The requirements are the same. I'm not sure what your point is. Auditors do to some degree audit differently today and ask somewhat different, or differently phrased, questions than they did 20+ years ago, though. In fact, to me these requirements go back to long before I started in quality in the 1980's - Very much pre-ISO 9001. I started in DoD work. All of the ISO 9001 "records of training" requirements were standard requirements in some companies many years before ISO 9001 (1987).Back then the requirements are look-alikes and were stated as:
Those requirements go back years, too. The changes in the ISO 9001 standard have just shuffled a few words over the years, and added some hot button words/phrases a few times. Just like today's big "risk analysis" crap, as if companies were never doing risk analysis in the past.I agree and this could be attributed to ISO 9001:2015's distinct intention:
"...retain appropriate documented information as evidence of competence..." has in my lifetime always been a requirement, even when I was an EEG technician in 1969. HR had to have (and "maintain") records such as my high school transcript and my EEG technician certification and training records on file. That was about 50 years ago. My "competence" was largely based up the opinion of the doctor who oversaw my work on a daily basis. I learned to do EEGs by "on the job" training. To get my "technician" certification I had to have a referral from the doctor to be allowed to sit for the "technician" exam. I then took and passed the "technologist" certification test.
To put this in perspective, even back then there were legal liabilities. Quite often EEGs are, or were - things have changed - done to assess "brain death". Hospitals did not just want anyone doing those studies, especially, and had to have evidence that a qualified competent person was doing the EEG, so certification (via a test) was a requirement. The person had to understand both the equipment (back then Beckman Instruments and a company called "Grass" both made EEG machines, and each one was a bit different) and they had to understand the basics of brain electrical activity.
A Grass analogue EEG machine from back in the day. If I remember correctly they sold for something like $10,000 to $20,000 or so.
Yes, that was always done because even early on, among other things, a requirement for registration was for at least one complete round of internal audits, and they were not particularly happy if the audits had been done within 30 to 60 days before the registration audits. That is one reason I used to (and still do) about the "40 wonder" claim some people/companies made (and I assume some still do...). I didn't, and won't, say if *can not* be done, but as has been discussed here in the long ago past, just ask yourself - Are you really going to end up with a serious and demonstrably effective quality system in 40 days assuming no system was previously in place?I’m talking about systems intended to conform to ISO 9001. So, before inviting in a third party auditor, I’m sure you’d agree, the company would be wise to have completed a round or two of internal audits of its system and its system’s processes.
I can say that almost all of my clients had functioning, and typically reasonably effective, quality systems when I started working with them. The most common "gap" was most either did not do internal audits, at least as we think of them, and in an organized way, or they did them poorly.
These days asking an employee for "...evidence of system and process effectiveness...". Not too many years ago, you would have most likely gotten a "deer in the headlights" stare. Let's take 1995 - How many employees back then would have been able to answer?Auditors (incl a third party’s) ask employees for evidence of system and process effectiveness.
As a sort of disclaimer at this point... When we use a general term such as "employee", there is a big range. I tend to think of auditing in terms of the girl or guy working on the floor, so to speak. They are the most important people to me and is why I always spent significant time working with them on the floor. Supervisors and above I have a certain expectation that they will be appropriately knowledgable, though I have often been wrong in assuming that. Floor personnel are typically the last to know a lot. They don't always sit in on, for example, design and development teams (admittedly in some cases a company is smart enough the include a floor person in their team, but more often, at least in the past, it more typically a supervisor.
You can not audit the system and its processes without asking asking employees questions. This is simply playing with semantics. True - Answers employees give provide information about bits and pieces of the system and its processes, as well as the effectiveness to some degree, and the intent is not to try to make judgements about individual employees (I think this is your "not the employees" part).When training auditors my company was careful to stress that we audit the system and its processes, not the employees.
Back when I was working with large companies (over 20,000 employees), the first thing I did at the RFQ stage was submit a response in which I offered to visit the company facilities. I would do that at no charge. I could not quote a contract if I didn't know the company. I went over their procedures, talked with some employees, and within a week I would give the customer a quote (there were companies I would NOT work for), a completed gap analysis, and a general report on what I found. Also included was a project plan (I worked with Microsoft Project a lot back then). Bottom line is, I typically knew more about how the company operated as a whole (does interaction of processes ring a bell?) than anyone in the company.
That was typically a 2 week job - A week onsite and a week back at my office to put the entire proposal together. From there I hoped the company would hire me, which wasn't always the case, of course. The contracts I did win did make me some good money. And I swear, I loved working with the companies from boardroom to shop floor.
As an aside: I was never a person to say "I've done X implementations and every company passed first time" or crap like that. My marker was how many nonconformances were found. Many of the companies I worked with came through their registration audit with zero nonconformances. I was, and still am, proud of that.
/old man rant and campfire tales