J
John C
Compliance With 9K:2000
Cove Contributors,
A current client wants me to put together a plan for upgrade of his system to ISO 9000:2000. I hadn’t done any work on the new version, having waited until the final draft was out before spending effort on it and now I see it has presented me with something of a quandry;
My impression from various sources was that there would be few changes necessary - the general opinion seemed to be that if you qualified for ‘94 then you would qualify for ‘2000 without much re-documentation. Certainly, my view of ‘94 and the developer’s approach to the subject led me to think that this would be the case.
Now I’ve looked in detail at some of 2000, I see a new approach. A lot of things which were assumed or implied before, are now written down as specific requirements. My conclusion is that we need a considerable documentation effort to upgrade.
My ‘quandry’ is that the rest of the world might not see it like that.
I think it is quite possible that these requirements, that I see as specific, will go on being seen as ‘assumed’ and that little will be done to come up to the new level and that registrars will accept it that way and go on as before.
Let me give an example;
In the 2000 version section 4.1 there are 9 requirements, including a) to f) plus a note. The first line and the note, indicate that procedures are required to cover requirements for section 4 and, as in any audit, the auditor is likely to ask were you doing the right thing and have you evidence of doing it. As I see it, each of these requirements is specific, individual and open to these questions from a registrar auditor; ‘Have you done this? Where is it documented? Tell me how you did it? Can you show me evidence (ie; quality records) that you have done it.’
In the appendix showing correspondance 2000 to ‘94 it states that this 4.1 corresponds to 4.2.1 of ISO 9001:’94. But, in fact, the old version asks for only 3 specific responses, ie; ‘document, etc a DMS, prepare a QManual, refer to the procedures and outline the structure of the quality system.
The old version does not ask for continuous improvement. It does not ask us to ‘identify the processes needed and their application’, which I see as asking for a process of identifying the correct ones and a means of providing evidence. It does not ask us to determine the sequence and interaction (quite a different thing from ‘structure’. Nor does it ask for what I consider to be the best and biggest question of all; ‘Determine criteria and methods to ensure implementation and control is effective’. That’s the $64000 question (or requirement). A whole lot of thought and good work would go into that one to come up with a valid answer.
Similarly; ‘Monitor, measure and analyse these processes; Implement actions to achieve planned results, continuous improvement. The final requirement, ‘Processes needed for QMS including management, resources, product realisation and measurement’, leaves us open to be written up on any significant process that isn’t documented.
I hoped that this new approach would only apply to section 4, but as I go on, I see the same type of specific requirement appearing where, before, the method was assumed and the end product was all that was asked for. It seems like a totally new standard to me.
I’d like to hear comment on this issue. How far do people think we have to go? Is my comment valid? practicable? likely to be the right and the effective way to deal with things?
My own view is that it is right to read into it these specific requirements. They have always been part of the response to the standard, as I saw it, but not specified. However, since I object to the restriction and the problems likely to arise from registrars, I do not approve of their appearance in the 2000 version.
What do you think?
thanks and rgds,
John C
Cove Contributors,
A current client wants me to put together a plan for upgrade of his system to ISO 9000:2000. I hadn’t done any work on the new version, having waited until the final draft was out before spending effort on it and now I see it has presented me with something of a quandry;
My impression from various sources was that there would be few changes necessary - the general opinion seemed to be that if you qualified for ‘94 then you would qualify for ‘2000 without much re-documentation. Certainly, my view of ‘94 and the developer’s approach to the subject led me to think that this would be the case.
Now I’ve looked in detail at some of 2000, I see a new approach. A lot of things which were assumed or implied before, are now written down as specific requirements. My conclusion is that we need a considerable documentation effort to upgrade.
My ‘quandry’ is that the rest of the world might not see it like that.
I think it is quite possible that these requirements, that I see as specific, will go on being seen as ‘assumed’ and that little will be done to come up to the new level and that registrars will accept it that way and go on as before.
Let me give an example;
In the 2000 version section 4.1 there are 9 requirements, including a) to f) plus a note. The first line and the note, indicate that procedures are required to cover requirements for section 4 and, as in any audit, the auditor is likely to ask were you doing the right thing and have you evidence of doing it. As I see it, each of these requirements is specific, individual and open to these questions from a registrar auditor; ‘Have you done this? Where is it documented? Tell me how you did it? Can you show me evidence (ie; quality records) that you have done it.’
In the appendix showing correspondance 2000 to ‘94 it states that this 4.1 corresponds to 4.2.1 of ISO 9001:’94. But, in fact, the old version asks for only 3 specific responses, ie; ‘document, etc a DMS, prepare a QManual, refer to the procedures and outline the structure of the quality system.
The old version does not ask for continuous improvement. It does not ask us to ‘identify the processes needed and their application’, which I see as asking for a process of identifying the correct ones and a means of providing evidence. It does not ask us to determine the sequence and interaction (quite a different thing from ‘structure’. Nor does it ask for what I consider to be the best and biggest question of all; ‘Determine criteria and methods to ensure implementation and control is effective’. That’s the $64000 question (or requirement). A whole lot of thought and good work would go into that one to come up with a valid answer.
Similarly; ‘Monitor, measure and analyse these processes; Implement actions to achieve planned results, continuous improvement. The final requirement, ‘Processes needed for QMS including management, resources, product realisation and measurement’, leaves us open to be written up on any significant process that isn’t documented.
I hoped that this new approach would only apply to section 4, but as I go on, I see the same type of specific requirement appearing where, before, the method was assumed and the end product was all that was asked for. It seems like a totally new standard to me.
I’d like to hear comment on this issue. How far do people think we have to go? Is my comment valid? practicable? likely to be the right and the effective way to deal with things?
My own view is that it is right to read into it these specific requirements. They have always been part of the response to the standard, as I saw it, but not specified. However, since I object to the restriction and the problems likely to arise from registrars, I do not approve of their appearance in the 2000 version.
What do you think?
thanks and rgds,
John C