I thought about responding to this post and then thought that perhaps the best way to balance it was to provide a link to a website dedicated to countering (combating?) the ISO phenomena. 

ISO is described as:-

ISO accreditation claims to make systems good. In fact, it only makes them inspectable. It is another imposition of misguided management that has made working life inefficient and stressful ...

Accreditation involves an inspection body in the international "quality" cartel telling employees elsewhere exactly how to do their jobs - the accreditor's own one-size-fits-all "management system". Accreditors have twisted their victims' jobs into collecting exhaustive records for inspectors to quibble about. They've renamed bureaucracy "quality." And increased costs by maybe a third.

Perhaps you would like to explore more?

https://isowatch.wordpress.com/

Don't you think it's a little misleading to state that the ISO 9001 standard only requires 6 documented procedures? While that may be literally true, it could be word play.

For example, the word "shall" appears about 130 times in ISO 9001:2008. Each time the word appears, there is an organizational requirement and  an implication of organizational activity. Keeping with the spirit of the standard (i.e., the process approach), each of these activities is best managed as a process. So, 130 "shalls" might translate to 130 processes; even if not, 130 requirements that can be audited.

Furthermore, if it is determined that in order to meet one of such requirements there needs to be a process, in paragraph 4.1 there is a list of 6 or 7 things that need to be done for each of those processes. Before long, there could be hundreds or thousands of things to do in a high functioning system. In fact, since processes can scale up or down in their level of detail depending on how they're described, the word "countless" comes to mind.

On the other hand, I liked your emphasis on the word "preventive" in your article. The concept that preventive action is more (cost) effective than detection and correction is key to the rationale although probably impossible to prove. Maybe it's a leap of faith. But even for the faithful, with so many opportunities for prevention, where are the leverage points?

I must respectfully disagree with the ISOwatch comment. If that's the kind of torment your registrar is putting you through, change registrars... immediately!! I once worked at a place where our registrar sent an auditor browbeat and gave the 3rd degree to our employees. Our organization made a complaint to the registrar and told them that this individual would not be permitted to set foot in the facility ever again. I heard he's in a different line of work now.

The 2000 and 2008 versions of the 9001 standard are much less proscriptive than previous releases. Have the 6 minimum documented procedures in place, show evidence that the organization is complying with all the 'shalls' of the standard, and from then on, it's your management system, make it do what you want it to. Define what your organization's process are, what your organization's goals are, and build the system around them.

I have either set up or updated management systems for 3 companies now, my job has been to go to the key process owners and have them tell me what they do, not the other way around. Then if there are any gaps with respect to ISO requirements, I diplomatically point them out and explain the value in implementing them. Most often it has to do with establishing and maintaining records, which are then done in a way that benefits the organization, not just to produce reams of paper to impress an auditor.