Many registrars have requirements above those of ISO9001

Marc,
I sent this as a new subject but it was meant to go in the old registrar discussion of course. Sorry about that. I tried to remove it but don't know how.
rgds, JC

Marc,
Glad to hear you’re a good customer of Apple. And, I hope, a satisfied one. In return, I’d like to complement you on this unique forum - You’ve pulled a group together who are anxious to contribute and develop the issues. Thanks for that. My only complaint is that I keep giving it priority over the other things I should be doing. Can’t blame you for that, I guess. And now I’ve just discovered the archived file! Your format is probably one reason that it works so well. Another would be the balanced involvement from yourself and the moderators.
I read your correspondents mail and was not surprised at the issues he raised. I would comment on a couple of things;
• If an auditor asked me to draw the line a bit longer, I hope I would (almost) hide my amusement and I’d go along with him/her. Keep them happy, within reason, and they’ll do little harm and, maybe, a fair bit of good. (I hear your comment on this - loud and clear -; “B........T”. Well, OK. But it also depends on your circumstances. Some can get away with it, others might find it easier to go around the problem. Anyway, there are more ways than one to skin a cat.)
• There must be a tendency in consultancy, to focus on compliance. Those who focus on compliance will get in the way of those who focus on business goals.
• Regards the auditor who wanted to see that the system met “their” requirements, not just the requirements of the standard;
He didn’t say what “their” meant.
If he meant ‘the auditor’s requirements’, then we would have to know what they were before commenting. Maybe she wanted them to fly a green flag on the second Wednesday of every quarter? - Well, I suppose I could go along with that - couldn’t do any harm?. Did these odd requirements come from her or from the registrar company? The thing seems hardly credible.
If, as I think is more likely, he was relating to ‘effectiveness’ and the meeting of the company’s goals, then it brings up an interesting point; If the auditor believed that the performance is not what it should be, then she was right to point it out as a non-compliance. But she was wrong in saying ‘not just the requirements of the standard’ because the Standard does require that goals be met and that q system activities be effective.
If it related to potential but non-existent goals or to low expectations of effectiveness, then it could go either way. She could write it up as an observation. You must have seen companies who just don’t have the savvy to do a good job, but they can write up a quality system, stick to it and be validly registered. What if you went to the cut glass factory and found that their allowance for breakages included dropping ten boxes out of every hundred?

thanks again and regards,
John C


[This message has been edited by John C (edited 03-12-99).]

[Marc]

I focus on compliance like this:

Client must have someone who understands the spec (ISO9001 or QS9000 or ISO14000 or whatever) as well as internal systems.

Go through spec and ask client how s/he complies with each requirement. I don't care how you do it. I am only interested in meeting the intent. However - if you do write in your documentation that you will stand on your head and spit wooden nickles, you better be doing that. That's your own requirement - not ISO's.

As far as a focus on compliance, we have no choice as consultants. We can't say "Well, you're close to meeting the requirement" or something. Remember: <center>Compliance = Meet Requirement</center>

Good business sense does not have to conflict with meeting the intent, in my opinion. But - I see things argued all the time. I once prepared a company to argue that for their business there was no need for statistical techniques. They could show they had looked at possible places where some sort of statistical trending or analysis would help in some way but decided that none made business sense for them. A 14 person shop which blends chemicals for cleaning - pretty simple stuff. The auditor was shocked, but - we pointed out that the requirement is for the need to be investigated, not that any be used. He finally agreed the company met the intent by showing proof in management review meeting minutes where statistical techniques was discussed. yes - he finally agreed but it was obvious he didn't like it. He wanted to see something actually being done (his paradigm) and it upset him not to see anything at all.

On the other hand they did have to define and document their design process. But - even that was nothing more than documenting what they currently did. The only thing new was an evidence form of reviews and such - a 1 page form.

Quote:

He didn’t say what “their” meant.

Many registrars have requirements above those of ISO - I tell clients to find out what these are when they interview prospective registrars.

You might want to check out This Thread for some registrar discussion, as well.

Consultants have different methods on implementation and ways of looking at their clients. My approach is described herein.

[This message has been edited by Marc Smith (edited 03-13-99).]