ISO 9001:2015 removes requirements for an organisation to have a ‘quality manual’ and to have ‘documented procedures’. To add to the mildly shocking impact of these changes familiar words like ‘document’ and ‘record’ are conspicuously absent. Instead the new standard adopts the nebulous term ‘documented information’. The changes will challenge system developers and auditors.
Documented information means information describing the management system and its processes. It covers information in all formats which range from high-level policies down to simple check sheets and even includes data, as applicable. It applies to information created within the organisation and those which originate externally. The obvious change is in terminology rather than actual requirements. Organisations can call their documented information what they like. The areas of confusion and the positive challenges lie elsewhere.
Some will infer that the need for written ‘procedures’ has been all but entirely removed, not so. In fact the standard states that to the extent necessary, documented information must be provided to ensure the effectiveness of the management system and its processes.
Without written procedures how could an operation or activity be managed effectively? An auditor should be able tackle this in a number of ways. For example interviewing individuals to assess awareness, knowledge and understanding by observing their work to assess applied skills. In certain instances a technical specialist may be required to assist the auditor. If an organisation believes that competence alone is enough then it should have an appropriate, robust process for managing competence.
Sources of evidence might include clearly defined competence requirements for the role(s) and retained documented information – records which shows that training or other actions were taken to achieve competence. An auditor may try to verify that a process is consistently understood by asking those involved to describe it and then compare their answers. These are not novel audit techniques but they might appear so, to many auditors who are practiced only in using compliance testing checklists based entirely on written procedures and the like.
What about the demise of the quality manual? Superficially it is easy to offer reassurance by pointing out that ISO 9001:2015 does not prohibit quality manuals, they can be retained if desired. Unfortunately many quality manuals have been produced according to a rather crude formula, which largely reiterates ISO 9001 requirements and has brief statements about how the organisation addresses them. Third party auditors like this format because it makes desktop reviews easy. However to almost everyone in the organisation the quality manual is written in an alien language, but they accept it mutely as something needed for ISO. Some organisations have instead defined their management system or indeed its elements in separate parts within their intranet.
The ways in which this can be done are limited only by the ingenuity of system designers. This kind of approach is much more conducive to creating management systems which are aligned with an organisation’s strategic direction. It is also more likely to imbue employees and others with the belief that the system is an integral part of the business. Auditors will need to adopt a different mindset when deciding whether or not a management system is appropriate and fit for purpose. It will involve looking at different sets of information and asking ‘Do these parts all fall into place to form a credible management system?’.
We can expect two distinctly different reactions to this part of ISO 9001:2015. One is to mourn the passing of terms which were familiar and perhaps make little effort to think or do things differently. The other is to use the change in a positive way, as an opportunity to open minds to what a management should be and set about the task in earnest. Time will tell.
Douglas Coleman is a Management Consultant, Trainer and a Director of Gablesmead Ltd