The revised ISO 9001 offers more flexibility regarding process documentation as a part of the management system. This applies to the documentation of management, strategy and core processes as well as support processes such as maintenance and qualification of persons. For very simple processes, for example, clear verbal instructions in conjunction with training material may be sufficient. Generally, however, traceable documentation in forms such as a checklist or an electronic workflow will be required to provide guidance for various work steps. To safeguard a high level of process quality, the new ISO 9001 includes an ambitious eight-step definition of the expected degree of process maturity. The relevant quality characteristics should be available and effective at each of these eight steps to ensure that organisations implement the standard successfully and realise the benefits offered by the new standard.
“At steps one and two, organisations define the inputs required and the outputs expected from their processes and the sequence and interactions of these processes in a form such as a process map or individual process sheets,” says Ulrich Wegner, Head of the Certification Body of TÜV SÜD Management Service GmbH.
“At step 3, the organisation also review the responsibilities and authorities for these processes, using tools like responsibility matrices.” Once this is completed, at step four organisations are expected to identify the technological and human resources needed. “Important aspects in this context include personnel and investment planning to respond appropriately to cases such as evident fluctuations or planned market expansion”, adds Wegner.
At step five of process maturity, the focus is on risk-based thinking. To this end, organisations verify that they have identified all risks relevant for the key processes. Beyond the financial risks already analysed by many companies, there are other risks including the availability of expertise among knowledge owners and specialists, or market risks caused by innovative competitors. A quality management system according to the new ISO standard identifies these risks in direct association with the processes established by an organisation. While the old ISO 9001 focused predominantly on the avoidance of risks through appropriate preventive actions, the revised version also considers chances. To identify these chances, the detail-oriented process focus should be expanded to view the whole picture, particularly including customers’ expectations and the context of the organisation.
Effective process operation and control are ensured at step six. This requires organisations to have either clear instructions for simple tasks in the service sector or process-integrated solutions, e.g. an ERP system, for complex production operations. Depending on the complexity involved, this step requires fast feedback or control loops and adequate communication. At step seven, the processes are evaluated with the help of appropriate monitoring and measurement methods. These are required in cases in which technical or personnel risks or instabilities were identified and, in particular, in cases involving risks related to customer requirements. Checking at an early stage for possible signs of non-conformities with the target is recommended. After all, a high level of accuracy in measurement results is of little use if the results are available too late. At step 8, the data gained from process evaluation enable management to make a robust decision regarding the necessary improvement actions. As outlined above, the process approach of the new ISO 9001 ensures a high level of transparency and thus supports organisations in the targeted triggering and driving of the improvement process.
Further information can be found at www.tuev-sued.de/management-systeme/iso-9001.