Agile ISO: How to Combine Compliance with Rapid Process Improvement

agile isoISO standards can be confusing and intimidating.

However, with the 2015 updates, it really shouldn’t be that scary.

In the past, conforming to ISO meant huge manuals and a lengthy process to change how tasks were approached.

Now, there is increased flexibility and the opportunity to utilize software to speed up your systems and make everything easier to handle.

This is why we’re presenting you with our concept of Agile ISO: how to combine structured compliance with the rapid process improvement of a startup.

In this Process Street article, we’ll cover:

  • What is ISO?
  • What is ISO 9000?
  • What is Agile ISO?
  • What is needed to support Agile ISO?
  • How to get started with Agile ISO in 5 easy steps

I’m going to try to be brief and clear while cutting the bullshit.

What is ISO?

When people talk about ISO they’re talking about the International Organization for Standardization which produces a whole range of standards which businesses can choose to comply with to demonstrate operational quality.

The ISO is headquartered in Geneva but works alongside the different standards organizations worldwide which produce nation specific standards. In America, that would be the American National Standards Institute and its range of affiliated bodies.

If you can demonstrate that the management structures in your business adhere to ISO 9000 then other businesses, nationally and globally, can see that you operate competently. This can help you do business with a degree of assurance; the company you’re working with operates at a high standard.

The same would be true of other ISO standards. In order to improve your environmental impact, you may decide that you only want to do business with companies which can demonstrate they’re in compliance with ISO 14000 – the set of standards which apply to managing an organization while being aware of, and willing to tackle, environmental impact.

You may have heard of ISO 9001 or ISO 14001. These fall into their respective families of standards and are both fundamental to those families. These both define the management systems which underpin the rest of the standards in the family.

What is ISO 9000?

Okay, ISO 9000 is basically concerned with how well you run your business operations. It wants you to have a quality management system (QMS) and a set of quality assurance policies. It tells you what documents you should keep as records to demonstrate you’re taking this whole thing seriously.

That’s the long and short of it.

What is a quality management system (QMS)?

agile iso qms process model
Why are improvement and support outside the circle? Why does nothing impact on support? What does the thin dotted line mean?

A quality management system is an attempt to align all of a business’s operations around achieving quality.

For many businesses, the purpose of a quality management system is to give themselves a hokey chart/diagram which they can show off – an image which shows all the elements of a business working in harmony. But simply having a QMS is not good enough for ISO 9001 anymore, you need to have it implemented and functional throughout the company.

A quality management system is always more complicated than the graphics used to convey them. In its simplest form it could be broken down into 3.5 parts:

  1. Document how everything in your business works and how it aligns with objectives.
  2. Document how you’re going to approach continuously improving this stuff in your business.
  3. Document what you’ve done and changed during these improvements and update whatever you put for step 1.
  4. Repeat ad infinitum.

It’s all centered around the notion of quality. Now, I’m sure you know what it means in this context, but if you want a deeper discussion about quality in a business setting relevant to quality management systems then check out this previous article of mine: How to Use The Deming Cycle for Continuous Quality Improvement.

Deming sees quality as being a factor which a business can build a theory around. That theory is then the driving force for the business. The quality management system is the organizational tool which runs scientific experiments on the assumptions contained within that theory and updates the theory accordingly.

Having a clear concept of quality in your business allows you to measure whether something you did was good or not; whether the outcome aligned with your concept of quality or not.

For example, if someone approaches you and says that you can significantly reduce your costs by partnering with them, but product quality will be lower and environmental impact will be higher, what do you say? Deming would say your choice depends on your conception of quality.

Too theoretical, just tell me what a QMS is

It’s just the set of policies you have for the company along with all the processes you follow in the company. It’s about what measures you take to both implement and improve these policies and processes. But you need to have things like a quality policy in order that you can measure whether your improvements are actually improvements or not.

You’ll need to have things like:

  • Clear quality objectives
  • A quality policy which has been communicated throughout the company
  • A nice neat map of your organizational structure – preferably including who is responsible for what
  • Proper documentation of your operating processes – think process manual, but something people actually use
  • Documented efforts to improve product quality – and to understand what that means in the mind of your consumers
  • A system for improving processes – something that results in continuous improvement
  • A place where someone can find all of this information, and details of how this place is managed

We’ll look at this in more detail next. But you get the idea of what a whole QMS looks like.

If I have that, am I compliant with ISO 9001?

agile iso 9001

No. But you’re essentially there. You just have to put some bells and whistles on it to show you’re taking it seriously.

There are seven main sections which you need to show you’ve read implemented. These aren’t your procedures, but your policies.

  • Section 4 – Context of the Organization – You have to document relevant information about your company and its position in the market. So, you’ll want to talk about what kind of company you are and how you’re structured, but you’ll also want to bring up all the external factors. This could be other companies you work with, what customers you sell to, unions you have to consult with, banks or investors you’ve done financial bits with, and who your competition is – these are all interested parties. All these kinds of things go into this section, but you only really need stuff which will impact in some way on your QMS.
  • Section 5 – Leadership – This is where we’re expanding on the structure stuff. Given that you’ve described the structure of the organization, you can document the responsible people within this structure in this section. Record who is involved in the structure and what they are responsible for – with reference to the specific procedures from the manual.
  • Section 6 – Planning for the Quality Management System – There’s a lot of things that could go in here. This section, though, is largely about your QMS methodology and how you seek to implement it. You might want to have a discussion about the relative benefits of a properly implemented Deming cycle using PDSA compared against using a Six Sigma technique like DMAIC – both are process improvement methods, but which will you choose? Or you could pick a methodology for how to construct new processes – something like DFSS, perhaps? But it isn’t just your process creation or improvement that you might want a process for; predictive process testing methods like FMEA could be decided upon too. Basically, document what methods you’ll employ and then explain how it will be implemented.
  • Section 7 – Support – How are you going to support this quality management system? There are some basic questions you’ll have to ask yourself about whether you need to buy any specialist software or machinery or equipment in order for your team to implement the QMS day to day on the job. You’ll also have to think about what training you might need to deliver for staff to fulfill these needs properly. Add to all this a discussion about how you’re going to document your procedures and how you’re going to communicate them and the QMS to all staff. Figure out your strategy and answers to these questions and pump it into this section.
  • Section 8 – Operation – In here we want some specifics about how we’re managing our processes. You need to have detail about products or services you offer and how different procedures support them. You need to show that there’s been a process behind every decision and that all sufficient testing has taken place. There are also important steps like how you determine whether a process was a success or not when carried out – these kinds of details need to be included in here. Additionally, you’ll want to cover what you do if you create defects or experience non-conforming outputs (not just manufacturing). You should have a process in place to record this, work it out with the customer, and seek to stop it happening again in the future. Operations is the longest section, so check out this longer summary from Standards Store for more info.
  • Section 9 – Performance Evaluation – You have to figure out how you will measure the performance of your QMS. What are your metrics? How will you analyze? Who will be responsible? You effectively have to create a quality management system for your quality management system. “It’s no use, Mr. James — it’s quality management systems all the way down“. All of this needs to be accommodating for internal audits and for management reviews – so you need a schedule and process for those elements too. I don’t want to throw too much more ISO at you, but ISO 19011:2018 provides guidelines for auditing management systems, and ISO 9004:2018 provides a self-assessment tool for organizations to work out how well they’re doing with the whole ISO 9000 implementation game.
  • Section 10 – Improvement – Honestly, this is just a What I Learned section with a bit of a What I Am Going To Do Next added in. You can document in here there various changes you’ve made to the business thanks to the new quality management system. You can also put in here your various considerations for future improvements, plus putting in details about the times when things went wrong and what you did to make sure the Bad Things won’t happen again.


I said this would be a no bullshit article and I have not delivered so far.

But I will make it up to you.

Now that you hopefully know what ISO:9001 is and what you need to be compliant to it, we look at making it function.

I swear this is the fun part.

What is Agile ISO?

agile iso new vs old

Agile ISO is about taking the boring rigidity of ISO standard operating procedures and replacing it with digital tools where process iterations can be rapid and work instructions can be created from the bottom up, not just from the top down.

We’re storming the ISO Bastille. Well, a Swiss version of the Bastille. Château de Chillon?

Well, no. Because we’re not actually storming anything. We’re being invited.

You see, the current ISO 9000 is the 2015 revision, which built on and adapted the 2008 version.

And the 2015 version has a host of interesting content which allows companies to be much more agile and flexible in their approach.

Why the 2015 revision is agile friendly

For a long time, people have been curious whether agile and ISO style approaches could be married together, but it seems that the architects of the 2015 version were also thinking about this.

The most recent versions, for example, allow the organization themselves to be the judge of how much documentation is required to achieve specific business goals from their processes.

“This enables each individual organization to determine the correct amount of documented information needed to demonstrate the effective planning, operation and control of its processes and the implementation and continual improvement of the effectiveness of its QMS.” – From the ISO/TC 176

Plus, the standards now allow for organizations to focus on making sure their operations align with specific business goals, rather than having to necessarily create a whole monolithic QMS that covers the whole company as a kind of Frankenstein outsider. Now it allows the QMS to be more of a set of integrated practices within departments or teams to the extent that it benefits and serves strategic goals.

So, if I wanted to do some PPC ads on social media, I could just hire some people who were good at it, give them a bunch of money, and tell them to run ads and test things until they come back to me with something that works. And I would still be ISO compliant. Despite no prior planning or process creation. As long as those ads managers adhere to the spirit of company policies, we’re grand.

The third point worth mentioning is that procedures can be stored digitally as well as on paper. Which means no more dusty manuals that nobody bothers to read. The new regulations allow for storage on CDs, on word processing files, or – get this – in the cloud.

And why is this important? How does this make it agile?

Now that you can store your procedures in the cloud, we can use technology to get past some of the difficulties we were previously presented with.

Both Nathan Sykes and the academics Tor Stålhane & Geir Kjetil Hanssen have made the point that conformance to ISO fully could lead to more paperwork and prior planning than would be allowed for in an agile setup, and that the extra documentation could undo any agile process improvement benefits. They both propose the solution of underdocumenting procedures while adhering to other aspects of ISO 9001 like the quality policies and assurances. Their suggestions were that you should be able to pass the audit anyway if well aligned with strategic goals.

But you shouldn’t determine how documented a process needs to be on the basis of what agile theory says nor on the basis of what a bunch of Swiss technocrats say.

You should determine how documented a process needs to be by the nature of that specific process.

Some processes need detailed procedure steps and extensive work instructions. Other processes may need one but not the other. Every process is different and your documentation should be a reflection of your business needs, not of anything else.

It’s the agile vs waterfall debate. Some processes need planning out from the start in detail, others can just get started and form a process as experimentation continues and different stakeholders weigh in to determine what works and what doesn’t.

Agile ISO is about using software to achieve the fully developed process libraries where necessary, and also being able to quickly build new processes in collaboration with others while able to iterate them rapidly over time.

It’s about being able to do both of these things and still getting ISO accreditation.

What is needed to support Agile ISO?

To enable Agile ISO in an organization you need software which can do multiple things:

  • Allow you to build rich process libraries with multiple folders, subfolders, and managed permissions.
  • Allow you to build large detailed procedures filled with work instructions, media, and reference guides.
  • Allow you to interact dynamically with procedures as process instances, recording information through form fields.
  • Allow you to see when a process was followed, who followed it, and what progress was made on it.
  • Allow you to see the revision histories for set procedures, so you know how they were updated, when, and by whom.
  • Allow you to enforce certain procedural paths through things like stop tasks and conditional logic.
  • Allow you to quickly create new processes, assign them to individuals or teams, and collaborate on their construction and execution.
  • Allow you to update a process model for a procedure and immediately push the new revision live for use.

With this feature set in place, you’re able to bring the best of business process management, agile methodologies, and ISO standards into one practical method of process management.

Your process library acts as a dynamic complete process manual. The revision histories of each procedure contain the date, time, and individual. The procedures can be super complicated or incredibly simple. They can be assigned or scheduled, even triggered automatically by the completion of other tasks.

This process library of digital SOPs is like a manual on steroids which eats HGH for breakfast.

But the best part is, when an employee sets out to complete a task, they just follow a checklist which walks them through the process and makes the process even easier for them to complete.

This raises process adherence, improves output, and enables accountability in the workplace.

Unlike a traditional dusty procedure manual, processes actually get followed by employees.

So, how do we begin with this dream solution?

How to get started with Agile ISO in 5 easy steps

The answer, as I’m sure you’re now aware, is Process Street.

Process Street does everything described above, and more.

With Process Street, you create templates and then run checklists from them. The template acts as a process model and the checklist as a single instance of the model.

This makes it super easy to build processes and even easier for employees to follow them; it’s as simple as following a checklist.

You can also connect Process Street up with the third party automation platform Zapier to connect it with over 1,000 other apps and webapps.

But back to Agile ISO.

This is what you need to do to go about becoming ISO compliant via our Agile ISO method:

  1. Build your processes in Process Street. If you don’t already have documented processes, then get your different team members or team leaders to build out their processes in Process Street themselves. It should take them no time at all to create a rough skeleton with some accompanying work instructions. Keep it simple. Improve them out over time.
  2. Create your folder architecture. You can review our post on process libraries for inspiration, but you can use folders, subfolders, and tags. You can also manage permissions for folders so that some (proprietary info, finances, legal) can be private. Then you can move the process templates your team(s) created into their corresponding homes.
  3. Design your meta-processes. These are things like processes for process improvement, processes for risk assessment, processes for creating new processes, process style guides, etc. These processes manage your other processes. Here are some examples:
    1. FMEA Template: Failure Mode and Effects Analysis
    2. The Process for Optimizing a Process
  4. Write your policies. These are the boring bits we talked about earlier: Context of the Organization, Operations, Support, etc. You can draft these out and get consultation from others in your company.
  5. Create your first official document. You can have a folder in your Process Street process library where you store your policies as templates. You won’t run these templates as checklists, but it makes sense to keep all documents in the same system. Both process templates and individual checklists can be exported to PDFs in case you want to present the documents physically at any point. The first official document you can create is your quality management system mini-manual. You can use this ISO 9000 structure template below to help you construct it.

And there you have it.

By using Process Street, you don’t have to update every copy of a physical manual every time you want to make a small improvement to a process; instead, you can quickly create new and improved processes which are easy to follow and compliant with ISO.

It’s that simple.

If you’re not sure what your processes will look like when they’re in Process Street, why don’t you look through this list of premade processes to find something similar to a process you might use. You can simply add the template to your Process Street account so you can test it and see how it works.

Sales processes

PPC checklists

Agile software processes

Inspection checklists

Property management checklists

Is this a clear explanation of Agile ISO? Is there anything you feel we didn’t cover? Let us know in the comments below!

Get our posts & product updates earlier by simply subscribing

Adam Henshall

I manage the content for Process Street and dabble in other projects inc language exchange app Idyoma on the side. Living in Sevilla in the south of Spain, my current hobby is learning Spanish! @adam_h_h on Twitter. Subscribe to my email newsletter here on Substack: Trust The Process. Or come join the conversation on Reddit at r/ProcessManagement.

Leave a Reply

Your email address will not be published. Required fields are marked *

Take control of your workflows today