Share this

There are numerous ways to approach compliance with ISO 9001:2015, but what is the process approach? While this is by no means a new requirement, anecdotal evidence suggests that it is poorly understood.

The process approach was first introduced in ISO 9001:2000. And while the concept of a process-based quality management system has not changed, the requirements in the latest version of the standard, ISO 9001:2015, have become more specific and less ambiguous.

Let’s look at common questions you might have about what the process approach is, why it’s important and, crucially, how you can get your employees to apply it.

What is an ISO process approach?

The introduction of ISO 9001:2015 states that: ‘Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system.’

An ISO 9001 process approach is a management strategy which incorporates the plan-do-check-act cycle and risk-based thinking. It means that processes are managed and controlled. It also means that we not only understand what the core processes are, but we also consider how they fit together.

Key changes from ISO 9001:2008 - ISO 9001:2015

The requirement for a process-based quality management system is nothing new. The requirement to "establish, implement, maintain and continually improve" is familiar from both ISO 9001:2000 and ISO 9001:2008. The key changes are:

  • For organisations already adopting ISO 9001:2008, a key factor in transitioning to ISO 9001:2015 is the extent to which the process approach has been adopted.
  • Clause 4.4 of ISO 9001:2015 sets out specific requirements for the adoption of a process approach e.g. organisations must monitor, measure and use related performance indicators to determine effective operation and controls.
  • Top management must promote, engage and support employees to follow a process approach.

Why is the process approach so important?

Organisations are typically structured into departments which are managed by a department head. The head is responsible for what comes out of the department. Most departmental heads never interact with the external customer, only internal ones. As such, they are divorced from how the customer really feels.

If key performance indicators are set by departments this compounds the problems. Heads try to maximise the performance of their departments to the possible detriment of other departments further down the line.

The ISO process approach introduces horizontal management, controlling processes which flow across departmental boundaries. Someone is accountable from start to finish. They see the whole picture from process initiation to process completion. They understand what the stakeholders in the process want and have delegated authority to act to realise this. An employee’s first loyalty is to their assigned projects, products or services - rather than their own departments.

Download our ISO 9001:205 whitepaper

Download our whitepaper on preparing for ISO 9001: 2015 for more information about applying the standard to your business and thinking about the ‘what is the process approach?’ question.

Download now

Using an ISO 9001 process approach in a quality management system facilitates:

  • understanding and consistency in meeting requirements
  • viewing processes in terms of value-add
  • achieving effective process performance
  • improving process performance based on analysis and evaluation of the data and information

Learn more about our quality management system.

Implementing a Process Approach (Step by Step)

ISO 9001:2015 employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking. This means the organisation needs to:

  1. determine required process inputs and expected outputs
  2. assign responsibilities and authorities for processes
  3. identify risks and opportunities for processes, and plan to address these

1) Define your quality management system processes

ISO 9001 does not provide you with a list of core quality management system processes you need to include. Your organisation must determine these for themselves. So, what should you include?

Some example processes:

  • internal training, leadership and performance evaluation
  • manufacturing, design, distribution, development, service, delivery and assembly management
  • revenue assurance / business process outsourcing
  • new customer management
  • equipment management
  • supplier approval and re-evaluation
  • risk identification and management
  • contract change or revenue assurance management
  • complaint handling
  • information management
  • audit and inspections
  • other QHSE requirements

Ask yourself how you are constantly providing products and services which meet customer and applicable statutory and regulatory requirements. In addition, how are you enhancing customer satisfaction?

These are the processes which need to be controlled. Your organisation must then map out the inter-relationships between your core processes.

2) Assign responsibilities and authorities for processes

Your organisation then needs to work out who is responsible for what process. Rather than focusing on functions, focus on the process across the department. Pay particular attention to the interdependencies and the interactions. It can also help to:

  • Involve employees in building the process-based quality management system
  • Train individuals so they understand their roles and accountabilities in relation to the core processes to ensure they see their processes end-to-end
  • Restructure the audit programme around processes, not functions
  • Train auditors to follow processes across departments, paying particular attention to interdependencies and interactions
  • Provide documented information to support the operation of processes and ensure you have confidence that the processes are being carried out as planned
  • Give procedures and work instructions another name

3) Identify risks and opportunities, and plan to address these

Risk-based thinking is an extension of preventive action. It requires organisations to determine risks and opportunities to processes, products and services, as well as the quality management system. The organisation must take proportionate steps to address these actions. This means monitoring and measuring the performance of processes.

Discover our ISO 9001 compliance software

Find out how you can meet the requirements of ISO 9001 and demonstrate your commitment to quality to customers, suppliers and regulators with our ISO 9001 software.

Request a demo
Written by

Alexander Pavlović

Alex produces targeted content to help Ideagen’s readers and customers navigate the complex world of quality, governance, risk and compliance.

Alex has worked with brands such as BT, Sodexo and Unilever and is passionate about helping businesses build a cohesive, collaborative culture of quality.