ISO9001 does NOT require loads of documentation (you probably have too much)!

THE NUMBER ONE CHALLENGE I HEAR ABOUT QUALITY SYSTEMS CREATED TO MEET ISO9001 IS TOO MUCH DOCUMENTATION!

Clients either mistakenly think they have to have loads of documentation, procedures for everything they do, or multiple levels of documents like policies AND procedures AND work instructions AND forms AND whatever else they can think of.  This just isn't the case.

Likewise, I get asked all the time to help organizations to sort through and regain control over their documentation after it's grown completely out of control and is bogging down their system to the point of collapse.

The myth of "Say (everything) what you do, and do what you say" as the clear path to ISO9001 compliance is inaccurate and can be misleading.  There is a nugget of wisdom in the intent of the quote itself, but it is more about defining a system and then holding yourself accountable to it, than actually creating a mountain of red tape.

MY biggest challenge as a consultant is cleaning up the mess that is created when an organization launches their quality management system using this approach.  I can't count the number of organizations who have started with the idea of "write down everything we do so that we can get "ISO certified"".  Everyone does their best, everyone uses different writing styles and levels of detail, and the end result is a pile of documents no one really understands how to use.  Worse yet, the documents are typically not very useful at all other than to maybe describe to an outside auditor what is going on.  And ISO9001 doesn't even require all of that in the first place!

In addition to starting with a haphazardly constructed collection of documentation, many companies add documents as a "corrective action" every time they have a nonconformance and the document collection quickly gets out of hand.

ISO9001 requires "documented information" mainly as evidence that what was supposed to happen...happened (more like records than procedures).  There are very few prescribed policies or procedures required.

A better approach is to build your documentation using the ISO9001 standard as a guide.  You can even follow the order of the clauses, because the order in which they appear is a sensible approach to introducing and framing your quality management system.  In 4.0, you describe the context of your organization, your interested parties and their needs & expectations.  Then, you lay out the structure of your organization in terms of processes.  In 5.0, you introduce your leadership structure and who is responsible for what.  In 6.0, you describe your company's business plan - the risks and opportunities associated with your business, your quality objectives & how you'll achieve them, and how you'll manage changes.  In 7.0, you lay out the resources needed to do all of it.  8.0 is an overall view of how you'll execute the strategic plan through your processes and resources.  9.0 is about measuring how well things are going to plan.  And 10 is about making adjustments when needed.  

***For anyone who wants to say "you don't have to write your QMS in the same order", I'm well aware.  There are a lot of poorly skilled quality folks who think creating a quality manual as a regurgitation of the standard is a good idea.  That's old school thinking, and frankly, it's lazy.  That's not my angle.  I like to follow the order of ISO9001 for three very simple and straightforward reasons:

1.  It's ACTUALLY written in an order that makes sense.

2.  It helps anyone who is not an "ISO expert" navigate the requirements v what is in their QMS.

3.  The ISO "harmonized structure" (meaning order of things across all ISO management systems standards) provides a nice framework for integrating multiple standards such as ISO9001, ISO14001, ISO45001 together.

HERE'S SOME FREE ADVICE on the easiest way to begin building an ISO9001 based quality management system.  

• Start with a quality manual. 
  • There's nothing wrong with using the ISO9001 standard as a template, but rather than just regurgitating the requirements, add short notes to each point defining how your organization addresses each requirement.  Reference other documents if you must, but typically 3 or 4 words about what you're doing will suffice.  (And you'll be amazed how much your organization is already doing that complies with ISO9001). 
  • Write the quality manual as if it were for a NEW HIRE (not an auditor).  The quality manual should be a comprehensive overview of the system overall with clear direction of where to find more detail about each point.  This is where you start to think about how much additional documentation is needed.
• Define your processes.
  • The graphic in ISO9001 gives a simple generic view - create something that describes your organization's sequence and interaction of all its processes.
  • Then, describe each process individually.  (You can later use these to identify responsibilities/authorities, risk points, controls, metrics and more!).  Define them in a way that clearly describes how they input or output to their adjacent processes.
• Decide what records you'll keep to show that the processes are carried out as planned.  
  • This is where you decide what control points, sign offs, inspections, etc will happen.  Automate wherever possible, and consider how these records might play into your metrics strategy.
• Define who does what.  This can be a simple org chart perhaps with role descriptions.  But, be sure to define who is expected to do what.  And then define how you'll first ensure they are competent in each of their responsibilities, and that they can successfully carry them out.
• Now that you've defined WHAT you want done, decide how you're going to communicate HOW you want things done.  
  • Think about how you'll ACTUALLY train a NEW HIRE on your company's way of doing things.  And then only create exactly what you need to get that done.  If your procedures, work instructions, etc are not used to actually train anyone how to do something, they are WASTE!
  • The documentation you create should be considered a resource to YOUR personnel, not an auditor.  If it's not useful to someone in your organization, it's not useful.  Get rid of it.
  • Using this approach, you'll only have to maintain the documents you actually USE (and everyone will be more likely keep things up to date).

After that, you'll construct the typical quality tools for internal audits, management review, corrective action and continual improvement.  Those are more cumbersome to construct, but there are myriad tools and resources out there to help.

And it should be no more complicated than that.  Sure, it takes resources and a big push initially to get a QMS going, but it should NOT take a ton of resources to keep it working.  If it does, it's probably too complex.  You can hire a consultant to help, or DIY, but be sure to keep it simple and create a system that WORKS FOR YOUR ORGANIZATION. 

Don't over-document your system and overwhelm everyone in your organization.  You'll regret it later as the whole thing becomes too much to manage. 

The simplest way to keep something simple is to keep it simple.  

Click here to receive a FREE DOWNLOAD  list of what documents are required by ISO9001.  You’ll be shocked at how short the list actually is.  

For help implementing any of these ideas, contact us and let's get started today!