in ,

Main differences between a Policy and a Procedure

Differences between a policy and a procedure

When we work with ISO certifications, it is customary to use our own jargon and the terms policy and procedure are common, although in many cases their definitions are mixed and, therefore, today we want to tell you the main differences between a Policy and a Procedure .


Policy is a high level statement required by all the highest recognition standards such as ISO 9001 , ISO 14001  etc. It is the top management who elaborates and approves it in order to reflect its general intentions and orientations in matters of Quality, Environment, Health and Safety, etc.


To consider that a statement is a policy has to meet some fundamental requirements such as the following:

  • Be appropriate to each organization and not be a simple document homogenous to all. This means that it can not be a document that we have downloaded searching the Internet and belonging to another organization, for example.
  • Include a commitment to meet the established requirements as well as the goal of continuous improvement.
  • To be reviewed and updated periodically, every certain interval of time that the own address fixes.
  • Be communicated to all the people within the organization and to those external who work on behalf of the organization or who are an interested party or stakeholder .

Therefore, as a synthesis, politics is a document that must be elaborated and written by the top management and in which it must describe what the business is trying to achieve as well as its commitment to achieve it . It should not be a mere echo of the requirements of the standard for which an organization wants to be certified (that is, it should not be the same for any company). It must be a living document that is reviewed from time to time and updated to the circumstances of the company, its objectives and the market. And all those changes must be known by all members of the company or organization.


procedure is a specific form of carrying out a process or an activity. Not only are there differences between a policy and a procedure, procedures can also be documented or not and have some differences.

documented procedure is a document that defines how to do something. The procedure can describe the entire process from start to finish including all relevant activities or can be broken down into individual activities.

If we use as an example “Buy” within an organization, we can assume that all purchases comprise three activities: selection and approval of suppliers; make the purchase order or more commonly an order; and verification of goods received once the supplier sends us the goods. These steps can be carried out by one or more people.

So, in a small company , it is normal for a person to take care of all this, so we will talk about a single procedure: “The purchase procedure”. It will describe how each activity should be carried out and define the key control points and authority.

In a larger enterprise, there may be specific functions or departments assigned to each activity and a documented procedure for each activity that define not only controls within individual departments but also the interaction between different functions and departments.

Following the example and if it happens in a large company, we could distinguish three procedures:

  • “Supplier Quality Control Procedure” describes how to select, evaluate, control, approve and develop suppliers for the mutual benefit of both parties.
  • “Purchase Procedure”: describes how to select a supplier for a particular purpose, give the purchase order, control and expedite delivery of the order, confirm receipt and possible penalties for payment as a result of delays, inaccuracies of goods delivered, etc. As well as the steps to give to notify other departments, to block a payment, for example.
  • “Internal Goods Procedure”: describes how goods are received, who is authorized to sign such deliveries, management of necessary documentation and verification activity.

Undocumented procedures are those activities that are learned, memorized and implemented continuously. And that somehow, they are fruit of the experience in the company of what works for a better management.


In short, in order to understand the differences between a policy and a procedure we can say that a policy is a high level document, expressed by top management, to define its intentions and general direction in relation to the functioning of the organization.

And a procedure is a low-level definition that details how to carry out  certain parts of the organization’s operations. They can be defined in writing (documented) or communicated orally (not documented)

What is the difference between Process and Procedure?

What is the difference between Power and Authority?