Understanding the Process Approach in ISO 9001
The process approach is one of the foundational concepts behind ISO 9001. If you have ever read through the standard and wondered why it keeps referring to “processes” rather than just tasks or activities, this article will explain exactly what that means and why it matters for your business.
On this page
In simple terms, the process approach means managing your business as a set of connected, interrelated activities rather than a collection of independent departments or functions. Instead of thinking about what each team does in isolation, you look at how inputs flow through your organisation and become outputs that deliver value to your customers.
This is not just a theoretical concept. It is a practical way of running a business that ISO 9001 requires you to demonstrate. Auditors will look for evidence that you understand your processes, manage them deliberately, and monitor their performance. If your quality management system is just a folder of documents with no real connection to how work actually gets done, that is a problem the process approach is designed to solve.
Where the Process Approach Appears in ISO 9001
The process approach is introduced early in ISO 9001:2015. It sits right in the front matter of the standard, alongside risk-based thinking and the Plan-Do-Check-Act cycle, as one of the core principles underpinning the entire framework.
Clause 4.4 is where the process approach becomes a formal requirement. It requires your organisation to determine the processes needed for your quality management system, understand how they interact, define the inputs and outputs of each process, assign responsibilities, identify risks and opportunities within each process, and monitor and improve them over time. If you want a detailed breakdown of what Clause 4.4 requires, our guide to Clause 4.4 of ISO 9001 covers this thoroughly.
The process approach does not disappear after Clause 4. It runs through the entire standard. Clause 8 on operational planning, Clause 9 on performance evaluation, and Clause 10 on improvement all build on the idea that your QMS is a system of managed processes, not a set of standalone procedures.
What Counts as a Process?
A process is any activity or set of activities that takes inputs and transforms them into outputs. That definition sounds simple, but it has real practical implications for how you structure your quality management system.
Consider a manufacturing business. The sales team takes a customer enquiry and turns it into a confirmed order. The production team takes raw materials and turns them into a finished product. The quality team takes finished goods and turns them into verified, approved stock ready for dispatch. Each of these is a process. Each has defined inputs, defined outputs, and activities in between that can be managed, measured, and improved.
The same logic applies to a service business. A consulting firm takes a client brief and turns it into a delivered report. A construction company takes a design and turns it into a built structure. A logistics provider takes a pickup request and turns it into a delivered parcel. Every business, regardless of industry, operates through processes. ISO 9001 simply asks you to make those processes visible and manage them deliberately.
Core Elements of a Process
When ISO 9001 talks about processes, it expects you to understand and document the following elements for each significant process in your QMS:
- Inputs: What triggers the process or what materials, information, or resources enter the process at the start.
- Outputs: What the process produces, whether that is a product, a service, a document, or information passed to the next process.
- Activities: The steps or tasks performed within the process to transform inputs into outputs.
- Resources: The people, equipment, tools, and infrastructure needed to carry out the activities.
- Responsibilities: Who is accountable for managing the process and who carries out the activities within it.
- Performance criteria: How you measure whether the process is working effectively and meeting its intended purpose.
- Risks and opportunities: What could go wrong within the process, and where there are chances to improve.
You do not need to document all of this in an elaborate format. A simple process map or turtle diagram can capture the key elements clearly. What matters is that the information exists and that the people responsible for each process actually understand it.
How the Process Approach Connects to the PDCA Cycle
ISO 9001 is built around the Plan-Do-Check-Act cycle, and the process approach fits directly within that structure. Every process in your QMS should follow this logic.
You plan the process by defining its purpose, inputs, outputs, and how it will be carried out. You do the process by executing the activities. You check the process by monitoring its outputs and measuring performance against your criteria. You act by addressing problems, making corrections, and improving the process over time.
This is not a one-time exercise. The PDCA cycle is continuous. A well-managed process is one that gets reviewed regularly, generates data about its performance, and improves as a result of that data. That is what ISO 9001 is ultimately asking for when it requires you to apply the process approach.
Why the Process Approach Matters in Practice
Businesses that treat ISO 9001 as a documentation exercise often miss the point of the process approach entirely. They create procedure documents, tick the boxes, and then wonder why their quality management system does not actually improve anything.
The process approach works because it forces you to think about your business as a system. When you map out your processes and understand how they connect, problems become visible that were previously hidden. You start to see where handovers between teams break down. You identify where inputs arrive incomplete or incorrect. You find the steps where quality issues are most likely to occur.
Here is a real-world example. A small engineering firm was struggling with customer complaints about late deliveries. When they mapped their order fulfilment process as part of their ISO 9001 implementation, they discovered that the purchasing team was not being notified of new orders until three days after the sales team had confirmed them. That three-day gap was causing delays in procurement, which cascaded into late production and late delivery. The process map made the problem obvious. Without it, the blame had simply been passed back and forth between sales and purchasing for months.
Reducing Silos Between Departments
One of the most practical benefits of the process approach is that it cuts through departmental silos. When you manage by process rather than by department, the focus shifts from “what does my team do” to “what does this process produce and is it meeting requirements.”
This matters because most quality problems happen at the boundaries between teams, not within them. The process approach makes those boundaries explicit and assigns responsibility for managing them. That is a significant shift for many organisations, particularly those where departments have historically operated independently.
Better Risk Management
ISO 9001 requires risk-based thinking, and the process approach is the mechanism through which that thinking gets applied. When you understand your processes in detail, you can identify where risks exist within each one and put controls in place before problems occur.
This is more effective than a generic risk register that sits in a spreadsheet and gets reviewed once a year. When risks are identified at the process level, the people who actually run those processes are the ones managing the risks. That creates accountability and makes risk management part of daily operations rather than a compliance exercise.
How to Apply the Process Approach in Your QMS
If you are implementing ISO 9001 for the first time or reviewing an existing system, here is how to apply the process approach in a practical way.
Step 1: Identify Your Core Processes
Start by listing the main processes that your organisation uses to deliver its products or services. For most businesses, this will include processes for sales and order management, design or product development, procurement, production or service delivery, quality control, delivery or installation, and customer feedback management.
You will also have support processes such as human resources, maintenance, internal audit, management review, and document control. These need to be included in your QMS even though they do not directly touch the customer.
Step 2: Map the Interactions Between Processes
Once you have identified your processes, map out how they connect. The output of one process is often the input to another. A process interaction matrix or a high-level process flow diagram can show these connections clearly.
This step is important because it reveals dependencies. If one process fails or produces poor-quality outputs, which other processes are affected? Understanding these dependencies helps you prioritise where to focus your quality management efforts.
Step 3: Define Inputs, Outputs, and Performance Criteria
For each process, document the key inputs and outputs, who is responsible, and how you will measure whether the process is performing effectively. Keep this practical. A one-page process description or a simple turtle diagram is often enough.
Your performance criteria should be measurable. Vague statements like “deliver good quality work” are not useful. Specific criteria like “on-time delivery rate above 95 percent” or “rework rate below 2 percent” give you something to monitor and act on.
Step 4: Assign Process Owners
Every process needs someone who is accountable for it. This does not mean they do all the work. It means they are responsible for monitoring the process, ensuring it is followed, and driving improvements when performance falls short.
In small businesses, one person might own several processes. In larger organisations, process ownership can be distributed across managers. What matters is that accountability is clear and that process owners have the authority to make changes when needed.
Step 5: Monitor, Measure, and Improve
The process approach only delivers value if you actually use the data you collect. Set up regular reviews of process performance, whether that is monthly, quarterly, or as part of your management review. When a process is not meeting its performance criteria, investigate the root cause and implement corrective action.
Our guide to ISO 9001 Clause 9 on performance evaluation covers how to set up effective monitoring and measurement across your QMS.
Common Mistakes Businesses Make With the Process Approach
After years of working with businesses on ISO 9001 implementation, there are a few mistakes that come up repeatedly when it comes to the process approach.
Documenting processes that do not reflect reality. The most common problem is creating process documents that describe an ideal version of how work should happen, rather than how it actually happens. When auditors interview staff and find that the documented process bears no resemblance to daily practice, that is a major finding. Document your real processes first, then improve them.
Treating process mapping as a one-time exercise. Your processes will change as your business grows, as technology changes, and as customer requirements evolve. Process documentation needs to be a living part of your QMS, reviewed and updated regularly.
Failing to connect processes to customer requirements. The purpose of your processes is ultimately to deliver value to your customers. Every process in your QMS should have a clear line of sight back to customer requirements. If you cannot explain how a process contributes to customer satisfaction or product quality, you should question whether it needs to be in your QMS at all.
Ignoring outsourced processes. If you outsource any part of your product or service delivery, those outsourced activities are still your processes for the purposes of ISO 9001. You are responsible for ensuring that outsourced processes meet your quality requirements. This is a requirement under Clause 8.4 and is something auditors check carefully. Our article on how to control outsourced processes without micromanaging your suppliers gives practical guidance on this.
Process Approach and the Upcoming ISO 9001:2026 Update
The process approach is not going away in the revised standard. In fact, the ISO 9001:2026 update is expected to strengthen the focus on process performance and the integration of risk-based thinking at the process level. Businesses that have genuinely embedded the process approach into their operations will find the transition straightforward. Those who have treated it as a documentation exercise will face more work.
If you want to understand what is changing and how to prepare, it is worth reviewing your current process documentation and asking honestly whether your processes are managed, measured, and improved in practice, or whether they exist only on paper.
For a broader understanding of how the process approach fits within the overall structure of ISO 9001, our beginner's guide to ISO 9001:2015 provides a solid foundation.
Getting Help With ISO 9001 Implementation
Applying the process approach correctly is one of the areas where businesses most often benefit from expert guidance. Getting the process identification, interaction mapping, and performance measurement right from the start saves significant time and avoids costly rework before your certification audit.
If you are working through ISO 9001 implementation and want to make sure your process approach meets the standard's requirements, CertBetter can connect you with experienced ISO 9001 consultants who have done this work across a wide range of industries. You submit one form, receive up to three competing quotes from vetted providers, and pay nothing for the service. It is a straightforward way to find qualified help without the usual guesswork of searching for a consultant on your own.
