ISO 9001 isn’t always well understood, as you can imagine. To help ensure some consistency, Technical Committee 176 — the authors of ISO 9001 — issue “Official Interpretations” when a question is posed to them. The process is laborious and slow, and each request must be framed to allow for either a “yes” or “no” answer, but eventually TC 176 issues a ruling. These are supposed to be upheld by third party certification body auditors, but unfortunately the CB auditors rarely consult the resulting file, and many don’t even know it exists. A few outright scoff at TC 176 and say they will do what they like anyway.
But arming yourself with the official TC 176 Interpretations is useful, since you can reference these when responding to a bogus audit finding, and thus win your appeal. You can find the complete set here. But here are a selection of five of the most eye-opening interpretations issued by TC 176 to date. Note that while these are issued against the 2008 version of ISO 9001,so I have included a likely ISO 9001:2015 applicability comment for each. Of course, my language isn’t binding, but it’s likely to be accurate.
1.) You can contract out the role of ISO management representative. (TC 176 RFI # 109)
Ruling: TC 176 settled this a long time ago, but auditors and others still insist that the “management representative” cannot be a consultant or contractor. TC 176 ruled that management may assign this to a person who “works for the company in a managerial capacity, is not a permanent member of staff, but works full-time on a contract basis.”
ISO 9001:2015 applicability: this ruling would stand, as new standard removes the requirement for a management representative entirely, so if a company wants to continue to use a contractor or consultant in such a role, they may.
2.) Maintenance records are not required. (TC 176 RFI # 111)
Ruling: CB auditors have routinely demanded to see records of preventive maintenance of equipment and/or facilities, despite there never having been a requirement in the standard for this. Eventually TC 176 ruled that no, ISO 9001 does not “require records of the maintenance of infrastructures.” This would include preventive maintenance or any other kind of maintenance records. Having them may be a good idea, but it’s not a requirement.
ISO 9001:2015 applicability: the ruling would stand under the new standard as well, since the 2015 version, under clause 7.1.3, does not require such records either.
3.) You do not have to notify the customer if you discover you sent them nonconforming product. (TC 176 RFI # 117)
Ruling: This one may shock you, but there’s no hard requirement for you to notify the customer if you later find out you sent them nonconforming product, even if the nonconformance is related to their specific requirements. The ruling probably came about with some hesitation, but in the end TC 176 had to yield to the fact that the requirement simply was never put into the standard.
ISO 9001:2015 applicability: the ruling would probably stand under the new version as well, but only because of poor wording in the new standard. It appears the authors intended to fix their mistake in ISO 9001:2008, but screwed it up again by poor wording, as clause 8.7.1 now requires the company to “deal with nonconforming outputs in one or more of the following ways” and then presents a list of four choices which includes “notify the customer.” However, since the literal language says “one or more ways,” a company may select other options from the four choices, and thus ignore “notify the customer,” and still be in literal compliance with the requirement.
Note: We should probably file a new RFI and get an updating ruling on this one, so proceed with caution. But technically, if TC 176 were to rule that customer notification was required, they should be forced to update the standard, because they’d be contradicting what they wrote. Since they don’t like doing that, they’d be forced to rule that no, you still are not obligated to notify the customer.
4.) New documents do not require review. (TC 176 RFI # 106)
Ruling: Wait… what? Yes, TC 176 ruled that new documents only require “approval” and no actual review. In their minds, they feel “some degree of checking, examination or assessment by the person or persons approving is inherent in [the requirement for] ‘approval for adequacy’.” Whenever a standard relies on something being “inherent” then you know you’re in trouble.
ISO 9001:2015 applicability: the requirement would not stand under ISO 9001:2015, which now requires both “review and approval for suitability and adequacy.”
5.) You do not have to retain records of inspection of purchased product. (TC 176 RFI # 115)
Ruling: Maybe it was an oversight, but under ISO 9001:2008 clause 7.4.3, TC 176 only required companies to “establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements” and never actually required any records of it. Most companies keep “receiving inspection” records anyway, but it is entirely optional.
ISO 9001:2015 applicability: it’s not clear how this ruling would apply under the new standard, since the clause 8.4 “Control of Externally Provided Processes, Products and Services” is badly written, the result of trying to do too many things in one clause. Technically clause 8.4.1 “General” says that company must “determine the controls to be applied to externally provided processes, products and services” and then “retain documented information of these activities and any necessary actions arising from the evaluations“; but this language appears to be a re-phrasing of ISO 9001:2008 language related to the controls over the supplier, which would mean it deals with supplier audits, surveys, flowdown of requirements, etc. – and thus not inspection of incoming purchased materials. This is reinforced by the fact that the next clause, 8.4.2 “Type and Extent of Control,” goes on to discuss “verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements,” which clearly addresses incoming product inspection. That clause, however, does not require any records.
Note: We will need a new RFI ruling on this one, as clauses 8.4.1 and 8.4.2 seem to contradict each other, or at least do not compliment each other.
Want to request an official TC 176 interpretation of ISO 9001:2015? Grab the proper request form here, and send it to your nation’s official TC 176 member body. The list of member bodies can be found here. Then sit back and wait, because it can take up to a year or more for TC 176 to process and vote on it. Yes, I know they haven’t updated the RFI form to reflect ISO 9001:2015, but fill it out anyway. I’ve alerted Charles Corrie at TC 176 to update the form, but I am sure that will take at least a decade to actually happen.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 25 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015, which can be purchased here.