How will ISO 9001:2000 Change your Procedures?

Only six documented procedures are specifically required by the new ISO 9001:2000 standard. Although these same procedures are also required by ISO 9001:1994, you need to ensure they address the new and changed requirements.

1. Control of Documents (4.2.3) – A key difference is that documents must be reviewed, updated as necessary, and re-approved. This implies a periodic review of controlled documents to find out if they need to be updated. In addition, changes must always be identified, not just “where practical”.

Your current document control procedure may cover the use of a master list, having the same reviewers as the original document, and providing access to pertinent background information. These requirements are not included in the new standard, but could, of course, be retained as part of your procedure.

2. Control of Records (4.2.4) – Although worded differently, the requirements of the new standard are basically the same as ISO 9001:1994. As a result, your current procedure should be adequate.

The collection, filing, indexing, and accessing of records has been dropped. However, these requirements are still addressed in the new standard by requiring the storage (collection and filing) and retrireview (indexing and access) of records.

The requirement to maintain pertinent records from subcontractors has been dropped. Clause 7.4.1 of ISO 9001:2000 requires records be kept of supplier evaluations and any actions arising from the evaluation. If records from a supplier are a pertinent part of the evaluation, the records must be maintained. In addition, clause 7.4.3 requires an organization to implement inspection and other activities to ensure purchased product meets specified purchase requirements. Since clause 4.2.4 requires records to be maintained as evidence of conformity, any pertinent supplier records needed for evaluation of the received product would be covered.

Making records available for customer evaluation, if agreed contractually, has also been dropped. ISO 9001:2000 clause 5.2, Customer Focus, requires top management to ensure customer requirements are met. Any contractual requirement to permit customer evaluation of records is adequately covered in the new standard and doesn’t need a more specific reference in 4.2.4.

3. Internal Audit (8.2.2) – Prior audit results must now be considered when planning the audit program (schedule), in addition to considering the status and importance of the areas to be audited. Most auditors were already addressing this requirement as part of the “status” requirement.

The new standard requires the audit criteria, scope, frequency and methods to be defined. We knew to do this based on our audit training, but now it is spelled out as a requirement.

ISO 9001:1994 states the auditor must be independent of those with direct responsibility for the audited activity. The new standard says the auditor must be impartial and objective, and that the auditor cannot audit their own work. The revised text may give small organizations more latitude in assigning auditors.

Although ISO 9001:1994 requires an internal audit procedure, the new standard specifies the procedure must define responsibilities and requirements for planning and conducting audits, reporting results, and maintaining records.

4. Control of Nonconforming Product (8.3) – The ISO 9001:1994 standard identifies several actions that might be taken to deal with nonconforming product. The product could be reworked, accepted by concession, regraded, or rejected or scrapped.

The new standard covers these same actions in different words. Clause 8.3 says one way of dealing with nonconforming product is by “taking action to eliminate the detected nonconformity”. This is the definition of “correction” from ISO 9000:2000, which states in a note that the correction may be to rework or regrade the product.

When the new standard refers to actions to preclude the original intended use or application of the nonconforming product, it covers rejecting or scrapping. Both of the standards refer to concessions as an option.

However, there is a new requirement that for any nonconforming product detected after delivery or use, the organization take action appropriate to the effects, or potential effects, of the nonconformity. Be sure to address this possibility in your procedure.

5. Corrective Action (8.5.2) – The new standard clarifies that corrective action is to prevent the “recurrence” of a detected nonconformity. Although worded differently throughout the clause, the requirements are basically the same.

Some auditors have expressed a concern that 8.5.2 (f) only requires the “reviewing of corrective action taken”. They point out that clause 4.14.2 (d) of ISO 9001:1994 required “application of controls to ensure that corrective action is taken and that it is effective”. Based on the definition of “review”, corrective actions must still be effective. ISO 9000:2000 defines review as the “activity undertaken to determine the suitability, adequacy, and effectiveness of the subject matter to achieve established objectives.”

6. Preventive Action (8.5.3) – The new standard clarifies that preventive action is to prevent the “occurrence” of potential nonconformities. Although worded differently throughout the clause, the requirements are basically the same.

Most organizations have a combined corrective and preventive action procedure. Although the new standard identifies the need for a corrective action procedure and a preventive action procedure, they can be placed together if the resulting procedure addresses the unique differences of their requirements.

Other Procedures Needed?

Current systems based on ISO 9001:1994 include other documented procedures that are no longer required. For example, what happens to your existing procedures for contract review, design control, purchasing, and training?

Processes for these areas are still required. The question is whether these processes will only be “defined” based on the skills, training, and experience of the people doing the work, or “documented” as procedures. ISO 9001:2000 states in 4.2.1 (d) to include any documents needed to ensure the effective planning, operation, and control of the quality management system.

Your organization may choose to retain most of its current documented procedures. However, if you decide to keep a procedure, ensure it addresses all the requirements described in the standard for that process.