Interesting Discussion Potential Issues for Auditing ISO 9001:2015

Randy

Super Moderator
Absolutely John, I agree with you, until the FDIS comes out the CD is really nothing more than "who cares?"

As for my "interpretation", I don't waste my time with it, I apply and use available definitions to words and phrases from the guidance documents or pay attention to what the standard in question is stating. In this case we're referencing the organization realization that they may need to document or record something beyond what is specifically "required" in the standard itself and what might be required by customer, law, or whatever else. When an organization makes the decision that they want or need to document something to allow for better, understanding, control, or "recording" then appropriate doc or record controls are to be applied and I, the auditor have to make sure that the documentation is in fact being created and is being controlled....This is basically what 4.2.1d is calling out to be done....No interpretation necessary
 
J

JaneB

Ah, but I suspect that if all the auditors out there were cut from the same cloth as you Randy, then there would be far fewer problems (or questions posted).
 

Paul Simpson

Trusted Information Resource
Thanks for the prompt to this thread, Marc. I'd agree with some that the move to 'documented information' to cover both documented procedures and records is likely to create a lot of confusion - just look at the discussions on here about the need for documents to describe processes when they aren't one of the '6'. Perhaps we can get people to think more generally about what they need before they set their system up in future? :confused:

The simple distinction I make is:
  • Is the documented information there to describe what you plan to do - equivalent to a (documented) procedure
  • Is the documented information evidence of what has happened - equivalent to a record

The change is as a result of the TMB's work on Annex SL - pretty much no other technical committee required a procedure or manual (unless the organisation decided it was necessary) and they didn't all get hung up on document vs. record.

I remember going through the transition auditor training for the 2000 edition of ISO 9001 and spent a lot of time on the question of how you would audit a process without a documented procedure .... perhaps all the trainers can dust that down again, replace document / procedure / record with documented information and have another go? :D
 

Colin

Quite Involved in Discussions
Some good points in there Paul. I was browsing the DIS this morning and I wonder whether this statement in clause 4.4:

The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.

has a similar intent to the existing 4.2.1 d)?
 

John Broomfield

Leader
Super Moderator
Colin,

I would agree that it has. The absence of a specified requirement for any procedures, undocumented or otherwise, may though cause a lot of confusion for newbies.

John
 
C

CBAL08

What happens when a Company has both ISO 9001 and 13485? Will ISO 13485 be updated as well soon or within its Transition period of ISO 9001:2015 which is 2018?
 
M

matti

I wonder what is required to be changed in the Quality manual other than terminology and wording if one is to keep the quality manual as and active document.
My business has a comprehensive manual but it is seldom referred to other that when we audited against. Even when we are audited the auditor spend little time going through other than looking if we endorse their company in the policy and the latest references are referred to.
I think the manual is a good reference point but no more than that. If it is not required and the operational system is strong enough to support itself, I believe maintaining a quality manual is cost of poor quality. Time ill spent when that time could be reproductive elsewhere,
Time to get back to work cioa
 

Colin

Quite Involved in Discussions
I can't disagree with your logic Matti, if it serves no purpose then ditch it.

On the other hand I look at it this way, we have 1 standard used by any type and size of organisation in almost any country. The standard is a compromise so I try to use the manual as an interface between this generic document and a specific application for the particular organisation I am working for. It usually ends up around 8 or 9 pages long so it is low maintenance and is a figure head for the QMS, as well as being somewhere to put the policy and direct people towards the appropriate procedures.
 

Kronos147

Trusted Information Resource
The standard is a compromise so I try to use the manual as an interface between this generic document and a specific application for the particular organisation I am working for.

That is a great way of putting it!


If a process is completely locked down due to a rigid MRP and the organization can show a history of effective training and customer satisfaction, I guess it can be done without a procedure or work instruction.

I just question the 'business continuity' potential when the 'old guard' win the proverbial lottery and all the tribal knowledge is lost.

Also, without guiding docs, where is the "say what you do"?
 

LUV-d-4UM

Quite Involved in Discussions
We are almost finished in the upgrade to ISO9001:2015. It has been a hard 3 days. The one thing that I am convince is this: The ISO9001:2015 has a "soul". Compared to ISO9001:2008 it is a "living" MANAGEMENT SYSTEM, not just a quality management system. Some Highlights are:

1. The auditor asked for a Quality Manual. Luckily the old manual was updated to the new one which was picked to the bones. The auditor asked to see documents that were not even required by the standard.​
2. The risk-based thinking which was OK, needs improvement because the auditor "wants" to see a quantitative risk analysis such as FMEA (incidentally this auditor also audits to TS). I mentioned that Annex A does not prescribe any formal risk analysis.​
3. The most important was Leadership. The Top Manager was on vacation!!!! I had to present the Context of the Organization. The absence of Top Management left a void during the audit.​
We will get the ISO9001:2015 certificate after addressing the findings.
 
Top Bottom