by Steven Severt
The adage of “do what you say and say what you do” is tossed around so often when talking about ISO 9001 that many people think that the two are synonymous. Somehow, many people who operate a business that either is or is trying to become ISO 9001 certified believe that this statement encompasses a “plain English” summation of the quality management system requirements outlined in the standard.
These requirements, while arguably easy to understand and implement, are a bit more than simply doing what you say and saying what you do.
This might seem like nuance, but the implications of reducing the standard to such a phrase are quite detrimental to what could otherwise be a very robust, well-implemented system.
Trying to track down the origins of this phrase can be quite difficult. It’s even more difficult to understand how it came to be linked to ISO 9001. From would-be gurus, consultants, sales professionals, or just people genuinely concerned with building noble character, countless people have adopted this concept as a guidepost in their life and business dealings.
While it can be quite noble to hold yourself to a standard of meaning what you say and saying what you mean, using this phrase as a guiding principle to achieve ISO 9001 certification might leave you a bit disappointed.
Here’s a potential output of such thinking: “I documented that it was acceptable to send nonconforming product to my customer so long as the operator felt that the workpiece was still functional and, since this is documented in my procedures, it is absolutely acceptable for us to engage in this practice.” Such simplistic phrases are simply blatant attempts to justify sending nonconforming materials to their customers.
There are more problematic and more well-hidden issues that arise from this “do what you say” thinking that completely negate the value of ISO 9001.
The introduction to ISO 9001:2015 states that “shall” indicates a requirement. A search of the word “shall” in the standard yields 136 instances of the word being used, the first of which in the foreword, the next in the General section noted previously, and two instances in the annexes that clarify previous requirements. That leaves 132 instances of the word “shall” being used within the body of the text of ISO 9001, all within auditable clauses to define things that an organization must do to be compliant with ISO 9001’s requirements. That seems like a lot of requirements for a standard that could be summarized by “do what you say.”
If you simply document what you are doing today, how do you know that you have captured all 132 instances in which you are required to do something? How could you possibly guarantee that you are doing all that the standard requires in your business processes and that these items are properly documented?
Are you really considering internal and external issues and interested parties that are relevant to your purpose and strategic direction? Are these items taken into consideration when developing the scope of the quality management system, the quality policy, or when determining risks and opportunities that need to be addressed?
Have you provided and maintained an adequate social, psychological, and physical environment to ensure the continued conformity of products and services?
Have you provided the resources needed to ensure valid and reliable results when monitoring or measuring are used to verify the conformity of products and services? Have you ensured that the resources are suitable for the specific type of monitoring or measuring to be undertaken and that they are maintained for continued fitness for their purpose? Are these items calibrated properly? How do you determine the validity of previous measurements should the equipment be found to be not fit for its intended purpose?
How are you capturing organizational knowledge? Are you addressing changing needs and trends by assessing your current knowledge and determining how to access any necessary additional knowledge?
I could continue asking questions ad nauseum inspired directly from “shall” statements in the standard but doing so will not further illustrate the point: If you are simply documenting what you are currently doing and ensuring that what you are currently doing is documented, you are likely not meeting the requirements of ISO 9001.
I am very sorry to disappoint you.
With 132 instances in which the standard requires you to do or document something, adopting such a philosophy, while grounded in very noble sentiment, will not get you a well-deserved certificate on your wall stating that your quality management system has met all its requirements.
It is your organization that will hurt the most as a result. You will have not benefited from truly understanding and implementing a quality management system as prescribed in ISO 9001, which will rob you of the benefits that could be had in increasing efficiency, customer satisfaction, and profitability.
If you have taken a dismissive look at ISO 9001 and found it to be nothing more than a standard that requires that you “do what you say and say what you do,” you owe it to yourself to take another look. Take the effort to read and understand what the standard requires you to do, and I guarantee that your organization will be better for it.
About the Author
Steven Severt, who writes for isoTracker QMS, is a quality management professional with nearly two decades of experience in the automotive and medical device industries. He has extensive experience launching and supporting manufacturing processes to supply automotive OEMs as well as developing, supporting, and auditing quality management systems that adhere to the requirements of ISO 9001, IATF 16949, ISO 13485, and 21 CFR 820.