ISO 9001 series, Part 3: The Process Approach in ISO 9001:2015

The updates in ISO 9001:2015 will bring a renewed emphasis on the process approach. If you’re not entirely sure what that involves, you’re not alone. Despite its introduction to the standard as far back as 2004, evidence suggests that it is still not well understood.

While the details may seem unfamiliar, the process approach is actually a core driver of ISO audits and the concept behind it is noticeably intuitive. To ensure compliance with ISO 9001:2015, organisations will be focusing on it, and auditors need to have the knowledge and skills ready to assess how organisations are implementing it.

Fundamentally, management systems employ a process approach, which is itself a compliance system. It ensures the proper procedures and their interrelations are mapped out, spelling out audit trails that can be followed sequentially.

By definition, a process is a set of interrelated or interacting activities, which transform inputs into outputs. However, the scope of what a process can be is huge, and each process will vary in its size, importance and the way it interacts with other processes in the quality management system. Some processes will be relatively simple and may have one or two input-output relationships, while others will be complex and could have more.

Consequently, there may be some disparity between organsiations and auditors about what constitutes a process and how they should be documented. This will hopefully be addressed by retraining auditors to ensure their competence to audit against the modified standard.

In the past, organisations have tackled ISO’s process approach tentatively. While the standard’s broad definitions of ‘process’ and ‘outputs’ give organisations more control over how they define their process approach, the overall task can seem quite daunting.

Auditors need to be aware that each organisation will define and document their processes differently. In that respect, they should audit in accordance with the organisation, not enforce the standard with rigid adherence.

An audit should flow with the organisation, not compartmentalise each aspect of its operations with disregard to how these operations interact. A pedantic audit will experience a disconnection between the standard and the reality of managing all the processes of an organisation. Auditors should focus on how processes work and how they link together, not whether or not a business is following a clause word for word.

Integral to this is a good knowledge of each department that makes up an organisation. IRCA Certificated QMS Lead Auditor and Qualsys Partner, Colin Partington, underscores its importance:

“The purpose of each department needs to be understood. It’s essential. There is not enough understanding of the consequences that ripple out from one department being poor. For example, if the purchasing department were cutting corners by sourcing poor quality resources, it affects the entire production process.

ISO 9001:2015’s renewed emphasis on the process approach encourages horizontal management, crossing barriers between different functional units and unifying their focus to help achieve the main goals of the organisation. Fortunately, this will assist auditors in evaluating the effectiveness of each department and benefiting the entire auditing process.”

Organisations can use a Plan-Do-Check-Act (PDCA) model to manage their processes and guarantee that they are being evaluated. A clearly defined and well documented process based quality management system (QMS) makes the auditing process easier for all parties. The new emphasis on the process approach encourages organisations to be proactive rather than reactive so they can identify their most important processes. Ensuring that they are efficient, effective and making improvements where necessary.

Ultimately, auditors should be looking at the effectiveness of processes over exact compliance to procedure. This is in line with PDCA, which forms a basis for the process approach to begin with. A process approach is the best way to manage a QMS, not just in terms of the audit process, but as a business strategy in general. Auditors and organsiations alike should remember that the process approach is being emphasised because fundamentally, it makes sense.

Authored by Ben Saxton, Business Development Manager and Alastair Atcheson, Digital Marketing Executive at Qualsys.

One thought on “ISO 9001 series, Part 3: The Process Approach in ISO 9001:2015

  1. PaulS

    Firstly it is great to continue to debate the next edition of ISO 9001. It is, however, disappointing the blog post wasn’t checked before it went out. As is often the case a really strong message may be lost for people who don’t read beyond the first paragraph because of errors. The process approach was at the heart of the 2000 edition of ISO 9001 and featured strongly in the lead up to publication.

    I’d agree that the process approach is not well understood and that it is important for audit but surely the message here is that it is much more important as a consideration for those designing and implementing quality management systems. Or have we again put the ‘audit’ cart before the ‘quality’ horse? One of the difficulties in discussing this is that we often assume that, just because organisations operate processes, that means they understand the process approach – often not the case.

    I don’t agree that the range of organization size and complexity necessarily leads to a difference of opinion between an organization putting themselves up for certification and their third party auditor. There is a competence issue in being able to assess organisations of different sizes and market sectors but that has always been the case. Bearing in mind the IAF guidance on transition to the 2015 edition does not mandate any additional auditor training we are reliant on existing controls to ensure the assessment process is effective, or for CBs to read the writing on the walls and ensure auditor competence to the 2015 edition including all the ‘old’ concepts such as process approach, if only for reasons of self-preservation.

    The authors are right that implementing a good process based quality management system is a daunting task – that has always been the case – in the same way that anything worthwhile involves hard work.
    As a final comment for the debate I don’t agree that the link between clear documentation of processes will make the difference here. The key to getting the benefits to making the transition to the 2015 edition of ISO 9001 is the same as for the 2000 edition – effective process management using the process approach. Whether documented or not, those implementing processes need to understand what makes them tick and put in place controls to maximize opportunities, manage risks and continue to improve.


Leave a Reply

Your email address will not be published. Required fields are marked *