When Your ISO 9001 Auditor Calls it a Weasel Word

Some ISO 9001 auditors dislike so-called "weasel words" when used in your QMS procedures. For example:

• may

• typically

• generally

• as necessary

• as applicable

  
  

However, the ISO 9001 standard explicitly and intentionally distinguishes the strength, intent, and meaning of certain words.

ISO 9001, Clause 0.1 defines the following:

• shall = requirement

• should = recommendation

• may = permission

• can = possibility or capability

  
  

This hierarchy matters. The authors of ISO 9001 realized that real businesses, like yours, operate in the real world. If ISO 9001 doesn’t say you shall do something, your procedure doesn’t have to say you will either. Being overly specific creates rigid, high-maintenance documents that force workarounds and invite nonconformities when reality refuses to fit the script.

A practical small business ISO 9001 procedure matches the word used to the risk, intent, value added, and variability needed.

• Use "shall" when the clause, regulation, customer requirement, or business risk demands it.

• Use "should" for preferred defaults, and add conditions (e.g., “should be performed unless X”).

• Use "may" or "can" to allow options by naming the decision-maker and the justification (e.g., who approves, what gets recorded).

• Use "as applicable" when sometimes it matters and sometimes it doesn't.

  
  

Good auditors differentiate deceptive ambiguity from purposeful discretion. The question isn’t, "are these weasel words?” The auditor's question should be, "is the process effectively controlled and capable of producing conforming outputs?”

When your words reflect the standard's intent and meet your needs, you preserve usability and flexibility without sacrificing conformance. Sometimes "may" or "can" or "might" is exactly what ISO intended and exactly what your business needs, and nothing more.

If your auditor has a problem with "should," then let's talk. Shall we?