Thanks to Joe Pearson to prompt me into one of my all-time interesting debate/discussion once again – and yes, first time on my blog here!
This is a topic discussed and documented by many people at many places.
Here are my views and summarized thoughts on: How to define or differentiate Policy, Process and Procedures.
First of all let us look at a few available definitions of these:
Policy (Definitions – collected from web):
- A plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters (Wiki-answers)
- A course of action, guiding principle, or procedure considered expedient, prudent, or advantageous (Wiki-answers)
( I have a slight problem with both the definitions above – first one: Is Policy a plan/course of action? Hmm not really. Second one: Is Policy a procedure? Hmm Nah! Otherwise these definitions give a pretty big picture on what is Policy).
- Here is one more:
- A policy is a guiding principle used to set direction in an organization. It can be a course of action to guide and influence decisions. It should be used as a guide to decision making under a given set of circumstances within the framework of objectives, goals and management philosophies as determined by senior management (Source: Bizmanualz)
One thing is sure, there are different categories of policies in an organizations. Just to list a few:
- Organizational Policies – HR, Info security, finance etc – These are primarily a set of rules that ‘shall’ be adhered to.
- Process/Procedure policies – Change management policy, release policy – these contain rules as well as guiding principles within that process/procedure.
- Technical policies – these are the rules that you set on the technical infrastructure – like firewall policy, system policy, network routing policy etc.
Here, in the context we are in – the second category will be of primary focus. To summarize and move forward – the process policy will drive a set of rules and guiding principles that ‘shall’ be adhered to, while executing the related process(es) and procedure(s).
Process (Definitions – collected from web):
- A series of actions (or activities) that transforms inputs (or resources) into a desired product, service, or outcome (Source:)
- A set of interrelated work activities characterized by a set of specific inputs and value-added tasks that produce a set of specific outputs (Source: )
One common outcome from these definitions are process is ‘ a set of interrelated activities that delivers a desired outcome’.
Now, how do we ensure these ‘interrelated activities’ are delivered in a effective, efficient and consistent manner? I believe that is where the role of Procedures’ come.
Procedure (Definitions – collected from web):
- A set of specific steps that describe how an activity should be carried out, and by whom (Source: )
- A particular method for performing a task (Source: Wiktionary)
Though there is a larger overlap in the definitions of Process and Procedure (compared to Policy), I think there can be some level of distinction brought in with views like:
- A process looks at a larger set of tangible deliverables – that is expected by customer or stake holders – like Incident management (which starts at the detection of an incident – till closure of the same).
- The steps within the process, say Incident classification- need to be done in a consistent way. For that, procedures can be defined – like ‘Incident classification procedure’.
- While process can be a high-level and target a widers audience (in many-a-case, organization wide), Procedure will be a little more specific, targetting a narrower set of people or functions in the organization.
- While Process many times still talks about ‘what’ to be done at a task level, procedure might explain ‘how’ – those tasks are to be done.
- Because of the more specific nature, procedures are liable to more frequent changes/updates compared to the process.
Thus, with a combination of a governing policy and underlying procedures, the Process will become more effective, controlled and consistent.
Any further thoughts/discussions on this is most welcome.
Vinod Agrasala's ITSM / ITIL Blog 
January 28, 2009 at 3:25 pm
Joe, this is a very good explanation.
I always use the following very simpel explanation about the difference between Process, Procedure and Work instruction:
A Process is a set of activities in a logical order that transfers input into output to achieven an objective. It describes “What has to be done in which order”. A process is independent on the organizational structure. What should be done in which order should remain the same after a reorganization or…
A procedure describes “Who should do What and Why”. Here the relationship with the organizational structure is defined. A RACI chart is normally described in a procudure. When the organization changes, the procuderes has to be changed too.
A work instruction describes in “Which Way (how) the work has to be done, Where and When. This is the most detailed description of work activities. It is recommended to create work instructions only for more complicated activities, not done on a day to day basis to prevent a lot of paper work.
January 28, 2009 at 5:13 pm
Hmm. that is useful.
Does Procedure really answer ‘why’? Most often, it doesnt seemed to me so.
Also, doesnt the procedure level start answering the how part? without that, the differentiation/boundary between process and procedure start to blur isnt it?
As you explained, work instruction goes to more specific and detailed levels, differentiating itself from the procedure ( some thing like a step-by-step instruction of how exactly an activity to be done on a particular tool etc).
February 18, 2009 at 11:34 am
Policy – “a set of rules and guiding principles” – perfect! I’m surprised you found definitions of policy as a course of action. I supposed it might loosely be used that way in government, but hardly ever in business.
In general I agree with your comments on process vs procedure vs work instruction, and with Marcel.
One consideration to add for work instructions: they are often aimed at one person, and often (but not so often) all to be done at once, whereas a procedure could span days or weeks and a process could span multiple departments.
The main concept is that processes have to be able to be broken down (decomposed). A company I used to work for insisted on “macro process” and “sub-process”, but did not allow any more levels, which causes headaches. In fact, there could be any number of levels in a good process architecture.
I believe standard definitions don’t help – each company has to say what THEY mean by process, procedure and work instruction, as long as they correspond roughly to these general definitions. (I would argue hard with someone who said that a procedure was a higher level thing than a process.)
March 15, 2009 at 4:09 pm
POLICY – A set of rules and guiding principles to ensure achieving a organisation objective.
(Eg. Objective : Ensure the employee is provided reimbursement for his official expenses as per his eligibility in timely manner)
PROCESS – Set of procedures with specified conditions to achieve/control a specific Organisation objective. Flows across profiles/roles and departments/teams. Gives clarity on interdepartmental interfaces at high level and different paths the process will take on different logical conditions.
(eg. Claiming travel expenses as a Process : Claimant will fill a form and submit it to Claims Department where it will be processed and if succesful, forwarded to the HR department, then passed on to the Finance Department, ending in reimbursement of expenses into the Claimants official account………. Claims will be rejected/sought clarification or settled within 15 days normally)
PROCEDURE – Set of flow of activities/tasks to perform specific functions as subset of process. It also gives interfacing clarity for entry and exit to the team/department and ensure consistency in responses aligning to the team/department responsiblity. It may at times, but rarely crosses DEEP into other departments/teams. It will normally end after merely interfacing.
(eg. Procedure for submitting claim form : The claim forms (Form ABC) will be available at XXX place/team and has to be filled up using XYZ reference document and approved by claimant’s supervisor …… and then submitted to Claims department within 7 days of return from travel).
ACTIVITIES/TASKS- Step by step flow (details based on the skill of the profiles/roles performing it) to perform the tasks, confined to the role/profile within the team. Gives better clarity on interdepartmental/interrole interfaces at lower levels and authorities and logic/procedure to be applied when the processing is passed ot failed.
(eg. Activities/Tasks for Claims Processing Department: Accept the claims in Form ABC only and after validation, send the form to HR to seek HR department concurrence………. If OK from HR, present it to Claims processing Manager for approval and then to release payment through the Finance/Accounts Dept. If form not filled up properly reject and send back the form to Claimant with remarks.)
WORK INSTRUCTIONS : Detailed checklist type steps (details based on the role/skill of the person it) to perform the tasks, confined to the person / role, clearly defining his authority. Will do the actual processing of logic on pass or fail and trigeer the alternate path for the process execution.
(eg. WOrk Instrcution for Claims Processing Clerk: Accept the claims in Form ABC only. Check employee code and manager employee code and validate in reference database, Check the approvals, amounts, bills, attachments and totals. If OK sign off in column XX and sent to HR with Claim reference number and update records. If form has discrepancies, tick column XY as “REJECT” and send back the form to Claimant with detailed remarks in column YY and update records)
October 15, 2011 at 3:42 am
Thanks, I was looking for such an example involving practical events, and the abive helped me give a better clarity on the differences.
June 23, 2009 at 9:55 am
Dear Vinod,
i gothrough your blog it is very nice and very gratful to use. Now i require what basic policies need to follow newly form compny.
Please give me help on same.
Thank you
Rajesh
March 7, 2010 at 2:53 pm
tMBxy1 Excellent article, I will take note. Many thanks for the story!
April 6, 2012 at 11:30 pm
I have a question about the requirement of having a policy in place before administration can develop process and procedure.
April 7, 2012 at 11:06 am
Hi Sylvia,
Policies are a set of rules or guiding principles that must be adhered to. So when you develop processes and procedures (which describes what and how parts of the organizations activities), the requirements of the Policies need to be adhered to. So the Process/Procedure owners need to keep the Policy requirements in consideration while the Processes are being defined/established.
hope that helps…
March 15, 2013 at 1:50 am
Consise summary, very nice.
February 22, 2018 at 9:44 pm
Excellent article, good to read quality content we can all share between all users. I do as make tutorials and videos for others, if you have Instagram I would be happy to have you as follower : https://www.instagram.com/earthbydrones Have a great day! Earth By Drones Com Jeff