Understanding the Process Approach

Demystifying the ISO 9000 Requirements

What Exactly Is the Process Approach?

Since the year 2000 release of ISO 9000, all ISO certified companies have wrestled with the practical application of the “Process Approach” that was introduced in the current version of the standard. In fact, other than the reduction of the number of “required” (i.e. prescribed) documents, the shift to the Process Approach was the most significant change from older editions of ISO 9000. This struggle has been expressed by a number of common questions:

  1. What exactly is a “process” as required by ISO?
  2. How do we document our processes?
  3. How does the rest of the Quality Management System (QMS) support our processes?
  4. How do we audit using the Process Approach?
  5. What are the Registrar’s auditors really looking for?

If you’ve found yourself asking these or similar questions, or you’ve had other people in your organization ask them and you’ve struggled with a response, then understand that you’re not alone. The continued confusion about this aspect of ISO 9000 stems from the generic language of the standard and the various ways companies have attempted to comply. It hasn’t helped that Registrars seem to have different approaches to interpreting and auditing these requirements. Let’s see if we can take some of the mystery out of this for those of us trying to make ISO add value to our businesses on a day-to-day basis.

A Simple Explanation

From the language of the ISO 9000 standard itself, the “process approach” is described as:

“The application of a system of processes within an organization, together with the identification and interaction of these processes, and their management” (ref. section 0.2).

Let’s put that into simpler terms. The process approach means that you improve your business by managing and improving certain key business processes that directly impact your ability to serve your customer. Since your business processes are basically “how you get things done”, by improving these processes you improve your company’s ability to meet customer requirements. Gains made by improving your key processes pay dividends today and in the future as your QMS drives meaningful improvement in your business.

So, that takes the focus of your ISO efforts off of “getting ready for the next audit.” While a necessary part of ISO, passing the audit will only maintain your certification. This is the minimum benefit you should receive from your efforts.

The real opportunity for measurable business benefit from ISO 9000 is for better efficiency, reduced failures and higher levels of performance for your customers. The most effective ISO “lever” to achieve these results is the management and improvement of key business processes. Often, the most critical processes in your business are cross-functional, cutting across boundaries within you organizational structure. Improvements in these processes have an ongoing payback if such improvements are sustainable and sustained. The process approach, when correctly applied to your QMS, is the way this gets done.

So, what is a process?

For those who may not have a strong background in studying processes and quality improvement, it is common to ask, “What exactly is a process?”. Using the text from the ISO 9000 standard:

An activity using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process (ref. 0.2).

In other words, a process is basically how you are operating a certain activity within your business to convert something such as an unfinished product, some data or information, an untrained employee, or other “input” into an “output” such as a finished product, decisions based on data or information or a fully skilled employee. The steps you’ve followed to accomplish the intended results is the process.

Keep in mind that your business processes exist whether or not you understand them or are trying to improve them. Some are more informal than formal. Others are less effective than you assume. There are those that are surprisingly effective though you’re not sure why. Processes are simply “the way we get things done”.

Processes come in different shapes and sizes. A process can be as “small” as a task someone has to do, such as entering data into a computer. A somewhat larger process would involve several people within a certain department to complete something, such as putting together and implementing a new marketing campaign. A process can also span several departments who all have to work together for a common goal, such as developing, producing and releasing a new product or service.

These different process scopes illustrate how smaller processes “fit” into larger processes and support them. Generally you should consider bigger processes to be more important to your business performance overall than the smaller ones. But it is often the case that the broader cross-functional processes are not well managed, despite their greater importance.

This is because cross-functional processes cut across organizational boundaries, involving several department heads. The organizational structure, in this case, tends to work against efficiency because of the “hand-offs” between departments and conflicting goals between organizational groups. Yet, because of their importance to meeting customer requirements and management objectives, they should be considered among your most critical “key processes” to be managed within your ISO system.

What’s involved in managing processes?

The management of key business processes basically involves the following:

  1. Identifying the processes that most directly impact your customer and overall business performance.
  2. Establishing reliable measures of performance for those processes.
  3. Assigning responsibility for monitoring and improving each process.
  4. Proper procedural documentation to control each process.
  5. Effective action to root out obstacles in the process and to resolve root causes to performance gaps.
  6. Integrating the process with the requirements of other business processes.

The management of your key processes should serve as the “top level” of your QMS – that is, it should provide the overall purpose and structure to your procedures, work instructions, training, etc. In addition, the selection of processes and establishment of process measures should be derived from your overall business and quality objectives.

What does ISO require?

When reading the ISO 9001:2008 standard, it’s easy to miss this central emphasis on managing key processes. This is in part because the requirements for managing processes are sprinkled throughout the standard under various headings. Piecing together a complete understanding involves pulling a number of requirements together.

0.2 Process approach

It is helpful to start with the Introduction to the standard that introduces the concepts of managing your business through the identification and management of a “system of processes”. Four parts of managing key processes are listed:

a. Understand and meet requirements.

This indicates that the purpose of each key process is to meet specified requirements. If those requirements are not clearly defined and communicated, those involved in the process won’t know if they are achieving what is needed.

b. Consider the added value of the process.

Processes to be managed should be selected based on the “value” they add to the ability to meet customer requirements or to meet business objectives. That means that you should start with the most “key” (critical) processes to your business.

c. Monitor process performance and effectiveness through actual results.

Once you’ve identified and defined your key processes, each should be monitored using a few performance measures. The measures should be selected based on the most important objectives for each process and its overall purpose.

d. Data-driven continual improvement.

Monitoring these results and analyzing the data will clarify specific improvements needed in the process to drive performance up. Using root-cause analysis to determine needed corrective action (and preventive action) will ensure that improvement efforts pay off with better overall results.

The model shown in Figure 1 within the ISO 9001:2008 standard helps to give a “big picture” of how the overall QMS works to ensure that customer satisfaction is achieved (see page 7 of the ISO 9001:2008 standard). Essentially, the model depicts how your organization translates customer requirements into customer satisfaction through your internal QMS processes. The model aligns with the 5 major sections of the standard (4.0 – 8.0) to help you understand how the requirements fit together. From a conceptual perspective, the diagram is helpful.

Specified requirements for processes

The practical requirements for managing key processes are found in several passages within the standard.

ISO 9001:2008 Reference
Key Process Management Requirement
4.1 (a) & NOTE; 7.1; 7.2; 7.4.1; 8.1
Identify your key processes.

This is typically done with a simple flowchart for each process; be sure to include processes related to management activities, provision of resources and measurement.

4.1 (b); 4.2.2 (c)
Determine how these processes fit together and impact each other.

This can be done by showing one process as an input to another process on your process maps; the process maps should be referenced or included in your quality manual.

5.5.2 (a)
Assign responsibility for managing these processes on an ongoing basis.

That is, determine an “owner” for each process; your management representative oversees the process owners to ensure the processes are effectively managed.

4.1 (c); 5.4
Establish formal measures of performance for each process based on the process purpose and objectives.

Ensure these process measures are linked to your overall objectives for the business and quality.

4.2.1 (d)
Develop formal procedures needed to control these processes; relate them to your key process maps.

Only implement formal documented procedures where they help the process run more smoothly – don’t document for the sake of documenting.

4.1 (d); 6.0; 7.2.3; 7.3.3 (b); 7.4.2
Determine the resources needed for each process and establish a planning process to ensure needed resources are provided.

Establish effective information-flows with your customers, internal processes and suppliers; evaluate what information is needed at each hand-off and determine how that information will be managed and maintained.

5.5.3
Establish a communication plan to ensure everyone working in or affected by your key processes understands how the processes are performing.
4.1 (e); 5.6.2 (c); 8.2.3; 8.4 (c)
Monitor and evaluate the performance of your processes to determine if objectives are being met.

One of the venues for this evaluation is your management review.

5.6.3 (a); 8.5
Determine actions needed to improve the performance of your processes as determined by your process measures.

In addition to corrective actions, trends can indicate opportunities for preventive action.

Do we have to Audit using a Process Approach?

One final question is commonly asked relating to whether or not your internal audit program must be reorganized to audit “processes” rather than “ISO requirements”. Many ISO internal audits are structured around a requirement-by-requirement review of the quality management system following the sections of ISO 9001:2008. It is common for an audit checklist to itemize questions to confirm whether the QMS:

… conforms to the planned arrangements (see 7.1), to the requirements of this International Standard [i.e. ISO 9001:2008] and to the quality management system requirements established by the organization (ref. 8.2.2).

The scheduling in such an audit program is often by departments within the company. If this is your current procedure for auditing, the question that comes to mind is “do I have to change to auditing processes? If so, how do I do that?”

Well, the ISO standard does not really say how you need to organize your audits; just that you need to consider in your audit plan:

The status and importance of the processes and areas to be audited, as well as the results of previous audits (ref. 8.2.2).

So, bottom line is that you are not required to rearrange your audit program to “audit processes” per se. But you do need to be sure your auditors are aware of your processes and how they are organized, managed and currently performing. They can then provide useful feedback to your key process owners as to how well they are implemented and areas needing improvement. As a minimum, you need to determine the scope and frequency of your audits based on, among other factors, how well your key processes are performing.

The Need for a Process to Manage Processes

So, an effective implementation of the “Process Approach” would start by laying out how you will select, manage and improve the most critical business processes that impact your customers and internal management objectives. This would include assigning responsibility to certain individuals or teams to take charge of your key processes. Teams work well when processes cut across your organizational structure. Then, these process owners will monitor and improve these processes on an ongoing basis taking full responsibility for their performance.

Perhaps, then, one of your first processes to establish is the process for how you will manage your key business processes within your organization.