How to write a procedure

Published by admin on

Management System procedures are not complex, but if you have little experience in writing them or want to improve ones already written then this should help you.

This post aims to explain

  • when is a procedure needed
  • what your procedure should include
  • what should be excluded
  • the document control requirements of a procedure

What is a procedure?

A procedure is any established and uniform method of doing something.  A procedure is not necessarily documented. A procedure can be documented via any number of prompts such as signs, checklists, diagrams, forms, etc and of course the more traditional written documents.

What is a procedure for?

To understand how to write a procedure you must first know what the procedure is for. A procedure’s purpose is to document an activity including the following elements.

WHY – The purpose of the procedure

WHAT – What is done and the methods used

WHO – Who carries out the activity, who has responsibility for the activity

WHEN – If any specific time constraints are imposed these should be document

WHERE – Location of the activity if it is critical to the activity

WITH – With what tools. Tools could be forms, other procedures, Standards, equipment, plant, software, etc, but only include them if vital to the success of the activity.

When is a procedure required?

You shouldn’t get into the habit of writing a procedure for everything, but how do you know when procedure is required. A procedure should only be written where you are trying to control or document your company’s activities. For instance, should you have a procedure for training? ISO 9001 doesn’t state that you have to have one. There is no legal requirement to have a training procedure. Despite this many companies choose to write one. 6.2.2 of ISO 9001:2008 does ask whether the organisation has:

a) determined the necessary competence for personnel performing work affecting conformity to product requirements?

b) where applicable, provide training or take other actions to achieve the necessary competence?

c) ensured that the necessary competence has been achieved?

d) ensured that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives?

e) maintained appropriate records of education, training, skills and experience?

For many companies the easy way to address this is via a documented procedure, however there are probably Human Resource databases out there that adequately manage all of this and therefore a procedure may be unnecessary.

So what procedures have to be written? Read the standards. Where a procedure is required they state it, but that doesn’t mean it has to be written. Standards typically use the word “documented” to mean that it has to be written down, but it doesn’t mean they have to be individual documents. For instance ISO 9001’s Corrective and Preventive Action procedures are often combined into one procedure. All the elements associated with Hazard and Risk Identification and Assessment required by AS 4801 are typically combined into one procedure.

Procedures required by some key management system standards

ISO 9001:2008ISO 14001:2004AS 4801
Control of DocumentsInternal AuditHazard identification
Control of RecordsHazard / risk Assessment
Internal AuditControl of hazards/risks (including design)
Control of Non-Conforming ProductEvaluation of effectiveness hazard identification, risk assessment and controls
Corrective ActionEmergency preparedness and response
Preventive ActionConsultation
Monitoring and measurement

NB. Please remember that other elements such as policies, roles and responsibilities, objectives and targets may also need to be documented.  Procedures are also required to ensure that the operation is appropriately controlled.  The standards don’t specify what is required here, essentially you need a procedure where the absence of it would mean you failed to meet requirements.

What should your procedure exclude?

Now you know what should be in your procedure the next issue is to determine what shouldn’t be in your procedure. Elements can be excluded to make the procedure more robust, less likely to need amendment, allowing for development and innovation whilst maintaining compliance with the procedure.

Excessive detail.

A procedure’s detail should be sufficient to ensure that the activity is undertaken properly without being so prescriptive as to stifle innovation or development of work methods. For example don’t write that “the results will be posted to the customer” this means that any other communication method used to convey this information to the customer is non-conforming. Your procedure should convey what is critical about the process and if it is not critical that it is posted then the following may be preferable “the results will be communicated to the customer in writing”. Now the results can be sent via fax, email, posted letter or whatever stroke of genius the the next communication revolution brings.

Avoid excessive detail

Use the more generic terms where possible and appropriate:

  • · Use “Quality Manager” rather than “George Smith, the Quality Manager“. People move around organisations, change jobs and leave companies all the time. For ease of maintenance names should be left out. If required use another document elsewhere that names individuals responsible for roles, add phone numbers and call it a contact list.
  • Use “communication” rather than “telephone” or “email“.
  • Use “Excavator” rather than “Komatsu 32T”. Allows any brand or size of machine to be used
  • Use “plant” rather “excavator”. This allows alternative digging machines to be used.
  • Use “persons undertaking the activity” rather than “employees” (means it applies to subcontractors too)
  • Use “measuring equipment” rather than “tape measure”. Allows the use of laser devices, rulers, etc
  • Use “database” rather than “Microsoft Access Supplier Management Database”. Allows for new databases to be introduced without the need for a change to the procedure.
  • Use “current version of ISO 9001” rather than “AS NZS ISO 9001:2008”. Means that your procedure will be current even if an updated version of 9001 is released. That said the full version title of a standard should be referenced at least once in the system.
  • Use “Document Control Procedure” rather than “Document Control Procedure, Revision 3, June 2011”.

Use of modal verbs

Modal verbs are words such as ‘could’, ‘should’, ‘may’, ‘will’, ‘shall’. There use is particularly important in procedures. Words like ‘will’ and ‘must’ give specific direction. Words like ‘should’, ‘could’ and ‘may’ tend to give optional direction. The word ‘shall’ should be reserved for legal use.


Where acronyms are used these should be commonly known to the users of the system. They should be written in full when first used in a procedure with the acronym in brackets afterwards. Thereafter just the acronym can be used. The reader of the document should be able to understand it without having to refer to another document.

Basic Document Control Elements of a Procedure

All documents should be marked with a version, amendment or revision number. A date is also useful so you know when it was last amended.

Hard copies of procedures must be managed to make sure that users know they are using the most up to date version.

If you are using an electronic management system, as most companies do these days, make sure your documents print with the words “Uncontrolled Copy” on them. This means that the copy is only valid at the time of printing and any documents found after this should be assumed to be out of date.

If documents are printed they should have the page number and the total number of pages on each page. This way a user can tell whether they have the complete document.

Alternatively contact us and our management system services can help.

If you liked this article you may be interested in this one:

Procedure and Form Numbering


A word from the Managing Director: “We aim to establish long term, mutually beneficial working relationships, helping organisations grow and avoid the pitfalls that many fall into. Too many organisations feel their certification is a burden. We want to help organisations realise the business benefits of certification apart from meeting a statutory or customer requirement”