Plan your management system

The ISO Navigator™ database hyperlinks the ISO 9000:2005 principles and the ISO 9001:2008 requirements; and explains them in plain English with practical guidance.

If you're looking for more up-to-date guidance on ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018, click here.

Our range of ISO 9001:2015 quality manuals and integrated manual templates cover the requirements of ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement and document your organization's quality management system or integrated management system.

ISO 9001:2008: Process planning (4.1 a-d)

The 2008 revision features a concept called the 'process approach'. This means that you should consider how the inputs and outputs of your key processes flow from one activity to the next, what sub-processes might exist within that and how the support processes link in.

4.1a Process determination

Identify the processes that comprise your management system, there are two main types of process that you should focus on. Key processes are steps that you go through to give the customer what they want, e.g. from order acceptance to design through to delivery while support processes are those processes that do not contribute directly to what the customer wants but do help the key processes to achieve it. Support processes include human resources, training and facilities maintenance, etc.

A good way to do this is to think about how work flows through your organization. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how the departments interface with each other.

Once you have defined the processes and interfaces; go back to the standard and determine which processes are responsible for meeting which requirements. When defining your organization’s processes, think about each process and department and assign try to define those processes around the current organizational model and not around the requirements of the standard.

Registration auditors will expect to see a process model that explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as the company chooses, but should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy. In determining which processes should be determined and documented the organization may wish to consider factors such as:

Effect on quality

Risk of customer dissatisfaction

Statutory and/or regulatory requirements

Economic risk

Effectiveness and efficiency

Competence of personnel

Complexity of processes

The auditor must see evidence that the organization has determined their processes and interactions. If your organization calls it a ‘process’, it must be monitored for effectiveness in accordance with ISO 9001: 2008; clauses 4.1, 8.4 and 8.2.3. Your QMS manual should promote the identification of following groups of 'core' processes:

1. Customer Oriented Processes (COPS) which affect or interact with the customer:

Marketing, sales and purchasing

2. Support Oriented Processes (SOPS) support other processes:

Human resources/training

3. Management Oriented Processes (MOPS) conducted by the top management:

Business, operational and resource planning
Budgets, goals, targets and objective setting
Management review
Customer satisfaction review

4. Assessment Oriented Processes (AOPS) determine compliance and performance:

Data analysis

4.1b Sequence and interaction of processes

The interactions of the processes must be described in the QMS manual. The auditor must see evidence that the organization has determined their processes and that the interactions are also defined, all within the QMS manual. Subsequently, this includes the actual and technical inputs and outputs of the processes to show their inter-relationship.

This requires the description of the interactions between the processes and should include process names, process inputs and process outputs in order define their interactions. Interaction means how one influences the other. Auditors commonly agree that the description of the interactions of the processes cannot be done if the processes are not determined (names).

The organization is not required to produce system maps, flow charts, lists of processes etc. as evidence to demonstrate that the processes and their sequence and interactions were determined. Such documents may be used by your organization if they are deemed useful, but they are not mandatory. Graphical representation such as flow-charting is perhaps the most easily understandable method for describing the interaction between processes.

Interaction between processes may be described, for instance, by way of references and/or cross-references within the procedures, where the procedures form part of the QMS manual. If the procedures are not included or referenced from the manual, then the manual cannot be considered acceptable to the standard requirements. The interactions can be shown in an appendix, addendum or be hyper linked to the manual if the system is electronic.

4.1c Criteria and methods

Criteria and methods needed to ensure that both the operation and control of these processes are effective. This could be demonstrated with stated objectives, instructions and or procedures as required for consistent output of the processes. This is the 'Plan' part of the PDCA process.

4.1d Ensure the availability of resources

Ensure the availability of resources and information necessary to support the operation and monitoring of these processes. This may be through ,management review or other methods for defining and determining resources. This is the 'Do' part of the PDCA process.