Engineering SOPs

Sidney Vianna

Post Responsibly
Leader
Admin
Where is it required in the ISO standard that a SOP has to be mentioned?
7.5.1 b)

The old paradigm of quality system as a collection of documents is hard to kill. Documentation serves the only purpose of defining (business) processes. If the organization decides they need to develop procedures, instructions, aids, drawings, manuals, software, whatever to assist the definition of a process that has implications with product conformity and customer satisfaction, 7.5.3 requires such documents to be controlled.
 

Golfman25

Trusted Information Resource
7.5.1 b)

The old paradigm of quality system as a collection of documents is hard to kill. Documentation serves the only purpose of defining (business) processes. If the organization decides they need to develop procedures, instructions, aids, drawings, manuals, software, whatever to assist the definition of a process that has implications with product conformity and customer satisfaction, 7.5.3 requires such documents to be controlled.
Ok but the organization has determined these don't fall within their QMS (rightly or wrongly). So I am not sure where they have to "mention" them. And frankly, I have no idea why they are "hiding" them -- they sound like the might actually be helpful. I am just trying to get over the accusations that they somehow had "bad" auditors.

I have learned the hard way never to show an auditor a document they didn't ask for -- had one ding me for an orgchart that had been reviewed by auditors the past 20 years with no issues, just because she didn't like it.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Ok but the organization has determined these don't fall within their QMS (rightly or wrongly).
That's not how it works. If an organization has developed an extensive set of procedures related to product design processes, new product introduction, etc....those documents DO FALL in the scope of the quality management system. If they have "determined" otherwise, they are either ignorant of what a QMS is or just trying to play games with a CB auditor.
 

Golfman25

Trusted Information Resource
That's not how it works. If an organization has developed an extensive set of procedures related to product design processes, new product introduction, etc....those documents DO FALL in the scope of the quality management system. If they have "determined" otherwise, they are either ignorant of what a QMS is or just trying to play games with a CB auditor.
Well it's clear they have some ignorance. My guess is the documented SOPs came long before ISO -- so they have a disconnect there. But if the standard gives us discretion to determine "documented info," and we have something we don't believe is part of the the QMS (again rightly or wrongly) how can it be an issue. They don't have to have them. Could they not burn them right in front of the auditor and say "no longer needed."
 

Sidney Vianna

Post Responsibly
Leader
Admin
Could they not burn them right in front of the auditor and say "no longer needed."
If they are going to destroy their intellectual property, just not to be held accountable to follow their own processes and not getting dinged by an external auditor, they have much bigger problems than keeping their ISO cert.

And, any auditor worth their W2, would destroy that inane approach. Any complex process that is undocumented and executed by multiple people would easily be assessed as ineffectively implemented, after 2 or 3 interviews. Just the suggestion of "burning" their documentation shows the organization to be less than serious. At the end of the day, it always boils down to the choices between:

1. passing audits and keeping a certificate or
2. having a system that enables the organization to prosper, learn and improve.

Most registrants fall in 1. Pity the fools.
 

Golfman25

Trusted Information Resource
If they are going to destroy their intellectual property, just not to be held accountable to follow their own processes and not getting dinged by an external auditor, they have much bigger problems than keeping their ISO cert.

And, any auditor worth their W2, would destroy that inane approach. Any complex process that is undocumented and executed by multiple people would easily be assessed as ineffectively implemented, after 2 or 3 interviews. Just the suggestion of "burning" their documentation shows the organization to be less than serious. At the end of the day, it always boils down to the choices between:

1. passing audits and keeping a certificate or
2. having a system that enables the organization to prosper, learn and improve.

Most registrants fall in 1. Pity the fools.
I think you're missing the point. It's been alleged some type of nefariousness by the company and/or auditors because these "SOP" where not uncovered during an audit. The company doesn't believe they apply because they aren't "quality" related (Ok they made a mistake, it happens. Doesn't mean they aren't using them. Doesn't mean they aren't controlled. Doesn't mean they aren't helpful.) The auditor arrives and says what to you do here, and what do you do there. Employees say I do this and I do that, not once referencing the SOPs because they don't need to. Auditor verifies compliance to the standard and heads home. Where is the issue?

As I said, I can't remember the last time we have referred to a specific SOP during an audit in the past 10+ years. It just doesn't come up these days. Auditors are more concerned about whether what we do complies with the standard more than anything. We show them all types of documents -- inspection forms, purchase orders, work orders, logs, etc. But never a specific procedure.
 

Sidney Vianna

Post Responsibly
Leader
Admin
No, I think you are the one missing the point. You might be used to incompetent auditors who don’t know how to perform basic auditing techniques and you think that is the new normal.

As someone who performed hundreds of management system audits, screened, hired and mentored tens of lead auditors, taught lead auditor classes, so on and so forth, I am telling you: any auditor minimally competent to perform their job would seek the necessary resources to assess if processes are effectively implemented and deliver the expected results. To that effect, they MUST ASCERTAIN if the organization has developed documented information to define and monitor such processes. Secondly they must assess if the requirements described in such documented information are being complied with. If an auditor is not doing that basic concept, they are failing miserably on the assignment.

There is no conformity to ISO 9001 if the organization is not following their own internal process requirements.
 

Ashland78

Quite Involved in Discussions
Okay, I'll bite...what do you think the difference is between a Management system and (an) ISO (system)?
ISO is more for manufacturing perhaps. Management System could be for technology, software, maybe. This is a good question. ISO and IATF are very much "Quality" management systems.
 

Golfman25

Trusted Information Resource
No, I think you are the one missing the point. You might be used to incompetent auditors who don’t know how to perform basic auditing techniques and you think that is the new normal.

As someone who performed hundreds of management system audits, screened, hired and mentored tens of lead auditors, taught lead auditor classes, so on and so forth, I am telling you: any auditor minimally competent to perform their job would seek the necessary resources to assess if processes are effectively implemented and deliver the expected results. To that effect, they MUST ASCERTAIN if the organization has developed documented information to define and monitor such processes. Secondly they must assess if the requirements described in such documented information are being complied with. If an auditor is not doing that basic concept, they are failing miserably on the assignment.

There is no conformity to ISO 9001 if the organization is not following their own internal process requirements.
I guess I have had 20+ years of bad auditors then. Never have we been specifically audited to a SOP of our own. They have always been used as evidence to support compliance with a section of the standard.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Never have we been specifically audited to a SOP of our own.
I am flabbergasted. Any auditor who does not spend time understanding the organization's own requirements for their processes (what typically requires reviewing documents describing how processes are effected and monitored) so they can assess degree of conformity is utterly incompetent. Auditing by gut-feeling and auditing solely to the requirements of a standard, e.g. ISO 9001, is not what 3rd party auditors should be doing. Anyone minimally qualified as a professional auditor knows that the definition of a nonconformity is "failure to comply with requirements". What are the source of requirements typically covered during a management system audit?
  • Regulations
  • Standards
  • Customer requirements (contracts, PO's, specs, drawings, etc.)
  • organization self imposed requirements (including SOP's)
  • Etc
Since we have many professional and experienced auditors in this forum, they might chime in.
 
Top Bottom