A Rose By Any Other Name

Previously, we discussed the fact that ISO 9001:2008 requires documentation of the organization's Quality Management System, including a Quality Manual, some procedures, and probably other types of documents of an indeterminate type. The need for any form of documentation is actually defined in the standard, under 4.2.1, in the phrase "documents...determined by the organization to be necessary to ensure effective planning, operation and control of its processes. This gives people quite a lot of freedom to create whatever quantity, content and format of documents it chooses, especially if they choose NOT to be constrained by the hierarchical "pyramid" we discussed previously.


We've established, in a previous blog entry, that the need for and content of many documents is going to be, in good part, dependent upon the competency of the people who use them. In general terms, the higher the competency of the person using documents, the less detailed the description in the document needs to be. A key consideration is that someone will probably figure out pretty quickly what the document is about, if they are competent.


Try this simple example; write down the preparation and cooking of scrambled eggs - for yourself! How detailed would such a task need to be for someone with experience in a kitchen? These are fairly simple concepts and practices, so why do people make the creation of "ISO" documentation so complex?


Form Over Function?


Where people start going off the rails in the design (format) of their Quality Manual (see 4.2.1.b). If we take a look at the ISO 9001 section which defines what should be included in a Quality Manual (4.2.2) it says:


"The organizations shall .... a quality manual that includes:-


a) the scope of the quality management system (and some stuff we won't concern ourselves with here)


b) the documented procedures - or reference to them, and


c) a description of the sequence and interaction of the QMS processes"


Pretty simple, really. If we add a couple of other requirements of ISO 9001 which would seem appropriate to include in such a manual:

• and organization chart or some way to show who 'top management' are (5.1, 5.5.1)
• the Quality Policy (5.3)
• Quality Objectives (5.4.1)
• Who the "Management Representative" is (5.5.2)

Then, maybe assign a page to each of these (which might be considered overkill), adding a nice cover page, we have a total document of some 7 pages. Going beyond what ISO-says, perhaps including some really useful information, like a description of the history/background to the company, details of markets served, products, office/factory locations, contact details, including a web address etc. we might expand it to 10 pages.


One example of an ISO 9001-compliant Quality Manual I saw was actually a tri-fold, made from an 81/2 x 11 sheet. It was prepared in the same way as a company marketing brochure might be, from the front outer cover showing a photograph of the building, the 4 "inside" pages containing the "ISO stuff" and the back page being a map, address, phone numbers etc. What a good looking, useful and very readable document! Imagine being given that on your first day at work, or as a potential customer...

It's interesting, then, to note that in spite of these (minimal) requirements, many people create (or even buy) a document which closely resembles the layout of the ISO 9001 standard itself. Since the Quality Management System is supposed to describe the key or core processes of the organization, which are responsible for determining customers' requirements, through to delivering product/service to those customers, and also the process which support and enable the key/core processes, why use ISO 9001 as a template? It clearly isn't laid out in this manner! 

If we take a look at other types of documents the standard mentions (or people think are necessary), it's common to employ the following format for procedures and work instructions, which often  includes:

• Purpose
• Scope
• Applicability
• Definitions
• ISO 9000 reference(s)
• Responsibilities
• Flow chart (possibly)
• Procedure
• Records
• Change History

In one (extreme case), even the office stationery needed to complete the work was listed!


Good grief! Look at how much "stuff" has to be waded through before any mention of a procedure is made! Plus, with all this content, how many pages are the result? No wonder people have heard that "ISO" is a paperwork nightmare!


Good Design - You Know It When You See It!


Rigorous adherence to a format is NOT what is required. Well communicated requirements and controls are! The documented management system is a product first and foremost. And good product design considers, first and foremost, the needs of the user. In fact, good product design is elegant! If you look up “elegant” in a dictionary, one of the definitions is:

"gracefully concise and simple; admirably succinct"

Notice it doesn’t just say “concise” or “simple” or “succinct”, but “gracefully concise” and “admirably succinct”. And, for many of us, we know it when we see it. Consider Apple products, if you want a really good example. People actually get "carried away" with their ownership of Apple iPhones, Macs etc. OK, so maybe that's a little extreme as a comparison for QMS documentation, but why shouldn't an organization strive to make its documentation at least "friendly" to users? Why does everything have to be forced to fit this structure?

The answer is, of course, that it doesn't. Now, we all use documentation in our everyday lives - outside of any ISO based QMS - without the need for an similar format. Take, for example a humble bank note, or a bus or train ticket. Often they contain a lot of information. Some of it is for us, some used by the issuing agency. Do they need the structure above, to enable them to be used by a huge population of users with all levels of education etc?


Frankly, I see no real reason to force such a set of descriptors on what should be simple documents. What are we attempting to use QMS documents for? Convey the requirements for effective process "planning, operation and control", elegantly...

Save the Pyramids for the Pharaohs!

If one word is (over) used to describe the implementing of an ISO 9001, Quality Management System (QMS), it's "documentation". A lot of peoples' perception is that complying with the ISO standard is all about creating and maintaining documents—lots of documents.


Although the early versions of ISO 9001 were prescriptive in making it necessary for many "documented procedures", the current International Standard doesn't rely so heavily on the need for them, leaving it up to an organization to decide what is necessary to maintain effective control over its business processes. Indeed, the ISO requirements are worded in a manner to allow an organization the freedom to decide how and what requires to be documented.


Somewhere To Bury Your Documents?


In the early years of ISO 9001 implementation, the visual metaphor of a pyramid became common to describe the multiple levels of the Quality Management System's documentation, probably because the early ISO 9001 requirements referred to procedures in nearly every section and, in one, the need for work instructions (..."where the lack would adversely affect quality"). 


As a result, and somewhat in line with the "Say what you do, Do what you say" mantra, many organizations chose this format (or something similar) for its Quality Management System structure: 

Level 1 - Quality Policy Manual


Level 2 - Quality Operating Procedures


Level 3 - Quality Work Instructions


Level 4 - Quality Forms/Quality Records

A feature of this hierarchical approach is that the amount of detail in the documents becomes greater, from the top of the pyramid to the bottom. That is to say, the policy manual says very little about the details of the processes of the organization, the procedures say what is done within a process and work instructions describe how the process is performed at a task level. As a result, the value of some of the documents is lost. Take for example the Quality Manual. Typically, the Quality Manual is a regurgitation of the ISO 9001 document, with key words changed to make it look more like the organization actually wrote it. Often, the terminology from the standard remains substantially unchanged, which is a bit like putting a square peg in a round hole!


Procedures are often written around the requirements of the ISO standard or a department, rather than describing a process, which may require multiple parts of the organization to be involved in. This writing of departmental procedures tends to reinforce the "silo effect" from which organization suffer. 


Another aspect of using levels of documentation which really indicates that it's not a good "fit" is the commonly asked question; "Is this document a procedure or a work instruction?" Of course, the reply should be "Does it matter what it's called?"


The pyramid diagram even appeared in the (now obsolete) North American Automobile Industry's Supplier Quality Requirements document, known as "QS-9000", which was based on ISO 9001:1994 and, as a result, tended to add the endorsement of the "Big 3" automakers to such an approach.


Happily, ISO 9001:2000 was a major departure from the emphasis on documents and shifted away from each requirement stating a documented procedure was required, to requiring just 6 procedures—leaving the implementing organization to determine what others might be needed, if any. Emphasis is placed, instead, on having defined processes which opened up lots of opportunities to think "outside the pyramid" (so to speak) and completely revisit the whole role that documentation plays in a Quality Management System.


It's also unfortunate that many organizations - who previously implemented the procedure-heavy ISO 9001:1994 requirements—simply re-numbered their documented Quality System to align with ISO 9001:2000. In doing so, they missed a great opportunity to change the 'architecture' of the Quality System and relieve themselves of the constraints the pyramid places on them. Instead of maintaining a bureaucracy, the documentation could have been revamped into something which better represents the needs of the organization.


Beauty Is In the Eye of the Beholder


Good (product) design is a rare thing. It blends many requirements, including style, usability, performance to name just three. Consider great designs like the Fender Stratocaster guitar, original Morris 'Mini' car, Sony Walkman, Apple iPod and so on.


If the Quality Management System is considered to be somewhat similar to a product design, using a pyramid for the basis doesn't make much sense! Each organization has different needs for it's QMS and using such a "cookie cutter" can't provide for them. After all, the manner in which an organization operates is generally along its processes which:

• Add value to the Customer, in transforming materials, information etc. into what they need

Or,

• Add value to the organization, in supporting those processes needed to satisfy the customers' needs.

These processes are often considered as running "horizontally" through the organization, across functions and departments, from the point at which customers' needs are identified, through delivery to the customer. The documents used often provide information to enable the organization to process products and other information. So, why shouldn't the model for the Quality Management System structured horizontally?


A clue is found in the ISO 9001 requirements for the QMS, namely 4.2.1 which states (in part) that the organization should determine the "sequence and interaction of the processes" of the QMS. By choosing to map the business processes, it can be decided what documents are needed to define the inputs, process controls and outputs for the various processes. An ISO Guidance document was created to give assistance.


A form, previously called a "level 4" document, may be completed as the input to a process which may have been created as a "level 2" document. The output of the process may be the same form, with more information added - an approval for example. No "level 3" document may have been needed by the person completing the process, because of their competence in the tasks. This vitally important influencer of documents was, previously, not considered. It may also be that to complete a process, a checklist—which might have been a "level 3" document or "work instruction"—is used to describe the various steps of a process and is completed (checked off and information recorded on it) as the process is performed. Now, we can understand peoples' confusion with how to pigeon-hole documents by level.


By approaching the task of documentation based on the needs of the organization and its processes, it's not the level in some arbitrary hierarchy that's important, but the use of the document in ensuring effective process control and (QMS) performance.

Welcome to the "ISO Myth Busters" Blog!

With over 30 years of Quality Management experience, I enjoy sharing my knowledge with those who are seeking answers or a better way to implement ISO 9001 requirements. For too long, there have been myths and legends about how to implement a variety of requirements from the International Standard. These myths and legends often come from the need to pass an ISO Certification audit, and, go along with the "Say what you do, Do what you say" mantra coined during the early 1990s.


In this blog, we'll cover such diverse issues as the myths surrounding document control, equipment calibration, management review and internal auditing. We'll also take a look at the role of the Certification Body/Registrar and what to consider if you're looking for one to work with.

I hope you'll find the posts to be helpful, that people will contribute to the posts and create enjoyable discussions and that we'll all learn. So, let's make a start on busting the first myth:-

ISO 9000 Means 'Say What You Do, Do What You Say'...

In my view, nothing could be further from the truth! The implementation of a Quality Management System, to meet ISO 9001:2008 requirements, takes a lot more than simply writing down what the organization does!


This phrase was, I believe, taken by early adopters of Third Party Certification. It is true to say that much of what ISO 9001 requires to be included in an organization's Quality Management System, may be based on what's institutional to an organization and should be documented in some form. It is, after all, what's made the organization successful and could be captured as the basis for improvement etc.

As an example, a printed circuit board supplier used by my employer during the 80s, had a phenomenal system for reviewing customers' supplied artworks and specifications. This supplier simply knew, from hard won experience, that what they were given by their customers simply couldn't be used for fault-free manufacture. Once received, their process engineers would review what the customer supplied for clearances, alignments, potential plating problems - in fact all the features that could cause quality problems. They listed these issues and communicated them back to the customer for approval to continue, or allow them to engineer an appropriate solution. In such a case, this process of review would have been satisfactory to document as it was practiced - to meet ISO 9001:2008 7.2.


You Can't Simply Write Anything, Y'know!

By contrast, there are quite a number of specific requirements in ISO 9001:2008 which are not institutional, so there maybe no clearly defined practice, methodology or process to document! Take internal quality management audits for one:

When did any member of an organization leap out of bed, in a "Eureka" moment, and decide that internal quality audits would be worth doing? It took the need to comply with ISO 9001 before the organization found some training (or similar) and started implementing them. Hardly a 'say what you do' scenario!

The same is true for corrective action, for preventive action (rarely is this requirement understood at all well) and the (key) requirement of performing management reviews. Such requirements are not normally practiced sufficiently well to be regarded as needing only a written procedure or process. Typically, processes are incompletely and/or ineffectively implemented, especially when compared to the full ISO 9001 requirements. Therefore, some form of planned action is necessary to ensure these deficiencies are addressed, and subsequently documented, as a means to capture what's now known to work.


Don't Document Things For the Mary Celeste!

In the early versions of ISO 9001 (the 1987 and 1994 revisions) the need for effective management systems was not specified clearly enough to help us. As a result, organizations often created masses of documentation which described, in painful detail, what was actually being done - and without much thought for practicality or effectiveness. Instructions are documented to a level of detail, such that "if everyone got sick, you could hire new people without an impact on quality". How bizarre! To my knowledge such an event only happened once, on the Mary Celeste and I doubt if writing things down would have helped anyone who found her!


With the advent of the year 2000 revisions, the addition of clear quality objectives and measurement of processes, ensures the organization must now be able to demonstrate an effective management system and therefore, actions must be taken to ensure that what is defined and documented actually delivers results.


As much as 20 - 25% of the ISO 9001:2008 requirements may not have been effectively implemented in an organization. Just as an architect designs a building, only when all the client requirements are well understood, along with a detailed understanding of the actual building construction, materials, building codes and usage, does he begin the design process.


It's the same concept with the design of a Quality Management System.  No-one should start to document a process, if you have only a sketchy idea of what's really behind the requirement! We'll cover this topic at a later date.

I hope this initial blog entry has shown "where I'm coming from" on the subject of ISO 9001 implementation and Quality Management Systems. Keep an eye open for more posts with a different twist on ISO Myths