Tom W said:
This is the old stand-by: "Say what you do, do what you say". However, you need to be reviewing the documentation to the standard to ensure compliance to the requirements. If you just audit to what you want to do, and you change the way you do something through the audit, you might be impacting the ISO requirements in your documentation.
I think we agree that you address the requirements of the standard by developing how you do things, then you just improve on how you do them.
We do the same thing, with the exception that we audit our entire system documentation once a year against each SHALL. We ensure that each shall is addressed appropriately; and also note where it is addressed for easy refernece.
I know we need to be sure changes to our system still comply with ISO, but with an office of just 6 people, and currently about 18 shop people, nothing major is likely to change with out me knowing about it, especially since I'm also responsible for document control.
ISO is important to us, but ISO9k2k at its core is common business sense. Most "GOOD" businesses should be doing most of what ISO recommends. Not every business may have done it "officially" or kept very good records on certain things (corrective actions, continuous improvement, etc). Our opinion is a SMALL company should not have any problems following the ISO "structure" because most of the SHALLs and SHOULDs make perfect sense to a small company that is interested in improving itself. *shrug*
We have big Trucking QS customers that dictate to us, but we can tell they are MUCH MORE SCREWED up than we ever were, yet they think QS will keep them running as a "quality" company. Not based on what we see. *shrug*
Size/desire really does matter when it comes to Auditing and following a standard's intent.
*puts away soapbox*
