No Quality Manual, now what?

I got your point Andy. Our internal auditors get trained on the standards, Risk based auditing and company policies and procedure. The external auditors seem to recognize the effort we put in on our internal audits. One auditor made comments that we have a very "robust internal audit program". the experience from other people like this website give us background information when we tell our story during these audits. Thanks.

 

Back in the day a Cove Member (that I may or may not have just quoted above) actually critiqued my manual (TS) and made some very good suggestions for improvements. Now I am not offering his time or energy so please do not run out and send him your manuals....LOL But he was gracious enough to offered and I accepted and it helped me.

In fact taking his guidance we went even a step further and reduced our quality manual from 42 pages to 8 pages. Since it is not a document that does much of anything other than establish the framework of the system and hopefully lays some ground work for the quality culture we removed a lot of wasted articulation that sounded good. Rarely is it used to land new customers, if ever so why did we have so much in it. Who were we trying to impress.

 

Wow! I feel like I'm back in the Cove... I believe there is a place for some "high level" document to cover the words of ISO9001 Clause 4 at least. What you call it and how you apply it should be left to the organization. Anything over 15 pages is overkill (less than 10 is better). I once worked for an organization with a 115 page QM; spent 4 years there...never got through it all. Apparently, AS9100-2016 will keep the QM so it would seem that IAQG members think it has relevance.

 

I've always thought of the QM as an easy way to get a feel for the status of the QMS at an organization I'll never get to visit.

Created years ago and never or rarely revised ? That tells a tale.

Revised often, and the names of the people revising it change each time ? That's another tale.

It's been through one of those stages, and then it appears to be stable ? That's yet another tale.

 

I've checked the statements on clause 4 and found:

• 4.1 does not require organizations to maintain or retain documented information, but does require organizations to monitor and review information about internal and external issues;
• 4.2 does not require organizations to maintain or retain documented information, but does require organizations to monitor and review information about interested parties and their relevant requirements.

Further according to Annex A.6: "Where this International Standard refers to “information” rather than “documented information” (e.g. in 4.1: “The organization shall monitor and review the information about these external and internal issues”), there is no requirement that this information is to be documented. In such situations, the organization can decide whether or not it is necessary or appropriate to maintain documented information".​

• 4.3 does require the scope to be maintained as documented information;
• 4.4.2 does require documented information to be maintained and retained to support operation of the processes and to have confidence that the processes are carried out as planned.

From the above statements, I believe having a "high level" document to cover the words of clause 4 is not necessary.

 

I'm basing my answer on the clauses I've mentioned. It's my understanding also that the organization, by their analyses of their processes while using the standard as guide, has the prerogative to determine and decide what should be maintained or retained as documented information.

For most, if not all, organizations who need to demonstrate conformity to ISO 9001, there is value in analyzing the words of the standard for direction.

 

This would be hard to swallow. ISO 9001:2015 clauses 4 to 10 have a total of 132 "shalls" and certification bodies use these as part of the audit criteria where organizations need to demonstrate conformity.

I believe ISO 9001:2015 have something to say on "WHAT" must be documented but silent on "HOW" the QMS should be documented. There are documented information that must be "maintained" and documents that must be "retained". There are documented information that are "required" and those that are "as necessary".

Attached are tables for reference on "shalls" and "documented information".

 

I could not agree more on this. To be clear also, we implement and document our QMS based on our understanding of the intent of the standard and not on the CB's interpretation of the standard. I've just commented on your post that says "To be clear: looking for a requirement in the words of a clause is no longer the way to understand and utilize ISO 9001." Of course we also consider those "shalls" in operating our QMS and since we want to maintain our certificate - we also find value in demonstrating to external parties (e.g. customers and CBs) that those "shalls" are being complied with by our own understanding of the intent of the standard.

If all organizations see the standard as people-with-25-years-of-implementation-experience see it, then Clause 4 is enough. Why? because they've been there, done that/those. They already know that running a QMS needs some form of planning, policy/objective setting, management review, internal audit, control of documentation, etc. However, most organizations will have to see them, initially, as "shalls" that must be acted on. Then, as they mature, appreciate the value of having procedures/controls/approaches that were in place as a result of addressing the "shalls". The approaches and understanding will evolve and will come a time that they no longer need a pretty listing of "shalls" to operate effectively a QMS.

 

Haven't gone beyond 20 years of QMS experience. I should be wary then.

 

Gotta agree with Tony here. Although the organization will strive to understand and determine their "context of the organization" while using the Standard as a guide; staring at 132 "shalls" in a 19 page document gives me pause as to who is determining my "context". Whether appropriate or not, the first thing I am concerned with is how do I provide "evidence" for all those shalls to the CB. As Andy said; "looking for a requirement in the words of a clause is no longer the way to understand and utilize ISO 9001" but what kind of outcome can an organization expect if those "shalls" are not addressed and documented?

 

Andy, I know that less is required to be documented in the new Standard. Yes, Annex B to ISO 9001-2008 will no longer be applicable along the the "mandatory" 6 procedures. However, the key here is "evidence" to show or prove compliance with all the shalls. An auditor wants to see evidence of compliance, not my word that I complied. As you know evidence comes in many forms (but most of it is documented; be it procedures, work instructions, manuals, records, minutes, emails, training records, work order travelers, etc., etc., etc.)...or am I missing something here?