How to control processes

Load and Loads of Documentation!!

There is a common misconception that to meet the requirements of ISO9001 you need to document in procedures how everything is done. Not so. ISO9001: 2008 requires only 6 documented procedures, which are;

  • Control of documents –including quality manual, procedures, published standards
  • Control of records – the records produced by the Quality Management System.
  • Internal audit – a formalised review of the Quality Management System.
  • Control of Nonconforming Product – how nonconforming product is controlled and corrected.
  • Corrective Action – action taken to prevent non-conformance from recurring including customer complaints.
  • Preventive Action – action taken to prevent potential non-conformances.

It is permissible to have an ISO9001 Quality System with these 6 and no others.

However, management need to plan how to control other processes to ensure that they achieve what is required of them. Control will be by a mixture of;

  • defining responsibilities,
  • ensuring staff have the necessary skills, training, expertise for their tasks
  • introducing documentation where necessary including procedures, work instructions, forms.
  • use of suitable equipment including machinery, computer hardware and software, measuring equipment
  • adopting statistical techniques.


Controls already in place

When planning an ISO9001 Quality System it is worth considering that current processes are already controlled in some manner otherwise how does an organisation ensure that products and services meet customer requirements. It does not happen by chance.

An organisation needs to recognise that processes are already controlled to some extent but that control can be improved upon.