Identifying, Documenting, & Auditing Processes For Quality Management

By Mark Durivage, Quality Systems Compliance LLC

Systems consist of processes, and processes are made up of tasks. This structure is true for manufacturing, service, and quality systems. When designing and implementing a quality management system (QMS), this hierarchy of systems, processes, and tasks is important to help deploy an effective and compliant QMS.

Process results that are predictable and consistent can be achieved more effectively and efficiently when the activities are considered, managed, and understood as interconnected processes that function as a system. Acknowledging that a QMS consists of several interrelated processes and understanding how results are produced by the system (a series of interrelated processes) enables an organization to optimize the system and its performance with the ultimate goal of enhancing customer satisfaction.

Figure 1: Task, process, and system relationship

When thinking about a system, processes, and tasks as related to QMS documentation, the system relates to the quality manual, the processes relate to procedures, and tasks relate to work instructions.

What Is A Process?

ISO 9000:2015 Quality management systems — Fundamentals and vocabulary defines a process as “a set of interrelated or interacting activities that use inputs to deliver an intended result.” Intended results are further defined as process outputs. In its simplest form, a process takes an input and performs a value-added activity, resulting in an intended output (Figure 2).

Figure 2: Example process

Implementing The Process Approach

The process approach is a way to organize and manage activities to create value for the customer. The process approach helps break down the barriers between different functional units and unifies their focus to the main goals of the organization.

The organization should determine its purpose, scope, and objectives. This information should be used as the basis to determine the necessary QMS processes. The organization will need to identify, plan, implement, measure, analyze, and improve each process.

When identifying QMS processes, I like to use four acronyms — AOPs , COPs, MOPs, and SOPs — to categorize the processes. They are defined as follows:

Assessment oriented processes (AOPs) monitor customer, support, and management processes, and they indirectly impact the customer. Examples include, but are not limited to, internal audits, data analysis, corrective and preventive actions (CAPAs), nonconformances, customer satisfaction, and management review.

Customer oriented processes (COPs) represent the core work of the organization and have a direct impact on the customer. Examples include, but are not limited to, design and development, production, quoting, shipping, installation, and servicing.

Management oriented processes (MOPs) are management areas of responsibility that enable core processes and have an indirect impact on the customer. Examples include, but are not limited to, organizational context, interested parties, quality policy, quality objectives, planning, resource management (human, facilities, equipment, infrastructure), communications, and customer focus.

Support oriented processes (SOPs) enable core processes and have an indirect impact on the customer. Examples include, but are not limited to, finance, purchasing, supplier management, training, document control, record control, inspection activities, maintenance, and calibration.

It must be noted that the process categories will vary greatly based on the products and services provided by the organization. For example, calibration is generally considered a SOP. However, a company providing calibration services would most likely consider calibration a COP.

Documenting The Processes

SIPOC stands for suppliers, inputs, process, outputs, and customers, and a SIPOC diagram is a useful tool that documents the inputs and outputs of a process. Table 1 provides an example SIPOC diagram for a quoting process.

 

Table 1: Example SIPOC Diagram

Suppliers	Inputs	Process	Outputs	Customers
- Sales Department - Customers	Request for Quote	Quoting	- Feasibility Study - Quote	- Sales Department - Customers

 

After the organization has identified the necessary processes, a process interaction map can be constructed. A simple high-level process interaction map is provided in Figure 3.

 

Figure 3: Example process interaction diagram

Supplementing The SIPOC Diagram

The SIPOC diagram can be enhanced by adding additional information to support the process, including measures of effectiveness and/or efficiency, risks, opportunities, mitigation, and analysis.

Effectiveness is doing the right things — it measures the ability of a process to achieve its intended result. Efficiency is doing things right, and it measures the utilization of resources required for a process to achieve its intended result, the relationship between inputs and outputs, and how successfully the inputs are being transformed into outputs. Measures of effectiveness and/or efficiency should be accomplished using quantifiable criteria.

Every process has risks as well as opportunities. Risks to the process should be obvious — what happens if the process is not executed successfully. Opportunities can be identified by asking if the process performs as planned, what benefits can the organization realize?

Mitigation is a listing of the policies, procedures, and work instructions that drive the execution of the process or instruct personnel on how the process is to be done. Process analysis is a listing of how and when the measures of process effectiveness and/or efficiency are evaluated.

Analysis can be performed through batch record review, process monitoring, internal audits, nonconformance management, complaints, corrective and preventive actions, and management review. When process performance objectives are not achieved, appropriate actions should be initiated, including nonconformance management and/or corrective and preventive action.

Process Approach Audits

Traditional clause-based audits typically utilize checklists to ensure compliance with standards by detecting nonconformances focusing on detection, but they do not provide management with meaningful information of process effectiveness and/or efficiency.

Process approach audits have traditionally used the turtle diagram, first introduced by Philip Crosby. Crosby’s turtle diagram (Figure 4) built upon the traditional SIPOC diagram.

Figure 4: Example turtle diagram

Process approach audits:

• Focus on how a process is performing through its life cycle from input, processing, output, and, ultimately, improvement.
• Focus on detecting inefficiencies or nonconformances within a process, rather than finding individual nonconformances within a population of process outputs.
• Ensure process activities are defined, measurable, efficient, and controlled, add value, and provide an output that corresponds with business objectives.

Conclusion

Regulations, standards, and guidance documents require organizations to identify, control, and improve the processes necessary for the operation of the QMS. Identifying and categorizing processes as AOPs, COPs, MOPs, and SOPs can help facilitate compliance, enhance process effectiveness and efficiency, and enhance customer satisfaction. Process approach audits can provide management with meaningful information of process effectiveness and/or efficiency and ensure processes are defined, measurable, efficient, and controlled, add value, and provide outputs corresponding with business objectives.

References:

1. ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach for management systems, 2008, ISO/TC 176/SC 2/N 544R3.
2. ISO 9000:2015 Quality management systems — Fundamentals and vocabulary.

About The Author:

Mark Allen Durivage has worked as a practitioner, educator, consultant, and author. He is managing principal consultant at Quality Systems Compliance LLC, an ASQ Fellow, and an SRE Fellow. Durivage primarily works with companies in FDA regulated industries (medical devices, human tissue, animal tissue, and pharmaceuticals), focusing on quality management system implementation, integration, updates, and training. Additionally, he assists companies by providing internal and external audit support as well as FDA 483 and Warning Letter response and remediation. He holds several certifications including; CRE, CQE, CQA, CSSBB, RAC (Global), and CTBS. He has written several books available through ASQ Quality Press, published articles in Quality Progress, and is a frequent contributor to Life Science Connect. Please feel free to email him at mark.durivage@qscompliance.com or connect with him on LinkedIn.