Featured Product
This Week in Quality Digest Live
Standards Features
Harish Jose
Using OC curves to generate reliability/confidence values
Phanish Puranam
Instead of blindly adopting industry best practice, companies can pilot new organizational designs
William A. Levinson
All is not gold that glitters
Grant Ramaley
IAF CertSearch now mandatory for accredited certification bodies
Megan Wallin-Kerth
MasterControl’s Matt Lowe talks competition, data, and what quality does for a company

More Features

Standards News
June 6, 2023, at 11:00 a.m. Eastern
Ensuring product consistency, quality, and adherence to federal and state standards
Omnex webinar on May 11, 2023
Digital Twin Consortium’s white paper guides strategies for building owners and stakeholders
Copper, titanium, and 304L stainless-steel powders from Desktop Metal have qualified for production
Webinars cover Automotive SPICE and carbon neutrality standards
Creates one of the most comprehensive regulatory SaaS platforms for the industry

More News

Denise Robitaille


The Standard Answer

The myth of (only) six procedures

Published: Tuesday, November 9, 2004 - 23:00

I was recently asked to write about the ISO 9001:2000 requirements that are still giving folks a hard time. Recent audits that I’ve conducted have led me to conclude that there are several clauses that continue to give us heartburn.

The issue that seems to come up most frequently relates to documentation. A great deal of attention was given to the decreased emphasis on “documented procedures,” something that became a defining characteristic of the 2000 revision. Just about everyone who’s had more than minimal exposure to ISO 9001:2000 can spout the litany of mandated procedures: document control, control of quality records, internal auditing, control of nonconforming material, corrective action and preventive action. The upshot of this ubiquitous recitation is the persisting erroneous impression among some organizations that no other documentation is required. In some industries, notably those with sector-specific standards or regulatory constraints, this isn’t an issue. Regardless of the verbiage found in ISO 9001, they know they can’t fudge on documentation.

However, there are other industries that will challenge their registrar’s auditors by saying, “Show me where it says I need a procedure.” Of course, they can’t be completely blamed for their ire. Auditors have to share some culpability, considering how often they nonchalantly ask, “Do you have a procedure?”

Part of the problem comes down to semantics. Many of us share the common consensus that a procedure is a document with a specific formal structure, laid out in a predictable pattern of indented, numbered paragraphs divided into sections with titles such as purpose, scope, responsibility, equipment, instructions, records, revision history, etc. People tend to think of procedures as the prescribed or exclusive method of defining quality management system requirements.

It’s a lot easier to audit against a set of procedures, but not nearly as much fun. At the end of the audit, all you know is whether or not you’ve been able to check off all the little boxes on the checklist that accompanied the 20-element assessment. It’s infinitely more valuable to assess how an organization has adopted the process approach and created a series of well-integrated and controlled processes that hum together like a high-performance engine.

Auditors should be asking questions about how the process is controlled, how requirements are communicated, how people know what to do and who has responsibility. They should be assessing the adequacy of the manner in which the auditee has opted to define and control processes.

The shift away from the restrictive procedure model wasn’t intended to absolve companies from the need to generate documentation. The intent of the ISO 9001:2000 standard was to recognize that the methods each company uses to define and control its processes should be unique and appropriate to the organization., . Each decides the format and level of detail; the auditors determine if what has been decided is adequate. It would be foolish to attempt to impose one set of uniform rules encompassing every industry and market sector around the globe. The variables that determine the extent of documentation are cited in note 2, found in sub clause 4.2.1. They include:

“a) the size of the organization and type of activities,

b) the complexity of processes and their interactions, and

c) the competence of personnel.”


Some processes are so basic that written instructions are unwarranted and wasteful. Simple common sense should prevail. Some things are just better understood in a picture format, regardless of the number of university degrees you have hanging on the wall. Control of a process may be achieved by the use of any of the following methods:

  • Illustrations
  • Color coding
  • Samples
  • Jigs
  • Prompts embedded in software
  • Flowcharts
  • Bulleted lists
  • Process monitoring
  • Posters
  • Verbal reminders/morning meetings
  • Training guides
  • Mistake proofing
  • And many others


There are times when a procedure is the most efficient and reliable vehicle for defining the requirements of a process. Some activities benefit from the structure and detail provided by a formal documented procedure. The process warrants it.

Auditors have to stop asking for procedures when there are better ways of defining the process and organizations have to relent and admit that sometimes a procedure is the best way to go. The onus is upon organizations to carefully deliberate and select the method for defining and controlling processes that works best for them.

The auditor’s responsibility isn’t to go in search of procedures; it’s to understand the organization and determine if the processes are consistently implemented, with reliable results that are effective in preventing nonconformances and, most importantly, fulfilling customer requirements.



About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.

She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.

As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.