SBS - The best value in QMS software

What should be changed in the ISO 9001:2015 Standard?

I

ISO 9001 Guy

Before TC 176 adds anything more, it seems they should first do something to more clearly ensure implementation of the process approach. Although it's pretty clear that ISO 9001 demands a process approach, more than a few consultants, auditors, authors, and website vendors still wrongly believe that an elemental approach is appropriate.
 
Last edited by a moderator:
Elsmar Forum Sponsor

Peter Fraser

Trusted Information Resource
Before TC 176 adds anything more, it seems they should first do something to more clearly ensure implementation of the process approach. Although it's pretty clear that ISO 9001 demands a process approach, more than a few consultants, auditors, authors, and website vendors still wrongly believe that an elemental approach is appropriate.
Perhaps it also needs to be explained better in 9000/9001?
 
P

pldey42

Yes.

ISO 9001's description of a process is dreadful, complete with a worse-than-useless diagram which, in training classes, I always found an embarrassment. It's so abstract as to be meaningless. ISO 9001 should demonstrate the principles upon which it's based, not abuse them and mislead, e.g. with a proper process map (except it can't be done for the entire standard, so without one then!)

ISO 9004 doesn't help much either, with abstract guidance on what to consider when defining processes in clause 7 on process management, but nothing on how to define, communicate and implement processes.

Neither ISO 19011 nor ISO 17021, both recently reissued, take the opportunity to define process-based auditing. In particular, guidance is needed on identifying and evaluating evidence of effective process management.

ISO 9000 obfuscates with a correct but useless definition of a process as “a set of interrelated or interacting activities which transforms inputs into outputs.”

It then confuses the issue by declaring that a procedure is “a specified way to carry out an activity or a process.” Suppose I write that “Design is performed by taking the requirements specification (input) and using the Booch UML methodology (see Mr Booch's book) to prepare design specs (outputs) by a competent software engineer. Both inputs and outputs are peer-reviewed prior to use.” What have I written? A process or a procedure? Why does it matter? The answers, respectively, are “Who cares?” and “It doesn't”.

The motor industry tried to improve things with Turtle diagrams. Do they help? As an outsider, my perspective is that they only help those who understand process management, and then only in preparing for audits. When used as a process mapping template, I think they more often than not obscure the processes and their interactions in a welter of detail that should be somewhere else.

I was involved some while ago at QuEST Forum in trying to move TL 9000 more towards the process-based approach of the underlying ISO 9001 standard; then, and now, too many of the additional requirements mandated documented procedures that were onerous, instead of expecting organizations to learn and use process techniques. We failed, shouted down by the ISO 9001:1994 brigade who continue to believe that if it ain't documented, it ain't so.

The problem with process management, as opposed to the elemental approach (why do we even grace that with a name?) is that it requires skill, in management systems implementers and auditors, and while that's mandated in the relevant standards, too often those evaluating process management skill do not themselves have it.

Here's how I would start:

Define a process as an activity that transforms inputs to outputs, for which the following are defined:

  • the inputs, and any requirements they must satisfy prior to use in the process (needs word-smithing to allow for processes to start with fuzzy inputs that firm up later in an incremental management style)
  • the outputs, and any requirements for V&V that must be satisfied prior to their release from the process
  • how to perform the process
  • relevant process measurements (KPIs)
  • to whom to report opportunities to improve the process (process owner)
  • competencies required for performing the process
  • tooling and equipment mandated for the process
  • how to budget time and money required for the process
These last three are usually lumped together as “resources”. I like to separate them out because I don't think people are resources, we're people; and time and budget planning is often poor and a root cause of process failure – indeed, time and money is often not even seen as a resource, yet they are the most important, and the most squandered.

I'd add guidance for auditors on process auditing:

Assure that the process is repeatable and sustainable by checking that:

  • it is systematically communicated (not necessarily documented, but if it's not, check that everyone knows what it is and can tell each other even if a few leave the organization)
  • it is systematically executed
  • it is systematically effective (look for records of KPIs and of checking process outputs against defined criteria)
  • it is systematically understood by those involved (a common cause of process failure because people take short cuts without understanding the implications)
  • it connects properly to related processes with inputs and outputs whose acceptance criteria are well-defined and utilized (throwing inadequate work over the wall is in my experience a very common cause of departmental success at the expense of organizational failure)

This way of auditing processes reveals why the disproportionate emphasis in the management systems community on documenting procedures doesn't work: documentation only helps with communicating the process. While that's important, there's no guarantee that it works. Few people read documentation and auditors have to (or should) check all the other things anyway, so it only helps so much and effort spent upon it should be proportionate to its value.

ISO 9004 should include several examples of process management for manufacturing, for services, and for software.

Just my 2c,
Pat
 

Jim Wynne

Staff member
Admin
Before TC 176 adds anything more, it seems they should first do something to more clearly ensure implementation of the process approach. Although it's pretty clear that ISO 9001 demands a process approach, more than a few consultants, auditors, authors, and website vendors still wrongly believe that an elemental approach is appropriate.
We've been down this road before, but it's not clear at all that ISO 9001 "demands" a process approach (the standard "promotes" the PA). So far as I know there is no objective, definitive description of the PA that would allow for auditors to determine whether or not it exists in a given company. Let the committee give us a comprehensive definition before they "demand" implementation.
 

Paul Simpson

Trusted Information Resource
We've been down this road before, but it's not clear at all that ISO 9001 "demands" a process approach (the standard "promotes" the PA).
Far be it for me to disagree :notme: but I believe the standard demands a process approach but many ignore the requirement.
So far as I know there is no objective, definitive description of the PA that would allow for auditors to determine whether or not it exists in a given company.
... now this is where it gets a bit subjective. IMHO the definition of what is required to operate a process approach is covered in clause 4.1 (I know it is a hobby horse of mine but you'd hate me to change tack this late in the day!) :)
  • determine the processes needed
  • determine the sequence and interaction of these processes,
  • determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
  • ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
  • monitor, measure where applicable, and analyse these processes, and
  • implement actions necessary to achieve planned results and continual improvement of these processes.
Let the committee give us a comprehensive definition before they "demand" implementation.
I think it is there (as above) but if anyone has any other suggestions I'll gladly take them.
 

Jim Wynne

Staff member
Admin
Far be it for me to disagree :notme: but I believe the standard demands a process approach but many ignore the requirement.
Why do you suppose the committee decided upon use of "promotes" rather than "demands," or "requires"? I'm still looking for the elusive "shall."


... now this is where it gets a bit subjective. IMHO the definition of what is required to operate a process approach is covered in clause 4.1 (I know it is a hobby horse of mine but you'd hate me to change tack this late in the day!) :)
  • determine the processes needed
  • determine the sequence and interaction of these processes,
  • determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
  • ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
  • monitor, measure where applicable, and analyse these processes, and
  • implement actions necessary to achieve planned results and continual improvement of these processes.
Many (perhaps most) certified companies have done an abysmal job in the "sequence and interactions" department. What we see is a lot of mostly unintelligible diagrams that don't come close to describing interactions, and control of the intersections, where the process approach is supposed to help, is almost universally ignored. This leads me to believe that no one understands what the process approach is or how to identify it.
 

Paul Simpson

Trusted Information Resource
Why do you suppose the committee decided upon use of "promotes" rather than "demands," or "requires"? I'm still looking for the elusive "shall."
Now I wasn't around TC 176 at the time but I guess the reason is that to put the process approach in as a stand alone requirement you would have to define it and a philosophy is difficult to capture into an intelligible definition IMHO.

Many (perhaps most) certified companies have done an abysmal job in the "sequence and interactions" department. What we see is a lot of mostly unintelligible diagrams that don't come close to describing interactions, and control of the intersections, where the process approach is supposed to help, is almost universally ignored. This leads me to believe that no one understands what the process approach is or how to identify it.
Agreed. I put together an article a while back about how involved clause 4.1 is and (by extension) what a poor job many certified organizations are doing in terms of embedding the process approach. It may be on the Cove somewhere as an attachment - otherwise I'll repost it here.
 
I

ISO 9001 Guy

Far be it for me to disagree :notme: but I believe the standard demands a process approach but many ignore the requirement.
... now this is where it gets a bit subjective. IMHO the definition of what is required to operate a process approach is covered in clause 4.1 (I know it is a hobby horse of mine but you'd hate me to change tack this late in the day!) :)
  • determine the processes needed
  • determine the sequence and interaction of these processes,
  • determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
  • ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
  • monitor, measure where applicable, and analyse these processes, and
  • implement actions necessary to achieve planned results and continual improvement of these processes.
I think it is there (as above) but if anyone has any other suggestions I'll gladly take them.
You are absolutely right. Right on. An organization using an elemental approach has not effectively demonstrated conformity to the requirements of 4.1.
 
Last edited by a moderator:

Sidney Vianna

Post Responsibly
Staff member
Admin
Maybe the fact that it probably won't be published in 2015 :)
When I started this thread, it was actually 2014 as the target. But, I don't think we know for sure when the next version of the standard will be out. The latest TC 176 summary does not say much about it other than
The major items overshadowing the work of SC2 are currently:
  • the "systematic" review of ISO 9001 that was started by ISO Central Secretariat on 15 October, and which is due to be completed on 15 March 2012
  • the impending decision of the ISO/TMB on Draft ISO Guide 83

There is always the possibility that a systematic review will lead to a decision to "confirm" a standard as it is, and to leave it unchanged. If this were to happen to ISO 9001, then it is unlikely that the standard would be revised for many years into the future (i.e. not until around 2020).
Without a doubt the pending decision about the ISO Guide 83, object of discussion in the Future structure of ISO Management System Standards thread is critical for the future of ISO 9001 and MANY other standards that use ISO 9001 as the baseline, such as TS 16949, AS91X0, ISO 13485, etc....
 
Last edited:
Thread starter Similar threads Forum Replies Date
Sidney Vianna Interesting Discussion Should ISO 9004 be changed from a guidance document to a requirements standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Sidney Vianna Interesting Discussion ISO 9001:2024 - What should be changed in the next Edition of ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 114
I Should We Notify Our Registrar - Has Our Scope Changed? IATF 16949 - Automotive Quality Systems Standard 5
C Certified Quality Manager - Do you think the Certification name should be changed Professional Certifications and Degrees 45
A Should we assign the PRRC before the date of application of MDR (26 May 2021)? EU Medical Device Regulations 0
J UDI-DI how should we interpret Device version or model to determine if a new UDI-DI is needed? EU Medical Device Regulations 0
A Should I take an online course for a career in Occupational Health and Safety? Career and Occupation Discussions 2
J Should a Class 1 medical device with an option to measure body weight be considered Class 1m? EU Medical Device Regulations 0
K Should APQP/PPAP has its own section in a QM? Quality Management System (QMS) Manuals 1
S What should i choose for "testing procedure" characteristics? (N95) General Information Resources 0
P Should eIFU link per ISO 15223-1:2016 be added to labels out of scope of Reg 207/2012? EU Medical Device Regulations 1
S Which Sampling Plan(s) Should I Use? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
A Document release vs its related training. Which should come first? ISO 13485:2016 - Medical Device Quality Management Systems 18
S Which department should prepare the control plan? could you show me a standard regarding to this matter. FMEA and Control Plans 17
J Help settle a disagreement: Should external providers of preventive maintenance be on your ASL? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
N Master Samples - What should we be keeping? IATF 16949 - Automotive Quality Systems Standard 9
G Supplier delivered recent PPAP, should he deliver yearly layout inspection? IATF 16949 - Automotive Quality Systems Standard 4
John Broomfield Vote - Should ISO9004 Become a Requirements Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
A Capability Study - in the beginning of your career what should you have known about the tool Quality Tools, Improvement and Analysis 11
J Should Loading and Unloading be Included in Cycle Times? Lean in Manufacturing and Service Industries 14
E Manufacturers should develop a testing device for covid19 Service Industry Specific Topics 0
T 510(k) submission - Which name should I use in the submission? Other US Medical Device Regulations 3
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G Should I perform Gage R&R only at the beginning of a new project? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
DuncanGibbons Should the requirements FAA/EASA Part 21 be addressed within the QMS and AS9100D quality manual? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
M Should 510(k) Predicates be Actively Listed Devices? Other US Medical Device Regulations 12
B Why the Greek god Hephaestus should have done a design FMEA (DFMEA) on his giant robot APQP and PPAP 1
J On PFMEA for danger labels - Label always should be assigned severity 10 ? FMEA and Control Plans 3
H Who should be listed as the manufacturer/distributor on the box? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
M MDR, RED and LVD - Should our device comply with them? EU Medical Device Regulations 3
BeaBea How Many Processes should be created for each Department? Process Maps, Process Mapping and Turtle Diagrams 5
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
S Should safety checks be included in the Control Plan? IATF 16949 - Automotive Quality Systems Standard 5
M Which incubation condition should be selected to recover both bacteria and fungus effectively Miscellaneous Environmental Standards and EMS Related Discussions 3
D Is there a specific location for PPE such as safety glass holders and glove dispensers should be mounted Occupational Health & Safety Management Standards 10
Robert Stanley Which Registrar Should I Choose for ISO 9001:2015 registration? Registrars and Notified Bodies 10
M Who should receive the bills from suppliers and vendors, account payable or procurement? Consultants and Consulting 4
V IATF 16949 8.4.1 Control of externally provided processes, products and services - Should the CB be on our Approved Supplier List? IATF 16949 - Automotive Quality Systems Standard 10
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
E Received a Major finding during IATF Surveillance audit for loss of BIQS Level 3 (more than 6 SPPS in 6 months)...how should we address SYSTEMIC CA? IATF 16949 - Automotive Quality Systems Standard 11
J Organization merger. Should we keep two separate ISO 13485 certificates? ISO 13485:2016 - Medical Device Quality Management Systems 6
S Companies that maintain your machine should be in ASL? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Use of "Shall" versus "Should" in Procedures ISO 13485:2016 - Medical Device Quality Management Systems 26
D Class II medical device - When should a complaint be closed? Customer Complaints 6
Sidney Vianna IATF 16949 News Presentations from the latest IATF Stakeholder Event - Expectation that IATF 16949 certification should equate with product quality. Misguided? IATF 16949 - Automotive Quality Systems Standard 7
L Clause 0.4 of ISO 9001 and EHS - Where should I stop the inclusion of EHS in my QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Ed Panek Part 11 Self Certify Memo - What else should it cover? Qualification and Validation (including 21 CFR Part 11) 5
H Should I mention machine/Equipment password In SOP? Qualification and Validation (including 21 CFR Part 11) 4
D How long should we keep the spare parts available for our medical device, after we have stopped the production? ISO 13485:2016 - Medical Device Quality Management Systems 0

Similar threads

Top Bottom