ISO 9001:2015 – Newsletter – Issue 67

It’s also not surprising that these upgrade audits went fairly smoothly because many of the new requirements (the new “shalls”) also did not require “documented information”, so that makes them easier to address in an audit situation.  By the way, even though the Standard may not require “documented information” that doesn’t necessarily stop an auditor from insisting you provide this type of evidence.  Resist the urge to creatively generate some “documentation” to appease the auditor because you’ll end up doing this extra unneeded work every year thereafter.  I suggest you repeat that your organization simply does not have the “documented information” that the auditor is asking for… and then stop talking!  This will force the auditor to decide if they need to talk to someone else, or that they are going to “write this up”… and if they do write it up… then you need to have them tell you exactly which “shall” that you have not addressed, AND where it requires “documented information” (and they need to put their statement in writing).  It likely won’t get that far because they probably won’t be able to quote where it says this documentation is in fact required, and then it might turn into an OFI (opportunity for improvement), which you can politely dismiss a year later if you don’t see this need for “documentation” as adding value to your business.  One last comment, all auditors are trained to understand that during an audit, objective evidence can be obtained in three different ways: a) Reviewing of documents and records; b) Interviewing of personnel; and c) Observation of activities… so even if “documented information” is not available, the auditor still has two other techniques they can use to assess conformance.

I think that the strategy being used by many ISO Registrars is to be flexible and accommodating with their Customers during the upgrade audit and then to begin tightening up their expectations in future visits (aka surveillance audits)… time will tell.  If in fact you are faced with a much more stringent audit scenario during their next visit then one way to handle it would be to show them your Quality Manual and remind them that it’s the same one they saw last year… so why are they now suddenly concerned about some particular requirement?

I’ve seen this identical situation occur recently with one of my Clients and the root cause behind this sudden change of heart by the auditors was that they had not in fact read the Quality Manual the first time around.  That was unfortunate but also was not my Client’s problem.  The auditors finally had to relinquish their quest to write something up once they saw that the Quality Manual had clearly spelled out the organization’s interpretations of all the “shalls” in the Standard.  This is just another reason why I have recommended from Day 1 to retain the Quality Manual (even though the Standard doesn’t require one), and to place within that manual all of the ways your company has interpreted and applied each of the “shall” requirements.  Takes a lot of upfront work but will save you from stressful auditor discussions down the road.  Please remember that the main purpose of the Quality Manual is to act as a blueprint to help your employees understand how your company views quality and how it manages quality …but it also can come in handy for fending off unreasonable auditors!