ISO Guidelines vs. Requirements

Guidelines are valuable inputs in implementing ISO 9001, but they can’t be used as requirements

Mon, 03/30/2020 - 12:03

ISO 9001 lead-auditor training should enable auditors to focus on the requirements when auditing and to stay away from the pitfall of guidelines.

ADVERTISEMENT

Take the case of ISO 9001 or, for that matter, any management system standard. The standard has notes to explain the clauses. ISO 9001’s clause 4.1, for example, has three notes. Are these integral to the clause? Yes and no. Yes, because they are explaining an important aspect of the clause. No, because though these are valuable inputs for designing questions and an in implementing ISO 9001, they can’t be used as requirements. Nonconformities, as the drivers of correction and corrective action, are fundamental to the implementation of ISO 9001. ISO 9001 lead-auditor training must clearly outline for students that a nonconformance is the nonfulfillment of a requirement. Notes are not a requirement of the clause.

 …

Want to continue?
Log in or create a FREE account.
By logging in you agree to receive communication from Quality Digest. Privacy Policy.

Comments

Submitted by Anonymous (not verified) on Mon, 03/30/2020 - 10:33

Thank you sir for your article. I agree that there is a key difference between guidelines and requirements. 

I shall share with you that I too have built the majority of our QMS around the standard clauses, though thankfully not by number. My reasoning is the same, ease of auditing. Further explanation is that when audited, if the auditor cannot easily see conformity to the documented requirements, they have a tendancy to view it as a nonconformity. The reality being their limitation on seeing conformity within the system if it is not following the same structure as the standard.

In short, I agree that an emphasis needs to be made on how the standards are taught to auditors so that they truly understand the requirements (and guidelines) and that they can view a QMS beyond the same format as it appears in the standard. I have even seen cases where auditors will view our system as nonconforming because we didn't use the same words that appear in the standard.

Again, thank you for this perspective. I found it refreshing and will save it for future reference.

Ted

Ted thank you for reading my article and agreeing to the views. I too see the point you are making, However, over these 20 odd years, of consulting, auditing and training on several standards, I have followed the interpretation of ISO 9001:2015 clause 4.4.1b. I write a management system, first based on the "as-is" of the system. That means no templates. I capture the system as it is, then get the gaps with the requirements. 

To help auditors (and you rightly said, some of the auditors need help!!) not give NCs just because they could not understand the system, I create a table which the Quality Manager, other management positions can keep handy. In this table, I have the clauses of the standard on side and the procedure number along the top. So now you have a management system written to procedures, and still a cheat sheet avaiable to show how the relevant clause has been met by the management system procedures.

Hope that helps. Thank you for your comments.

Sincerely,

IJ / President & CEO QMII

Submitted by Omar Al obaidi (not verified) on Tue, 03/31/2020 - 12:47

Thank for your article.

I have three points please:

 1)    Now we can see so many certification bodies giving certification on some of the ISO guidelines such as ISO 10002 , and if the organizations didn’t meet the guidelines they issued NOC

2)    So the leadership has the authority to change the suggested guidelines practices to mandatory requirements, am I right?

3)    Sorry what do you mean of, enemy No. 1 is writing a management system to the clauses of standard, ISO 9001 or any other standard?

Many thanks in advance.

 

Omar

Omar thank you for appreciating my article. Much appreciate. I am glad you saw merit in what I wrote.

Let me start by addressing your last point: "Enemy No. 1 is writing a management system to the clauses of standard, ISO 9001 or any other standard".  You will observe some management me systems are simply written to clauses. Which means when you open e.g. a quality manual you see description for  clause 4.1, then to 4.2 and so on. But you will agree organizations work to processess. There should be a core process to show the interaction between key processes (ISO 9001:2015 clause 4.4.1 b). Employees in an organization work to procedures and work instructions. If you write system to clauses, employees find it hard to see where they or their work fits in.

The standard itself is never (not meant to be) prescriptive or descriptive. It has to be interpretted. So in your second point your conclusion is correct. Leadership (with their team) interpret the system standard (ISO 9001:2015 or other relevant standard) to design their management system. They can create requirements. Where required procedures should be updated to reflect reality. By all means they can have guidelines to explain some aspects, but then these guidelines can not be taken as requirements.

I am answering your first question last! It is because it flows from the point above. All interpretations made by Leadership become requirements. In some cases there are statutory or legal requirements. These must be met. Now if there is a guideline for which, the organization needs an industry specific interpretation, it may choose a certifying body. 

I hope this answers your questions. Please feel free to contact me or send an e-mail should you need further information/ clarification.

IJ/ CEO QMII

Add new comment