Four levels of Documentation

The documents required or suggested by the ISO 9001:2000 series can be split into a 4 level hierarchy:

Level 1 – Quality Manual (why)

Overview of the company and its products and services; agreement to comply with applicable ISO 9001 requirements; quality policy; system scope; exclusions; organization and responsibilities; sequence and interaction of processes; documented procedures.

Level 2 - Quality Procedures (who, what, when, where)

Describes the who, what when and where of quality processes and interdepartmental controls that address the ISO 9001 requirements; may be in ISO 9001 order or process order; reference lower-level documentation. ISO 9001 mandates six specific procedures.

Level 3 – Work Instructions (how)

Explains details of specific tasks or activities: the how of performing a specific task. This level may include quality plans, work instructions, drawings, flowcharts, workmanship standards, product specifications, machine manuals, etc.

Level 4 – Other Documents

Forms, tags, labels and other documents that prompt the recording of evidence (per levels 1,2 and 3 documentation) of compliance to requirements. Records may be mandatory or implied for each ISO 9001 clause.

Right from the start of ISO 9001:2000, there is a new emphasis on your organization’s quality policy, which simply stated, means the overall intentions and direction of your organization—in terms of quality—as formally expressed by top management.

In the 1994 version of ISO 9001, there was a requirement for a quality policy with stated quality objectives. But frankly, that policy was something that often was simply placed on the lobby wall of an organization, without much meaning to those interested parties. It was audited against, but it wasn’t a living document.

The new standard focuses on the objectives of the quality management system and its policy, and more importantly, how it aligns with the overall objectives of your business and the objectives of your customers. This also aligns more with the language of ISO 9001:2000’s sister standard, ISO 14001, on environmental management systems.

Clause 4.2.1 lays out exactly what needs to be documented:

• Documented statements of a quality policy (5.3) and quality objectives (5.4.1)

• A quality manual (4.2.2)
• Documented procedures that are required by ISO 9001:2000
• Documents needed by the organization to ensure the effective planning, operation and control of its processes
• Records required by ISO 9001:2000

As for documented procedures, the new standard has six that must be included in your management system. Those six documented procedures are:

• 4.2.3—Control of Documents
• 4.2.4—Control of Records
• 8.2.2—Internal Audit
• 8.3—Control of Nonconforming Product
• 8.5.2—Corrective Action
• 8.5.3—Preventive Action

Although these requirements are key, these six documented procedures are the minimum, and it may be necessary to retain or write other procedures to ensure effective operation of the quality management system. For example, you may wish to look at design, control of monitoring and measurement devices, and other areas, depending on the organization.

Of course, there still must be ‘defined’ processes addressing the other requirements. These other processes may or may not be documented, depending on whether the organization needs the documents for effective planning, operation and control of its quality management system. (Organizations should note Sub-clause 4.2.1.d concerning other necessary documents.)

There are other issues that you should consider during the documentation phase as well. For example, ISO 9004:2000 suggests that you should satisfy the ‘contractual, statutory and regulatory requirements, and the needs and expectations of customers and other interested parties’ concerning the nature and extent of the documentation. This means that items such as contracts, standards used by the organization, applicable regulations and other information regarding the needs of your stakeholders should be considered.

But remember that the ISO 9001:2000 standard is designed to be flexible and it encourages innovation. It stresses that there is no ‘correct’ way regarding documentation. Rather, it notes that the extent of the documentation will vary between organizations, depending on the size and scope of the organization, the complexity of the processes and their interactions and the competency of the personnel. Concerning the last point, for example, if you have an employee who has been doing the same job very well for the past 30 years, that person doesn’t need a lot of paperwork explaining his or her daily activities.