Skip to main content

3.4 Risk, Compliance, and Audit Readiness

In the EMS industry, compliance is not about passing a test; it is the license to operate. A single safety violation or data breach can shut down the factory or disqualify us from the supplier list of a Tier-1 customer.

This chapter defines the Baseline Defense. These are the non-negotiable standards required to open the doors every morning.

The "Always Audit-Ready" Doctrine

Most companies scramble for two weeks before an ISO or Customer Audit. This is a failure of process. At Dannie, the goal is Zero Preparation.

  • The Logic: If you have to "fix" the factory for an auditor, you are running a non-compliant factory 50 weeks a year.
  • The Standard: The factory floor and the digital records must always reflect the reality shown to an auditor.
  • The Test: If a customer walks in unannounced on a Tuesday afternoon, can we show them the line without panic? If No, the process is broken.

Minimum Compliance Expectations

These are the binary gates. If these are red, the factory is effectively closed.

Safety (EHS) – The Zero Compromise

  • PPE: Personal Protective Equipment rules are absolute. No safety glasses = No entry. No exceptions for the CEO or Clients.
  • ESD (Electrostatic Discharge): The invisible killer. Daily strap tests and footwear checks are mandatory for everyone entering the EPA (Electrostatic Protected Area).
  • Chemicals: No unlabelled bottles. Every chemical (IPA, Flux, Solder) must match the MSDS binder at the station.

Labor & Ethics – The Social License

  • Working Hours: We strictly adhere to local labor laws and RBA (Responsible Business Alliance) standards. We do not burn out teams to hit a deadline.
  • No Forced Labor: We audit our staffing agencies. If an agency withholds passports or charges fees to workers, we fire the agency immediately.

Data Handling – The Digital Vault

  • Clean Desk: No customer IP (BOMs, Schematics) left visible on desks or screens.
  • Access Control: Visitors must be badged and escorted. Server rooms are restricted to IT staff only.

Incident Management: The CAPA Logic

When a failure occurs (safety, quality, or process), we do not just "fix it." We inoculate the system against recurrence. We use a lightweight CAPA (Corrective and Preventive Action) logic.

The 4-Step Incident Loop:

  1. Containment (Immediate - < 4 Hours):
    • Stop the bleeding. Segregate the bad stock. Stop the unsafe machine.
    • Output: "The risk is contained."
  2. Root Cause Analysis (Deep Dive - < 48 Hours):
    • Use 5 Whys or Fishbone. Do not blame "Human Error." Human error is a symptom of a bad process.
    • Output: "The physics/logic of why it failed."
  3. Corrective Action (The Fix - < 5 Days):
    • Implement the structural change (e.g., install a sensor, rewrite the code, change the fixture). Training is rarely a sufficient fix.
    • Output: "The mechanism is updated."
  4. Verification (The Proof - Next Run):
    • Check the next batch or cycle. Did the problem return?
    • Output: "Closure."

Customer Audit Behavior

Audits are sales opportunities. A confident, transparent audit wins more business than a pitch deck.

The "Host" Protocol:

  • Do Not Hide: If the auditor finds a non-conformance, admit it immediately. "Yes, that is a finding. Here is how we will fix it."
  • Answer the Question: Do not volunteer extra information. Answer exactly what was asked.
    • Bad: "We usually do X, but sometimes Y..."
    • Good: "The standard is X. Here is the record."
  • The "Evidence Pack": Do not search for files while the auditor watches. See below.

The Digital Evidence Pack

Evidence must be retrievable in < 3 Minutes. If it takes longer, the auditor assumes you are fabricating it. Every Department Head must maintain a live folder (Digital Evidence Pack) containing:

Folder / Category

Required Contents (Always Current)

01_Org_Structure

Org Chart, Role Descriptions, Training Matrix.

02_Process_Control

Validated Control Plan, PFMEA, active Work Instructions.

03_Equipment

Calibration Certificates (Current), Maintenance Logs.

04_Supply_Chain

Approved Vendor List (AVL), Incoming Inspection Records.

05_Quality

Yield Charts (Last 6 months), CAPA Log, Calibration status.

06_Improvement

Evidence of Continuous Improvement (Kaizen log).

Final Checklist

Area

Requirement

Owner

Audit Readiness

< 3 Minute retrieval for any key record.

Dept Heads

Safety

100% PPE/ESD compliance. No warnings.

EHS Officer

Chemicals

All containers labeled + MSDS available.

Line Lead

Incidents

Logged within 24 hours.

Quality

CAPA

Closed only after Verification (Proof).

Quality Manager

Visitors

No solo walking. Badged and escorted.

Reception / Host

Back to top