Examining Common ISO 9000 Misconceptions


Don Winton

My apologies for not responding to this thread sooner. I have a client that is preparing for a State inspection and the last couple of days have been hectic. Christian, “approved” does not mean a signature is required, nor does the standard require “signatures” unless you are a “regulated” industry. The company’s procedures shall state when review and approval is accomplished. No more, no less. Of course, objective evidence is required, but this evidence should be the company’s, not the assessors. As far as continuous improvement is concerned, that is a different story. When a company decides to adopt a quality standard as their business core principle, the company decides which practices are best for them, with the primary goal being “to stay in business.” Customer satisfaction, making money, etc. Barb, preconceptions are not to be allowed or to be tolerated. I agree. The assessors job is to obtain objective evidence of “compliance or noncompliance.” No more, no less. I have stated earlier that when an assessor “suggests” things required for compliance, this is a no-no. I also agree that some (not all, by no means) consultants may try to mold a company’s policies and procedures to their (the consultant's) mold, not the standards. Things adopted by the company may not add value, but an assessors job is not to determine this. Again, “compliance or noncompliance” is the issue for them. Barb, a company with 5 or 10 employees do not need reams of paperwork or unnecessary documents to comply (see misconceptions above). As a matter of fact, other than the costs, small companies are the easiest to register. That is the magic and magical purpose of ISO 900x. It IS that flexible. There is much benefit to using ISO 900x to improve a business operations. This is determined by the company, and company only. The purpose of the list was to highlight what those who do not know try to know. By the way Marc, DCAS was my most driving force to be in this business (doing things right, not by the so-called rules). I have a good story I will forward at a later time.


Fully vaccinated are you?
ISO 900x Misconceptions

Common Misconceptions:

1) The standard requires that you document what you do and do what you document
2) You have to appoint a Quality Manager
3) Job descriptions are required
4) Everyone should be able to recite the quality policy
5) All out of date documents have to be removed
6) All purchases have to be from approved suppliers
7) Purchase orders must be signed
8) doucments have to carry an approval signature
9) There has to be only one index of documention
10) Work instuctions are required for all operations that affect quality
11) All measurements have to made with calibrated instruments
12) All verification activities have to be performed by staff independant of those responsible for the activities being verified
13) The location of items in stock has to identified
14) Records of corrective actions have to be retained for a defined period
15) All auditors have to undergo formal training
16) All incoming supplies are subject to receipt inspection
17) Storage areas have to be locked at all times
18) The quality record requirements apply to all records.
Any comments folks?

Pat Cooke

You certainy know how to get attention; I was told that at least 3/4 of your list are absolutes! Especially the first..."it's just like OSHA, if it's not written down it didn't happen". Help; we are just at the desk audit stage and I don't want to expend energy where it isn't needed. Could you clarify please?


barb butrym

Quite Involved in Discussions
Well, definetely a list of COMMON misconceptions. I hear them all the time. lets start with just one shall we.

"Job descriptions are required. "
Well, responsibilities and authority must be clearly defined for all activities effecting quality. People use the job description as one means of assigning responsibility, and delegating authority. Its also a means of identifying training needs and resourses. By no means the only way of providing this information.....the confusion is a result of non creative-people deciding they need to see a job description in order to have evidence of the requirements. Consultants also add to this misconception by leading their clients down that road.



I'll take the next one.

2. You have to appoint a quality manager.

the standard tells us we have to appoint a "management rep.", in fact it is better if the rep. isn't the Quality Manager he is busy doing other things. ;)

Don Winton

I will take #5. Refer to 4.5.2(b). The KEY point in the statement is "or otherwise assured against unintended use." Just identify obsolete documents as such and state that you do so in your procedures.

Pat Cooke

I'm still listening. You've already identified one and that was the job description. I was told by my "auditor" that I had to have them.
thank you.....I do love learning the right way

Don Winton

I will probably take some flack for this one. Try #10. This misconception stems mainly from section 4.9(a) which states "documented procedures defining the manner of production, installation, and servicing, where the absence of such procedures could adversely affect quality;" The key phrase here is "where the absence of such procedures could adversely affect quality" Justify the lack of the procedures (read work instructions) by the best method suited for your operation and back up with objective evidence and work instructions are not required. Period. For example, give a master machinist a drawing and the proper machine(s) and say "make 300 of these." He will supply you with the 300 pieces, to print, without further instructions. Remember, ISO 900x and registrars work for you, not you for THEM. By the way, any auditor (assessor?) that tells you what you must do is NOT an ISO assessor, just some "consultant."
By the way Marc, I would appreciate your input to my interpretation. Thanks, Don


Fully vaccinated are you?
First, I apologise to everyone for posting this list and not paying attention. My central AC went out and it's a 30 year old unit so it's replacement time. And, as some of you know, I'm doing a couple of months of Yard Duty and the recoil starter on my chipper broke. And I wanted to try to stabilize this new forum software. Etc, etc, etc... So - I'll try to address the issues.

Don - You are 100% correct and said it in a lot fewer words than I would have used.

As barb said:

--> ...the confusion is a result of non creative-people

--> deciding they need to see a job description in order to have evidence of the requirements.

Something I try to tell my clients is:

What is the intent and how do you comply! Please explain to me how you meet the intent. And this is evident through out. Look at the current MSA 'controversy'. For the last year MSA has become a registrar Hot Button. It's damn simple if you understand that MSA is simply a high level system that *someone* in a company has to understand. And, if you're a big company your design engineers and process engineers *should* also understand. It's a niche specialty which should be part of an engineering education - and it doesn't appear to be (my degree is in biology if that telly you any thing). I learned MSA in college in the context of chemistry, physics and biology. Measurement is very important in those focuses. So it makes sense to me. Understanding the dynamics and variables is important.

And - don't forget. Just like Debate in college - Folks - This is a War of Words.

The registrars are looking for someone to explain how a company meets the intent of every section and each element within each if only to say "We don't do that and this is why..." with a valid explaination - like the machinist in your example. Which requires thought and understanding. I tell my clients up front - I'm a consultant but I am like a piano teacher. I can teach you how to play it faster than you can learn yourself and I can help you avoid the common pitfalls. But when it comes time for the concert I can only give (thanks, Dad) Moral Support.

Pat - If you take a look at each of the items in the list there is a good thought with each. What I mean is challenge yourself with each number. Cay you think of a contradiction for each? You have to look at every word in the line item and think about it and contrast it to the words of the requirement. Can you describe the intent of the element or section?

Take this one: ;)
--> ...14) Records of corrective actions have to be retained for a defined period...

Can you think of a place where the standard specifically requires this? Can you think of an instance where one might be kept longer than whatever your defined minimum is? Or do you have a minimum defined period?

Look at 4.16 and see what it says. Don't confuse with QS9000 requirements. The closest it comes is to say "Retention times of quality records shall be established and recorded." Is your CA report specifically defined within your system as a quality record?

The point of all this is there are times when you meet the intent but it might not be in the paradigm of the auditor in which case you have to 'educate' the auditor.

An example of this is 4.20 Statistical Techniques. It says you have to "...identify the need for..." - which is the key to the sentence. It doesn't say you have to use any. Period. I went through this with an auditor who had a very hard time with us explaining that we investigated where statistical techniques would help and found none.

Scenario: Small 14 soul company. No turnover of any employees in almost 10 years. Mix bulk chemicals for cleaning metal parts. Noting precise at all. Empry bags or barrels into hopper. Mix. Package in drums. Both powder and liquid product 4 mixers each for 8 total mixers. No customer complaints in years but then the guy who owned the companies visited every customer regularly. Only QA test was specific gravity (big deal). Tolerances wide. Limits established. long established, stable process. No desire to expand customer base. No desire to get into automotive business. It was like a happy little family

So - where would a statistical technique help? The guy doing the QA checks had been there for years. He didn't need a graph to tell him what the process is doing. Again, their product was so basic with such wide tolerances that we're FAR from rocket science. I will admit I did not find the place particularly aggressive. They're just nice people who are in some ways a throwback to the 60's. In a way I'm jealous, as a matter of fact. The old 'simplier time' thing. At work at 7, leave at 4. Every day. Rarely any overtime or anything. As I said - I was/am impressed. anyway, I digress...

The auditor finally bought it (no ST needed - intent met with proof 'opportunities' for ST were investigated and the need is re-evaluated yearly in their management review meeting). And the company is happily(?) registered...

Has this confused the issue or has it made sense? I can take criticism! I just can't spell worth a damn.


Fully vaccinated are you?
This is a decent 'Words are Important' example:

--> Subject: Re: Q:Quality policy/Darracott/Naish/Andrews
--> Phyllis wrote (in part),
--> <While I agree an auditor either internal or external should not dictate
--> how that measure is to be accomplished, there seems to be a clear
--> requirement that the measure be taken and evaluated.>
--> Determination of the effectiveness of the quality SYSTEM and measurement
--> of progress toward the objectives stated in the quality policy. Not
--> measurement of the effectiveness of the quality POLICY (not a requirement).
--> It may seem like splitting hairs to some; however, accurate and proper
--> interpretation of the requirements of the ISO 900x Series of Standards is
--> essential (especially to those that garner a living from helping others to
--> interpret it).
--> Ethan
Top Bottom