ISO 9001: 2000 Quality Management System Design
|
4.1 Overview of Documentation Requirements
4.1.1 Introduction
In Part 1, our goal was to create an organizationwide, business-oriented QMS, in which the financial and quality objectives were transparent. The QMS was to be based on the canonical set of ISO 9000 texts (i.e., ISO 9000:2000, ISO 9001:2000 (the Standard), and ISO 9004:2000).
It is now necessary to establish the key components of an effective QMS in terms of the Standard's documentation requirements, both from a mandatory basis and an implied overall effective hierarchy of documentation. In this regard, all documentation requirements (SHALLS) are to be addressed. Of prime importance are the mandatory documentation requirements, summarized in Section 4.1. These requirements are explicitly required by the Standard and form the umbrella under which all the other documents are contained.
To accomplish this, it is necessary first to categorize the several sets of documentation needed to produce a fully compliant and effective QMS. The four key sets are as follows:
-
The Standard's mandatory documentation;
-
The Standard's implied documentation;
-
The registrar's required documentation;
-
Required regulatory (compliance) documentation.
Whereas the Standard's mandatory documentation is defined by the Standard's SHALLS, there is considerable disagreement over what constitutes the various other required documents.
4.1.2 Recommended Documentation Taxonomy
The so-called ISO 9000 tiers (hierarchal levels of information) originated out of industrial-military requirements and have become a de facto standard because of their usefulness. The most common set of tier documents observed consists of the quality manual as tier I, SOPs as tier II, work instructions as tier III, and records as tier IV.
This set of tiers used by many writers in ISO 9001:1994 documentation systems has caused some confusion because forms were normally either missed or mixed in with records, even though form is a valid taxonomy term. By contrast, records are filled-in forms and can exist at any level of the documentation system. In fact forms, as structure, represent the lowest level of information flow and should be placed at the lowest level in the hierarchy. In addition, SOPs and work instructions are classified as different levels of documentation even though they are both procedures.
To complicate the matter further, SOPs are actually written in the form of both policy and process rather than procedure, as a procedure tells an individual how to do a specific task and is not meant to define a complex flow of information between functions. Unfortunately, the term procedure is still used in the Standard to include the description of a process, and so the confusion continues. A dictionary on this subject will not help because terms such as process and procedure are thrown together in a hodge-podge of equivalency. Something much more useful must be done to define an effective documentation taxonomy.
For the sake of clarity—which may be ephemeral—a process, as defined by the Standard's vocabulary, is meant to describe how a set of inputs is transformed into a set of outputs. The process moves through various phases until the activity results in a specified output.
On the other hand, to clearly differentiate between the defined process terminology, it is necessary to place a more constrictive use on the term procedure. For our purposes, a procedure describes the manner in which specific input activity, transformation activity, or output activity is accomplished. It is a subset of the process and is taken in steps that result in the completion of a specific activity (e.g., the Internal Audit Procedure describes the steps taken to carry out an internal audit, the In-House Calibration Work Instruction describes the steps needed to calibrate micrometers using a secondary Standard such as a gage block set, and a Power Supply Test Plan describes the steps needed to test out a power supply unit under robust conditions).
By contrast, for example, the Audit Process includes the previously described Audit Procedure plus all of the supplemental audit activities. Such activities include audit responsibility and authority, audit plans, audit training, audit corrective action protocols, audits of suppliers, audits by the registrar or regulatory agencies (e.g., FDA, notified bodies), and audit reviews by top management.
|