APG AuditingServiceOrganizations
APG AuditingServiceOrganizations
APG AuditingServiceOrganizations
1. Introduction
2. Service Organizations
“Service is the result of at least one activity necessarily performed at the interface
between the supplier and customer and is generally intangible. Provision of a
service can involve, for example, the following:
— an activity performed on a customer-supplied tangible product (e.g.
automobile to be repaired);
— an activity performed on a customer-supplied intangible product (e.g. the
income statement needed to prepare a tax return);
— the delivery of an intangible product (e.g. the delivery of information in
the context of knowledge transmission);
— the creation of ambience for the customer (e.g. in hotels and
restaurants).”
3. Auditing Guidance
When considering the applicability or not of clause 7.3 of ISO 9001:2000 to a service
organization, it is important to remember the definition of “Design and development”,
which, according to ISO 9000:2000 clause 3.4.4 is the “set of processes that transforms
requirements into specified characteristics”. Again, according to ISO 9000:2000
requirements are “needs and expectations that are stated, generally implied or
obligatory”, and characteristics of the service are distinguishing features that can include:
It is quite common for organizations to consider only the tangible component of their
product when addressing the requirements of clause 7.3, forgetting that the design and
development of the intangible product (the service itself) should be the main focus.
Additionally, the organization will need to design how the service will be delivered to its
customers.
If the organization proposes to justify the exclusion of design and development from its
QMS, the auditor should make a careful assessment of the justifications in light of the
above. The auditor should also examine whether the organization has an effective design
and development process that sufficiently defines the characteristics of its service, and of
its service delivery processes, that are needed to meet customer needs and expectations.
In terms of the processes needed to realize the service, we can identify two types of
service processes:
those involving the customer in the realization of the service itself (real time
delivery) and
those in which the output is delivered to the customer after the realization of the
process
Using the example of a hotel, the guest “check-in” and “check-out” processes would
probably involve “real-time” delivery of the service, whilst the cleaning of the guest’s room
Those processes that involve real time delivery, and are carried out directly at the
organization/customer interface can rarely (if ever) have their output (“the service”) verified
by subsequent monitoring or measurement before they are “delivered” to the customer.
Therefore, such processes are indeed subject to validation according to the requirements
of ISO 9001:2000, clause 7.5.2. This is also essential in order to prevent nonconformities
from occurring.
In order to ensure adequate control over the quality of the service to be provided, the
auditor should:
- understand the service characteristics, the service provision processes, and their
acceptance criteria, as defined by the organization (this should be done during the Stage 1
audit)
- determine whether validation of "real-time" service provision processes (or any other
process that requires validation) has been performed and if this has taken into account the
associated risks;
- assess if the appropriate tools, training and empowerment have been provided to the
personnel involved.
For many service industries, the service provided is instantaneous (i.e. via "real- time"
processes), which does not readily allow for inspection before delivery of that service.
Quality thinking says that the most cost-effective way of doing business is to apply the
philosophy of “special processes” to ALL processes: the more the organization gets its
processes right, the less the organization needs to worry about the outcome of their
processes.
Therefore it is very unlikely that this clause can be excluded.
In the cases of service processes directly involving the customer, “the control of
nonconforming product” (clause 8.3) is the way the organization deals with
nonconformities in the service provision until the appropriate corrective action is defined
and implemented.
This will enable the auditor to judge whether the control of such nonconforming product is
effective.
Note: In such situations the quality management system should have provisions to capture
data on the nonconformities and to feedback information, at the appropriate management
level, for the effective definition and implementation of corrective actions.
For cases in which the output of the service is delivered after the realization of the
process, “control of nonconforming product” may be based on usual monitoring and
inspection techniques. Evidence will need to be sought of the adequacy and effective
implementation of these techniques.
For further information on the ISO 9001 Auditing Practices Group, please refer to the
paper: Introduction to the ISO 9001 Auditing Practices Group
Feedback from users will be used by the ISO 9001 Auditing Practices Group to determine
whether additional guidance documents should be developed, or if these current ones
should be revised.
Comments on the papers or presentations can be sent to the following email address:
[email protected].
The other ISO 9001 Auditing Practices Group papers and presentations may be
downloaded from the web sites:
www.iaf.nu
www.iso.org/tc176/ISO9001AuditingPracticesGroup
Disclaimer
This paper has not been subject to an endorsement process by the International
Organization for Standardization (ISO), ISO Technical Committee 176, or the International
Accreditation Forum (IAF).