ISO Revisions

ISO Revisions

ISO Revisions Whitepaper

What is the difference between a procedures
and a process approach?
Approaching change
Process vs procedures: What does this mean?
The concept of process management was first introduced to the ISO 9001
series in the 2000 version of the international standard.

Whilst recognized by the experts on the standards committee as Understanding the process approach
a key component of an effective management system, it caused
This guide provides an understanding of the concepts, intent and the
many organizations problems with its introduction. Even now, with
application of the “process approach”. It also may be used to apply
many organizations having certificates to confirm they meet the
the process approach to any management system regardless of the
requirements of the standard, their approach to process can often be
type or the size of the organization. This includes, but is not limited to,
described as ‘immature’.
management systems for:
ISO is not alone in recognizing the significance of process
management. It is also at the heart of the EFQM Excellence Model
• Environment (ISO 14000 family)
and Baldridge Award schemes and reducing process variation is the • Occupational Health and Safety
focus of Six Sigma initiatives. Process management is also equally
applicable to service and manufacturing organizations.
• Business Risk

It can be argued that the achievement of an organization’s objectives

• Social Responsibility

is critically affected by the performance of its people and its A process approach is a powerful way of organizing and managing
processes, and that successful organizations manage both effectively. activities to create value for the customer and other interested parties.

To begin to explain the approach, it may be useful to take a step Organizations are often structured into a hierarchy of functional units
backwards and reflect on the difference between policies, processes and usually managed vertically, with responsibility for the intended
and procedures, which is often a source of confusion. outputs being divided among the functional units.

The end customer is not always visible to all involved. Consequently,

Policies problems that occur at the interface boundaries between functions
These are the guidelines that drive the organization and its processes and teams are often given less priority than the short-term goals of
and procedures. They may be supported or influenced by defined the units. The process approach introduces horizontal management,
standards or regulations. crossing the barriers between different functional units and unifying
their focus to the main goals of the organization.
Processes are a high level view of the organization’s activities. Shown below is a typical process used in many organizations to bring
The key tasks within the overall process are identified. Process
a new product to market. It typically involves several functions and
descriptions usually refer to several individuals or teams as processes
teams, all who are critical to achieving an effective process.
tend to flow across the organization. ISO defines a process as a set
of interrelated or interacting activities which transforms inputs into A successful new product launch requires each of the departments
outputs. So every process will have a clearly identified input and to operate collaboratively with a common view of what success
output, and depending on whether these are internal or external, there looks like. The reality is that often individual departmental goals and
will also be a customer or set of customers. priorities take precedent. That is why managing the process and
giving ownership can achieve the focus required to make the process
Procedures are the detailed steps that describe how a process step successful.
will be performed.

Typical process: Bringing new products to market

Create
Research market Develop solution Test with market Manufacture Market and sell
specification

Marketing Development Development Marketing Operations Sales and

and marketing marketing
Process vs procedures: What does this mean?
Since “process” is a “set of interrelated or interacting activities, which materials. In the example below, the input is a customer need, while
transforms inputs into outputs”, it is important to note that these the output is a new product or service. Figure 1 shows a generic
activities require the allocation of resources such as people and process.

Figure 1: A generic process Effectiveness of process =

Ability to achieve desired results

Inputs Outputs
Interrelated or interacting
Requirements specified Requirements satisfied
(includes resources)
activities and control methods (result of a process)

Monitoring and measuring

Efficiency of process =
Results achieved vs resources used

Inputs and intended outputs may be tangible (such as equipment, Often the outputs from one process can be the inputs of other
materials or components) or intangible (such as energy or processes and are interlinked into the overall network or system.
information). Outputs can also be unintended, such as waste or
pollution.

Figure 2: Interlinked process

Outputs from Outputs from
other processes other processes

Process A Process B Process D

Inputs Outputs Inputs Outputs Inputs Outputs
to A from A to B from B to D from D

Process C
Inputs Outputs
to C from C

A system should be used to gather data to provide information ensuring the availability of resources for the other organization’s
about process performance, which should then be analyzed to quality objectives, desired outcomes and management reviews.
determine if there is any need for corrective action or improvement. Processes for managing resources. These include all the
All processes should be aligned with the objectives, scope and processes that are necessary to provide the resources needed for
complexity of the organization, and should be designed to add value the organization’s quality objectives and desired outcomes.
to the organization. Operational processes. These include all processes that provide
the desired outcomes of the organization.
Types of processes
Measurement, analysis and improvement processes. These
Organizations have to define the number and types of processes include the processes needed to measure and gather data for
needed to fulfil their business objectives. While these will be unique performance analysis and improvement of effectiveness and
to each organization, it is however possible to identify typical efficiency.
processes, such as:

Processes for the management of an organization. These

include processes relating to strategic planning, establishing
policies, setting objectives, enabling communication, as well as
 ISO Revisions

Looking at the process-based approach in

revised standards
Over the years, ISO has developed a range ISO 9001 Draft International Standard (DIS)
of management system standards for topics Clause 1 Scope contains a useful model of the clauses in
such as quality, environment, information Annex SL – all arranged as a process-based
Clause 2 Normative references
security, as well as business continuity and system.
records management. Clause 3 Terms and definitions Adopting the new framework should not
These management systems all have be challenging for organizations that
Clause 4 Context of the organization
very different structures, despite sharing have embraced the management system
certain commonalities, which can make the Clause 5 Leadership philosophy, but could be a concern for
implementation phase difficult and complex. those that have certification for the badge
To tackle this challenge, ISO has looked Clause 6 Planning on the wall. With increased reference to
at ways to create an identical structure, “organizational” context, future management
text, common terms and definitions for Clause 7 Support systems should be linked to the strategic
management system standards of the Clause 8 Operation direction of the business. This means an
future. The framework they developed is organization has to align all its processes
called Annex SL, and with its new high level Clause 9 Performance evaluation effectively.
structure (as set out in the table to the right),
will bring consistency amongst future and Clause 10 Improvement
revised management system standards:
Figure 3: Clauses in Annex SL
4.1, 4.2, 4.3 Establish
context, define relevant 10. Continual improvement
interested parties and

*
scope of QMS

5. Leadership

Customers Customer
and other 4.4. QMS, general and Satisfaction
process approach
relevant
interested 9. Performance
parties
6. Planning
* evaluation

Inputs Outputs Products and

Requirements 8. Operations services

7. Support processes
ISO Revisions

How will this affect organizations?

First let’s take a look at some of the specific This is further expanded in ISO 9001:2015 • Ensuring the availability of resources
clauses or references to process in Annex SL. DIS by adding requirements such as:
• Allocating responsibilities and authorities
• Determining the inputs required and the for particular processes or sets of
4.4 XXX management system outputs expected from each process processes
(Xxx allowing each committee, environment, • Determining the sequence and interaction • Monitoring, analysing and reviewing these
quality etc. to insert their own description) of these processes processes
The organization shall establish, implement, • Determining the risks and opportunities • Implementing necessary actions to
maintain and continually improve an XXX associated with the process achieve planned results and continual
management system, including the processes • Determining criteria, methods and improvement of these processes. And
needed and their interactions, in accordance measurements needed to ensure that ensuring new or revised processes
with the requirements of this International both the operation and control of these continue to deliver the intended
Standard. processes are effective outcomes.
 ISO Revisions

How will this affect organizations?

5.1 Leadership and commitment There is now a requirement to establish And in 7.2, it requires that competences
measures for each process to determine have to be established for those involved
Top management shall demonstrate
their effectiveness. So whilst this may just with each process.
leadership and commitment with respect to
be process output measures, effective
the XXX management system by:
systems will also have established measures What does a process-based
• Ensuring the XXX policy and XXX for supply inputs, in process measures, as system look like?
objectives are established and are well as outputs and customer satisfaction
compatible with the strategic direction of measures (every process, even those that A process-based system normally consists
the organization are only internal, has a customer for the of a high level, on page, description of the
output). business process model. This is supported
• Ensuring the integration of the XXX by each of the processes being defined at
management system requirements into It requires that leadership establishes the next level of detail.
the organization’s business processes responsibilities and authorities for the
processes, in other words ownership Procedures and or work instructions are
then used to define how certain tasks are
8.1 Operational planning and needs to be clear. This may cause some
carried out at each stage in the process (see
cultural problems where the defined
control the example below).
business processes cross functional and
The organization shall plan, implement departmental boundaries. To help document and manage systems that
and control the processes needed to meet follow this style of approach, there are many
Management have to demonstrate that they
requirements, and to implement the actions software products available and you may
are monitoring the impact of any process
determined in 6.1, by: wish to have a look at BSI Entropy.
changes.
• Establishing criteria for the processes
• Implementing control of the processes in
accordance with the criteria Typical structure
• Keeping documented information, to the
extent necessary, to have confidence that
the processes have been carried out as Owner- Managing Director
planned Holistic view Measure business performance
Finance, customer, process, innovation
The organization also needs to ensure that
outsourced processes are controlled. ‘the what’
Whilst much of this is the same as the 2008
Owner- Process Owner
version of ISO 9001, there are some notable
additions. A process A process Measure efficiency and
effectiveness
All organizations are now required to Basis for activity-based
determine the risks associated with each ‘the how’ costing
process. This is the clause that effectively
replaces PREVENTIVE action which in
A procedure
itself caused many questions. So whilst
existing techniques are still relevant, the
organization now needs to demonstrate it
has applied these to all processes within the
scope of the management system.
 ISO Revisions

Benefits of the process approach

SO(i)* summarises the benefits of the process approach as: • Provision of opportunities for focused and prioritized improvement
• Integration and alignment of processes to enable achievement of initiatives
desired outcomes • Encouragement of the involvement of people and the clarification
• Ability to focus effort on process effectiveness and efficiency of their responsibilities

• Provision of confidence to customers, and other interested parties, Additionally for those considering building an effective integrated
about the consistent performance of the organization system, a process model of the organization is often the foundation
of this. This is usually supported by a set of integrated procedures
• Transparency of operations within the organization and measures and ensures that when reviewing performance or
• Lower costs and creation of shorter cycle times, through the change, a holistic view of the business is taken and risks reduced.
effective use of resources

• Improved, consistent and predictable results *(i) Document: ISO/TC 176/SC 2/N 544R3

ISO Revisions

Next steps
The following timetable indicates when the ISO 27001:2013 Information Security has • Look out for and attend BSI seminars
core management system standards will be already been revised and published using and training courses on the revision or
published in the Annex SL format: this format. introduction.
• ISO 14001:2015 After the formal publication of the standard, • Review your current approach to process
Revised International Standard expected each will have its own transition period. For
as contained in the draft and identify the
to be published in July 2015. ISO 9001 for example, there will be a 3-year
gaps.
• ISO 9001:2015 transition period for certified organizations.
Revised International Standard expected
However, early planning is advisable so: • Create an implementation plan and
monitor progress.
to be published in Sept 2015. • Please talk the transition through with
• ISO 45001 your BSI Client Manager at the next visit. • Continually check BSI’s dedicated web
pages for the latest news and resources.
NEW International Standard for Health • Obtain a copy of the Draft International
and Safety expected to be published in standard at http://shop.bsigroup.com.
Quarter 4 2016.

Visit our website

to find out the latest status
www.bsigroup.com/en-IN BSI/IN/546/SC/1214/en/BLD
© BSI Group

bsigroup.com/en-IN