Both ISO and the IAQG have finally published official clarifications that resolve — definitively, one hopes — a misinterpretation that ISO 9001 and AS9100 auditors have been spreading throughout the industry. It also marks a rare win for Oxebridge, which pushed the issue.
The problem arose from an error in the text of ISO 9001:2015 clause 8.4.3, related to “information for external providers.” That clause includes a bulleted list (lettered “a” through “h”) of things that may need to be communicated — or “flowed down” in industry lingo — to suppliers when buying things. Whereas in prior editions of ISO 9001, the list was prefaced with the words “as applicable” — making it clear each bullet list item wasn’t mandatory on every order — the TC 176 gang forgot those words in the 2015 version text, causing endless problems. Now, auditors have incorrectly demanded that all the bullet points be included on every order, to every supplier, whether or not the requirement makes sense.
ISO defended itself, albeit weakly, by saying the 2015 version indicated the company would flow down “its” requirements, implying that if a bullet list item wasn’t a requirement for the company, it thus didn’t need to be flowed down. But that was never fully understood.
Things got worse under AS9100, which utilizes the ISO 9001 text as its core. The IAQG authors added more bullets, with a host of sub-bullets, but did not fix the ISO 9001 error. That caused AS9100 auditors to — again, incorrectly — demand every outgoing PO list every bullet point, to every supplier.
This never made any logical or practical sense. One of the bullets ahs to do with flowing down requirements for “competence” of suppliers, but for companies that purchase from large distributors like Amazon, McMaster or Grainger, clearly flowing to a “competence” requirement for the person packing a box at a warehouse was not what ISO or AS intended. That hasn’t stopped auditors from pushing the issue, however.
The Seven Year Itch
So, in 2017, I filed an OASIS ticket with the IAQG to get this corrected. Alan Daniels — who is a major player rin both the AS9100 and ISO 9001 standards committees, ruled that, no, the bullets were not mandatory for every PO. But then the issue stuck there and was never converted into an official IAQG “Clarification.” I later filed a formal request for clarification, but Daniels and the IAQG misunderstood the problem and released an even more inane ruling: that companies could exclude bullets from 8.4.3 from their QMS scope entirely. When I pushed back, indicating that the bullets need to be excluded from individual POs, not an entire QMS, the IAQG agreed. But it took seven years for the IAQG to finally issue its ruling.
Note that the IAQG ruling still references a “PO” (purchase order) which, as we will see, is still a misunderstanding of the standard. Yes, the IAQG “experts” have not apparently read their own standard. Hold onto that thought for a moment.
While waiting for that ruling, I filed the matter with ISO TC 176 to get the core ISO 9001 text clarified. That matter was then stalled by ASQ functionary Jennifer Admussen purely out of spite and personal animus. I then used the 200,000+ strong LinkedIn ISO 9001 Group to have other people around the world submit the request, thus circumventing the corrupt Admussen entirely, and the matter was processed in the UK instead. TC 176 agreed that, no, the bullets are not mandatory for every outgoing order, but then took another full year to publish the ruling.
ISO went even further, however. In response to someone else’s request for clarification, TC 176 ruled that a “purchase order” isn’t required at all since clause 8.4.3 doesn’t require anything to be communicated in writing to the suppliers in the first place. So auditors not only cannot demand that certain content be included in POs, they can’t demand POs in the first place. Until ISO fixes the standard, you can make your orders to your suppliers verbally, over the phone, without any record whatsoever.
So, remember when IAQG (above) referenced a “PO” in their clarification? A PO that ISO says isn’t required in the first place? Sigh…
But, in the end, we now have rulings from both IAQG and ISO clarifying the issue.
But most of it is pointless. Certification bodies don’t train their auditors on the official rulings, and auditors remain wholly unaware of them. Despite IAQG insisting that their rulings are “binding” on CBs and their auditors, they go unenforced.
As a result, as late as late week we still had to have a discussion with a CB auditor on this matter. In that case, the auditor is insisting we flow down “competence” and “right of access” requirements to a simple paint distributor who — I can assure you — has no intent on complying with those demands. The clients now risks losing a key supplier because the CB auditor is misinterpreting the standard.
To access the ISO TC 176 interpretations, click the link for “listing of formally approved interpretations” here. For the IAQG clarifications, click the link for “Clarifications Table” here. Note that both these links change often, so may be dead by the time you read this.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
