The updates in ISO 9001:2015 will bring a renewed emphasis on the process approach. If you’re not entirely sure what that involves, you’re not alone. Despite its introduction to the standard as far back as 2004, evidence suggests that it is still not well understood.
While the details may seem unfamiliar, the process approach is actually a core driver of ISO audits and the concept behind it is noticeably intuitive. To ensure compliance with ISO 9001:2015, organisations will be focusing on it, and auditors need to have the knowledge and skills ready to assess how organisations are implementing it.
Fundamentally, management systems employ a process approach, which is itself a compliance system. It ensures the proper procedures and their interrelations are mapped out, spelling out audit trails that can be followed sequentially.
By definition, a process is a set of interrelated or interacting activities, which transform inputs into outputs. However, the scope of what a process can be is huge, and each process will vary in its size, importance and the way it interacts with other processes in the quality management system. Some processes will be relatively simple and may have one or two input-output relationships, while others will be complex and could have more.
Consequently, there may be some disparity between organsiations and auditors about what constitutes a process and how they should be documented. This will hopefully be addressed by retraining auditors to ensure their competence to audit against the modified standard.
In the past, organisations have tackled ISO’s process approach tentatively. While the standard’s broad definitions of ‘process’ and ‘outputs’ give organisations more control over how they define their process approach, the overall task can seem quite daunting.
Auditors need to be aware that each organisation will define and document their processes differently. In that respect, they should audit in accordance with the organisation, not enforce the standard with rigid adherence.
An audit should flow with the organisation, not compartmentalise each aspect of its operations with disregard to how these operations interact. A pedantic audit will experience a disconnection between the standard and the reality of managing all the processes of an organisation. Auditors should focus on how processes work and how they link together, not whether or not a business is following a clause word for word.
Integral to this is a good knowledge of each department that makes up an organisation. IRCA Certificated QMS Lead Auditor and Qualsys Partner, Colin Partington, underscores its importance:
“The purpose of each department needs to be understood. It’s essential. There is not enough understanding of the consequences that ripple out from one department being poor. For example, if the purchasing department were cutting corners by sourcing poor quality resources, it affects the entire production process.
ISO 9001:2015’s renewed emphasis on the process approach encourages horizontal management, crossing barriers between different functional units and unifying their focus to help achieve the main goals of the organisation. Fortunately, this will assist auditors in evaluating the effectiveness of each department and benefiting the entire auditing process.”
Organisations can use a Plan-Do-Check-Act (PDCA) model to manage their processes and guarantee that they are being evaluated. A clearly defined and well documented process based quality management system (QMS) makes the auditing process easier for all parties. The new emphasis on the process approach encourages organisations to be proactive rather than reactive so they can identify their most important processes. Ensuring that they are efficient, effective and making improvements where necessary.
Ultimately, auditors should be looking at the effectiveness of processes over exact compliance to procedure. This is in line with PDCA, which forms a basis for the process approach to begin with. A process approach is the best way to manage a QMS, not just in terms of the audit process, but as a business strategy in general. Auditors and organsiations alike should remember that the process approach is being emphasised because fundamentally, it makes sense.
Authored by Ben Saxton, Business Development Manager and Alastair Atcheson, Digital Marketing Executive at Qualsys.