed closure date. Failing to do this may lead to escalated enforcement action.
The steps to closing a finding before the agreed closure date are:
1. Understand the finding so you can judge what needs to be done and how much time is needed to complete these steps. The finding will be explained when found, at the out brief, in any interim regulatory finding report and the audit report. If the finding is not understood at any of these stages, or after this, ASSI must be asked to explain.
2. Contain what was found to make it safe and complete actions to correct what was found. DO NOT STOP HERE. THERE IS MORE TO DO.
3. Find the root cause of the finding (5 whys). Also ask, why did ASSI find this before you?
4. Create and complete actions to correct the root cause to stop it happening again.
5. Check the actions have been done and ask does this work to prevent this happening again?
6. Before the agreed closure date explain to ASSI with evidence what you did in steps 2 to 5.
ASSI will review the response to either advise if it is closed or request further action or evidence.
Any response to a finding must note the finding reference number and be clear to explain what was done and how this relates to any evidence provided. Anything less than this is a poor response.
Findings and Enforcement
How findings are managed can impact on escalated enforcement action. Poor and/or late audit finding responses may lead to escalated enforcement, and ultimately, operational restrictions placed on the approval, for example, a Level 2 finding may become a Level 1 that may then lead to a suspension of an approval or certificate.
A Level 1 finding can reduce to a Level 2 finding in the process of closing. There can be cases where a plan is required to complete all the actions to solve a finding. Here, the finding may be closed based on the plan but if the plan is not followed a new finding can be raised and escalated enforcement action follow.
Finding Closure Dates
A finding must be closed with all the steps 1 to 6 completed by the agreed closure date. Work to close a finding must start as soon as possible to make sure this is done in time. So, if there are any problems, there is time to fix or contact should be made with ASSI to discuss any issues. Again, if the finding is not fully understood there will be time to contact ASSI to further explain the finding. It is not acceptable to delay work or start work on a finding just before the closure date risking it not being met.
Where more time is needed it must be requested to ASSI as soon as it is known the closure date cannot be met. This request must state the reason why its required and any mitigation actions taken to ensure a safe operation with the finding still open. ASSI will then review the request and advise. ASSI may require further mitigation actions to ensure a safe operation or escalate this to enforcement action. It is not acceptable to let a finding pass a closure date without agreement from ASSI.