This is an old revision of the document!
ISO 9001 Objective Evidence Requirements: Part 1 Documentation
AS 9001:2015 is an incredibly poorly written QMS standard littered with ambiguous / vague requirements that have resulted in subjective interpretations and inconsistent implementation. This article discusses the minimum “Objective Evidence” actually required by the standard. Any interpretations beyond these minimum requirements (e.g., by an internal or external auditor) are based purely on subjective opinion.
The first confusing point to address is which documentation (e.g., procedures) are actually required by ISO 9001:2015.
ISO 9001:2015, Annex A states:
A.6 Documented Information
A row number below in Bold indicates either “Tips” or “Interpretations” are associated with the requirement(s).
All of the ISO 9001:2015 implied, suggested, and/or specifically required “documented information” to be “maintained” include:
# | “Maintain” as Documented Information (Documents) | Sec. |
---|---|---|
1 | To the extent necessary, the organization shall: a. maintain documented information to support the operation of its processes; [SUBJECTIVE requirement - to be determined by the ORGANIZATION (as per 7.5.1b)… NOT the auditor.] | 4.4.2 |
2 | a general description of relevant interested parties (see 4.2 a); | 4.4.2 |
3 | the scope of the quality management system, including boundaries and applicability (see 4.3); | 4.4.2 & 4.3 |
4 | a description of the processes needed for the quality management system and their application throughout the organization; | 4.4.2 |
5 | the sequence and interaction of these processes; | 4.4.2 & 4.4.1b |
6 | assignment of the responsibilities and authorities for these processes. | 4.4.2 |
7 | Quality policy | 5.2.2.a |
8 | Quality objectives | 6.2.1 |
9 | a register of the monitoring and measuring equipment (that includes: the equipment type, unique identification, location, and the calibration or verification method, frequency, and acceptance criteria). | 7.1.5.2 |
10 | The organization shall “determine” and “maintain” documented information “to the extent necessary:” 1. to have confidence that the processes have been carried out as planned; 2. to demonstrate the conformity of products and services to their requirements; [SUBJECTIVE requirement - to be determined by the ORGANIZATION (as per 7.5.1b)… NOT the auditor.] | 8.1.e |
11 | 8.3.4.1 When tests are necessary for verification and validation, these tests shall be planned, controlled, reviewed, and documented to ensure and prove the following: a. test plans or specifications identify the test item being tested and the resources being used, define test objectives and conditions, parameters to be recorded and relevant acceptance criteria; b. test procedures describe the test methods to be used, how to perform the test, and how to record the results; c. the correct configuration of the test item is submitted for the test; d. the requirements of the test plan and the test procedures are observed; e. the acceptance criteria are met. [While this requirement does not include the words “maintained” or “retained”, it is generally interpreted as applying in part to “test plans” (or specifications), “test procedures”, and to the “test results” (i.e., record)] | 8.3.4.1 |
12 | Controlled conditions shall include, as applicable: a. the availability of documented information that defines: 1. the characteristics of the products to be produced, the services to be provided, or the activities to be performed; 2. the results to be achieved; [This documented information may be provided by the customer (e.g., Drawings)] | 8.5.1.a |
13 | c. the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met; 1. ensuring that documented information for monitoring and measurement activity for product acceptance includes: - criteria for acceptance and rejection; - where in the sequence verification operations are to be performed; - measurement results to be retained (at a minimum an indication of acceptance or rejection); - any specific monitoring and measurement equipment required and instructions associated with their use; | 8.5.1.c1 |
14 | The organization’s nonconformity control process shall be maintained as documented information including the provisions for: − defining the responsibility and authority for the review and disposition of nonconforming outputs and the process for approving persons making these decisions; − taking actions necessary to contain the effect of the nonconformity on other processes, products, or services; − timely reporting of nonconformities affecting delivered products and services to the customer and to relevant interested parties; − defining corrective actions for nonconforming products and services detected after delivery, as appropriate to their impacts (see 10.2). | 8.7.1 |
15 | The organization shall maintain documented information that defines the nonconformity and corrective action management processes. | 10.2.1 |
<note tip># 2
For guidance on documenting “a general description of relevant interested parties”, read: Context of the Organization... and "Interested Parties"</note>
<note tip># 3
Guidance from ISO on crafting an acceptable QMS “scope” can be found online in the: ISO 9001 Auditing Practices Group Guidance on: "Scope of ISO 9001, Scope of Quality Management System (QMS) and Scope of Certification"</note>
<note important># 3
When asked “Is it allowable for an organization to claim non-applicability with any sub-clause or sub-paragraph of 9100-series?”, the response contained in the IAQG official "AS 9100:2016 Series Clarifications" stated:
“Yes. Organizations can claim non- applicability even down to a shall statement or portions of a shall statement.”
Also, when asked “Is it required that any non-applicability with a requirement be documented in the scope section of the Quality Manual?”, the response contained in the IAQG official "AS 9100:2016 Series Clarifications" stated:
“No. It is required that any non-applicability with a clause or “shall” statement be documented information but does not have to be documented in the scope section of a Quality Manual.”</note>
<note important># 5
When asked “Is using the process diagram in Figure 2 from clause 0.3.2, in your quality manual for interaction between the processes sufficient?”, the response contained in the IAQG official "AS 9100:2016 Series Clarifications" stated:
No. 9100-series standards are a process-based standard with requirements to identify the organization’s QMS processes and their interaction. The diagram on page 8 of 9100-series includes the relationships of the 9100-series sections 4 through
10. This diagram is not intended to define an organization’s processes and their interaction. Additional information is available from the ISO 9001 Auditing Practices Group website and IAQG 9100 Key Changes Presentation on the topic Process Management/Approach.
In addition, Annex A.1 of the standard provides this statement: “The structure of clauses is intended to provide a coherent presentation of requirements, rather than a model for documenting an organization’s policies, objectives, and processes.”</note>
<note tip># 5
Most AS 9100D auditors prefer to see “the sequence and interaction” of your QMS processes in “Turtle Charts” because that is how the auditor's SAE AS 9101F, Form 3 "Process Effectiveness Assessment Report" (a.k.a. “PEAR” form) is structured. However, if using “flow charts” to document “the sequence and interaction” of your QMS processes, preference should be given to using the "Business Process Model and Notation" (BPMN™) Standard for flow charting your processes.</note>
<note tip># 2 thru 8
While AS 9100 does NOT require a “Quality Manual”, it is generally a good idea to do so as a “defensive measure” because:
1. Addressing all of the requirements of AS 9100D in a “Quality Manual” (at a policy level) the business can argue that it has addressed the more subjective requirements (contained throughout AS 9100D) that do not specifically require “objective evidence”, and
2. Including references to the sources for the business's interpretations can immediately dismiss many subjective interpretations that an auditor may have.
Also, a “Quality Manual” can improve efficiency through providing a single source addressing items 2 thru 8 from the above chart.</note>
<note important># 9
The IAQG official "AS 9100:2016 Series Clarifications" states: The 9100-series clause 7.1.5.2 was not intended to force organizations to have the register specifically include the “equipment type, unique identification, location, and the calibration or verification method, frequency, and acceptance criteria.” The organization is required to have this information for equipment listed on the calibration register but not specifically in the register. </note>
<note tip># 9
Consistent with the above “official” interpretation, almost no one identifies the “method” or “acceptance criteria” in their “register” (database)… unless they have a full in-house calibration laboratory. What auditors typically see is:
1. the “method” identified on the calibration certificate (from the calibration/metrology lab).
2. the “acceptance criteria” either identified in the calibration certificate (from the calibration/metrology lab) OR for the company to have a copy of the calibration “method” that was used (containing the acceptance criteria).
While the company could have the instrument specifications, if those specifications can’t be matched to the actual calibration method used, then there is no way to confirm that was the actual “acceptance criteria” used in performing the calibration. </note>
<note important># 12
When asked whether clause no. 8.5.1a) of ISO 9001:2015 “availability of documented information” means “maintain documented information”, the ”
Official ISO 9001:2015 Inerpretations from ISO TC/176/SC2” stated “No”. And explained “The terms “available” and “maintain” are not synonyms, and the use of “availability” was deliberate. “Available” means “able to be used or obtained, or accessible”, whereas “maintain” means “cause or enable to continue”. The “maintenance” of documented information is not explicitly required by Clause 8.5.1(a), but is addressed by other parts of ISO 9001:2015. Clause 8.5.1 (a) requires the documented information to be “available” so that it can be used, not just “maintained” (i.e. preserved). The documented information that needs to be available under Clause 8.5.1(a) is part of the quality management system documentation, and therefore has to be managed in accordance with Clause 7.5.”.</note>
<note important># 14 & 15
There are only 2 requirements in AS9100D for documented “procedures”; “nonconformity control” (8.7.1) & corrective action (10.2.1). These 2 procedures can be (and often are) combined into a single procedure.</note>