Work Instructions and Audits

Chart, graph, sampling, plan, calculation, z1.4


Regarding ISO 9001: 2008 (or 2015) auditing, I have always been trained that a work instruction when implemented as supporting the QMS can be audited as it is supporting the effectiveness of the QMS. I was recently told by a business owner that not only is that not true, he does not have to show me his work instruction.  I would like to reply with a clear technical response. Can anyone share their view on this?


Thank you for your question.   Of course you know you’re right.  It sounds like you have a major nonconformance against Clause 5.1 on your hands.

Denis Devos
A Fellow of the American Society for Quality
Devos Associates Inc.
(519) 476-8951

ISO 9001:2015 clause 7.5.1b states the following :
The organization’s quality management system shall include: documented information determined by the organization as being necessary for the effectiveness of the quality management system/

 Documented information includes both procedures and records see appendix A.3 (Documented information). 

 Since the work instructions are supporting the QMS, it is part part of the QMS, and can be audited as part of both the internal audit and external audit.  It appears that part of the confusion may be caused by a lack of understanding of the new term “documented information.”

John G. Surak, PhD
– Providing food safety and quality solutions –
tel: 1-864-506-2190
skype:  john.surak
A member of Stratecon International Consultants

Transition to ISO 9001: 2015


We are in the process of reviewing our policies and procedures to be compliant with the ISO 9001: 2015 standard. When converting from ISO 9001: 2008 to ISO 9001: 2015, how should the version control be handled? Should we start at 0 again or move on to the next number?


I would recommend that the site does not re-number the revisions to zero.  The revision number should be used only for new procedures.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants

ISO Certification and Suppliers

Mr. Pareto Head and Supply Chain comic strip


I work for a small family company that purchases items and potentially processes or packages them into heat protection materials. One of my existing customers is asking for ISO certification for some materials that I will sell to them. The material I’m trying to sell him comes from my supplier who is ISO 9001 certified, but my company is not. How can I show my customer that my supplier is ISO certified without the customer knowing who my supplier is?


The company is doing a value added process, and not a distributor.  As a result, if the customer is demanding ISO 9001 certification from the company, they need to make the decision, do they want to do business with the company? If so they need to pursue certification. If they do not want to pursue certification, they should tell the customer they do not want to pursue certification.  The customer can make the decision whether they will purchase product from the company.  I have had an experience where I did not want to do an audit with a company.  We told the customer, we will not do it.  The customer responded and came back with a reasonable proposal.  They wanted the business.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants

First, ISO certification is for a company’s quality management system, not for particular materials.  I would let the customer know, on company letter head, that:  “We certify that the materials we purchased are from ISO 9001 certified suppliers only.  The name of these suppliers is company confidential.”

James D. Werner
Principal Consultant
Medical Device Quality Compliance, LLC

FDA regulation for food and beverage labels

Q: I have been asked to do a quality audit of a label manufacturer whose products are used on beverages and food packaging. They are currently asking to be audited using 21CFR211 (pharmaceuticals). Is there another standard that is more appropriate for their product?

A: 21CFR211 is the FDA regulation for cGMP for finished pharmaceuticals. This regulation does not apply to the labeling of food and beverages. The proper FDA regulation is 21CFR101. I suggest that you first start on the FDA web page on food labeling and nutrition.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants

Related Resources: 

Browse the free, open access content below, or find more in the ASQ Knowledge Center.

Can Do: An effective overseas food-safety audit is possible—if you know what to expect,” Quality Progress

The challenges inherent in food-safety audits become more problematic when foreign suppliers are targeted. Language and social barriers, as well as varying compliance requirements, are the biggest hurdles. With a careful plan and an emphasis on keeping things simple, auditors can overcome the challenges. Read more.

Kano’s Theory of Attractive Quality and Packaging,” Quality Management Journal

The role of consumer products packaging has moved beyond that of merely protecting the contents to a more vital role as a marketing vehicle. This raises the issue of how packaging should be designed to relay an association with high quality to the consumer. An empirical investigation based on Kano’s theory of attractive quality was conducted to determine how 24 quality attributes of packages are perceived by customers. Read more.

Explore the ASQ Knowledge Center for more case studies, articles, benchmarking reports, and more.

Browse articles from ASQ magazines and journals here.

Integrating ISO 22000, ISO 14001

Food safety testing, lab, standards

Q: In a food manufacturing company, with certifications to ISO 22000:2005 Food safety management systems — Requirements for any organization in the food chain as well as ISO 14001-2004: Environmental management systems – Requirements with guidance for use, the certification to ISO 22000 allows the company to operate with exemption from the Food Act. The exemption from Food Act determines that the organization has a permit to use its physical premises to indulge in industrial activity involving consumable food products.

Now, this permit is issued with certain conditions — e.g., regular updates to the issuing authority regarding changes to to the food safety plan. We view this requirement as a legal requirement.

My question is, would we use the legal register developed as part of ISO 14000 as the tool to manage the compliance to the above legal requirements? Doubt arises because the legal requirement addresses a condition imposed by the food safety system, but at the same time, if it is not complied with we could lose our license to operate (which I could interpret as an environmental aspect…license to exist).

Could someone kindly advise what they would consider to be a logical option?

Response from Susan Briggs:

A: I am not a food safety expert, so I  cannot give an opinion on whether or not using a register/process established for environmental regulations can be used for tracking food safety regulatory requirements.  But from the ISO 14001 perspective, and my professional opinion, the answer is “of course!.”

The intent of management system standards  — certainly all of the ones I have worked with– is to integrate the processes that are required by a standard (whether it be ISO 14001, ISO 22000, etc.) into the company’s business management process (i.e., a single process that is used to track all of the company’s legal obligations…environment, safety, finance, food safety, etc.), not to create stove piped processes (i.e., separate processes/systems for tracking depending on the nature of the regulation).

Susan Briggs
Director of Environment, Health and Safety, Textron Systems
Wilmington, MA
Chair, U.S. TAG to ISO/TC 207 on Environmental Management Systems

Response from John Surak:

A: I am not sure what is meant by the term “exemption from the Food Act.”  ISO 22000 requires that the organization meet all of the legal requirements of the country  in which the site is located.  In addition, if the organization is exporting food, they must meet all of the legal requirements of the target company.  ISO 22000 was developed to be compatible with the other ISO management system standards.  Therefore, it is fully permissible to develop an integrated management system as long as the management system meets the requirements of each standard and regulatory requirements.  I personally support the development of an integrated management system.  Sue conveyed this thought very well in her response.

Just one additional note, if the organization’s customers expect that the organization has a food safety management system that meets the requirements of Global Food Safety Initiative (GFSI), then the organization should seek registration to FSSC 22000 rather than ISO 22000.  FSSC 22000 is a food safety audit scheme that utilizes ISO 22000 and ISO 22002-1.

John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants

Read more about integrating standards with ASQ publications:

Explore more using the ASQ Knowledge Center search.