What Quality Manual (and do I need one)? – Part 2

Raptor Sales & Marketing is a fictions company

Raptor Sales & Marketing is a fictions company

Last time in Part 1 we talked about the former lives of Quality Manuals, now we will look to the future.

In the 2015 revision, there is no longer a requirement for a Quality Manual. Quality Manuals, Procedures, Work Instructions, Forms and Records are referred to as Documented information and it is left up to the organization to decide what documented information it needs to function and how it is presented. More on this in our next post.

Do I need a Quality Manual or are they ‘for the birds?’

Just like the manual that came with your refrigerator, your lawn mower,or your television, a quality manual could outline what is expected to be done and possibly who will do it or even how it will be done. Following the requirements is a must in order for an organization to receive ISO certification but nowhere in the Standard is it said those requirements must be documented anywhere in particular.

In addition, The International Standard is not intended as be all / end all road map for the organization, instead it is a checklist for auditors to determine if the organization complies with the requirements. This document: ISO 9001:2015 outlines the requirements an organization’s quality systems must satisfy and what documented information is required. The International Standard has not expressly listed itself as one of those requirements but instead leaves the determination of document requirements up to the individual organization. That is right – You get to say what is needed, not the auditor. Now the fun starts!

Before we explore the need for a Quality Manual there are a number of things we must consider (many of which will be covered in subsequent posts):

  1.  If we are just starting this journey or have we been on the path for a while
  2.  What we presently have for documentation
  3.  Our organizational context
  4.  Scope and boundaries
  5.  Interested parties, their needs and expectations
  6.  Our products
  7.  Our threats and opportunities
  8.  Size of the organization and types of activities
  9.  Complexity of the processes and their interactions
  10.  Competence of our people
  11.  What we want to be when we grow up… This is known as Organizational  Maturity.

Please keep this in mind – The auditor and consultant have an advantage. They may not know you or your processes but they do know the Standard; it is what they do for a living. Because they have been exposed to many different (and similar) work environments, they are able to enter your facility and within a short period understand your key processes – processes you may feel are unique and complex. The truth is there are only so many ways to ‘get the job done.’ Although your process may be unique to your organization, the experience of that auditor or consultant allows them to connect the dots and since they know that ‘the devil is in the detail,’ they are trained to look at the bigger picture.

Yes an auditor will look at Work Instructions, observe an operator performing the task, talk to others to determine if they know what is expected, look at training records and form an opinion of what is compliant and what is not.

Just a side note: The myth about an auditor needing to justify their existence by writing findings is just that. Their primary function is to determine compliance, not create more work for themselves. This is an important point to remember when we actually get to documenting information – the harder we make it for the auditor to verify compliance, the more likely we’ll have to ‘fight for our right to party.’

You have asked the question: “Do I need a Quality Manual?” I have to ask you back, “Do you?” The bottom line is, you need to decide, but I remind you of the paragraph above – How hard, or easy, do you want to make it for your auditor? If you already have a documented system and it is working for you, then it is a no brainer – keep it. If you are starting from scratch, you may want to check out my next post on Documented Information. In addition, for all you Old-Timers, who may feel cheated about not getting a ‘Magic Bullet,’ be patient, I will not let you down.

See you next time.

What Quality Manual (and do I need one)? – Part 1

Raptor (1)

Raptor Sales & Marketing is a fictions company

A Quality Manual was an official document produced by an organization that detailed how its quality management system operated. (A Quality Management System is a system by which an organization aims to reduce and eventually eliminate non-conformance to specifications, standards and customer expectations in the most cost effective and efficient manner.) A typical quality manual included the company’s quality policy (top management’s expression of its intentions, direction, and aims regarding quality of its products and processes) and goals, as well as a detailed description of its quality system that might include staff roles and relationships, procedures, processes and any other resources that relate to producing high quality goods or services.

Companies created Quality Manuals that paraphrased the ISO 9001 standard with a change in “the organization shall” to “we have done.” This was a misunderstanding on the part of many people, as it was copyright infringement, but this is what we thought we were supposed to do! ANSI / ASQC Q9001:1994 stated in its Introduction: “It is intended that these American National Standards will be adopted in their present form, but on occasions they may need to be tailored by adding or deleting certain quality-system requirements for specific contractual situations.”

While there might have been some merit in an organization documenting its commitment to meet each requirement, insurance that nothing gets overlooked along the way, these Manuals usually ended up being written to the wrong audience – the auditor rather than the company and written in ‘ISO-Speak,’ a language not easily understood by most employees.

These were ‘the early days,’ a time in which I lived, and audited, and even recommended clients adopt this approach – to ensure all the requirements were painfully identified and addressed. In retrospect, it has become obvious that the intent was not to ‘insert name here’ but to build the structure of each unique organization’s quality system around best practices; that instead of a set of prescriptive requirements, ISO 9001 was trying to evolve into a business model… but they were not quite there yet.

We all: Auditors, Consultants, CBs (Certification Bodies – Registrars), ABs (Accreditation Bodies – ANAB) – the whole certification scheme missed this one until the 2000 revision ‘slapped us in the face’ with the disclaimer in its Introduction, “It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.” This same disclaimer is present in the Introduction of the 2008 revision as well.

The permission given here is ISO’s acknowledgement that each Quality Manual may be different and is dependent on what the organization wants to achieve. A Quality Manual that is perfect for one company, even within the same industry, may be too small or too large for another company. Smaller companies may be able to get away with less documentation; larger companies may need more.

Annex A of the 2015 revision goes one step further. It states, “There is no requirement in this International Standard for its structure and terminology to be applied to the documented information of an organization’s quality management system.

This statement carries deep implications and if we miss this one we risk the chance of total system failure. The old ‘Insert Name Here’ documents (still readily available on the Internet, in bookstores, etc.) regardless of claims of Raptor Sales & Marketing is a fictions company compliance are most likely just a ‘rip off.’ There is a huge risk that you are purchasing a nonconforming quality management system with a set of documents that, without serious re-write, will not properly describe your scope, context, stakeholders, internal / external drivers, objectives, values – you get the point – basically you may not get certified. So, what do we do?

Find out in What Quality Manual – Part 2

A Walk Down Memory Lane or “Look Honey, Our Little Quality Management Systemhas Grown Up” – Part 2

Last time in Part 1, we discussed the early beginnings of Quality Management. We will now continue with the modern standards.

In 1987, BS 5750 became an ISO standard – Parts one, two and three became ISO 9001, 9002 and 9003. The Americans, as did most other industrial nations, had similar National Standards. In America ANSI / ASQC Q91, Q92 and Q93 were also replaced by ISO 9001, 9002 and 9003 and eventually all nations gave up their standards and supported ISO 9001.

These early standards shared accepted best practices at the time for Design Responsible organizations (ISO 9001,) Contract manufacturers (ISO 9002) and Distributors (ISO 9003) and focused on the need to follow the rules – i.e. the need for documented procedures. Of course – since they were founded in those old military standards! Regrettably, they were focused exclusively on product quality and not easily adaptable for service organizations.

As a requirement for all ISO Standards, they must be reviewed every 5 years to facilitate revision as needed due to improvements in practices, knowledge, technology, etc – keeping up with the times. In 1994, ISO 9001, 9002 and 9003 were re-released, still product oriented and with only minor revision from the 1987 version but it did introduce the permission to keep documents in any type of media – not just hard copy, allowing for electronic storage of such things as records.

The concept of Preventive Action is also introduced. This is actually a very good thing because preventive action is proactive as opposed to the reactive nature of the corrective action process. Preventive action requires organizations to anticipate problems so they can be addressed before they occur.

Unfortunately, many auditors were not ‘ready’ to accept or did not understand the value of this concept and failed to develop a culture that appreciates the benefit of pro-activity within their client organizations. They allowed their auditees to slide, claiming Observations (which by definition do not require action) as an excuse for Preventive Action. (The reasoning behind this acceptance of OBS written by himself, herself or some other auditor is based on the rationale that OBS are not a nonconformance but something that might become nonconforming. If the organization is addressing them, they are acting proactively.) Although, technically correct, this misses the mark by quite some distance.

Six years later ISO 9001:2000 is released. After lengthy review, it underwent major changes: introducing The Process Approach, a concept that all activities in an organization are connected together in some ordered structure. It
also gave us P-D-C-A (Plan, Do, Check, Act – something originally introduced by Walter Shewhart and made popular by W. Edwards Deming – see Quality Gurus.) The premise is, if an organization takes a good hard look at its operation, understands the process flow, plans and takes action, process improvement can be made. The result should lead to improvement of product quality. Moreover, if you improve product quality, the cost of poor quality goes down and the organization experiences bottom line benefits. (The theory of CoPQ was championed by Philip Crosby- see Quality Gurus.)

The 2000 revision was a quality management system, rather than a quality control system. Other key differences introduced in 2000 were, a) if a procedure was not necessary, there was no point having one. Whereas the 1994 version had required a procedure for everything now only six (6) are expressly required. In addition, b) there were only three (3) requirements for the Quality Manual: 1) that it included the scope of the quality management system including details of and justification for any exclusions, 2) documented procedures or reference to them, and, 3) a description of the interaction of processes. Companies were given a lot of freedom – maybe too much and the auditors were not prepared for it.

Also presented is this revision is the idea that one size really does fit all by eliminating ISO 9002 and 9003 and allowing exclusions. This change was welcomed but again not fully understood by the auditors, allowing some design responsible organizations to exclude the design function and get away with it! Preventive action is still here and still the auditors did not get the memo on that.

Fast-forward eight (8) years – one would think there was another ‘big’ change coming but, No! This time ISO 9001:2008 looked and felt just like the 2000 revision with the exception of some minor wordsmithing – changing Control of monitoring and measuring devices to Control of monitoring and measuring equipment as well as a few other not-worthy of mentions. It was touted as a clarification of the previous revision. We called it Process II because it gave us a second chance to get the Process Approach right – most organizations and auditors still did not and there is not a whole lot more to say about it.

On September 15, last year, the much-awaited ISO 9001:2015 Standard was published and introduces several new concepts; some of which are Risk-Based Thinking, Context of the Organization, Interested Parties – needs and expectations, Human Factors and Knowledge Management.

This signals the end of this post but heralds the beginning of our series of posts on the implementation of or transitioning to an ISO 9001:2015 compliant Quality Management System.

A Walk Down Memory Lane or “Look Honey, Our Little Quality Management System has Grown Up” – Part 1

During the Second World War, accidental detonations were frequent in Britain’s munitions plants. The Ministry of Defense solved this problem by placing inspectors in the factories to ensure procedures were being followed.

The need for consistency was also noted on the battlefield.  American and British soldiers were unable to exchange ammunition because each country had its own standards. To correct this, the British Ministry documented a guideline standardizing military equipment manufacturing which was gradually followed by the allies.

A number of people recruited by the US War Department came from Western Electric* notably, Joseph Juran, Harold Dodge and Walter Shewhart, as well as a colleague of Shewhart from the Department of Agriculture, W. Edwards Deming (see American Quality Gurus.)  They brought with them inspection sampling methods, control charts and other statistical tools.

These methods were developed further during the war and some became military standards, especially inspection sampling tables, MIL-STD-l05 and MIL-STD-414. (These are now known as ANSl / ASQ Z1.4 and Z1.9 respectively.) Today, however, Zero-Defect C=0 sample plans are preferred by many organizations.  ANSI is the American National Standards Institute our counterpart to BSI the British Standards Institute.

Use of this new statistical quality control (SQC) required large numbers of engineers and others to be trained.  Some of these people formed local groups to study and share experiences outside of work.  In 1946 most of these small groups merged to create the American Society for Quality Control (ASQC) as a formal professional society.  ASQC eventually dropped the ‘control’ and became just ASQ.

At some point SQC practices were documented as a military specification, MIL-Q-5923, General Quality Control Requirements.

When the American military began developing nuclear submarines in the 1950s, the vacuum tanks that held nuclear reactors were being delivered late (years late) and, in many cases, out of specification.  In 1959, the US Navy published Mil-Q-9858 as a replacement for the earlier specification.

Other important documents followed over the next few years:

October 1960 MIL-H-110 (Interim), Quality Control Reliability Handbook was published.  This was later replaced by MIL-HDBK-50, Evaluation of a contractor’s Quality Program in April 1965; this is still in force.

February 1962  MlL-C-45662, Calibration System Requirements was issued.  This was replaced by MIL-STD-45662 in 1980.  The final revision (MIL-STD45662A) was canceled in 1995 and replaced by ANSI / NCSL Z54O-1-1994 and ISO 10012-1-1992.

June 1963 MIL-Q-21549B, Product Quality Program Requirements for Fleet Ballistic Missile Weapon System Contractors was published.   The original version was probably introduced in 1961.   This standard has since been canceled.

December 1963 The Department of Defense reissued Mil-Q-9858 as Mil-Q-9858A and made it a requirement for all Department of Defense (DoD) purchase


The reason MIL-Q-9858 was so significant is that it was the first standard to include most of the elements of a modern quality management system.  Today the current 150 quality management system standards can be traced to roots in quality practices developed by the US War Department during World War II.

After World War II, the United States started aiding Germany and Japan in rebuilding their devastated economies. As part of the rebuilding effort in Japan, a few people were invited to teach the new SQC methods and management methods to Japanese engineers and managers.  The best known were Deming and Juran.  The Japanese took the lessons to heart and incorporated the new lessons into their industrial culture from the top down.  The teaching of Deming was so highly regarded that the Union of Japanese Scientists and Engineers (JUSE) established an annual quality award named in honor of him: the Deming Prize.

It was now apparent that not only the military needed quality management standards. There was a need for industry and manufacturing to have a similar system.

This resulted in British Standards Institute (BSI) releasing BS 5179, Guidelines for Quality Assurance, in 1974.  It was short-lived, however, because BS 5750 was published in 1979. The new standard issued requirements that were believed to be more useful than BS 5179’s recommendations; a common contractual document that could be third party assessed, putting the responsibility for proving compliance firmly on the supplier.   This standard was the foundation of ISO 9000 and the ISO 9000 certification process we have today.

*Remember Western Electric and the ‘Gurus’ who came from there, as they will be mentioned later in this blog series.

A Walk Down Memory Lane will continue in Part 2.

Who Am I and What Do I Do?

This is my maiden voyage into the blogosphere so I suppose I should start at the beginning. My name is Tom Kilpatrick and I’m a consultant. I’m not new to the game, I actually got my dance card punched back in 1998 when I signed on as a Consultant / Trainer / Presenter for a major North American Registrar (and Consulting Firm – without naming names, you, in the know, know who it is) but I will leave nameless so as not to suggest any present affiliation, because there is none. Yes, I’m also a Grammar Nazi (it’s a tech writer thing – if you notice any typos, please let me know.) If you find any, I’ll have Christopher send you a unicorn pony – Thank you my friend, I know now why I’ve been following you all these years! Anyway, my wife saw an ad in the Boston Globe, and said, “Honey, this sounds perfect for you…” I had recently graduated from the University of Rhode Island with a Master’s of Adult Education and was re-entering the workforce. I was trying to start a new life – leaving my old ‘Tom Shirt’ behind. Yes, I wore a TOM shirt, I always joked that management didn’t want us to forget our name, or maybe it was because they always did, in any event, the white shirt (with epilates, no less) and blue Dickies were left behind for a suit and tie.

I was supposed to be the New England guy but it quickly became evident that the company owned my sorry ass and basically did what they wanted. In addition to consulting, documenting and auditing of systems, (I don’t know if hundreds is the right word, but it sure seems like it) I was training many more internal auditors. I tried the Lead Auditor thing but that was more work than it was worth so I stuck with Internal Auditing. And yes, there were a lot of classes, usually in Burlington MA and Cherry Hill NJ. Caveat, Cherry Hill is just to the East of Philly (so is Nifty Fifty diner, but that’s another story) and in those days (I don’t know about today) Franklin Mills was just off 95 to the North. Mrs. K would drop me off at where-ever I was supposed to be and go shopping. Of course the same is true for the Baltimore Area (Arundel Mills,) Portsmouth, NH (Kittery, ME Outlets,) etc., anywhere you get the idea. Every time I would be greeted by, “Honey, you’ll never guess how much money I saved!” One Friday, I finished up a gig in NJ and was greeted with a car-full (and I had to move stuff to make a place to sit) and it was an SUV, yes, “Honey…” but hallelujah, Christmas shopping was done in August and I didn’t have to do the ‘man thing.’ 🙂

Anyway, we’re getting side tracked… My mission is to bring truth, justice and the American Way? Err, that sounds as if it’s been done before… My mission is to provide my clients with the most up to date information on the Standard of their choice and to lend guidance on Continual Improvement initiatives as we go along.

Now here’s the kicker – What you want to know is what I know so check back every week for your ISO fix and you be glad you did!

Next time we’ll start to explore all the myths and legends of ISO9001:2015. And, yes RBT (risk-based thinking) has been around since 2000 and I will prove it.