ISO 9001:2000's Process Approach
A new concept or the same old stuff?
by John E. "Jack" West
With all the guidance on ISO 9001:2000 already published, you would think everyone would understand the process approach as a basic concept of the revised standard.
Jeffrey H. Hooper discussed this approach in an earlier article in Quality Progress,1 and chapters two, eight, 11, 12, 20, 30 and 42 in the ASQ ISO 9000:2000 Handbook2 deal extensively with the topic. In addition, International Organization for Standardization, known as ISO, Technical Committee 176 provides a guidance document (ISO/TC 176/SC2 N544R) available for free download.3
Perhaps all this guidance makes people think the process approach concept is more difficult than it is. I regularly receive questions on it. In fact, most of the questions I get about ISO 9001:2000 relate in some way to the concept. Usually the answers are very simple, and this article will answer a few of the most common questions.
Q: I understand the definition and concept of process approach, but how the requirements related to processes differ from the previous standard's requirements is not clear to me. Wasn't the process approach included in ISO 9001:1994? And if it was, what is different in ISO 9001:2000? Why is there so much emphasis on the process approach now?
A: First, let's review the underlying principles related to this subject. If you are not familiar with the eight quality management principles, you can find them in ISO 9000:2000 or ISO 9004:2000. A brochure related to them is available on the ISO Web site.4 Two of these eight principles are key to understanding the process approach concept:
"Process approach--A desired result is achieved more efficiently when activities and related resources are managed as a process." This principle applies to individual processes.
"System approach to management--Identifying, understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives." This principle applies to the whole quality management system (QMS).
So the QMS may be seen as using both concepts. A more extensive discussion of these concepts and their relationship to quality management system documentation can be found in chapter 12 of the ASQ ISO 9000:2000 Handbook.5
The use of processes operated under controlled conditions was required in ISO 9001:1994 for processes related to making products and delivering services. Clause 4.9 of ISO 9001:1994 required organizations to "identify and plan the production, installation and servicing processes that directly affect quality and shall ensure that these processes are carried out under controlled conditions."
The 1987 and 1994 versions of ISO 9001 used a procedural approach, putting procedural requirements on activities and functions. Except for clause 4.9, the 1994 standard did not directly address processes of the system, nor did it directly connect the process approach with the systems approach to management.
ISO 9001:2000 recognizes the entire system is made up of interrelated processes, so in addition to consideration of the processes for product realization (see clause 7.1), you must identify and manage the processes for the whole system.
For many organizations this concept will not prove to be a major change. If an organization has used flowcharts or process maps and has developed a process emphasis, then it is certainly possible the new standard will require no difference in approach.
Certainly some organizations used this process approach for their whole QMS, even with the '87 and '94 versions, but it was not a requirement.
Q: What are we really expecting from an organization for it to be in compliance with Clause 4.1 of ISO 9001:2000?
A: The basic requirement of clause 4.1 is that the organization "establish, document, implement and maintain a QMS and continually improve its effectiveness." Clause 5.4.2 requires the QMS be planned to meet the requirements of 4.1 and the quality objectives required in 5.4.1.
In planning the system, the organization must take two things into account: meeting ISO 9001:2000 requirements and meeting its own quality objectives. Clause 4.1 gives the minimum requirements for determining the processes of the system and managing them to meet the objectives and achieve continual improvement.
The output of this planning process includes the documents required in clause 4.2: the quality manual (showing the interaction of the processes), the documented procedures required by ISO 9001 and other documentation as needed to ensure effective operation of the system.
Certainly one of the best methods to meet these requirements is the inclusion of process diagrams in the manual or use of flowcharts of the key processes. While such charts are not specifically required, they are beneficial. The focus, however, should be on developing a system that concentrates on meeting the quality objectives while still meeting the requirements of ISO 9001:2000.
Q: The requirement for the quality policy contains some new aspects not included in the 1994 standard. One requires the policy to have a framework for reviewing quality objectives. What is the intent of this change?
A: The policy should set the organization's direction regarding quality, and the objectives should flow from that policy. For example, if an organization needs to increase its sales (a business objective), the quality policy may state that the organization will focus on "enhancing customer satisfaction to gain loyal and long-term customers."
A specific quality objective within this framework might be: "Improve customer satisfaction survey scores by 31% over three years." Or "each executive will visit two customers every quarter to assess the customers' perception of satisfaction."
During management reviews, the top managers would look at progress on meeting the objective. If conditions change, the organization may need to change either the policy or the objective to meet those new conditions.
Maintaining this linkage between the policy and the objectives is particularly important when we consider that clause 5.4.2 requires planning the QMS to meet the organization's objectives as well as the process approach requirements of clause 4.1. Changes in policy or objectives may well necessitate changes to the processes of the system.
This requirement encourages a consistent and measured focus on core values throughout the organization and highlights the need for ensuring resources are available to convert policy pronouncements into reality.
Q: I understand there is a major change to the way we are required to conduct audits to the new ISO 9001:2000 because of the process approach. Where is this change described in the new ISO 9000 series?
A: There is no such description because there is no requirement in ISO 9001:2000 to change the way you audit. On the other hand, the adoption of the process approach does present opportunities to improve the way you audit. Auditing processes as they flow through the functions of an organization may prove to be a value added activity.
It has been said that while the old version of ISO 9001 required system audits, ISO 9001:2000 requires process audits. The concept "process audit" is not defined in ISO 9000:2000. I do not see the term "process audit" in ISO 9001:2000. So, do not be confused. Auditors must still determine whether the system is effectively implemented, and the system must meet the requirements of ISO 9001.
But wait a minute! ISO 9001:2000 requires organizations to use the process approach for developing, managing and improving their QMSs. And should not audits validate the process approach has indeed been effectively implemented? Of course they should. It is hard to imagine how the application of the process approach can be audited without looking at the processes of the system.
Certainly you have interrelated processes as a fundamental part of your QMS, and you should take them into account in your audit planning.
You should be able to do a more effective audit by taking the processes into account than by not doing so, even though this is not a requirement of ISO 9001:2000. It can be done by auditing the processes of the system to ensure they meet the requirements of ISO 9001 and the organization's objectives.
Auditing of the processes may be done function by function (for example, auditing all the processes that flow through a department or function) or by cross functional auditing of each process. Process inputs and outputs should be considered along with the organization's methods for monitoring and measuring the processes. Process measures and targets for key processes should be linked to the organization's quality objectives.
To summarize, although the requirements for conducting audits have not changed, I strongly recommend internal audits focus on outputs, improvement, customer satisfaction and alignment with other areas of the organization.
Audit planning should consider all the requirements of all the clauses in ISO 9001:2000 that apply to the process or activity being audited. This approach to internal audit planning and implementation will yield the best return on the internal auditing investment.
1. Jeffrey H. Hooper, "The Process Approach to QMS in ISO 9001 and ISO 9004," Quality Progress, Dec. 2001, pp. 70-73.
5. Jeffrey H. Hooper, "The Process Approach to QMS in ISO 9001 and ISO 9004," see reference 1.
Charles A. Cianfrani, Jeffrey H. Hooper and John Stratton assisted with the writing of this article.
JOHN E. "JACK" WEST is a management consultant in the areas of productivity and quality. He served on the board of examiners for the Malcolm Baldrige National Quality Award and is now chair of the U.S. Technical Advisory Group to ISO Technical Committee 176 and lead delegate to the International Organization for Standardization committee responsible for the ISO 9000 family of quality management standards. He is co-author of ISO 9001:2000 Explained, published by ASQ Quality Press.