by Emily Hill

ISO 9001:2015 explained: The process approach

Few executives question the idea that redesigning business processes—work that runs from end to end across an enterprise—can lead to dramatic enhancements in performance, enabling organisations to deliver greater value to customers in ways that also generate higher profits for shareholders.

- Michael Hammer, HBR

While the process approach is by no means a new requirement, anecdotal evidence suggests that it is poorly understood

The process approach was first introduced in ISO 9001:2000. And while the concept of a process-based quality management system has not changed, the requirements in the latest version of the standard, ISO 9001:2015, have become more specific and less ambiguous. 

So, what actually is a process approach? And why is it important? And, most importantly, how can you get your employees to apply it?  

In this article, Richard Green, founder and Managing Director of Kingsford Consulting Services and former Head of Technical Services at CQI, answers all of your questions about a process-based quality management system. 


What is a process approach? 

‘Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system’ -

Introduction of ISO 9001:2015.plan_do_check_act.jpg

The process approach is a management strategy which incorporates the plan-do-check-act cycle and risk-based thinking. It means that processes are managed and controlled. It also means that we not only understand what the core processes are, but we also consider how they fit together. 


Key changes from ISO 9001:2008 - ISO 9001:2015


The requirement for a process-based quality management system is nothing new. The requirement to "establish, implement, maintain and continually improve" is familiar from both ISO 9001:2000 and ISO 9001:2008. The key changes are:

  • For organisations already adopting ISO 9001:2008, a key factor in transitioning to ISO 9001:2015 is the extent to which the process approach has been adopted. 
  • Clause 4.4 of ISO 9001:2015 sets out specific requirements for the adoption of a process approach e.g. organisations must monitor, measure and use related performance indicators to determine effective operation and controls. 
  • Top management must promote, engage and support employees to follow a process approach.  




Why a process approach is so important



Organisations are typically structured into departments which are managed by a department head. The head is responsible for what comes out of the department. 

Most departmental heads never interact with the external customer, only internal ones. As such, they are divorced from how the customer really feels. 

If key performance indicators are set by departments this compounds the problems. Heads try to maximise the performance of their departments to the possible detriment of other departments further down the line. 

The process approach introduces horizontal management, controlling processes which flow across departmental boundaries. Someone is accountable from start to finish. They see the whole picture from process initiation to process completion. They understand what the stakeholders in the process want and have delegated authority to act to realise this. An employees first loyality is to their assigned projects, products or services - rather than their own departments. 

Using a process approach in a quality management system facilitates: 

  • understanding and consistency in meeting requirements,
  • viewing processes in terms of value-add,
  • achieving effective process performance, 
  • improving process performance based on analysis and evaluation of the data and information. 

  ISO 9001:2015 free pdf xls

Implementing a Process Approach (Step By Step) 

ISO 9001:2015 employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking. This means the organisation needs to:

  1. determine required process inputs and expected outputs,
  2. assign responsibilities and authorities for processes,
  3. identify risks and opportunities for processes, and plan to address these. 


1) Define your quality management system processes 

ISO 9001 does not provide you with a list of core quality management system processes you need to include. Your organisation must determine these for themselves. So, what should you include? 

Richard Green says: "Focus on your core processes - the ones which keep you awake at night." You do not need to include things like raising an expenses claim or booking a meeting room.

Some example processes:


  • how are we constantly providing products and services which meet customer and applicable statutory and regulatory requirements?
  • how are we enhancing customer satisfaction? 

These are the processes which need to be controlled. Your organisation must then map out the inter-relationships between your core processes. 

2) Assign responsibilities and authorities for processes

Your organisation then needs to work out who is responsible for what process. Rather than focusing on functions, focus on the process across the department. Pay particular attention to the interdependencies and the interactions. It can also help to:

  • Involve employees in building the process-based quality management system. 
  • Train individuals so they understand their roles and accountabilities in respect of the core processes to ensure they see their processes end-to-end.
  • Restructure the audit programme around processes not functions
  • Train auditors to follow processes across departments, paying particular attention to interdependencies and interactions. 
  • Provide documented information to support the operation of processes and ensure you have confidence that the processes are being carried out as planned. 
  • Give procedures and work instructions another name.


3) Identify risks and opportunities, and plan to address these

Risk-based thinking is an extension of preventive action. It requires organisations to determine risks and opportunities to processes, products and services, as well as the quality management system. And the organisation must take proportionate steps to address these actions. This means monitoring and measuring the performance of processesFor more information about risk-based thinking, please see this article. 


What you should do now

Download the ISO 9001:2015 toolkit for more information about applying the standard to your business. 

ISO 9001:2015 free pdf xls


Tags: ISO 9001, Tools