4.4 Management System and its Processes

ISO Navigator Pro

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret the fundamentals of ISO 9000:2015 to help understand, and better implement, the requirements of ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007. The ISO Navigator Pro™ database divides the requirements into four sequential stages; Plan, Do, Check and Act.

If you're looking for integrated ISO 9001:2015 and ISO 14001:2015 EQMS documentation, please click here.


The management system and its processes

This Step 1 in the ‘Plan’ stage of the ’PDCA’ cycle. Define, build, operate and improve your QMS. Your mangement system should define your organization’s goals and intended outcomes, determine internal and external issues, identify stakeholders and their requirements, and define the management system’s scope. The guidance shown on this page is relevant to the following standards:

ISO 9001:2015
ISO 14001:2015
OHSAS 18001:2007

This requirement is comparable to ISO 9001:2008 Clause 4 - Quality Management System and Clause 4.1 – General Requirements. You should review how your organization has designed its process-based management system.
Existing operational procedures, work instructions and flow charts are valid examples of documented information and can be used to evidence the requirement for ‘documented information to support the operation of processes is being met’.
Check that process inputs and outputs are defined and review how each of the processes are sequenced and how they interact. Look for evidence that your organization has:

  1. Assigned duties/process owners; (Clause 5.3)
  2. Assessed risks and opportunities; (Clause 6.1)
  3. Provided resources; (Clause 7.1)
  4. Maintained and retained documented information. (Clause 7.5.1)
  5. Implemented measurement criteria; (Clause 9.0)
  6. Improved the management system and its processes; (Clause 10.0)

Most of the requirements from Clause 4.4 are comparable to those found in ISO 9001:2008 Clauses 4.1 and 8.1 - General Requirements and Clause 8.2.3 - Monitoring and Measurement of Processes. Based upon the extent of your organization’s QMS and processes, you should seek and record evidence that your organization has maintained documented information to support the operation of its processes; and that it has retained documented information to provide confidence that the processes are being carried out as planned.

Identify key processes

Key processes are steps that you go through to give the customer what they want, e.g. from order acceptance to design through to delivery. Whereas support processes do not contribute directly to what the customer wants but do help the key processes to achieve it. Support processes include often human resources, finance, document control, training and facilities maintenance, etc.

A good way to do this is to think about how workflows through your organization. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how the departments interface with each other.

Once you have defined the processes and interfaces; go back to the standard and determine which processes are responsible for meeting which requirements. When defining your organization’s processes, think about each process and department and assign try to define those processes around the current organizational model and not around the requirements of the standard.

Certification auditors will expect to see a process model that explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as the company chooses, but should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy. In determining which processes should be determined and documented the organisation may wish to consider factors such as:

  1. Effect on quality;
  2. Risk of customer dissatisfaction;
  3. Statutory and/or regulatory requirements;
  4. Economic risk;
  5. Effectiveness and efficiency;
  6. Competence of personnel;
  7. Complexity of processes.

Sequence and interaction of processes

The auditor must see evidence that the organization has determined their processes and that the interactions are also defined, all within the IMS manual. Subsequently, this includes the actual and technical inputs and outputs of the processes to show their inter-relationship.

This requires the description of the interactions between the processes and should include process names, process inputs and process outputs in order define their interactions. Interaction means how one influences the other. Auditors commonly agree that the description of the interactions of the processes cannot be done if the processes are not determined (names).

The organization is not required to produce system maps, flow charts, lists of processes etc. as evidence to demonstrate that the processes and their sequence and interactions were determined. Such documents may be used by organizations should they deem them useful, but they are not mandatory. Graphical representation such as flow-charting is perhaps the most easily understandable method for describing the interaction between processes.

Demonstrating compliance

You should expect to see evidence that your organization has determined their processes and interactions. If your organization calls it a ‘process’, it must be monitored for effectiveness and improved. Look for evidence that your organization has undergone a process to initially identify these groups, and then to identify any of their requirements that are relevant to your organization’s management system. You should also determine whether these groups’ requirements are reviewed and updated as changes in their requirements occur, or when changes to your organization’s management system are planned.


4.1 Understanding Context
4.2 Interested Parties
4.3 Determining Scope

Free internal audit checklists

Check out our free internal audit checklists. The audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.

Client list

Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.