Document Management Blog

ISO 9001 and Document Management | DocTech

Written by Ruban Rajasooriyar | Monday Nov 27, 2017

We are often involved in companies who are adopting or have adopted BSI/ ISO regulations.

We provide the software which makes the compliant processes transparent and gives mobile access to critical documents. We understand there is usually a lot of work to be done before you are ready for our software solutions. We really like these pointers for DIY ISO 9001, so wanted to share them.

CREDIT www.oxebridge.com

1.) Avoid “steering committees.” These are invented to offload responsibility of the consultant, or internal ISO guy, onto a group of people who he can later blame everything on when it stalls. You’ve heard the joke that a camel is a horse designed by a committee. There is no need whatsoever for a steering committee unless you are implementing ISO 9001 in an organisation with thousands of employees over many, many sites. These committees inevitably slow the process down. Instead, assign the roles to a few key individuals, and have sign off responsibility for procedures and tools per my next suggestion, # 2.

2.) Don’t have everyone sign off documents. Have ONE key subject matter expert (SME) or top manager sign off on top-level procedures, and only a ONE SME sign off on anything of a lower level. As soon as you add a second signature, you invite delay, disagreement, egos, and trouble.

3.) Read the standard and interpret it how you see fit for your organisation. You can listen to, but not rely solely, on the experiences of others from other companies. How they did it at AirBus isn’t going to be useful if your company only has ten employees. Keep it simple, keep it customised, keep it organic to your company and its philosophy. If your intent is to get the company certified later, then make the certification auditor understand your interpretation.

4.) Avoid document numbering. Not required by the standard, and it only increases the chances of non-conformities due to mis-typed references to numbers, and makes for a hellish editing experience if you ever change a number. Refer to documents by titles. After all, you don’t buy a book at the book store by ISBN number.

5.) Keep tools simple. Document control can be done entirely in your computer’s operating system without buying any third party software. Calibration can be managed with a simple spreadsheet. Record control can be a simple table written in Word. The approved vendor list probably already resides in your accounting software.

6.) Enforce quick approval of documents. The biggest delay in any implementation is the document approver(s) dragging their feet. Have top management force the issue. If it takes more than a few days to get a document approved, something is really wrong.

7.) Develop your program, and procedures, based upon what you do NOW. Then fill in the gaps or change things only where they clearly conflict with the standard. Don’t reinvent fire.

8.) Avoid the temptation to improve the entire company as a part of your ISO 9001 implementation. I’ve seen downtrodden quality guys try to use ISO 9001 as a hammer to “finally get what I’ve wanted for years” and try to pin everything on the certification, as a threat to management. “If you don’t buy me a new CMM, the auditor will flunk the company!” ISO 9001 provides for improvement, you don’t have to have a perfect company in order to implement it from the start.

9.) Don’t use boilerplate documents you buy online. Yes, the temptation for this easy approach is very strong. Yes, the sales guys for these sham products will tell you anything. Giving you my experience as both a consultant AND an auditor for registrars, I can assure you that using boilerplate documents will cause nothing but problems. If your intent is to certify the company, this will likely cause major non-conformities. I’ve spent weeks trying to clean up companies that used these things, and it just added a huge amount of time and expense. This sounds counter-intuitive, but It is FASTER and CHEAPER to write custom documents that suit your unique organization than it is to cut and paste your company name over someone’s generic procedure. (If you really must use a template kit, download our free one. Yes, template kits suck, but free ones suck less.)

10) If you hire a consultant, make sure he or she doesn’t suggest doing any of the things I just warned you about. If you are vetting consultants and they mention “steering committee”, remember rule # 1, and don’t sign the contract. Bad consultants make money by padding their contracts and intentionally stretching out the time for implementation, because they don’t have other clients waiting to fill their calendars. Don’t buy into consultants who make claims of “guarantees” for certification (if certification is your goal) as it usually means they are (a) neophytes who don’t know that nothing during an ISO 9001 audit is guaranteed, or (b) they have a “backdoor deal” with a specific registration auditor who has promised them a favorable audit in exchange for leads (as soon as the registrar sends a different auditor, you are hosed.) A good consultant can work quickly and efficiently, reducing your costs. Anyone who says otherwise is scamming you. After this, the original poster asked about buying a pre-assessment from a registrar, so an 11th point was added:

11) Don’t buy a pre-assessment audit from your registrar. I can do that for you for free, right now: “Your organisation does not comply with ISO 9001. Please implement it.” There, I just saved you a few thousand dollars! Pre-assessments are a waste of time and money (again, the auditors out there will disagree with me, but I’ve been on the Advisory Boards of two registrars and can tell you, even they know it’s a scam.) You shouldn’t audit anything until you have your system almost fully implemented. Then conduct a round of *internal* audits, which you have to do anyway to comply with the standard, and use that to identify remaining gaps.