ISO 9001:2008 Evidence of Conformity

Checklist, Conformity, Go/No Go

ISO 9001:2008 states in 8.2.4 Monitoring and measurement of product:  “Evidence of conformity with the acceptance criteria shall be maintained.”

When our plan identifies periodic inspections, variable or attribute, are performed, how can we show evidence without recording the specific results obtained during the inspection?

Thanks for contacting ASQ’s Ask the Experts Program.  With regard to your question, please note that the primary intent of ISO 9001:2008, clause 8.2.4 is to ensure that the organization has established acceptance criteria and that a record is maintained to verify that product requirements have been met.  This verification can be performed by documenting the results of actual measurements taken onto a spreadsheet, shop router, traveler, quality plan or other suitable means.

Another approach could be the use of a “Go” “No Go” gauge and a checklist to record inspection measurement results as pass or fail.  There are many different ways of maintaining a record of inspection results.  However, regardless of how measurements are taken, their results must be documented to provide evidence of conformance.  Unless a record is maintained, there is no evidence that the inspection ever happened or that the product meets defined requirements.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX

ISO 9001 Training Requirements

Reviewing confidential files, training records, human resources files

Are there specific training requirements for professionals (i.e. university graduates) in respect to ISO 9001: 2008?  Are there any specific records that need to be kept on these individuals?


Good Morning,

This is an interesting question as it can be perceived as simple and that a short answer would be sufficient.  However, in the interest of ensuring a ‘full’ answer, I will mention a few things about:

  • Qualifications
  • Records

Let’s begin with qualifications. You asked if there are specific training requirements in respect to ISO 9001: 2008. I will give you a yes/no answer. To be more specific, YES; everyone in an organization pursuing ISO compliance needs to be trained regarding their individual responsibilities. (See 6.2.2 Competence, training and awareness)  This includes ensuring they are “aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives” (6.2.2d).  6.2.2e follows by saying you must “maintain appropriate records of education, training, skills and experience.”
I recommend that you read that entire clause and take note of the fact that it begins with “The organization shall”.

As for the Records, keep in mind that these are relatively normal Human Resources records. For example; if you have a machinist on your team, you would have records showing what schooling and/or training he/she has had to qualify for that position. That would also show what they can do in helping the team toward compliance.

Note it says in 6.2.2b that you are to provide training where necessary. For example; Someone completely new to the ISO standards would need to be made familiar with them and with their responsibilities. You would, of course, have records of such training.

Now, about the word “professionals” in your question.  I am guessing that you are referring to your Quality Assurance (QA) or Quality Control (QC) personnel as well as the Management Representative (MR).

Section 5.5.2 of ISO 9001:2008 make it more than clear what the responsibilities of the MR. There is a lot there. However, the single requirement stated there is that your MR ‘shall’ be a member of the organization’s management. That is because this person must be able to make decisions, apply resources, and generate necessary changes in the company with reference to the QMS. They must also be in a position to let Top Management know where the company stands in quality and what, if anything, needs to be revised.

I personally would recommend that any/all individuals you have in a position of Inspector be required to complete the study and training necessary to pass the exam for ASQ Certified Quality Inspector. It would be beneficial for your MR to acquire certification via ASQ as a Certified Quality Technician. These are not ISO requirements. However, the study and/or training for such would help them to be better prepared and qualified to lead your team to successful ISO 9001:2008 compliance.

Thank you for contacting ASQ with your questions.

Bud Salsbury
ASQ Senior Member, CQT, CQI

For more on this topic, please visit ASQ’s website.

ISO 9001:2008 Requirement for Control and Monitoring of Measurement Equipment

Chemistry, micro testing, chemical analysis, sampling


I am trying to clearly understand the  ISO 9001:2008 requirement for Control and Monitoring of Measurement Equipment.  My question:

If a measurement equipment like a Karl Fisher Titrator or pH meter which is calibrated by the user with a known standard traceable to an international standard, then does the unit itself require to be periodically sent to a third party for calibration?  It is not clear to me.  In the past I have received a finding for not doing so.  As I read the standard it is not clear.  Can you provide exactly the clause and reference statement that would indicate and clarify its meaning.


Your question leads me to believe there was a valid reason for the finding you received. Calibration of a Karl Fischer Electrometric Titration unit is more of a validation and adjustment. That is, in one common practice, you use sodium tartrate dehydrate in a very fine powder form, along with other substances and follow all the steps of calibration.  However, (this is why sending your unit to a third party becomes necessary), you cannot be certain your unit is reading accurately if it hasn’t had a certified calibration by a third party. Example: Is the water equivalent (WE) of the titrant (Karl Fischer reagent or titrating solution) based on accurate calculations?

If you have a known standard which is traceable to national standards which you can use as a comparator, you might be able to set your recalibration periods fairly far apart. This would of course save you money. Nonetheless, unless you can show traceability of your Karl Fischer system, you are not compliant with the standard.

That was a good question and I hope this will help.

Bud Salsbury, CQT, CQI

For more on this topic, please visit ASQ’s website.

ISO 9001 Quality Manual

ISO documentation practices, requirements

Q: My small company is forcing me in the direction of using flowcharts to specify ISO standards. With their many branch statements, they are convoluted and confusing. I prefer plain, simple English. But my question is: is it ok to use flowcharts to specify ISO 9001 standards?

A: Actually, as long as you do not intend to become registered (also called certified), you can – and probably should – implement the ISO 9001:2008 Quality management systems–Requirements standard any way you want! I happen to like flowcharts, as long as they are limited to one page and fewer than a dozen boxes.

But if you intend to become registered, the registrar you choose will always require you to explain how you are implementing the concepts contained in ISO 9001.  Most firms choose to call this explanation document a quality manual. You do not repeat the words in the ISO 9001, rather you say how you intend to implement the concepts locally. A manual should be site-specific and about 50-60 pages. Some have written them in 20 pages.

Once you have the framework (manual) in place for the system, then you need to write procedures for the processes. Remember, procedures are job performance aids for an already-trained and qualified person. They should be about five to six pages, since the individual already knows how to perform the tasks.

The powers that be in your company want these procedures to be in the form of flowcharts. That’s OK, as long as you have explained this in your manual. The registration company accepts your manual before they ever send an auditor to your site. If they have accepted your description of flowcharts instead of procedures, then the auditor must accept that approach.

The whole point is to provide information to the person doing the job in a way that is useful. Written standard operating procedures (SOPs), or flowcharts, or pictures. It is the implementation that matters.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA

For more on this topic, please visit ASQ’s website.

ISO 9001 Procedure Vs. Process

Mr. Pareto Head and procedures

Q: I‘m seeking clarity and advice on a recent incident  I was informed about.

An organization I am very familiar with and is fully certified to ISO 9001:2008 Quality management systems–Requirements (with no exemptions) recently had a new external auditor come in to conduct a certification audit.

While continued certification was recommended, a number of small areas of concern were noted.

I understand that most of the recommendations will improve the system, but one recommendation has caused me some concern.

A bit of history of the QMS of this organization:

This company originally gained certification under ISO 9001:2000 and has transitioned to ISO 9001:2008.  They have a very robust quality management system (QMS), have clearly identified their processes, and have mapped their procedures to these various processes.  They have implemented a rigorous internal audit program which has targeted these procedures and their interrelationship with the various processes.

My problem is that the report for this recent certification audit stated that under 8.2.2 of the standard, in order to ‘gain’ full certification to ISO 9001:2008, they have to conduct process audits rather than procedural audits, or their certification could be at risk.  This has caused some angst with senior management, as their previous certification body was happy with their implementation of the standard.

8.2.2 b: Internal audit

“An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited…”

I can see no mandatory requirement in 8.2.2 to support the statement that process audits have precedent over procedural audits as long as the status and importance of the processes are taken into consideration.

My understanding would be that the requirements of 8.2.2 would be met if the organization’s processes are clearly identified and its procedures and their interrelationships are mapped to the processes and it can be clearly identified during the audit that process requirements are being addressed with the procedures.

Obviously if it can be shown that the processes are not adequately covered, then that must be addressed. But I do not believe this is the case here.

Your advice would be greatly appreciated.

A: I hope to answer your questions about process vs. procedure  in ISO 9001:2008. I will offer several different definitions.  This is not to confuse you, but to help you see how different people deliver the same message while using different words.

We will begin by trying to recognize just what a procedure is. You can have any number of procedures within a process.  That means, a process requires one or more procedures. You take actions to get results.  The actions you take are your procedures.

I once read it this way on the internet: procedures / actions / activities / work instructions all describe the lowest level of decomposition, i.e.: the procedure cannot be broken down further.

A process is “something going on.” It is a continuing natural or biological activity or function.

A process is a series of actions or operations conducing to an end. It is a continuous operation or treatment, especially in manufacturing.

A procedure is a particular way of accomplishing something. This is also defined as a series of steps in a regular definite order; a traditional or established way of doing things.

While the two could sound similar, they are clearly not the same thing.  A process refers to a series of actions, but does not place a particular order on those actions.

Procedures however, are focused on steps, order and instruction. As the author Mark McGregor once wrote, “We can see that while a process may contain order, it does not require order to be a process. If we take away the order from procedure, then we don’t have a procedure, but we may still have a process.”

You are not alone in your questioning of this. It is like the ongoing controversy over continual vs. continuous in the quality arena.  However, the distinction between a process and a procedure should be more clear to you after reading above.

Now, let’s consider why. Why is 8.2.2 worded the way it is?  I think the most simple way to put it is this: in the past, it was not uncommon for internal audit teams to concentrate on element auditing. That is, they audited the verbiage of the documented procedures to see if they complied with that of the standard.

Each individual company has their own processes.  It is through those processes, those actions, that you would comply with the intent of the standard.  The value of controlling and improving on those processes is reflected in your audits.

Input -> Process -> Output

So, it does not matter how you word things. The product audit (or service audit) determines if tangible characteristics and attributes of a thing are being met. A process audit determines whether process requirements are being met. During the process audit, the auditor will examine an activity or sequence of activities to verify that inputs, actions, and outputs are in accordance with an established procedure, plan or method.

By now, you have seen a pattern to all the words above.  My intention was not to muddy the waters further, but to help you recognize why so much light has been shined on process activities. To  “do what you say you do” requires having documented procedures and following what they say.  Doing all of this in an efficient and a profitable manner requires process control.

Finally, if you haven’t already done so, I strongly suggest that you acquire a copy of The Process Auditing & Techniques Guide by J.P. Russell.  This is a good guide you can order through ASQ and it can help with setting aside some of your concerns and answer questions.

I hope this has been helpful.

Bud Salsbury
ASQ Senior Member, CQT,CQI

Ask A Librarian