• The scheduling process is performed in eAuditNet. 
• The Auditee shall register in eAuditNet. 
• Each facility shall have only one (1) address in eAuditNet. 
• The Auditee shall accept the s-frm-1103 Auditee Agreement - Accreditation
  Audit after the first time an Initial audit is initiated for the Auditee Profile.
• No audit shall be conducted without an accepted agreement.
• Quality system requirements, including criteria for the quality system being
  considered valid, are defined in PD 1100 Nadcap Program Requirements.
• Prior to an Initial audit being scheduled or rescheduled, evidence of a quality
  system certificate that is valid through the scheduled audit end date shall be
  recorded in eAuditNet.
• An Initial audit may be scheduled without a record of a valid quality system if
  the applicable Task Group accepts a Nadcap Quality System and the audit of
  the quality system has been scheduled.
• Prior to the audit start date, the Auditee shall document in eAuditNet that they
  do or do not have restricted technical data controlled under one or more
  United States export control laws or regulations, such as ITAR or EAR. 
• The Auditee shall select the scope of the audit (Audit Criteria and processes).
• All Initial, Initial (Re-Entry), Reaccreditation, VCA, and Add Scope audits shall
  have AC7000 included in the scope.
• The audit is scheduled and the Auditor assigned in eAuditNet.
• The duration of the audit is determined using s-frm-1102 Audit Grading
  Criteria. 
• PRI shall notify the Auditor and Auditee when the audit is scheduled and
  when any changes occur to the scheduled audit. 
• The Auditee is responsible for paying fees as defined in the Auditee
  Agreement. Failure to pay such fees may result in rescheduling, cancellation,
  or failure of the audit, as well as suspension or withdrawal of accreditation.

For initial Audits:

• Prior to scheduling the Nadcap audit, Auditee must provide PRI with a quality system accreditation certificate (defined by OP 1104) valid through the last day of the audit.
• If a valid quality system approval certificate cannot be provided, the Auditee must schedule a Nadcap AC7004 or AC7006 assessment to be done with the process audit.
• If after scheduling the AC7004 / AC7006 the Auditee provides a valid external quality system certificate to PRI prior to 46 days before the audit start date the AC7004 / AC7006 audit will be cancelled and a full refund issued. If the certificate is provided less than 46 days prior to the audit start date PRI will cancel the AC7004 / AC7006 audit but there will be no refund of the audit fee / Auditee will have to pay for the cancelled day.

IMPORTANT:  Company Name and Address on external quality system certificates must match the Company Name and Address for the locations being audited as shown in eAuditNet.  Satellite facilities, as defined in OP 1104, must either be listed on the Main site certificate or have their own certificate.   If a valid external quality system certificate cannot be provided as described above, a Nadcap AC7004 or AC7006 assessment to be done with the process audit.

The United States Federal export control laws prohibit unlicensed export of information related to certain products and technologies for reasons of national security and protection of trade. The Department of State regulates and restricts the transfer and export of specified product, technical data, software and technologies relating to military applications listed on the Munitions Controls List (MCL) under the International Traffic in Arms Regulations (ITAR). The Department of Commerce regulates and restricts the transfer and export of specified product, technical data, software and technologies relating to civilian and dual-use applications listed on the Commerce Control List (CCL) under the Export Administration Regulations (EAR). 

Export controlled (EC’LR-Restricted) information or material is any information or material that cannot be released to foreign nationals or representatives of a foreign entity, without first obtaining approval or license from the Department of State for items controlled by the International Traffic in Arms Regulations (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulations (EAR).  Export controlled information must be controlled as restricted information and marked accordingly. 

How does this affect the audit?

Scheduling:  During the audit scheduling process in eAuditNet the Supplier will be asked: For this commodity, is work done under the guidelines of the ITAR/EAR?  If the answer is Yes an UNRESTRICTED auditor will be assigned to do the audit, as available*.  If the answer is No then any of PRI’s worldwide auditors (either UNRESTRICTED or RESTRICTED) may be assigned to the audit.  Again – IF YOU ARE NOT SURE CONTACT YOUR PRIME or CONTRACTOR OR CUSTMER.

*if an UNRESTRICTED auditor is not available, PRI Scheduling will work with you to see if enough work which is not ITAR/EAR/Export Controlled will be available for us to use a RESTRICTED auditor.

Documentation of the audit:  Neither Unrestricted Nadcap auditors, nor the supplier are allowed to include or attach technical information on Export Controlled parts in eAuditNet.  This is due to the fact that Restricted personnel in the Task Groups have access to the audit details.  Suppliers should consult with their Staff Engineers on this issue if there are any questions about what should be included and what should not.
Suppliers are not to post technical information on ITAR/EAR restricted parts in eAuditNet – either in response to a corrective action or in connection with any other audit information.

How does a Company know if they do work under the guidelines of ITAR/EAR?

Suppliers should be notified by the Prime Contractor or their customer that the work being performed falls under the ITAR/EAR guidelines.  (NOTE: Suppliers outside the United States can be licensed to do work under the ITAR/EAR guidelines.)  IF YOU ARE NOT SURE – THEN CONTACT YOUR PRIME or CONTRACTOR. 
 
Unfortunately, there is no common method of identifying work which is ITAR/EAR/Export Controlled.  Suppliers should look for any reference to: ITAR/EAR; Export Controlled; Export Restricted; US Military Designations on the documentation they receive from their customers.  Suppliers need to look at all documentation they receive from their customers for any evidence that the part is Export Controlled – this includes drawings, Purchase Orders, technical information sheets, specifications, work instructions, etc. 
 
One example of how ITAR/EAR may be called out follows: 
 
            WARNING – This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751, et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C., App. 3401 et seq.)  Violations of these export laws are subject to severe criminal penalties. 
 
If the supplier does not receive this information proactively from their customer, they should ask for it. 

Who can have access to information or product falling under ITAR/EAR guidelines?

Export Controlled information may be disseminated & utilized in the audit only by Nadcap auditors who are identified as UNRESTRICTED.  These auditors are U.S. citizens or immigrant aliens (Green Card holders).  
 
RESTRICTED (non US citizen) auditors cannot come in contact with Export Restricted information or material.
 
The ITAR/EAR designation for the Industry Managed auditor(s) assigned to an audit can be found in eAuditNet next to their name; example: Michael Smith (Primary)    (ITAR Unrestricted) – OR - Walter Schmidt (Primary)    (ITAR Restricted)
 
It is the Suppliers responsibility to know what parts, materials and information are Export Controlled and to ensure that such Export Controlled materials are not included in any way in an audit being completed by a Restricted auditor. 

An audit of a Supplier may entail the scheduling of more than one facility if the locations are within 25 miles/40 kilometers of each other.  It is the Supplier’s responsibility to notify PRI as soon as possible where a Satellite arrangement exists to ensure proper scheduling of all locations (OP 1104). 

For facilities or buildings to be classified as Satellite(s) the following criteria apply: 

a.    Must be within 25 miles/40 kilometers radius distance of the Main facility; 

b.    Must have the same Quality Manual and Procedures as the Main facility; 

c.     Must have the same Quality Manager (day-to day operational control) as the Main facility (for NDT can substitute the same Level III / for MTL can substitute the same Lab Manager/Supervisor); 

d.    Must have onsite an individual who is part of the Quality Function and reports directly to the Quality Manager; 

e.    Are owned by the same company. 

 A Satellite facility shall be scheduled as a separate audit in eAuditNet with its own unique audit number and shall be granted a separate accreditation.  The Satellite facility address and an audit contact for this location must be registered in eAuditNet.  The Main and Satellite facility audits are expected to be conducted consecutively with the same Auditor(s).  

The auditor shall verify during the audit that the Satellite meets the above criteria and shall immediately report any deviations to Scheduling.  Deviations could result in the location not being audited.

If the auditor arrives at the audit and is informed that there is separate location to be audited outside the Main facility boundaries and this facility is not listed as a Satellite in eAuditNet with a unique address and audit number the auditor will not include this facility as part of the audit.

1. Immediate Corrective Action Taken (Containment Actions): This is the action taken to address the immediate problem. How extensive is the problem?  Did you review similar parts, jobs, procedures, etc.; to determine if this condition exists elsewhere in your system? Who was notified (customer or internal)?
2. Root Cause of Nonconformance: This is not a restatement of the finding. The systemic element that once corrected will prevent recurrence of the NC.
3. Impact of all Identified Causes and the Root Cause: If a specification requirement was violated and certification to that specification was issued, the extent of the violation must be identified and affected customers must be notified and evidence of this provided with the response. 
4. Action Taken to Prevent Recurrence: This is the systemic fix to the root cause. 
5. Objective Evidence Attached: For all audits objective evidence of implementation of all corrective actions must be provided for all findings. This includes revised procedures (including evidence of approval by responsible personnel and release for use), evidence of training, etc.   Word, Excel, or pdf format.  NOTE: Not needed for findings accepted on-site by the Auditor.  
6. Effectivity Date: When was the corrective action completely implemented? Accreditation generally cannot be issued until after this date.