• 0333 700 9001
  • Training Portal
Batalas Logo
  • Training Courses

    Return

    View all ISO 9001 Courses

    ISO 9001:2015 Foundation QMS

    CQI | IRCA

    An entry-level course which teaches an understanding of ISO 9001 QMS.

    ISO 9001:2015 Internal Auditor QMS

    CQI | IRCA

    Discover how to conduct, report and follow up on an internal audit.

    ISO 9001:2015 Lead Auditor

    CQI | IRCA

    Gain the knowledge and skills to manage internal, third-party, and supplier audits.

    View all AS 9100 Courses

    AS9100:2016 Rev D Introduction

    A short online course that provides a basic overview of AS9100:2016 Rev D.

    AS9100:2016 Rev D Foundation

    CQI | IRCA

    Discover the requirements of AS9100 and a Management System.

    AS9100:2016 Rev D Internal Auditor

    CQI | IRCA

    Understand auditor responsibilities and how to conduct an internal audit.

    AS9100:2016 Rev D Lead Auditor

    CQI | IRCA

    For new or existing auditors who wish to conduct internal, external and supplier audits.

    View all ISO 13485 Courses

    MD-QMS ISO 13485:2016 Foundation

    CQI | IRCA

    Achieve an understanding of ISO 13485 and a Management System.

    MD-QMS ISO 13485:2016 Internal Auditor

    CQI | IRCA

    Gain the knowledge and skills to conduct internal audits of a management system.

    ISO 13485:2016 Lead Auditor

    CQI | IRCA

    Learn how to lead audits within an organisation or for third parties and suppliers.

    View all ISO 27001 Courses

    ISO/IEC 27001:2022 Foundation

    CQI | IRCA

    Perfect for new auditors wanting to learn about ISO 27001 ISMS.

    ISO/IEC 27001:2022 Internal Auditor

    CQI | IRCA

    Conduct internal audits of an Information Security Management System.

    ISO/IEC 27001:2022 Lead Auditor

    CQI | IRCA

    Learn how to manage internal audits, plus third parties and suppliers.

    ISO/IEC 27001:2022 Auditor Conversion

    CQI | IRCA

    Designed for existing lead auditors who want to audit against ISO 27001 ISMS.

    View all ISO 14001 Courses

    ISO 14001:2015 Foundation

    CQI | IRCA

    Gain knowledge of an Environmental Management System.

    ISO 14001:2015 Internal Auditor

    CQI | IRCA

    Learn how to carry out an internal audit against ISO 14001.

    ISO 14001:2015 Auditor Conversion

    CQI | IRCA

    Perfect for existing lead auditors who want to learn ISO 14001 to expand their knowledge.

    View all ISO 45001 Courses

    ISO 45001:2018 Introduction

    Gain a basic understanding of ISO 45001 with this short online course.

    ISO 45001:2018 Foundation

    CQI | IRCA

    Beginners course that teaches the requirements of ISO 45001 OHSAS.

    ISO 45001:2018 Auditor Conversion

    CQI | IRCA

    For current lead auditors who wish to increase their knowledge by learning ISO 45001.

    View all IMS Training Courses

    Integrated Management System (IMS) Internal Auditor

    Learn how to conduct an internal audit of your integrated management system.

    View all GDPR Training Courses

    GDPR Introduction

    An interactive 1hr online course that teaches an overview of the GDPR.

    GDPR Team Overview

    GDPR training for your team at your workplace.

    View all Auditor Workshops

    ISO 9001:2015 Management Overview

    Understand the new responsibilities placed on managers in ISO 9001:2015.

    Supplier Auditor Course

    Learn how to conduct audits of new and existing suppliers effectively.

    ISO 9001:2015 Risk-Based Thinking

    Improve your knowledge and skills for effective risk-based thinking.

    Audit Skills Workshop

    Bring your team together with a fun and energetic team-building session.

    View all Learning Styles

    Classroom Training

    Virtual Training

    Online Training

    Public Training

    In-House Training

    View all Courses
  • Audit Support

    Return

    Audit Support

    We have a wealth of experience working with ISO management systems and can assist auditors who require support.

    ISO Management System Assessment 
    A review of an outdated or overcomplicated ISO management system
    Audit Mentoring
    Live audit observation and recommendations for any improvements
    Gap Analysis
    Identify potential gaps in the effectiveness of a management system
    View all Audit Support
  • Resources

    Return

    Resources

    The latest news, course updates and video resources all in one place. Looking for help? Check out our frequently asked questions.

    Frequently Asked Questions

    Video & Blogs

    Industry & Product News

    Sales & Offers

    View all Resources
  • About Us

    Return

    CQI and IRCA Logo

    Founded in 1962, we have over 60 years’ experience providing specialist consultancy and training in ISO/AS Management Systems.

    Why Choose Batalas

    Who Are Batalas?

    CQI and IRCA Approved Training Partner

    ELCAS Approved Learning Provider
    Training Venues

    Our Customers

    Case Studies
    Client Reviews
    About Us
  • Contact Us
Search
0

Home | Resources | Blog | The key differences between a Policy and Procedure

The key differences between a Policy and Procedure

  • Feb, 2014
Policy v Procedure
Policy v Procedure

A policy is a high level document/statement that is required by all MS standards such as ISO 9001, ISO 14001, and OHSAS 18001 etc. It is the top level document of the MS that needs to be prepared and approved by top management to define its overall intentions and directions with regard to Quality or Environment or Health & Safety etc. In all case it needs to:

  • be appropriate to the organisation (i.e. not just a copy of someone else’s policy or downloaded at random from the internet
  • include a commitment to comply with requirements (customer/legislation/standards/MS) and continual improvement (not continuous 
    [1]

    )

  • be reviewed and update (at appropriate intervals as determined by top management)
  • be communicated to all persons within the organisation and appropriate persons working for on behalf of the organisation (contractors/sub-contractors/suppliers/agents etc.)

In other words top management (the most senior people) should develop and write the policy (not just ask the management representative to find them/write a suitable form of text that they rubber stamp as approved). It should outline what the business is actually trying to achieve (in terms of Quality, Environment, Health & Safety etc.) and confirm its commitment to do so. It should not just be a sales/marketing device or document to meet one of the MS requirements. In practice many policy documents we see simply echo the requirements of the standards (as we have done above) and could have been written for ‘any company’ (just substitute your ‘own company’ name).

The policy needs to be reviewed and updated as the business/market/customer/regulatory requirements change and such changes communicated to all relevant personnel within and, as appropriate, out with the organisation. In practice many of these statements do not change from year to year and are stuck up somewhere to show commitment, but are not read and almost nobody knows what they say (although they could go and read it during an audit if required). Sometimes the statement is moved and then staff do not even know where to read it.

A procedure is a specified way to carry out a process or an activity, that may be documented or not.

So a documented procedure, often called an SOP or Standard Operating Procedure is a low-level document that defines how to do something, the procedure may describe the whole process from beginning to end including all the relevant activities or may be broken down into individual activities.

Take purchasing for example, it comprises three distinct activities that of: selecting and approving suppliers, raising purchase orders and verifying goods upon receipt. This may all be done by one dedicated person in a small company and only require one procedure ‘Purchasing Procedure’ outlining how each of the activities are carried and defining the key control points and authority.

In a larger company there may be specific functions or departments allocated to each activity and a documented procedure for each activity (as suggested below) that define not only the controls within the individual departments, but also the interaction between the various functions and departments and individual responsibilities and authorities for making decision and taking action:

  1. ‘SQA – Supplier Quality Assurance Procedure’ that describes how to select, evaluate, monitor, approve (authority) and develop suppliers to the mutual benefit of both parties.
  2. ‘Purchasing Procedure’ that describes how to: select a supplier (approved or not – link to previous procedure 1.) for a particular order, raise the purchase order, monitor and expedite delivery of the order, confirm its receipt (link to following procedure 3.) and sanction payment (possible link to accounting procedures – finance system).
  3. ‘GI – Goods Inward Procedure’ that describes how to receive goods, who is authorised to sign for goods, (POD – Proof of Delivery) documentation (link to previous procedure 2.), verification activity (possible link to GI Inspection procedure).

The concept of non-documented procedures is often alien to a generation of personnel who have been brought up on the principle that if it is not documented it is not defined. But, think of driving a car, can we read a procedure while driving? NO, so changing lanes is based on the maxim of Mirror, Signal and Manoeuvre i.e. a defined lane-changing activity that every competent driver learns, memorizes and puts into practice on a continuous basis. In practice, many people Manoeuvre, look in their Mirror to see who they just carved up and then perhaps Signal to justify such action.

Conclusion

In summary, a policy statement is a high level document, expressed by top management, to define its overall intentions and direction with regard to the operation of the organisation.

A procedure is a low level definition of how to implement particular parts the operation of the organisation. They may be defined in writing (documented) or communicated orally.


[1] See separate articles for discussion of difference between continual and continuous improvement

Want to know more?

Our ISO experts are here to help answer your questions.

Get in touch

Related Courses

Icon 1

ISO 9001:2015 Foundation QMS

An entry-level course which teaches an understanding of ISO 9001 QMS
  • ONLINE
  • VIRTUAL
  • CLASSROOM
  • IN-HOUSE
From £225
Find out more
Icon 1
Offer

ISO 9001:2015 Lead Auditor

Gain the knowledge and skills to manage internal, third-party, and supplier audits
  • VIRTUAL
  • CLASSROOM
  • IN-HOUSE
From £725
Find out more
Icon 1
Offer

ISO 9001:2015 Internal Auditor QMS

Discover how to conduct, report and follow up on an internal audit
  • VIRTUAL
  • CLASSROOM
  • IN-HOUSE
From £375
Find out more

You may also be interested in

supplier audit

Lead Auditor v’s Supplier Auditor course

ISO 27001 certification deadline

ISO/IEC 27001 certification deadline

focused team leader presenting marketing plan interested multiracial coworkers serious speaker boss executive business trainer explaining development strategy motivated mixed race employees scaled

Are you an ISO trainer looking for a new opportunity?

shutterstock 900x600 min

No place like home (for a security breach)

Untitled design 1

Batalas has become an ELCAS Approved Learning Provider

Depositphotos 18937205 900x600 min

Is ISO 27001 ISMS certification worth it?

Back to Videos & Blogs

Stay up to date with industry news, courses and offers

By subscribing, you consent to receive marketing emails from Batalas. Your data will not be forwarded to any third parties, and you can unsubscribe anytime.

By clicking ‘Sign up’ you agree to the Terms and Conditions and Privacy Policy.

portrait happy young freelancer using laptop

More Resources to make your studies go further

With over 60 years experience, our expert team have a wealth of knowledge to share. From auditing tips to FAQ’s, we have a range of resources to support you.

All resources

Let’s level up your career together

Are you a new auditor looking for ISO training advice? Or do you want to build on existing auditing skills to boost your career?


Whatever your need, our experienced and knowledgeable Batalas team can guide you on the right training path to help you reach your professional goals.

Get in touch
Batalas Logo
  • Training Courses
  • Audit Support
  • Resources
  • About Us
  • Training Courses
  • Audit Support
  • Resources
  • About Us
  • Terms and Conditions
  • Privacy Statement
  • Company Policies
  • Contact Us
  • Terms and Conditions
  • Privacy Statement
  • Company Policies
  • Contact Us
CQI and IRCA Logo
Cyber Essentials Certified Logo

Batalas Ltd is a limited company registered in England and Wales. Registered number: 3736166. Registered office: Victoria House, 2 Grove Road, Fareham, PO16 7TE

© 2023 Batalas ltd, All Rights Reserved. Designed by Damteq®

  • Training Portal
  • Training Courses
  • Audit Support
  • Resources
  • About Us
  • Contact Us
  • 0333 700 9001
  • Training Portal
  • Training Courses
  • Audit Support
  • Resources
  • About Us
  • Contact Us
  • 0333 700 9001
  • Training Portal

Return

Training Courses

View all ISO 9001 Courses

ISO 9001:2015 Foundation QMS

CQI | IRCA

An entry-level course which teaches an understanding of ISO 9001 QMS.

ISO 9001:2015 Internal Auditor QMS

CQI | IRCA

Discover how to conduct, report and follow up on an internal audit.

ISO 9001:2015 Lead Auditor

CQI | IRCA

Gain the knowledge and skills to manage internal, third-party, and supplier audits.

View all AS 9100 Courses

AS9100:2016 Rev D Introduction

A short online course that provides a basic overview of AS9100:2016 Rev D.

AS9100:2016 Rev D Foundation

CQI | IRCA

Discover the requirements of AS9100 and a Management System.

AS9100:2016 Rev D Internal Auditor

CQI | IRCA

Understand auditor responsibilities and how to conduct an internal audit.

AS9100:2016 Rev D Lead Auditor

CQI | IRCA

For new or existing auditors who wish to conduct internal, external and supplier audits.

View all ISO 13485 Courses

MD-QMS ISO 13485:2016 Foundation

CQI | IRCA

Achieve an understanding of ISO 13485 and a Management System.

MD-QMS ISO 13485:2016 Internal Auditor

CQI | IRCA

Gain the knowledge and skills to conduct internal audits of a management system.

ISO 13485:2016 Lead Auditor

CQI | IRCA

Learn how to lead audits within an organisation or for third parties and suppliers.

View all ISO 27001 Courses

ISO/IEC 27001:2022 Foundation

CQI | IRCA

Perfect for new auditors wanting to learn about ISO 27001 ISMS.

ISO/IEC 27001:2022 Internal Auditor

CQI | IRCA

Conduct internal audits of an Information Security Management System.

ISO/IEC 27001:2022 Lead Auditor

CQI | IRCA

Learn how to manage internal audits, plus third parties and suppliers.

ISO/IEC 27001:2022 Auditor Conversion

CQI | IRCA

Designed for existing lead auditors who want to audit against ISO 27001 ISMS.

View all ISO 14001 Courses

ISO 14001:2015 Foundation

CQI | IRCA

Gain knowledge of an Environmental Management System.

ISO 14001:2015 Internal Auditor

CQI | IRCA

Learn how to carry out an internal audit against ISO 14001.

ISO 14001:2015 Auditor Conversion

CQI | IRCA

Perfect for existing lead auditors who want to learn ISO 14001 to expand their knowledge.

View all ISO 45001 Courses

ISO 45001:2018 Introduction

Gain a basic understanding of ISO 45001 with this short online course.

ISO 45001:2018 Foundation

CQI | IRCA

Beginners course that teaches the requirements of ISO 45001 OHSAS.

ISO 45001:2018 Auditor Conversion

CQI | IRCA

For current lead auditors who wish to increase their knowledge by learning ISO 45001.

View all IMS Training Courses

Integrated Management System (IMS) Internal Auditor

Learn how to conduct an internal audit of your integrated management system.

View all GDPR Training Courses

GDPR Introduction

An interactive 1hr online course that teaches an overview of the GDPR.

GDPR Team Overview

GDPR training for your team at your workplace.

View all Auditor Workshops

ISO 9001:2015 Management Overview

Understand the new responsibilities placed on managers in ISO 9001:2015.

Supplier Auditor Course

Learn how to conduct audits of new and existing suppliers effectively.

ISO 9001:2015 Risk-Based Thinking

Improve your knowledge and skills for effective risk-based thinking.

Audit Skills Workshop

Bring your team together with a fun and energetic team-building session.

View all Learning Styles

Classroom Training

Virtual Training

Online Training

Public Training

In-House Training

View all Courses

Return

Audit Support

We have a wealth of experience working with ISO management systems and can assist auditors who require support.

ISO Management System Assessment 
A review of an outdated or overcomplicated ISO management system
Audit Mentoring
Live audit observation and recommendations for any improvements
Gap Analysis
Identify potential gaps in the effectiveness of a management system
View all Audit Support

Return

Resources

The latest news, course updates and video resources all in one place. Looking for help? Check out our frequently asked questions.

Frequently Asked Questions

Video & Blogs

Industry & Product News

Sales & Offers

View all Resources

Return

CQI and IRCA Logo

Founded in 1962, we have over 60 years’ experience providing specialist consultancy and training in ISO/AS Management Systems.

Why Choose Batalas

Who Are Batalas?

CQI and IRCA Approved Training Partner

ELCAS Approved Learning Provider
Training Venues

Our Customers

Case Studies
Client Reviews
About Us

Show more results...

Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt

Alternatively, use our Course Selector to find the perfect course for you:

Find your course