How to write a procedure
Management System procedures are not complex, but if you have little experience in writing them or want to improve ones already written then this should help you.
This post aims to explain
- when is a procedure needed
- what your procedure should include
- what should be excluded
- the document control requirements of a procedure
What is a procedure?
A procedure is any established and uniform method of doing something. A procedure is not necessarily documented. A procedure can be documented via any number of prompts such as signs, checklists, diagrams, forms, etc and of course the more traditional written documents.
What is a procedure for?
To understand how to write a procedure you must first know what the procedure is for. A procedure’s purpose is to document an activity including the following elements.
WHY – The purpose of the procedure
WHAT – What is done and the methods used
WHO – Who carries out the activity, who has responsibility for the activity
WHEN – If any specific time constraints are imposed these should be document
WHERE – Location of the activity if it is critical to the activity
WITH – With what tools. Tools could be forms, other procedures, Standards, equipment, plant, software, etc, but only include them if vital to the success of the activity.
When is a procedure required?
You shouldn’t get into the habit of writing a procedure for everything, but how do you know when procedure is required. A procedure should only be written where you are trying to control or document your company’s activities. For instance, should you have a procedure for training? ISO 9001 doesn’t state that you have to have one. There is no legal requirement to have a training procedure. Despite this many companies choose to write one. 6.2.2 of ISO 9001:2008 does ask whether the organisation has:
a) determined the necessary competence for personnel performing work affecting conformity to product requirements?
b) where applicable, provide training or take other actions to achieve the necessary competence?
c) ensured that the necessary competence has been achieved?
d) ensured that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives?
e) maintained appropriate records of education, training, skills and experience?
For many companies the easy way to address this is via a documented procedure, however there are probably Human Resource databases out there that adequately manage all of this and therefore a procedure may be unnecessary.
So what procedures have to be written? Read the standards. Where a procedure is required they state it, but that doesn’t mean it has to be written. Standards typically use the word “documented” to mean that it has to be written down, but it doesn’t mean they have to be individual documents. For instance ISO 9001’s Corrective and Preventive Action procedures are often combined into one procedure. All the elements associated with Hazard and Risk Identification and Assessment required by AS 4801 are typically combined into one procedure.
Procedures required by some key management system standards
| ISO 9001:2008 | ISO 14001:2004 | AS 4801 |
| Control of Documents | Internal Audit | Hazard identification |
| Control of Records | Hazard / risk Assessment | |
| Internal Audit | Control of hazards/risks (including design) | |
| Control of Non-Conforming Product | Evaluation of effectiveness hazard identification, risk assessment and controls | |
| Corrective Action | Emergency preparedness and response | |
| Preventive Action | Consultation | |
| Monitoring and measurement |
NB. Please remember that other elements such as policies, roles and responsibilities, objectives and targets may also need to be documented. Procedures are also required to ensure that the operation is appropriately controlled. The standards don’t specify what is required here, essentially you need a procedure where the absence of it would mean you failed to meet requirements.
What should your procedure exclude?
Now you know what should be in your procedure the next issue is to determine what shouldn’t be in your procedure. Elements can be excluded to make the procedure more robust, less likely to need amendment, allowing for development and innovation whilst maintaining compliance with the procedure.
Excessive detail.
A procedure’s detail should be sufficient to ensure that the activity is undertaken properly without being so prescriptive as to stifle innovation or development of work methods. For example don’t write that “the results will be posted to the customer” this means that any other communication method used to convey this information to the customer is non-conforming. Your procedure should convey what is critical about the process and if it is not critical that it is posted then the following may be preferable “the results will be communicated to the customer in writing”. Now the results can be sent via fax, email, posted letter or whatever stroke of genius the the next communication revolution brings.
Avoid excessive detail
Use the more generic terms where possible and appropriate:
- · Use “Quality Manager” rather than “George Smith, the Quality Manager“. People move around organisations, change jobs and leave companies all the time. For ease of maintenance names should be left out. If required use another document elsewhere that names individuals responsible for roles, add phone numbers and call it a contact list.
- Use “communication” rather than “telephone” or “email“.
- Use “Excavator” rather than “Komatsu 32T”. Allows any brand or size of machine to be used
- Use “plant” rather “excavator”. This allows alternative digging machines to be used.
- Use “persons undertaking the activity” rather than “employees” (means it applies to subcontractors too)
- Use “measuring equipment” rather than “tape measure”. Allows the use of laser devices, rulers, etc
- Use “database” rather than “Microsoft Access Supplier Management Database”. Allows for new databases to be introduced without the need for a change to the procedure.
- Use “current version of ISO 9001” rather than “AS NZS ISO 9001:2008”. Means that your procedure will be current even if an updated version of 9001 is released. That said the full version title of a standard should be referenced at least once in the system.
- Use “Document Control Procedure” rather than “Document Control Procedure, Revision 3, June 2011”.
Use of modal verbs
Modal verbs are words such as ‘could’, ‘should’, ‘may’, ‘will’, ‘shall’. There use is particularly important in procedures. Words like ‘will’ and ‘must’ give specific direction. Words like ‘should’, ‘could’ and ‘may’ tend to give optional direction. The word ‘shall’ should be reserved for legal use.
Acronyms
Where acronyms are used these should be commonly known to the users of the system. They should be written in full when first used in a procedure with the acronym in brackets afterwards. Thereafter just the acronym can be used. The reader of the document should be able to understand it without having to refer to another document.
Basic Document Control Elements of a Procedure
All documents should be marked with a version, amendment or revision number. A date is also useful so you know when it was last amended.
Hard copies of procedures must be managed to make sure that users know they are using the most up to date version.
If you are using an electronic management system, as most companies do these days, make sure your documents print with the words “Uncontrolled Copy” on them. This means that the copy is only valid at the time of printing and any documents found after this should be assumed to be out of date.
If documents are printed they should have the page number and the total number of pages on each page. This way a user can tell whether they have the complete document.
Alternatively contact us and our management system services can help.
If you liked this article you may be interested in this one:
