Documents of external origin not identified? ISO9001 Clause ISO 9001:2000 5.4.1

[Gary E MacLean]

Wow, Gary... To be this passionate on such a tiny issue, I am indeed surprised.

I have performed a little over a 1000 3rd party audits. Somewhere back in the first 50 or so, I might have agreed, but, I moved on very early.

You have to be kidding. The OP even stated he does not follow the maintenance in the manual. He used it as a starting point.

You may review my other comment in this thread, to see my reasoning...

Some things just get to ya. My passion stems from I guess having seen so many problems in the control area. It may seem tiny but without the right information, or worse yet, with the wrong information, you have big potential for big problems.

Yes, he used the manual for a starting point. But that is not my reasoning for controlling the manual. I try to equate every ISO / TS related situation to real life; you know every day things. I buy a new printer for my office I file the owner's manual in a three ring binder with all the other manuals. I may never look at it again but on that occassion I do need it I do know where it is.

Certainly not to use myself as an example but I have the manual for every piece of equipment in my tiny olittle company. I reference some of them periodically and others never but still others almost all the time. The manual for my Visa / Mastercard machine is already dog-eared; %$#@@#& 6%$#@. The machine is a monster! I am so glad I have kept the manual. I am so thankful I keep it available right there by the machine. And I am happy I laminated the pages I use the most.

I am at a company right now where we are trying to figure out the capabilities of each piece of equipment. Not statistical but output wise. Fortunately, one of the operators said "Here you go, I have every manual right here." What a savings of valuable time.

However, if the manual has disappeared and things are still running just fine that means they really do not need it. So, just as in an earlier post; if I can take it away and not bring it back and you won't cry about it then no, it does not have to be controlled. But if you want it back then control it.

 

[Gary E MacLean]

I don't understand. In a previous post you said that "occasionally" calling the OEM and verifying that the maintenance manual is still up to date is part of "controlling" maintenance manuals. So, you must expect the organizations you audit to have such process in place. Otherwise, how do they ensure that their maintenance manuals are "controlled"?

That post you reference is a list of "suggested methods." There really is no criteria for what method is to be used, those I listed could be used but do not have to be. Back in the days of Targets for Excellence GM auditors expected such a program to be in place. I learned from their expectation and discovered that it could be a good thing so I do use it as a suggestion but I don't mandate it.

Now, in the case where a certain piece of equipment's maintenance manual has become an applicable document because it is used for instruction and guidance, yes I would expect something in place whereby the organization pro-actively determines the relevancy of the version of document they have. They can be as creative as they want I just want a good answer to;

"How do you know ths is the relevant version?" ISO 4.2.3.d

If we allow ourselves, as a group of auditors, to ignore individual requrements based upon our own 'better judgement' or what we would like to see in place we are contributing to the breakown of the overall international system. It really doesn't matter if I care whether they control their documents or not. Until ISO quits making document control a part of the standard I will expect all 'relevant' documents to be controlled in accordance with the requiremets of the standard.

 

[Sidney Vianna]

If we allow ourselves, as a group of auditors, to ignore individual requrements based upon our own 'better judgement' or what we would like to see in place we are contributing to the breakown of the overall international system. It really doesn't matter if I care whether they control their documents or not. Until ISO quits making document control a part of the standard I will expect all 'relevant' documents to be controlled in accordance with the requiremets of the standard.

I really don't think that bringing the How to Add Value during the audit process document to your attention will give you another epiphany but others might see the light when they realize the need for a change of approach to auditing. Even the ISO TC 176 believes that auditors need a change of direction when they provide advice such as:

Adopt a “holistic” approach to evidence gathering throughout the audit, instead of focusing on individual clauses of ISO 9001:2000.

So, you keep on auditing to make sure that all requirements are covered, but remember: Frankenstein had all the body parts in place.

 

[Gary E MacLean]

I really don't think that bringing the How to Add Value during the audit process document to your attention will give you another epiphany

No, you were right about the epiphany thing (but I do still thank you for the other one you provided - I am still digesting) Still, this document"How To Add Value During The Audit Process", refers to "Conforming to ISO 9001:2000, often, very often. Some quotes from this document;

"Conformity to ISO 9001:2000 relates to the ... extent to which the QMS meets the requirements of ISO 9000:2000"
"It is important that all identified non-conformities are reported..."
"...what needs to be done...to meet the requirements of ISO 9001:2000"
"...failing to report all detected nonconformities...adds no value..."

One very interesting statement; regarding writing even the most minor NC

"In these situations, the auditor might be accused of being pedantic or even bureaucratic, so it is important to be able to demonstrate the relevance of the non-conformities that are being raised."

Absolutely, that is one of the reasons I don't write it if I cannot relate it to either their own system or to the standards.

I appreciate you providing the link to this paper. It was a good read and I can actually use it in future auditor classes to enforce the
"write 'em if they got'em"

approach I already present.

A change of approach to auditing - yes but a change to not writing NCs - no. The approach to auditing has always been the difficult part. It really isn't too hard to find things that do not comply, it's how you go about it.

So, you keep on auditing to make sure that all requirements are covered, but remember: Frankenstein had all the body parts in place.[/SIZE] [/FONT][/FONT]

I have no retort just that I like the comparison

 

[Helmut Jilling]

...this document"How To Add Value During The Audit Process", refers to "Conforming to ISO 9001:2000, often, very often. Some quotes from this document;

....One very interesting statement; regarding writing even the most minor NC

"In these situations, the auditor might be accused of being pedantic or even bureaucratic, so it is important to be able to demonstrate the relevance of the non-conformities that are being raised."

Absolutely, that is one of the reasons I don't write it if I cannot relate it to either their own system or to the standards.

I think somehow we are speaking at each other, not with each other.

Of course we have to conform to the requirements.

And, of course we have to write up nonconformities. We are debating what constitutes a valid nonconformitiy.

None of us are correct all the time. I am sure I write some NC's that my clients think are insignificant, but I try to continually calibrate so I can be better. I don't want to cram anything down their throats.

The purpose of doc control is to ensure documents and information are accurate and up to date. The manuals don't get revisions over time (unless there is a major safety recall) therefore they are by default meeting the requirement. But, as I said previously, if they become a formal part of their system, then they may reach the point of needing to be officially controlled. Owner's manuals often don't reach that level and truly are reference documents.

I appreciate you providing the link to this paper. It was a good read and I can actually use it in future auditor classes to enforce the
"write 'em if they got'em"

approach I already present.

A change of approach to auditing - yes but a change to not writing NCs - no. The approach to auditing has always been the difficult part. It really isn't too hard to find things that do not comply, it's how you go about it.

If there is an NC, it has to be written. Where we disagree is what constitutes an NC in the first place. Some judgement is necessary, sometimes.

If you are teaching other auditors, I would encourage you to seriously evaluate whether it is time to modify your approach. Some reading of articles and books written by the writers of the ISO 9001 2000 version might be enlightening. Remember, the USA ISO TAG group voted against TS-16949 acceptance largely over this very issue about doc control.

You are a smart guy, Gary, but don't ever get set in your ways. We must always strive for continual improvement.

 

[Helmut Jilling]

...If we allow ourselves, as a group of auditors, to ignore individual requrements based upon our own 'better judgement' or what we would like to see in place we are contributing to the breakown of the overall international system. It really doesn't matter if I care whether they control their documents or not. Until ISO quits making document control a part of the standard I will expect all 'relevant' documents to be controlled in accordance with the requiremets of the standard.

I don't think any of us advocated "ignor(ing) individual requrements based upon our own 'better judgement" because that would clearly be a violation of our accreditation. So, let's put that out there VERY CLEARLY!

However, applying a little common sense and judgement as to what is relevant, and understanding where the ISO standards are going, IS CLEARLY part of our charter and training.

I think you and I both clearly understand there is a difference there.

 

[Gary E MacLean]

And, of course we have to write up nonconformities. We are debating what constitutes a valid nonconformitiy.

Unfortunately, you are right. Unfortunately we do not have a long list of conditions that dictate a NC. Unfortunately the decision is left up to a myriad of auditors - each with a different view on what must be and what cannot be. Hopefully, eventually, views and opinions can come together and we, as a group, can at least agree on the fundamentals of "is it or isn't it."

None of us are correct all the time. I am sure I write some NC's that my clients think are insignificant, but I try to continually calibrate so I can be better. I don't want to cram anything down their throats.

As do I. I have changed so significantly over the ten years of being independent it almost shocks me. Things I would never have tolerated years ago now seem to go unnoticed. But this is in the big picture. This thread originally centered on the identification and control of external documents. If we go back to that premise, external documents means more than just equipment manuals; ISO standards, AIAG Reference Manuals, Drawings, prints, specs, ASTM, SAE, and on and on. Somewhere in there, there is still a need to clearly identify and control these things.

The purpose of doc control is to ensure documents and information are accurate and up to date. The manuals don't get revisions over time (unless there is a major safety recall) therefore they are by default meeting the requirement.

Perhaps the written document doesn't get changed but the equipment often does; removal of safety devices, changing direction of output, changing method of material delivery, I have seen all of these changes and more. Suddenly, the equipment no longer matches the manual. So something has to be fixed. If the manual is not controlled though it will not get the attention it needs.

But, as I said previously, if they become a formal part of their system, then they may reach the point of needing to be officially controlled. Owner's manuals often don't reach that level and truly are reference documents.

This really is the key. ONLY if the subject external document is a part of the system does it need to be controlled. As I stated in an earlier post "...if that manual becomes an applicable document then it needs to adhere to all ISO requirements..."

If there is an NC, it has to be written. Where we disagree is what constitutes an NC in the first place. Some judgement is necessary, sometimes.

I actually think we are closer to thinking alike than either of us realize. The "applicable document" concern brings everything back down to a workable level.

Remember, the USA ISO TAG group voted against TS-16949 acceptance largely over this very issue about doc control.

Yes, I know. This is another thing that bothers me. ISO 9000:2000 is not the only standard in the system. Trainers, auditors, consultants, all of us have to be prepared for TS16949, AS 9100, OFI 9000, and all the other hybrids, whether they are exactly alike or not.

You are a smart guy, Gary,

OK, that's the last word. That's what I was waiting for Just a little conceptual validation

but don't ever get set in your ways. We must always strive for continual improvement.

I have changed dramatically but I do have the tendency to get bogged down with one idea. But you, with one reference, have changed my thinking entirely on what those six document references really are. So I can still change at the drop of a hat - that's a good sign.

Thanks for a healthy exchange - I've enjoyed it and probably will continue to do so.

 

[Sidney Vianna]

Thanks for a healthy exchange - I've enjoyed it and probably will continue to do so.

Me too. I want to mention that as auditors we have been brainwashed trained to audit for conformance. The underlying idea was: if the system conforms to ISO 9001, it will perform adequately. However, tremendous amount of anecdotal evidence show that many conforming systems do not perform adequately. Because of that, some are attempting to change the way third party assessments are conducted. While conformance is important, performance is much more.
Auditing for performance is not easy. The status quo is too strong against it. The paradigms are too ingrained. The whole system is built around conformance. I have a feeling that if we were to poll the Cove membership if they wanted their external auditors to perform assessments on conformance vs. performance, conformance would win 3 to 1. But that is OK. A large chunk of ASQC members were against dropping the C.

And PS. In this discussion, I was focusing strictly on maintenance manuals, not documents of external origin, in general.

You guys enjoy your weekend.

 

[Jim Wynne]

And, of course we have to write up nonconformities. We are debating what constitutes a valid nonconformitiy.

If there is an NC, it has to be written. Where we disagree is what constitutes an NC in the first place. Some judgement is necessary, sometimes.

Unfortunately, you are right. Unfortunately we do not have a long list of conditions that dictate a NC. Unfortunately the decision is left up to a myriad of auditors - each with a different view on what must be and what cannot be. Hopefully, eventually, views and opinions can come together and we, as a group, can at least agree on the fundamentals of "is it or isn't it."

What's missing is the idea of a third-party audit being a sort of collaboration with the auditee, rather than a police action. In the present instance, the OP has made what he feels to be a rational decision regarding control of external documents, and the auditor has formed a different opinion. What's needed is for the two parties to sit down and consider what's best for the system, putting egos aside as much as possible. No matter how well the standards are written, there are still going to be subjective decisions, or "judgement calls" as they say in baseball. My own opinion is that there should be a special category of nonconformance, perhaps called "nonconforming but not systemic." There's no value added by writing up outliers, but there is good reason to call attention to them.

 

[Helmut Jilling]

What's missing is the idea of a third-party audit being a sort of collaboration with the auditee, rather than a police action. In the present instance, the OP has made what he feels to be a rational decision regarding control of external documents, and the auditor has formed a different opinion. What's needed is for the two parties to sit down and consider what's best for the system, putting egos aside as much as possible. No matter how well the standards are written, there are still going to be subjective decisions, or "judgement calls" as they say in baseball. My own opinion is that there should be a special category of nonconformance, perhaps called "nonconforming but not systemic." There's no value added by writing up outliers, but there is good reason to call attention to them.

Excellent discussion. That category used to be somewhat addressed by "Opportunity for Improvement" but the AB's are really crunching down on using that in a practical way. Clear NC's have to be written of course, but outliers could be handled that way.

If the standard is unclear on something, the auditor should not take it upon himself to add "normative" text to it.