The upcoming ISO 9001 revision will no longer require a Quality Manual. Most are welcoming the change, but probably for the wrong reasons. Yes, this means less work when implementing and maintaining a QMS, but there are risks associated with getting rid of the manual entirely.
First, many large organizations base their supplier selection on a quickie “desk audit” that involves reviewing your quality manual. That’s not likely to go away any time soon, and if you drop your QM entirely, you may be left with nothing to send to potential customers when they want to add you to their approved supplier list. That means you just lost that big contract.
Next, Certification Body (CB) auditors are going to keep asking for a QM no matter what. This, too, will never change. Auditors rely on whatever previous experience they had before they became auditors, and for most of them this means a paper-based QMS comprised of binders full of documents. Already many CB auditors are making the (false) argument that they will not be able to assess a QMS without a quality manual, no matter what ISO 9001:2015 says. So if you delete the manual entirely, get ready to have fights with your CB. Even if you are right, you’ll be wrong.
But most importantly, a good quality manual acts as an important internal tool… or at least, it should. When it doesn’t, this is a failure of the manual itself, not the idea of a manual. Employees should use the manual as the one-stop spot to check the company’s top policies, and to point them to the supporting information, whether that is other “binders full of documents” or merely which managers may have answers to verbal questions.
The quality manual has gotten a bad reputation because it’s become a nuisance. The good news with ISO 9001:2015 is that we can now convert the manual into something useful, and since there aren’t any specific requirements for the manual anymore, we have complete freedom to do whatever we like, without running afoul of the standard. Want to write a manual on eggrolls with edible ink? Go for it.
Vagueness is the New Specificity
ISO 9001:2015 is a vague, often contradictory, and sometimes nonsensical mess. While the TC 176 authors and their duped, willing sycophants insist it contains clearer requirements, the most casual examination proves unequivocally that this is untrue. Consider the new “risk based thinking” requirements, which are actually non-requirements, since the standard calls out no need for records, procedures, processes or evidence for “RBT” at all — you need merely “think” about risk, and you’re done. Meanwhile, they removed the requirements for preventive action, leaving a big hole of nothing in its place. That’s not adding clarity, that’s adding vagueness. Nature abhors a vacuum, and so should you.
Fortunately, we can do a judo move on ISO 9001 and use its’ momentum against it. Rather than rid ourselves of the Quality Manual entirely, we can use the new freedom to create an Interpretations Manual that not only replaces the previous QM, but works to close the many gaps left open by ISO 9001’s drunken “experts.”
What might this look like? Here’s an idea.
The Interpretations Manual
First, take each requirement of the ISO 9001:2015 standard and copy it into your manual. Sure, you will be violating their insanely-restrictive copyright assumptions, but since nearly every company on the planet has been doing this for 28 years, you’re safe. They can’t sue the planet, and if they tried, they would lose on the fact that they failed to uphold their copyright for the past 28 years. If you are really skittish, just cite the clause number; but that won’t help the reader, if they don’t remember the clauses.
Next, add an interpretation. This interpretation will be unique to your company, and should reflect the following:
- What does the requirement mean for us, in our industry, relative to our customers’ unique expectations?
- Who does the requirement apply to, given the scope of our QMS, and our employee makeup?
- What processes does the requirement apply to?
For the interpretation, you must feel free to interpret the requirement in the most practical manner for your organization, but not so far as to nudge you out of compliance with the basic spirit — or letter — of the requirement. For example, where ISO 9001 says you shall maintain documents, your interpretation may say “we will only maintain electronic documents.” You cannot say “we will not maintain any documents,” or your interpretation no longer will comply.
For the most part, your interpretations shouldn’t run you into any trouble. But there may be cases where your interpretation comes dangerously close to violating ISO 9001. If so, run it past other experts in the field, your full management team, and perhaps your registrar. I say “perhaps” because of what I am about to tell you below; keep reading.
Finally, indicate any supporting documentation that may go into greater detail on the requirement and your interpretation. This might be your typical SOPs, or it might be nothing — you also have greater freedom in deciding what you are going to write procedures for in ISO 9001:2015.
Here’s an example, based on an Interpretations Manual that might be written as a document:
Alternatively, you can put the whole thing in a searchable, sortable spreadsheet:
And in all cases, the references to supporting documents can be links to networked documents, policies, etc. You can also add fields that link to responsible managers and their internal email addresses, or phone extensions. If presented on an intranet portal, each clause’s interpretation may link to an internal forum discussion, where the interpretation is discussed between employees. The possibilities are endless.
Once it’s done, you will have a completely customized set of interpretations that become de facto policies, which can then drive the procedures and implementation of those policies. The resulting Interpretations Manual can be used by management to set corporate direction, by employees to understand company policies and to identify where to go for more information, and most of all by auditors — internal and external — to give guidance on how to audit the QMS and its unique aspects.
You can also submit this to any potential customers, and they can still check off their “Quality Manual” requirement when determining your validity as a supplier to them. This should even pass muster under those impossible-to-please government contracts.
Prepare for Battle
There are, however, some risks associated with this approach. First, as I said, the external Certification Body auditors will find this so different, they are likely to reject it without the least bit of intellectual consideration… even though they are explicitly disallowed from doing so, and are required to assess your system without the infection of their personal expectations. But they are used to seeing a Quality Manual in the traditional sense, and will be put off when they don’t see it. They may even raise bogus findings on it, or couch them as “opportunities for improvement.” Hold your ground. They have no basis to do so, and you are within your rights to appeal. After all, ISO 9001 says:
Accordingly, it is not the intent of this International Standard to imply the need for uniformity in the structure of different quality management systems, or uniformity of documentation to align to the clause structure of this International Standard, or to impose specific terminology to be used within the organization.
So be prepared to defend your interpretations. This is why it is so critical that you have not interpreted yourself out of compliance with the standard. CB auditors are likely to view anything that doesn’t align with whatever their previous employer did as “nonconforming,” since they lack imagination. Much of your new ISO 9001:2015 auditing activity will be spent proving how your intepretations comply. This is sad, because ever since its inception ISO 9001 was meant to be tailored by the organization, but auditors have presented an impenetrable bulwark against progress in this area.This will not change just because ISO made the standard more vague; it will actually get worse.
For example, already the under-informed army of CB auditors are forming a chorus indicating that FMEA is the best approach to meet the “risk based thinking” requirements, even though FMEA is of highly limited usage, of dubious mathematical adequacy, and only one of dozens of possible risk tools that could be used. If your risk interpretation elects to use tools other than FMEAs for risk, or Turtle Diagrams for process definitions, prepare for a fight.
But if you are confident that your interpretation still meets the intent of ISO 9001, you must be prepared to defend it. This means putting up with CB auditor pushback, and maybe even having to appeal bogus nonconformities. It may mean escalating your appeal to formal complaints, first to the CB and then — if you don’t get a good resolution — to the CB’s Accreditation Body (ANAB, UKAS, etc.) You are likely to win, but it may mean your certification isput on hold while that plays out. Many managers find that unacceptable, and just acquiesce to the auditor’s whims, which is why every company’s ISO 9001 system starts to look like every other company’s system, and why they all start to suck. This is why company’s have “training matrices” and “preventive maintenance logs” even though the standard doesn’t require them. You are paying the auditor to do his job, not to make his job easy. If he has a problem with your interpretation, make him prove it. Avoid the temptation to yield to the auditor, and always defend your system! It’s your right.
On this point — which is worth repeating again — if the auditor has a valid finding, grounded in a firm ISO 9001 requirement and supported by appropriate objective evidence, you will have to yield. I am not suggesting you fight to defend a valid nonconformity, only that you fight the inevitable kneejerk reaction CB auditors will have when seeing anything they are not used to.
So before throwing out the Quality Manual entirely, you may want to consider converting it to an Interpretations Manual. This will add true value to your QMS, for your customers and your employees, even if the CB auditors hate it.
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001:2015. He reviews wines for the irreverent wine blog, Winepisser.