Recently we began another project implementing the 2015 versions of ISO 9001 and ISO 14001. the organisation in question was already certified to previous versions of the two standards. However as we would typically do, we carried out a detailed gap analysis on the existing system. It was made up from a very wordy set of documents that said everything and nothing at all. I was keen to establish what the organization's core processes were, but nothing within those documents clearly identified the core processes and details the arrangements in place to control those core processes.
Most organisations do well with the management systems processes such as internal audit, customer satisfaction document control among others. They also tend to do well with the support processes such as infrastructure, facilities, personnel etc. sometimes organisations have fallen Into the trap of interpreting only the management systems and support processes as being the totality of the requirements of ISO 9001 and they effectively run the core operation separately from the management system. But the basis of ISO 9001 lies in the process approach and that means the organisation must clearly identify understand and control its operational processes.
Operational processes could include manufacturing process and subprocess, warehousing goods inwards and outwards processes, service delivery/realisation processes, sales process, among others. the control of these core processes through a documented management system is core both the 2008 and 2015 versions of the Standard.
Process approach to managing the system is fundamental and should be demonstrated by any organisation that claims to be ISO certified. It's time to know your processes, map them out, identify their interactions with other processes within the organisation, think through and identify the inputs and outputs to the individual processes, be clear on who the supplier and the customer of the individual processes are (and these could be internal suppliers and customers too) and implement common sense controls for those individual processes. allocate responsibility and where appropriate documentation to provide evidence of compliance in those key areas where you have deemed control necessary.
We keep going and like the other organisations we have assisted before this, we will get them certified to the new 2015 standard. I have even been advised that UKAS might be witnessing the final audit. Fun times.
Yemi Shodipo is a Consultant at Charis Management Systems, he is the author of the book "20 Toughest Questions on the internal Audit of ISO 9001 Systems"