External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

There is no specific requirement to have a copy of the standard. There are, however, requirements for handling "documents of external origin." See 4.2.3(f) that says,
A documented procedure shall be established to define controls needed...to ensure that documents of external origin are identified and their distribution controlled...
Added in edit: There still could be a question of whether 4.2.3(f) is applicable, if there's no requirement to have a copy of the standard to begin with.

When posting a question about an auditor's finding, it's always helpful to provide a verbatim transcript of the finding. The auditor should have included specific reference to the requirement in question. If he/she didn't provide it, you should ask for it.

This was previously discussed at "Licensed" copy of ISO 9001 Standard During Audit - Has an Auditor Asked for Proof ? (http://elsmar.com/Forums/showthread.php?t=17927)

As Jim said - can you post the verbatim NC?

Is the NC based on what your system requires or the ISO standard?
Do you control other standards? ASTM, ANSI, EU directives, etc? If so and you don't control ISO9001 then I would also write at least an observation.

If you have a procedure that says you have current copies of all reference standards, then there's definately an NC.

If it's just the ISO standard he's referencing then I might argue to make it an OFI and cough up a few bucks for a legal copy once the next rev comes out.

If you have a procedure that says you have current copies of all reference standards, then there's definately an NC.

Not if the copy they have is current.

Not if the copy they have is current.

isn't the purpose of a controlled document to ensure currency?
And their copy is uncontrolled...

As i have not been exposed to ISOs for that long maybe my experience is limited (well yes it is but..) I was under the impression that Standards were not that fluid. That is to say they would not change every day. There may be an addition (not sure if that happens) otherwise if there are a lot of new elements would this not constitute a whole new Standard (a formal re-release of the standard)??

I dont see how likely it would be that the Standard is out of date (apologies if this comes across as stupid - i just see the Standard as almost biblical - and unchanging until the new 2008 comes out).

Possibly as you have mentioned earlier it may be that the NC relates to the handling of the document. But that is just my opinion:notme:

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

I´d have to agree with Jim saying 4.2.3 f) but honestly I would not give you an NC for it... I´d be looking for more substantial things "wrong" that would actually benefit your Quality Management System and therefore, your organization ($$)

isn't the purpose of a controlled document to ensure currency?
And their copy is uncontrolled...

Your original statement was:

If you have a procedure that says you have current copies of all reference standards, then there's definately an NC.

My response was that if the procedure says that there have to be current copies of all reference standards, and their copy of ISO 9001 is current, there's no violation. There's a difference between saying that all standards must be current versions, and saying that there is a process for verifying currency. If you say the latter and there's no process, or no evidence that it's effective, there's a possible violation.

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.Would you like to turn the table? Ask the auditor to prove his/her copy of ISO 9001 is "original" as well....:tg:

This was previously discussed at "Licensed" copy of ISO 9001 Standard During Audit - Has an Auditor Asked for Proof ? (http://elsmar.com/Forums/showthread.php?t=17927)

I think it was covered here...by the way Snagit is a great tool for copying and distributing those annoying single license electronic versions....like the AS9100...ect...:D

Your original statement was:


My response was that if the procedure says that there have to be current copies of all reference standards, and their copy of ISO 9001 is current, there's no violation. There's a difference between saying that all standards must be current versions, and saying that there is a process for verifying currency. If you say the latter and there's no process, or no evidence that it's effective, there's a possible violation.

I'd like you to debate that with my registrar because he hits us over the head every visit to make sure we have a process for verifying currency of all standards we reference periodically.

I'd like you to debate that with my registrar because he hits us over the head every visit to make sure we have a process for verifying currency of all standards we reference periodically.
Have your people call my people. :tg:

I have a copy of The Standard Interpretation. It has the original verbiage of the Standard noted with "plain english". How would an auditor asking for our copy of the Standard view that?:confused:

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

My question is why would you bring out an uncontrolled copy of the Standard during an Audit?

See the posts in this thread that addresses Reference Only:

http://elsmar.com/Forums/showthread.php?t=27936

4.1 General requirements
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard

The organization shall
a) identify the processes needed for the quality management system and their application throughout the organization (see 1.2),
b) determine the sequence and interaction of these processes,
c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
d) ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
e) monitor, measure and analyse these processes, and
f) implement actions necessary to achieve planned results and continual improvement of these processes.

These processes shall be managed by the organization in accordance with the requirements of this International Standard

You have to have it to do it.

4.1 General requirements
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard

The organization shall
a) identify the processes needed for the quality management system and their application throughout the organization (see 1.2),
b) determine the sequence and interaction of these processes,
c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
d) ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
e) monitor, measure and analyse these processes, and
f) implement actions necessary to achieve planned results and continual improvement of these processes.

These processes shall be managed by the organization in accordance with the requirements of this International Standard

You have to have it to do it.

A hypothetical: "the organization" has done all of that stuff and then burns its only copy of the standard. The system is compliant. Is there a nonconformity due to absence of a copy of the standard? If so, on what basis?

The system is compliant. Is there a nonconformity due to absence of a copy of the standard? If so, on what basis?

I'd start with 8.2.2....

8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard....

How would you audit it without it?

I'd start with 8.2.2....

8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard....

How would you audit it without it?

In the hypothetical situation, I specified that all requirements have been met. It doesn't matter how it gets done, so long as it does get done.

Mind you, I realize that having a copy of the standard is a good thing, and I'm not adovocating setting fire to them. I'm simply saying that there is no explicit requirement to have a copy. Implicit requirements are subject to personal interpretation, and that's not a good place for external auditors to go.

Have your people call my people. :tg:

:lmao:
External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

My answer is no.

Depending on the scope of the audit, I question whether the auditor needed to be worried about the originality of the standard. That seems to be a little of a policing action.

If the answer is yes, then is the auditor licensed to perform more fishing expeditions? What about the software used for all the applications?

Until the standard has a specific clause to address "having an original copy of the standard (with a receipt of purchase:tg:), then I would challenge the finding.

Why spend $$$$ on the rest of the program, and not have the source document for it all? I would purchase the standard.

How would an auditor asking for our copy of the Standard view that?:confused:As you can tell by the diversity of opinions, there is no way to predict how an auditor would see your situation. Some probably would not even bother to ask you about it. Others might issue you a MAJOR non-conformity.

Some auditors believe they have been invested as ISO-cops. But, if this is their take on value added audits, I feel sorry for both of you.

I'm simply saying that there is no explicit requirement to have a copy. You're correct


Implicit requirements are subject to personal interpretation, and that's not a good place for external auditors to go. I never interpret...ask around....and as for places that wouldn't be good for an external to go....I'll leave this unsaid;)


I know where your going and to tell the truth I don't think I've asked if anyone has a copy of the standard in any audit I've done because folks normally have been cognizant enough to have their own copy and it wasn't that high on my list of priorities of the things to be concerned about. I'm concerned with the real deal stuff.

I'd suggest that not only is a copy required - as design criteria for the system originally - but to ensure (compliant) maintenance of the system as it develops. I have been to organizations who have allowed their systems to 'go off the rails', and without the same (original) design criteria available, that deviation from the original intent would be difficult to detect.

Using my analogy, I rather doubt that once a company had designed its product and released it into manufacturing etc., that the design function would torch the drawings or the criteria used to guide the design.

I'm afraid that Jim's hypothesis won't cut it in real life...........well, maybe in Wisconsin it will......:notme:

I'd suggest that not only is a copy required - as design criteria for the system originally - but to ensure (compliant) maintenance of the system as it develops.

Great--show me the "shall."

Great--show me the "shall."

4.1 General requirements
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard. Show me the requirements...


4.2.1 General
The quality management system documentation shall include…d) documents needed by the organization to ensure the effective planning, operation and control of its processes,How can the QMS be planned without the necessary document to do so? If you don't know what it is, how do you know you've done it?



4.2.4 Control of records
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. ISO 9001 is a record that provides the evidence of what the requirements of a QMS established to it are.



ISO 9001 is no different from any other requirement an organization must meet customer or otherwise that can have an effect upon product conformity or customer satisfaction (Let's not even play the silly "It's voluntary game")...Show me what it is and show me how you have met it.

In the hypothetical situation, I specified that all requirements have been met. It doesn't matter how it gets done, so long as it does get done.I agree with Jim. I answered this question elsewhere when discussing changes to the latest edition (2008). IMHO there is no specific requirement that states an organization that invites you in to assess their QMS against a standard has to have a copy of the standard.

Perhaps if people spent more time looking at the spirit of the requirements rather than the letter of the document we would have better systems? :notme:

Mind you, I realize that having a copy of the standard is a good thing, and I'm not adovocating setting fire to them. I'm simply saying that there is no explicit requirement to have a copy. Implicit requirements are subject to personal interpretation, and that's not a good place for external auditors to go. Again agreed. (This must be a record! :lol:).

Speaking for myself I would always want a copy of the standard to read it and understand the requirements and I am always more confident at the start of an assessment if the MR has a well thumbed copy of the standard - with notes in the margins!

:lmao:


My answer is no.

Depending on the scope of the audit, I question whether the auditor needed to be worried about the originality of the standard. That seems to be a little of a policing action.

If the answer is yes, then is the auditor licensed to perform more fishing expeditions? What about the software used for all the applications?

Until the standard has a specific clause to address "having an original copy of the standard (with a receipt of purchase:tg:), then I would challenge the finding.

Why spend $$$$ on the rest of the program, and not have the source document for it all? I would purchase the standard.
I would like to post the real statement in the NCR issued by the Auditor:

"Internal Audits are found to be carried out without referring to the approved (licensed) copy of the ISO Standard. Also, it is found that ISO and all international standards like ASMI,ASTM Codes are listed by the organisation as external documents which has to be controlled as per the document control procedure. However, Internal Auditors were found to be carried out the audits with respect to current version of ISO Standards but with uncontrolled copy"

Here is the verbal explanation given by the auditor during closing meeting :

" Since,the organisation is using uncontrolled copy of ISO Standard for auditing the QMS,it shows it wont be updated if the new revision comes in the future" Also, the system fails to control the documents of external orgin. He defined the standard as a quality record which should be maintained as a controlled copy. This is a Minor Non conformance.
Please comment on his statement,

But,as an auditee,i feel it is a nit picking excercise.. but i agree that i didnt control the iso standard since it is a document of external orgin,

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

It's 4.2.3 e) (actually, the Auditor should have referenced that clause in the NC).

If you are seriously expecting/wanting certification to ISO 9001, it is a reasonable expectation that you should have a current copy of the current Standard. And your Document Control procedure should cover how you control documents of external origin, such as the Standard.

" Since,the organisation is using uncontrolled copy of ISO Standard for auditing the QMS,it shows it wont be updated if the new revision comes in the future" Also, the system fails to control the documents of external orgin.

But,as an auditee,i feel it is a nit picking excercise.. but i agree that i didnt control the iso standard since it is a document of external orgin,

In light of the above comments i think it is clear that he is assessing they system and its management of external documents, and not specifically just the copy of the Standard. I suppose as an external auditor it is his/her perogative to approach the situation thinking - "if this has already happened with one document, what other parts of the QMS (what other documents) could it be affecting?" IMO its right to raise it as an NC.

I assume it is always well publicised when a Standard is changing :notme: but if for whatever reason this doesn't reach you, and there is no firm control on external documents, you would continue to use an out of date version of the Standard making your system 9001 non-conforming.

My opinion only :2cents:

Hi Suresh,

Going by the minor NC and the explanation of the auditor, I feel he is right.

In light of the above comments i think it is clear that he is assessing they system and its management of external documents, and not specifically just the copy of the Standard...

...I agree...

…it only happens that he made the uncontrolled copy of ISO 9001 standard as an example…

"Internal Audits are found to be carried out without referring to the approved (licensed) copy of the ISO Standard. Also, it is found that ISO and all international standards like ASMI,ASTM Codes are listed by the organisation as external documents which has to be controlled as per the document control procedure. However, Internal Auditors were found to be carried out the audits with respect to current version of ISO Standards but with uncontrolled copy"

Here is the verbal explanation given by the auditor during closing meeting :

" Since,the organisation is using uncontrolled copy of ISO Standard for auditing the QMS,it shows it wont be updated if the new revision comes in the future" Also, the system fails to control the documents of external orgin. He defined the standard as a quality record which should be maintained as a controlled copy. This is a Minor Non conformance.
Please comment on his statement,

But,as an auditee,i feel it is a nit picking excercise.. but i agree that i didnt control the iso standard since it is a document of external orgin,

The reasons for this being a non-conformance are non-sensical! Apparently, they have a crystal ball to see into the future! "It shows it won't be updated? Wow, he could earn more money as a clairvoyant!

And making an issue of the photo copy of a document (that everyone knows is the latest and greatest) being used during an internal audit, is just a plain, bad joke - not a conconformance!

Yeah, the piece about the "future"is an assumption and pretty bogus....That comment should have been left out.....BTW, I now feel a bit vindicated....;)

Great--show me the "shall."

O.K Jim, we have to think out of the box here. As you've stated often enough here, we shouldn't be doing things because 'ISO-says-so". Since an organization has to develop their system in compliance with the international standard, how would they do that without a copy?

Sure there are many books and other documents which include the ISO 9001 requirements, but since they don't come from the "ISO folks", how would anyone know that key words and phrases weren't changed or even omitted all together? Better to get it from the proverbial horses mouth!

The OP was about not having an original copy - it's not as if he didn't have any copy or that it was the wrong version (like a '94!)

I'm sure you wouldn't propose that a company take on work from a client without a copy of the specification being maintained, so why are you advocating that 'hypothetically' you can have a system without having a copy of the ruling requirement? You're not making much sense to me!

O.K Jim, we have to think out of the box here. As you've stated often enough here, we shouldn't be doing things because 'ISO-says-so". Since an organization has to develop their system in compliance with the international standard, how would they do that without a copy?

Sure there are many books and other documents which include the ISO 9001 requirements, but since they don't come from the "ISO folks", how would anyone know that key words and phrases weren't changed or even omitted all together? Better to get it from the proverbial horses mouth!

The OP was about not having an original copy - it's not as if he didn't have any copy or that it was the wrong version (like a '94!)

I'm sure you wouldn't propose that a company take on work from a client without a copy of the specification being maintained, so why are you advocating that 'hypothetically' you can have a system without having a copy of the ruling requirement? You're not making much sense to me!

The question isn't whether a system can be developed without a copy of the standard--in whatever form it might take--the question is more direct: if a third-party auditor finds that the organization has no copy of the standard, is there a nonconformity? If you want to issue one in this case, it can only be because "ISO says so." Third-party auditors are supposed to verify that the standard is being met.

So where's the "shall"? If you (or anyone else here) encountered this situation in an audit, how would you handle it if you feel it's a nonconformity?

How do you know that the copy is accurate?

The question isn't whether a system can be developed without a copy of the standard--in whatever form it might take--the question is more direct: if a third-party auditor finds that the organization has no copy of the standard, is there a nonconformity? If you want to issue one in this case, it can only be because "ISO says so." Third-party auditors are supposed to verify that the standard is being met.

So where's the "shall"? If you (or anyone else here) encountered this situation in an audit, how would you handle it if you feel it's a nonconformity?

:topic:
We've already beaten that one to a pulp somewhere else.........we shouldn't derail this OP's question, here.

So where's the "shall"? If you (or anyone else here) encountered this situation in an audit, how would you handle it if you feel it's a nonconformity?

I've given about 3 or 4 shall's........the standard is just another required document or record and that old "for reference only" argument don't float, because if it is going to be referred to then evidence of intentional use is present and control must be also.

How do you know that the copy is accurate?

Well, having worked for Xerox for many years, I can categorically state that if you put the 2000 version on the copier the 2000 version will be copied onto the paper in the output tray!

If you are referring to pages missing, then that's true for all documents however they are reproduced and isn't in context of what's be said here by the OP. He was cited for not having an original! Not that there were pages missing from the copies.

This issue has been much debated in another thread about copyright issues if you only had a photocopy of the standard.

In my opinion, I think we are missing the point.

The point is: There is no requirement to have a copy of ISO9001:2000, however, there is a requirement to control documents of an external nature.

We do not really have enough information to make a call. Was this the only document or were there others? That is the next question.

In my opinion, I think we are missing the point.

The point is: There is no requirement to have a copy of ISO9001:2000, however, there is a requirement to control documents of an external nature.

We do not really have enough information to make a call. Was this the only document or were there others? That is the next question.

So, it can't be a non-conformity, then...........:rolleyes:

So, it can't be a non-conformity, then...........:rolleyes:

Based upon the information provided, I would agree...there is no requirement. No requirement...No NC

I still would like an answer to my question though:


Was this the only document or were there others?

9001 is not called for by name, it's just another requirement that must be used for effective planning the same as a contract or customer request would.

You wouldn't design and build a product without a copy of the specs would you?

Just thinking out of the box...Let me offer this view just for food for thought, If I am the MR and thus am responsible for a) in 5.5.2 and me being the MR rep, inform the auditor that I periodically check my revision of the "uncontrolled" standard to a controlled version ( soem internet sight) for revision compliance, could it not be my point that my system is based and in accordance with the controlled version of the standard I thus meet the standard. The fact that the copy I have is not original or controlled is irrelevant if I meet the standard, yes or no. What if I was some sort of system prodigy and I could recite the standard word for word (including notes) and our system meets the standard, do I need to be controlled ( I know I am not a document at least on the outside).....:rolleyes:

If a person could cite a contract to design and build something word for word would that be acceptable instead of actually having a copy?

If a person could cite a contract to design and build something word for word would that be acceptable instead of actually having a copy?

That is a whole different scenario. That would fall under design (Apples and oranges here).

If a person could cite a contract to design and build something word for word would that be acceptable instead of actually having a copy?

So Randy, whats your pick for the OP question - NC or no NC :)

That is a whole different scenario. That would fall under design (Apples and oranges here).

Nope, it's just a requirement, forget what it is called...it's all apples

We include verifying that we are up to speed on the latest applicable standards as one of our management review inputs. This is to address (in our case) the requirements of 13485 5.6.2(f) "changes that could affect the quality management system". There is also a related clause requiring management review of new or revised regulatory requirements.

I voted that the situation described in the OP is a non-conformance.

I think the poll is misleading to actual topic of the thread. The nonconformance is correct as it applies to whether there are sufficient controls in place on external documentation.

As far as the poll is concerned - you need to know the Standard down to the letter (or at least be aware of it). You need to know of any new parts, changes etc. BUT as far as i can see there is no part that says you must sit there with a gold plated copy of the Standard in your hand. You have to use it, refer to it, read it, eat it, sleep it...but why not just go to the library every day and pick it up use it then go back home...

My point is that actually having a tangible copy is definitely useful (I am looking at mine right now) but as long as the most current version of the Standard is used in application by the Company what does it matter if you have the document? It is the system that matters not the paper.

Unlicensed copy? See Management Commitment, 5.1(a)

This should have been an observation not an NC, the auditor also should have continue to audit the system and see if it was systemic problem..nitpicky!

This should have been an observation not an NC, the auditor also should have continue to audit the system and see if it was systemic problem..nitpicky!


How could the lack of 1 document be systemic!:confused:

How could the lack of 1 document be systemic!:confused:

I believe they already stated that the Auditor should continue to determine if it systemic problem.

This should have been an observation not an NC, the auditor also should have continue to audit the system and see if it was systemic problem..nitpicky!

My emphasis added in bold.

If I am the MR and thus am responsible for a) in 5.5.2 and me being the MR rep, inform the auditor that I periodically check my revision of the "uncontrolled" standard to a controlled version ( soem internet sight) for revision compliance, could it not be my point that my system is based and in accordance with the controlled version of the standard I thus meet the standard.

I don't think there is a "legal" version online, which again begs the question "how do you know?".

Unlicensed copy? See Management Commitment, 5.1(a)

a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,
Then what? :confused:

I am astounded by the amount of bits and bytes wasted spent on this discussion. In itself, the situation is a technicality. For some, this trivial, inconsequential issue will raise to a non-conformity. For others, it is a non-issue.


Let me offer the following scenario: Since all the press releases coming from ISO and other official bodies state that ISO 9001:2008 does not bring ANY changes to the previous version of the standard, ISO 9001:2008 does not contain any new requirements


They have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 based on eight years of experience of implementing the standard world wide with about one million certificates issued in 170 countries to date. It also introduces changes intended to improve consistency with ISO14001:2004 what would the problem be if an organization does not acquire (officially or otherwise) a copy of the 4th edition of the Standard, and instead, rely on an informative document issued by their CB's explaining the clarifications?

Since the standard brings no new requirements, what would be the added value or benefit for the organization to transfer funds to a swiss account and get themselves a copy of a document which requires NO CHANGES to their QMS whatsoever?

Let me offer the following scenario: Since all the press releases coming from ISO and other official bodies state that ISO 9001:2008 does not bring ANY changes to the previous version of the standard, what would the problem be if an organization does not acquire (officially or otherwise) a copy of the 4th edition of the Standard, and instead, rely on an informative document issued by their CB's explaining the clarifications?

Since the standard brings no new requirements, what would be the added value or benefit for the organization to transfer funds to a swiss account and get themselves a copy of a document which requires NO CHANGES to their QMS whatsoever?

In your scenario the organization has used due diligence in staying abreast of the latest version of the standard, I'm not sure that is the case in the OP. Would the CB certify the organization to ISO 9001:2008 in your scenario?

Thanks for the edit Coury - however I believe the quote belongs to Sidney.

Thanks for the edit Coury - however I believe the quote belongs to Sidney.

Corrected.

There's a fundamental issue that's being missed here! The OP stated that he's being cited for not having an ORIGINAL of the standard!

Having a photocopy - while a 'copyright violation' - isn't a document control issue, is it? He had a photocopy of the most appropriate version! What's 'uncontrolled' about that?

I do it all the time, I never check if it's changed and I've never had a problem quoting the wrong (old) information.

So, what's the beef here? The auditor got it wrong! They may have not liked the copyright infringement, but that's tough, not an nc! (and certainly not a systemic finding, either)

:topic:
I feel like one of those folks who found out the earth isn't flat after all!:lmao:

I would like to post the real statement in the NCR issued by the Auditor:

"Internal Audits are found to be carried out without referring to the approved (licensed) copy of the ISO Standard. Also, it is found that ISO and all international standards like ASMI,ASTM Codes are listed by the organisation as external documents which has to be controlled as per the document control procedure. However, Internal Auditors were found to be carried out the audits with respect to current version of ISO Standards but with uncontrolled copy"

Here is the verbal explanation given by the auditor during closing meeting :

" Since,the organisation is using uncontrolled copy of ISO Standard for auditing the QMS,it shows it wont be updated if the new revision comes in the future" Also, the system fails to control the documents of external orgin. He defined the standard as a quality record which should be maintained as a controlled copy. This is a Minor Non conformance.


This, IMHO, is not a citation against a standard. This is an observation, and a weak one at that. The external auditor should be about the business of assuring proper processes, and not policing every moral/legal issue one may see.

Exactly what Sidney alluded to earlier rings with me. The auditor should be careful of throwing rocks in Glass Houses.

NOTE: I am not saying it's OK to have copies. The organization needs to have purchase a legitimate copy of the standard. But that is an observation to be issued to top management, not a non-conformity of the system.

9001 is not called for by name, it's just another requirement that must be used for effective planning the same as a contract or customer request would.

You wouldn't design and build a product without a copy of the specs would you?

I'm going to make one more observation here, and then let this thread go.
I would/could not design and build a product without a copy of the specs, but it's a weak analogy. I did my first ISO 9001 registration process some 16-17 years ago. Since then I've also guided registration efforts in later versions of the standard, as well as QS9000. Today, I could lead a registration process from gap analysis to certification without looking at a copy of the standard (ISO 9001-2000) even once. I'm not unique--there are lots of people with similar experience and knowledge.

Saying that references in the standard to the QMS needing to be in compliance with the standard are in no way related to the question of whether there is a mandatory requirement for "the organization" to be able to produce a copy of the standard at an auditor's request.

I'm going to make one more observation here, and then let this thread go.
I would/could not design and build a product without a copy of the specs, but it's a weak analogy. I did my first ISO 9001 registration process some 16-17 years ago. Since then I've also guided registration efforts in later versions of the standard, as well as QS9000. Today, I could lead a registration process from gap analysis to certification without looking at a copy of the standard (ISO 9001-2000) even once. I'm not unique--there are lots of people with similar experience and knowledge.

Saying that references in the standard to the QMS needing to be in compliance with the standard are in no way related to the question of whether there is a mandatory requirement for "the organization" to be able to produce a copy of the standard at an auditor's request.

It's only a weak analogy - from your point of view! I've used the analogy with countless clients, and the feedback I get (from them) is that it's a no-nonsense, clear and helpful description!

I'd suggest that too many people (and it's demonstrated here in this very thread as well as countless others) THINK they know the spec. To the vast majority of visitors here at the Cove, it is dangerous to read the postings of a (small) number of (self- proclaimed) experts who postulate that it's unnecessary to have a copy of the standard to be incompliance with it!

It is foolhardy to speak of hypothetical situations, when most of us are faced with the practical reality of implementation! I believe that's the reason many people are here - for practical implementation assistance/advice/sharing - not to endlessly debate what 'could be'! Hey, but that's just me!

BTW - I totally agree with your second point

Then what? :confused:



Maybe it's a stretch, but management may not have communicated the importance of meeting statutory requirements.

I'd suggest that too many people (and it's demonstrated here in this very thread as well as countless others) THINK they know the spec. To the vast majority of visitors here at the Cove, it is dangerous to read the postings of a (small) number of (self- proclaimed) experts who postulate that it's unnecessary to have a copy of the standard to be incompliance with it!
Many people come here because they're unsure about what the standard means in specific instances, and they invariably get good advice and things to think about from people who feel confident enough in their knowledge and experience to offer advice. If there's any danger in following advice gleaned from public forums, surely the responsibility for implementing the advice (or not implementing it) rests with the person doing the implementing.

The whole discussion is theoretical, as the likelihood of any registered company intentionally not having a copy of the standard is negligible. I do not advocate setting fire to the standard, or otherwise not having a copy of it, and anyone who thinks that I have advocated it in this thread is mistaken.

I am astounded by the amount of bits and bytes wasted spent on this discussion. In itself, the situation is a technicality. For some, this trivial, inconsequential issue will raise to a non-conformity. For others, it is a non-issue.

Bad week, Sidney? :cool: If we added up the words (pixels?) on this site that added no value (in the opinion of the viewer!) we would definitely give up and go home. The point of this and any other thread is to test understanding and challenge preconceptions.

FWIW I grew up with my first CB obeying the rules and issuing NCs for:
the company not having copies of ISO (even though their systems were compliant
Quality policy not signed
Etc., etc.


After a while I learned to think for myself and challenge some of the preconceptions. Visitors to the cove are fortunate enough to be able to read your postings and those of others and get to be ahead of the game in a much shorter time than it took me to learn by experience.

So I say let battle recommence!:bigwave:

Like I've said...I have never asked because there are many more important things to find out during an audit like "What's for lunch?":lol:

Like I've said...I have never asked because there are many more important things to find out during an audit like "What's for lunch?":lol:

It's good to have priorities in order! :D

I dont come from a Quality background so to be able to use this site (community for want of a better word) to confirm or allay any fears/questions i have (especially in light of the fact they relate to actual work) is INVALUABLE. I really would be stuck if it wasnt for this Cove (and i'm only 3 months into the job)!!!

:thanx::thanx::thanx::thanx:

Although i take most of the information on here as very well informed - i do not count it all as gospel. I am the only one responsible for implementing something i pick up here into my office.

Maybe it's a stretch, but management may not have communicated the importance of meeting statutory requirements.I do believe that this is a very long stretch because, in the context of ISO 9001, statutory requirements relate to product.

If CB auditors were to turn into copyright patrol cops, what would stop them from delving into other issues, such as SOX compliance, American with disabilities Act, etc?

I do believe that this is a very long stretch because, in the context of ISO 9001, statutory requirements relate to product.

If CB auditors were to turn into copyright patrol cops, what would stop them from delving into other issues, such as SOX compliance, American with disabilities Act, etc?You have a point and the issue didn't rise to an NC. I wonder if it was the only one issued to justify his existence.

It's good to have priorities in order! :D

You betcha:agree1:

This has been a fun Thread

Friends,

Allow me to recap these 71 posts: :)

There is no requirement in ISO 9001:2000 stating that you must have a controlled copy of ISO 9001:2000. Thus the absence of such a document does not constitute a nonconformity.
Smart organizations would have such a document anyway.

Stijloor.

Friends,

Allow me to recap these 71 posts: :)

There is no requirement in ISO 9001:2000 stating that you must have a controlled copy of ISO 9001:2000. Thus the absence of such a document does not constitute a nonconformity.
Smart organizations would have such a document anyway.

Stijloor.

Good Synopsis (Synthèse/ Synopse/ 概要 / Синопсис / Svensk / 日本語 )

Good Synthèse

Merci mon ami....:thanx:

Stijloor.

I did want to say this has been an excellent thread. I have learned a lot from both sides, and I hope all have carried away some additional knowledge on this subject we did not have before.

I did want to say this has been an excellent thread. I have learned a lot from both sides, and I hope all have carried away some additional knowledge on this subject we did not have before.

I really think we have. I have learned some things reading this thread.

Agree with Brad and Coury that this has been a great thread so far - valuable info from both sides and a great resource for learning.

Thanks to Suresh Kumar (Eternal Atlas) for bringing out this issue.

Btw, this is not a Vote of Thanks :mg: - let ideas keep flowing :)

Friends,

Allow me to recap these 71 posts: :)

There is no requirement in ISO 9001:2000 stating that you must have a controlled copy of ISO 9001:2000. Thus the absence of such a document does not constitute a nonconformity.
Smart organizations would have such a document anyway.

Stijloor.

:applause: Good summary, Stijloor!

To which I'd only add:

[3]If you don't have one, you could get some grief from a particularly nitpicky auditor

Friends,

Allow me to recap these 71 posts: :)

There is no requirement in ISO 9001:2000 stating that you must have a controlled copy of ISO 9001:2000. Thus the absence of such a document does not constitute a nonconformity.
Smart organizations would have such a document anyway.

Stijloor.
My sincere thanks to everyone who participated in this topic.. Thanks for sharing your knowledge and expertise..

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

Fellow Covers...I haven't been around to keep up with this thread, but was intrigued by the varied and passionate input from all, and couldn't imagine that I could add anything different...but here's my :2cents: (I may have missed something, so if this is redundant, I apologize in advance)...

In performing Audits using the Process Approach...and therein, verifying inputs and outputs to each activity, the auditors (both Internal and External) are obliged to verify evidence of compliance by asking the auditee to produce the requisite "input" or "output", per the documented process. In my attachment, auditors would be verifying the "input" on the left of the activity rectangle (blue), and the "output" on the right (beige).

Failure to produce the required evidence of compliance to the documented procedure on "one" occasion might raise some suspicion or concern, and would certainly lead a perceptive auditor to a "deeper dive" to find the "root cause" of the issue, which could uncover a nonconformance in Control of Documents in Records, or a lack of Training, or understanding, or negligence, or error on the part of the particular Auditee.

As an isolated issue, it might garner a warning...if the phenomenon is widespread, it would certainly warrant a non-conformance.

Patricia Ravanello :magic:

I do believe that this is a very long stretch because, in the context of ISO 9001, statutory requirements relate to product.

If CB auditors were to turn into copyright patrol cops, what would stop them from delving into other issues, such as SOX compliance, American with disabilities Act, etc?Or health & safety or environmental issues. :notme:

Or health & safety or environmental issues. :notme:

and violations on software copyrights ?

Best regards,

Antoine

Or product quality;)

I'm going to make one more observation here, and then let this thread go.Followed by two more posts!:lmao:
Sorry Jim, I couldn't resist.:D

My last auditor wrote up 5 findings like this one (i.e. bovine scatology). Gin up something that allows him to close the audit and then request another auditor. Non-conformance or not, I am paying far too much to have external auditors come in with their cheap finding list and write up irrelevant findings like this.

Give me a service that adds value or GET OUT!

BTW, even though I have an original copy of TS16949, I also have an original copy of ISO9001. My <strike>last</strike> ex auditor asked to see both. Why? Because I was requesting re-certification to both TS and ISO.

Followed by two more posts!:lmao:
Sorry Jim, I couldn't resist.:D

Make that three more now. :tg:

Followed by two more posts!:lmao:
Sorry Jim, I couldn't resist.:D

My last auditor wrote up 5 findings like this one (i.e. bovine scatology). Gin up something that allows him to close the audit and then request another auditor. Non-conformance or not, I am paying far too much to have external auditors come in with their cheap finding list and write up irrelevant findings like this.

Give me a service that adds value or GET OUT!

BTW, even though I have an original copy of TS16949, I also have an original copy of ISO9001. My <strike>last</strike> ex auditor asked to see both. Why? Because I was requesting re-certification to both TS and ISO.

Good Grief! Time to change CB's? ;););):notme:

We mark all of our publications "For Reference Only". Does that get us our of the duty to provide a current copy of the standard?

We mark all of our publications "For Reference Only". Does that get us our of the duty to provide a current copy of the standard?

No! There are a number of (long) threads about why 'for reference only' doesn't make a good system.......for your review!

I was one of the folks who didn't see this a non-conformance so unless the auditor could sight rhyme and verse I am not worrying about it.
:2cents:

I was one of the folks who didn't see this a non-conformance so unless the auditor could sight rhyme and verse I am not worrying about it.
:2cents:

This requirement to be in possession of a copy of the applicable standard is implicit in the design and creation of a compliant system.

If you have (or even if you don't have) comprehensive flow charts, you would still have had to identify the standard as an "input" to your Operating System design and also, as input to the Internal Audit process (all your auditors need to be able to cite which clauses are involved in any non-conformance). As such, you are obliged to provide evidence of that input, and the auditor should be able to verify that you are in fact, using the latest revision level of the standard.

The same applies to "Customer specifications" which might be identified as "input" to your "product design process". As such, you would be obliged to provide evidence of that "required input" defined in your process.

Consider the standard as the "specifications" which define your System. There's no doubt that you need to be in possession of a current original document (unless you have ISO permission to create or distribute reproductions).

No doubt there are considerably bigger fish to fry in terms of audit focus...so why waste our energies on this rhetoric...just do it!

Patricia

P.S...By the way...what do you use (or what did you use, to create your system), if you don't have an original copy? Did you take one out from the local library?

We mark all of our publications "For Reference Only". Does that get us our of the duty to provide a current copy of the standard?

Andy mentioned "For Reference Only" threads. There are indeed quite a few.

Here is one (http://elsmar.com/Forums/showthread.php?t=27936) for your enjoyment...;)

Stijloor.

This requirement to be in possession of a copy of the applicable standard is implicit in the design and creation of a compliant system.

If you have (or even if you don't have) comprehensive flow charts, you would still have had to identify the standard as an "input" to your Operating System design and also, as input to the Internal Audit process (all your auditors need to be able to cite which clauses are involved in any non-conformance).

I disagree. Once we start allowing for "implicit" (read: subjective) "requirements," the door's open for almost anything. Also, I do not have to cite the standard as input to anything--I don't have to mention it in my documentation, and my internal auditors don't need to even know that ISO 9001 exists--so long as my system is properly designed and documented.

--I don't have to mention it in my documentation, and my internal auditors don't need to even know that ISO 9001 exists--so long as my system is properly designed and documented.

...So how would you verify and validate that the system is properly designed and documented without using the Standard? :confused:

Patricia

Last year, I was involved in a TS16949 assessment, in mainland Europe, where one of the CB audit team members didn't bring a copy of TS or any of the core tool books with him. He claimed to have memorised all the requirements and could quote all the sub clause numbers accurately. Methinks he would have had difficulty citing us for not having a copy of the standard.

He was a dreadful auditor though and didn't quite get the message that knowing the clause numbers is not the same as knowing, and understanding, the contents of the clause.

...So how would you verify and validate that the system is properly designed and documented without using the Standard? :confused:

Patricia


The original question pertained to a finding by an auditor that the auditee had no "original" copy of the standard. The question evolved into whether there is a requirement in the standard to have copy of the standard. My contention is that so long as the system as a whole is compliant, an auditor shouldn't be concerned with whether there's a copy of the standard in evidence or not.

As I said in an earlier post, I've been dealing with ISO standards and registration processes for for ~18 years. I know what the requirements are. I'm sure you do too. I do not advocate being without a copy of the standard, and I think there are very few registered companies that don't have one, so the question is largely academic.

I think it's funny that on the one hand, when we hear people complaining about ISO 9001 compliance being a burden, someone always says that the standard doesn't ask for anything extraordinary--it's all stuff that well-run companies should be doing anyway. Now, when a question comes up about whether it's necessary to have a copy on hand, the standard is suddenly very complex and mystifying, and not "common sense" at all.
Let's get our stories straight.

Last year, I was involved in a TS16949 assessment, in mainland Europe, where one of the CB audit team members didn't bring a copy of TS or any of the core tool books with him. He claimed to have memorised all the requirements and could quote all the sub clause numbers accurately. Methinks he would have had difficulty citing us for not having a copy of the standard.

He was a dreadful auditor though and didn't quite get the message that knowing the clause numbers is not the same as knowing, and understanding, the contents of the clause.

Two wrongs don't make a right...Just because he didn't bring a copy with him, doesn't mean he didn't have one, or that you don't need one.

Why wouldn't you have a copy? What did you use when you designed and documented your system?
Did your management team never ask..."Show me where it says that we have to do that?...."
When you conducted internal training to introduce the standard and the system, did you never pull out the book?
Do all of your internal auditors have the sub-clauses and their contents committed to memory?
Not having a copy of the standard is like saying you don't need your "Bill of Materials' after you've designed and created a new product...

I'm just curious...why so adamant and/or defensive about not having a copy (not just Tyker...anyone???)

Patricia

I'm just curious...why so adamant and/or defensive about not having a copy (not just Tyker...anyone???)

Patricia

I'm not particularly defensive. I do have an up to date, official, paid for copy of all the standards I use and I don't attempt to justify not having one. Frankly, I don't think it really matters in most cases and I don't think it's a valid or value adding nonconformity for a CB to raise.

In the example I quoted, the auditor desperately needed a copy because he was up against an argumentative b@$t@rd (me) and couldn't justify many of the points he was trying to make, especially as I refused to lend him mine.

My point was simply that a "copy" as long as it is the latest revision is OK. How you obtain it may raise other questions:notme: but if I can show revision control on my "copy" I would argue only that it is not a finding.

End of my story and I am off to catch those bigger fish I want to fry...

Thanks to all

Two wrongs don't make a right...Just because he didn't bring a copy with him, doesn't mean he didn't have one, or that you don't need one.

Why wouldn't you have a copy? What did you use when you designed and documented your system?
Did your management team never ask..."Show me where it says that we have to do that?...."
When you conducted internal training to introduce the standard and the system, did you never pull out the book?
Do all of your internal auditors have the sub-clauses and their contents committed to memory?
Not having a copy of the standard is like saying you don't need your "Bill of Materials' after you've designed and created a new product...

I'm just curious...why so adamant and/or defensive about not having a copy (not just Tyker...anyone???)

Patricia

The fact is that a Nonconformance was issued because he didn't have a "Controlled Copy" not that he didn't have a copy.

We are talking Apples and Oranges here. He has a copy of the Standard. But there should not have been a NC issued for not having a "controlled copy."

Yes it is a good idea to have a copy of the standard, but there is no requirement in ISO9001:200x that I can see that you must (shall) have a controlled copy or copy as I see it. An Audit should be cost value added, not just gotcha (and unecesaary).

Just my humble opinion here.

My point was simply that a "copy" as long as it is the latest revision is OK. How you obtain it may raise other questions:notme: but if I can show revision control on my "copy" I would argue only that it is not a finding.

End of my story and I am off to catch those bigger fish I want to fry...

Thanks to all

Agreed...auditors don't have to bother themselves with the legality of the "copy" provided. They're not copyright police.

Patricia

Please excuse me reordering your points. I wanted to answer the main question first.
I'm just curious...why so adamant and/or defensive about not having a copy (not just Tyker...anyone???)
The original poll was for covers to decide if a nonconformity exists merely because a current copy of ISO is not held. Some said yes, others like me said no because I don't believe there is a contravention of the standard requirements. So we are not necessarily defending people who don't have copies of the standard but saying you can't raise an NC just because they don't have one. As an auditor you have to identify a failing and the cause could be that the MR doesn't understand the requirements well enough because they don't have a copy of the standard.

|Why wouldn't you have a copy? What did you use when you designed and documented your system? As has been said earlier many on the cove know the requirements well enough to design an effective system.

People like me even prefer you document a management system (that BTW must already exist for an organization to operate) without using the standard but based on the principles of systems thinking; process approach; involvement of people; anlaysis of data etc., etc. (Familiar?). At the end if you have used good practices then the system will automatically meet all of ISO 9001.

If you want to check yourself you might get some value from your own copy of ISO 9001. ;)
|Did your management team never ask..."Show me where it says that we have to do that?...." I would hope that people who have given me a job (to implement a management system) would trust me enough to describe what they do in a way that meets the standard. IMHO the only time I hear "Where does it say that?" is if the system is poor and is tying a department up in paperwork for no good reason.
|When you conducted internal training to introduce the standard and the system, did you never pull out the book? OK, agreed it is fine as a presentation prompt.
| Do all of your internal auditors have the sub-clauses and their contents committed to memory? No need - they look at the system documentation. Audits should be carried out against the documented system (that should meet the requirements of ISO 9001 if it has been designed correctly - see 1st point above).
|Not having a copy of the standard is like saying you don't need your "Bill of Materials' after you've designed and created a new product...I don't quite agree with the analogy. A BOM is a very specific listing of parts. ISO is a broad management system standard. But - to use your analogy - I wouldn't expect someone on the shop floor to need access to the BOM. Their work instructions (verbal or written) should tell them what parts to use for their work activity.

The fact is that a Nonconformance was issued because he didn't have a "Controlled Copy" not that he didn't have a copy.
.

Hi Coury,
I realize that the original issue was the lack of a "controlled copy", but it evolved into a question of whether you need to have any copy at all, and many contributors seem to feel that "no copy" is required, be it controlled, uncontrolled, original, electronic, photocopied or otherwise.

A verification of the "inputs" to Internal Audit would no doubt uncover the need for some form of the standard to be available (regardless of it's legal implications). Failure to produce the "input" document might raise concerns at an audit...or even a non-conformance, but as so frequently stated in this thread, most auditors have bigger fish to fry.

I think I've exhausted my perspective on this subject. I'm outta' here :magic:

Thanks,
Patricia

Hi Coury,
I realize that the original issue was the lack of a "controlled copy", but it evolved into a question of whether you need to have any copy at all, and many contributors seem to feel that "no copy" is required, be it controlled, uncontrolled, original, electronic, photocopied or otherwise.

A verification of the "inputs" to Internal Audit would no doubt uncover the need for some form of the standard to be available (regardless of it's legal implications). Failure to produce the "input" document might raise concerns at an audit...or even a non-conformance, but as so frequently stated in this thread, most auditors have bigger fish to fry.

I think I've exhausted my perspective on this subject. I'm outta' here :magic:

Thanks,
Patricia

I really hate to see that you feel that you have exhausted your perspective. I don't think you have.

The OP hasn't been back in awhile to provide the results.

I agree with you whole heartily that you need a copy of the Standard, and I think most people do.

Good Grief! Time to change CB's? ;););):notme:At least one auditor of the initial audit team should participate in all audits of the three year audit cycle. For each subsequent audit cycle, different auditors should be used.Emphasis mine, NB those are should and not shall. If my CB sends another hack in here they may lose a customer by taking a hard line on this section. During closing meetings, my executive staff would actually thank our initial auditor for his findings.

Make that three more now. :tg:I make it six at this point but who's counting.:rolleyes:

Unless the auditor can prove that you are not using a current version of the ISO standard, it doesn't matter if the one you have is a copyright infringement, written in crayon or displayed in lasers on your ceiling. This is not a finding. If you sent a PSW last week and are still using PPAP 3rd Edition and you don't have a customer request on file that you stay with 3rd Edition, now that's a finding.

Friends,

Time for an update (in case you missed it!) ;)
On September 5, 2008 at 9:09 P.M.

According the Top Ten Cove statistics, this thread ranked:

#2 in "Most viewed" 2,632 :applause:
#1 in "Most replied to" 104 :applause:


All this was triggered by a question related to a document (http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=21823)that cost 102 Swiss Francs....

Where else can get so much response and participation for that kind of money than on The Cover Forums? :lol:

Keep responding folks....:agree1:

Stijloor.

Friends,

Time for an update (in case you missed it!) ;)
On September 5, 2008 at 9:09 P.M.

According the Top Ten Cove statistics, this thread ranked:

#2 in "Most viewed" 2,632 :applause:
#1 in "Most replied to" 104 :applause:


All this was triggered by a question related to a document (http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=21823)that cost 102 Swiss Francs....

Where else can get so much response and participation for that kind of money than on The Cover Forums? :lol:

Keep responding folks....:agree1:

Stijloor.

Stijloor, thank you for making mention of this.

Friends, old and new.... please don't be afraid to ask a question. What may seem like a basic question... may not be. Some of my most respected (and knowledgeable) friends in the quality field have responded and carried on a most spirited discussion on this. In the end.. I'm not sure if there is a slam-dunk answer to this. But please, anyone reading this, let this show two things. 1) I think that most auditors are good people and truly care about the job they are doing. Keep that in mind. 2) Auditors are human, and some decisions may be based on experience, training, and sheer gut feeling. In the end, the audit report is yours, to do with the information as you see fit. But in the words of the great one "Seek first to understand, then to be understood". Your auditor may have some basis behind their reporting, and you can benefit by trying to see their side of the issue.

But in the words of the great one "Seek first to understand, then to be understood". Your auditor may have some basis behind their reporting, and you can benefit by trying to see their side of the issue.

:topic: It's #5 of the "Seven Habits of Highly Effective People (http://en.wikipedia.org/wiki/The_Seven_Habits_of_Highly_Effective_People)." by Stephen R. Covey; a great read for everyone seeking improvement in their own lives.

Stijloor.

External Auditor issued a NC for not having the original standards of ISO9001:2000 with us. We have only uncontrolled copy of the standard.

My question is :

which clause address this requirement?

I am curious. Has your question been answered? ;)

Stijloor.

I am curious. Has your question been answered? ;)

Stijloor.

This is the answer, I got from this thread sofar..I agree with this as an auditor..

There is no requirement in ISO 9001:2000 stating that you must have a controlled copy of ISO 9001:2000. Thus the absence of such a document does not constitute a nonconformity. By Stijloor

I don't think it's a valid or value adding nonconformity for a CB to raise…….. By Tyker

My contention is that so long as the system as a whole is compliant, an auditor shouldn't be concerned with whether there's a copy of the standard in evidence or not.. By Jim Wynne

This from a BSI newsletter received today.

"BS EN ISO 9001 has undergone a rigorous review by industry experts and the updated version will be out in the Autumn. It will be necessary for customers to have the revised version in order to keep their certificates up to date."

Their opinion, not mine.

This from a BSI newsletter received today.

"BS EN ISO 9001 has undergone a rigorous review by industry experts and the updated version will be out in the Autumn. It will be necessary for customers to have the revised version in order to keep their certificates up to date."

Their opinion, not mine.

Thanks Tyker. I'll ask some friends and get a copy of it when it comes out.:notme::lmao:

This from a BSI newsletter received today.

"BS EN ISO 9001 has undergone a rigorous review by industry experts and the updated version will be out in the Autumn. It will be necessary for customers to have the revised version in order to keep their certificates up to date."

Their opinion, not mine.

Well, of course. They publish the standard in the UK. Maybe they already have a sale on the 2K version..........

In the hypothetical situation, I specified that all requirements have been met. It doesn't matter how it gets done, so long as it does get done.

Mind you, I realize that having a copy of the standard is a good thing, and I'm not adovocating setting fire to them. I'm simply saying that there is no explicit requirement to have a copy. Implicit requirements are subject to personal interpretation, and that's not a good place for external auditors to go.

I feel that not having the copy of the standard is not a non conformity, though I also feel that you have to have copy of the standard to follow. We don't usually burn the copies of the standard that we have. We use them and keep them. :thanks:

WOW - what a read!

My take on this is basic Sunday School.

If my system is registered to ISO 9000, and that document is copyright, I would feel morally obligated to have bought as a minimum one copy.

Would I raise a non conformance for this? No way, it reeks of the missing cal sticker and wrong doc revision chicken sh*t type of finding.

But a bit of a red flag has been raised around corporate ethics.

Any company who wouldn't fork out a few bucks for a copy of the standard is likely going to have a lot more serious problems to be found that will make for value added non conformances.