I was recently asked to write about the ISO 9001:2000 requirements that are still giving folks a hard time. Recent audits that I’ve conducted have led me to conclude that there are several clauses that continue to give us heartburn.

The issue that seems to come up most frequently relates to documentation. A great deal of attention was given to the decreased emphasis on “documented procedures,” something that became a defining characteristic of the 2000 revision. Just about everyone who’s had more than minimal exposure to ISO 9001:2000 can spout the litany of mandated procedures: document control, control of quality records, internal auditing, control of nonconforming material, corrective action and preventive action. The upshot of this ubiquitous recitation is the persisting erroneous impression among some organizations that no other documentation is required. In some industries, notably those with sector-specific standards or regulatory constraints, this isn’t an issue. Regardless of the verbiage found in ISO 9001, they know they can’t fudge on documentation.

However, there are other industries that will challenge their registrar’s auditors by saying, “Show me where it says I need a procedure.” Of course, they can’t be completely blamed for their ire. Auditors have to share some culpability, considering how often they nonchalantly ask, “Do you have a procedure?”

 …