How do you prove to the certification auditor that QMS processes are carried out as planned?
Since its 2000 release, ISO 9001 has been focused on the process approach, and the ISO 9001:2015 updates are no different. Your Quality Management System (QMS) is made up of many different processes that need to be integrated properly, so that they will function properly. Many times, the output of one process will become the input to another, so making sure that each process is carried out as planned is necessary to make sure that processes down the line can do what they need to do.
The process approach is captured in ISO 9001:2015 in clause 4.4.1., and is further clarified in clause 4.4.2, which requires you to “retain documented information to have confidence that the processes are being carried out as planned.” So, what is this documented information that you collect to prove this?
To learn more about how the process approach fits into the QMS, see this article on ISO 9001: The importance of the process approach.
Key performance indicators: A snapshot of process effectiveness
At the top level, you can monitor if a process is carried out as planned by tracking a performance indicator, which is chosen for that process to be able to tell you that the process is properly functioning. For instance, your purchasing process is designed so that you supply all of the necessary information on your purchase orders, and choose which supplier to place the order with, so that the products and services you receive from suppliers meet all of your requirements upon receipt.
So, a key performance indicator (KPI) for the purchasing process could be how many products or services are delivered to you from your suppliers that fully meet requirements. By tracking the percentage of conforming deliveries, you can get an overall snapshot of the effectiveness of your purchasing process, and in turn have a good overall feeling for whether the process is being carried out as planned. Your KPI is a record of your process, and this is documented information.
To learn more on how to use key performance indicators, read How to define Key Performance Indicators for a QMS based on ISO 9001.
Internal audits: An in-depth sample of process performance
A more detailed investigation into the output of processes is the internal audit. The stated goal of the internal audit program, as described in ISO 9001:2015 clause 9.2, is to ensure that the QMS conforms to the requirements; in other words, to ensure that the processes meet the planned arrangement. When you use the process approach to implement an internal audit program, you take the requirements for a process (the planned arrangements), collecting audit evidence that the process outputs meet the requirements, and identifying any places where corrections need to be made because the outputs are non-conforming.
For instance, in the purchasing example above you would create your audit checklist from any procedures for the purchasing process (documented information of the process), which would give you the planned arrangements for the audit. You would then look at the records from the purchasing process (documented information of the outputs of the process) such as purchase orders, supplier approvals, and records of product and service receipt, and compare the records to the planned arrangements. The intent of auditing for conformance is that the records will demonstrate that the process was done as planned.
The lesson from this is – when you are developing your processes, it is critical to think about what records you will keep. Think to yourself as you develop the process steps: What documented record do I need to keep at this stage to show that it was done properly, so that product conformity is maintained? Thinking this way when developing your processes can help ensure that you are able to prove that the process was carried out as planned.
For some more details on creating checklists to perform internal audits, check out How to create a check list for an ISO 9001 internal audit for your QMS.
Records: Documented information that a process was done as planned
In short, it is the records that you keep that need to prove that your process was carried out as planned to attain product and service conformity. If a process affects the conformity of your product or service, then you need to be able to prove that you did that process in the way you planned to do it, so designing your records to easily prove this is essential.
You will not just need to prove this to your certification body auditors; you will have to show your customers, potentially a government agency for certain requirements, and ultimately yourself. If there can be any question that product or service conformity is not correct, then you will want to have the evidence in place to definitively prove that you did your process the way it is intended to be done to meet the product and service requirements.
You owe it to yourself to be able to answer these questions easily should you need to.
Download this free white paper: How to create an ISO 9001 process flowchart to learn more about the process approach.