ISO 9001 includes specific requirements necessary for the adoption of processes when developing, implementing and improving a management system. This requires your organization to systematically define and manage processes and their interactions so as to achieve the intended results in accordance with both the policy and strategic direction.
Free download - Calibration Process (ISO 9001)
|ISO 9001:2015||ISO 9001:2008||Summary of Changes|
|4.0||Context Of The organization||1.0||Scope||
|4.1||Understanding The organization And Its Context||
|General||This new requirement requires an organization to demonstrate that it understands all internal and external influences that may affect its strategic direction and market position and what effect any changes may have on its future.|
|4.2||Understanding The Needs And Expectations Of Interested Parties||1.1||General||This is a new requirement which requires the organization to determine the boundaries and applicability of the QMS. It also makes reference to 4.1.
There is now a requirement to state the scope in terms of the ‘goods and services’ delivered and the sites of the organization to be included. There is a requirement to document and justify any exclusion from the standard; exclusion must be limited to Clauses 7.1.4 to 8.0.
|4.3||Determining The Scope Of The Quality Management System||1.2||Application||This requirement is comparable to ISO 9001:2008 Clause 4 - Quality Management System and Clause 4.1 – General Requirements. organizations should review their process-based management system to ensure that it captures elements from 4.1 and 4.2.|
|4.4||Quality Management System And Its Processes||4.0||Quality Management System||Process approach – now a stated requirement but the content is largely the same as previous clause 4.1 apart from a requirement to determine the risks to conformity if processes are ineffective.|
Existing operational procedures, work instructions, flow charts, corrective and preventive actions, nonconforming outputs, and nonconformity and corrective action are valid examples of documented information that can be used to evidence the requirement for ‘documented information to support the operation of processes is being met’.
Check that process inputs and outputs are defined and review how each of the processes are sequenced and how they interact. Look for evidence that your organization has:
Your organization should begin using quality indicators to control and monitor issues, and associated risks and opportunities. These types of objective evidence will indicate that your organization has successfully integrated the QMS processes into its business processes.
Evidence may include management reviewing QMS KPI’s as part of regular business reviews, awareness of contractors and employees of the Quality Management Systems' goals and expectations, etc.
When auditing process performance and effectiveness your aim is to continuously improve effectiveness and efficiency.
You should ensure that you prioritize the following:
Key processes are steps that you go through to give the customer what they want, e.g. from order acceptance to design through to delivery.
Whereas support processes do not contribute directly to what the customer wants but do help the key processes to achieve it. Support processes include often human resources, finance, document control, training and facilities maintenance, etc.
A good way to do this is to think about how work-flows through your organization. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in.
For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how the departments interface with each other.
Once you have defined the processes and interfaces; go back to the standard and determine which processes are responsible for meeting which requirements.
When defining your organization’s processes, think about each process and department and assign try to define those processes around the current organizational model and not around the requirements of the standard.
Certification auditors will expect to see a process model that explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as the company chooses, but should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy.
In determining which processes should be documented the organization may wish to consider factors such as:
Customer oriented processes affect or interact with the customer
Support oriented processes support other process:
Management oriented processes are normally conducted by Top Management:
Assessment oriented processes help provide data to determine compliance and process performance:
Outsourced processes must be controlled by the organization and these controls must be defined and described within their system. organizations are required to identify the controls they apply for any outsourced processes.
Your documentation must identify if outsourced processes are applicable. In addition, written documentation on the methods used to control the outsourced processes.
Examples of some outsourced processes are:
These types of processes may be controlled by the purchasing process where a formal contract or purchase order may be the controls. If this is the case, written documentation would be the purchasing documentation and records however; these processes are required to be documented.
If an outsourced process is controlled through purchasing, there must be documented objective evidence to ensure that these processes are being controlled beyond the basic purchasing requirements, which are focused on controlling products not processes.
The organization is responsible to ensure that the outsourced process is meeting the applicable requirements to ISO 9001.
Outsourced processes may be controlled through such methods as, but not limited to:
Ensuring control over outsourced processes does not absolve the organization of the responsibility for conforming to customer, statutory and regulatory requirements.
The type and extent of control to be applied to the outsourced process can be influenced by factors such as:
You should expect to see evidence that your organization has determined their processes and interactions. If your organization calls it a ‘process’, it must be monitored for effectiveness and improved.
The auditor must see evidence that the organization has determined their processes and that the interactions are also defined, all within the Quality Manual.
Subsequently, this includes the actual and technical inputs and outputs of the processes to show their inter-relationship. This requires the description of the interactions between the processes and should include process names, process inputs and process outputs in order define their interactions.
Interaction means how one influences the other.
Auditors commonly agree that the description of the interactions of the processes cannot be done if the processes are not determined (names).
ISO standards dictate the organization is not required to produce system maps, flow charts, lists of processes etc. as evidence to demonstrate that the system processes and their sequence and interactions were determined. Such documents may be used by organizations should they deem them useful, but they are not mandatory for the quality system.
Graphical representation such as flow-charting is perhaps the most easily understandable method for describing the interaction between processes for the Quality Management System (QMS).
Free download - Calibration Process (ISO 9001)
Free download - Customer Complaints & Feedback Process (ISO 9001)
Free download - Customer Satisfaction Process (ISO 9001)
Free download - Product Realization & Planning Process (ISO 9001)
Updated: 26th February 2022
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard