Interaction of Processes

The Interaction of Processes (IOP) chart or graphic is very important and a critical starting point for managing your Quality System. The IOP must define your business processes and address all applicable requirements of ISO9001 or AS9100. The requirements for an IOP are the same for both standards and these requirements haven't changed much since ISO9001:2000. Because these requirements have been around for so long, it is surprising how many companies struggle to get it right.

AS9100D 4.4.1 states:

The organization (that's you) shall establish, implement, maintain, and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.
The organization’s quality management system shall also address customer and applicable statutory and regulatory quality management system requirements.
The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall:
a. determine the inputs required and the outputs expected from these processes;
b. determine the sequence and interaction of these processes;
c. determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes;
d. determine the resources needed for these processes and ensure their availability;
e. assign the responsibilities and authorities for these processes;
f. address the risks and opportunities as determined in accordance with the requirements of 6.1;
g. evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;
h. improve the processes and the quality management system.

Stated plainly, you must list the processes e.g. QA, HR, Sales, Purchasing, Engineering, Production, etc., etc. Included in this "listing" are inputs, outputs and interactions.

How will you assess the performance of these processes? If the process is intended to meet certain AS9100D requirements that fall within section 8, then meaningful, measurable targets must be in place. These need to define the time frame for obtaining the objective and who is responsible and how the objective is to be met (see AS9100D 6.2). The performance of the processes shall be reviewed during management review (see AS9100D 9.3).

For these processes, assign responsibilities. This could be an organization chart. This could be defined in procedures. This could be in job descriptions.

Understand and address risks related to each process. This can be a Risk Matrix, or an FMEA or any styling of risk assessment you like.

Finally, improve the performance of these processes over time.

Will a "list" really work for this? No, but it may be a good staring point. The truth is, the best way to meet this set of requirements, is to create a flow chart which depicts the processes and shows the sequence and interactions between processes.

Tips and Tricks

No doubt you'll end up with "support processes" and/or "management processes" and/or "leadership processes."  These are support processes and as such, a defined objective is NOT required if you are careful to note that these are support.

For example: you may have a process called QC and QC is responsible for the requirements of calibration (7.1.5.1, 7.1.5.2) and inspection (8.6) and control of non-conforming outputs (8.7). Processes falling within section 8 shall have objectives. For this example 8.6 and 8.7 are objectives required? Maybe. If QC is support, then no objective is required.

Why not have a process called Production which includes Purchasing, Engineering and Manufacturing? These will be considered "Core processes" and KPIs (objectives) are required. You cannot apply one objective, say on time delivery, to all of these. Objectives must be specific, measurable, and meaningful to the process. If you miss the objective, who is responsible? If you hit the objective, who is rewarded?

It is smarter to divide a large process like production into logical pieces each having their own KPI(s).

Common Mistakes

The IOP defines the business into significant processes. Sales is a likely process. Do not turn the IOP into a department flow chart noting order enter, credit check, decision points and every other activity related to Sales. Keep it simple.

Some IOPs fail to cover all AS9100D requirements. It is not required, but very helpful, to note the paragraphs of the AS9100 that apply to each process.

If you'd like to see a very easy example, please feel free to email to me and I'll send a good (not perfect) IOP back to you.

Will the QMS Database help you with all of this? Of course it does. QMS processes, objectives, responsibilities and management review are all included.

Last Note

The IOP drives the audits performed by your certification body. They must follow the process you define, so keep it simple and ensure all requirements are accounted for on the IOP.

Do I need a Quality Manual?

The short answer..."maybe."

ISO9001:2015 and AS9100D no longer require a "Quality Manual." Of course there are required documented information and the these standards suggest that you can place this information into a single document called a "Quality Manual." What do your customers expect? They are still very likely yo expect you to have a Quality Manual. In this case, you'll need one.  What works for your organization? However you structure your QMS, it must work for you and your customers.

Often, the Quality Manual is a worthless rewrite of the ISO or AS standard.  Don't waste your time! If you are writing a Quality Manual, make it meaningful, tell something that is helpful to the organization.  You don't need 54 pages of fluff. Here is what you must have if you decide that a Quality Manual is right for you...

A cover page with company name, document name date, revision and approver's signature.

Documented information to support the operation, i.e. list of your procedures.
A general description of relevant interested parties and their requirements.
The scope of the quality management system, including boundaries and applicability.
A description of the processes needed for the quality management system and their application throughout the organization;
The sequence and interaction of these processes;
Assignment of the responsibilities and authorities for these processes.

Remember, ISO and AS are about defining processes (and the requirements) and managing risks. Manage risks by identifying them and mitigating them.

Updated Website/Newsletter

Updated Website/Newsletter

AS9100 revision D has been out for some time now. Implementation teams are having difficulties with section 4.0, Context of the Organization and section 6.0, Planning.

Context of the Organization

Be sure you have properly defined your processes and their interaction. The IOP (interaction of processes) chart/graphic must be correct in order to properly manage the QMS and to communicate your QMS to your third-party auditor.

Planning

Prior to revision D, you had to mitigate risks and have objectives. Now in rev D, it is expected that there be formal plans in place for each significant risk to mitigate these risks. Also, plans in place for achieving objectives.

The QMS Database addresses both of these sections and gives you a template to follow for creating these plans