Welcome to The O-Forum! Read this first! Then, feel free to introduce yourself here! If you need immediate, real-time support for the Oxebridge ISO 9001 or AS9100 Template Kits, click here to join our Slack chat channel.

Please consider registering
Forum Scope


Forum Options

Minimum search word length is 3 characters - maximum search word length is 84 characters
Register Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
The old process vs procedure query...
Forum Posts: 3
Member Since:
25 February, 2019
sp_UserOfflineSmall Offline
4 July, 2019 - 9:49 PM
sp_Permalink sp_Print

I always seem to go around in circles on this one…it could just be semantics.  I understand the definitions of process vs procedure, but where I get stuck is the what should have KPIs and can be mapped to ISO 9001 for compliance coverage.

The toolkit suggests that you should map each clause to a process and therefore a metric/KPI, but I wonder, is it acceptable to map to a procedure or manual (with no KPIs) instead of a process control document to ISO clauses?

For example, in the toolkit, risk management and internal auditing are provided as procedures.  In a previous post (which I can’t seem to link to), it is suggested that for these, process definition documents should also written (which matches to the sample ‘Overall Process Flow’ in the toolkit).  And in the example ‘process vs clause table’ of the toolkit, it suggests a process of ‘Management System Administration’ could cover these topics.  But if I do not want a ‘Management System Administration process’ or individual process definitions for these, instead  have procedures for these e.g. document control, internal auditing, corrective action, risk management and manuals for others e.g. IT Support and Configuration Management – those of which will cover ISO 9001 clauses but will not have metrics or KPIs assigned to all. 

Christopher Paris
Forum Posts: 691
Member Since:
5 December, 2012
sp_UserOfflineSmall Offline
12 July, 2019 - 12:07 PM
sp_Permalink sp_Print

Instead, let’s talk about sex. 

Sex is an activity. You do it (or not, whatever). It is a thing that happens and then a baby shows up or something (I’m not clear on it.)

Most people don’t need to read a book on how to have sex (although they probably should.) But if they do, that’s fine. They can read a book.

In this scenario, sex is the PROCESS and the book is the PROCEDURE. The process is going to exist whether you write or read the book. 

Now let’s think KPIs. You sex partner probably has an idea about how good or bad you are at sex. That’s the KPI; it applies to the PROCESS, not the book. Your partner could judge the book, sure, but that’s not a real reflection of the process. A bad book may lead to bad sex, but that doesn’t make the process bad, it makes the book bad. In fact, you’re sort of jumping to the root cause without consideration (“honey, the problem isn’t me, it’s that damn book!”)

So you apply the KPI to the activity. Forget about the procedures entirely. Identify your processes FIRST, then the KPIs, then decide if you need to write procedures or not. The procedures may help your process achieve its KPIs, but they won’t have KPIs themselves, because they’re just pieces of paper.

I think this analogy is good, and anything with “sex” in the title will generate huge hits, so pardon me if I write an article on this soon.

Forum Posts: 3
Member Since:
25 February, 2019
sp_UserOfflineSmall Offline
3 October, 2019 - 3:05 AM
sp_Permalink sp_Print

Good analogy but follow up question on mapping clauses and what must have KPIs…


Risk Management is a process, mapped to 6.1.

What type of KPI would you suggest for risk management?  Or is it acceptable to map to a a process for which no KPIs exist?


Or as per the toolkit example, the process mapped to a bunch of clauses is “Management System Administration”.  What would be KPIs for that?

Christopher Paris
Forum Posts: 691
Member Since:
5 December, 2012
sp_UserOfflineSmall Offline
3 October, 2019 - 2:50 PM
sp_Permalink sp_Print

Risk management is rarely a process in and of itself. It’s usually an activity embedded in the management process or throughout all the other processes. So far I don’t have any clients who treat it as a standalone process, nor have any KPIs for it. (Not a bad idea, though.)

For the “Management System Admin” process, typical KPIs might be:

— Number of OTHER processes that did not meet KPIs. (If multiple other processes are failing, this puts the blame back on the management of the QMS.)
— Maintaining certification to ISO 9001

If resource management is included in the MSA process, then also:

— # of nonconformities or corrective actions issued due to lack of resources, or resource failures
— # of staff positions open for more than X weeks/months


Forum Timezone: America/New_York
Most Users Ever Online: 64
Currently Online:
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mu Beta: 54
dozza: 32
royplchan: 28
annie: 23
jo9977: 23
KH: 20
wayintense: 14
jdgill1963: 13
Richard Billings: 12
TJ: 12
Newest Members:
Forum Stats:
Groups: 13
Forums: 43
Topics: 784
Posts: 1659


Member Stats:
Guest Posters: 1
Members: 1717
Moderators: 1
Admins: 1
Administrators: Christopher Paris
Moderators: OQRI