By Stephen M. Baysinger
Clause 4.0 of ISO 9001:2015 is chock-full of requirements; however, as a third-party auditor I’ve discovered that one of the most significant clauses most auditees brush-over (or outright ignore) is clause 4.4.1, Process interactions. The “shalls” in 4.4.1 are basic and enforceable, i.e., the organization shall (1) establish, (2) implement, (3) maintain, and (4) continually improve the quality management system (QMS), including processes and their interactions. “Say what?” is the typical reaction from most auditees followed by, “Where does it say that in the standard?”
Before we delve into the “what” and “where,” as auditors we must ask ourselves two basic questions: What should we look for when auditing a client’s processes and process interactions, and how do we audit the client’s processes to ensure compliance with the standard?
First things first: What are we (as auditors) to look for when assessing a client’s processes and process interactions? A deep dive into clause 4.4.1 reveals the following:
- Required process inputs (4.4.1.a)
- Required process outputs (4.4.1.a)
- Criteria and methods, i.e., monitoring, measurement, and performance indicators (4.4.1.c)
- Resources needed to support the process (4.4.1.d)
- Risks and opportunities identified (4.4.1.f)
Note: It is the auditee’s responsibility (4.4.1.b) to determine the sequence and interaction of their processes—not yours (as the auditor).
Next, how do we effectively audit the client’s processes and ensure compliance with the standard? The answer? By using a process interaction diagram as shown below.
Figure 1 The Process Interaction Diagram
(Note: the “Auditor Special Interest Item—Expertise” block (Figure 1, upper right) is not a part of clause 4.4.1. However, it is of special interest to this auditor and is reviewed at least once during the three-year audit cycle.)
Before we proceed with the audit, it’s wise to group the client’s sub-processes into one of the following four core-process categories:
- MANAGEMENT
- Management sub-tier process No. 1 (e.g., internal audit)
- Management sub-tier process No. 2 (e.g., management review), etc.
- MANUFACTURING (also known as order fulfillment)
- Manufacturing sub-tier process No. 1 (e.g., production planning)
- Manufacturing sub-tier process No. 2 (e.g., control of nonconforming material), etc.
- DESIGN & DEVELOPMENT
- Planning process
- Inputs process
- Controls process
- Outputs process
- Change process
- SUPPORT
- Support sub-tier process No. 1 (e.g., receiving/receiving Inspection)
- Support sub-tier process No. 2 (e.g., purchasing/external provider management), etc.
Now that the auditee’s sub-tier processes have been categorized into one of the four upper-level core processes, let’s look at a real-life example of how one company took the process interaction diagram, tweaked it to fit their needs, and made it their own.
The Greenberry Fabrication Co. of Corvallis, Oregon, is one of many ISO 9001-certified organizations using the process interaction diagram. Figures 2 and 3 illustrate two separate Greenberry Fabrication support sub-core processes: equipment preventive maintenance and inspection and testing:
Figure 2 Preventive Maintenance
Figure 3 Inspection and Testing
Uniquely identified in a way that suits the organization, each process interaction diagram details:
- Inputs
- Activities
- Outputs
- Process owners
- Methods of evaluation
- Resources required
- Risks and opportunities
Thus, the requirements of clause 4.4.1 are met.
Diagramming process interactions is not only helpful for you, the auditor, but also extremely beneficial for the auditee by not only meeting the intent of ISO 9001:2015 but also presenting a picture of how processes are identified, their connectivity to each other, and their subsequent value to the organization.
As we all know, the 2015 version of ISO 9001 is process-based. It’s a good bet the next version will continue this process-based scheme. Therefore, auditees and auditors alike must understand the depth and breadth of ISO 9001:2015, clause 4.4.1, as it is intended to be applied. The interactions between processes will remain the common thread that binds key elements of ISO 9001 together for many revisions to come.
About the author
Steve Baysinger is director of operations at BayMerica LLC in San Antonio, Texas. An ISO 9001 third-party auditor and quality management system consultant, Steve’s background is in aerospace. A retired U.S. Air Force Lieutenant Colonel and senior aircraft maintenance officer with 21 years of service, he has over 20 years’ experience working in supplier and product quality for The Boeing Co. and Lockheed Martin. Steve lives with his wife, Gina, in the San Antonio, Texas, metropolitan area.