What is a Process??

We hear this question all the time. The official definition from the ISO High Level Structure is “a set of interrelated or interacting activities which transforms inputs into outputs”. So what does that mean? It means you can basically define anything you do as a process. Based on the requirements in ISO 9001 you simply have to establish, implement, maintain and continually improve your processes and interactions in accordance with the standard. Maintain infers that you must document them. The rest of the shall’s say they have to be determined (inputs and outputs, sequence and interaction, methods to ensure effective operation, resources needed), Assign (responsibilities and authorities), Address risks and opportunities and evaluate.

So, as long as you meet all of those requirements you are OK. My personal opinion is that you should limit the number of processes because it causes your certification auditors to document more in a report, especially for AS 9100. At times it is not a bad idea to make your auditor happy.

The format of the documentation is also up to you, flowcharts, word documents, charts, even a video could work.

The ISO 9001 standard does not call out any other type of documentation, it only refers to documented information. This means it doesn’t matter if you call it a procedure, work instruction, manual, policy, SOP or whatever. Although, if you want to you can.

So this document that used to be in everyone company’s quality manual is no longer needed.


Risk is the newest term used in management systems for this decade. In terms of functioning quality systems, all should have addressed risk prior to the term being use. Most do not consider that the purpose of the requirement in the previous standards for preventive action was to address risk.

Each process should address risk during planning and evaluation. When you think about it, most companies are addressing risk on a constant basis. When you receive a request for quote, or review a purchase order from a customer, what is the purpose of the review? To determine and act on risk. Why do you take time to determine whether a supplier is acceptable? Why do you plan your processes? What do you consider when doing this? Risks!!

In addition to the normal course of doing business, you also have the review of metric and performance which leads to risk analysis. An organization may implement a risk action or opportunity based on company performance or an objective or target which has not been achieved.

The new requirements have brought about a state of panic from many companies which is unfounded. The point is to use common sense when planning your system. Do not create documents which are non value added just to meet a requirement that you do not understand. Quality Innovations can help you understand and document these processes in order to prevent unnecessary work.