ISO 9001 SOPs for HR and IT Departments


Q: My company wants to become certified to ISO 9001:2008 Quality management systems–Requirements by the end of this year. We have nearly all of our common standard operating procedures (SOPs) identified and written. But some of our departments—HR and IT in particular—are proving to be a little more difficult as far as identifying activities we might need to document.

Could you provide a few examples of procedures that might be available for  an IT and HR department? More specifically, I’m looking for examples of what others may have done with ISO 9001:2008 in conjunction with corresponding SOPs.

A: ISO 9001:2008 specifically requires the organization to have documented procedures for the following six activities:

4.2.3 Control of documents.
4.2.4 Control of records.
8.2.2 Internal audit.
8.3 Control of nonconforming product.
8.5.2 Corrective action.
8.5.3 Preventive action.

From an ISO 9001:2008 perspective, there are no mandatory procedures required for HR or IT departments as supporting functions for an organization. It is recommended, however, that you have your processes documented to ensure accountability for actions, consistency and standardization.

When there are many employees involved in various organizational functions, the hand-offs between the functions and employees can blur, with little to no accountability for the final outcome. In addition, having processes undocumented is not scalable, repeatable and reproducible as the organization grows larger.

The ISO 9001 website guideline further clarifies that the extent of the quality management system’s documentation can differ from one organization to another based on:

The size of organization and type of activities.
The complexity of processes and their interactions.
The competence of personnel.

While this may not be the right forum to share examples of SOPs, I can provide a typical list of ISO 9001:2008 procedures that may be applicable to HR and IT functions.

A better way to develop procedures for the listed processes is to bring the stakeholders and experts together, map the process in its current state, brainstorm, identify and remove nonvalue-added activities, and then reissue a new value-added procedure.

Typical SOPs in HR

  •     HR planning process.
  •     New employee orientation process, including mandatory training and certifications.
  •     Training needs analysis.
  •     Employee training and development process, which also includes training, skill competency assessments, periodic evaluations and certifications.

Typical SOPs in IT

  •     IT resource planning process.
  •     Data archival, retention, backup and disaster recovery process.
  •     IT hardware and software maintenance and information security management process.
  •     Quality information systems, including infrastructure planning, implementation and improvement.

Govind Ramu
Senior manager, quality systems
SunPower Corp.
San Jose, CA

This entry was posted in ISO 9001 - Quality Management Systems and tagged , , , , , , . Bookmark the permalink.