Re: Must *All* Procedures Be Documented for ISO Audit?
Let us just say that someone above me wondered if it was really necessary to "document everything" for audit. I wanted
everything documented, so this was an apparent compromise - I got what I wanted (all to be documented) and he got what he wanted (no need for tons of documents to be audited).
Hmm...if 8.2.2 can be used, it shall be in my favour. Everything to be documented! Everything! Mwahahaha!
Nope.
Hold on a minute. 8.2.2 does
not say 'thou shalt document everything'. You are perhaps taking various posts (including mine) to say that, but if you are, you would be mistaken. Very much so in my case.
The requirements for documentation are in 4.2.1:
"The quality management system documentation shall include
a) documented statements of a quality policy and quality objectives,
b) a quality manual,
c) documented procedures and records required by this International Standard, and
d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.
Clause d) also does
not say you must 'document everything'. It says something like 'those documents that you (the organisation) decide are
necessary.
Not
every process or procedure has to be documented. Which do? Again, go back to clause c) (the mandated ones) and d) (the organisation decides) above.
Documenting 'everything' can turn into a beast that gets out of control. I would first go for the
minimum necessary for effective planning, operations and control of processes, and then add to that only if there are indications that more is advisable or necessary.
And please: note that the Standard talks in terms of effective planning, operatons and control of processes! Not in terms of 'thou shalt document everything so it can then be audited'. It is eminently possible to audit a process or a procedure that isn't documented!