Graphical QMS, documented information, and the audit process

A gQMS will help with internal and external auditing requirements - leading to ISO certification in less time and at a lower cost!

When the auditor says: 'Show me where it says that' in reference to your business processes, wouldn't it be great if you were just a few clicks from the relevant pages and able to summon up the documented information on the spot? The graphical QMS (gQMS) approach makes this possible because it is so much easier to navigate through your processes.

You will then be challenged to 'Prove that this is what happened'. How? Simple: you select the process that is being audited from the flowcharts and menu items and drill down to the evidence in the form of documents and records in your "controlled and maintained" documented information.

Documented information in a ISO 9001:2015 quality system can be in any format and media and from any source. The term as defined (3.11) in the DIS can refer to:

1. The quality management system (3.33), including related processes (3.12);
2. Information (3.50) created in order for the organization (3.01) to operate (documentation);
3. Evidence of results achieved (records).

An interactive gQMS will take you straight to the data that the auditor requires to establish compliance with the ISO 9001:2015 requirements, and show that your processes are effective in achieving quality objectives. The latter involves making detailed judgements, which will be aided by appropriate evidence being made available when and where it is needed.

These days, ISO 9001 auditors are expected to focus issues of "risk, status, and importance". They also need to ask if the particular process that you are showing them is a good one, or if there is a way to improve upon it. Therefore, it is important that the documented information keeps pace with this continual process of review and assessment. With on-screen access to the QMS data, both internal and external auditors will be able to verify that your system is working properly; to find out where it can improve; and to correct or prevent any problems that are identified during the audit. The CogniDox gQMS helps you to highlight the issues affecting quality and takes the auditor, via relevant hyperlinks, to the evidence that shows you are addressing the problems. They can then be confident from your documented information that you have considered the risks and opportunities when defining the rigour and degree of formality needed to plan and control the quality management system, as well as its component processes and activities.

One of the myths about the new version of the standard is that fewer documents will be required. It is important to grasp from the outset that ISO 9001:2015 requires that organizations retain documented information "...to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements. [8.1 Operational Planning and Control, e)].

Even outsourced processes must be controlled in accordance with 8.4 and the results of the evaluations, monitoring of the performance and re-evaluations of the external providers retained as documented information.

How to Build a QMS Your Team Will Actually want to Use

Documented information describing the results of any review of customer requirements, including any new or changed requirements for the products and services, must also be retained; and where there are changes, the organization has to ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements. Documented information from the design and development process must also be retained, again including any changes that are made. When you search for the use of the words "documented information" in the DIS, you find 34 instances in Clauses 4 through 10. The number of occurrences in Clause 8 alone makes for interesting reading and will dispel any notions that ISO 9001:2015 will significantly reduce the total amount of data required to operate a quality system:

8.5.1 Control of production and service provision states that controlled conditions shall include the availability of documented information that defines (a) the characteristics of the products and services; and (b), the availability of documented information that defines the activities to be performed and the results to be achieved. In fact, the requirements set out under Clause 8, including 8.5.2 Identification and traceability, 8.5.6 Control of changes, 8.6 Release of products and services, and 8.7 Control of nonconforming process outputs, products and services will be reassuringly familiar territory for quality professionals, as will the need for what were called "documents and records" in ISO 9001:2008. And as before, the problem of managing all this information in a controlled way and keeping it up to date will still represent a major undertaking. Hence, it could be time to review your options to implement modern document management system technology?

One thing is for sure: an intranet-friendly, web-based based solution with graphical representations of processes and data is more likely to be used than a massive library of documents that no one trusts to be up to date!

Next time: How a gQMS can also help you to sail through your 9001 audit by providing instant access to procedures and evidence from records.

This post was written by Michael Shuff