Process Approach and
ISO 9001:2015

ISO 9001:2015 mandatory requires the use of the “process approach”. This process approach forms one of the most important items for a quality management system.

All organizations normally use processes to achieve their objectives.  A process is a set of interrelated or interacting activities that use inputs to deliver an intended result, which consist of tangible inputs and outputs e.g. materials, components or equipment or intangible outputs e.g. data, information or knowledge.  

ISO Third Party auditors audit an organization’s processes and their interactions. The process approach enhances an organization’s effectiveness and efficiency in achieving its defined objectives. In relation to ISO 9001:2015 this means enhancing customer satisfaction by meeting customer requirements.

Process Approach Benefits

Benefits of the ISO 9001 based process approach include:

• Integrates and aligns processes to enable achievement of desired outcomes
• Focuses effort on process effectiveness and efficiency.
• Provides confidence to customers, and other interested parties, about the consistent performance of your organization.
• Supports transparency of operations within your organization.
• Lowers cost and shorter cycle times, through the effective use of resources.
• Improves and creates consistent and predictable results.
• Provides opportunities for focused and prioritized improvement initiatives.
• Encourages the involvement of people and the clarification of their responsibilities.

Establishing the QMS Process Approach

The process approach includes establishing your organization’s QMS processes to operate as an integrated and complete system. This also means integrating processes and measures to meet your QMS objectives.

Define and document the QMS processes, interrelated activities and checks, to deliver your intended outputs. Depending on your organization’s context include detailed planning and controls in the documentation. 

Risk‐Based Thinking, PDCA and the QMS process approach together form an integral part of the ISO 9001:2015 standard. Risks that may impact objectives and results must be addressed by the management system. Decide how you address risk (both positive or negative) in establishing the processes to improve the outputs and prevent undesirable results.

Create a system that inherently addresses risks. Plan and define this risk process with the necessary controls that support the effectiveness and improvement of the QMS.  Align this risk process to meet your company's objectives. 

Clause 4.4 sets up comprehensive requirements for an organization to determine and apply the processes needed for its quality management system while also considering the PDCA cycle for continual improvement and integrating risk based thinking. Accordingly, audits should be oriented towards analyzing the processes of the organization.

Your organization determines the amount of process documentation and  information (i.e. documents or records) to the extent necessary to provide effective QMS confidence. The standard does not define any specific format or content.

Examples of possible documents include:

• QMS Core Process Map
• process sheets
• SOP process maps
• IT workflows
• turtle diagrams, etc.

QMS Core Process Map

Above you find a typical example of a QMS CORE PROCESS MAP reflecting a PDCA based process approach according to ISO 9001:2015. Your QMS Core Process Map must follow the PDCA cycle. It must always conclude with management review and the resulting corrective actions. These corrective actions may influence risk management planning. If affected, you must implement the changes of the corrected risk management procedures. This cycle is crucial in ISO 9001:2015. Auditors require evidence that you meet this cycle.

Organizations frequently identify too many processes. These business activities do not fulfill the requirements of a process, in the sense that ISO 9001 uses the concept. In this situation, ISO Third Party auditors may raise an issue regarding the need for a redefinition of the processes, based on e.g. the criticality of the activities and the process approach. This might be particularly relevant if you are a small business.

During development of the QMS Core Process Map, pay sufficient consideration to…

• the establishment of QMS process objectives
• QMS process planning,
• the availability of suitable documented information

Typical questions you want to ask during the development of your QMS Core Process Map include

• What are the basic jobs carried out for each process (Which includes department activities)?
• What information do we need to start our process development?
• From where do we assemble that information?
• Who receives the results of each process (Process owner)?
• How do we know if we’ve done our process description job correctly?

These questions should help you establish whether the processes are already defined, have clear inputs, outputs, objectives and so on. You also need to verify that your organization established and defined quality objectives for these relevant processes. Align these with the overall business objectives.

The process performance indicators established for your relevant QMS processes may be used to monitor these objectives to verify and evaluate their suitability for the intended purpose. The level of monitoring, measurement and improvement of each process depends on your organization’s context, its strategic intent and its determined risks and opportunities.

Process Approach Checklist

By using the checklist below, you can cover the majority of the process approach requirements of ISO 9001…

1. What is the process?
2. Who is the process owner?
3. Who supports the process?
4. What is the process documentation?
5. What records result from the process?
6. Who reviews the records?
   
7. What are the resources needed for the process?
8. Are these resources appropriate?
9. Are authorities and responsibilities for required resources defined, documented and known throughout the organization?
10. Are these persons competent?
11. Are competency criteria defined? What are these criteria?
12. How is competency evaluated, approved and monitored, and by which method(s)?
13. Are these methods effective? – refer to outputs
14. Are records available and appropriately maintained?
15. What are the inputs to this process?
16. Are these inputs documented and reviewed by competent persons?
17. Is a description of the processes available and documented?
18. Are these descriptions controlled? – Verify the effectiveness of the organization’s documented information control procedure.
19. Who are the “customers” (internal and external) of the processes?
20. What are the requirements of these customers?
21. What are the characteristics of the intended results of the process?
22. What are the characteristics of the unintended results of the process?
23. Are correction and corrective action applied as appropriate?
24. What are the criteria for monitoring, measurement and analysis?
25. How are these criteria incorporated into the planning of the processes?
26. Are the business performance issues taken into proper account?
27. What methods are used for data gathering?
28. What are the communication channels?
29. How is external and internal information about the process provided?
30. What are the outputs of the process? – Identify outputs.
31. Do these outputs provide evidence of effective implementation of the process?
32. How is process performance monitored?
33. Are appropriate controls defined?
34. What measurements are applied?
35. How is the gathered information analyzed?
36. How are the results of the analysis taken into account?
37. How is feedback obtained?
38. What data is collected?
39. Is the issue of improvement of the processes properly addressed? How? What are the results ?