ISO 9000 Where to Start

Cari Spears

Super Moderator
Leader
Super Moderator
I'm sure that many of the things that apply to your internal processes are based on an ISO 9001 requirement. For example, could you have an effective internal process for control of nonconforming outputs if you are not applying element 8.7? I'm also sure that you could march through the standard and find many more pertinent examples.
Perhaps some organizations wouldn't. However, back to the point, when we roll out these processes to the people who perform them, I make no mention of AS9100 requirements to the shop guys. They perform the tasks as described in our internal procedure without any reference to AS9100 requirements. Our top management team discusses and is knowledgeable of AS9100 requirements, but we don't make much reference to it in our day to day operations.
 

Big Jim

Admin
Maybe I can provide a real life example of how it helped one of my clients to be more specific.

This is a client that I worked with going back to 2007 when I helped them get registered and wrote a manual for them. Shortly after becoming acquainted, they hired someone to become their management representative and they got serious about getting registered. I worked closely with him in particular but with all the managers and the rest of the 25 or so employees to tailor a manual specifically to their operations and needs. I helped them revise the manual for the transition to the 2008 version (little needed since the changes were minor) and again for the transition to the 2015 version. During their initial training each employee was taught not only what they needed to know as Cari mentioned, but to the requirement of the standard that drove it.

Their system has run very well over the years. Especially noticeable has been their high KPI scores as well as how few nonconformances have been found during their audits. The Management Representative as well as the top managers are practitioners in a participative management style.

The Management Representative became a victim of covid. He needed to work off-site for over a year due to other health issues making him more vulnerable. During that time, other managers picked up the slack and kept the quality management system running as well as he had, each pitching in on the specific topics that they were the most familiar with.

Unfortunately the cancer he had overcome a couple of decades earlier returned and recently claimed his life. Someone that had been with the company since before their initial registration has been selected to become the management representative and he is being supported and trained by the managers that have held things together for the last couple of years.

I recently completed an internal audit for them and was pleasantly surprised on the condition of their quality management system.

So I believe that you can have a more effective quality management system if everyone is aware of the standard and how it affects them. Others can believe what they want, but I see the benefit, not just with this client, but with many others as well.
 

Paul Simpson

Trusted Information Resource
It is tempting to mirror the requirements of the standard and write up that mirror image as your quality manual (that isn't required by ISO 9001, BTW).

If you can get your head around it I'd start where @GStough suggested.
  • What is it we do? (Our processes)
  • Who do we do it for? (Our customers and any other interested parties)
  • What are the critical to success factors in how we work?
I'll separately post some more thoughts on process management - they are based on the ISO 9001 requirements in clause 4.4.1 but are hopefully easier to read.
Sorry it has taken some time. I had to update the article based on the new clause structure of ISO 9001:2015. I published it as an article on LinkedIn and am reproducing it here for Cove Members.

The importance of process thinking in modern quality management systems
Introduction
We are used to simple sentences conveying complex meanings. For instance, here in the United Kingdom, we have absolute duties under health and safety legislation where a “one-liner” can create complex management systems to satisfy, for example, an employer’s absolute duty to look after the health and safety of their employees. Whilst by no means as fundamental (or important) the same general principle applies to standards such as ISO 9001. You have to understand the meaning and complexity of each requirement before you can use the underlying principles to design your quality management system.

Determining processes – clause 4.4.1
Very early on in the requirements section of the 2015 standard, the organisation simply has to: “determine the processes needed for the quality management system and their application throughout the organisation”

So, what does that mean?

Firstly, let’s look at what it doesn’t mean. It does not mean that all procedures that were documented in the dim and distant days of ISO 9001.1994 are magically transformed into processes – that oversimplifies the requirement and misunderstands the sea change behind the structure and purpose of the standard reissued in 2000 and the updates in 2008 and 2015.

In order to satisfy this new approach and meet the requirements of clause 4.4.1 of ISO 9001:2015, this should mean that there is a lot of work involved in organisations looking afresh at their activities and redefining how their quality management system works. Now it may be that your organisation has already done this, perhaps back in 2000 – 1. In which case sit back, grab a cup of tea and you can continue reading this article just for the heck of it.

If you belong to an organisation that still considers existing documented procedures as quality management processes not only have you not captured the spirit of the new approach but you should be picked up by your customers and other assessment organisations as not meeting the requirements of clause 4.4.1. The fact that more nonconformities haven’t been raised against organisations says a lot about the state of third-party certification and its economic need to survive. Perhaps conformity assessment bodies (CAB) are retaining paying customers who don’t actually deserve to hold the certification.

If we are to realize the benefits of a process approach as a first step, we have to recognize ISO 9001 is now a business standard in all but name. There is still a fundamental focus on quality and satisfying customer requirements but this exists in the overall context of the organisation’s business (its strategic direction if you like). By contrast, other standards and requirement documents focus on other areas of the business – such as ISO 14001 (environmental management), and accounting rules/legislation (financial management)).

If the organisation has a process that captures customer orders and ends up delivering to them a product or a service then that is what should be captured and identified as one of the organisation’s processes – cutting across departmental silos as it does. It may be easier for an organisation to break its processes down into bite-size chunks (perhaps those previously covered by departmental procedures) but that misses the whole point and ends up adding no value. The benefits of identifying processes as end to end (ideally beginning and ending with a customer) are:

- Clear demonstration of the end customer and their needs

- Clarification of an individual’s role in working with others both in his / her department and upstream/downstream – again with the customer needs in mind

- Highlight areas that are busy doing work but that aren’t aligned with those core processes delivering value to the organisation.

There are similarities here with the approach of the “Lean” fraternity in identifying value-added and non-value-added work (this continues into the next sections of this article) – this is far more valuable than the “wash and brush up” where organisations realigned their quality management system – perhaps even to the new clause structure of the 2015 standard – without adopting the spirit of the change.

Typically, an organisation will have a very small list of processes – the things they do. The list below is a suggestion – any significant variation from this list needs to be considered carefully as it might mean that, by fragmenting a bigger process, the end result may be that an organisation sub-optimizes the activity. Only the first two processes in this example are “core” – i.e., the customer pays for the process output.

- Satisfying our customer orders – covering all activities from dealing with enquiries, orders, planning of production/service provision, making the product or providing the service, stockholding, all the way through to delivery

- Introducing new products to the market – covering all activities such as identifying market opportunity, project management, product design and development, through to product launch (including the start-up of production volumes)

- Business planning – covering surveillance of the market environment, identifying of the business position with respect to its market, identification of business opportunities, change management, action to address business risk

- Improving our processes – involving data capture and analysis, effective corrective action

- Looking after our resources – looking after and developing the people, systems, buildings and equipment we need to operate our business.

Process inputs and outputs – clause 4.4.1 a)
What do we need to have in place before can start to operate our process? This could be customer information, raw materials and approvals to start.

Similarly, if we carry out our processes properly what are the expected outputs in the way of products and services and evidence of the process having been carried out as planned? There may also be some unintended process outputs in the form of nonconforming product/service/output.

We will see more about how these inputs and outputs are used in later sections.

Process sequence and interaction – clause 4.4.1 b)
Having identified your processes, the next step is to “determine the sequence and interaction of these processes.” What factors need to be considered? Sometimes an example helps – think of the new product introduction process (above). Any organisation will look to identify the needs of a future market for a new product. In order to do that effectively a design team needs a series of inputs - 4.4.1 a)

- information about the market – an output from business planning,

- competing products – as above,

- current quality and reliability performance of a similar product already in production that our new product is intended to replace – an output from improving our processes,

- a budget from the organisation – an output from business planning and

- a timetable for the project – again an output from business planning.

All of these are interactions and outputs from other processes within the organisation. There is also a natural sequence for these processes and how they feed into design.

Not to confuse matters but the core (customer facing) process is reliant on a lot of support (non-customer facing) processes to deliver the final output. Using the same example of new product introduction in order to successfully carry out this core process we will need:

- Effective market research – which, although it involves interaction with existing and potential customers is not a core process (one which they pay for directly)

- Information systems – data will be an output from a number of the processes including research, analysis of current performance and business plans. The information system(s) used to provide these data need to be managed to ensure it operates reliably. So even though the information is part of a core process the system used to select the hardware and software is a support activity

- Competent personnel – at all stages from market analysis through to the manufacture of the approved product and including design – people need to be competent to carry out their tasks. Recruitment, training, communication, and performance management aspects of human resource management are all support activities necessary to deliver new products effectively. These people may be part of a formal project team or they may be required to support a project team on an ad hoc basis. For an organisation to truly say it has determined its process and provided adequate resources it has to demonstrate that it knows about these small but significant contributions from others in the organisation. They are part of the overall system without, perhaps, being named in the process.

Determine and apply criteria and methods – clause 4.4.1 c)
The process sequence and interaction now give us a map of the organisation and how it works together but now the work gets even tougher to satisfy the next requirement to determine and apply criteria and methods needed to ensure the effective operation and control of these processes. Not just a few more words but here we have to look at each process and set standards and put in place methods to enable us to carry them out (operate) and check they are effective and efficient (control). This includes all the traditional uality control and quality assurance methods for ensuring the process delivers the expected outputs (or prevents nonconforming outputs from proceeding through the process.

In order to demonstrate these processes are operating effectively, we need to monitor and measure. This doesn’t mean you carry out both activities for each process but, perhaps based on risk (clause f)), you decide which of the activities should be implemented to ensure processes are operating as decided. Monitoring can simply be a simple supervisory overview to see that everything is in order perhaps incorporating a coaching role to assist those working in the process. Measuring is much more based on data from the process and should indicate through quantifiable means that the process is delivering the objectives the organisation sets.

Determine the resources needed – clause 4.4.1 d)
We have to decide what resources each of our processes needs and make sure they are available. Again, what does this mean in practice?

In order to do this, the organisation must have gone through some process to establish what level of resource is required. This may be broken down by the subheadings of clause 7.1 of ISO 9001 into

• General,

• People,

• Infrastructure,

• Environment for the operation of processes,

• Monitoring and measuring resources and

• Organisational knowledge

Also, what information is needed to ensure the process operates efficiently and effectively? This is the key area for support processes – to ensure that the resources the organisation has decided are needed (above) are actually there to be able to operate the processes and, ultimately, satisfy customers.

The people controlling the purse strings have to have effective internal communication of where all requirements identified above are not being met and reacting to the needs of the organisation to bring resource needs back on track. Top management receives this information through another organisational process of process monitoring taking inputs from those measures identified in clause 4.4.1 c.

But if we just consider the first of these – the people required to operate and manage the process. If we are to make effective use of our people, we need to consider aspects of people involvement, motivation, recognition and reward, and that is without considering elements of internal politics and gamesmanship that happen in every workplace around the world. In order to demonstrate a full understanding of the process approach all of these factors should feature in an ISO 9001 compliant quality management system.

Assign process responsibilities and authorities – clause 4.4.1 e)
As with other areas of our system (clause 5.3) people working within our processes should be aware of what they are authorised to do within the process (including any limitations) and who is responsible for which activity. This will include the quality control and assurance activities in c). In general, it helps if all the people are aware of who does what.

Address the risks and opportunities – clause 4.4.1 f)
This clause refers to the detailed aspects of planning for risk and opportunity covered in clause 6.1.

Taking opportunities first, the ISO 9000 definition defines a process in terms of ‘intended results’ – these outline the opportunity that the process is intended to achieve and effective operation of the process will consistently deliver these intended results.

Those implementing the system should also be looking at the risks to the organisation associated with these processes and deciding what control systems to put in place (c)). For low-risk processes, this can be informal monitoring by an individual or manager. For high business risk activities, there will be formal quality assurance, quality control checks and reporting at all stages of the process. This risk-based approach is true preventive action as was formerly required in the ISO 9001 standard.

Evaluate the process and make any changes needed to deliver intended results – clause 4.4.1 g)
In 4.4.1 c) the organisation had to establish criteria and methods including monitoring, measuring and performance indicators (including KPIs) to ensure processes are effective.

Here, in g), the organisation has to use the evidence from these activities to decide whether the process is working as planned and, if it isn’t, make changes to bring it into line with the plan and to deliver the intended results.

The organisation is looking at how the process is operating – whether there are any opportunities for it to operate more effectively or more efficiently. Again, there are strong links in this clause with activities such as value stream mapping used in lean or the ‘define’ stage in six sigma’s DMAIC when looking at process analysis.

With the best will in the world, we cannot absolutely guarantee “right first time” (although you will be surprised how often it does happen if all the planning work above is done).

The standard next requires us to: “implement actions necessary to achieve planned results and continual improvement of these processes” – whereby if all of the planning activity did not deliver what was expected then you need to take effective corrective action and, at the same time should be considering actions that will help the process better satisfy customer requirements.

Process improvement – clause 4.4.1 h)
Whatever the results of the evaluation (clause g)) the organisation has to plan to improve its processes. If it improves any process this should result in improvement of the quality management system as a whole (assuming the organisation is managing the process interactions effectively.

So, for all the business processes that form the quality management system an organisation truly buying into the spirit of ISO 9001 (never mind the higher level guidance of ISO 9004) will have carried out this detailed analysis before implementation.

Peter Senge in his book “The Fifth Discipline” identified the scale of the task with his review of the MIT beer game – a process as simple as stocking beer in a supply chain can go horrendously wrong if the complexities of the process aren’t understood. Something as simple as delays in reaction to changes in demand within a supply chain can easily lead to stockouts and oversupply at the extremes if the process isn’t understood and managed – again from end to end. Senge called this the ‘bullwhip effect’.

Conclusion
Bearing in mind all aspects of the process approach were available long before the introduction of this latest 2015 edition of the quality management system standard – why are we still discussing the process approach?

The answer is simple, if damning, collectively we still don’t get it! Quality practitioners could have taken on board process management and developed a business management system that clearly demonstrates how an organisation satisfies customer requirements using this “whole business” approach in their organisations. Instead, they have (with some notable exceptions) resorted to a “check box” approach to their own quality management system – supported by both consultants simplifying implementation efforts and the certification industry expected to judge those efforts.

In much the same way as all the quality tools developed from the turn of the 20th century onwards were available by the 1980s when W Edwards Deming returned to castigate US industry for not embracing quality management so there is a vacuum now for quality professionals to use existing tools of systems thinking, process analysis and mapping to move quality forward to where ISO 9001 wanted us to be 20 plus years ago.
 

jmech

Trusted Information Resource
If you belong to an organisation that still considers existing documented procedures as quality management processes not only have you not captured the spirit of the new approach but you should be picked up by your customers and other assessment organisations as not meeting the requirements of clause 4.4.1. The fact that more nonconformities haven’t been raised against organisations says a lot about the state of third-party certification and its economic need to survive. Perhaps conformity assessment bodies (CAB) are retaining paying customers who don’t actually deserve to hold the certification.
...
The answer is simple, if damning, collectively we still don’t get it! Quality practitioners could have taken on board process management and developed a business management system that clearly demonstrates how an organisation satisfies customer requirements using this “whole business” approach in their organisations. Instead, they have (with some notable exceptions) resorted to a “check box” approach to their own quality management system – supported by both consultants simplifying implementation efforts and the certification industry expected to judge those efforts.
Rather than casting blame on users, assessment organizations, and consultants, will the writers of ISO 9001 take any responsibility for drafting unclear requirements that do not effectively communicate what they are intended to communicate (at least according to your interpretation)?
 

Big Jim

Admin
Sorry it has taken some time. I had to update the article based on the new clause structure of ISO 9001:2015. I published it as an article on LinkedIn and am reproducing it here for Cove Members.

The importance of process thinking in modern quality management systems
Introduction
We are used to simple sentences conveying complex meanings. For instance, here in the United Kingdom, we have absolute duties under health and safety legislation where a “one-liner” can create complex management systems to satisfy, for example, an employer’s absolute duty to look after the health and safety of their employees. Whilst by no means as fundamental (or important) the same general principle applies to standards such as ISO 9001. You have to understand the meaning and complexity of each requirement before you can use the underlying principles to design your quality management system.

Determining processes – clause 4.4.1
Very early on in the requirements section of the 2015 standard, the organisation simply has to: “determine the processes needed for the quality management system and their application throughout the organisation”

So, what does that mean?

Firstly, let’s look at what it doesn’t mean. It does not mean that all procedures that were documented in the dim and distant days of ISO 9001.1994 are magically transformed into processes – that oversimplifies the requirement and misunderstands the sea change behind the structure and purpose of the standard reissued in 2000 and the updates in 2008 and 2015.

In order to satisfy this new approach and meet the requirements of clause 4.4.1 of ISO 9001:2015, this should mean that there is a lot of work involved in organisations looking afresh at their activities and redefining how their quality management system works. Now it may be that your organisation has already done this, perhaps back in 2000 – 1. In which case sit back, grab a cup of tea and you can continue reading this article just for the heck of it.

If you belong to an organisation that still considers existing documented procedures as quality management processes not only have you not captured the spirit of the new approach but you should be picked up by your customers and other assessment organisations as not meeting the requirements of clause 4.4.1. The fact that more nonconformities haven’t been raised against organisations says a lot about the state of third-party certification and its economic need to survive. Perhaps conformity assessment bodies (CAB) are retaining paying customers who don’t actually deserve to hold the certification.

If we are to realize the benefits of a process approach as a first step, we have to recognize ISO 9001 is now a business standard in all but name. There is still a fundamental focus on quality and satisfying customer requirements but this exists in the overall context of the organisation’s business (its strategic direction if you like). By contrast, other standards and requirement documents focus on other areas of the business – such as ISO 14001 (environmental management), and accounting rules/legislation (financial management)).

If the organisation has a process that captures customer orders and ends up delivering to them a product or a service then that is what should be captured and identified as one of the organisation’s processes – cutting across departmental silos as it does. It may be easier for an organisation to break its processes down into bite-size chunks (perhaps those previously covered by departmental procedures) but that misses the whole point and ends up adding no value. The benefits of identifying processes as end to end (ideally beginning and ending with a customer) are:

- Clear demonstration of the end customer and their needs

- Clarification of an individual’s role in working with others both in his / her department and upstream/downstream – again with the customer needs in mind

- Highlight areas that are busy doing work but that aren’t aligned with those core processes delivering value to the organisation.

There are similarities here with the approach of the “Lean” fraternity in identifying value-added and non-value-added work (this continues into the next sections of this article) – this is far more valuable than the “wash and brush up” where organisations realigned their quality management system – perhaps even to the new clause structure of the 2015 standard – without adopting the spirit of the change.

Typically, an organisation will have a very small list of processes – the things they do. The list below is a suggestion – any significant variation from this list needs to be considered carefully as it might mean that, by fragmenting a bigger process, the end result may be that an organisation sub-optimizes the activity. Only the first two processes in this example are “core” – i.e., the customer pays for the process output.

- Satisfying our customer orders – covering all activities from dealing with enquiries, orders, planning of production/service provision, making the product or providing the service, stockholding, all the way through to delivery

- Introducing new products to the market – covering all activities such as identifying market opportunity, project management, product design and development, through to product launch (including the start-up of production volumes)

- Business planning – covering surveillance of the market environment, identifying of the business position with respect to its market, identification of business opportunities, change management, action to address business risk

- Improving our processes – involving data capture and analysis, effective corrective action

- Looking after our resources – looking after and developing the people, systems, buildings and equipment we need to operate our business.

Process inputs and outputs – clause 4.4.1 a)
What do we need to have in place before can start to operate our process? This could be customer information, raw materials and approvals to start.

Similarly, if we carry out our processes properly what are the expected outputs in the way of products and services and evidence of the process having been carried out as planned? There may also be some unintended process outputs in the form of nonconforming product/service/output.

We will see more about how these inputs and outputs are used in later sections.

Process sequence and interaction – clause 4.4.1 b)
Having identified your processes, the next step is to “determine the sequence and interaction of these processes.” What factors need to be considered? Sometimes an example helps – think of the new product introduction process (above). Any organisation will look to identify the needs of a future market for a new product. In order to do that effectively a design team needs a series of inputs - 4.4.1 a)

- information about the market – an output from business planning,

- competing products – as above,

- current quality and reliability performance of a similar product already in production that our new product is intended to replace – an output from improving our processes,

- a budget from the organisation – an output from business planning and

- a timetable for the project – again an output from business planning.

All of these are interactions and outputs from other processes within the organisation. There is also a natural sequence for these processes and how they feed into design.

Not to confuse matters but the core (customer facing) process is reliant on a lot of support (non-customer facing) processes to deliver the final output. Using the same example of new product introduction in order to successfully carry out this core process we will need:

- Effective market research – which, although it involves interaction with existing and potential customers is not a core process (one which they pay for directly)

- Information systems – data will be an output from a number of the processes including research, analysis of current performance and business plans. The information system(s) used to provide these data need to be managed to ensure it operates reliably. So even though the information is part of a core process the system used to select the hardware and software is a support activity

- Competent personnel – at all stages from market analysis through to the manufacture of the approved product and including design – people need to be competent to carry out their tasks. Recruitment, training, communication, and performance management aspects of human resource management are all support activities necessary to deliver new products effectively. These people may be part of a formal project team or they may be required to support a project team on an ad hoc basis. For an organisation to truly say it has determined its process and provided adequate resources it has to demonstrate that it knows about these small but significant contributions from others in the organisation. They are part of the overall system without, perhaps, being named in the process.

Determine and apply criteria and methods – clause 4.4.1 c)
The process sequence and interaction now give us a map of the organisation and how it works together but now the work gets even tougher to satisfy the next requirement to determine and apply criteria and methods needed to ensure the effective operation and control of these processes. Not just a few more words but here we have to look at each process and set standards and put in place methods to enable us to carry them out (operate) and check they are effective and efficient (control). This includes all the traditional uality control and quality assurance methods for ensuring the process delivers the expected outputs (or prevents nonconforming outputs from proceeding through the process.

In order to demonstrate these processes are operating effectively, we need to monitor and measure. This doesn’t mean you carry out both activities for each process but, perhaps based on risk (clause f)), you decide which of the activities should be implemented to ensure processes are operating as decided. Monitoring can simply be a simple supervisory overview to see that everything is in order perhaps incorporating a coaching role to assist those working in the process. Measuring is much more based on data from the process and should indicate through quantifiable means that the process is delivering the objectives the organisation sets.

Determine the resources needed – clause 4.4.1 d)
We have to decide what resources each of our processes needs and make sure they are available. Again, what does this mean in practice?

In order to do this, the organisation must have gone through some process to establish what level of resource is required. This may be broken down by the subheadings of clause 7.1 of ISO 9001 into

• General,

• People,

• Infrastructure,

• Environment for the operation of processes,

• Monitoring and measuring resources and

• Organisational knowledge

Also, what information is needed to ensure the process operates efficiently and effectively? This is the key area for support processes – to ensure that the resources the organisation has decided are needed (above) are actually there to be able to operate the processes and, ultimately, satisfy customers.

The people controlling the purse strings have to have effective internal communication of where all requirements identified above are not being met and reacting to the needs of the organisation to bring resource needs back on track. Top management receives this information through another organisational process of process monitoring taking inputs from those measures identified in clause 4.4.1 c.

But if we just consider the first of these – the people required to operate and manage the process. If we are to make effective use of our people, we need to consider aspects of people involvement, motivation, recognition and reward, and that is without considering elements of internal politics and gamesmanship that happen in every workplace around the world. In order to demonstrate a full understanding of the process approach all of these factors should feature in an ISO 9001 compliant quality management system.

Assign process responsibilities and authorities – clause 4.4.1 e)
As with other areas of our system (clause 5.3) people working within our processes should be aware of what they are authorised to do within the process (including any limitations) and who is responsible for which activity. This will include the quality control and assurance activities in c). In general, it helps if all the people are aware of who does what.

Address the risks and opportunities – clause 4.4.1 f)
This clause refers to the detailed aspects of planning for risk and opportunity covered in clause 6.1.

Taking opportunities first, the ISO 9000 definition defines a process in terms of ‘intended results’ – these outline the opportunity that the process is intended to achieve and effective operation of the process will consistently deliver these intended results.

Those implementing the system should also be looking at the risks to the organisation associated with these processes and deciding what control systems to put in place (c)). For low-risk processes, this can be informal monitoring by an individual or manager. For high business risk activities, there will be formal quality assurance, quality control checks and reporting at all stages of the process. This risk-based approach is true preventive action as was formerly required in the ISO 9001 standard.

Evaluate the process and make any changes needed to deliver intended results – clause 4.4.1 g)
In 4.4.1 c) the organisation had to establish criteria and methods including monitoring, measuring and performance indicators (including KPIs) to ensure processes are effective.

Here, in g), the organisation has to use the evidence from these activities to decide whether the process is working as planned and, if it isn’t, make changes to bring it into line with the plan and to deliver the intended results.

The organisation is looking at how the process is operating – whether there are any opportunities for it to operate more effectively or more efficiently. Again, there are strong links in this clause with activities such as value stream mapping used in lean or the ‘define’ stage in six sigma’s DMAIC when looking at process analysis.

With the best will in the world, we cannot absolutely guarantee “right first time” (although you will be surprised how often it does happen if all the planning work above is done).

The standard next requires us to: “implement actions necessary to achieve planned results and continual improvement of these processes” – whereby if all of the planning activity did not deliver what was expected then you need to take effective corrective action and, at the same time should be considering actions that will help the process better satisfy customer requirements.

Process improvement – clause 4.4.1 h)
Whatever the results of the evaluation (clause g)) the organisation has to plan to improve its processes. If it improves any process this should result in improvement of the quality management system as a whole (assuming the organisation is managing the process interactions effectively.

So, for all the business processes that form the quality management system an organisation truly buying into the spirit of ISO 9001 (never mind the higher level guidance of ISO 9004) will have carried out this detailed analysis before implementation.

Peter Senge in his book “The Fifth Discipline” identified the scale of the task with his review of the MIT beer game – a process as simple as stocking beer in a supply chain can go horrendously wrong if the complexities of the process aren’t understood. Something as simple as delays in reaction to changes in demand within a supply chain can easily lead to stockouts and oversupply at the extremes if the process isn’t understood and managed – again from end to end. Senge called this the ‘bullwhip effect’.

Conclusion
Bearing in mind all aspects of the process approach were available long before the introduction of this latest 2015 edition of the quality management system standard – why are we still discussing the process approach?

The answer is simple, if damning, collectively we still don’t get it! Quality practitioners could have taken on board process management and developed a business management system that clearly demonstrates how an organisation satisfies customer requirements using this “whole business” approach in their organisations. Instead, they have (with some notable exceptions) resorted to a “check box” approach to their own quality management system – supported by both consultants simplifying implementation efforts and the certification industry expected to judge those efforts.

In much the same way as all the quality tools developed from the turn of the 20th century onwards were available by the 1980s when W Edwards Deming returned to castigate US industry for not embracing quality management so there is a vacuum now for quality professionals to use existing tools of systems thinking, process analysis and mapping to move quality forward to where ISO 9001 wanted us to be 20 plus years ago.


Clearly enough to us users in the trench, it is a communication issue. The information you shared in this post is far from being common knowledge down here where the rubber meets the road. What more can be done from the top to help us down here understand what you mean?
 
Last edited:

Paul Simpson

Trusted Information Resource
Rather than casting blame on users, assessment organizations, and consultants, will the writers of ISO 9001 take any responsibility for drafting unclear requirements that do not effectively communicate what they are intended to communicate (at least according to your interpretation)?
Sure, @jmech - perhaps you can start by pointing out where the requirements are unclear?

Over to you.
 

Paul Simpson

Trusted Information Resource
Clearly enough to us users in the trench, it is a communication issue. The information you shared in this post is far from being common knowledge down here where the rubber meets the road. What more can be done from the top to help us down here understand what yu mean?
Ivory tower, the rubber meets the road, yada yada. The same challenge to you, Jim. What requirements are unclear?
 

jmech

Trusted Information Resource
Sure, @jmech - perhaps you can start by pointing out where the requirements are unclear?

Over to you.

Based on your below statements, you seem to think there is a requirement that processes not be broken down into chunks (such as those covered by the ISO 9001-required procedures):
"If you belong to an organisation that still considers existing documented procedures as quality management processes not only have you not captured the spirit of the new approach but you should be picked up by your customers and other assessment organisations as not meeting the requirements of clause 4.4.1."
"It may be easier for an organisation to break its processes down into bite-size chunks (perhaps those previously covered by departmental procedures) but that misses the whole point and ends up adding no value."

Where is the clear requirement in ISO 9001 that processes not be broken down into chunks?

You claim that quality is not yet "where ISO 9001 wanted us to be 20 plus years ago" and that quality practitioners "still don't get it!"

Unlike "quality tools developed from the turn of the 20th century", ISO 9001 has a large captive audience that is forced to read it and conform to it (often due to customer requirements). If in "20 plus years" the ISO 9001 writers are unable to communicate a simple, important message to a captive audience that is required to obey them, then they have failed at communicating and should be accountable for their failure, rather than trying to blame their audience.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Determining processes – clause 4.4.1
Very early on in the requirements section of the 2015 standard, the organisation simply has to: “determine the processes needed for the quality management system and their application throughout the organisation”

So, what does that mean?
Paul, well done. This article, to me, should be (minor) fine tuned and replace the current document "developed" by SC2 as a guidance to the process approach.

One of the changes I would make to the text of the 9001:2015 standard and emphasize in your article (with a subtlety of a baseball bat swung full force in someone's buttocks) is the need to see and understand the quality system as an integral part of the organization business.

Instead of “determine the processes needed for the quality management system and their application throughout the organisation”, I would have: "Identify the business processes that impact, directly or indirectly, product conformity and customer satisfaction. Such processes comprise the quality system."

Then, as already mentioned earlier in this thread, the current text of 9001:2015 5.1.1.c) will make more sense and, together, drive the message that "quality system processes" are NOT the ones from the quality department. To this date, in my experience, most organizations don't see this light. Have not had the epiphany of what a true quality system is.
 
Top Bottom