In Part 1 we answered a question, now we look at the why of the question.
Our author, just as so many before him, is struggling with a basic flaw in the system; that being a general acceptance (on the part of the auditors and not entirely their fault) of incomplete IOPs over the years and the rebounding that resulted from it.
The following is a good example.
Up until ISO 9001:2000, the 20 elements, most if not all of which required procedures, were considered (interpreted) as ‘the processes.’ The planned results of which was supposed to be a quality product.
You probably noticed I didn’t add ‘service.’ That’s because it was a manufacturing standard. And up until now, everything revolved around product quality and its consistency because (as previously discussed) the Standard was based upon military purchasing requirements and everybody – auditor and auditee was on board with that.
The 2000 revision introduced the Process Approach and in 4.2.2(c) required that, “a description of the interaction between the processes of the quality management system” be included in the quality manual.
So what we saw (Figure 2) was a good representation of what transpired from the time the phone rang with an RFQ to the time product went out the door. And all was well with the world.
This model was easy for the auditor to follow and verify so they were happy and if the auditor was happy, the organization was happy and they paid the Registrar (CB), so they were happy and the Registrar paid the ANAB, RAB in those days (AB) who paid the IAF, so everyone got paid and everybody was happy and it went along this way for the next eight years.
I believe, although not 100% certain, that I mentioned at some point there is a mandatory revision process the Standard must go through, and so it did. In 2008, the next iteration which, by most accounts is nothing more than a re-packaging of the 2000 revision, ISO (is in essence, a publishing house and profiting from the sale of the Standards) needed to find a way to market its ‘latest and greatest’ offering and did so by pointing out that the 2000 revision, ‘rich in new concepts’ had largely been misunderstood, so the 2008 version was everybody’s last, best, chance to get it right – Ka Ching!
Guess what? Most, including the auditors, CBs and ABs didn’t get the message – Again! Figure 2 above, or something like it, depicting an incomplete interaction of processes (IOP) persisted. In some cases, the addition of a ‘rogue’ measurement and analysis, (i.e. Internal Audit) management or resource process found its way into the mix but it wasn’t until sometime later on that full understanding of intent evolved. And, with the introduction of ALL the elements, most IOPs continued as a hodgepodge of jumbled elements (Figure 3) that more closely resembled progression of a bacterial infection than what the organization was actually doing.
There were some solid attempts at creativity (as seen in Figure 4) but for the most part organizations limped along as best they could and the auditors were letting it happen.
For most it remained business as usual with every element included in the IOP and NCRs written for a single omission, hence my brother’s question.
For others it was ‘The Awakening,’ a realization that the Standard was a business model and I’ll share that revelation with you in Part 3.