ISO 9001:2015: A Dystopian Nightmare

We don’t need no ………….  documented procedures …

I’m having a laugh, of course, but then there’s a lot to laugh about, just now.

ISO 9001:2015 does not require ANY documented procedures and, in the words of Sarah Palin, heads are spinning. Is panic too strong a word to use? Possibly not. After all, what is an auditor to do when they ask to see a procedure, only to be confronted with an answer and a statement of fact;

“We don’t have a written procedure and the standard doesn’t require us to have one”

Where does that leave the auditor? The auditee has NO procedure and they can’t be FORCED to have one? Are there no rules anymore? Does that mean we have to accept everything and anything? Fear not, here comes the lifejacket, and I’ll try to make the lesson really simple.

Stop asking for “procedures” and start asking about “CONTROLS”

There was a time, years ago, when “controls” and “procedures” were tantamount the same thing. Documented procedures were BY FAR the most widely applied control, so asking for “the procedure” was a much more reasonable request. Those days are gone, and ISO 9001:2015 has tried to reflect that. It has tried to reflect the way organisations manage their affairs in the 21st Century and, unfortunately for the lazier auditor (and those that are just plain thick), this will involve “documented procedures” to a lesser and lesser extent. Organisations often do things differently.

So, whilst it is true to say the standard no longer requires any specific documented procedures, it DOES require auditable controls. That is, a controlled way of managing work activities that generates records of conformity. That is the whole purpose of an auditable management system. More and more these days that will involve the use of technology. The result is that where in the past where we’d have had documented procedures, we might now see software, on-line tools, menu driven screens and dashboard applications. Those are just a few examples.

Procedures may still be used of course, but they are just ONE option that an organisation has for exercising control, so it really is time to stop asking for procedures – and generating an increasingly predictable response (see above) – and to start asking about CONTROLS. Remember, it’s all about context now, and one “context” issue that affects absolutely everyone is that it is no longer 1995 …

Obviously this relies on the auditor understanding the concept of “auditable control” of course …

Shaun Sayers

This entry was posted in ISO 9000, ISO 9001:2015 and tagged , , , . Bookmark the permalink.

One Response to ISO 9001:2015: A Dystopian Nightmare

  1. Ashok Deobhakta says:

    Very nicely explained. I suppose it will take long time for organizations, who have already certified to old version, to address requirements in the new version. Most of the organizations will continue to refer and show the documented procedures. The new entrants may show the way in the manner referred in your post. But more resources will have to be put in Training Courses. So all have to be on a good learning curve.

Leave a Reply

Your email address will not be published. Required fields are marked *