Using the 12 Tools Framework for Tackling Compliance

12 Tools MethodologyTools Blog
Written By James Thompson

Many compliance and auditing courses focus on WHAT the standard says. Our courses come with additional layers explaining WHY requirements exist (the intent behind specific compliance obligations) and HOW an organization might want to address the compliance obligation (based on best practices we've seen over decades of auditing and implementation). At the core of best-practice sharing lies a structured set of practical tools often referred to as the “12 Tools.” For learners interested in seeing one example of how organizations operationalize ISO and lean principles beyond theory, an overview is available at 12tools.com or concentricglobal.co/12tools.  

This framework is a comprehensive business operating system built on lean and ISO principles. It’s a business process framework that aligns teams, tracks performance, and simplifies compliance maintenance. The 12 Tools help you map workflow, assign clear roles, manage risk, and drive continuous improvement through simple visualization. Whether you're aiming for ISO certification, driving a lean culture, or team accountability, this methodology provides the structure you need for your journey towards process mastery. 

Note: The following mapping is provided for instructional reference purposes. Auditors and practitioners often find it helpful to see how ISO requirements can be translated into repeatable tools and visual management practices. The full framework and context for these examples can be reviewed at 12tools.com or concentricglobal.co/12tools. For ease of use, this mapping is based on ISO 9001:2015 as the primary reference.

12 TOOLS → ISO CLAUSE MAPPING

Tool 1 - Interaction of Processes & Ownership (50K Map)

  • ISO 9001:2015 – Clause 4.1 Understanding the organization and its context (who you are and what you do)

  • ISO 9001:2015 – Clause 4.2 Understanding the needs and expectations of interested parties (what needs are relevant to the management system)

  • ISO 9001:2015 – Clause 4.3 Determining the scope of the quality management system (vs. other sites, corporate support, other external providers)

  • ISO 9001:2015 – Clause 4.4 Quality management system and its processes (high level only)

  • ISO 9001:2015 – Clause 5.3 Organizational roles, responsibilities, and authorities

Rationale: Clarifies all key processes that make up the management system, scope, interactions, and individual ownership using a high-level "50K Map".

Tool 2 - Goal Tree & Annual Operating Plan (AOP)

  • ISO 9001:2015 – Clause 4.1 Understanding the organization and its context (defining purpose and strategic direction)

  • ISO 9001:2015 –  Clause 5.1 Leadership & Commitment (Leadership accountability for connecting the QMS with strategy and business processes)

  • ISO 9001:2015 –  Clause 6.1 Actions to address risks and opportunities (prioritization of risks/opportunities based on impact to customers and the business)

Rationale: Defines high-level ("Level 1") business goals for a set time period (i.e. annually) for prioritization if key performance indicators (KPIs) while also tracking "Plan" vs. "Actual" by month.

Tool 3 - Applicability Matrices

  • ISO 9001:2015 – Clause 4.4 Quality management system and its processes (ensuring that all major processes are identified)

  • ISO 9001:2015 – Clause 5.3 Organizational roles, responsibilities, and authorities (ensuring that all major processes identified in Tool 1 have a single process owner, responsible for compliance and overall performance)

  • ISO 9001:2015 – Clause 7.1.6 Organizational knowledge (assigning responsibility for compliance and beyond to the appropriate process owner, and defining respective knowledge requirements)

Rationale:  Easily identify what regulations, standards, and tools apply to each process owner and his/her respective team members.

Tool 4 - Turtle Diagrams (5K Process Maps)

  • ISO 9001:2015 – Clause 4.4 Quality management system and its processes (defining key elements of each major QMS process such as expected outputs, key interactions with other processes, and resources needed to achieve desired results)

  • ISO 9001:2015 – Clause 5.3 Organizational roles, responsibilities, and authorities (process ownership, relevant roles and competencies needed to achieve desired results)

  • ISO 9001:2015 - Clause 6.2 Quality objectives and planning to achieve them (defining performance criteria for each QMS process)

  • ISO 9001:2015 – Clause 7.1 Resources (general - resources needed to achieve desired results)

  • ISO 9001:2015 – Clause 7.2 Competence (competency needed to achieve desired results)

  • ISO 9001:2015 – Clause 7.5 Documented information (documentation needed to achieve desired results and retain evidence of compliance)

Rationale:  Zoom in on individual processes, showing inputs, outputs, roles, and controls on a 1-page "5K map" plan.

Tool 5 - Master Document & Records Matrix

  • ISO 9001:2015 – Clause 4.4.2 QMS & its processes (determining additional documentation needed to achieve desired results and retain evidence of compliance, by process)

  • ISO 9001:2015 –  Clause 7.5 Documented information (documentation needed to achieve desired results and retain evidence of compliance)

Rationale:  Maintain audit-ready document control across all level, functions, and departments with the ability to filter documents and records by specific process(es) for quick access and retrieval.

Tool 6 - Training Tracker & Competency Passport

  • ISO 9001:2015 – Clause 5.3 Organizational roles, responsibilities and authorities (defines roles, responsibilities, and authority for key work activities)

  • ISO 9001:2015 - Clause 6.1 Actions to address risk and opportunities (provides a collective inventory of risk associated with lack of or scarcity of knowledge)

  • ISO 9001:2015 – Clause 7.1.2 People (defines person(s) necessary for an effective process output)

  • ISO 9001:2015 – Clause 7.1.6 Organizational knowledge (provides a collective inventory of risk associated with lack of or scarcity of knowledge)

  • ISO 9001:2015 – Clause 7.2 Competence (defines competency requirements vs. current state competency inventory, while using a "passport" style individual tracker to encourage individuals to seek additional training, education, etc.)

  • ISO 9001:2015 – Clause 7.3 Awareness (defines awareness requirements vs. current state awareness inventory, while using a "passport" style individual tracker to encourage individuals to seek additional training, education, etc.)   

Rationale:  Track skills, training status, job roles, and compliance gaps.

Tool 7 - Process Measures Dashboard (PMD) 

  • ISO 9001:2015 - Clause 6.2 Quality objectives and planning to achieve them (an aggregate view of performance criteria for all QMS processes)

  • ISO 9001:2015 – Clause 9.1 Monitoring, measurement, analysis and evaluation (evaluation of overall QMS performance) 

  • ISO 9001:2015 – Clause 9.3.2 Management review inputs (used for prioritizing which areas of the QMS need resources allocated or reallocated based actual vs. planned performance, the impact to Level 1 KPIs, etc.)

  • ISO 9001:2015 - Clause 10.2 Nonconformity and corrective action (identification of significant performance indicators and the need for additional intervention such as root cause analysis, capital infusion, etc.)

Rationale:  Monitor the impact of Level 2 PPIs (process performance indicators) have on Level 1 KPIs (key performance indicators) from Tool 2 for timely response.

Tool 8 - Annual Audit Schedule

  • ISO 9001:2015 – Clause 9.2 Internal audit (planning and management of the audit program, as well as effective individual audits, based on importance, changes and process performance) 

  • ISO 9001:2015 – Clause 9.3.2 Management review inputs (adjusting the audit program scheduling, resource allocation, etc. based on past QMS results, current QMS performance, and future QMS needs/expectations)

  • ISO 9001:2015 – Clause 10.2 Nonconformity and corrective action (determining the severity of observed risks and opportunities compared to audit criteria, metrics, compliance obligations and opportunities for improvement)

Rationale:  Planning and track internal audits, third-party reviews, and follow-ups in response to Level 1 and 2 metrics.

Tool 9 - Management Review & Meeting Plans

  • ISO 9001:2015 – Clause 4.4 QMS and its processes (reviewing effectiveness of overall QMS planning vs. actual performance)

  • ISO 9001:2015 – Clause 9.3.2 Management review inputs (tracking action assignments, discussing changes, reviewing performance information, evaluating resource adequacy, and explore opportunities for improvement in an organized manner)

  • ISO 9001:2015 – Clause 9.3.3 Management review outputs (assigning action to address risks/opportunities and changes needed to support the customer and strategy)

Rationale:  Maintain leadership alignment, reviewing performance vs. goals, and providing adequate resources for fulfillment of requirements.

Tool 10 - Action Tracker

  • ISO 9001:2015 – Clause 6.1 Actions to address risks and opportunities (capturing potential actions based on all sources from customer complaints to ideas for innovation and improvement

  • ISO 9001:2015 - Clause 8.2.1 Customer communication (ensuring customer feedback and complaints are addressed)

  • ISO 9001:2015 – Clause 9.1 Monitoring, measurement, analysis and evaluation (collection of data/information for analysis of repeat occurrences, trends, etc.)

  • ISO 9001:2015 – Clause 10.2.1 Nonconformance and corrective action (evaluate the need for action to eliminate actual or potential cause(s) of nonconformities)

Rationale:  A central repository for capturing action items from all levels and functions for analysis and input into planning, changes, and risks/opportunities.

Tool 11 - Risk/Opportunities Assessment & Prioritization

  • ISO 9001:2015 – Clause 6.1 Actions to address risks and opportunities (determining which risks/opportunities to address based on severity, impact to the business and/or customer, and ensure actions taken are proportionate to potential impact to products/services)

  • ISO 9001:2015 – Clause 9.2 Internal audit (planning and management of the audit scheduling and resource allocation based on analysis of risk/opportunities) 

  • ISO 9001:2015 - Clause 9.3.2 Management review inputs (evaluating the effectiveness of actions taken to address risks/opportunities)

  • ISO 9001:2015 – Clause 10.2.1 Nonconformance and corrective action (evaluate the need for action to eliminate potential cause(s) of nonconformities)

Rationale:  Anticipate opportunities and mitigate risks using analysis tools, prioritization of project work and resource allocation.

Tool 12 - Corrective Action & Continual Improvement

  • ISO 9001:2015 – Clause 9.3.3 Management review outputs (assigning action to address risks/opportunities as an output from management review)

  • ISO 9001:2015 – Clause 10.2.1 Nonconformance and corrective action (evaluate the need for action to eliminate actual cause(s) of nonconformities)

  • ISO 9001:2015 – Clause 10.3 Continual improvement (investing in the strategy and long-term health of the business)

Rationale:  Eliminate recurring negative issues and increase desired results through structured techniques such as root cause analysis, lean/waste reduction, statistical process control, and other investments in long-term growth.

James Thompson
Next

Leading with Empathy & Decisiveness with Larry White