9.2 Hosting the Customer Audit

A customer audit is not a friendly visit; it is a verification of contract compliance. The auditor's goal is to find risk; your goal is to demonstrate control. Success relies on architecture, not just good coffee. You must control the flow of information, the environment, and the narrative. If you allow an auditor to wander freely or access raw data without context, you will fail.

The "War Room" Architecture

Do not allow the auditor to sit at your desk. You must physicalize the "Firewall" concept.

The Dynamic:

The Front Room: This is the stage. It contains the Auditor, the Host, and the relevant Subject Matter Expert (SME). It is sparse. No loose papers, no whiteboards with strategic secrets, and no access to the internal network.
The Back Room: This is the engine. It is staffed by scribes and runners.
- The Scribe: Sits in the Front Room (silently) and types every request into a live chat.
- The Runner: Sees the request ("Show me the training record for Operator A"), retrieves it, reviews it for errors, and physically walks it to the Front Room.

The Filter Rule:

If a document has a missing signature or a coffee stain → Then the Back Room catches it before the auditor sees it.
If a record is missing → Then the Back Room prepares the explanation immediately, so the Host is not caught off guard.

The "Pre-Flight" Clean Sweep

Do not wait for the auditor to find the rogue Post-it note. Execute a "Search and Destroy" mission 48 hours prior.

The "Red Flag" Hunt:

Infrastructure:
- If a chemical bottle (IPA/Flux) is unlabeled → Then it is a hazmat violation. Bin it.
- If the "Red Tag" quarantine cage is unlocked → Then the audit is over. Lock it and pocket the key.
Production Line:
- If an operator has a "cheat sheet" or handwritten note taped to the machine → Then destroy it. The only valid document is the controlled Work Instruction (WI).
- If personal items (bags, food) are in the ESD zone → Then remove them.

Interview Discipline (The Miranda Rights)

The most common source of audit findings is an operator talking too much. Train your staff on the "Answer Only" protocol.

The Logic of Interaction:

Auditor: "Do you calibrate this driver?"
Bad Answer: "Yes, usually on Tuesdays, but Bob was sick last week, so we did it Wednesday." (You just volunteered a non-conformance).
Good Answer: "Yes." (Stop talking. Wait for the next question).
Auditor: "Show me the sticker."
Action: Point to the sticker. Do not explain the history of the sticker.

Pro-Tip: If you do not know the answer, say "I will verify that with the engineer." Never guess. A wrong answer is a finding; a delayed answer is just due diligence.

The Closing Meeting

This is a negotiation, not a sentencing hearing.

Closing Logic:

If the auditor presents a finding based on a misunderstanding → Then clarify it immediately with evidence. Do not wait for the final report.
If the finding is valid → Then accept it professionally. Do not make excuses ("We were busy"). State the correction timeline (e.g., "We will submit a CAPA within 5 days").

Final Checklist

Control Point	Critical Requirement	Risk Avoided
Front/Back Room	100% of documents filtered through Back Room.	Accidental Disclosure / Bad Data
Clean Sweep	Remove all uncontrolled notes (Post-its) from the line.	Document Control Failure
Interaction	Operators answer only the specific question asked.	Volunteering Non-Conformance
Quarantine	Red Tag area must be physically locked.	Critical System Failure
Escort	Auditor is never left alone on the production floor.	Safety / Security Breach

1.1 QMS Scope, Process Map & Mandatory Records

1.2 Documentation Control & Data Integrity

1.3 Change Control & Configuration Management (ECR/ECO/Deviation control)

1.4 Competence & Training Management (Skills Matrix)

1.5 Templates Pack: NCR, CAPA, Audit, Calibration, Incoming Report

2.1 ESD Control Program (ANSI/ESD S20.20)

2.2 MSD Handling & Storage (J-STD-033)

2.3 Shelf Life & Expiry Control: Chemical Integrity

3.1 APQP & PPAP

3.2 Material Compliance: RoHS, REACH, & Conflict Minerals

3.3 Failure Mode and Effects Analysis (FMEA)

3.4 Control Plan + Reaction Plan (Stop/Contain/Release Rules)

3.5 First Article Inspection (AS9102)

3.6 Regulatory Compliance: The EMS Interface

4.1 Governance and Operating Model

4.2 Audits and Capability Verification

4.3 The Incoming Inspection Plan (IQC)

4.4 Supplier Nonconformance (SCAR) Management

4.5 Supplier Corrective Action (SCAR/8D) + Effectiveness Check

4.6 Change Control and Deviations

5.1 Bare Board Inspection (IPC-A-600)

5.2 IPC-A-610 Classifications & Criteria

5.3 Cable & Harness Assembly (IPC/WHMA-A-620)

5.4 Box Build & Mechanical Assembly (IPC-A-630)

5.5 Cosmetic Inspection Standards (Visual Quality)

5.6 Rework & Repair (IPC-7711/7721)

5.7 Defect Taxonomy & Disposition Rules (Linked to MRB)

6.1 Measurement System Analysis (MSA / Gauge R&R)

6.2 Calibration Management

6.3 Equipment Validation (IQ/OQ/PQ)

6.4 Inspection Method Validation (AOI/X-Ray/ICT/FCT Correlation)

7.1 Statistical Process Control (SPC): Cp & Cpk

7.2 Operational Metrics: FPY, RTY, CoQ & Review Cadence

7.3 Test Process Quality (ICT/FCT & Retest Limits)

7.4 Layered Process Audits (LPA)

8.1 NCR Workflow: Detect, Quarantine, Disposition, Close

8.2 Internal MRB & Quarantine Discipline

8.3 Root Cause Analysis (RCA) & CAPA

8.4 Containment Playbook: Suspect Lots, Line Stop Triggers & Escape Handling

8.5 RMA Processing & Field Failure Analysis

9.1 Internal Systems Audits (ISO 19011)

9.2 Hosting the Customer Audit

9.3 Audit Program: Annual Plan, Checklist Library & Evidence Index

9.4 The Quarterly Business Review (QBR) & Quality Strategy

9.2 Hosting the Customer Audit

The "War Room" Architecture

The "Pre-Flight" Clean Sweep

Interview Discipline (The Miranda Rights)

The Closing Meeting

Final Checklist