Guidance

Plan your management system

The ISO Navigator™ database hyperlinks the ISO 9000:2005 principles and the ISO 9001:2008 requirements; and explains them in plain English with practical guidance.

This guidance has been superseded by ISO 9001:2015 Clause 4.4 Quality Management System and its Processes. If you want to see a comparison matrix that correlates the requirements of ISO 9001:2008 to the revised requirements of ISO 9001:2015, please click here to begin comparing.

Our range of ISO 9001:2015 quality manuals and integrated manual templates cover the requirements of ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement and document your organization's quality management system or integrated management system.

ISO 9001:2008: Process planning 4.1 a-d (superseded)

The 2008 revision features a concept called the 'process approach'. This means that you should consider how the inputs and outputs of your key processes flow from one activity to the next, what sub-processes might exist within that and how the support processes link in.

4.1a Process determination

Identify the processes that comprise your management system, there are two main types of process that you should focus on. Key processes are steps that you go through to give the customer what they want, e.g. from order acceptance to design through to delivery while support processes are those processes that do not contribute directly to what the customer wants but do help the key processes to achieve it. Support processes include human resources, training and facilities maintenance, etc.

A good way to do this is to think about how work flows through your organization. Consider how the inputs and outputs to the key processes flow from one process to the next, what sub-processes might exist within it and how the support processes link in. For now, ignore the standard, in fact put it in a draw and forget it exists. Instead focus on your key processes and how the departments interface with each other.

Once you have defined the processes and interfaces; go back to the standard and determine which processes are responsible for meeting which requirements. When defining your organization’s processes, think about each process and department and assign try to define those processes around the current organizational model and not around the requirements of the standard.

Registration auditors will expect to see a process model that explains the key processes of the business and how each relates and links to the others. The depth of process explanation may be as detailed as the company chooses, but should be based on its customer and applicable regulations or statutory requirements, the nature of its activities and its overall corporate strategy. In determining which processes should be determined and documented the organization may wish to consider factors such as:

Effect on quality

Risk of customer dissatisfaction

Statutory and/or regulatory requirements

Economic risk

Effectiveness and efficiency

Competence of personnel

Complexity of processes

The auditor must see evidence that the organization has determined their processes and interactions. If your organization calls it a ‘process’, it must be monitored for effectiveness in accordance with ISO 9001: 2008; clauses 4.1, 8.4 and 8.2.3. Your QMS manual should promote the identification of following groups of 'core' processes:

1. Customer Oriented Processes (COPS) which affect or interact with the customer:

Marketing, sales and purchasing
Manufacturing/service
Design

2. Support Oriented Processes (SOPS) support other processes:

Calibration
Maintenance
Finance/accounts
Human resources/training

3. Management Oriented Processes (MOPS) conducted by the top management:

Business, operational and resource planning
Budgets, goals, targets and objective setting
Management review
Customer satisfaction review

4. Assessment Oriented Processes (AOPS) determine compliance and performance:

Auditing
Data analysis
CAPA
Non-conformities

4.1b Sequence and interaction of processes

The interactions of the processes must be described in the QMS manual. The auditor must see evidence that the organization has determined their processes and that the interactions are also defined, all within the QMS manual. Subsequently, this includes the actual and technical inputs and outputs of the processes to show their inter-relationship.

This requires the description of the interactions between the processes and should include process names, process inputs and process outputs in order define their interactions. Interaction means how one influences the other. Auditors commonly agree that the description of the interactions of the processes cannot be done if the processes are not determined (names).

The organization is not required to produce system maps, flow charts, lists of processes etc. as evidence to demonstrate that the processes and their sequence and interactions were determined. Such documents may be used by your organization if they are deemed useful, but they are not mandatory. Graphical representation such as flow-charting is perhaps the most easily understandable method for describing the interaction between processes.

Interaction between processes may be described, for instance, by way of references and/or cross-references within the procedures, where the procedures form part of the QMS manual. If the procedures are not included or referenced from the manual, then the manual cannot be considered acceptable to the standard requirements. The interactions can be shown in an appendix, addendum or be hyper linked to the manual if the system is electronic.

4.1c Criteria and methods

Criteria and methods needed to ensure that both the operation and control of these processes are effective. This could be demonstrated with stated objectives, instructions and or procedures as required for consistent output of the processes. This is the 'Plan' part of the PDCA process.

4.1d Ensure the availability of resources

Ensure the availability of resources and information necessary to support the operation and monitoring of these processes. This may be through ,management review or other methods for defining and determining resources. This is the 'Do' part of the PDCA process.

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement