ISO 9001:2000 - Required Procedures or minimum required number?


paula bompa

Required Procedures

Is there a certain number of procedures imposed by the new standards (or a minimum required number)? Because as far as I studied the standards and the discussions I managed to make an impression regarding the content and look of the QMS manual, but I understand that it is not necessary to have a procedure for each sub-clause. Please advice me regarding this and/or tell me where I can find more details.

Martin Bailey

According to mu tutor for an IQA course I am attending. You are only required to write
six written procedures for Year 2000 revisions. I am not sure what these are though.
Hope this helps.
Best regards

David Mullins

Should have read further. (42 is the answer to life, the universe and everything - not 6)

There has been considerable discussion on this point, one example being:
ISO 9001:2000 Documentation Requirements

My offering in that thread was:
“It's intersting that these relate back directly to those areas that typically the "Quality Section" of a company is responsible for. This kind of suggests that it is the bare bones approach, and that if you do anything that adds value, beyond the QA stuff mentioned, then you'd better be able to back them up with something as well.”

This bare-bones SIX approach is crap, you could roll them all into one procedure if you wanted to, but you wouldn’t, because it doesn’t make for concise, compartmentalized reading, comprehension and adherence/compliance (or even auditing).

Martin, please tell us what your IQA tutor said about what should be in a quality manual - I can’t wait to hear that one! No wonder consultants have such a bad rep when they sprout garbage.

As you can tell this is an emotive subject for me. Why? Because quality systems (and quality managers) have been losing their credibility thanks to inexperienced low IQ consultants who flog generic management systems to unsuspecting companies and the companies are in turn registered/certified by corrupt registrars.

My new employer is ISO9001:1994 certified, and a great case in point. They have next to no objective evidence, a very thin collection of system procedures (4 of which cover the same topic under different headings) and next to no control over anything. They want to expand the certification to a global one for all their offices (my job). I’ll be busy righting past wrongs – and with a different third party auditor – AND I’LL BE USING MORE THAN SIX PROCEDURES.

ISO should come up with a scheme to reinforce the validity of a certificate/registration - oh, that's right, they're the third party auditors, D'oh, click, bang .......


[This message has been edited by David Mullins (edited 04 January 2001).]


Along with (or included in) the QM, ISO 9001:2000 requires documented procedures for:
1. Document Control
2. Records
3. Nonconforming Material
4. Internal Audit
5. Corrective Action
6. Preventive Action

[This message has been edited by stefanson (edited 04 January 2001).]


Thank you for your replies. I am still in some kind of dark here. I work for a company involved in maritime transportation and we are trying to develop a quality and safety management system, according to ISO 9000:2000 standards and ISM code. We had a quality manual and procedures written together with a consultant, according to the old standard and now we're trying to map to the new one.

I understand from the discussions in this forum that I have to refer/address every clause of the standard(s) in the manual and procedures. I found somme comments that the new standards (will) allow us to have less documents, but as far as I read, I feel the bunch of procedures needed grows and I don't quite know where to stop and how to start.

If you, please, have any sugestions, help me.

Have a quality day! :)


Fully vaccinated are you?
The 'new' ISO allows for fewer dictated procedures. This addresses some issues such as type of business / size of business. A 10 person distributorship will typically 'need' less documentation than a semi-conductor fabrication plant with 5000 people.

Nope - I do not see a change from the 1994 standard. It has always been that the minimum 'required' procedures were not enough for 98% (my guesstimate) of companies. Probably, really, 100%. Now, as before, you have to be ready to explain what you document and why and what you do not document and why. You do thius with consideration to training, etc.

How far you go in documenting has been a question since the standard first came out. It has been discussed in the old forums here as well as these forums in numerous threads - although I don't recall a recent thread. There is no way to do this except to say you end up with an evaluation of what documentation you have and why. What documentation is necessary for each person to do his/her job? Why?

If there is 1 thing I really think is beneficial about implementations, it is the 'opening of the eyes' which has to occur. If there is 1 big problem, it is how many companies over document.

My opinion is that the number of 'required' procedures dictated is not relevant. Each company will have to document more than the minimum now just as they did before. And the acid test will not change: Audiror questions: What did you document? Why? What do you NOT document? Why?


Fully vaccinated are you?
> I understand from the discussions in this forum that I have to refer/address
> every clause of the standard(s) in the manual and procedures.

This is why I preach (!) the approach of taking the standard and making it your quality manual. It is here that you address every line item in the spec.

You may 'address' a line item by saying you don't do it. If there is a reason (there should be) you briefly state why. This mostly applies (not doing something) to the 'concept' introduced - exclusions (as opposed to the old ISO 9001 vs ISO 9002 vs ISO 9003).

Where you do do something, you cite your reference in the quality systems manual or matrix.

So - when I say you have to address every line item of the standard, I mean you either say you do it (and cite reference to your documentation) or say you don't do it and why.

There's more common sense here than meets the eye.

You say you're maritime - so you're probably want to integrate requirements. See for a simple requirements integration matrix. For an expanded version, as well as the integration of your company documentation, see QS-Req.pdf in the pdf_files directory.

[This message has been edited by Marc Smith (edited 09 January 2001).]


Honestly I am glad you said this, because often I thought I should do this (obviously adapt the content a little) but then, I was afraid that one could say that this is a bad approach since it is "required" that the manual should be specific to the company's activity and should state, in simple words what you do and what you don't do. So, regarding the manual, I have this approach and I also had the example of quality manual issued according to the FDIS release of the standard.

And still i am kind of locked with the procedures. I decided we shall have a "quality and safety policy manual" and a "quality and safety procedures manual". For the first one I'll use this approach ... of using the standard (its structure, with a touch of personalised input) (thanks again for re-confirming the idea that this approach can be used) and our management policies and also I'll state the exclusions and reasons for them. And in the second one, I'll use the procedures we allready have, trying to re-organise them if needed and to re-phrase some of the terms used.

Do you think it's a good idea? At least to start from?


Fully vaccinated are you?
Take a look at Doc_Matrix.pdf in the pdf files directory. It shows how simple documentation can be in a small company.
Top Bottom