Monday, October 5, 2009

ISO 9001 Standards – Documented Procedures

ISO 9001 Standards – Documented Procedures

The standard requires the management system documentation to include documented procedures required by ISO 9001 Standards.
ISO 9000 defines a procedure as a specified way to carry out an activity or a process. This definition is ambiguous because an activity is on a different scale than a process. Process outputs are dependent upon many factors of which activities are but one. An activity is the smallest unit of work. Several activities accomplish a task and several tasks reflect the stages in a process but there is more to a process than a series of tasks. This definition also esults in a belief that procedures are documented processes but this too is inaccurate. Procedures tell us how to proceed don‘t need to produce any others. The specific procedures required are:

(a) A documented procedure for document control
(b) A documented procedure for the control of records
(c) A documented procedure for conducting audits
(d) A documented procedure for nonconformity control
(e) A documented procedure for corrective action
(f) A documented procedure for preventive action
These areas all have something in common. They are what the authors of the early drafts of ISO 9000 :2008 referred to as system procedures ? they apply to the whole system and are not product, process or customer specific although it is not uncommon for customers to specify requirements that would impact these areas. Why procedures for these aspects are required and not for other aspects of the management system is unclear but it seems that the authors of ISO 9000 felt these were not processes ? a conclusion I find difficult to justify.
They are certainly not business processes but could be work processes. However, there is another message that this requirement conveys. It is that procedures are not required for each clause of the standard. Previously, countless organizations produced a manual of 20 procedures to match the 20 elements of ISO 9001. Some limited their procedures to the 26 procedures cited by the standard and others produced as many as were necessary to respond to the requirements.
Document control is a work process or a number of work processes because the inputs pass through a number of stages each adding value to result in the achievement of defined objectives. These are the acquisition, approval, publication, distribution, storage, maintenance, improvement, and disposal stages. These are not tasks but processes that achieve defined objectives and involve both physical, financial and human resources. Within these processes are tasks, each of which may require documented procedures as they are initiated.
Control of records is also a work process similar to document control. There are the preparation, storage, access, maintenance and disposal stages. This is not one uninterrupted flow but a life cycle. There is not one task but several performed at different times for different reasons.
Auditing is certainly a process with a defined objective. Without the provision of competent personnel and a suitable environment, audits will not achieve their objectives no matter how many times the procedure is implemented.
Nonconformity control like records control is a work process for the same reasons. The sequence of tasks is not in the form of an uninterrupted sequence. The sequence of stages may be identification, documentation, segregation, review, remedial action and disposal but this is not a continuous sequence. There are breaks and different procedures may apply at each stage depending on what it is that is nonconforming.
There is little merit in having one corrective action procedure when the source of problems that require corrective action is so varied. One Corrective Action Form might be appropriate but its application will be so varied that it is questionable whether one size fits all. Presenting top management with a nonconformity report because it has been detected that the organization charts are not promptly updated following a change, will not motivate them into action. Corrective action forms part of every process rather than being a separate process. It is unreasonable to force all actions aimed at preventing the recurrence of problems through one process. Many problems are prevented from recurring not by following a procedure, but by the designer, the producer, supplier, manager remembering they had a problem last time and doing it differently the next ? i.e. they learn from their mistakes. No forms filled in, no procedures followed ? just people using their initiative ? this is why corrective action is part of every process operation.
Preventive action remains one of the most misunderstood requirements of ISO 9001 because it is mistaken for corrective action but more on this. There is even less justification for one preventive action procedure because the source of potential problems is so varied. Preventive actions are taken in design, in planning, in training and in maintenance under the name of FMEA, Reliability Prediction, Quality Planning, Production Planning, Logistic Planning, Staff Development, Equipment Maintenance ? preventive actions are built into these processes and similar to corrective action are part of every process design.

No comments:

Post a Comment