Processes and procedures

in an ISO 9000:200 environment

Consider this paper just a starting point for discussion …. Jim Wade 9 Feb 2002

Processes

1 Processes are not procedures. The difference is that a process relates to what happens in a business, while a procedure tells us how a process is carried out.

2 The difference is extremely important — and is recognised in ISO 9000:2000 (see 3.4.1 & 3.4.5) — and yet some certification bodies will give you an ISO 9001 certificate if you present your written procedures as process descriptions. So, if getting the badge is all that interests you, you might want to ignore what follows.

4 The PCF reminds us that there is always just a handful of key (or operating) processes in any business. These processes deal with fundamentals like getting work from the customer, doing the work and getting paid and they belong in the Product Realization box of the ISO 9000 model diagram. ISO 9001 clause 7 relates to characteristics of these key processes but it does not define them — we must do that ourselves and it is a job for senior management.

5 Other (management & support) processes deal with other things like managing resources and improving; the other boxes in the ISO 9000 model diagram relate to some of these secondary processes.

6 ISO 9001 has a lot to say about processes (there are 70 references as opposed to only 12 references to procedures). For a start, the central Plan-Do-Check-Act cycle of the much-vaunted ‘process approach’ (9001/ 0.2) is all about defining, operating, measuring, monitoring and improving the performance of processes.

7 The theory on which this emphasis is based is that most of the causes of problems and opportunities for improvement in most businesses lie in the system rather than with the people. As Deming said "Put a good person in a bad system and the bad system wins, no contest".

8 The requirements parts of 9001 back up the process approach. For example, we have to:

9 9001/4.1 & 4.2.2: identify processes and their sequence and interaction, figure out how to run and control them, make sure they are resourced, and measure, analyse, monitor and improve them.

10 9001/5.6.2: review process performance as well as product conformity.

11 9001/8.4 c): analyse process characteristics and trends

12 Much of this can only be done by top management (even where 9001 says the ‘organization’ must do the work).

13 So how do we describe processes?

14 Why not describe at the highest level and as simply as possible (one A4 sheet will do it) and with the ISO 9001 requirements in mind?

• 15 Agree what the key processes are called (not as trivial a task as you might think) and show them as a string of boxes in the right sequence.

20 We now have a top level framework that gives us many key improvement objectives, provides an acid test for our procedures (how does each procedure contribute to the effective operation or improvement of processes?) and much much more.

21 Resist breaking down the top level process descriptions into sub-processes unless it helps the management of the business— much of such ‘process mapping’ work is a complete waste of time and effort.

may be of help

Procedures

23 We’ll need to address the requirement for six mandatory written procedures, but these needn’t necessarily be six separate documents. Both corrective and preventive action deal with finding and removing causes (of actual and potential problems, respectively) — so why not combine them?

24 ‘Control of nonconforming product’ deals with "what do we do with stuff if it’s wrong?" Since we may be dealing with ‘wrong stuff’ in each process (and doing different things in each) we may want several CNCP procedures. Or a very general procedure that says broadly what is done in all cases with the detail incorporated into day-to-day procedures.

25 In theory, we may not need any other procedures beyond the six, as long as we can demonstrate control of processes. In practice, of course, some further written procedures might be desirable.

26 ISO 900:2000 defines a procedure as "a specified way to carry out an activity or a process". So a key test of whether or not a written procedure is necessary is to ask "do the people doing the job really use the document and does it help them get the job done better?" If not, something is wrong, and you may have one of the many redundant documents that misuse of ISO 9000 can generate.

27 Moving to ISO 9001:2000 gives us a great chance to question all existing procedures in order to get rid of those with no business purpose and/or to add others that support our processes.

Your views