ISO 9001 Myth #5 – Process vs. Procedure

In my article ISO 9001 Myth #2 – “Say What You Do & Do What You Say” I touch on the subject of considering business processes versus procedures.  As I expected, this has generated some criticism from ISO 9001 traditionalists.  While my main purpose was to debunk the “say what you do, do what you say” catchphrase, I also attempted to address some other distractions that companies should avoid when starting down the ISO 9001 certification path.  One of these distractions is the debate about the term “process” versus “procedure.”  While a more careful reading will reveal that I use the word “procedure” when I refer to ISO 9001 and “process” when I speak from my perspective, the real question is: who cares what we call it?

In short, this debate is about semantics.  I happen to prefer “process” over “procedure” because, for most people, the term “procedure” carries the connotation of a document, as it does in ISO 9001 and all other ISO standards.  But in Pinnacle’s ISO 9001 consulting practice I guide clients away from thinking about documents first.  The goal is NOT to create documents.  The goal is to identify, define, control, and improve the activities and functions (whatever you call them) that make an organization?

Some critics and ISO 9001 traditionalists argue that these two terms are entirely “different animals.”  Let’s examine this.  Webster’s defines the word procedure as “the act or manner of proceeding in any action or process” and “a particular course or mode of action.”  The word process is defined as “a systematic series of actions directed to some end” and “a continuous action, operation, or series of changes taking place in a definite manner.”  We can all agree that these are at least members of the same species.  A simpler way to paraphrase these definitions is to say that a process is “what we do” and a procedure is the “how we do it.”  In reality, management teams must understand and manage both simultaneously.  Consequently, an ISO 9001 QMS must effectively and efficiently address both simultaneously, if it is to be of any value.  It is advantageous if this could be done with as few layers and number of documents as possible.  In the day-to-day operational reality of any organization a process and procedure are more than just members of the same species.  They are parts of the same “animal” called the business operating system.  So why get hung up on how we clearly separate them?

One recent critic, who is an ISO 9001 consultant and claims to be a volunteer member of the US TAG, made the astounding claim that a process is “invisible” and “conceptual.”  He used “Production” as an example of a conceptual and invisible process.  His argument is that “Production” is invisible and conceptual because it existed before any documents were written.  This kind of logic would be comical, if it did not come from an actual ISO 9001 consultant and if it was not shared by others who claim to be ISO 9001 professionals.  This just reinforces the old adage of “buyers beware.”

I find this kind of “religiousizng” of basic ISO 9001 concepts disturbing.  It is this kind of ISO 9001 dogma, veiled in the debate about semantics, which has plagued our industry and has diminished the value of ISO 9001 certification.  Business processes, like “Production,” do not come into existence by some mystical force.  They are engineered by people.  The fact that a process may have been designed poorly or was not documented does not make it any less real or tangible.  Furthermore, calling “Production” a single process is shortsighted.  In most cases, “Production” actually consists of several processes (not procedures).  For example, in a typical manufacturing company what this critic’s camp would call “Production” is more likely a sequence of processes like this:

ISO 9001 Process

What would the old guard call these?  Sub-processes perhaps?  Will we need yet another document layer?  Some of these processes (as I would call them) may require supporting procedures such as, Material Staging, Machine Set-up, First Piece Inspection, etc.  Where do we draw the line between the process and procedure?  Furthermore, these processes are typically supported by other processes like Training, Document Control, Preventive Maintenance, Corrective Action, etc.  Critics and ISO 9001 dogmatists would probably have us call these support processes something like “Administration.”  From their perspective every company would have essentially the same set of processes:

  1. Customer Acquisition & Onboarding
  2. Design/Engineering (if this is applicable)
  3. Production
  4. Support Activities & Administration

What value would this provide to the management and employees of an organization?  Furthermore, why should we even concern ourselves with which term we use and when we it? These four so called processes seem more like departments. Some fail to realize that processes are not departments. Processes cross departmental boundaries: Onboarding a customer requires Sales to collaborate with Engineering and Production, designing a product requires Engineering to collaborate with Sales and Production, and so on. It is this collaboration and interaction at the process level that management teams and employees must understand, define, control, and improve.

We must remind ourselves that ISO 9001 is nothing more than a guide to the minimal elements that a quality management system should include.  It is not an advanced document nor is it a perfect guide.  It is, however, made less valuable by interpretations that treat it like a business gospel and construct non-value-added dogma.

Finally, we must deal with the concept of the Work Instruction.  In Pinnacle’s Lean QMS® methodology, Work Instructions are the equivalent of what ISO 9001 traditionalist call procedures.  The interesting thing is that most traditionalists also employ Work Instructions.  No one will deny that Work Instructions are a reality in most organizations, but I find that these are usually better classified as training or reference documents.  Nevertheless, there is no denying that Work Instructions describe “the act or manner of proceeding in any action or process” and “a particular course or mode of action.”  While ISO 9001 does not stipulate the creation of Work Instruction, standards like ISO/TS 16949 do.  Does this mean that we must now debate the semantics of a Procedure versus a Work Instruction?  Who cares?  The bottom line is that an organization should define and document its management system in a way that is effective and efficient for the organization.  The byproduct will be ISO 9001 certification, regardless of what we call the documents.

16 Responses to “ISO 9001 Myth #5 – Process vs. Procedure”

  1. Dave says:

    I’ve been saying for some time that there are “mystical forces at work here”. Maybe people thought I was referring to production? 🙂

    Great article as always. Very informative as it continues to shed light on different schools of thought giving clients more knowledge of the process and selecting partners for implementation and certification.

  2. Kirill Liberman says:

    Thank you for your comment, Dave. I too often laugh at how some of my colleagues create voodoo out of basic principles.

    When I first started the series of ISO 9001 Myth articles, I feared that the concepts I would address would be banal. I did not imagine that the myths I strive to dispel were as prevalent as they are and that the response would so positive.

    I guess common sense and rational thought is not so common in our industry.


  3. Doris A. Wilson says:

    Hello Kirill,

    I read the article. Thank you for sharing it with us. There were no errors, and it was very informative.

    Doris A. Wilson
    Quality Manager
    Technic, Inc.

  4. Kirill says:

    Thank you reviewing the article, Doris, and welcome to the blog. I am glad you found my rant on ISO 9001 certification informative. I hope you will come back and share your feedback often.


  5. Quality Junky says:

    Great post. Thanks.

    Our auditors have been beating us up on documents for years. It has been a bit better since ISO 9001:2008 came out. I guess the process approach is starting to sink in. But we still have an old school auditor that wants to see lots of paper.

    We had a younger guy one time and he suggested “process turtles.” I was like “a process what?” Where do these guys get this stuff? You totally hit the nail on the head. Who cares what we call our docs and how many layers we have. As long as we use the docs to run our business and we meet the ISO 9001 requirements, then we are good and the auditor should butt out of our business.

    I like our auditors and I know they are trying to help, but they don’t seem to get that they see us through the eyes of an ISO 9001 auditor. But we see ourselves through the eyes of business people for who ISO 9001 certification is just one small outcome of our management system.

    Maybe you can write something about “process turtles.” I would be interested in reading you take.

    Keep up the good work.

    Quality Junky

  6. Kirill says:

    Welcome back, Quality Junky.

    Thank for the feedback. I am glad you liked my article.

    Thank you for sharing your experience. It is always valuable to hear voices speaking from personal experience.

    It is interesting that your mention Process Turtles. They are actually one of the dogmatic concepts that motivated my article. Process turtles are a relic from a defunct approach to training TS 16949 Lead Auditors. For those not familiar with TS 16949, it is an automotive industry version of ISO 9001 on steroids. Process turtles were used to get auditors to think in terms of processes rather than procedures. Unfortunately, process turtles ended up being driven down to the customers as implied requirements. Today, process turtles have been discredited and mostly purged from the auditor mindset, but there are a few stragglers, like your “younger” auditor.

    Please come back again.

    Kirill Liberman

  7. Quoob says:


    I am in love with this article.

    You hit the nail on the head here. I don’t know how many audits I have wasted precious time (and $ / they are paid hourly), arguing semantics with various Auditors.

    We outsource our internal audits for various reasons, and immediately I disclose that I understand that there are only 6 documented procedures required. The rest are created on an as needed basis. I have had to talk more than one out of writing non-conformances for not having a work instruction or written procedure for X. I just had an auditor with “25 years of experience” spend a good 10 minutes discussing the fact that we use a “folder” as opposed to an “envelope” which is what was technically written on my procedure.
    (Now I’m just venting.)

    Anyway, I look forward to reading the rest of the myths! Thank you for taking the words out of my fingers.

  8. Kirill Liberman says:

    Thank you for your feedback, Quoob. I am really glad that this article struck a chord with you.

    Your experience is not unusual. As you can probably tell, I have been frustrated by this issue for some time. ISO 9001 dogma is well engrained.

    I hope you will leave your feedback about the other articles and share your experience often. I think the readers will benefit from your contribution.

    I look forwar5d to your comments about the other Myth articles.

    Kirill Liberman

  9. David says:

    During the past 7-years, I have worked with a number of outside auditors – all very experienced, all willing to share best practices. One stumbling point that we seem to run across on an annual basis is the difference between work instuctions and training documents.

    Our processes are documented by procedures that explain the various steps and resulting records. Typically the procedure has enough detail to stand alone. If more detail is required for a portion of the process, we will use a work instruction to provide the step-by-step detail. This work instruction ensures consistency across the functional area and is a great training aid for jobs that have higher turnover.

    Problem comes when the external auditor questions why we have training documents for some functions (BOM construction within ERP system) and work instructions for other functions (labor reporting within same ERP system).

    Above, you state “I find that these are usually better classified as training or reference documents.” In the LEAN BOS methodology, do you revision control these training documents? Audit against their requirements?

  10. Kirill says:

    Hello David. Welcome to the organizational excellence blog and thank you for sharing your experience.

    You ask great questions. I typically put training/reference documents under document control. This is done to ensure that you can maintain an up to date inventory of these documents/materials and that the updating is done in a controlled and deliberate manner. However, I do not audit against these documents. The reason is because they typically do not represent accurate current practices and they are not intended to control the execution of any particular task. The intent of training/reference documents is to develop or improve a particular skill, not define specific task. Consequently, the list of required approvers is much shorter (typically one or two people) and there is no training needed to these documents.

    So what about work instruction? I have developed the following questions that my staff and I use to determine when having a work instruction is truly need:

    1. Is the task/activity so complex or complicated that no practical amount of training or experience will adequately develop the desired or required level of proficiency?
    2. Is the task/activity performed so infrequently (non-routine) that relying on training or experience is not practical or realistic?
    3. Is the risk of not performing the task/activity correctly so high that even a full level of individual proficiency is not enough to mitigate the risk? These risks can be financial, regulatory/fiduciary, environmental, and/or health/safety.

    If you answer “yes” to one or more of the above, then you need a work instruction that you should audit against. If you answered “no” to all of the above then you need to take a serious look at your employee qualification and training processes.

    I hope this helps. Feel free to give us a call and ask for me directly. I will be glad to give you any additional pointers.

    Thanks again.

    I look forward to more of your comments and questions.


    Kirill Liberman

  11. Paula says:

    I’m doing some writing about processes myself, and am having a hell of a time deciding what words to use – whether to use ‘process’ for what and ‘procedure’ for how, or ‘process’ for the set of activities and ‘procedure’ for the standard document that describes them. Part of the reason it’s a problem for me is that I’m entirely convinced that there is no sacred meaning carved in stone, and it doesn’t matter what words we use as long as we agree on definitions for the purpose of discussion. On the other hand, I know anyone who reads what I write will come in with their own preconceptions, and I don’t want to confuse people. Still, I’m very tempted to just call them “Fred” and “George”. (On second thought, no one could tell Fred and George Weasley apart – that may be setting a bad precedent!

    Also, I do like your ideas on when a work instruction is needed.

  12. Kirill says:

    Hello Paula.

    Thank you for contributing to the blog. Please consider posting your some of your writing here. I bet it will be interesting to the readers.

    As you gathered from my article, like you I am not hung up on the use of the terms as much as I am on how they are interpreted and used. I agree that what matters on a tactical level is the mutual understanding of the parties involved. Nevertheless, when folks like you and I express our strategic ideas to a large and diverse audience, we have an obligation to ensure that we are using the terms appropriately and correctly. Furthermore, I believe we have an obligation to educate those readers that may not know the proper use and definitions of “process” and “procedure.”

    As I discuss in the article, I find it helpful to describe a “process” as a set or sequence of activities that cross functional and/or departmental bounties. For example, an Order Processing process may describe:

    • how Sales feeds orders coming into an Order Desk,
    • how the Order Desk interacts with Inventory Control or Production Planning to assess the capability of the order being met (including communication with the customer),
    • how the Order Desk triggers the pulling, packing and shipping of an order, and
    • how the order may interact with Purchasing to procure the required materials/services to meet the order, etc.

    I hope you can see how this would describe the interfaces of multiple departments and functions. This is what management and staff need to see and understand. How certain tasks in this process are performed is what I would call procedures or even work instructions.

    I hope this helps your struggle. Please let us all know what you think.

    Kirill Liberman

  13. Dana Retzlaff says:

    I am pleased that I discovered this blog, precisely the right info that I was searching for! .

  14. Delmar says:

    Your style is really unique compared to other folks I’ve read stuff from.
    I appreciate you for posting when you’ve got the opportunity, Guess I’ll just book
    mark this blog.

  15. david says:

    Processes collectively make up a system of operation. It has inputs of alot of people that show their interfaces between each other to achieve an output that meet a requirement. Who does what in their specific swim lanes and their handoffs to achieve an output.

    KPIs are put on the PROCESSES and performance standards to be digitize to a DASHBOARDS.

    This is one of ISO biggest weakness, as that it document policies and procedures and no processes as a system.

    Workers need to know what they do in relation with others to achieve an output. Most outputs are achieved with multiple people inputting values along the Process to achieve an output.

    When an organization architect its PROCESSES HORIZONTALLY and VERTICALLY to show the complete value chain, procedures cannot handle such scale and complexity of an enterprise system

  16. Kirill Liberman says:

    Hello David.

    Thank you taking the time to read my article and posting your comments. You make a lot of great points. I completely agree with your premise about what a process is, the role and function of KPIs, workers’ need to understand the context in which they work and contribute, and that procedures alone cannot support the process management complexity of the business operating system. In fact, I hope I would have an opportunity to show you how our Lean QMS approach incorporates your thoughts. However, I respectfully disagree with your point about “ISO biggest weakness.”

    I suspect that you are well versed in process improvement/optimization tools and methods (e.g. lean manufacturing, six sigma, process mapping, value stream mapping, etc.). But you may have had some tradition or negative experiences with ISO QMS implementation, especially with pre-2015 versions of ISO (please forgive my liberty with presumptions). In reality, ISO 9001:2015 requires (among other things):
    • vertical and lateral process (not procedure) definition and integration,
    • integration of process KPIs, including measurable objectives that are process-specific and organizational-wide,
    • workers’ awareness of their individual roles and contributions to the process and it intended outcomes, and
    • the integration of the above into the organization’s “business processes” (this includes the application of process improvement/optimization tools and methods).

    The fact is that ISO 9001:2015 is specifically intended to drive organizations to exactly the goals that you outline. Unfortunately, most traditional ISO practitioners don’t realize this and/or don’t know how to make the connections.

    Thanks again for your insightful and constructive comments. I hope you will contribute again.


    Kirill Liberman

Leave a Reply