Informational Required Documents/Records in ISO 9001:2015

drgnrider

Quite Involved in Discussions
After reading through CD-ISO-9001, unless I am missing something, these are all that I see that will be required:

what we currently refer to as documents:
- [4.3] Scope & justifications for exclusions (limited to 7.1.4 and 8)
- [5.2] Quality Policy
- [6.2.a-g] Quality Objectives and information

what we currently refer to as records:
- [7.1.4] Evidence of fitness of monitoring & measurement equipment
- [7.2.d] Evidence of employee competence
- [7.5.b] Information determined by the organization as being necessary
- [8.1.c] Information that processes have been completed as planned
- [8.2.3] Basically Order intake & processing)
- [8.4.2] Provider evaluations (ability to provide)
- [8.4.3] (Basically Purchase Order)
- [8.4.3] Provider evaluations (performance)
- [8.6.2] Unique identification for traceability
- [8.6.3] Customer property lost, damaged, or unsuitable
- [8.6.6] Review of change
- [8.7] Evidence of conformity
- [8.7] Person releasing to customer
- [8.8] Nonconforming goods and actions taken
- [9.1.1] Records that monitoring and measurement have been completed
- [9.2.f] Audits were held and results
- [9.3] Results of Management Review
- [10.1.a] Nature of nonconformance's and actions taken
- [10.1.b] Results of Corrective Actions

It appears that as long as everyone knows our processes, we do not need to have anything in writing. I did not see anything that states we need to have processes in writing, although some should be.

Have I missed something? :confused:
 

Sidney Vianna

Post Responsibly
Leader
Admin
Re: Required Documents/Records in 9001:2015

Have I missed something? :confused:
Yes, you have missed the requirement that states:
The organization’s quality management system shall include documented information determined by the organization as being necessary for the effectiveness of the quality management system.
By understanding the context of the organization, stakeholder expectations and considering the risks associated with undocumented, poorly documented and erroneously documented processes, the organization should determine (for themselves) the extent of documentation they would have to generate and control to support their business processes. Unless something changes significantly, ISO 9001:2015 will force organizations to adequate command media and records to it's context. If you are a supplier of highly complex products and deploy highly complex business processes, you should know that you CAN'T run a successful enterprise by uncaptured/non-managed tribal knowledge alone.

I remember back in the 1990's when thousands of Mil standards were cancelled (those that led to a US$18,000 hammer purchased by the DoD) and suppliers were forced to (think) and propose commercial (performance based) standards in it's place.

As it is shaping up, ISO 9001:2015 will force organizations to do some soul searching and think how their QMS should be designed, maintained and improved to support the business. I know that represents a challenge for some obtuse "quality" professionals out there, but the ones who see this latitude as an opportunity, should thrive.

Yes, (external) "auditability" of this approach will be really challenging, but, we should NOT constrain standards and systems for ease of external audit purposes.
 

Marcelo

Inactive Registered Visitor
Re: Required Documents/Records in 9001:2015

Another way to look at it: if you do not need documentation to guarantee that the process meets its objective, you do not need to document it. If you do, you need to document it. This approach is already in the current version in "documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes".

Document Auditing a QMS which has minimum documentation also mentions the principle: Thereafter, the necessity for any documentation should be evaluated in the light of the observed need for consistency, and the role that any documentation could play in avoiding any significant, identified risks.
 

Marc

Fully vaccinated are you?
Leader
Re: Required Documents/Records in 9001:2015

<snip> It appears that as long as everyone knows our processes, we do not need to have anything in writing. I did not see anything that states we need to have processes in writing, although some should be.

Have I missed something?
Nope - That's pretty much it.

From a client back in 1999:

Anaren said:
--> Subject: Results?
--> Date: Thu, 24 Jun 1999 16:29:21 -0500
--> From: Anaren
--> To: Marc Smith
-->
--> Well, as you anticipated, we "passed" with relatively few problems.
--> We had only 7 isolated non-conformities across 5 elements. Details
--> are in the attached file. The auditor said that this was a very
--> good result when compared to other registration audits he has
--> performed. All I can say is I am glad it was successful and Marty
--> said that she was happy to finally win! Once again, thanks for the
--> help. You're advice was extremely important. Especially important,
--> at least in my opinion, was your help in determining where we did
--> not need to document every last thing (by using training, etc.). I
--> think that without this input, we would have spent a lot more time
--> writing things that we did not need and wasted a lot of peoples'
--> time.
We were able to get the audit (sic) done in a year while we are
--> achieving record sales and profits. Who can argue with that?

Companies that didn't require much documentation before still won't. Companies that did still will.

The Draft standard still calls out some specific *documentation/records* such as "...Documented information describing the results of the review of changes and any necessary actions shall be maintained...." and "...audit - systematic, independent and documented process...". In this respect your list is pretty good.

So - It's not a free for all. It really hasn't changed much other than 9 (or what ever) specific "documented procedures" are not called out as plainly as it the past. The tradeoff as I see it is more requirements for specific records.

The biggest thing I see is major re-wording so that people and companies will shell out hundred$ of thou$and$ of $$$$ (or what ever currency) to consultants and companies to "explain" the changes and to buy the new standard. This is not to mention companies will spend in time/$$$ to "change" what ever is "necessary" to comply with the standard even though the changes likely will be totally unnecessary.

Since I "found" ISO 9001 in 1990 I thought then, and still think, everything in ISO 9001 is basic business common sense. A company should not need a "standard" to tell them to do these basics.
 

TPMB4

Quite Involved in Discussions
And with the complete re-numbering of the standard people will need to re-write their Manual to match!! :D:sarcasm:

<I hope that you know I am joking. When i first started in quality one more experienced person told me one of my jobs was to help re-write the QMS. I was then shown the existing 15 page manual and then the work in progress. It was a complete copy of the standard but expanded to something like 67 pages plus a whole shed load of procedures, WI and other documents. I think it was one copied from the internet and was being tweaked to "suit the company". I still have it and use it for inspiration, as in what not to do.

I do wonder what the sample manuals that will come out of it on the internet will look like though. Will this version of the standard force those people who mimic the standard to think and write something right for them? Can a standard do that in the real world??
 
Last edited:

drgnrider

Quite Involved in Discussions
Re: Required Documents/Records in 9001:2015

By understanding the context of the organization, stakeholder expectations and considering the risks associated with undocumented, poorly documented and erroneously documented processes, the organization should determine (for themselves) the extent of documentation they would have to generate and control to support their business processes. Unless something changes significantly, ISO 9001:2015 will force organizations to adequate command media and records to it's context. If you are a supplier of highly complex products and deploy highly complex business processes, you should know that you CAN'T run a successful enterprise by uncaptured/non-managed tribal knowledge alone.

@Sidney, No I did not miss that "shall", it is an "if the company feels they need it", (unlike the currently required Quality Manual and five other "shalls"). I do like your explanation above, I have a number of managers I was trying to determine how to inform them, but you summed it up pretty well. :agree1:



It really hasn't changed much other than 9 (or what ever) specific "documented procedures" are not called out as plainly as it the past. The tradeoff as I see it is more requirements for specific records.

@Marc, this is what I was seeing, but was not sure I was reading it right since there were really no "required documents", just a lot more records.

Of course, you can't say what the business "is" without some sort of document, but the 'process procedures' are "only if needed".


Since I "found" ISO 9001 in 1990 I thought then, and still think, everything in ISO 9001 is basic business common sense. A company should not need a "standard" to tell them to do these basics.

Absolutely agree! But then you have those that require that someone else have proof they know how to run a business. It just feeds into the vicious cycle.
Back in 2001, to satisfy 9001:2000, I had to write more than a few procedures; my how-to notes (2-pages) became company standards (10-pages) even though I was the only one doing the process. For almost two weeks we had over 200 high-paid engineers unnecessarily documenting 90% of our processes. :mg:

:thanks:
 
K

kat

Back when TS16949 made the change from all the required procedures to the 7 - it was an opportunity to change to more process owner and practical oriented "procedures" and system. In other words, we tore the old system down and kept only the part that was needed and relevant.
It sounds like the change to the "new ISO9001-2015" may be an opportunity to do the same. With my recent change, I have inherited a system that is dis-jointed and the majority of the people still look at any ISO as "let's open the box and see what we have to do to meet the requirements". "OK, that's done put it away until it is time again." ISO9001 (and 14001) are not a part of the operating business, they are lines to be checked. So it looks like I may be able to use the new issue to help the culture and mind shift I am working on here.
 

John Broomfield

Leader
Super Moderator
After reading through CD-ISO-9001, unless I am missing something, these are all that I see that will be required:

what we currently refer to as documents:
- [4.3] Scope & justifications for exclusions (limited to 7.1.4 and 8)
- [5.2] Quality Policy
- [6.2.a-g] Quality Objectives and information

what we currently refer to as records:
- [7.1.4] Evidence of fitness of monitoring & measurement equipment
- [7.2.d] Evidence of employee competence
- [7.5.b] Information determined by the organization as being necessary
- [8.1.c] Information that processes have been completed as planned
- [8.2.3] Basically Order intake & processing)
- [8.4.2] Provider evaluations (ability to provide)
- [8.4.3] (Basically Purchase Order)
- [8.4.3] Provider evaluations (performance)
- [8.6.2] Unique identification for traceability
- [8.6.3] Customer property lost, damaged, or unsuitable
- [8.6.6] Review of change
- [8.7] Evidence of conformity
- [8.7] Person releasing to customer
- [8.8] Nonconforming goods and actions taken
- [9.1.1] Records that monitoring and measurement have been completed
- [9.2.f] Audits were held and results
- [9.3] Results of Management Review
- [10.1.a] Nature of nonconformance's and actions taken
- [10.1.b] Results of Corrective Actions

It appears that as long as everyone knows our processes, we do not need to have anything in writing. I did not see anything that states we need to have processes in writing, although some should be.

Have I missed something? :confused:

drgnrider,

One small point. Rather than "knowing your processes" you need to know your undocumented procedures.

Please compare the definitions of process and procedure.

Briefly, process is the work and procedure is the specified easy to carry out the work.

John
 
Last edited:
Top Bottom