How to Take a Process Approach to your System and Audits
Simply put a process can be a series of actions or steps taken in order to achieve a particular end. ISO 9001:2015 no longer requires you to produce and evidence a manual however it does require you to be able to evidence that the system in place is effective, monitored and communicated to all who use it.
In most cases what we will see as auditors is an almost copy and paste of the Standard stating the requirements for the company system, and this is generally what the company will call their quality manual. A point to consider; does this tell you, your staff, suppliers or auditor HOW any of these requirements are achieved?
Here’s an example which is made up but based on many seen:
“Here at XXXXXX we ensure that operational processes are controlled by: implementing and controlling the processes needed to meet the requirements for the provision of products and services, and to implement the actions determined by:
a) determining the requirements for the products and services;
b) establishing criteria for:
- the processes;
- the acceptance of products and services;
c) determining the resources needed to achieve conformity to the product and service requirements;
d) implementing control of the processes in accordance with the criteria;
e) determining, maintaining and retaining documented information to the extent necessary:
- to have confidence that the processes have been carried out as planned;
- to demonstrate the conformity of products and services to their requirements.
The output of this planning shall be suitable for the organization’s operations.
XXXXXX shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. XXXXXX shall ensure that outsourced processes are controlled”
The above example looks very considered and wordy, however it tells the reader nothing about what XXXXXX does and HOW we determine the requirements, controls and considerations for the processes.
If we accept that this format does not tell the reader useful information, and also that if this is your manual and we ask your staff who use this, what this all means; it is likely they will not have had any specific training to understand these statements and how their role is relevant, it may be said it is a waste of resources.
What is important is that your processes are simple to use, understand and convey to others who need to use it. The Standard is a tool that flows in a logical process eg you would expect that design processes are documented as somebody needs to follow the design to produce the final product.
Let’s look at the order process:
The customer will have a requirement ⇢ We need to establish what the requirement is, when it is required and what mechanism is used to ensure the requirement can be met ⇢ The requirement will then be communicated to those who can fulfil the order ⇢ the operational process of achieving this may then be triggered.
On the face of it this is a really process and easily audited, we can see the stages which will likely have documented evidence; emails, the order itself, assigning the order and then we can follow the progress of the journey from there.
You may have computer software which organises this process which may then require a step by step process, or a handwritten way of performing this, the effectiveness of the system may be by noting non-conformances, or having to train to someone new to use the process and identifying issues or improvements. Ostensibly what we have done by doing this is:
You may notice that this is what the Standard is asking you to do, and by removing the ‘ISO speak’ from the manual or process, the users can understand it and contribute improvement.
If you apply this simple method to all of your processes and use your process as the audit criteria it may benefit your system greatly as it is a true auditable process;
This is what we do ⇢ our audits check that we do what we say we do ⇢ our external audit assessors that we do what we say we do and that we meet the Internal Standard.