Processes, Actives, Procedures, Process , Functions
I'm a little bit confused with some terminologies such as:
1. Process.
2. Activity.
3. Procedure.
4. Function.
5. Policy.
Could you please explain these terms giving some examples?
Assign topic to the user
These are the terminologies according to ISO 9000, the standard that defines the vocabulary for quality management systems:
- Process: a group of activities related to each other that transform inputs to intended results. Examples of processes are a purchase process, change process, and the software development process.
- Activity: the smallest identifiable piece of work to be performed. For example, in a purchase process, activities may be submitting a purchase request, require a quotation from the vendor, or evaluate a vendor proposal.
- Procedure: a specific way to perform an activity or a process. For example, in the activity of submitting a purchase request you can have a procedure for submitting the request manually (i.e., by means of a written document), or through an information system.
- Function: actions necessary to carry out an activity. For example, to submit a purchase request through an information system, the user needs to access the system, open a request, fill in the request, and send the request.
- Policy: intentions and direction provided by management to guide an organization. Examples are the Quality Management Policy, Information Security Management Policy, etc.
For further information, see:
- ISO 9001:2015 process vs. procedure – Some practical examples https://advisera.com/9001academy/blog/2016/01/19/iso-90012015-process-vs-procedure-some-practical-examples/
- What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Thanks for the clarification, How detailed should each one be. for example the Purchase order process what the verbosity of each one here?
ISO 27001 does not prescribe which level of details must be considered for documentation. Regarding this issue it only has a note that documents can vary from organization to organization, considering:
- the size of the organization
- type of activities, processes, products, and services
- the complexity of processes and their interactions
- the competence of persons.
Considering that, you should detail the information considering the needs and competence of the people that will use it. In the toolkit you bought you can see the level of details in each template
These articles will provide you further explanation about developing documents:
- 8 criteria to decide which ISO 27001 policies and procedures to write https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
- Seven steps for implementing policies and procedures https://advisera.com/27001academy/blog/2014/07/28/8-criteria-to-decide-which-iso-27001-policies-and-procedures-to-write/
These materials will also help you regarding documentation elaboration:
- Managing ISO Documentation: A Plain English Guide https://advisera.com/books/managing-iso-documentation-plain-english-guide/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 19, 2020