In This Guide
- The process approach is a core principle of ISO 9001 and is explicitly required by Clause 4.4 -- it is not optional.
- Every process needs defined inputs, outputs, resources, controls, and performance metrics.
- Turtle diagrams are the most effective tool for comprehensive process documentation in ISO 9001.
- Process interactions must be mapped to show how your QMS functions as a coherent system, not isolated procedures.
- Auditors specifically look for evidence that the process approach is implemented in practice, not just documented on paper.
What is the Process Approach?
The process approach is one of the seven quality management principles underpinning ISO 9001:2015. It is also explicitly referenced in Clause 0.3 of the standard. At its core, the process approach means managing an organization's activities as a system of interrelated processes rather than as isolated departments or functions.
A process is defined as a set of interrelated or interacting activities that uses inputs to deliver an intended result (output). Every process has:
- Inputs: Materials, information, requirements, or other resources that the process needs
- Activities: The transformation steps that convert inputs to outputs
- Outputs: The products, services, data, or decisions produced
- Controls: Procedures, standards, and criteria that govern how the process operates
- Resources: People, equipment, infrastructure, and environment needed
The process approach works hand-in-hand with the Plan-Do-Check-Act (PDCA) cycle. Each process should be planned (objectives, resources, risks), executed (activities performed), checked (monitored and measured), and acted upon (improved based on results). ISO 9001:2015 is structured around this PDCA logic: Clauses 4-6 (Plan), Clause 7-8 (Do), Clause 9 (Check), Clause 10 (Act).
Why It Matters for ISO 9001
The process approach is not optional in ISO 9001:2015. Clause 4.4 explicitly requires the organization to determine the processes needed for the QMS, including their:
- Inputs required and outputs expected
- Sequence and interaction
- Criteria and methods for effective operation and control
- Resources needed
- Responsibilities and authorities
- Risks and opportunities (addressed per Clause 6.1)
- Evaluation, and changes needed to improve
The process approach matters because it:
- Breaks down silos: Processes cut across departmental boundaries, forcing cross-functional thinking
- Improves consistency: Defined processes produce predictable, repeatable results
- Enables measurement: Process-level KPIs make performance visible and manageable
- Supports risk management: Risks are identified and managed at the process level where they actually occur
- Drives improvement: When processes are defined and measured, opportunities for improvement become clear
- Satisfies auditors: Auditors audit by following processes, not by reviewing documents clause by clause
Process Identification
The first step in applying the process approach is identifying the processes that make up the QMS. Processes are typically categorized into three types:
Core Processes (Value-Creating)
These are the processes that directly create and deliver the organization's products and services to customers. They represent the primary value chain. Examples:
- Sales and order management
- Design and development
- Procurement and supplier management
- Production or service delivery
- Quality control and inspection
- Delivery and logistics
- After-sales service and support
Support Processes
These processes provide the resources and infrastructure that core processes need to function. They do not directly create customer value but enable it. Examples:
- Human resource management (recruitment, training, competence)
- IT and infrastructure management
- Facilities and maintenance
- Finance and administration
- Document and record management
- Calibration and equipment management
Management Processes
These processes provide direction, governance, and oversight for the entire QMS. Examples:
- Strategic planning and context analysis
- Quality policy and objectives management
- Risk and opportunity management
- Internal audit
- Management review
- Continual improvement
- Customer satisfaction monitoring
| Process Type | Purpose | Typical Number | Example |
|---|---|---|---|
| Core | Create and deliver value to customers | 4-8 | Production, Service Delivery |
| Support | Enable core processes to function | 3-6 | HR, IT, Facilities |
| Management | Direct and oversee the QMS | 3-5 | Internal Audit, Management Review |
There is no prescribed number of processes. A small organization might have 8-12 processes total. A large organization might have 20-30. The key is to define processes at a level of detail that is manageable and meaningful. Too few processes means each is too broad to manage effectively. Too many means excessive overhead and complexity.
Process Mapping Methods
Once processes are identified, they need to be documented in a way that makes them understandable, manageable, and auditable. Several mapping methods are commonly used:
Flowcharts
The most familiar mapping method. Flowcharts use standard symbols (rectangles for activities, diamonds for decisions, arrows for flow) to show the sequence of steps in a process.
- Best for: Showing the step-by-step sequence of a process, decision points, and alternative paths
- Limitations: Can become complex for processes with many branches; do not naturally show resources, risks, or KPIs
- Tips: Keep flowcharts to one page. If a process needs multiple pages, consider breaking it into sub-processes
SIPOC Diagrams
SIPOC stands for Suppliers, Inputs, Process, Outputs, Customers. It provides a high-level view of a process in a structured table format.
- Suppliers: Who or what provides the inputs
- Inputs: What the process needs to start (materials, information, requirements)
- Process: The high-level steps (typically 5-7 steps)
- Outputs: What the process produces (products, services, records, decisions)
- Customers: Who receives the outputs (internal or external)
Best for: Getting a quick, high-level understanding of a process. Excellent starting point before developing detailed flowcharts.
Swim Lane Diagrams
Swim lane diagrams (also called cross-functional flowcharts) extend traditional flowcharts by adding horizontal or vertical lanes that represent different departments, roles, or systems. Each activity is placed in the lane of the responsible party.
- Best for: Processes that span multiple departments or roles, showing handoffs and responsibilities
- Limitations: Can become very wide with many lanes; focus on roles at the expense of other process details
- Tips: Use swim lanes when handoffs between functions are a key concern or source of quality issues
Turtle Diagrams
The turtle diagram is one of the most powerful and comprehensive tools for documenting processes in the context of ISO 9001. It gets its name from its shape: a central body (the process) with four "limbs" and a head and tail (inputs and outputs).
Turtle Diagram Elements
| Element | Description | Example (for "Production" Process) |
|---|---|---|
| Inputs (What With?) | Materials, information, and requirements entering the process | Raw materials, customer order, engineering drawings, work instructions |
| Outputs (What Results?) | Products, services, records, and data produced | Finished product, inspection records, production data, scrap/rework data |
| Resources (With What?) | Equipment, tools, infrastructure, and technology needed | CNC machines, measuring instruments, ERP system, production line |
| Personnel (With Whom?) | People, competencies, and training required | Machine operators (trained), quality inspectors (certified), production supervisor |
| Methods (How?) | Procedures, work instructions, standards, and criteria | Work instructions WI-001 to WI-015, inspection plan IP-003, control plan CP-002 |
| KPIs (How Measured?) | Performance indicators and measurement methods | First pass yield, defect rate, on-time delivery, cycle time, OEE |
| Risks (What Could Go Wrong?) | Identified risks and their treatments | Equipment breakdown, raw material defects, operator error, supply delays |
The turtle diagram is particularly valued because it captures everything an auditor wants to know about a process on a single page: what goes in, what comes out, what resources and people are needed, what methods govern the work, how performance is measured, and what risks exist.
Process Interactions
ISO 9001 Clause 4.4.1 requires organizations to determine the sequence and interaction of QMS processes. This means documenting how the output of one process becomes the input to another.
Process Interaction Map
A process interaction map (sometimes called a process landscape or process architecture diagram) shows all identified processes and the relationships between them. Typically:
- Management processes are shown at the top (providing direction)
- Core processes are shown in the middle (flowing from customer requirements to customer satisfaction)
- Support processes are shown at the bottom (providing resources and infrastructure)
- Arrows indicate the flow of information, materials, or decisions between processes
Key Interactions to Document
- Customer requirements to order management: How customer needs flow into the system
- Design output to production input: How design specifications become production instructions
- Procurement output to production input: How purchased materials reach the production process
- Production output to quality control: How finished products are inspected and released
- Nonconformity to corrective action: How quality issues trigger improvement
- Customer feedback to management review: How customer satisfaction data drives strategic decisions
- Internal audit results to management review: How audit findings inform leadership
The process interaction map is one of the first things auditors review. It tells them how the organization works as a system and helps them plan their audit trails. A well-constructed interaction map demonstrates mature process thinking.
Evidencing the Process Approach
During a certification audit, you will need to demonstrate that the process approach is not just documented but is actively used to manage the organization. Auditors look for:
Documentation Evidence
- Process register listing all QMS processes with owners
- Process maps (flowcharts, turtle diagrams, or equivalent) for each process
- Process interaction map showing the system as a whole
- Documented process objectives and KPIs
- Risk assessments at the process level
Implementation Evidence
- Process owners can describe their processes, including inputs, outputs, and interactions
- KPIs are being measured and reviewed (dashboards, reports, trend data)
- Risks identified in process documentation are being managed in practice
- Handoffs between processes are working (no gaps or dropped responsibilities)
- Process changes are managed through the change management approach
Improvement Evidence
- Process performance data is used to drive improvement actions
- Internal audits are conducted process by process (not just clause by clause)
- Management review considers process performance data
- Corrective actions address root causes at the process level
Modern ISO 9001 audits are conducted using a process-based approach. This means auditors follow process trails rather than checking clauses sequentially. They will pick a process, trace it from input to output, verify controls and records, check KPIs, and assess how it interacts with other processes. Prepare for this by ensuring each process owner can walk through their process end-to-end.
Common Mistakes
These mistakes frequently undermine the effectiveness of the process approach in ISO 9001 implementations:
1. Treating It as a Documentation Exercise
The most common mistake is creating process maps and turtle diagrams that look good on paper but do not reflect how work actually gets done. If the documented process does not match reality, it fails both as a management tool and as audit evidence. Always map actual processes first, then improve them -- not the other way around.
2. Not Linking to Risk-Based Thinking
ISO 9001:2015 integrates risk-based thinking with the process approach. Each process should have identified risks and opportunities (Clause 6.1). Processes without risk consideration are incomplete. Do not treat risk assessment as a separate exercise disconnected from process management.
3. Ignoring Process Interactions
Mapping individual processes without showing how they connect creates a collection of isolated procedures rather than a management system. The interactions are where many quality issues occur (handoffs, communication gaps, conflicting priorities). Invest time in the interaction map.
4. Too Much Detail
Process maps that attempt to document every keystroke and micro-decision become unreadable and unmaintainable. Focus on the level of detail that is needed for effective control. Detailed work instructions can supplement high-level process maps where needed for critical or complex operations.
5. No Process Ownership
Every process needs an owner who is responsible for its performance, maintenance, and improvement. Without clear ownership, processes decay over time. Process owners should have the authority and competence to manage their assigned processes.
6. Static Process Maps
Processes change as the business evolves. Process maps that are created once and never updated become inaccurate and misleading. Establish a review cycle (at least annually or when significant changes occur) to keep process documentation current.
Frequently Asked Questions
What is the process approach in ISO 9001?
The process approach means managing an organization's activities as a system of interrelated processes rather than isolated departments or functions. It requires identifying each process's inputs, outputs, resources, controls, and interactions, then managing and measuring them to achieve consistent, predictable results. ISO 9001:2015 Clause 4.4 explicitly requires the process approach as a foundation of the QMS.
What is a turtle diagram?
A turtle diagram is a visual process documentation tool that captures six key elements on a single page: inputs (what goes in), outputs (what comes out), resources (with what equipment/tools), personnel (with whom), methods (how -- procedures and controls), and KPIs (how measured). It gets its name from its shape and is widely regarded as the most comprehensive tool for ISO 9001 process documentation because it captures everything an auditor needs to know.
How many processes should a QMS have?
There is no fixed number prescribed by ISO 9001. A small organization might define 8-12 processes, while a larger one might have 20-30. The key is to define processes at a level of detail that is manageable and meaningful. Too few processes means each is too broad to manage effectively; too many creates excessive overhead. Core, support, and management processes should collectively cover all QMS activities.
What is the difference between a process and a procedure?
A process defines what you do -- the set of interrelated activities that transform inputs into outputs. A procedure defines how you do it in detail -- the specific step-by-step instructions for performing activities within a process. For example, "Production" is a process; "Work Instruction for CNC Machine Setup WI-003" is a procedure within that process. ISO 9001 requires the process approach; procedures support it where detailed instructions are needed.
How do auditors assess the process approach?
Auditors use a process-based audit methodology. They select a process, follow it from input to output, verify that controls and records exist, check KPIs and performance data, and assess how it interacts with other processes. They interview process owners, observe operations, and sample records. They specifically look for evidence that processes are actively managed -- not just that process maps exist in a document folder.