What is really required? Part 2

And now my response.

First the lesson…

You have to remember that all Management System Standards (MSS) are intended for the auditor, not the organization. They are a ‘checklist’ of requirements the organization must meet to be allowed (or stay) in the club. They were never intended as a one-of-a kind way to achieve conformance, but that’s what we made them. There is no requirement for the organization to own a copy, although ISO isn’t complaining. It’s only a requirement for the auditor to have (and use) – and they’re often provided by the CB for the purpose of documenting findings.

The auditors and CBs turned the Standard(s) into the playbooks, best in class benchmarks, have to have, way to do things – not just for document control but for everything and if you don’t have a copy, you don’t know how to play the game. The ABs encouraged and supported this ‘standardization’ of activities – making it easier to police CB activities and ‘ding’ them if their auditors deviated from ‘the way.’ The IAF published guidance documents, ISO published (and sold) technical standards and ISO 9001 Auditing Practices Group created a whole library of guides to auditing, just to get the point across.

What we ended up with by the late 90’s (when I entered the game) was nothing more than a template – enter name here – that was generally accepted as ‘the best way to get the job done.’ My handler gave me a floppy disk (remember them?) with 20 or so individual files, each with the most basic description of the 20 (or so) elements which needed to be addressed, each with the same – insert company name here – instructions to submit to the review committee who added a watermark (to protect their copyright) and sent it off to the customer. It took us about ½ a day to generate a new system, ½ a day to implement (jam it down the customers’ throats,) another day to audit it and then some smoke and mirrors training and management review assistance; 3 – 4 days’ actual work for which they were charged 10 – 12K for the pleasure.

Clients were obviously disappointed with the lack of quality but paid up because there wasn’t any other way to play the game. All the consulting firms were the same. And, you could tell, by the template, which consulting group did the work. There were no graphics, no color, no creativity, no deviation from ‘the way it is done,’ ever! If there was any deviation, the document(s) did not make it out of review. Reject – do over (the right way.)

And this is why auditors (even to this day) expect to see things ‘as they should be.’ Now apply this to document control – enter: Title, ID Number, Revision Level, Revision Date, Dress size, First-Born’s Middle Name, throw in a page number for good measure and sign each in triplicate. Reference Technical Report – ISO/TR 10013:2001, Guidelines for quality management system documentation (cost approx. $125 US.)

And then, I broke the mold… Not only did it change the way we write documents but ittech-report1 upset an awful lot of auditors along the way – things didn’t look the way they expected. It challenged the old norms. It made them think. And that, my friend IS the way it should be!

Now let’s look at your question.

AS 9100C (which is expires midnight 9/14/18) states:

4.2.1 General

Notes 2 and 3 remind us that we, as auditors, need to remain open minded – that what works in one situation may not in another.

Note 1 defines the term “documented procedure” as that which is established, documented, implemented and maintained. This note specifically avoids discussing content because content is at the discretion of the organization and is compliant if that content describes the controls needed and addresses 4.2.3 (a – g.)tech-report2

Hope this helps…

It was very helpful, thank you.

By the way, I love your post this week. I haven’t read the whole post yet but after I read the first sentence, I was thinking I can relate with this guy. Then I quickly figured out that duh, it is me.

I’m looking forward to reading it.

I figure if you have questions, maybe others do as well.

Keep ‘em coming and wait ‘til you see the post on Control of Documents!
– – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Here’s an afterthought…

Not only does Note 1 define the term “documented Procedure” but it goes on to say, A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.

Let’s say your client has a quality manual (I know they do because AS 9100C requires it and there won’t be any AS 9100D registration audits until 2017) and that quality manual said that the President or some other Senior Manager is responsible for reviewing, approving (and changes to) AQMS level I and II documents; Level III & IV documents are reviewed, approved and updated by the appropriate process owner; revision level and changes are recorded on the Master Document List; all AQMS documents are available to all staff electronically as read-only and the electronic file is overwritten if updated and documents of external origin are maintained as pdf files. (Identification and legibility should not be an issue because the files are maintained electronically) – technically you have it in one sentence! Would that do it for you?

Absolutely. When you put it like that, I can totally visualize that scenario.

Many Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s