Dear folks What would you add or amend in the upcoming ver of ISO 9001:2008?

In my opinion , there should be something to be added for Auditing and controlling the Finance process, finance people are always making criticism to the quality system :argue: , they should be invovled in this .



what I think that it should be substracted is the concentration on Analysis of suppliers performance, evaluation and reevaluation of their performance is enough sometimes for small companies , see subclause 8.4 d

I would ask here a question ,why we sometmies find a certified ISO 9001:2000 companies without any kind of credibility ? who is resposible for that ?in our region there is a lot of examples ?
we are expecting from the new standard to help in minimizing such cases

Samer

Dear folks What would you add or amend in the upcoming ver of ISO 9001:2008?

Hi Amanbhai,

Are you a member of TC 176?

I wish that ISO 9001 could follow what ISO 9004 has preached in providing more value added step of implementing an efficient & effective QMS......Just my two cents....:tg:

I would start with changing the "Quality Objectives" to something that states that these are objectives that impact product and service quality. I loose HOURS trying to explain that "Quality Objectives" do not have to be rework or error related.

Better outsourcing controls. I think they are working on this....

Work on nonconforming product, but especially corrective and preventive action- there are to many ways to interpret what is beig said esp in the corrective action section.

link monitoring and measurement of product more clearly with nonconforming product.

Make control of software used for monitoring or measuring products and processes (7.6) stronger or more defined Most of the businesses I deal with don't have devices, they have software. Even some of the ones with devices still have software. As it stands, a lot of the "older, more experienced auditors with the 1994 standard" are used to dealing with the devices (sorry if this doesn't apply to you). These auditors, especially in the early years, completely overlooked the software requirement and still are not sure of it.

Oh, and flat out state that Design and development apply to goods, services and software being created as art of a contract or for your own use (if it affects quality) unless you exclude those intentions up front.

I would like to see more of the naturally aligning TS 16949 stuff in it and make the rest, like FMEA's and Control plans etc, an automotive supplement. Much in the same way the 9001 has integrated the 14001. For example add 6.3.2 Contingency plans from the 16949 to the 9001. It's funny we have an initiative where we are getting a portion of the company TS certified, we will have business continuity plans for that portion of the company but not the rest! :bonk:

Dear folks What would you add or amend in the upcoming ver of ISO 9001:2008?

I voted don't know yet.

Where can I find the draft to ISO9001:2008 at the IAF website or the ISO website? Is a draft available?

Coury Ferguson

Dear folks What would you add or amend in the upcoming ver of ISO 9001:2008?

One change - search and replace the word "quality" with the word "business".

Now that would make a real difference.

ISO 900x puts quality in a ghetto, in the hands of people with limited authority to make it happen.

Quality is the result (output) of business decisions, not an activity in itself.

For that matter so are evironmental results and social accountability.

The standards as written now get handed off as projects to people with little effective authority, and the result is "we got ISO" or the quality manager takes care of quality or our Environmental Manager takes care of spills <as much as the business system lets them>

Note that the national quality awards are slowly moving towards becoming business excellence models.

I agree with Caster. Just some notes:

But don’t think changing the names will fix this issue. Yes, the Quality is business matter. But business is not only quality, there are times, perceptions, and many human related stuff that cannot be set in written.

IMHO, the new ISO 9001 should pay more attention on the certification process and how the registrars check and assures that the quality system is effective and efficient. This will put more stress on the quality maters and the top management will be more involved.

7.5.2/7.5.3 highlighting the fact that Corrective action is different tha from Correction by renaming it

Adding emphasis on maintenance

refining 7.5.1 instead of its extensively vast scope

8.3 Considering its application in the service industry and what value it may add especially with it being a mandatory procedure

Refining the requirement for the quality policy so that it would really end up adding value

I believe adding a clause addressing the identification of what a problem is and directly stating that it could be a complaint, ncp, damage or loss would put the whole improvement idea in focus

I would like to see a refinement of 8.2.1, Customer satisfaction. The way it is being interpreted now, it seems to me, requires the use of surveys. In many cases, surveys are a waste of time. We used to use wide distribution of (excellent) call reports from our sales force, and that worked quite well. I have tried as hard as I could, but the surveys we have done yeilded little, besides satisfying this clause. So, we use call reports, and occasionally I distribute the results of surveys, recieving blanks stares and "so what"s.

Not very value added, at all.

I can't believe that my company is the only one that has issues with this situation.

I would like to see a refinement of 8.2.1, Customer satisfaction. The way it is being interpreted now, it seems to me, requires the use of surveys. In many cases, surveys are a waste of time. We used to use wide distribution of (excellent) call reports from our sales force, and that worked quite well. I have tried as hard as I could, but the surveys we have done yeilded little, besides satisfying this clause. So, we use call reports, and occasionally I distribute the results of surveys, recieving blanks stares and "so what"s.

Not very value added, at all.

I can't believe that my company is the only one that has issues with this situation.

You are not the only company that has an issue with that. We had that same debate this morning as we were talking about the customer feedback loop.
One of our facilities is ISO registered and is up for an audit in 2 weeks... Our VP of Sales is already girding for battle with the auditor on the customer survey issue because she harps on it every single time.
The standard states at the end of 8.2.1 "The methods for obtaining and using this information shall be determined". Well we have determined that we have tried it and have received no value whatsoever from the process and therefor have ceased.

I think the next rev has to eliminate "customer perception" and use something more meaningful.

I think the next rev has to eliminate "customer perception" and use something more meaningful.


We are in full agreement here. I like the latest revision a lot, except for this one area. Its like they tacked it on at the last minute or something, and it seems as though it is not as well thought out as the rest of the standard.

Well, looks like someone in the TC 176 should look at the ISO 9001 as the business management system. In other words, use quality as a business strategy which covers everything within the organization. They should also emphasize on the process management approach.
Nevertheless requalify those auditors as what happened to TS1 auditors. This is because there are many incompetence auditors out there, and most of them do not really promote the process approach to auditing and do not bring added value to the audit client. Though, ISO 9001 is just a model to manage the organization towards consistent processes, many of the companies out there just appreciate the ISO 9001 just a badge on the wall. I wish the TC 176 would look seriously on the auditors to bring added value to their audit and audit client. By this way, obviously there will be only good companies.
I've seen those companies without ISO 9001 certificate performed better than those have the certificate. Is there any different having the certificate and not? From this point I hope the TC 176 would look seriously into this and don't let ISO just stands for I-SO (eye sore) or "I See Only" for the auditors and never do their job properly.

I want the emphasise to change from Management of Quality to Quality of Management.

In general, I would like the ISO standard to "say what you (ISO) want, so I can do what you say." Make the "implied" requirements "stated" requirements if there are deemed so important. The ISO standard should be a stand alone document that defines what is required in clear language rather than having to go to training seminars where you have to decipher the code. Having non stated requirements only leads to auditor/registrar self interpretations and adds to the frustration level companies deal with regarding ISO,which further discredits the ISO initiaitive.

I have gotten so frustated in trying to meet expectations that are not defined in the standard. It's like the commercial where the basketball player is trying to dunk the ball through a moving backboard/hoop.

I have gotten so frustated in trying to meet expectations that are not defined in the standard.Can you offer an example or two?

Though I have come to like the process approach, however I do not see the requirement stated in the standard. I only see where it "promotes" it's use. I changed jobs and registrars. I took a major finding because I did not train my internal auditors to the process approach, internal audits did not include the Process effectiveness stuff (i.e. inputs, outputs, upstream/downstream suppliers). All this was OK with my previous registrar. ISO19011 doesn't even mention the process approach. I figure if something is important enough to issue a major finding that is should at least be defined clearly in the standard. I was told that it was an "implied" requirement.

My emphasis here is if you want process approach then say you want it and give specific expectations, something like document control. The noted requirements for document control leave very little to personal interpretations just differences in application.

I took a major finding because I did not train my internal auditors to the process approach, internal audits did not include the Process effectiveness stuff (i.e. inputs, outputs, upstream/downstream suppliers). All this was OK with my previous registrar.Thanks. While ISO 9000 (a NORMATIVE reference in ISO 9001) encourages the process approach for the establishment of a QMS, I do not see where in ISO 9000 or 9001 would force you to train your auditors, as stated above. You took a major, but you could (and should) have challenged the finding, imo. Once again, I don't think is a problem with the standard, but auditors making bad calls and auditees fearing to challenge the auditors.

Thanks. While ISO 9000 (a NORMATIVE reference in ISO 9001) encourages the process approach for the establishment of a QMS, I do not see where in ISO 9000 or 9001 would force you to train your auditors, as stated above. You took a major, but you could (and should) have challenged the finding, imo. Once again, I don't think is a problem with the standard, but auditors making bad calls and auditees fearing to challenge the auditors.


Well said Sidney....:)

You took a major, but you could (and should) have challenged the finding, imo.

Good word Sidney, and I did push back to the auditor. However, I didn't have the support from my Upper Mgmt to take it beyond that. Too afraid of creating bad waves with the registrar I guess. I guess in some people's world ISO auditors are gods and are never wrong.

I guess in some people's world ISO auditors are gods and are never wrong.

Yup, I agree with you. Too many don't know they can or are too worried about the consequences to do so. But there are some who can, & do!

Had an audit recently where the client's auditors attempted to corral them into doing their system for them (the auditors) and actually stated that the system was 'too hard' for them to audit... and their solution was for the client to make it easy for them.

Fortunately the client firm took my advice to talk to 3 other certifiers, discovered that my disgust was shared by all 3 others, and have now switched. But you're right, you can't do it without top management support - as with just about anything else you care to think about.

I want the emphasise to change from Management of Quality to Quality of Management.
I think that's a great way of putting it.:agree1:

Quick Question... is this going to be 2007 or 2008?

DNV just kicked off a re-reg audit in our sister facility and I conferenced in on the opening meeting and she (the auditor) insisted it's 2007.

Quick Question... is this going to be 2007 or 2008?

DNV just kicked off a re-reg audit in our sister facility and I conferenced in on the opening meeting and she (the auditor) insisted it's 2007.Neither. 2009, now. http://elsmar.com/Forums/showpost.php?p=159786&postcount=21

I expect the ISO 9001:2008 gives some more clarity on implementation and improvement is 8 Quality Management Principles. Specially Mutual benification with suppliers and Peopels involvement. Present standard doesnt give any authentication, the 9k - 2008 may gives some authentication of the QMS

Good word Sidney, and I did push back to the auditor. However, I didn't have the support from my Upper Mgmt to take it beyond that. Too afraid of creating bad waves with the registrar I guess. I guess in some people's world ISO auditors are gods and are never wrong.

Good point you have there, mlthompson, 'push back to the auditors'! :)

I guess so, some of us still think auditors are GODS and this paradigm must shift to a better understanding. The auditors must understand their functions, i.e., verification and look for more prevention rather than correction to help the client. Auditors also should bring more added value in the system, not fault findings. Hence, they (the auditors) should emphasize more on the business (or quality business) perspective for their client, i.e. PROFITS and GROWTH. I guess it's time to requalify those auditors, especially those incompetence ones. Accredition bodies should be more strict on the Certification Bodies. Some of the CBs are more focus on getting more audit client rather than providing them a quality audit value to their client. No wonder, some certified organizations, just having a badge on the wall.
So, in order to make this 9K:2008 more added value to organization, we should look more into the competencies of the CB auditors.
Well, just my opinion afterall, guys.:agree1: ?

Had an audit recently where the client's auditors attempted to corral them into doing their system for them (the auditors) and actually stated that the system was 'too hard' for them to audit... and their solution was for the client to make it easy for them.

Fortunately the client firm took my advice to talk to 3 other certifiers, discovered that my disgust was shared by all 3 others, and have now switched. But you're right, you can't do it without top management support - as with just about anything else you care to think about.
Was a customer complaint raised? Did corrective action follow?? Did pigs fly???

I want the emphasise to change from Management of Quality to Quality of Management.
GOOD IDEA! :applause:

Make the standard more process oriented. Details such as on how many and what processes must be identified and maped out shall be clear. Details on typical performance index (quality objective) and measurement can be more.
And another important thing is make management representative be a more clear and powerful position in organization, or define it directly as COO (Chief Operation Officer). :lol:

1 Remove silly Notes such as "a driver's manual is software".

2 Explain why things are required - eg why is a quality manual required.

I would like to have this standard FREE ;)

Was a customer complaint raised? Did corrective action follow?? Did pigs fly???

In this particular case, the latter I think .
Re. the client - they responded to the certifier/registrar's request for feedback. Let's just say that if I or any other customer-focussed business I can think of had got feedback like that (which was very politely & professionally expressed, but raised some serious concerns) I'd have been on the phone to them within 5 minutes. They haven't received any response whatsoever. Zip. Zilch. Zero. Nada. Nil.

But, is that always the case? No. It says a lot about that particular one (as did the standard of their auditors.) But I refuse to take that as representative of all auditing certifiers. I've complained to a different one: and got such a professional, concerned and overall satisfactory response that I was blown away, as well as seriously revising my opinion of them as an organisation. And, yes, corrective and preventive action occurred too!

:nopity:

OK, I'll get off my soapbox now.

My point? We can't & should not tar all auditing bodies (nor auditors) with the same black brush. It's too simplistic and not true.

I would like to have this standard FREE ;)

Sure. And I'd like free food, free wine, free housing, free everything.

No such thing as a free lunch.

And ultimately... with free, you gets what you pays for.

(I think the discussion got a bit off track above...)

#1
Rename 7.5 to read "Product" provision (or something like that). Many newbies think that since they don't provide "service after the sale" that many parts of 7.5 don't apply. (I saw a quote where the company wanted to exclude all of 7.5!...I'd like to have met their consultant!)

#2
The silly intro paragraphs like 8.1/8.5.1/6.1/5.1/4.1 (among others). Just put the text under the main number, don't make it a stand alone sub clause.

#3
Clarify 7.5.2

#4
Make 4.1's reference to "outsource processes" more than just a seemlingly note.

#5
Make 7.4.1 more user friendly (or at least to read).
(And, to all CB's, more easily excludable. What's a grinding shop have to buy except for off-the-shelf grinding wheels and lube? "Well, they've got to be buying something. Have they established "criteria for their phone and internet services? Fedex or UPS, Staples or Office Depot?")

#6
7.3.5-7.3.7
Oh, great for those in the chain declaring Chap 11 daily, but not "mom & pop" friendly!

#7
8.5.3 (ref 8.4 c)
If PA's are only valid if derived from data analysis regarding trends (which I agree with), put that portion in the paragraph!!

#8
4.2.3/4.2.4
Stress relevence to the QMS, product, and customer requirements. I've actually gotten an inquiry regarding the QP's posting not being controlled!
("Sorry, the cherry picker's broken and I really don't want five people holding a ladder while I check out the banner for its rev level!")
Seems finding uncontrolled docs/records is the tool for the auditing novice or conference room commando.

Madfox

The clause for 7.4 Purchasing needs to be reworded to eliminate the redundancy.

The clause for 7.4 Purchasing needs to be reworded to eliminate the redundancy.What redundancy?

Clause 4.2.1 is my pet hate - apart from d), everything is covered in more detail somewhere else. In my experience, it only causes confusion and/or gives lazy auditors somewhere to put NC's when they can't find the real clause.

Having said the above, I do like Note 2 - I think that helps organisations better understand why they can have a system which suits them.

Will versions CD and DIS will be available free in the internet as they were in the 2k standard?
:cool:

What redundancy?

clause 7.4.1 states "The organization shall ensure that purchased product conforms to specified purchase requirements"

clause 7.4.3 states " The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements"

correct me if I am wrong but does this not say the same? One or the other but unnecessary to state both.
Dave

clause 7.4.1 states "The organization shall ensure that purchased product conforms to specified purchase requirements"

clause 7.4.3 states " The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements"

correct me if I am wrong but does this not say the same? One or the other but unnecessary to state both.
Dave

C'mon, Dave, they're clearly different. 7.4.3 has more words. :read:

C'mon, Dave, they're clearly different. 7.4.3 has more words. :read:

Are you serious?

Are you serious?

I thought it unnecessary, but here's the missing smiley: :biglaugh:
Nonetheless, I'm willing to bet that if "the committee" were forced to choose between the two clauses they would opt for 7.4.3 on the basis of wordiness alone. That's pretty serious.

Will versions CD and DIS will be available free in the internet as they were in the 2k standard?
:cool:Even the WD's, DIS's, FDIS's are copyrighted documents. So, in principle they can not be freely distributed.

clause 7.4.1 states "The organization shall ensure that purchased product conforms to specified purchase requirements"

clause 7.4.3 states " The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements"

correct me if I am wrong but does this not say the same? One or the other but unnecessary to state both.
Dave

The clauses cover some of the same ground but they are not the same in any way. Taking a simple example:

7.4.1 says the organization designs its systems to ensure the product it buys in meets its needs. That includes suplplier selection, purchasing processes and verification of the product (from 7.4.3). If the organization decides in 7.4.1 that it only buys from registered firms, only buys against a specification and monitors in house rejects then it could decide (in 7.4.3) that there is no need for incoming inspection.

Pretty much all the clauses are there for a purpose. We could all argue about the way the standard is put together (have a look at other threads for examples of how some Covers dislike the existing structure - and others defend it)

The clauses cover some of the same ground but they are not the same in any way.

:confused:

Pretty much all the clauses are there for a purpose.

But that doesn't mean that the purpose makes sense.

We could all argue about the way the standard is put together (have a look at other threads for examples of how some Covers dislike the existing structure - and others defend it)

Do you mean that we shouldn't want to improve it, or that it's beyond the abilities of mere mortals to make it better?

Look at it in terms of objective evidence. If 7.4.3 weren't there, would you audit any differently?

The WD2 of ISO9001:2009 states:

7.4.1 Purchasing process

Where purchased product has an effect on conformity to final product requirements, The organization shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control including the selection and evaluation applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.
To the extent applicable to the purchased product, The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization‘s requirements. Criteria for selection, evaluation and re-evaluation shall be established. Records of the results of evaluations and any necessary actions arising from the evaluation shall be maintained (see 4.2.4).
a) evaluate and select suppliers based on their ability to supply product in accordance with the organization‘s requirements
b) establish criteria for selection, evaluation and re-evaluation
c) maintain records of the results of evaluations and any necessary actions arising from the evaluation (see 4.2.1 e).

7.4.2 Purchasing information

Purchasing information shall describe the product to be purchased, including where appropriate
a) requirements for approval of product, procedures, processes and equipment,
b) requirements for qualification of personnel, and
c) quality management system requirements.
The organization shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier.

7.4.3 Verification of purchased product

The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.
Where the organization or its customer intends to perform verification at the supplier‘s premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information.

The clauses cover some of the same ground but they are not the same in any way. Taking a simple example:

7.4.1 says the organization designs its systems to ensure the product it buys in meets its needs. That includes suplplier selection, purchasing processes and verification of the product (from 7.4.3). If the organization decides in 7.4.1 that it only buys from registered firms, only buys against a specification and monitors in house rejects then it could decide (in 7.4.3) that there is no need for incoming inspection.

Pretty much all the clauses are there for a purpose. We could all argue about the way the standard is put together (have a look at other threads for examples of how some Covers dislike the existing structure - and others defend it)
Paul

Some might argue that "shall establish and implement the inspection ... activities necessary..." (7.4.3) implies that there is a need for such activities. "Any necessary actions" is commonly used elsewhere, which gives the user some discretion.

The WD2 of ISO9001:2009 states:
7.4.2 Purchasing information

Purchasing information shall describe the product to be purchased, including where appropriate
...
c) quality management system requirements.


Anyone prepared to say what this means? Is it something to do with the QS of the supplier, or some (unspecified) requirement of the organisation's QS, or ...? Should it not be more specific?

Anyone prepared to say what this means? Is it something to do with the QS of the supplier, or some (unspecified) requirement of the organisation's QS, or ...? Should it not be more specific?This requirement has been there for a long time. Some regulatory issues might force quality system requirements. Example several of the CE-Mark related European Directives.
Another example, a supplier outsourcing a heat treat process to require the supplier to be NADCAP accredited.
Another example yet, a purchaser of calibration services might require their lab to be ISO 17025 compliant.

:confused:



But that doesn't mean that the purpose makes sense.



Do you mean that we shouldn't want to improve it, or that it's beyond the abilities of mere mortals to make it better?

Look at it in terms of objective evidence. If 7.4.3 weren't there, would you audit any differently?

Either your IQ is on the slide or you're just being argumentative, Jim.

I tried to put comments against your "points" but couldn't do the usual cut and paste for some reason. So I'll just have to risk confusing you further by responding in a list.
What is so confusing? I chose not to insult anyone's intelligence by emphasizing the some but clearly should have identified that the scope and coverage of the two clauses is very different.

The bit you left out of your quote was where I went into how 7.4.1 covers a wider scope (at the planning stage) and 7.4.3 is about immediate activities when the goods arrive.

Any clearer? :cool:
Purpose to my mind means there is sense - otherwise it fulfils no purpose - if you have any examples?
Mere mortals - interesting choice of phrase ... As mere mortals we can have as many discussions about the structure and layout as we like both here, in our workplace or around the ISO table.

My point is that in the end it doesn't matter - we just have to work with the end result.
In answer to your question - probably yes. Because the inclusion of this clause forces organizations to think about how they verify incoming product meets their needs they tend to have some things in place that they might not have if the requirement was not there (please excuse emphasis, sometimes I have to explain). Without this clause the auditing of 7.4.1 is more open.

Anyone prepared to say what this means? Is it something to do with the QS of the supplier, or some (unspecified) requirement of the organisation's QS, or ...? Should it not be more specific?

It is precisely to do with the suplier's QMS. I echo what Sidney has said. It gives the purchasing organization an opportunity to say exactly what they want as the supplier makes the part / supplies the service for the products/services they are buying. For example they can re-emphasize the need to apply ISO 9001 for the contract, they can ask for certificates of conformance / SPC (depends how much credence you give to these).

Anyone used this element in the real world?

It is precisely to do with the suplier's QMS. I echo what Sidney has said. It gives the purchasing organization an opportunity to say exactly what they want as the supplier makes the part / supplies the service for the products/services they are buying. For example they can re-emphasize the need to apply ISO 9001 for the contract, they can ask for certificates of conformance / SPC (depends how much credence you give to these).

Anyone used this element in the real world?
Paul and Sidney

I agree that all these examples make sense - I am questioning whether the wording of the standard is clear to a new reader (bearing in mind the thread topic...)

Paul and Sidney

I agree that all these examples make sense - I am questioning whether the wording of the standard is clear to a new reader (bearing in mind the thread topic...)

Problem is standard wording isn't designed for the new reader - only old duffers like me. My point (No. 1) was that unless you delve into the meaning of the clause and understand why it is there you can't say that it doesn't belong.

Point No. 2 was that we can argue about wording but in the end it is a matter of opinion. There are plenty of barrack rooms lawyers around who can find their way out of a clear requirement - never mind one that is worded in a friendly fashion.

You only have to look at legalese to see how hard some people try to make wording bulletproof.

Perhaps there is another way - I'm sure the Cove will be the place to discuss!

Dear folks What would you add or amend in the upcoming ver of ISO 9001:2008?
Besides what has been suggested in response to original question, I have the following two cents to add:
I find the standard still lacking in its direct relevance to non-manufacturing areas. For example, its interpretation and application to a 'distribution' business require an expert in ISO 9000 that every (particularly) small company cannot afford.
ISO 9000 registeration process should require a self assessment proforma that should include reference to evidence or justification in support. This might help improving the integrity aspect of the process.

Besides what has been suggested in response to original question, I have the following two cents to add:
I find the standard still lacking in its direct relevance to non-manufacturing areas. For example, its interpretation and application to a 'distribution' business require an expert in ISO 9000 that every (particularly) small company cannot afford. The 2000 Edition of ISO 9001 had, as one of the primary goals, minimize the manufacturing slant in the document. I believe that they succeed, to an extent. ISO 9001 implementation will always require interpretation, no matter what business sector the organization is in. It is a natural consequence of having an international standard, which attempts to be universal in it's application target.

ISO 9000 registration process should require a self assessment proforma that should include reference to evidence or justification in support. This might help improving the integrity aspect of the process.Oh, but it does. It is called INTERNAL AUDIT. :cool:

As a third party auditor I think the new pair of 9001 standard should make more clear terms as QMS processes.
I guess there are a few reasons for confusion in ISO 9001:2000.
The first suggestion about the QMS processes we found in the Note of 4.1 clause. The processes recommended are almost the same as chapter 5 - 8 of the standard. “Almost” because the name of the processes in the Note are slightly different then the name of chapters. The matching of the processes in the Note with the chapters is suggested also by the figure 1. So we have all the reasons to believe that processes of the QMS are actually the chapters 5 to 8 of the standard. But I wouldn’t consider “Management responsibility” a process. Inputs, outputs of an activity and measurable criteria define a process. I see chapter 5 as a requirements clause to comply with. Of course I audit what I find at clients, but I'm not satisfied, as most of management analyses - the part of internal audit at top management - are obviously fake. How many top managers let themselves realy audited by a subordinate or a group of...?
I think what is interesting is expanding the 7th Chapter (product realization). Why? As long as we are aloud to consider exclusions limited to requirements within clause 7, it means the other chapters (processes) should look the same in all organizations in the world. So why should we bother to represent them in a map (or some other method)? I found in www.bin.co.uk the Process Classification Framework. I like it very much and it seems to be inspired from the real business world. I found also on the Internet a very challenging point of view regarding what I am concerned about (I can't remember where, maybe right here, maybe the ideea belongs to Mr. Jim Wade I'm not sure). The figure 1 represents the linkages between chapters of the standard not the processes. I guess is right. If this is also the ISO’s point of view it means the representation in figure 1 and the Note of 4.1 it is not the best solution. I found a large variety of QMS processes maps. On the Internet the most often found solution for identification of processes and map representation is the Figure 1 of the standard expanded in a deeper detail.
Then we know also that if we seek improvement we should take into account the "should" 's in 9004:2000, which recomend us to consider the processes as key processes and support processes. Nice and very academic but I found many beginners asking me "which way? the four kind of processes from 9001 or the two from 9004?"
The best way to figure out if the solution of the establishment of processes is good or bad is the integration of QMS with other management systems, like BS 7799. But how many companies have this luck?
If we want to develop theories in quality management we can do it in books, but I guess a standard should be more specific.
Concluding: I would emphasize the importance of processes subject of chapter 7 in the actual version of standard.
I would like to emphasize that this is not only my dilema, but rather debates meet at tens of clients.
Can you comment?

Florin Pirvulescu, Romania

Can you comment?Looks like you and the tens of clients can gain some insight through the APG website, with emphasis on this document Identification of processes (http://isotc.iso.org/livelink/livelink/3554119/APG-IdentifyProcesses.doc?func=doc.Fetch&nodeid=3554119)which links to N544 ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach (http://isotc.iso.org/livelink/livelink/3554880/Process.doc?func=doc.Fetch&nodeid=3554880) where it is stated:

- Processes for management of an organization. These include processes relating to strategic planning, establishing policies, setting objectives, providing communication, ensuring availability of resources needed and management reviews.

- Processes for managing resources. These include all those processes for the provision of the resources that are needed for the processes for managing an organization, for realization, and for measurement.

- Realization processes. These include all processes that provide the intended output of the organization.

- Measurement, analysis and improvement processes. These include those processes needed to measure and gather data for performance analysis and improvement of effectiveness and efficiency. They include measuring, monitoring and auditing processes, corrective and preventive actions and are an integral part of the management, resource management and realization processes.

Thank you for your replay.
I found the documents since the time of their publication and there was good guidance for me. It doesn't mean a agree with them. I just implement them.
In my previous message I say the same thing as you did.
If a law is issued with some mistakes or the efects have not been fully initialy predicted, there are procedures for imediat revisions.
Unfortunately this not the case of ISO. We have to wait 8 years. 9001 or any other standard is a human creation, it is not perfect.
I saw solutions trying to integrate the four kind of processes with the two form 9004. In that way I guess the debate is getting far off the bussines.
Once again: the processes that bring added value are those from chapter 7.
Of course a minority (those thinking like me) has to comply with the majority's decision.
I am one of the Jim Wade's solutions upholders. Look for them. I found them more pragmatic..

Looks like you and the tens of clients can gain some insight through the APG website, with emphasis on this document Identification of processes (http://isotc.iso.org/livelink/livelink/3554119/APG-IdentifyProcesses.doc?func=doc.Fetch&nodeid=3554119)which links to N544 ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach (http://isotc.iso.org/livelink/livelink/3554880/Process.doc?func=doc.Fetch&nodeid=3554880) where it is stated:



Could be quite a challenge, though, given that section 1 of the paper "Identification of Processes" (Distinguishing between the concepts of a process and an activity) tells you what to do "If an auditee cannot distinguish between the concepts of a process and an activity..." and yet the ISO9000 definition of a process is "an activity using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process". Maybe it should explain what other types of activity there are...?

And Section 2 states that a process must have defined objective(s), although I cannot find where ISO9001 requires this. I am a strong believer in the need for the objective(s) of a process to be recognised (in fact, my definition of a business process includes the concept of an "objective") - but why "defined"? The "inputs" and "outputs" don't have to be defined for every process - but then I wouldn't define a process in those terms anyway.

PS I am making my first visit to the US on Monday - how cold is it in Chigago just now?!

Could be quite a challenge, though, given that section 1 of the paper "Identification of Processes" (Distinguishing between the concepts of a process and an activity) tells you what to do "If an auditee cannot distinguish between the concepts of a process and an activity..." and yet the ISO9000 definition of a process is "an activity using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process". Maybe it should explain what other types of activity there are...?

At some point the standards must assume that people will be able to think these things through for themselves. If an auditee can't be made to understand what a process is, there's a problem that ISO 9001 can't help. I suspect that sometimes the problem might not be the auditee, but rather an auditor who doesn't understand. There's a relationship in this regard between processes and documents with regard to control; sometimes the need for control can be argued, and in those cases, where the line isn't clear, the auditee should probably be given the benefit of the doubt so long as there is a clear line of reasoning involved.

And Section 2 states that a process must have defined objective(s), although I cannot find where ISO9001 requires this. I am a strong believer in the need for the objective(s) of a process to be recognised (in fact, my definition of a business process includes the concept of an "objective") - but why "defined"? The "inputs" and "outputs" don't have to be defined for every process - but then I wouldn't define a process in those terms anyway.
If inputs and outputs don't need to be controlled, then you're not dealing with a process in the sense that the word is used in the standard. It's a bit tautological; processes need to be controlled, and you identify a process by the level of control needed. Nonetheless, one man's ceiling is another man's floor. If two processes are chained together, then the requirements for output in the first process are the requirements for input in the second. That's a large part of the rationale behind the process approach--insuring that the outputs of process "A" meet the input requirements for process "B."

PS I am making my first visit to the US on Monday - how cold is it in Chigago just now?!
I live about an hour north of Chicago, and lived there for many years. The weather for the week is supposed to be fairly normal for this time of year, with temperatures in the mid-forties (F). They have a saying in Chicago, though: If you don't like the weather, stick around for an hour--it'll change. It's especially volatile this time of year and in the spring.

It is good that it can include more human resource elements.

David

I agree with Paul in that it covers the same ground (end purpose) but from different aspects.

7.4.1 focuses on the process and the supplier not the product. This is BEFORE you order.

7.4.3 basically says you check what you get (ie the product.) AFTER you get it (goods-in inspection in 1996)

7.4.1 is broader in that it does not just apply to the product. If a delivery is late it would still pass the 7.4.3 test but not the 7.4.1.

The reference to QMS in 7.4.2 means the purchaser could/should control IF/HOW the product is controlled by the supplier. A supplier may deliver conforming product (as verified in 7.4.3) without ever checking it. This would leave open a risk of getting a non-conforming delivery and cause potential delays in the product realization process which in turn may mean your quality to your customer suffers.

So basically we are saying make sure:

1) PROCESS - The process is right
2) SUPPLIER - The supplier is right and can supply
3) REQUIREMENT - What you order is what you (your customer) want
4) ORDER - The supplier knows what you want & the purchase terms
5) CONTROL - If needed, you control the product throughout the suppliers processes
6) DELIVERY - What you get is what you ordered

It’s all clear to me but this highlights a problem with the standard and maybe an option IS missing from the poll. We are all ISO professionals and are discussing what a few sentences mean. Surely it must be possible to change (not add/delete as per poll) the wording to make it clear to all. The structure could be better eg giving suppliers (Supplier Control) their own sub-clause.

Sure. And I'd like free food, free wine, free housing, free everything.

No such thing as a free lunch.

And ultimately... with free, you gets what you pays for.

Don't be such a pessimist. Some things are free like this forum for example.

But seriously, how can national governments (ie standards organisations)expect to improve the quality of the nations products (exports, revenues, jobs etc) or protect the environment when they charge for simply giving knowledge on how to do improve. I can understand a charge for printed documents but for electronic documents it scandalous. Imagine if they followe dthe same principle with everything eg charging for information on effective Aids prevention.

The standard should explicitly require assessing performance against established Quality Objectives as an input to Management Reviews.

It’s all clear to me but this highlights a problem with the standard and maybe an option IS missing from the poll.

Good suggestion: perhaps a poll on 'which section(s) need to be clearer'?

We are all ISO professionals and are discussing what a few sentences mean. Surely it must be possible to change (not add/delete as per poll) the wording to make it clear to all.

In many ways, I agree with you and think it would be highly desirable to have the wording 'make it clear to all'... But I honestly don't think it's entirely possible.

I've read or written (or heard) things that I think are crystal clear, and yet other people extract quite different interpretations.

Another example: huge amounts of time, effort & money (and extremely skilled people) argue what particular bits of legislation mean. Why would a generic Standard be different?

One person's ceiling is another person's floor, as Jim said -leaving aside the gender specifics :)

And then there's the quite massive amount of consultation, review and discussion and consensus required to get a Standard accepted and released. Lord save me from things written by a single Committee, let alone multiple ones! Sure, we argue what things mean, just as the various stakeholders involved in it.

I think that the Standard itself is no small miracle of achievement, reaching agreement on what the broad requirements are for a QMS, and the more I work with it, and see how useful it can be when applied & audited intelligently, the more I respect it.

Some things are free like this forum for example.

Hmm. In some ways, yes. In others, not.

But seriously, how can national governments (ie standards organisations)expect to improve the quality of the nations products (exports, revenues, jobs etc) or protect the environment when they charge for simply giving knowledge on how to do improve.


Agree that the charge for the Standards appears high.

There is a widespread belief that standards organisations and national governments are the same thing around the world, but this isn't so.

From the ISO website (http://www.iso.org/iso/en/aboutiso/introduction/index.html#two):

Who ISO is

ISO is a network of the national standards institutes of 157 countries, on the basis of one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.

ISO is a non-governmental organization: its members are not, as is the case in the United Nations system, delegations of national governments. Nevertheless, ISO occupies a special position between the public and private sectors. This is because, on the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations.

Hmm. No mentions of the Quality Policy. This will probably make me a pariah, but I’m on my soapbox to say: Remove any mention of a quality policy!

Like mission statements, vision statements, etc., a quality policy is pure academic drivel. In my experience there are three kinds of people working in any plant, anywhere:

1. Those who always have and always will care about quality – the success of both themselves and their employer is very important to them. These people have no need for a quality policy. It’s ingrained in their most basic methodology.

2. Those that never have given, and never will give, a rat’s behind about anything other than collecting the paycheck. These people have no need for a quality policy. They need to put J1 into P1 until 5 PM. They’ll be glad to recite it to your auditor, but it means nothing. They know this, as well as you.

3. People new to the workforce who have not yet adopted either of the above attitudes. These people have no need for a quality policy. The need to be exposed to as many real value-adding quality practices as they can get. What they don’t need is for the whole process to be trivialized by the existence of an obtuse policy that is little more than the subject of jokes around the plant. (Jokes that were born out of sheer reality – whatever these folks are, they’re not idiots and I can sing and dance very convincingly about the value of the policy – they’re not buying it.)

Now I know the academics and others who may audit quality systems but never have to assist in actually making a business function will be up in arms about my assertions here. Granted, I could carefully craft this into a detailed paper with data to back my assertions, but it’s Friday, I’m tired, and I finally decided to sit down and complain about the ridiculousness that is a quality policy. Flame me if you must, but I’d rather dissenters come over here to my plant, look at our processes, agree that our performance is world class, and THEN let’s go out on the floor and find someone who believes in the quality policy.

Ain’t gonna happen. Do they believe in the system? You bet, they helped build it. They know the results. The Policy? Who you kidding?

Tym “not nearly as pessimistic as that sounded” Tucker

Let me first clarify; I am not a 'theoratical' quality professional and have spent considerable time of my work life in handling practical situations including in manufacturing.

I think Tym has made a valid point: The taste of pudding is in eating it. A well thought over recipe, given by an experienced chef and having all resouces to cook it are not definite indicative of quality of final product. However, are these steps in preparation alongwith delibrate focus in effort with final output in mind not necessary? The expression of such directed, focused efforts is Quality Policy. I am pretty sure Tym's company has a policies to coordinate company operations to achieve the claimed successes. It does not have to be learnt by heart but all should understand it as ISO 9K-2K requires it.

Like mission statements, vision statements, etc., a quality policy is pure academic drivel.

Can be, but shouldn't be. Like anything else, the garbage in, garbage out rule applies. Meaning, if no one gives it a lot of thought, or it has no real meaning, heart & soul behind it, then I'm with you: it's drivel.

But I don't support throwing it out just because it's often badly done. Let improvement rule.

Over-riding principles (policy) are important. A short, clear and most of all real policy on quality is important, ie, what is the position that this company or organisation takes on quality?

Here's a couple of recent examples that did mean something to the companies, and which they can remember, and use to guide them:

Our members are our number one priority. (A non-profit professional organisation).

We care about the people who use our products (A company making industrial cleaning products).

Out with those 'blah... blah...' statements. OK, now I'll get off my soapbox too.:nopity:

Hmm. No mentions of the Quality Policy. This will probably make me a pariah, but I’m on my soapbox to say: Remove any mention of a quality policy! ....3. People new to the workforce who have not yet adopted either of the above attitudes. These people have no need for a quality policy. I agree with you, Tym. Having a quality policy, environmental management policy, information security policy, etc... is an archaic requirement. Do people need to have a policy statement to work in an ethical manner? My take on requirements for policies embedded in all these international standards is a well meaning intention to communicate to the work force that quality is a priority for the organization, but I believe that progressive organizations can accomplish that without having to have a "quality policy".Now I know the academics and others who may audit quality systems but never have to assist in actually making a business function will be up in arms about my assertions here....Flame me if you must, but ...I think you will be surprised to realize that many Covers are out of the box thinkers and question established "quality dogmas". I don't think your coment will be flamed. Probably the opposite.

I think you will be surprised to realize that many Covers are out of the box thinkers and question established "quality dogmas". I don't think your coment will be flamed. Probably the opposite.

There'll be no flames from this quadrant. Quality policies, as ISO requirements, are a huge waste of time. :agree1:

Quality policies, as ISO requirements, are a huge waste of time. Jim, this sentence can be read in more than one way. Do you mean that all ISO requirements are a waste of time?:confused:

Jim, this sentence can be read in more than one way. Do you mean that all ISO requirements are a waste of time?:confused:

Well, now that you mention it :notme::lol:

No, I meant to say that quality policies that exist solely due to ISO requirements are a waste of time.

I think the standard should be renamed. It is not about the quality, it is about the process effectiveness and efficiency. So, ISO 9001:2008 "Process Management Requirements" is good one.

In advance I apologize for the use of emphasis - I know it's shouting but sometimes my messages are reacted to directly without the understanding of what I'm trying to say - and no, I'm not getting at you, Sid. ;)
I agree with you, Tym. Having a quality policy, environmental management policy, information security policy, etc... is an archaic requirement. I can't agree with this statement. You have to look beyond the garbage output that results from the process (the laughable apeing of the particular standard that sits on the wall in reception and is ignored by all) and ask the question - why have the standard makers put the requirement in there in the first place? I believe the reason is simple - the standard requires that the organization's "top management .... provide evidence of its commitment to the development and implementation of the quality management system and continually improving its effectiveness by .... establishing the quality policy" because unless you can get the top team to think about what they want from quality and get them behind a system that is intended to meet the requirements of the standard, customer requirements etc., etc. then you don't stand a hope in **** of the system meeting the spirit of the standard - even if it does meet the letter because there is a framed pile of poo in reception.

Do people need to have a policy statement to work in an ethical manner? My take on requirements for policies embedded in all these international standards is a well meaning intention to communicate to the work force that quality is a priority for the organization, but I believe that progressive organizations can accomplish that without having to have a "quality policy". Strictly speaking no, we don't have to have one. But take it the other way - if you take out the requirement from the standard then it is another dilution of the involvement of the top management team in a system that relies on them for a lead.
I think you will be surprised to realize that many Covers are out of the box thinkers and question established "quality dogmas". I don't think your coment will be flamed. Probably the opposite. Well I'm just an old stick in the mud - I don't like the current output from the process that develops policies (sweeping generalization). I do think the requirement needs to stay in the standard though.

Perhaps we can just get the MD, CEO to take some responsibility for the contentrather than leave it to the "professionals" to make sure it ticks all the clause boxes for the auditor. I'd much rather see a policy that is non compliant with ISO but means something to the organization's employees than one that addresses all the shalls of ISO and is totally invisible except on the 6 monthly audit.

You can take this with a grain of salt. In a previous company, the corporate management conducted "vision" seminars with the entire supervision/management staff. The attempt was to brainwash.., uh uh, I mean to cast the corporate vision statement throughout the organization. In the seminar, the business consultants that lead the discussion mentioned the power of having a vision statement. They mentioned that a study was performed involving three groups of companies: 1) companies who had no vision statement, 2) companies who had a vision statement, but didn't live it, 3) companies who had a vision statement and lived it out in the daily operation of the business. The results of the study indicated the group 1 companies only had marginal growth of their business, Group 2 companies had moderate growth, but Group 3 companies has substantial growth.

I believe that it is important to have a vision statement or quality policy. A statement defines the management's direction, intentions, commitment, etc. As a company grows in size (employee count) it is important keep the herd going in the same direction. A vision statement, well crafted, will provide a common course to plot so everyone is headed in the same direction. But as they say, "the road to **** is paved with good intentions." Of course having a well crafted vision statement will get squashed like a bug, if it is not driven, enforced, supported by the management teams.

You can take this with a grain of salt. In a previous company, the corporate management conducted "vision" seminars with the entire supervision/management staff. The attempt was to brainwash.., uh uh, I mean to cast the corporate vision statement throughout the organization. In the seminar, the business consultants that lead the discussion mentioned the power of having a vision statement. They mentioned that a study was performed involving three groups of companies: 1) companies who had no vision statement, 2) companies who had a vision statement, but didn't live it, 3) companies who had a vision statement and lived it out in the daily operation of the business. The results of the study indicated the group 1 companies only had marginal growth of their business, Group 2 companies had moderate growth, but Group 3 companies has substantial growth.

I believe that it is important to have a vision statement or quality policy. A statement defines the management's direction, intentions, commitment, etc. As a company grows in size (employee count) it is important keep the herd going in the same direction. A vision statement, well crafted, will provide a common course to plot so everyone is headed in the same direction. But as they say, "the road to **** is paved with good intentions." Of course having a well crafted vision statement will get squashed like a bug, if it is not driven, enforced, supported by the management teams.


Every winning athlete - football, baseball, basketball, etc. has a driving, passionate "vision" of their goals. Without a vision, there is no success.

Now, whether corporate management actually believes and drives it to acceptance is left to them to decide. Winners claearly have a vision of where they want to go. Other than lotteries, I don't think any winner stumbles into the winner's circle.

They mentioned that a study was performed involving three groups of companies: 1) companies who had no vision statement, 2) companies who had a vision statement, but didn't live it, 3) companies who had a vision statement and lived it out in the daily operation of the business. The results of the study indicated the group 1 companies only had marginal growth of their business, Group 2 companies had moderate growth, but Group 3 companies has substantial growth.


This is the logical fallacy called "affirmation of the consequent," which takes the form "X implies Y, and Y is known to be true, therefore X is true." There is simply no good reason to believe that the existence of a "vision statement" is a causative antecedent.

This is the logical fallacy called "affirmation of the consequent," which takes the form "X implies Y, and Y is known to be true, therefore X is true." There is simply no good reason to believe that the existence of a "vision statement" is a causative antecedent.

Phew, you almost left me behind there Jim with your "causative antecedents" but I'm hanging in there! The trouble with any research (like that mlthompson refers to) is that complex arrangements like organizations cannot be distilled into nice neat A to B to C logic diagrams. But that doesn't mean that you don't do the research or bother with the results (or "buy" the first consultant who tells you about it).

You just have to look at its applicablility to your own organization (and the problems the opinion formers already realize are there) and then - if you feel it will give you something - implement it in a form that will work for your organization without diluting what you are trying to achieve.

The panacea is never a good solution to any problem.

You have to look beyond the garbage output that results from the process If the process does not accomplish the goal, you have to re-think it.why have the standard makers put the requirement in there in the first place? I believe the reason is simple - the standard requires that the organization's "top management .... provide evidence of its commitment to the development and implementation of the quality management system and continually improving its effectiveness by .... establishing the quality policy" because unless you can get the top team to think about what they want from quality and get them behind a system that is intended to meet the requirements of the standard, customer requirements etc., etc. then you don't stand a hope in **** of the system meeting the spirit of the standard - even if it does meet the letter because there is a framed pile of poo in reception. I already mentioned my understanding of the probable intention to have policies in place, but there are other ways to accomplish it. For example, without giving much thought to it, if we were to revise 5.2 of ISO 9001 to state:

5.2 Customer focus
Top management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction (see 7.2.1 and 8.2.1). Top management must communicate to the workforce the importance of delivering customer satisfaction. Such communication must be reinforced at defined intervals.

I think we accomplish the same without having to have this figure of a "quality policy", subject of jokes and meaningless discussions. If an organization needs to have a policy to define objectives and be reminded that they need to improve the effectiveness of their systems and processes, they don't deserve to be in business.

if you take out the requirement from the standard then it is another dilution of the involvement of the top management team in a system that relies on them for a lead. An organization that subscribes to several standards would have to have several policies: one for quality, one for the environment, one for safety, etc... That, in my opinion, dilutes the importance. When everything is a priority, nothing is. We don't need a policy for getting to work on time, to be polite, not to talk with our mouths full...In my estimation, having a quality policy statement does not make top management more accountable and involved with the QMS. It just distract attention from matters of significance.

We will disagree on this one.

Phew, you almost left me behind there Jim with your "causative antecedents" but I'm hanging in there! The trouble with any research (like that mlthompson refers to) is that complex arrangements like organizations cannot be distilled into nice neat A to B to C logic diagrams.
That might be true in many cases, but if it is, it's because there was no deliberate logic present in the design. Businesses are too often allowed to evolve on their own, which causes most of the problems we see. It's lack of leadership. Companies that are logically constructed--where correlation is never mistaken for causation, are the ones with the "vision statements" that are actually verifiable. The fact that they have vision statements makes people who don't want to accept the burden of leadership think that the container is equal to the thing contained, or that veneer=substance.

As for the "research": Let's say I choose 10 companies with "vision statements" at random, and elect to study them and find out if they "live out" their statements, and whether there is any significant difference in the profitability of the companies. We discover the Green Hat Corporation, and its vision statement that says,
We believe that in order to satisfy customers, provide jobs, and make lots of money, all of our employees must wear green hats.
We take a tour through the factory and offices, and indeed, all of the employees from the CEO on down are wearing green hats. We then have a look at the P&L statement, and sure enough, the performance of the Green Hat, Inc. is outstanding, and much better than any of the other nine companies we study, where there is no obvious evidence that vision statements are being lived out.

The inescapable conclusion: Companies who live out their vision statements will perform better than those who don't.


The panacea is never a good solution to any problem.

Panaceas are always efficacious, otherwise they wouldn't be panaceas. :cool:

Every winning athlete - football, baseball, basketball, etc. has a driving, passionate "vision" of their goals. Without a vision, there is no success.

Now, whether corporate management actually believes and drives it to acceptance is left to them to decide. Winners claearly have a vision of where they want to go. Other than lotteries, I don't think any winner stumbles into the winner's circle.

Could not agree more. Just because something is done badly on a number of occasions isn't an argument to entirely take it out of the Standard. It is an argument for a rethink, and look for ways to do it better.

No one stumbles blindly into success - every truly successful person talks of the importance of having a clear vision of where they want to be or what it will look like. Ditto companies.

A clear vision was one of the essential components of successful companies from Jim Collins' research (Built to Last, Good to Great, etc).

But I do agree with Jim: only having a policy because 'ISO says you gotta' usually doesn't work or work well. But then does just doing anything in there without any real understanding & appreciation of the importance underlying the requirement?? Isn't one of the things we're aiming to do is achieve real improvement?

Mostly, the arguments seem to be 'take it out because it isn't necessary/doesn't work'. What's the alternative? I like the suggestion of getting the company focussed on satisfaction - but doesn't the company occasionally, just occasionally, want to achieve some other things as well? What help would this provide to a company faced with a very real ethical dilemma: choose to make the customer happy & blow anything else?

That might be true in many cases, but if it is, it's because there was no deliberate logic present in the design. Is this the design of the research or of the organization itself? I presume from what goes below you mean the organization but please correct me if I'm wrong ....

Businesses are too often allowed to evolve on their own, which causes most of the problems we see. It's lack of leadership. But surely that is what organizations do - they evolve based on the culture that is evident to the workers - based on the leadership they see.

It is the old idea of motivation. I cannot motivate you but what I can do is create the environment where you find your own motivation.
Companies that are logically constructed--where correlation is never mistaken for causation, are the ones with the "vision statements" that are actually verifiable. The fact that they have vision statements makes people who don't want to accept the burden of leadership think that the container is equal to the thing contained, or that veneer=substance. I hope I have made the point earlier. Vision statements (or policy statements) without substance are not worth the paper they are written on. My point is that a policy statement that is seen to have had the involvement of the management team and is in line with what the organization's workers see and believe is an effective means of getting the employees on board.

As for the "research": Let's say I choose 10 companies with "vision statements" at random, and elect to study them and find out if they "live out" their statements, and whether there is any significant difference in the profitability of the companies. We discover the Green Hat Corporation, and its vision statement that says,

We take a tour through the factory and offices, and indeed, all of the employees from the CEO on down are wearing green hats. We then have a look at the P&L statement, and sure enough, the performance of the Green Hat, Inc. is outstanding, and much better than any of the other nine companies we study, where there is no obvious evidence that vision statements are being lived out.

The inescapable conclusion: Companies who live out their vision statements will perform better than those who don't. While your "simple" examples are clear, Jim, in this case I don't think they help the argument. I agree that people who jump on any bandwagon without thinking it through deserve to lose their hard earned money.

Panaceas are always efficacious, otherwise they wouldn't be panaceas. :cool: The problem is panaceas are not always an effective cure all! The original "Green hat" initiative worked for one organization and all the other companies who jump on the bandwagon have not understood how it works but think that by wearing green hats their P & L will magically improve

If the process does not accomplish the goal, you have to re-think it. I already mentioned my understanding of the probable intention to have policies in place, but there are other ways to accomplish it. For example, without giving much thought to it, if we were to revise 5.2 of ISO 9001 to state: For some reason your original idea didn't copy across but I take the point that it could be covered elsewhere in the standard. My own preference at this stage is to get the process of policy definition more part of system design (and assessment).

I think we accomplish the same without having to have this figure of a "quality policy", subject of jokes and meaningless discussions. If an organization needs to have a policy to define objectives and be reminded that they need to improve the effectiveness of their systems and processes, they don't deserve to be in business. So the problem is organizations have a "check box" idea about satisfying this clause of ISO - meet the letter of the requirement without addressing the spirit of top management setting the direction and (dare I say it) policy for the organization. Maybe we need to go back and retrain the auditors again to expect more evidence of involvement - above and beyond the signed statement in the pretty frame.

An organization that subscribes to several standards would have to have several policies: one for quality, one for the environment, one for safety, etc... That, in my opinion, dilutes the importance. When everything is a priority, nothing is. An organization need not have more than one policy but the danger of subscribing to multiple standards are that the commitment to all the standards does become diluted. Somewhere in the system (not necessarily hanging in reception this policy does need to be communicated to those who need to know. Most new employees have an induction and maybe that is the place for the policy to sit.

We don't need a policy for getting to work on time, to be polite, not to talk with our mouths full... OK, I take the points about simple basics but most of these ARE covered in employee codes of conduct where the organization defines its policy for how employees should behave when on company business.

In my estimation, having a quality policy statement does not make top management more accountable and involved with the QMS. It just distract attention from matters of significance.
This seems to be our main point of disagreement. I think the policy is important in that it demonstrates the organization's commitment to quality and you (IMHO) have seen that the process abused to such a degree that the output is rendered meaningless.
We will disagree on this one.
In a gentle and friendly manner as ever, Sid. :bigwave:

The problem is panaceas are not always an effective cure all!

That's like saying, "Green hats aren't always green." The statement is self-contradictory. Would-be panaceas are not often effective, but actual panaceas always are, or as I said, they aren't panaceas.

That's like saying, "Green hats aren't always green." The statement is self-contradictory. Would-be panaceas are not often effective, but actual panaceas always are, or as I said, they aren't panaceas.

OK, I was using the term in its commonly used form of "a supposed cure for all diseases or problems" having only checked the definition in Microsoft's Encarta dictionary - silly me, thanks Bill! :bonk:

I accept that the true Oxford English definition is that it is an actual cure all. My apologies - I should have known better than to try to correct your use of English!:truce:

Any substantive contributions to the debate, anyone?

OK, I was using the term in its commonly used form of "a supposed cure for all diseases or problems" having only checked the definition in Microsoft's Encarta dictionary - silly me, thanks Bill!

If you're going to use an online dictionary, I recommend either American Heritage (http://www.bartleby.com/61/) or Merriam-Webster (http://www.m-w.com/dictionary), in order of preference.

The difference between the almost right word and the right word is really a large matter—'tis the difference between the lightning bug and the lightning. Mark Twain

I accept that the true Oxford English definition is that it is an actual cure all.
As long as you've got access to the OED, you're all set. :read:

Any substantive contributions to the debate, anyone?
Gratuitous dig noted.

Any substantive contributions to the debate, anyone?

No, actually you guys burnt me out on the topic 20 replys ago.

Fair comment - point taken.

...In my estimation, having a quality policy statement does not make top management more accountable and involved with the QMS. It just distract attention from matters of significance.

[/LEFT]

Thanks, Sidney. What you say here is the basis for my opinion that QP's should be yanked. The goal of a business is to make money. If a business is pursuing ISO registration, it can reasonably be assumed that they understand how a well organized business system increases their chance of success. I would say that it also stands that anything they would include in a policy - "to provide the highest possible quality of products and services," etc., - is probably part of their overall company culture. I'm fortunate to say that this is true of my organization. We can't help but look at the policy statement on the wall and say "Well, duh!" If this isn't the case in a company, then that indeed tells me that their policy is nothing more than lip service to the standard.

That said, I also should point out that I think broadcasting statements through posters and such throughout the plant that speak to the importance of everyone's contribution and how it affects the success of the company - a passive form of empowerment, if you will - has great value. I simply don't like the idea of these things being "regulated" by a standard. I don't care for one static policy statement being considered the cornerstone of the system. It's the message behind it that counts. I may want to reword the message every six weeks and put up new posters to remind people that the system is alive and dynamic. I don't want to go through the steps of revising, re-auditing, etc. every time. I don't want my Quality Manager spending time training folks how the new statements align with the objectives. It's like telling cheerleaders that they must ensure that their routines align with the goals of the team. How ridiculous! It's about morale and getting buy-in throughout the organization - an understanding that success comes from happy customers and happy customers come from the work they are doing and the way they do it. It's not about pointing to an obtuse object perched high on a pedestal and making sure everyone pays homage. :bonk:

Tym

There is a clause that I have noticed in other standards that could be added in the new standard & that is " Is your organization legally identifiable?

There is a clause that I have noticed in other standards that could be added in the new standard & that is " Is your organization legally identifiable?

I know most certification bodies require this of their customers as part of their terms and conditions - what purpose would it have in the standard?

Make the standard more process oriented. Details such as on how many and what processes must be identified and maped out shall be clear. Details on typical performance index (quality objective) and measurement can be more.
And another important thing is make management representative be a more clear and powerful position in organization, or define it directly as COO (Chief Operation Officer). :lol:

Go TS16949-processes maps are more prescriptive.

In my opinion , there should be something to be added for Auditing and controlling the Finance process, finance people are always making criticism to the quality system :argue: , they should be invovled in this .



what I think that it should be substracted is the concentration on Analysis of suppliers performance, evaluation and reevaluation of their performance is enough sometimes for small companies , see subclause 8.4 d

I would ask here a question ,why we sometmies find a certified ISO 9001:2000 companies without any kind of credibility ? who is resposible for that ?in our region there is a lot of examples ?
we are expecting from the new standard to help in minimizing such cases

Samer

Do we really need to add accounts in ISO 9001 standard.
Surprisingly, ISO 17020 which calls for independent audited accounts.:confused:

How about a real different opinion. I don't want any changes. Why? Because any changes will not improve the quality performance of my organization, and any change will require a lot of non value work to meet them. Let's be clear organizations who want a good quality system really don't need changes to the standard to get one, and those who just want a certificate can simulate a good system well enough to get one!!!

I don't want any changes. Your wish has been granted.:magic:

There will be no substantial/significant changes in the ISO 9001:2008 document, compared to the 3rd Edition of the standard.

Thanks, Sidney. What you say here is the basis for my opinion that QP's should be yanked. The goal of a business is to make money. If a business is pursuing ISO registration, it can reasonably be assumed that they understand how a well organized business system increases their chance of success. I would say that it also stands that anything they would include in a policy - "to provide the highest possible quality of products and services," etc., - is probably part of their overall company culture. I'm fortunate to say that this is true of my organization. We can't help but look at the policy statement on the wall and say "Well, duh!" If this isn't the case in a company, then that indeed tells me that their policy is nothing more than lip service to the standard.

<snip>


Tym

The QP should be part of the culture, but the assessors often want it to be "Motherhood and Apple Pie" instead. An example I can think of is a company I did a lot of business with, because they always got the job I needed done. Their Quality Policy almost kept them from getting registered, although IMHO, it was what made them great. The QP? "We make it fast, cheap, and just good enough!" They were a prototyping house, and specialized in turning around a functional prototype to your needs overnight and inexpensively. It would be a kludge, but it would be functional.


Geoff Withnell

I know most certification bodies require this of their customers as part of their terms and conditions - what purpose would it have in the standard?

Then why other standards requires organizations to be legally identifiable. e.g. ISO 17020?:thanks:

Then why other standards requires organizations to be legally identifiable. e.g. ISO 17020?:thanks:

Pretty much because this is a standard written by the accreditation bodies. They have an obsession with trying to think of every eventuality and try to "standardize it out."

Or as I have written elsewhere about ISO 17021 - "A badly written standard developed on the basis of mutual distrust"

Or as I have written elsewhere about ISO 17021 - "A badly written standard developed on the basis of mutual distrust"[/QUOTE]

I could not get your point!

I could not get your point!

The points are fairly simple (though not necessarily agreed by all!)
ISO 17021 is a badly written standard.
The people that wrote it are (mainly) accreditation bodies
The people that wrote it do not trust certification bodies
They think that by writing a lot of "what if" requirements into the standard they will control the certification industry

1.The people that wrote it do not trust certification bodies
2.They think that by writing a lot of "what if" requirements into the standard they will control the certification industry
I guess many certification bodies provide a lot of reasons for not being deemed trustworthy. Unfortunately the same standard will apply to intrinsically ethical and intrinsically unethical CB's.

I guess many certification bodies provide a lot of reasons for not being deemed trustworthy. Unfortunately the same standard will apply to intrinsically ethical and intrinsically unethical CB's.

:topic:The problem (IMHO) is that some people believe that if you put all the "How could a CB behave irresponsibly / unethically?" into a document or (in the case of accreditation) a whole series of standards, "mandatory documents" , interpretations, guidelines .... then automagically certification will be wonderful.

It is the same as for all systemic problems. The parties need to sit down and discuss how it is not working and, most important get competent auditors out there auditing CB practices - not shut in a darkened room arguing over the interpretation of a guideline written around a poor standard.

My high horse seems to have bolted. :lol:

I think the biggest problem is related to what really means to validated a Quality company: Clients Satisfaction rates. With ISO 9001, the registered company is responsible for delivering it ...most of them show "fake" results. ISO 9001 should have (like SA 8000) a kind of committment...each company should deliver to its supplier their satisfaction rates officially and those who fake should lose their register.... Here in Brazil we call these fake as "make up" and I can tell you that companies produce more make-up than Avon....!!

I think the biggest problem is related to what really means to validated a Quality company: Clients Satisfaction rates. With ISO 9001, the registered company is responsible for delivering it ...most of them show "fake" results. ISO 9001 should have (like SA 8000) a kind of committment...each company should deliver to its supplier their satisfaction rates officially and those who fake should lose their register.... Here in Brazil we call these fake as "make up" and I can tell you that companies produce more make-up than Avon....!!

Hence the question I always ask my Clients: "Do you want to look good, or be good?" There is a difference.....;)

Stijloor.

These are my proposal for the 9001:2008 version

1. MR must be handled by Technical and experienced person.It cannot be handled by others who are not familiar of process control plan..maintenance,calibration ,design,sales and marketing and logistics.It can easily learned through books and info in internet but an army who is in the battle feels what he feels.An office army writes what he feel.

2. External auditors must include the owner of company during audit for immediate implementation and action.

3. Eliminate direct members of family handling main dept in the company.9001:2008 cant be implemented unless the company were group of experienced and talented outsiders.

4. Competency of External auditors must be included in the clauses to verify that he doesnt use an old and antique checklist and guidelines during audit.

:cool:

These are my proposal for the 9001:2008 version

1. MR must be handled by Technical and experienced person.It cannot be handled by others who are not familiar of process control plan..maintenance,calibration ,design,sales and marketing and logistics.It can easily learned through books and info in internet but an army who is in the battle feels what he feels.An office army writes what he feel.

2. External auditors must include the owner of company during audit for immediate implementation and action.

3. Eliminate direct members of family handling main dept in the company.9001:2008 cant be implemented unless the company were group of experienced and talented outsiders.

4. Competency of External auditors must be included in the clauses to verify that he doesnt use an old and antique checklist and guidelines during audit.

:cool:

Like 'em all except no. 3. Granted, this alone would fix a lot of problems in a lot of companies! LOL. But back to reality, don't try to tell anyone how to run their business.

I agree in principle that top management should be present in the opening and closing meetings with auditor. By sending MR only as is the case often or a junior colleague, the top management do not demonstrate their Committment to the development and improvement of of the QMS. It may help to add this requirement in the list of evidences required for compliance with the clause 5.1 'Management Commitment'!

Having said that, I think it is too late to make these suggestions as the final draft is being put for final vote and the Standard is planned to be out in the next few months (October/November).

Sajjad

I agree in principle that top management should be present in the opening and closing meetings with auditor. By sending MR only as is the case often or a junior colleague, the top management do not demonstrate their Committment to the development and improvement of of the QMS. It may help to add this requirement in the list of evidences required for compliance with the clause 5.1 'Management Commitment'!

Having said that, I think it is too late to make these suggestions as the final draft is being put for final vote and the Standard is planned to be out in the next few months (October/November).

Sajjad

I don't think the absence of a positive always equals a negative. In other words, just because a CEO doesn't attend opening/closing meetings doesn't mean something bad has happened or theat the CEO isn't adequately committed. There's something to be said for proper elegation of responsibility and authority, and unless there's evidence of lack of commitment that extends beyond attendance at meeting, it shouldn't be an issue.

I agree in principle that top management should be present in the opening and closing meetings with auditor. By sending MR only as is the case often or a junior colleague, the top management do not demonstrate their Committment to the development and improvement of of the QMS. It may help to add this requirement in the list of evidences required for compliance with the clause 5.1 'Management Commitment'!

Having said that, I think it is too late to make these suggestions as the final draft is being put for final vote and the Standard is planned to be out in the next few months (October/November).

Sajjad

Sajjad,

Look at this post and attachment associated with "Top Management Commitment (http://elsmar.com/Forums/showpost.php?p=210295&postcount=2)." The attached (audit) questionnaire may help you to assess "compliance" to this requirement.

Stijloor.

Having said that, I think it is too late to make these suggestions as the final draft is being put for final vote and the Standard is planned to be out in the next few months (October/November).

SajjadPlease note that such type of "requirements" would never be in the ISO 9001 Standard, which is totally dissociated with the conformity assessment & certification process. At best, this could be in the ISO 17021 and ISO 19011 documents.