Modifying Programmable Logic Controllers (PLCs)

PLCs, programmable logic controllers

Q: I am seeking a standard to monitor, control and communicate existing Programmable Logic Controller (PLC) program changes.

We have a team of 15 electricians. They have access to various machinery and their PLCs. They can make modifications to majority of PLC programs.

The changes are under communicated and the current process in not monitored. We do capture log in/log out and some changes, but this is not sufficient.

Bud Salsbury’s take:

A: If these are Ethernet IP equipped PLCs that support remote login and can be network attached at all times, it isn’t an issue. It becomes an IT admin thing. For example, Allen Bradley’s PLCs can have their programs placed out on the network and treated like an FTP site. The PLCs can pull their programs at each start up from their predefined folders.

If we are talking about standalone PLCs, with no network,  it becomes a whole different animal. It is then more of a procedural thing. You must again place the master copy of the program on a network location, but it is up to each programmer to follow a routine, pull the program from the network, update, upload to the PLC, test/verify, and if good–replace the master copy. Now, if any step is missed, you’re up that well known waterway without any visible means of locomotion.

Ethernet IP is your friend. Note: they have to be newer/smarter PLCs to play nice.

Now if you are making changes to the program (whether it is a robot, or an NC machine, or a molding press), then these changes would probably affect the overall production process. Also, if the changes could affect the quality of the product in any way (either good or bad), then, at the very least, there should be a type of “deviation” procedure where the quality level of the product is verified after the process deviation has been implemented and prior to releasing any new parts produced off of this deviated process.  Also, there should be record of the before and after settings.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Thea Dunmire’s take:

A: There are a number of significant risks associated with making modifications to PLCs used to control industrial equipment.  When you are modifying PLCs, you are making changes to “the brains” of your operations.  These changes can result in equipment that does not function properly, production lines that completely shut down or critical infrastructure that stops operating (e.g. water pumping stations that stop working). Thousands, or even millions, of dollars can be lost because of the modification or malfunction of a single PLC. These malfunctions can be caused by lack of ongoing maintenance, ill-conceived “trial-and-error” modifications, or even the insertion of malicious code by external hackers or disgruntled employees.

Organizations should have control processes in place that address all PLC modifications. Control processes are clearly required for PLCs that are used for safety-related applications or high-hazard process operations. For organizations that are certified to OHSAS 18001:2007 Occupational health and safety management systems — Requirements, management-of-change procedures must be established to assess the potential hazards of PLC modifications prior to any changes being made. After the fact validation is not acceptable.

There are a number of potentially applicable regulations and standards – whether they are actually applicable to your operations depends on the nature of the processes and equipment being controlled. It is important for organizations to carefully assess which requirements need to be met and institute the processes needed for conformance. In addition, organizations should periodically evaluate the robustness of the established systems to ensure the ongoing integrity of all PLC controlled operations.

Examples of potentially applicable regulations and standards include:

  • IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems defines the requirements for programmable electronic systems used in the safety-related parts of controls systems.
  •  U.S. regulations, including 29 CFR 1910.147 (Lockout/tagout requirements), 29 CFR 1910.119 (OSHA Process Safety) and 40 CFR 68 (EPA Risk Management Plan)
  • NFPA 79 – Electrical Standard for Industrial Machinery
  • ANSI B11.1 and EN 692 – safety requirements standards for mechanical presses
  • ANSI/RIA 15.06 – standard for industrial robots and robot systems

This is a complex area that requires input from individuals with specific training and competence in working with PLC controlled equipment.  It is not an area to for improvisation – the risks are too high.

Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
Largo, FL
http://www.enlar.com

Related Content:

Webcast: You’re Closer Than You Think to EMS and OHSAS Registration

This webinar is developed for ISO 9001 registered companies that have a structured management system already in place and want to improve their business by incorporating Environmental or Occupational Health & Safety processes into their existing system. Listen in.

Case Study: Regional Team Approach Helps Energy Company Enhance Safety, Avoid Costs

Cross-functional teams identified root causes of injuries and reduced accidents by 48 percent in one year while saving an estimated $714,000 in cost avoidance over a 24-month period. Read more.

ISO 9001 7.6a Calibration and Traceability

Gage R&R, Torque Wrence

Q: ANSI/ISO/ASQ Q9001-2008 Quality management systems — Requirements, clause 7.6a states, in part:

“Where necessary to ensure valid results, measuring equipment shall

a) be calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international standards or national measurement standards…”

Does this sub clause require that the calibration process be performed in accordance with international or national calibration procedures? Or does it require that the measurement standards (hardware) used for calibration be traceable to international or national measurement standards (hardware)?

A: The standard is clear that it is the traceability of the calibration standards they are looking for.

Note: By definition, the traceability needs to eventually lead to an accredited lab who will be following procedures such as those set forth in ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories.

 Your internal calibration processes can best be guided by acquiring a copy of ANSI/NCSL Z540.3.

I hope this helped answer your questions.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Related Content:

Open access articles from ASQ

Measure for Measure: Improved Gage R&R Measurement Studies, Quality Progress

Back to Basics: Assessing Failure — The effect of faulty measurement on previously produced products, Quality Progress

The Prediction Properties of Classical and Inverse Regression for the Simple Linear Calibration Problem, Journal of Quality Technology

Explore more articles.

Accuracy of Measurement Equipment

Automotive inspection, TS 16949, IATF 16949

Q: I work for an incoming quality assurance department. In our recent audits, the auditor claimed that high precision machines such as the Coordinate Measuring Machines (CMM) and touchless measurement system should have higher Gage Repeatability and Reproducibility (GR&R) values compared to less precise equipment such as hand-held calipers and gages. If this is the case, does Measurement System Analysis (MSA) cater to this by providing a guidance on what are the recommended values for each measuring equipment by general? If not, should we still stick to the general MSA rules, regardless of the equipment’s precision value?

A: When you noted “higher GR&R values,” that in itself can be a bit confusing because the GR&R value is a percentage of errors caused by repeatability and reproducibility variation. The higher the number, the more variation present — and the worse the measurement method is.

As far as I know, MSA doesn’t give specific guidance for recommended values depending on the measuring equipment. Also, I’m not sure of the validity of saying that a CMM is consistently more accurate than other equipment, such as calipers. Although the equipment may theoretically be more accurate, how you stage the part to be measured will also affect the amount of variability, as will the feature being measured.  Consequently, even though the CMM is theoretically more accurate, there may be 20 percent GR&R, mainly due to the holding fixture or the feature being measured. I’m sure you get the point here.

As far as I know, MSA manuals do discuss what the major inputs should be when deciding the amount of acceptable variation. It strongly recommends to look at each application individually to verify what is required and how the measurement is going to be used.

Another thing to consider is whether you are looking at the GR&R based on total variation or on the specified tolerance. Tolerance-based is more commonly used than total variation, but that may depend on the type of industry.

One thing I would like to mention is that if you have three people take 10 measurements each, and then dump the information into one of the common software programs, it will not matter if they take the 10 measurements with a dial caliper or with a CMM. The instruments’ “accuracy” should not be the deciding factor, but the tolerance base should be.

Also, ISO standards do not dictate GR&R values. If you do what your quality management system says you do, most auditors will not push such an issue. While some auditors may offer “opinions” and suggestions, such items are rarely cause for nonconformance findings.

I hope this helps answer your question.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Editor’s picks: Read open access content on measurement from the ASQ Knowledge Center:

Measure for Measure: Improved Gage R&R Measurement Studies, Quality Progress

Comparing Variability of Two Measurement Processes Using R&R Studies, Journal of Quality Technology

Confidence Intervals for Misclassification Rates in a Gauge R&R Study, Journal of Quality Technology

Quality Quandaries – A Gage R&R Study in a Hospital, Quality Engineering

Visual Fill Requirements

Pharmaceutical sampling

Q: I work for a consumer products company where more than 60% of our products have a visual fill requirement. This means, aside from meeting label claim, we must ensure the fill level meets a visual level.

What is the industry standard for visual fills?

We just launched Statistical Process Control (SPC), and we notice that our products requiring visual fills show significant variability.

A: This is an interesting question. The NIST SP 1020-2 Consumer Package Labeling Guide and the Fair Packaging and Labeling Act, along with any other industry standards, regulate how you must label a product “accurately.” However, it appears you have been burdened with a separate, and somewhat conflicting requirement —  a visual fill requirement.

In most cases, you probably cannot satisfy both requirements without variability. The laws and standards will direct labeling requirements with regard to accuracy, and your company is liable for that. If you choose to use visual fill standards for “in-process” quality assurance, then you would need a fairly broad range between the upper and lower acceptance limits.

Personally, I would use weights and measures as needed to meet customer and legal requirements. These are the data I would use for SPC records.

If your company has a need (or a desire) to use visual fill levels for a gage, then generating a work instruction telling employees where a caution level is would be a way to start. In other words, “If the visual level is above point A or below point B, immediately notify management.” If you are to remain compliant with what you put on a label, visuals will change from run to run. Using them as a guide for production personnel can be a helpful tool, but not as a viable SPC input.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Editor’s Pick: Hear how Procter & Gamble developed a solution for setting appropriate targets for product filling processes in Setting Appropriate Fill Weight Targets—A Statistical Engineering Case Study from the April 2012 Issue of Quality Engineering.

Defining Qualification, Verification, and Validation

Q: I understand the hierarchy, but I would be hard pressed, if asked, to give a clear definition of the terms: qualification, verification, and validation. Can one of the experts help explain these terms? Thank you.

A: This is a great question and I hope I’ll be able to help you.

To begin, I refer you to ISO 9000:2005 Quality management systems – Fundamentals and vocabulary.  As you may already know, this document is used to define/describe many terms used in the ISO 9000 series, including the three words you question.

In 9000:2005, under clause 3.8 Terms relating to examination, we find:

3.8.4 verification
Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled
NOTE 1  The term “verified” is used to designate the corresponding status.
NOTE 2  Confirmation can comprise activities such as
–          performing alternative calculations,
–          comparing a new design specification with a similar proven design specification,
–          undertaking tests and demonstrations, and
–          reviewing documents prior to issue.

3.8.5 validation
Confirmation, through the provision of objective evidence, that the specified requirements for a specific intended use or application have been fulfilled
NOTE 1 The term “validated” is used to designate the corresponding status.
NOTE 2 The use conditions for validation can be real or simulated.

Validation definition, as provided by ASQ's Quality Glossary.

3.8.6 qualification process
Process to demonstrate the ability fulfill specified requirements
NOTE 1 The term “qualified” is used to designate the corresponding status.
NOTE 2 Qualification can concern person, products, processes or systems.
EXAMPLE  Auditor qualification process, material qualification process.

I’ll try to expand on these definitions in hopes of making things a bit more clear.  Keep in mind that qualification, verification, and validation are individual processes, but the explanations below (from Boston Scientific) should help you recognize their individuality as well as their interdependence.

Validation is an act, process, or instance to support or collaborate something on a sound authoritative basis.

Verification is the act or process of establishing the truth or reality of something.

Qualification is an act or process to assure something complies with some condition, standard, or specific requirements.

For example:

A design verification verifies that a frozen (static) design meets top level product specifications.

A process validation validates that the on-going (dynamic) manufacturing process produces product that meets product/print specifications and consist of installation qualifications, operational qualifications, process performance qualifications, a product performance qualification and perhaps process verifications.

An installation qualification qualifies that equipment was installed correctly and are a subset of a process validation (or possibly a test method validation).

Validation Examples:
•         Design validation, sterilization validation, test method validation, software validation, and process validation.

Verification Examples:
•         Design verification and process verification.

Qualification Examples:
•         Installation qualification, operational qualification, process performance qualification, product performance qualification, and supplied material qualification.

After reading all of this, I am confident you would be able to explain qualification.  An old and trusty phrase to help summarize the other two is: Validation – Are we producing the right product?; Verification – Are we producing the product right?

Bud Salsbury
ASQ Senior Member, CQT, CQI

Ask A Librarian

Delta Triangle

Manufacturing, inspection, exclusions

Question

When revising drawings to include the delta triangle in the title block, does the drawing index sheet also contain the triangle in the title block?

Answer

The term “delta” refers to a triangle placed on the drawing for reference. The triangle is commonly placed next to a dimension, such as 2.65, 5, or other locations where it applies to a feature or item. This is used to refer the reader to a general note that relates to this item.

So if the delta triangle is used as a reference in your main title block, then I would say yes, add it to the index sheet if it makes the reference more clear.

In addition to drawing a reader’s attention to notes, the delta triangle is also quite often used with print revisions. For example, if a drawing was a revision 2, and then a new revision is generated. It might say something simple like, Rev. 3- 2.235 dimension changed to 2.240. Then a delta triangle with the number 3 in it would be next to the 2.240 dimension referring to the revision.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Measurement Tolerances and Techniques

ISO/IEC 17025:2017 General requirements for the competence of testing and calibration laboratoriesQ: I am looking for some information regarding blueprint tolerances and measurement tools used to measure certain features.

For example, can the same type of tolerance be applied over the length of 450 mm as it could be for a distance of 3 mm?  Is there additional measurement error or gage error that needs to be applied for longer distances?  If one uses a 1” micrometer for measuring a feature, does it make a difference in the measurement error by using the top end of the instrument versus using it to measure just very small features?

A: Thank you for your questions about measurement tolerances. First of all, since your questions were multi-layered, my answers will be as well. Nonetheless, I think I should be able to help you.

As for using the same type of tolerance for a dimension of 450 mm and a dimension of 3 mm, there is more than one answer. We’re talking about 17.7165 inches vs. .118 inches. The 3 F’s must first be considered.  That is Form, Fit, and Function.  In other words, where will this product be used?  If this will be for a medical product or for anything whatsoever where safety is a factor, the design engineer will most likely use a tighter tolerance. So both dimensions could be ± .001 or a more liberal ± .010.  The difference between the two sizes would just change the way they are manufactured.  For example: a 17.717 inch product with a tolerance of ± .030 could probably be rough machined or even made on a burn table.  If the size or location of the smaller dimension is critical, you would machine it with appropriate equipment and hold a tighter tolerance.  OK, enough Manufacturing 101 lingo.

With regard to measurement error, larger/longer dimensions can introduce the possibility of increased measurement error. However, if a “qualified” and experienced individual is doing the measurement, that should not be a major factor.  The same basic skills and standards would apply. The type of measurement equipment can make a difference.  In other words; if you use a Dial Caliper, you can probably rely on it to be accurate within .001-.002 inches.  If you use a 0-1 inch micrometer, you should be able to trust it’s accuracy within .0001 inch.

A qualified metrologist and/or a quality technician would know to check a micrometer at numerous points over its measuring range.  Measurement error should not increase significantly from one end to the other.  If it does, there is something wrong with the calibration or with the tool itself.

I know the above can be perceived as general answers, but I am confident you will see the specifics there as well.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Coordinate Measuring Machines (CMMs) and Digital Bore Gages

Gage R&R, Torque Wrence

Q: When inspecting diameters with tolerances of .0005 and below, are there any studies relating to the accuracy of different inspection methods, such as a coordinate measuring machine (CMM) versus a digital bore gage with setting ring combination?

A: The answer to this question can often be one of opinion and/or personal preference.  What I will present are my opinions, along with some known facts.

Non-contact measurement systems such as optical and laser equipment are bulky, expensive and impractical.  With these systems, the part must be taken to the system. This is not much good in a production environment.

While a CMM is without a doubt very accurate, they are also slow.  Like the optical or laser equipment, the parts must be taken to the system.  In many production situations it is more practical to check the part in the machine.  Also, even though CMMs come with reticulated heads, measuring at abstract angles or various depths is not always an option.  It is also wise to keep in mind that deeper bores would require longer stylus probes.  This is a situation that can introduce concerns of error and rapid movement can generate false contact readings with longer styli simply due to the motion.

A final thing to keep in mind is the high initial price of a CMM, as well as the maintenance costs.

Two and three point contact measurement is readily available.  Popular digital bore gages are calibrated to a master ring.  The rings themselves can be verified with a CMM or sent out for certification traceable to national standards. Most digital bore gages can be set up to interface with a statistical process control system. This is important when process control is vital.

Cylinder bore gages (generally two point contact) can sometimes have problems with linear accuracy. Analog versions can be more prone to operator error.

While two point systems will more readily detect ovality, where this is not a major concern, three point digital systems are, in this quality technician’s opinion, the best all-around option.

When I am inspecting parts in which ovality could be an issue, if the parts are readily portable, I will check a percentage with a CMM to verify their roundness.  However, for speed, accuracy, practicality, and price, a three point digital bore gage would be the way I would go to verify product with tight tolerances.

A final note: If parts are relatively small and can be in contact with other materials, robotics is often used with air gage instruments.  This is another expense but can be introduced in high volume manufacturing.

I hope this will help.

Bud Salsbury
ASQ Senior Member, CQT,CQI

Value and Benefits of ISO 9001

Q: My company is struggling with the decision to spend any more money on the ISO 9001:2008 Quality management systems–Requirements registration.  How many of our peers believe that the continuation of this certification is worth the cost? I have been trying to find statistics on the number of revised certifications that have been accomplished since the release of the 2008 version and am finding that there is little to no information available.  This leads me to think that the whole agenda has been identified as not a worthwhile cost effective exercise and companies are dropping out of the program.

Does ASQ have any relevant information regarding the “added value” of certification?  I have proposed to my management that the money spent on certification and all the wasted effort to make some auditor happy is not in the best interest of the company and would like your feedback on this position.  I watch as we struggle for 1.5 months before the dreaded audit to make it look like we are compliant, watch the auditor fumble around looking for some minor discrepancies that will make it look like he was worth having in for tea and crumpets and then watch the organization sigh a big relief when we get away with the lack of compliance or caring about compliance for the next two years, as the real task is making money and not wasting time meeting perceived compliance to perceived “requirements”.

The Toyota debacle makes it hard for me to even stand in front of my peers and preach this as useful.  It is clear that the bottom line is dollars and the need to support compliance to some document is merely wasteful effort that has been passed over like all the other historical (hysterical) quality programs—zero defects, statistical process control, total quality management. What do you say?

A: I would like to answer your questions in three part harmony. First of all, I’ll mention a brief history of ISO. Much of this you will be familiar with but it helps to reaffirm the legitimacy of ISO as an international organization rather than just an abbreviation for a place to throw your money. Second, I will express a few of the many benefits of ISO certification. Finally, I will share my own perceptions. Things I have personally witnessed resulting from ISO certification.

History-benefits-perceptions are a three-part harmony which can improve organizations and strengthen communities.

I would like to share a bit about ISO – What it is, as well as what it is not.

So what is ISO?

First of all, let’s consider the letters “ISO.” Because the “International Organization for Standardization” would have different abbreviations in different languages (Like IOS in English, or OIN in French for Organisation International de Normalization), it was decided at the beginning to use a word derived from the Greek isos, meaning “equal.” Therefore, whatever the country, whatever the language, the short form of the organization’s name is always ISO.

ISO is a network of the international standards institutes of 162 nations with a Central Secretariat in Geneva, Switzerland that coordinates the system. The ISO organization officially began in February 1947. ISO is not a governmental organization. It is not like the United Nations System with delegations of national governments. So, although many of ISO’s members are part of the government structure of their countries the members have their roots in industry and the private sector.

Also, ISO is not a quality standard. That is, ISO isn’t a tolerance level we must make parts to. It is not a high quality standard we must meet just to stay in business.

ISO 9001 refers to a type of ISO standard. ISO 9001 is concerned with “quality management.” This means what the organization does to enhance customer satisfaction by meeting customer and any regulatory requirements and to continually improve its performance in this regard.

ISO implementation in any organization introduces the many values of team work as well. I realize those bits of history can seem a bit lengthy but it is of extreme importance to recognize the time and combined efforts put in by so many individuals from so many nations. It is that dedication which helps to make the ISO Standards as useful and beneficial as they have become.

With regard to benefits, the positive reports are almost endless. I will share just a few of which come from reliable sources such as Dun and Bradstreet, Dallas Business Journal, manufacturingnews.com and others.

Simply noted, ISO certified companies reap:

The effect of ISO 9000 certification on financial perfomance

-Improved consistency of service and product performance
-Higher customer satisfaction levels
-Improved customer perception
-Improved productivity and efficiency
-Cost reductions
-Improved communications, morale and job satisfaction
-Competitive advantage and increased marketing and sales

D&B notes:

-85% of registered firms report external benefits
-Higher perceived quality
-Greater customer demand
-95% report internal benefits
-Greater employee awareness
-Increased operational efficiency
-Reduced scrap expense

Other reports note:

-30% reduction in customer claims
-95% improvement in delivery time
-Reduced defects from 3% to 0.5%
-40% reduction in product cycle time
-International acceptance and recognition
-Estimated return on Investment for companies with consistent compliance have been reported +30% to +600%

I could go on with statistics but I am sure you can research and find many more such positive reports. Therefore I will turn now to third member of the harmony I mentioned. That is perception.

The various feedbacks noted above show all of the remarkable “exterior” perceptions. Increased business, customer satisfaction, less downtime, etc. So I will take a moment to mention some things about “internal” perceptions.

It is said that changing a culture can take from several years. Introducing ISO into an organization is indeed introducing a new culture. Individuals are encouraged to do some things they did not and to change some of the habits they have formed.

It has been my experience, with several companies, that the culture change associated with ISO implementation is multilayered. The first and most obvious benefit is quality awareness. The most experienced machinists, fabricators, administrators, all employees suddenly take acquire an appreciation for quality which they did not have, no matter how good they may have been. This quality awareness does not fade away easily. Even those who offer strong resistance to change learn to respect and very much appreciate all the practical value in a good quality management system.

ISO certification does not ensure success. It does not ensure profit. Nonetheless, I have seen companies with little to no quality system grow to be world class quality organizations with the guidance of a strong ISO based QMS.

If failure is experienced, it can be due to lack of understanding on the part of management. They may have failed to act or provide preventive actions when needed. People are often interested in quick and simple solutions and are not willing to practice even simple self-dicipline. Most often, the greater portion of their interests are in getting a certificate to hang on the wall of their office and an addition to their letter head.

I firmly believe, and have witnessed with my own eyes, that following the ISO Standards in implementing a quality management system results in satisfied customers, repeat business, increased profits, satisfied employees and continual improvement. That three part harmony, history-benefits-perceptions, when joined with top management commitment can lead to another benefit not yet mentioned. That is pride.

Bud Salsbury
ASQ Senior Member, CQT,CQI

Related Content: 

No Joking Matter, Quality Progress
Research analyzes management systems standards and the implications for managers and auditing bodies.  Read more.

Ask A Librarian

 

ISO 9001 Procedure Vs. Process

Mr. Pareto Head and procedures

Q: I‘m seeking clarity and advice on a recent incident  I was informed about.

An organization I am very familiar with and is fully certified to ISO 9001:2008 Quality management systems–Requirements (with no exemptions) recently had a new external auditor come in to conduct a certification audit.

While continued certification was recommended, a number of small areas of concern were noted.

I understand that most of the recommendations will improve the system, but one recommendation has caused me some concern.

A bit of history of the QMS of this organization:

This company originally gained certification under ISO 9001:2000 and has transitioned to ISO 9001:2008.  They have a very robust quality management system (QMS), have clearly identified their processes, and have mapped their procedures to these various processes.  They have implemented a rigorous internal audit program which has targeted these procedures and their interrelationship with the various processes.

My problem is that the report for this recent certification audit stated that under 8.2.2 of the standard, in order to ‘gain’ full certification to ISO 9001:2008, they have to conduct process audits rather than procedural audits, or their certification could be at risk.  This has caused some angst with senior management, as their previous certification body was happy with their implementation of the standard.

8.2.2 b: Internal audit

“An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited…”

I can see no mandatory requirement in 8.2.2 to support the statement that process audits have precedent over procedural audits as long as the status and importance of the processes are taken into consideration.

My understanding would be that the requirements of 8.2.2 would be met if the organization’s processes are clearly identified and its procedures and their interrelationships are mapped to the processes and it can be clearly identified during the audit that process requirements are being addressed with the procedures.

Obviously if it can be shown that the processes are not adequately covered, then that must be addressed. But I do not believe this is the case here.

Your advice would be greatly appreciated.

A: I hope to answer your questions about process vs. procedure  in ISO 9001:2008. I will offer several different definitions.  This is not to confuse you, but to help you see how different people deliver the same message while using different words.

We will begin by trying to recognize just what a procedure is. You can have any number of procedures within a process.  That means, a process requires one or more procedures. You take actions to get results.  The actions you take are your procedures.

I once read it this way on the internet: procedures / actions / activities / work instructions all describe the lowest level of decomposition, i.e.: the procedure cannot be broken down further.

A process is “something going on.” It is a continuing natural or biological activity or function.

A process is a series of actions or operations conducing to an end. It is a continuous operation or treatment, especially in manufacturing.

A procedure is a particular way of accomplishing something. This is also defined as a series of steps in a regular definite order; a traditional or established way of doing things.

While the two could sound similar, they are clearly not the same thing.  A process refers to a series of actions, but does not place a particular order on those actions.

Procedures however, are focused on steps, order and instruction. As the author Mark McGregor once wrote, “We can see that while a process may contain order, it does not require order to be a process. If we take away the order from procedure, then we don’t have a procedure, but we may still have a process.”

You are not alone in your questioning of this. It is like the ongoing controversy over continual vs. continuous in the quality arena.  However, the distinction between a process and a procedure should be more clear to you after reading above.

Now, let’s consider why. Why is 8.2.2 worded the way it is?  I think the most simple way to put it is this: in the past, it was not uncommon for internal audit teams to concentrate on element auditing. That is, they audited the verbiage of the documented procedures to see if they complied with that of the standard.

Each individual company has their own processes.  It is through those processes, those actions, that you would comply with the intent of the standard.  The value of controlling and improving on those processes is reflected in your audits.

Input -> Process -> Output

So, it does not matter how you word things. The product audit (or service audit) determines if tangible characteristics and attributes of a thing are being met. A process audit determines whether process requirements are being met. During the process audit, the auditor will examine an activity or sequence of activities to verify that inputs, actions, and outputs are in accordance with an established procedure, plan or method.

By now, you have seen a pattern to all the words above.  My intention was not to muddy the waters further, but to help you recognize why so much light has been shined on process activities. To  “do what you say you do” requires having documented procedures and following what they say.  Doing all of this in an efficient and a profitable manner requires process control.

Finally, if you haven’t already done so, I strongly suggest that you acquire a copy of The Process Auditing & Techniques Guide by J.P. Russell.  This is a good guide you can order through ASQ and it can help with setting aside some of your concerns and answer questions.

I hope this has been helpful.

Bud Salsbury
ASQ Senior Member, CQT,CQI

Ask A Librarian