Must *All* Procedures Be Documented for ISO 9001 Internal Audit?

S

StMichael

I am thinking of auditing only processes that are external to customers and that affect them directly. Those processes internal to the company and which only affect the customers indirectly will still go in a handbook, but will not go through the audit.

To give an example.

The process by which our customer apply for our services and how we response to them will be documented for the ISO audit.

What we do within the company once the application is complete will still be documented within a handbook but these processes will not go to an ISO audit.
Click to expand...

I am wondering if this can be done?
 
Colin

Colin

Quite Involved in Discussions
Re: Must *All* Procedures Be Documented for ISO Audit?

If I was your external auditor I would point to clause 8.2.2 where it states 'The organisation shall conduct internal audits at planned intervals to determine whether the quality management system ...' (my emphasis) and ask how you satisfy this requirement if you are not auditing the whole system.

Could I also ask why you are planning to only audit part of the system?
 
J

JaneB

Re: Must *All* Procedures Be Documented for ISO Audit?

StMichael said:
I am thinking of auditing only processes that are external to customers and that affect them directly. Those processes internal to the company and which only affect the customers indirectly will still go in a handbook, but will not go through the audit.
Click to expand...

I am wondering if this can be done?
Click to expand...
It 'can' be... the question is: should it be? More importantly: does it comply with ISO 9001 requirements if you do this?

I agree with Colpart. If I were external auditor for your 9001 certification, I too would find you noncompliant here. You are perhaps (mis) interpreting the relevant requirements for internal audit to suit yourself. If you wish to achieve certification, you'll need to audit your system not just the bits that are 'external to customers' (meaning unclear) and which affect them 'directly'.

Inefficient or noncomplying processes that don't affect a customer 'directly' can still have a hell of a negative effect over all!
 
S

StMichael

Re: Must *All* Procedures Be Documented for ISO Audit?

Let us just say that someone above me wondered if it was really necessary to "document everything" for audit. I wanted everything documented, so this was an apparent compromise - I got what I wanted (all to be documented) and he got what he wanted (no need for tons of documents to be audited).

Hmm...if 8.2.2 can be used, it shall be in my favour. Everything to be documented! Everything! Mwahahaha! :D
 
J

JaneB

Re: Must *All* Procedures Be Documented for ISO Audit?

StMichael said:
Let us just say that someone above me wondered if it was really necessary to "document everything" for audit. I wanted everything documented, so this was an apparent compromise - I got what I wanted (all to be documented) and he got what he wanted (no need for tons of documents to be audited).

Hmm...if 8.2.2 can be used, it shall be in my favour. Everything to be documented! Everything! Mwahahaha! :D
Click to expand...

Nope.
Hold on a minute. 8.2.2 does not say 'thou shalt document everything'. You are perhaps taking various posts (including mine) to say that, but if you are, you would be mistaken. Very much so in my case.

The requirements for documentation are in 4.2.1:
"The quality management system documentation shall include
a) documented statements of a quality policy and quality objectives,
b) a quality manual,
c) documented procedures and records required by this International Standard, and
d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.
Click to expand...

Clause d) also does not say you must 'document everything'. It says something like 'those documents that you (the organisation) decide are necessary.

Not every process or procedure has to be documented. Which do? Again, go back to clause c) (the mandated ones) and d) (the organisation decides) above.

Documenting 'everything' can turn into a beast that gets out of control. I would first go for the minimum necessary for effective planning, operations and control of processes, and then add to that only if there are indications that more is advisable or necessary.

And please: note that the Standard talks in terms of effective planning, operatons and control of processes! Not in terms of 'thou shalt document everything so it can then be audited'. It is eminently possible to audit a process or a procedure that isn't documented!
 
S

StMichael

Re: Must *All* Procedures Be Documented for ISO Audit?

Sigh...so I guess I'm the one in the wrong then? Still, like I mentioned, I really don't care if the organisation considers only those interfaces with the customers as "necessary", and relents to let me put down all other procedures in the form of a handbook for employees. I just want everything to be documented so that we have a common reference for anything we do.

Which is the point of ISO, no? A standard.
 
Paul Simpson

Paul Simpson

Trusted Information Resource
Re: Must *All* Procedures Be Documented for ISO Audit?

StMichael said:
Sigh...so I guess I'm the one in the wrong then? Still, like I mentioned, I really don't care if the organisation considers only those interfaces with the customers as "necessary", and relents to let me put down all other procedures in the form of a handbook for employees. I just want everything to be documented so that we have a common reference for anything we do.

Which is the point of ISO, no? A standard.
Click to expand...

I don't think anyone is saying you are wrong but merely pointing out that the only reason for documenting something (for the reasons Jane posted) is that you believe it is important that it is documented.

The reasons for documenting are many and varied but include (your term) standardizing, consistency and as a point of reference.

The bit that people are disagreeing with is the bit about:
StMichael said:
<snip>I am thinking of auditing only processes that are external to customers and that affect them directly. Those processes internal to the company and which only affect the customers indirectly will still go in a handbook, but will not go through the audit.</snip>
Click to expand...

By definition if the activities are important enough to be documented then they are important enough to be audited.
 
T

trainerbob

Re: Must *All* Procedures Be Documented for ISO Audit?

Apparently "someone above me" does not understand what ISO is about. Not only are internal audits of our QMS required, they are one of the best tools for helping our organizations improve and move ahead. Avoiding audits is not going to help out your organization, not to mention that in reality this avoidance would probably result in a major con-conformance by your third party auditor. You cannot ignore requirements of the standard.
 
S

StMichael

Re: Must *All* Procedures Be Documented for ISO Audit?

Yeah - so it will have to be my job to persuade him that it's important enough to be audited. Thanks guys for all the replies! Wow, this forum is really a great resource!
 
O

ong0708

Re: Must *All* Procedures Be Documented for ISO Audit?

JaneB said:
Nope.
Hold on a minute. 8.2.2 does not say 'thou shalt document everything'. You are perhaps taking various posts (including mine) to say that, but if you are, you would be mistaken. Very much so in my case.

The requirements for documentation are in 4.2.1:


Clause d) also does not say you must 'document everything'. It says something like 'those documents that you (the organisation) decide are necessary.

Not every process or procedure has to be documented. Which do? Again, go back to clause c) (the mandated ones) and d) (the organisation decides) above.

Documenting 'everything' can turn into a beast that gets out of control. I would first go for the minimum necessary for effective planning, operations and control of processes, and then add to that only if there are indications that more is advisable or necessary.

And please: note that the Standard talks in terms of effective planning, operatons and control of processes! Not in terms of 'thou shalt document everything so it can then be audited'. It is eminently possible to audit a process or a procedure that isn't documented!
Click to expand...

I am agreed with JaneB in this.

ISO do not require you to document everything. There are only 6 Mandatory procedures that need to be documented as stated in Clause c.

But Clause d told you that "documents that determined by your organization to be necessary to ensure the effective planning operation and control of its processes" shall also be documented.

So it is much depends on your company to decide which procedure is required to document and which is not in order to maintain an EFFECTIVE system. It would be a wrong concept for people who think that ISO require you to document everything.

For my style of working, I am not documented my Communication procedure but it doesn't means that I do not have a procedure for Communication. When the auditor ask me, I can still prove to them by showing them my records of communication such as Minutes, memo and etc.

Hope that my poor explanation would help you in understanding as my English level is not really good.:)
 
You must log in or register to reply here.

Similar threads

F
Confused about Non conformace from internal audit
2 3
Replies
22
Views
1K
qualitymanagerTT
Q
G
Responding to Customer Audit
2
Replies
16
Views
549
ED76
E
K
Shop Floor Tools, Reference or Calibrated?
Replies
6
Views
229
Big Jim
B
K
Contract Review SOP - Help Understanding Unclear Language
Replies
9
Views
513
mattador78
M
W
Is there an "ultimate" version QMS version similar to 9001, like a "mother of all QMS"?
2
Replies
15
Views
677
Govind
Govind
Top Bottom