Auditing service organizations
Although ISO 9001 is intended to apply to all kinds of organizations, there are some characteristics of service organizations that auditors should consider carefully, as the ISO 9001 Auditing Practices Group explains
According to ISO 9000, clause 3.4.2 product: ‘Service is the result of at least one activity necessarily performed at the interface between the supplier and customer and is generally intangible. Provision of a service can involve, for example, the following:
- an activity performed on a customer-supplied tangible product (eg automobile to be repaired)
- an activity performed on a customer-supplied intangible product (eg the income statement needed to prepare a tax return)
- the delivery of an intangible product (eg the delivery of information in the context of knowledge transmission)
- the creation of ambience for the customer (eg in hotels and restaurants)
Most organizations have an element of service in their product. This may range from almost 100 per cent service (in the case of a law firm, for example), to a relatively small service component in the case of a manufacturing organization providing, for example, after-sales service.
Design and development of the service (3.1)
When considering the applicability or not of clause 7.3 of ISO 9001 to a service organization, it is important to remember the definition of ‘design and development’, which, according to ISO 9000 clause 3.4.4 is the ‘set of processes that transforms requirements into specified characteristics’. Again, according to ISO 9000 requirements, these are ‘needs and expectations that are stated, generally implied or obligatory’, and characteristics of the service are distinguishing features that can include:
- sensory (eg related to smell, touch, taste, sight, hearing)
- behavioral (eg courtesy, honesty, veracity)
- temporal (eg punctuality, reliability, availability)
- ergonomic (eg physiological characteristic, or related to human safety)
- tangible (eg measurable characteristics; these may be either the characteristics of the physical means used to deliver the service, eg the maximum speed of an aircraft, or of the environment in which the service is provided, eg the interior temperature or facilities of an aircraft).
It is quite common for organizations to consider only the tangible component of their product when addressing the requirements of clause 7.3, forgetting that the design and development of the intangible product (the service itself) should be the main focus. Additionally, the organization will need to design how the service will be delivered to its customers.
If the organization proposes to justify the exclusion of design and development from its QMS, the auditor should make a careful assessment of the justifications in light of the above. The auditor should also examine whether the organization has an effective design and development process that sufficiently defines the characteristics of its service, and of its service delivery processes, that are needed to meet customer needs and expectations.
Validation of processes for production and service provision (3.2)
In terms of the processes needed to realize the service, we can identify two types of service processes:
- those involving the customer in the realization of the service itself (real time delivery) and
- those in which the output is delivered to the customer after the realization of the process
Using the example of a hotel, the guest check-in and check-out processes would probably involve real time delivery of the service, whilst the cleaning of the guest’s room would generally be ‘delivered’ to the guest only after completion of the process (which could be subject to inspection and rework if necessary, to correct any nonconformities).
Similar processes can also be found in manufacturing organizations providing services related to their products. For example, the handling of claims and warranties; the repair of products by the organization's service units; or product maintenance activities performed at a clients' facilities.
Those processes that involve real time delivery, and are carried out directly at the organization/customer interface can rarely (if ever) have their output (‘the service’) verified by subsequent monitoring or measurement before they are 'delivered' to the customer. Therefore, such processes are indeed subject to validation according to the requirements of ISO 9001, clause 7.5.2. This is also essential in order to prevent nonconformities from occurring.
In order to ensure adequate control over the quality of the service to be provided, the auditor should:
- understand the service characteristics, the service provision processes, and their acceptance criteria, as defined by the organization (this should be done during the stage one audit)
- determine whether validation of real-time service provision processes (or any other process that requires validation) has been performed and if this has taken into account the associated risks
- assess if the appropriate tools, training and empowerment have been provided to the personnel involved
For many service industries, the service provided is instantaneous (ie via real-time processes), which does not readily allow for inspection before delivery of that service. Quality thinking says that the most cost-effective way of doing business is to apply the philosophy of ‘special processes’ to all processes: the more the organization gets its processes right, the less the organization needs to worry about the outcome of their processes. Therefore it is very unlikely that this clause can be excluded.
Control of nonconforming product (3.3)
In the cases of service processes directly involving the customer, the control of nonconforming product (clause 8.3) is the way the organization deals with nonconformities in the service provision until the appropriate corrective action is defined and implemented. Where a nonconformity is identified, the auditor should examine:
- whether the personnel involved are sufficiently empowered with the authority to decide the disposition of the service, for example: to immediately terminate the service; to replace the service provided; to offer an alternative
- the organization's customer claims and complaints processes
- any temporary corrections that are implemented to mitigate the effect of the nonconformity (eg refund, credit, upgrade, etc)
- the identification, segregation and replacement of the relevant service equipment, service providers and environment
This will enable the auditor to judge whether the control of such nonconforming product is effective.
It is important to note that in such situations the quality management system should have provisions to capture data on the nonconformities and to feedback information, at the appropriate management level, for the effective definition and implementation of corrective actions.
For cases in which the output of the service is delivered after the realization of the process, ‘control of nonconforming product’ may be based on usual monitoring and inspection techniques. Evidence will need to be sought of the adequacy and effective implementation of these techniques.
This article is an edited version of ‘Auditing service organizations’ from the website of the ISO 9001 Auditing Practices Group, and is reproduced courtesy of ISO and the IAF. These papers were developed on current best practice and therefore have not been formally endorsed as International Accreditation Forum (IAF) guidance or ISO TC176 interpretations. For further information about the Auditing Practices Group click here.
The ISO 9001 Auditing Practices Group is an informal group of QMS experts, auditors and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the IAF. It has developed a number of guidance papers and presentations that contain explanations about the auditing of QMSs. These reflect the process-based approach that is essential for auditing the requirements of ISO 9001.