Potential Issues for Auditing ISO 9001:2015

Colin

Quite Involved in Discussions
#1
A colleague and I were discussing the upcoming changes to ISO 9001, based on the CD and we got to thinking about the implications for auditing it.

If it remains as in the CD, the mandatory documentation consists of:

a) documented information required by this International Standard
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.


how will auditors choose to interpret what is submitted? How will a stage 1 audit change compared to now? What measures will be used to determine the effectiveness of the QMS? Will this be an open invitation to a certain type of consultant to put in systems with no documented quality manual and procedures at all?

I would be interested to hear your views.
 

Sidney Vianna

Post Responsibly
Staff member
Super Moderator
#2
Colin, thanks for triggering this discussion. The broader aspect of auditability against ISO 9001:2015 is something that concerns me. In my ISO 9001:2015 Revision Discussion Group, I had created a specific discussion on that topic - http://lnkd.in/r6pNaD - not much traffic there.

Hopefully your discussion here will gain more traction.
 

Marc

Retired Old Goat
Staff member
Administrator
#3
It would be good to differentiate between New Registrations and Existing Registrations as well. Will a company with a current ISO 9001 certification (aka registration) throw away it's quality manual because it is no longer "required" per se?

Yup - A lot of $$$ will be spent as the boat zig-zags again.

NOTE: Also see --> Required Documents/Records in ISO 9001:2015
 

Colin

Quite Involved in Discussions
#4
I must admit Sidney that I hadn't seen your discussion, I don't use LinkedIn a lot, but perhaps the lack of response is symptomatic of the usual 'head in the sand' approach we have seen from previous revisions - I well remember dragging companies through the revisions late in 2003 (the end of the transition period).

Good point Marc, I hadn't thought of existing companies throwing away their quality manuals, I was thinking more about new registrations. But then most companies I have been to with 14001 & 18001 have a manual and neither of those standards demand one.

As I indicated in my OP, my main concern is one of consistency (or lack of), we have enough of that already.
 

AndyN

A problem shared...
Staff member
Super Moderator
#5
One issue which comes to mind is that with even less emphasis on documents being needed, some auditors are going to really struggle to a) determine what the process actually is and b) how to verify it's operating. Simply, because it means they have to speak to people! And we know, all too well, that there's a number of auditors out there who like to sit in conference rooms mulling over documents!

Further, their note taking skills are going to have to improve a lot. Hearing about a process and then comparing what you've ben told is a challenge, without note taking - anyone play the parlour game "Telephone"?
 

drgnrider

Quite Involved in Discussions
#6
Very interesting questions: What will my auditors be looking for? How will they research my ISO processes?

I opened my other thread, "Required Documents/Records in ISO 9001:2015" in order to start figuring out MY game plan. As the MR, (yes, my job title as I do 14001 and soon 18001), how am I going to assist the department managers in what documents, procedures, forms, etc. they will need? What documents will I say are needed in order to fulfill the ISO "spirit of the standard" despite what they argue we don't need?

Management's current thinking is: if it?s not required, don't write it; and how vaguely-open can a statement be and still get through the audit? Despite my concerns to management, until the CB auditor identifies it, it is a non-issue, (BTW, I'm now three for three... you'd think they would pay more heed :sarcasm:) .

Right now I am visualizing our Quality Manual increasing in size, due to the generic process statements, as we do away with ALL the other documents and procedures.

My other concerns:
1) Employee preparation - getting them ready to answer questions when we have no written reference. Granted, they should know, but with current workforce turnover.... :censor:
2) Internal auditors who RELY too heavily on checklists (put in place before my time :frust: :frust:).
3) Merging 9001 & 14001, and possibly creating 18001.

Thanks Colin, now I get to add these to my list: ?what will my auditors be looking for? and ?how will we prove this? to the list! ;)

Anxiously watching the threads? :D
 

Big Jim

Quite Involved in Discussions
#7
Colin, thanks for triggering this discussion. The broader aspect of auditability against ISO 9001:2015 is something that concerns me. In my ISO 9001:2015 Revision Discussion Group, I had created a specific discussion on that topic - http://lnkd.in/r6pNaD - not much traffic there.

Hopefully your discussion here will gain more traction.
Sidney,

As I have said many times, until a better definition of what a process really is is included in ISO 9001, or at least in ISO 9000, this ship will remain adrift. Simply trying to understand what they are after from reading the standard only leaves confusion.

If you have any input into getting TC-176 to realize that you would be doing all of us a huge favor.
 

Randy

Quite Involved in Discussions
Involved in Discussions
#8
I'm struggling to understand what you're talking about, there isn't much difference in the change and what we currently have:confused:

4.2.1d) documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.

As an auditor I'm not going to waste my time trying to interpret anything

1) Do you have what is required?

2) What other doc's/records do you internally require?

3) Is everything in place, controlled and doing what its supposed to do?
 
#9
As an auditor I'm not going to waste my time trying to interpret anything
I am surprised with that statement. When anyone assesses if evidence shows that audit criteria is being complied with, or not, and the requirements are generic in nature, interpretation is always required.

The thrust of making conformity assessment personnel competent for their functions, via documents such as ISO 17021-3:2013 is exactly to ensure that interpretations are meaningful.

Interpreting generic standards is at the core of auditing.
 
#10
Reg,

But we are wasting our time interpreting a CD. I see some people even sell training on the CD!

We used to wait for the FDIS but let's at least wait for the DIS before we waste time wondering if we will have to audit "risk management thinking"

John
 
Top