Concern about the adequacy of procedures

I

Ingeniero1

#1
We are writing our procedures to become ISO 9001:2000 certified, and most of the procedures are being written from scratch. Everyone is well aware that the procedures are meant to help each department and operation perform their tasks and activities such that the outcome is conforming. That is, the procedure's primary goal is to help the organization and not to be a hindrance or obstacle.

However, the procedures will also be reviewed by The Auditor, and this has some people nervous as to what they should write that will be acceptable. I wrote a few 'hints' to help them out. Would those of you who have more experience than I (everyone?) with the ISO 9001:2000 auditors, please comment and critique my hints?

=======================
1. The Auditor will audit your area or operation according to what your procedures say.

2. The Auditor will investigate whether the tasks and activities listed by the procedure are done according to the procedure.

3. The Auditor will seek evidence to substantiate that the procedures indeed are followed – hearsay is not acceptable.

4. The Auditor will not judge whether the procedure is too detailed, but if it appears too vague or too simple, the auditor may question whether it is sufficient to carry out the task or activity properly – be ready to explain if this issue comes up.

5. The Auditor will not evaluate the adequacy of a procedure. If a procedure is followed and it works; i.e., the outcome of the task or activity conforms to expectations, then so be it.

6. The Auditor will not accept a procedure (will find a non-conformance) that is not followed, regardless of the outcome of the task or activity. If the outcome of the task or activity is otherwise conforming as carried out, then rewrite or edit the procedure so that it reflects what is being done.
=======================

Thank you for your time!

Alex
 
Elsmar Forum Sponsor
W

WALLACE

#2
Ingeniero,
Work closely with the process owner/s, allowing them to map-out their own procedure, if indeed you are using them as work process instructions.
The auditor should realize and accept (As well as you) that, there may or should be an allowance for work procedural variation.
I've audited many work process procedures, when there has been more than one person performing the task, usually between two or even three shifts. I've always found, stepping back or moving to the next process is helpfull in assessing the efficiency of the procedure in question. Is it effective and fully completed according to process procedures? If yes, return to the process and assess for standardized procedural aspects. If no, an assessment at a deeper level is required to either re-write the procedure and retrain according to process needs.
Wallace.
 

Mike S.

Happy to be Alive
Trusted Information Resource
#3
Alex,

You've got a pretty good handle on things. However, "heresay" may indeed act as evidence IMO. Not all operations are being performed during an audit, and not all processes leave clear records. Auditors may ask someone "how do you do such-and-such" or "what happens when ..." and see if what they say matches the procedure.

Make the procedures as detailed as they need to be, but not more or less so. As Wallace said, work closely with the process owners and those who perform the process and let them guide you as to how much detail is needed. Your internal audits should be able to verify if the procedure is being followed at a later date, but your chances improve greatly if the users have early input. JMO.
 
#4
Ingeniero1 said:
Everyone is well aware that the procedures are meant to help each department and operation perform....
Ok, but do think about processes rather than departments, as processes often span over several departments, and problems very often turn up in the interaction between departments (and processes for that matter).

Ingeniero1 said:
1. And acc. to the standard.

2. Yes

3. Yes

4. Yes

5. I'm not so sure about that one, but essentially, yes.

6. I would say that the Auditor will try to convince himself that procedures and reality match. If they don't you will have to change one of the two.

7. The auditor will look for the documented and undocumented procedures necessary to conform to the standard. He has to...
/Claes
 
#5
Mike S. said:
Alex,

You've got a pretty good handle on things. However, "heresay" may indeed act as evidence IMO. Not all operations are being performed during an audit, and not all processes leave clear records. Auditors may ask someone "how do you do such-and-such" or "what happens when ..." and see if what they say matches the procedure.

Make the procedures as detailed as they need to be, but not more or less so. As Wallace said, work closely with the process owners and those who perform the process and let them guide you as to how much detail is needed. Your internal audits should be able to verify if the procedure is being followed at a later date, but your chances improve greatly if the users have early input. JMO.
If I may add.... In Lead Auditor training, we were taught that there are 3 ways to obtain objective evidence: Observation, interviewing and examination. There is no requirement to have a written record for everything! What you call "heresay", I would call interviewing. A quick example. How do you prove you know the company's quality policy? Do you have a written record that you read, understand and know it? Or, do you explain it? As an auditor, I would accept your words, before I would accept a piece of paper you signed.

Don't over do things. Your procedure should follow the process. The amount of detail would be based on how detail it needs to be. In many cases, just a process flowchart might be enough. In other cases, neither a flowchart, nor a written procedure is required. In some cases, you might need both, along with work instructions and detailed records. It jsut depends on what you are trying to do, how you trying to do it, and who you have doing it.

Hope this helps.
 
C

celso klitzke

#6
Hi Alex,

1, 2, 3, 4, 6 - yes
5 - no
If the auditor knows the subject (and he should) and the method described isn´t right, he can make an observation (needs further investigation/observation).

Best regards,
/Celso
 
M

mshell

#7
Ingeniero1

Encourage them to write what they actually do, compare what they present to the standard, add any ISO requirements that are missing from the process and let internal audits catch the other missing issues. We have found this method to be very effective. When we audit, our employees can tell us almost exactly what the procedure says because we made the procedure match practice instead of *trying*:frust: to make practice match the procedure. In fact, during one audit a question was presented and everyone answered wrong (the answer did not match the procedure) so we changed the procedure to match the reponses instead of trying to change the people to match the procedure and now everyone answers the question right.
:mg:
Just IMO
 
#8
mshell said:
In fact, during one audit a question was presented and everyone answered wrong (the answer did not match the procedure) so we changed the procedure to match the reponses instead of trying to change the people to match the procedure and now everyone answers the question right.
Right on the button! :applause:

/Claes
 
I

Ingeniero1

#9
mshell -

Yes! That's more or less what we are trying to do, but being sort of 'green' at this, what the Auditor may say about our 'just-hatched' procedures was a concern. On the positive side, this company has an excellent Quality record and satisfied customers. Frequently, we receive unsolicited letters and e-mails thanking us for helping them out with a special delivery or unusual request on their part. So whatever we are doing seems to be working just fine. Now let's put it in writing.

Thanks to all!

Alex
 
Thread starter Similar threads Forum Replies Date
T OFI (Opportunity for Improvement) vs. AOC (Area of Concern) - Definitions Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 1
D Substance of concern (SOC) management procedure wanted Reliability Analysis - Predictions, Testing and Standards 3
M Informational EU – Candidate List of substances of very high concern for Authorisation Medical Device and FDA Regulations and Standards News 0
E Canada Chemicals of Concern - Similiar program for chemicals like the EU Canada Medical Device Regulations 0
K FDA Premarket Submissions for Embedded Software - Level of Concern Other US Medical Device Regulations 4
H Identifying Guidance on Medical Device Software Level of Concern for the EU EU Medical Device Regulations 2
S Nemko AS & DQS - Concern over notification as a Medical Device NB Registrars and Notified Bodies 5
M Medical Device Software "Level of Concern" 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
J Level of Concern - Ultrasound Medical Device Systems ISO 14971 - Medical Device Risk Management 2
R ISO 14644-1 maximum particulate concentration limits concern Other ISO and International Standards and European Regulations 2
L IEC 62304 and FDA Level of Concern IEC 62304 - Medical Device Software Life Cycle Processes 8
T Mercury is covered under RoHS but is not a substance of very high concern (SVHC) ? RoHS, REACH, ELV, IMDS and Restricted Substances 2
T Level of Concern for Class II Medical Device Software 510(k) Submission 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
Fender1 PPAP-PSW Accuracy Concern - Laser Cut Holes In Formed Fabricated Steel Part APQP and PPAP 15
D Company Percentile Ranking - Customer Concern and Warranty Costs Benchmarking 4
M Level of Concern (FDA) vs. Software Safety Classification(IEC) US Food and Drug Administration (FDA) 3
N Minor Concern - Medical Device Software and Risk Management ISO 14971 - Medical Device Risk Management 2
S How to start implementation of ISO 9001 in manufacturing concern? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
smryan SVHC (Substances of Very High Concern) Declaration List Update Notices RoHS, REACH, ELV, IMDS and Restricted Substances 3
S Level of Concern only applicable to Medical Device software? IEC 62304 - Medical Device Software Life Cycle Processes 3
somashekar Supply Chain Oversight is the FDA's Next Area of Concern Other US Medical Device Regulations 0
S Medical Device Software Level of Concern Determination 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 23
P Level of Concern anomaly - FDA Guidance Document Conflicts 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
F Level of Concern for 892.2050 - FDA Requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 6
S Software Validation - Splitting the Level of Concern on multiple software parts 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
G First time flyer - My big concern other than crashing is air sickness! Coffee Break and Water Cooler Discussions 41
Q Management Review Meetings - Auditor issued an Area of Concern regarding our method ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 85
T To Whom it may concern... Imported Legacy Blogs 0
L Software Documents in 510(k) submission (Moderate Level Concern) Other US Medical Device Regulations 1
Q SVHC (Substance of Very High Concern) Declaration for Packaging Material RoHS, REACH, ELV, IMDS and Restricted Substances 1
J FDA classifying all PACS software devices as Moderate Level of Concern? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 9
S Establishing Control of Regulations that concern my company Quality Manager and Management Related Issues 12
M What are the most Important Areas that Concern the External Auditors ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M How To Include Substance of Concern (SOC) Free Into TS16949 Internal Audit Plan IATF 16949 - Automotive Quality Systems Standard 1
P Your Critical Characteristic is my Minor Concern - Characteristic out of Spec Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
M ISO 9001 Audit Concern about Written Job Scope & Responsibility for Employee? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
K IMDS concern (re: CaZn Complex Stabilizers) - No CAS number RoHS, REACH, ELV, IMDS and Restricted Substances 4
Q Looking for some ideas or samples on Customer Concern Matrix Nonconformance and Corrective Action 6
Z Definition Customer Concern - What is the definition for Tooling and Equipment suppliers Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 1
Marc ISO 17025 Section 5.4.7.2.a - Software Validation Concern ISO 17025 related Discussions 0
S ISO 9001:2015 Clause 9.3.2 - MR (Management Review) - Adequacy of resources ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S How can I justify adequacy of USB connector soldered on the product Reliability Analysis - Predictions, Testing and Standards 4
K How can I justify adequacy of Frequency of Testing in my Testing Plan Reliability Analysis - Predictions, Testing and Standards 8
L ISO 9001 Clause 7.3.2 Design & Development Input - Adequacy, Complete, Unambiguous ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Suitability, Adequacy and Effectiveness Examples ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
S Document Approval for Adequacy Prior to Use Document Control Systems, Procedures, Forms and Templates 10
J Adequacy of specified purchase requirements - Clause 7.4.2 - Should be reviewed? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
M Different types of audit definitions - System, Adequacy, Product, Process, Compliance Internal Auditing 5
B Stage 1 - Adequacy Audit (pre-assessment) - University - What do they look for? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Par.5.6.1 Demonstration of suitability, adequacy and effectiveness of QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4

Similar threads

Top Bottom