A huge gap in ISO 9001 has been complete silence on how processes are designed. ISO 9001 introduced the “process approach” in 2000, which dictates how processes must be managed, but the authors of standard — like parents terrified to tell their children where babies come from — never discuss how a process comes into being in the first place. Instead, the standard merely tells readers to “identify” processes that already exist.

What if I want to create a new process? What if I want to change an existing one? There is no guidance whatsoever on these subjects. According to TC 176, a process simply materializes from the Ether, and presents itself to you for “management.”

In my pre-consultant life, I spent years as a chemical process engineer, developing manufacturing processes for physical vapor deposition materials, or “sputtering targets.” So when ISO 9001:2000 hit the stands, I was shocked to see the process approach fail to address either the creation of processes or the managed change of them afterward. Through two more revisions — ISO 9001:2008 and ISO 9001:2015 — those problems remained intact.

Once again, Oxebridge Q001 fixes the mistakes of ISO 9001. In this standard, a new clause 4.3.3 is added, called “Process Design.” This clause requires a documented process design plan to capture key aspects needed to ensure a new process is developed properly, and doesn’t cause more harm than good. Then, a clearer clause on Change Management (6.2) defines specifically how changes to things — including processes — shall be carried out.

Also, Oxebridge Q001 allows that the process design planning would only be invoked if you create a new process, and isn’t retroactive. You don’t have to go back and create needless process design plans for processes that already exist at the time you implement Oxebridge Q001.

The Process Design Plan

But what might a Process Design Plan look like? Fortunately, we’re working on a template kit for Q001 (not ready yet, so don’t get too excited), and have a concept in mind. Click here to download a .DOC version.

A Process Design Plan would capture critical information necessary to ensure a new design is well-thought-out before implementation. This includes defining:

  • Process owners
  • Intent of the process (what are you trying to do?)
  • Stakeholders (“interested parties” for you ISO wonks)
  • Responsibilities & authorities related to the process
  • Required resources (equipment, facilities, utilities, etc.)
  • Associated risks & opportunities
  • Process quality objectives and metrics
  • Control points
  • Control parameters
  • Process FMEA
  • Process V&V (Testing)
  • Supporting documents and records

Once completed, the plan would then be subject to formal review and approval by appropriate management.

Is this a lot of work? Not really; the reality is companies would likely use this rarely. Most companies may never create a new process, while others may find they do it only a few times in the lifetime of their company.

Remember, “process” does not mean “procedure” — they are two different things! New or changed documents would be done per your normal document control procedures. A document is not a process.

So what might prompt the need for a new process?

Say you’re a manufacturing company that does machining, but you want to add a heat treat line. Or perhaps you’re a dentist’s office that wants to start selling dental-related products via a mini-store in the lobby. Or you’re an aerospace manufacturer who wants to get into medical devices. Big changes like this may prompt the addition of new processes. And in such cases, you want to be sure the new processes are fully developed before you roll them out. A poorly designed process can caus havoc.

Change Management

The authors of ISO 9001 seem ashamed of the word “management,” which reveals a lot. They tried to add knowledge management to the standard, but branded it “organizational knowledge.” They added risk management, but branded it “risk-based thinking.” And they added  change management, but called it “control of changes.” It’s not clear why the “M-word” terrifies them so much.

(One TC 176’er admitted to me this was to ensure ISO’s sales weren’t harmed by people thinking they’d have to hire a busload of new “managers” to comply with ISO 9001:2015.)

Again, Oxebridge Q001 fixes this. Clause 6.2 restores the rightful name — Change Management — and then adopts some basic elements of any change management activity. Under these requirements, major changes — like those of processes — would require:

  • changes are formally requested
  • changes undergo review and approval by management
  • change plans are recorded and implemented
  • change plans include intended dates of implementation, if appropriate
  • changes are evaluated for effectiveness afterward
  • documents or records are created or updated, if necessary

None of this is particularly difficult, and — again — would only apply to “changes to the quality management system.” Simple changes to documents would still fall under the document control requirements but, to be honest, that pretty much invokes the same level of change control anyway.

So regardless of whether you use Oxebridge Q001, you should consider applying these two “missing requirements” to your ISO 9001 quality management system: formal process design, and formal process change management.

Want to learn more about Oxebridge Q001 and potentially get certified by a third-party body? Click here.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO Benchmark