Clause 8 Reqmnts

Welcome to APB Consultant
ISO 9001:2015 QMS
ISO 9001:2015 Internal auditor training Presentation
Seven principles of Quality management as per ISO 9001:2015
Process Approach
Annex SL
Risk based Thinking
QUALITY RISK MANAGEMENT
ISO 9001:2015 Addressing Change
ISO 9001:2015 Strategic direction
Clause 4: Context of the Organization
Clause 5: Leadership
CLAUSE 6: PLANNING
CLAUSE 7 SUPPORT
Clause 7.1.6: Organizational Knowledge
Clause 7.5 Documented Information
ISO 9001:2015 CLAUSE 8 OPERATION
ISO 9001:2015 CLAUSE 9 PERFORMANCE EVALUATION
ISO 9001:2015 INTERNAL AUDIT
ISO 9001:2015 CLAUSE 10 IMPROVEMENT
ISO 9001:2015 Gap Analysis tools
ISO 14001:2015 EMS
ISO 14001:2015 GAP ANALYSIS TOOLS
ISO 14001:2015 life cycle perspective
ISO 14001:2015 Compliance obligations and evaluation of Compliance
ISO 14001:2015 Clause 3 Terms and definition
ISO 14001:2015 Clause 4 Context of the organization

ISO 14001:2015 Clause 5 Leadership
ISO 14001:2015 Clause 6 Planning
ISO 14001:2015 Clause 7 Support
ISO 14001:2015 Clause 7.4 Communication
ISO 14001:2015 Clause 7.5 Documented information
ISO 14001:2015 clause 8 Operation
ISO 14001:2015 Clause 9 Performance evaluation
ISO 14001:2015 Clause 10 Improvement
ISO 9001:2008
Implementing ISO 9001
ISO 9001 Requirements
Clause 1,2,3
Clause 4.1
Clause 4.2
Clause 5.1,5.2,5.3
Clause 5.4
Clause 5.5
Clause 5.6
Clause 6
Clause 7.1
Clause7.2
Clause7.3
Clause 7.4
Clause 7.5
Clause 7.6
Clause 8.1
Clause 8.2
Clause 8.3
Clause 8.4 & 8.5
Documentation Requirements of ISO 9001:2008
The Eight principles of Quality Management
ISO 9000:2005
Fundamentals of QMS
Terms relating to Quality
Terms relating to management
Terms relating to process and products
Terms relating to Characteristics
Terms relating to Organization
Terms relating to Conformity
Terms relating to Documentation
Terms related to Examination
Terms related to Audit
Terms related to quality management for measurement processes
ISO 14001:2004
Preparatory Environmental Review
ISO 14001 Terms and Definitions
Clause 4.1
Clause 4.2
Clause 4.3.1
Clause 4.3.2
Clause 4.3.3
Clause 4.4.1
Clause 4.4.2
Clause 4.4.3
Clause 4.4.4
Clause 4.4.5
Clause 4.4.6
Clause 4.4.7
Clause 4.5.1, 4.5.2
Clause 4.5.3
Clause 4.5.4
Clause 4.5.5
Clause 4.6
Six Sigma
Statistics in Quality
Distribution in Quality
Business Process Management
Seven QC Tools
Management and Planning Tools
Voice of the customer
VOC Data collecting tools
Project charter
Quality Function Deployment
Benchmarking
Team Management
Team Managements Skills
Team Management Tools
Process Analysis Tools
Measurement Systems in Quality
Measurement System Analysis

Failure Mode and Effects Analysis
Statistical Process Control
Process Capability
Regression Analysis
Hypothesis Testing
Analysis of Variance – ANOVA
Nonparametric Tests
Multivariate Tools
Design of Experiments
Design for Six Sigma
Lean Enterprise
Visual Management
Total Productive Maintenance
Error Proofing
The Kanban System
The Kaizen Event
One Piece Flow
ISO 27001:2013 ISMS
ISMS: Context of the organization
ISMS: Leadership
Information Security Risk Management
Establishing Information Security objectives
Information security policies
ISMS: Information security in project management
ISMS: Mobile devices Policy
ISMS Teleworking
ISMS Human Resource Security

Advertisements
APB Consultant
Your Partner in ISO Compliance
Welcome to APB Consultant
ISO 9001:2015 QMS
Process Approach
Annex SL
Risk based Thinking
Clause 4: Context of the Organization
Clause 5: Leadership
CLAUSE 6: PLANNING
CLAUSE 7 SUPPORT
Clause 7.1.6: Organizational Knowledge
Clause 7.5 Documented Information
ISO 9001:2015 Gap Analysis tools
ISO 14001:2015 EMS

ISO 9001:2008
Clause 1,2,3
Clause 4.1
Clause 4.2
Clause 5.1,5.2,5.3
Clause 5.4
Clause 5.5
Clause 5.6
Clause 6
Clause 7.1
Clause7.2
Clause7.3
Clause 7.4
Clause 7.5
Clause 7.6
Clause 8.1
Clause 8.2
Clause 8.3
Clause 8.4 & 8.5
The Eight principles of Quality Management
ISO 9000:2005
Fundamentals of QMS
Terms relating to Quality
Terms relating to management
Terms relating to process and products
Terms relating to Characteristics
Terms relating to Organization
Terms relating to Conformity
Terms relating to Documentation
Terms related to Examination
Terms related to Audit
Terms related to quality management for measurement processes
ISO 14001:2004
Clause 4.1
Clause 4.2
Clause 4.3.1
Clause 4.3.2
Clause 4.3.3
Clause 4.4.1
Clause 4.4.2
Clause 4.4.3
Clause 4.4.4
Clause 4.4.5
Clause 4.4.6
Clause 4.4.7
Clause 4.5.1, 4.5.2
Clause 4.5.3
Clause 4.5.4
Clause 4.5.5
Clause 4.6
Six Sigma
Distribution in Quality
Seven QC Tools
Management and Planning Tools
Project charter
Benchmarking
Team Management

Statistical Process Control
Process Capability
Regression Analysis
Hypothesis Testing
Nonparametric Tests
Multivariate Tools
Lean Enterprise
Visual Management
Error Proofing
The Kanban System
The Kaizen Event
One Piece Flow
ISO 27001:2013 ISMS
ISMS: Leadership

ISMS Teleworking
Top of Form
Search Search
Bottom of Form
Home » ISO 9001:2015 CLAUSE 8 OPERATION
ISO 9001:2015
ISO 9001:2015 Quality Management System
Process Approach
Annex SL
Risk based Thinking
ISO 9001:2015 Clause 4 Context of the Organization
ISO 9001:2015 CLAUSE 6 PLANNING
ISO 9001:2015 CLAUSE 7 SUPPORT
ISO 9001:2015 Organizational Knowledge
ISO 9001:2015 Documented Information
ISO 9001:2015 GAP Analysis tools

ISO 14001:2015 EMS
ISO 14001:2015 Environment Management System
ISO 9001:2008
ISO 9001-clause 1,2,3
ISO 9001-Clause 4.1
ISO 9001-Clause 4.2
ISO 9001-Clause 5.1,5.2,5.3
ISO 9001-Clause 5.4
ISO 9001-Clause 5.5
ISO 9001-Clause 5.6

ISO 9001-Clause 6
ISO 9001-Clause 7.1
ISO 9001-Clause 7.2
ISO 9001-Clause 7.3
ISO 9001-Clause 7.4
ISO 9001-Clause 7.5
ISO 9001-Clause 7.6
ISO 9001-Clause 8.1
ISO 9001-Clause 8.2
ISO 9001-Clause 8.3
ISO 9001-Clause 8.4 & Clause 8.5
ISO 9000:2005
Fundamentals of quality management systems as per ISO 9000
Terms relating to Quality in QMS
Terms relating to management in QMS
Terms relating to Organization in QMS
Terms relating to process and products in QMS
Terms relating to Characteristics in QMS
Terms relating to Conformity in QMS
Terms relating to Documentation in QMS
Terms related to Examination in QMS
Terms related to Audit in QMS
Terms related to quality management for measurement processes in QMS
Meta
Log in
Entries RSS
Comments RSS
WordPress.org
CLAUSE 8 OPERATION
The bulk of the management system requirements lies within this single clause. Clause 8 addresses
both in-house and outsourced processes, while the overall process management includes adequate
criteria to control these processes, as well as ways to manage planned and unintended
change.Whatever the organisation is in business to achieve, clause 8 is it. The overall process
management includes having process criteria, controlling the processes within the criteria,
controlling planned change and addressing unintended change as necessary. The organization shall
plan, implement and control the processes needed to meet their discipline-specific requirements.
This also relates to implementing the actions determined in 6.1 (actions to address risks and
opportunities) and 6.2 (objectives and plans to achieve them). The organization is required to:
Establish criteria for the processes (possibly in work instructions)
Implement control of the processes, in accordance with the criteria (possibly through training and
awareness)
Keep documented information to the extent necessary to have confidence that the processes have
been carried out as planned (possibly within its QMS, or integrated MS)
Control planned changes and review the consequences of unintended changes, taking action to
mitigate any adverse effects (possibly through a management of change process)
Ensuring outsourced processes are controlled. This would include control and/or influence
(depending on its ability to do so — size of order, importance to external organization etc.).
Typical audit evidence would relate to: the type and extent of control/influence to be applied is
defined within its QMS, processes for assessing the importance/risk of the outsourced activity
and deriving suitable controls, and monitoring the effectiveness of the controls etc. This
could involve the purchasing, risk/compliance, and operations/production functions within
the organization. The context of the organization, and the relevant needs and expectations
of interested parties, will clearly have a bearing on the extent of control/Influence expected of its
outsourced processes.
Clause 8, Operation, has seven sub-clauses:
8.1 Operational Planning and Control

8.2 Determination of Requirements for Products and Services
8.3 Design and Development of Products and Services
8.4 Control of Externally Provided Products and Services
8.5 Production and Service Provision
8.6 Release of Products and Services
8.7 Control of Nonconforming Process Outputs, Products, and Services
8.1 Operational Planning and Control
The Organization should plan, implement, and control the processes, as outlined in 4.4, needed to
meet requirements for the provision of products and services and to implement the actions
determined in 6.1 by determining product and services requirements; establishing criteria for the
processes and for the acceptance of products and services; determining the resources needed to
achieve conformity to product and service requirements; implement control of the processes in
accordance with the criteria; determining, maintaining and retain documented information to the
extent necessary to have confidence that the processes have been carried out as planned and to
demonstrate conformity of products and services to requirements. The output of this planning
should be suitable for the organization’s operations. The organization should control planned
changes and review consequences of unintended changes, taking action to mitigate any adverse
effects, as necessary. The organization should ensure outsourced processes are controlled in
accordance with 8.4.
Clause 8.1 requires that operations be conducted through processes that are planned and controlled
regardless of whether the organization or an outside party performs the process. Requirements for
products and services are required to be determined and criteria established for
acceptance. Identification of resources needed to achieve conformity is required. Planned changes
are required to be controlled and action taken to mitigate the effects of unintended consequences
of changes. Documented information is required to be kept (retained) to demonstrate conformity
of product and service to requirements and that processes have been carried out as planned. The
individual planning step in the 2008 version focuses on determining how to verify conformity, the
2015 version is oriented around the notion of managing and adequately resourcing a set of
processes so that a state of control is achieved even when intended or unintended changes occur. It
also indicates a requirement to review consequences and mitigate adverse effects as necessary. The
clause also requires that the organization keep documented information to have confidence that
these processes have been carried out as required. Note that the requirement for processes to
accomplish all the operational activities is not repeated in each clause. A lack of
repetitious requirements in each clause does not mean processes and documented information are
not required. The first sentence of clause 8.1 makes the point that the organization “shall plan,
implement and control the processes needed to meet the requirements for the provision of
products and services.” It also reinforces the relationship between clauses 4.4 and 6. Therefore,
even though ISO 9001:2015 may appear to some to have reduced the requirements for processes
and controls, we believe clause 8.1, coupled with clauses 4 and 6, requires an organization to define,
document, control, and keep records at least at the same level as previously required, and perhaps
to an even greater level of comprehension.
Many organizations long ago adopted the process approach to managing operations, and thus may
already be close to conforming. They may review of the language in the new standard and tweaking
processes and documented information, as appropriate. The organization needs to incorporate any
additions, deletions, or modifications that are perceived as necessary or desirable to conform with
these more process—oriented requirements and possibly to improve process effectiveness. Subtle
“new” requirements related to control of changes and mitigating adverse effects should also be
considered. On the other hand, some organizations may not have embraced the process approach to
operational controls. Less documentation may be required, but ISO 9001:2015 requires that
the organization understand the processes needed to deliver conforming products to customers.
These processes must be understood not only with respect to the products themselves but also in
the broader context of the objectives of the organization and any other requirements of the QMS
(including interested parties and risks and opportunities). It may be advisable to:
Create a quality plan for a product or service to describe how the QMS will be modified and applied
to all operations. Such a plan could include or reference procedures and records to be
maintained and analyzed.
Consider using the product design and development process approach for designing processes. This
is a requirement in the automotive industry. It has become a best practice demonstrated in many
organizations even though ISO 9001 does not explicitly require adherence to the design and
development requirements for internal process designs. This enhances both the effectiveness and
the efficiency of processes.
Identify key performance measures for both products and processes and align them with your
quality and business objectives.
The only requirement in clause 8.1 for documented information is to retain or maintain documented
information as necessary to provide confidence that the processes have been carried out
as required. Organizations should also consider maintaining documented information describing the
operational processes and how they are to be carried out. The requirement to plan, implement, and
control the processes needed to meet the requirements for the provision of products and services
would be very difficult to achieve if documented information is not created and maintained for all
processes of the QMS
The focus of clause 8.1 is on controls governing the making of product to meet customer
requirements and all the QMS processes that, directly or indirectly, make this happen. Operation
processes may include customer related processes (sales and marketing), design and development,
production, shipping, receiving, packaging, measurement and monitoring of product and processes,
etc., whether performed onsite or off-site. Some of the support processes that come to bear on
Operations include document control, record control, human resources, infrastructure provision and
maintenance, IT, purchasing and materials management, laboratory services and control of
monitoring and measuring devices, business planning etc. The output of Operation planning may be
implemented in many different ways. It does not necessarily have to be all in one document, but
may sometimes include several documents such drawings, machine set-up, inspection criteria,
process sheets etc. These must be readily available to those performing these processes.
You may also consider using specific product, contract or project quality plans to accomplish this.
Your quality plans should include the processes needed, process sequence and control parameters,
specific resources needed to make, verify and deliver product, product acceptance criteria and
quality objectives, product and process monitoring and measurement controls, plans to control and
correct any product or process nonconformities, reference to support processes, documents needed
such as work instructions or engineering specifications, etc. and details of records to be kept. Focus
on defect prevention in planning the controls for product realization. Quality objectives may
include defect rates, scrap rates, etc. Requirements or criteria for the product may include physical
properties, dimensional , functional, etc, and their related measurements, tolerances and
acceptance levels. In many instances, depending on the nature of the product, the customer may
specify objectives and requirements and criteria for the product realization processes as well. You
must identify and document all processes addressing this clause as part of your QMS . For these
processes, you must also identify what specific documents are needed for effective planning,
operation and control of production processes. These documents may include contracts,
specifications, orders, product quality plans, work instructions, a documented procedure etc.,
combined with unwritten practices, procedures and methods. Look at the risks related to your
product, processes and resources in determining the nature and extent of documented controls you
need to have. Where any of the product realization processes are done off-site (e.g. at head-office),
your QMS must include the off-site processes within your QMS and ensure that such processes
comply with ISO 9001 requirements. The expectation is to flow down to the off-site facility, the
relevant ISO 9001 requirements that you would have to implement, had you carried out the process
at your own facility. Performance indicators to measure the effectiveness of product realization in
meeting requirements and achieving quality objectives will be specific to each realization process
and focus on reducing variation and waste in realization processes and related use of
resources. Objectives may be used to monitor and improve process productivity, reduction of cycle
time, errors, omissions and failures etc. You must also consider indicators to measure product
performance such as – reduction in defect rates, PPM’s (defective parts per million), scrap rates,
waste and rework, improvement in on time delivery, product returns from customers etc.
8.2 Determination of Requirements for Products and Services
8.2.1 Customer Communication
The organization must establish the processes for communicating with customers to
provide information relating to products and services; inquiries, contracts, or order handling,
including changes; obtaining customer feedback relating to product and services including customer
complaints; handling or controlling customer property, and establishing specific requirements for
contingency actions, when relevant.
8.2.2 Determination of Requirements related to Products and Services
The organization must ensure, while determining the requirements for the products and services to
be offered to customers that the product and service requirements (including those considered
necessary by the organization), and applicable legal requirements, are defined. The organization
must also ensure that it has the ability to meet the defined requirements and substantiate the claims
for the products and services it offers.
8.2.3 Review of Requirements for Product and services
8.2.3.1 The organization must ensure that it has the ability to meet the requirements for products
and services to be offered to customers. The organization shall conduct a review before committing
to supply products and services to a customer; The review should include the requirements
specified by the customer, including the requirements for delivery and post-delivery
activities; requirements not stated by the customer, but necessary for the specified or intended use,
when known; requirements specified by the organization; statutory and regulatory requirements
applicable to the products and services; contract or order requirements differing from those
previously expressed. The organization must ensure that contract or order requirements differing
from those previously defined are resolved. When the customer does not provide a documented
statement of their requirements, the organization must confirm them before accepting them. In
some situations, such as internet sales, when a formal review is impractical for each order,
the review can cover relevant product information, such as catalogues.
8.2.3.2 The organization should retain documented information on the results of the review and on
any new requirements for the products and services.
8.2.4 Changes to requirements for products and services
The organization should ensure that relevant documented information is amended, and that
relevant persons are made aware of the changed requirements. when the requirements for products
and services are changed.
Clause 8.2.1 requires the organization to conduct communications with customers. The detail
requirements for communications with customers include:
Providing product- and service-related information
Handling customer orders of all types and changes thereto
Getting customer feedback including complaints
Exercising appropriate controls for any customer-owned property
Establishing requirements for contingency actions
Clause 8.2.1 requires processes to accomplish specific types of information exchange. It require five
specific types of communication with customers to be included in the organization’s processes:
Product and service information, including customer requirements
Documented agreements with the customer, such as contracts, orders, changes, and other
information needed to meet customer requirements
Customer feedback including complaints
The handling and treatment of customer-owned items was covered in great detail in clause 7.5.4 in
ISO 9001:2008. The specific requirements of the 2008 version have been significantly simplified.
Any contingency actions that are relevant.
Clause 8.2.1 is similar to clause 7.2.3 of ISO 9001:2008. The point of grouping these items under
customer communications is to emphasize that these communications need to be systematically
planned like all other processes. In doing so, consider the information in clause 7.4
on communication and the requirements related to process management in clause 4.4. If the
customer is the organization’s most import contact, shouldn’t we concentrate some key planning
effort on the processes used to communicate with them? It is generally necessary that a careful
record be maintained of the requirements. Often the process involves multiple discussions, reviews
(clause 8.2.2), and even early design and development work (clause 8.3). Carefully thought-out
methods are needed to efficiently retain this input information for later use in the design process
and as input to resolution of disputes that may arise.
Clause 8.2.2 requires the organization to determine the requirements related to its products and
services. This includes:
Establishing a process for determining the requirements for the products offered to potential
customers
Determining requirements of the customer
Determining requirements for the organization
Determining requirements from applicable statutes and regulations
Determining that the organization has the ability to meet the requirements and substantiate claims
related to its products and services
One of the key things that the communication with customers needs to ensure is that customer
requirements and other requirements for the product or service are clearly understood. But
communication and understanding of customer requirements is only one piece of the requirements
puzzle. Many products are regulated and customers may have no knowledge of the regulatory or
statutory details. Often the organization has learned key things that must be done a certain way for
the product or service to meet customer requirements. Customers cannot be expected to know
about many of these things. It is the organization’s responsibility to understand all
these requirements and their specific application. It is also the organization’s responsibility to
determine whether it can successfully deliver conforming product or service to the customer.
Conformity is not difficult for organizations providing off-the-shelf catalog products manufactured to
published specifications or standardized services with normal delivery requirements. However, if
customers are purchasing complex systems with custom engineering and software according to
a complex set of commercial terms, it is essential to obtain a clear understanding of customer
requirements by whatever means possible, including activities such as holding face-to-face meetings
and attending pre- bid meetings. Full determination of customer requirements can be an iterative
process. Often there are known issues that may evolve into real requirements at a later stage. In
such cases, documentation of the open issues and providing for the attendant business risk may
prove to be an acceptable approach to meeting the requirements of this clause. The determination
of customer requirements is a critical activity and generally involves several functions and levels in
an organization. It is recommended that you maintain documented information to describe
the process for determination of all aspects of product and service requirements. The documented
information should include both product requirements specified by the customer and product
requirements not specified by the customer but necessary for intended or specified use. Also,
unique regulatory and statutory requirements should be considered as well as commercial terms
and conditions.
Clause 8.2.2b requires that the organization have the ability to meet requirements. Often with
advanced products there is a need to advance the state of the art as product development
progresses. Such situations should be clearly identified and the business risks understood. In such
cases, the defined requirements could be the development of the needed technological advance. To
avoid customer complaints or dissatisfaction, even for “requirements” that are not clearly stated
(e.g., regulatory requirements or marketplace norms), the organization should consider a
comprehensive understanding of customer requirements, perhaps even performing a failure modes
and effects analysis (FMEA) on the processes as a form of risk assessment. Since the review process
required in clause 8.2.2 is often iterative, retention of documented information of review results (eg,
who reviewed what, when, and using what method) can be a practical necessity. While clause 8.22
does not require retention of any documented information on these determinations, it
is recommended to have such records.
Clause 8.2.3 states the obligation of the organization to review the requirements of products and
services, which includes:
Customer-specified requirements for the product or service, including any requirements for delivery
or post-delivery actions
Requirements known to be needed by the organization even though not specified by the customer
Applicable statutory and regulatory requirements applying to the product or service
Requirements of the final contract or order differing from those previously provided by or discussed
with the customer
The review is required to:
Be performed prior to the organization’s commitment to produce the product or service
Ensure resolution of all order requirements that may differ from those previously defined
Include confirmation of the requirements in cases where the customer does not provide
documented requirements o Retain documented information on the results of the review
The acceptance of an order or the submission of a quote or tender by an organization obliges the
organization to meet the conditions stated in the order or to provide the goods and services
included in the scope of the quotation or tender. The obligation assumed by the organization
includes not only the products defined but also ancillary items such as conformance to stated
delivery dates, adherence to referenced external standards, and compliance with the commercial
terms and conditions applicable to the order, contract, quote, or tender as well as applicable
statutory and regulatory requirements. The complexity of the order/quote review process depends
on the products and services of the organization. A process for reviewing oral orders for off-the-shelf
products with 24 hour delivery (e.g., software packages) will differ considerably from a process for
reviewing a large order for a one-of-a-kind product with a two-year delivery (e.g., an order for
a control system for an electric power-generating station). The review process must also
accommodate, as applicable, electronic orders, blanket orders with periodic releases, unsolicited
orders, orders through distributors or representatives, faxed orders, and an almost infinite
combination of these and other possibilities. If the organization is involved in internet sales, creative
thinking will be required to efficiently review customer requirements. With such a spectrum of
possibilities, what is an organization expected to do to conform to the requirements? The first step
should be to develop a clear understanding of the nature of the various kinds of customer
requirements and fully understand each communication channel involved. If, for example, an
organization publishes a catalog and accepts only written orders for catalog—listed items to
standard delivery times, then the order or contract- review procedure can be simple. The process
could be a designated individual (e.g., a manager, a clerk) reviewing, initiating, and dating
the written order. This simple process can be used as valid evidence that requirements can be met. If
an organization must address possibilities that occur only rarely, the organization could simply note
in documented information (i.e., a procedure) that any circumstances different from standard terms
and conditions will be addressed by a specific quality plan. Such a plan can be generated as the
unique occasion arises. Thus, a simple order-entry process can have a very simple, brief,
and effective contract-review process. For the large, complex contracts or quotations, the review
process may involve many organizational entities such as engineering, manufacturing, legal, finance,
and quality assurance. Accordingly, the procedures governing such reviews can be complex
and lengthy. A good guideline to keep in mind when developing a process to address the specific
requirements of clause 8.2.3 is to balance the risks to the organization with the effort expended in a
review of customer requirements, keeping in mind that the purpose of the review is to add value
and not to create a bureaucratic morass. A formal process should be deployed that indicates who
will do what and how often.
Clause 8.2.4 states that changes are required to be controlled and documented information updated
to ensure that changes are properly included in documented information. When changes to product
requirements, orders, contracts, or quotations occur, the organization is required to ensure that
relevant documented information is amended and communicated, as appropriate, within
the organization. This simple and fundamental requirements are often much harder to
meet. Changes tend to come from all sorts of sources. Customer floor-level workers in today’s
environment often talk directly to factory workers in customers’ plants. Cell phones are used to
relate the latest changes to schedules and requirements. The situation can turn into chaos. Thus,
control rules are needed so that decisions related to changes are made by the appropriate people
with the relevant and up-to-date information. These considerations should be a key part of
considering process interactions. Often rapid response is critical for the customer, so design the
system in such a way that you can deliver just that. Considerations for Documented Information to
Be Maintained and/or Retained, Keeping good records of changes is both a challenge and a
practical necessity.
Customer related processes must include controls for determining customer and regulatory
requirements, a review of such requirements, and communication with the customer. Customer
requirements extend beyond product specifications and may include on-time delivery, packaging,
labeling, mode of delivery, documentation, communications, QMS requirements, after sales
servicing, etc. Many of these requirements may also come from regulatory, industry or from within
your own organization. Depending on the product or service, you must determine if any industry or
regulatory requirement is applicable on product characteristics or process parameters that affect the
product’s safety or compliance with regulatory requirements. You must consider all laws and
regulatory requirements that may affect your product, materials, labor, production processes, your
facility and work environment, etc. Where some or all of the processes – for determining customer
requirements; for contract review and customer communication; etc., are done offsite, then you
must show the linkages and interaction of these offsite activities with your on-site QMS
processes. The nature of requirements review may be different for different types of product or
services. Your review records must show the basis of review. Make sure you do your due diligence
and risk analysis before you commit to contractual arrangements. I have seen many companies get
into serious financial trouble, for taking on products transferred from another supplier, because they
did not assess all the risks. Manufacturing risk analysis is an assessment of your organization’s
capacity and capability to effectively and efficiently provide the customer specified deliverables. Risk
analysis should include timing, resources, development costs and investments, potential for, and
effects of, possible failures in processes, including suppliers. You should also consider financial and
profitability risk. Sometimes it may take a few months to receive an order or contract from the
customer, after you have sent them your quotation. Your review process must ensure that you
compare the customer’s order or contract with your latest quotation, and resolve any differences
(accept or re-negotiate), before you accept the order or contract. Your customer relations
management process must include a sub-process for change control and must include – a review of
the change either from customer or internal from organization and its impact on fit, form,
functionality, other processes, financial, delivery, etc. Have a process for change control. For
significant issues or changes, obtain customer approval in writing for any waivers or changes of
contractual or QMS requirements. Customer communications may take many forms such
as software and interfaces for design and development, logistics, customer satisfaction feedback,
etc. You must ensure that personnel at all levels have the competency and training to use these
communications media and tools. You must identify and document all processes addressing this
clause as part of your QMS . For these processes, you must also identify what specific documents are
needed for effective planning, operation and control of production activities. These documents may
include – contracts, specifications, orders, product quality plans, work instruction, a documented
procedure etc., combined with unwritten practices, procedures and methods. Look at the risks
related to your product, processes and resources in determining the nature and extent of
documented controls you need to have. Performance indicators to measure the effectiveness of
customer-related processes in meeting requirements and achieving quality objectives should focus
on reducing variation in and improving these processes and related use of resources. Indicators may
include reduction in quote cycle time, pre and post-award review cycle time, order-entry errors and
omissions etc., and improvement in conversion ratio (i.e. ratio of contracts/orders awarded to
quotes).
8.3 Design and Development of Products and Services
Clause 8.3, on design and development controls, has six subclauses:
8.3.1 General
8.3.2 Design and development planning
8.3.3 Design and development inputs
8.3.4 Design and development controls
8.3.5 Design and development outputs
8.3.6 Design and development changes
8.3.1 General
The organization should establish, implement, and maintain a design and development process. such
that they are adequate for subsequent production or service provision.
8.3.2 Design and Development Planning
While planning for design and development, the organization must consider the following in
determining the stages and controls for design and development:
the nature, duration and complexity of the design and development activities;
the required process stages, including applicable design and development reviews;
the required design and development verification and validation activities;
the responsibilities and authorities involved in the design and development process;
the internal and external resource needs for the design and development of products and services;
the need to control interfaces between persons involved in the design and development process;
the need for involvement of customers and users in the design and development process;
the requirements for subsequent provision of products and services;
the level of control expected for the design and development process by customers and
other relevant interested parties;
the documented information needed to demonstrate that design and development

requirements have been met
8.3.3 Design and Development Inputs
The organization must determine the requirements essential for the specific type of products and
services being designed and developed, including, as applicable, functional and performance
requirements; applicable legal requirements; information derived from previous similar design and
development activities; standards or codes of practice the organization has committed to
implement; potential consequences of failure due to the nature of products and services; Ensure
inputs are adequate for design and development purpose, complete, and unambiguous. Resolve
conflicts among Design and Development inputs.
8.3.4 Design and Development Controls
The organization should apply controls to the design and development process to ensure
that results to be achieved by the design and development activities are clearly defined; Design and
development reviews are conducted as planned; Verification activities are conducted to ensure that
the design and development outputs have met the design and development input requirements;
Validation activities are conducted to ensure that the resulting products and services are capable of
meeting the requirements for the specified application or intended use (when known). The
organization must take any necessary actions on the problems determined during the reviews, or
verification and validation activities. The organization must maintain any documented information of
these activities. Design and development reviews, verification and validation have distinct purposes.
They can be conducted separately or in any combination. as is suitable for the products and services
of the organization.
8.3.5 Design and Development Outputs
The organization must ensure that design and development outputs meet the input requirements
for design and development. They should be adequate for the subsequent processes for the
provision of products and services. They must include or have a reference of monitoring and
measuring requirements, and acceptance criteria, as applicable. They must ensure products to be
produced, or services to be provided, are fit for intended purpose and their safe and proper use. The
organization must retain the documented information resulting from the design and development
process.
8.3.6 Design and Development Changes
The organization should identify, review and control changes made (during the design and
development of products and services, or subsequently) to design inputs and design outputs to the
extent that there is no adverse impact on conformity to requirements. The organization must retain
documented information on design and development changes, the result of review, the
authorization of changes and action taken to prevent adverse impact.
Design and development activities needed for products and services are required to be planned and
controlled through an established, implemented, and maintained process. This process may be used
for both products and services and for associated processes. It is required to include the following:
Planning to determine design stages considering activities such as verification and validation, control
of design interfaces, design review, resources needed for design and development,
customer involvement, and the documented information needed to confirm that input requirements
are met.
Determination of the design and development inputs required, including such things as functional
requirements, regulatory and statutory requirements, applicable standards or codes,
information from earlier projects, and potential consequences of failure. Conflicting requirements
are required to be resolved.
Design and development controls, including clear delineation of the results to be achieved, planning
and conducting design and development reviews and verification activities to ensure design outputs
meet input requirements, and validation to ensure the products and services meet the requirement
for the application intended.
Design and development outputs are required to meet input requirements, to be adequate for
subsequent processes in the provision of the product or service, and to ensure the products
and services are fit for their intended purpose.
Design and development changes are required to be identified, reviewed, and controlled. This
includes changes to design inputs or outputs. Controls are required to ensure that changes do not
have an impact on the products and service conformity.
The organization is required to retain documented information resulting from the design and
development process, including design and development changes.
The intent is to ensure that the organization plans and controls design and development projects.
The key reason for this emphasis on planning is to maximize the probability that the project will
meet defined requirements. If the design and development processes are well planned and
controlled, an additional benefit should be that projects are completed on time and
within budget Planning is required at the level of detail needed to achieve the design and
development objectives—not to generate an excessive amount of paperwork. Stages of the project
need to be determined, and responsibilities, authority, and interfaces need to be defined.
Requirements need to be established for the incorporation of review, verification, and validation
into the design and development project. The organization needs to determine how
communications will be structured (e.g., weekly meetings, periodic reports, or other methods). In
many cases a number of organizations are involved in this process, and the success of the design and
development project often rests heavily on proper identification, understanding, and control of
design interfaces.
You must include product design and development in your QMS scope if you contract or convey the
perception that you design product, regardless whether you buy, outsource or actually do design
and development. The scope of your design and development activity must consider all aspects of
the product and product realization processes to ensure its conformity to requirements. This
includes product identification, handling, packaging, storage and protection during internal
processing and delivery to the customer. Product design and development sometimes results in new
manufacturing processes or changes to existing manufacturing processes. This clause is equally
applicable for designing and developing manufacturing processes. Product design and development
planning must focus on error prevention rather than detection in product quality as well as product
realization processes. You must have an overall plan for your design project. Your plan must specify
the design and development stages, activities and tasks, responsibilities, timeline and resources,
specific tests, validations, and reviews, and outcomes. There are many tools available for planning
ranging from a simple checklist to complex software. The degree and details of planning may vary
according to size and length of contract or project, complexity, risk, product life, customer and
regulatory requirements, past experience with similar product, etc. You have flexibility in
determining the scope of the stages, review, verification and validation required for your product
design and development projects. Your plan must be dynamic and updated as requirements and
circumstances change. You must track progress against your plan at regular intervals or project
milestones and update the plan as activity progresses. Your design and development plan must
include methods to communicate information, responsibilities, results, discussions, reviews and
resources. You must take a multi-disciplinary approach that includes as needed, other functions
(besides design) such as quality, engineering, purchasing, sales, tooling, production, etc. Your plan
must clearly identify these other functions and their specific role and responsibilities regarding the
project. Consider including customer and supplier personnel at appropriate stages to do work and
review results or progress. A multi-disciplinary approach applies collective and relevant knowledge
and skills of these different functions to carry out or review design and development activities. The
design and development project plan serves as both a document and a record as it is updated for
completion for various activities. Where some or all of clause 8.3 design and development activities
are done off site, then you must show the linkages and interaction of these offsite activities with
your on-site QMS processes. You must identify and document all processes addressing this clause as
part of your. For these processes, you must also identify what specific documents are needed for
effective planning, operation and control of production activities These documents may
include contracts, technical drawings and specifications, a documented plan for design and
development, work instructions, a documented procedure etc., combined with unwritten practices,
procedures and methods. Look at the risks related to your product, processes and resources in
determining the nature and extent of documented controls you need to have . Many organizations
use various software tools to document their product or process design and development plans. If
the nature of your business does not require you to design and develop product (e.g. you
manufacture strictly from customer provided engineering drawings and specifications), then you
must clearly state this exclusion to your QMS scope, in your quality manual. Performance indicators
(to measure the effectiveness of design and development processes in meeting requirements and
achieving quality objectives) should focus on reducing variation in and improving these processes
and related use of resources. Indicators may include reduction in design cycle time, development
cycle time, specification errors, omissions, changes, design and development costs etc., as well as
measurable improvements in products developed.
You must identify, document and review design inputs requirements for function, performance,
safety, regulatory, quality, reliability, durability, life, timing, maintainability, cost, identification,
traceability, packaging, special or safety characteristics from the customer or regulatory body, and
other requirements essential to the product. You must have a process that should be part of your
design and development plan to identify, document, review , deploy and use design input
information such as documents coming from various sources such as customer contracts, drawings
and specifications, your own organization’s database of previous design and development projects,
competitor analysis, industry standards, feedback from suppliers, field data. Design and
Development usually requires the input and involvement of many other functions and processes
such as contract review, product realization, purchasing, top management etc. within the
organization and your process must manage this interaction by defining responsibilities and means
of communications. Inclusion of these controls in your design and development plan is one of many
effective ways to achieve this. Such a multi-disciplinary approach has the benefit of applying the
collective and relevant knowledge and skills of these different functions to carry out or review design
and development activities.
You must identify and include any special and safety characteristics in your process control
documents such as quality plans, product drawings, operator instructions and other documents
used to make or verify product. Note that special requirements can also include process parameters
such as temperature, timing, concentrations, etc. You must review all input requirements, review
design and development progress, verify product design and validate developed product at various
stages of your design and development process. The nature, frequency and scope of these controls
must be defined in your design and development plan or other document. You must carry out these
controls according to your plan and keep appropriate records .
Do design reviews at one or more milestones of the design and development project, depending on
customer requirements, the size, complexity and risks involved. The purpose of these reviews is to
evaluate results to requirements, check project progress and costs to plan and take actions on any
problems encountered. You must take a multi-disciplinary approach for doing these reviews and
keep appropriate records of issues discussed, actions to be taken, responsibilities and timeline for
completion. All design and development reviews must be included in your design and development
plan.Product design Verification includes design reviews, comparing the new design to a similar
proven design if available, performing alternate calculations, performing tests and simulations,
reviewing the design documents before release, etc. Verification is checking product or process to
input requirements, whereas validation is checking product or process is suitable for its intended use
does it perform/function in the way intended by your customer or your organization. Manufacturing
process design verification include design review , process capability studies, testing various process
parameters, performing tests and trials, reviewing the manufacturing process design documents
before release, etc.If you outsource any part of your design and development activity, then you must
exercise the same controls required by clause 8.3 on the outsourced work and the organization
doing the work, had it been done internally.Product and manufacturing process validation includes –
design reviews, comparison between customer requirements and internal development plans,
design and development validation against customer requirements and design and development
input requirements, corrective action and lessons learned from documented process failures and
product nonconformities. If you outsource any part of your design and development activity, then
you must exercise the same controls required by clause 8.3 on the outsourced work and the
organization doing the work, had it been done internally. Any problem you have encountered during
the verification and validation or identified during review must be resolved.
Design and development output may be product or documentation or both. Product may be
prototype or finished product and documentation could be a computerized or hard copy drawing or
specification. Check design and development output against the input requirements specified in
8.3.3, before you use it any further. Provide appropriate design and development output
information to:
Purchasing material or service specifications
Production output such as product specifications, special characteristics, drawings, diagnostics, etc.
Service output such as product specifications; performance reliability and maintenance criteria.
Initially, this information may be used for trials and validation, before being firmed up. Many
documents are created from the design and development output stage such as drawings, quality
plans, work instructions, etc. These documents must be controlled as per clause 7.5.3 such as
approval, revision control, distribution, etc. Where any sophisticated design and development tools
such as AutoCAD are used requiring specific competency or training, ensure you provide and keep
appropriate records of competency and training of personnel performing design and
development activities and use of these tools.
Make sure your process for design and development changes follow appropriate steps of clause 8.3
ie define plan, have inputs and outputs, verify and validate to the extent necessary to meet
customer requirements and control product, quality and business risks. Changes may come from
internal, customer or regulatory sources. Get all requests for product or manufacturing process
design changes in writing from your customer. Impact of the change must be evaluated on materials
used, design process, manufacturing process, characteristics and use of developed product,
regulatory compliance, cost etc. While planning for change the organization must follow all the
requirements as given in clause 6.3 planning for change and must also determine all risk and
opportunities as given in clause 6.1. Documented information on design and development changes,
the result of review, the authorization of changes and action taken to prevent adverse impact must
be maintained.
8.4 Control of Externally Provided Products and Services
8.4.1 General
The organization must ensure that externally provided processes, products, and services conform to
specified requirements. The organization must apply the specified requirements for control of
externally provided products and services when products and services are provided by external
providers for incorporation into organization’s own products and services; products and services are
provided directly to the customer by external providers on behalf of the organization; a process or
part of a process is provided by an external provider as a result of a decision by organization to
outsource a process or function. The organization must determine and apply criteria for evaluation,
selection, monitoring of performance, and re-evaluation of external providers based on their ability
to provide processes or products and services in accordance with specified requirements. The
organization must retain appropriate documented information of the above mentioned activities
and any necessary action arising out of evaluation.
8.4.2 Type and Extent of Control
The organization should ensure that externally provided processes, products and services do
not adversely affect the organization’s ability to consistently deliver conforming products and
services to its customers. The organization should ensure that externally provided processes remain
within the control of its quality management system. It should define both the controls that it
intends to apply to an external provider and those it intends to apply to the resulting output. In
determining type and extent of controls to be applied to external provision of processes, products
and services, organization must consider the potential impact of the externally provided processes,
products, and services on the organization’s ability to consistently meet customer and applicable
legal requirements and effectiveness of the controls applied by the external provider. The
organization must establish and implement verification or other activities necessary to ensure the
externally provided processes, products, and services meet the requirements.
8.4.3 Information on External Providers
The organization must ensure the adequacy of specified requirements prior to their communication
to external providers. The organization should communicate to external providers applicable
requirements for the following:
products and services to be provided or the processes to be performed on behalf of the

organization;
approval or release of products and services, methods, processes or equipment;
competence of personnel, including necessary qualification;
their interactions with the organization’s quality management system;

control and monitoring of the external provider’s performance to be applied by the organization;
verification activities that the organization, or its customer, intends to perform at the external
provider’s premises.
Externally provided processes, products and services includes
purchasing from a supplier
an arrangement with an associate company
outsourcing processes to an external provider.
The controls required for external provision can vary widely depending on the nature of the
processes, products and services. The organization can apply risk-based thinking to determine the
type and extent of controls appropriate to particular external providers and externally provided
processes, products and services;
Clause 8.4 covers the requirements to control purchased product including your outsourced process,
control suppliers you buy from, and requirements to control your buying process. Purchased product
includes raw materials, components, subassemblies, supplies, tooling, machinery and equipment,
sequencing, sorting, rework, testing, calibration, maintenance, etc. Note that clause 8.4
requirements apply to items that go into the product, manufacture the product, check the product
or deliver the product; whether paid for or customer provided. These may include materials,
production equipment, tooling, measuring and test equipment, facilities, transport vehicles,
returnable packaging, intellectual property (drawings, specifications or proprietary information),
product returned for servicing under warranty, product sent for outsourced work etc. You must have
specifications/criteria for purchased product. These specifications may come from your organization,
customer, regulatory bodies, supplier or industry. As documents, these specifications must be
controlled as per clause 7.5.3. Many times the customer may require the use of pre-approved
purchased products and suppliers. The onus is still on you to ensure that purchased product from
customer-designated sources meets all requirements. You must control both, the product you buy,
as well as the supplier you buy from. Your controls must primarily be based on prevention of
nonconformities in both product and supplier performance. Determine how important the
purchased product is to design, manufacture, assemble and maintain your end product. Factors such
as targets for product quality, life, reliability, durability, maintainability, and cost must be applied to
purchased product going into your end product. Categorize your purchased products and services
accordingly. Then determine what controls you need to ensure consistent purchased product quality
and consistent supplier performance. You can then apply different controls for different purchased
products. There are several ways to evaluate your suppliers. Besides product quality, your criteria for
supplier selection and evaluation may include the potential supplier’s financial capability, technical
and manufacturing capability and capacity, reliability, reputation, flexibility to handle changes,
support, service, cost etc. The importance of these criteria will vary according to the items materials
or services you purchase, and so you can apply different criteria to different suppliers. You can
categorize your suppliers accordingly based on these criteria. It might be useful to maintain a list of
all qualified suppliers. In addition to the initial evaluation and approval of suppliers, you are required
to carry out ongoing monitoring and measurement of their performance. Use supplier monitoring
indicators to evaluate the consistency, capability and reliability of their performance for quality,
delivery, support, etc. On-time delivery is very important and disruptions (due to waiting for
materials) at your customers or even your own facility must be avoided. Depending on the risks
related to materials supplied and supplier performance, you might consider requiring some of your
key suppliers to comply with some or all of ISO 9001 requirements and perhaps even certification.
You must identify your purchasing processes whether on site or off site. For each process, you must
document the controls for purchased product and suppliers. You must also show the linkage and
interaction of purchasing processes with other processes such as design, manufacturing, tooling
maintenance, calibration. Where any of your controlled suppliers have gone through a significant
organizational change you must verify the continuity and effectiveness of their QMS. You must keep
records of all supplier evaluations (whether initial or periodic), including any corrective actions
placed on them for any nonconformities. You must identify and document all processes addressing
this clause as part of your QMS. For these processes, you must also identify what specific
documents, controls and resources are needed .You could use a documented procedure or other
combination of specific practices, procedures, documents and methods. Look at the risks related to
your product, processes and resources in determining the extent of documented controls you need
to have. Performance indicators to measure the effectiveness of purchasing processes in meeting
requirements and achieving quality objectives should focus on measuring supplier performance and
reducing variation in and improving purchasing processes and related use of resources. Indicators for
supplier performance may include reduction of defects in supplied product, scrap, waste and
rework, improvement in on-time delivery, service, cost, etc. Indicators for purchasing process may
include reduction in supplier- quote review cycle time, contract award cycle time, purchase order-
entry errors and omissions, receiving errors & omissions etc.
As indicated earlier, you can apply different controls for different suppliers and products depending
on your initial supplier evaluation and their ongoing product quality and delivery performance. In
any case these controls must be included or referenced in your quality or inspection plans. To the
extent that you decide to do verification of purchased product, you also have flexibility in when you
do the verification. You can do it on receipt or at any time prior to use in production. Make sure you
appropriately control un-inspected product. This may include identification and storage to prevent
unintended use. Consider using supplier quality plans, inspection plans, etc., to verify that purchased
product meets specified purchase (product and QMS) requirements. Verification of purchased
product can range from doing no verification to 100% verification. You have flexibility in determining
the scope of purchased product verification. Your inspection process must define and document the
acceptance criteria and sampling plan for product conformity and what measurement tools
needed and records needed to show effective control of purchased product quality and supplier
performance.
Your purchase documents such as purchase order, contract, blanket order, your organization’s
supplier quality manual, etc. must specify your requirements for the purchased product; the
suppliers QMS and any other initial or on-going controls you deem necessary for ensuring consistent
supplier performance. You must define how you ensure the adequacy of these documents before
you communicate them to your supplier. A review of adequacy of purchasing documents may
include their completeness, accuracy, correctness, quantity, timing, cost, approval, etc., by one or
more functions; computerized controls, etc. In larger organizations, this may be a separate process
on-site or off-site. In either case, it must be identified and controlled. While clause 8.4.3 does not
specify keeping of records, you must show evidence of carrying out (issue purchase documents) and
review of these documents
An outsourced process is any value-adding or conversion activity related to your product or service,
that is performed by an external organization such as a subcontractor, sister facility, etc. Note that
the external organization may perform the outsourced activity at their facility or yours. A
manufacturing company may outsource welding, heat treatment or painting of product. A software
company may outsource software development. A bank may outsource check clearing services. You
must be able to demonstrate sufficient controls over outsourced processes to ensure that such
processes are performed according to the relevant requirements of ISO 9001:2008. The nature and
scope of such control will depend on the nature of the outsourced or subcontracted process and the
risk involved. Outsourced processes may be controlled in any number of ways, e.g., providing the
vendor with product specifications; your supplier quality manual that they must meet; asking for
inspection and test results or certificates of compliance; validation of outsourced process;
conducting product and QMS audits of your vendor; etc. The expectation here is that you flow down
to your vendor, the relevant ISO 9001 requirements that you would have to implement, had you
performed the process at your own facility.
CLAUSE 8.5 Production and Service Provision
8.5.1 Control of Production and Service
The organization should implement production and service provision under controlled conditions.
Include these controlled conditions, as applicable:
availability of documented information that defines characteristics of products and services.
availability of documented information that defines activities to be performed and results to be

achieved.
availability and use of suitable monitoring and measuring resources
implementation of monitoring and measurement activities at appropriate stages to verify that

criteria for control of processes and process outputs, and acceptance criteria for products and
services, have been met.
use and control of suitable infrastructure and process environment for operation of process.
appointment of competent person and, where applicable, required qualification of persons;
validation, and periodic revalidation, of ability to achieve planned results of any process for
production and service provision where resulting output cannot be verified by subsequent
monitoring or measurement.
implementation of products and services release, delivery, and post-delivery activities.
This clause provides a list of control requirements that you may use, if applicable to your business.
Identify and control all operation process. Show the interaction of these processes with other
processes. Use your product, project or contract quality plan to control your operation activities.
Schedule your operations taking into consideration customer delivery requirements, production
capacity and capability, material availability and usage, personnel availability and usage; storage;
etc. Carefully define and document the interaction of your operation scheduling process with your
logistics processes such as inventory management, customer communication, traffic and shipping
control, packaging and labeling, sales and billing. Use quality plans to control your operation
processes. Quality plans address what has to be made, how much has to be made, when it has to be
made, by whom, in what sequence, how it has to be made, what equipment to use, what
measurement and monitoring tools to use, what to inspect, when to inspect, how much to inspect,
what to do if problems arise, etc.Your quality plan must cover all operation process steps from
receipt of materials, production, packaging, storage, delivery and even post-delivery activities such
as installation or training. Your quality plans are dynamic and must be updated for the changes in
product specifications or process parameters; resources used; monitoring or measurement
requirements, etc. Your quality plans should reference any work instructions specified for the
process steps. Work instructions may be viewed as a subset of your quality plan and may relate to a
specific task or activity of your overall product realization process for e.g. setting up a machine,
performing an inspection, packaging a product, If you determine that work instructions are needed
at specific points in your process, then they must be readily available and relevant i.e. current or
right version. Note that work instructions may exist in may forms such as narrative, graphical, audio,
video, physical display etc. To improve your QMS, it will be very useful to draw a flow chart to link
the flow and interaction of the activities and sub-processes covered by these clauses, e.g. many
organizations overlook reviewing and updating their quality plans for corrective action taken to
address a manufacturing process problem. Operational personnel must have timely access to all
information relevant to their activities including specific work instructions if necessary. There may be
serious risk to production flow, if such information is unavailable or untimely. You must identify and
document all processes addressing this clause as part of your QMS For these processes, you must
also identify what specific documents are needed for effective planning, operation and control of
production activities. These documents may include – a product quality plan; work instructions;
documented procedure; etc., combined with unwritten practices, procedures and methods. Look at
the risks related to your product, processes and resources in determining the nature and extent of
documented controls you need to have. Performance indicators to measure the effectiveness of
operation processes in meeting requirements and achieving quality objectives should focus on
reducing variation in and improving production processes and related use of resources.
Validation is usually required where product cannot be verified without damaging or destroying the
product, e.g. some types of welding, heat-treatment, painting, electroplating, rust-proofing, etc. In
such instances, the quality of these activities may only be discovered after use. This would generally
not be acceptable due to safety (e.g. weld) or aesthetic (evidence of rust or dullness of chrome)
reasons. In the case of a service such as pizza delivery within 30 minutes of order placement, if the
timeliness of delivery is not verifiable, then validation would be required. However, most service-
oriented businesses (e.g. delivery; call center) have some form of monitoring during service
execution to ensure service quality. Validation involves conducting capability studies using a
combination of resources technology, equipment, materials, environment, competent personnel,
and production and testing methods that consistently result in a quality product or service.
Validation may also require customer or regulatory approval of the process. You must keep
appropriate records of process validation showing both the achievement of planned results as well
as the ongoing maintenance of such capability. If you change any part of the proven process
capability for e.g. materials, equipment or personnel, etc., you must revalidate i.e re-prove the
changed process. It is up to each organization to determine what combination of resources and
methods will provide the required consistent process capability and quality of product or service.
Include as appropriate, these validation controls in your quality plans.
Product related indicators may include reduction in defect rates, PPM’s (defective parts per million),
scrap rates, waste and rework; improvement in on time delivery. Production process related
indicators may include reduction in set-up time, run rates, process cycle time, production scheduling
and operator errors and omissions etc.
8.5.2 Identification and Traceability
The organization should use suitable means to identify “process outputs” where necessary to ensure
conformity of products and services. THe organization should identify status of “process outputs”
with respect to monitoring and measurement requirements throughout production and service
provision. The organization should control unique identification of “process outputs” where
traceability is a requirement. It should retain any documented information necessary to maintain
traceability. “Process outputs” are results of any activities which are ready for delivery to customer
or to an internal customer (e.g., receiver of inputs to next process). “Process outputs” can include
products, services, intermediate parts, components, etc.
There are three distinct control requirements specified here.
Product identification: It means knowing the identity of yours or customer supplied product
from incoming receipt of materials, raw material storage, use in production, work in progress,
finished product storage, and delivery of product to the customer. Product identification can be
controlled using physical and electronic methods.
Product status: It means knowing the quality status (good or bad) of materials and product through
each of the above stages. Product status can be controlled using physical and electronic methods.
Unique Product Identification: It is not a mandatory requirement under ISO 9001, unless
contractually required by customers or regulatory bodies. In certain industry sectors such as the
automotive or aerospace or pharmaceutical industry, unique product identification is mandatory for
safety, regulatory and risk management reasons. This usually involves keeping detailed records of
product manufacturer such as material, equipment, personnel, processes, production, inspection
and test details, etc., for individual products or production batches. These records help to trouble-
shoot product and process problems, resolve customer complaints, and enables continual
improvement of product and process. In many instances, it also reduces cost, risk and use of
resources by narrowing the problem down to a specific cause or instance. Depending on the
product, the OEM may specify the degree of unique identification and traceability required.
While this clause does not call for a specific documented information, these controls may be
included in your Operation processes through your product quality plans, work instructions and
other specific documentation. Examples of product identification and test status include physical
tags, bar code labels linked to computer records; MRP systems tracking specific production
runs/lots, automated production transfer processes, etc. Performance indicators to measure the
effectiveness of processes that control identification and traceability may include reduction in
identification errors and omissions; product quality status errors and omissions; and traceability
errors and omissions.
8.5.3 Property Belonging to Customers or External Providers
The organization should exercise care with property belonging to customers or external providers
while under the organization’s control or being used by organization. The organization should
identify, verify, protect, and safeguard the customer’s or external provider’s property provided for
use or incorporation into products and services. It should report to the customer or external
provider when their property is incorrectly used, lost, damaged, or otherwise found to be unsuitable
for use. Customer property can include material, components, tools and equipment, customer
premises, intellectual property, and personal data.
Customer or External provider property may include material, production equipment, tooling,
measuring and test equipment, facilities, transport vehicles, returnable packaging, intellectual
property such as drawings, specifications or proprietary information, product returned for servicing
under warranty, product sent for outsourced work, etc.
All customer property is exposed to the risk of being damaged, lost, misused, misplaced, stolen,
become unsuitable or obsolete for use. You must establish controls for each of these risks. Notify the
customer/ External provider in writing if their property is lost, damaged or otherwise found to be
unsuitable such as perishable past its shelf life for use. Control to minimize the risks to
customer/External provider property include inventory management, preservation and storage,
identification, status and traceability indicators, maintenance, notification, traffic flow, authorized
use, restricted access, etc. Marking customer/External provider property with a unique identification
number that can be traced to a record that provides details of ownership is one of many acceptable
controls. While this clause does not call for a specific documented information, these controls may
be included in your product realization processes through your product quality plans, work
instructions and other specific documentation. Many of the controls needed for clause 8.5.2
Identification and traceability and clause 8.5.4 Preservation apply to customer property. The
processes, controls and documentation for these other clauses could be expanded to include
customer property. Performance indicators to measure the effectiveness of processes that control
customer property may include reduction in identification errors and omissions, loss due to damage
or unsuitability, scrap, rejects, etc., as well as increased customer property turnover rates.
8.5.4 Preservation
The organization should ensure the preservation of “process outputs” during production and service
provision, to the extent necessary to maintain conformity to requirements. Preservation can include
identification, handling, packaging, storage, transmission or transportation, and protection.
All raw materials, work in progress, finished product, supplies, customer provided materials or
product, product sent for outsourced work, etc., are subject to risk of being damaged, lost, misused,
misplaced, stolen, become unsuitable ,perishable or obsolete i.e. past shelf life for use. This could
occur during receipt, handling, storage, use in production, and transportation to the customer, etc.
These could be
Controlled using identification, status and traceability indicators, inventory cycle counts and
condition evaluation, stock rotation methods such as FIFO, just in time, tracking shelf life, special,
controls for restricted access, handling and storage of hazardous materials, climate and
environment, maintenance procedures, bar codes, training, use of special equipment for handling,
condition reports, etc. These controls may be included in your product realization processes through
your product quality plans, work instructions and other specific documentation. Many of the
controls needed for clause 7.5.3 Identification and traceability apply to preservation of product.
Performance indicators to measure the effectiveness of processes that control preservation of
product may include reduction in obsolete and spoils materials an product (e.g., fresh produce,
fruits, or frozen foods), identification errors and omissions, rejects, waste, scrap, etc., and increase in
inventory turnover and material/product availability, and product safety.
8.5.5 Post-Delivery Activities
The organization should meet requirements, as applicable, for post-delivery activities associated
with products and services. In determining the extent of post-delivery activities that are required the
organization should consider risks associated with products and services; Customer feedback; legal
requirements; nature, use, and intended lifetime of products and services; Post-delivery activities
can include actions under warranty provisions, contractual obligations (such as maintenance
services) and supplementary services (such as recycling or final disposal)
Post Delivery activities means based on customer agreement or other agreement, the organization
may be responsible for providing support for their product or services after delivery. This could
include technical support, routine maintenance or total recall, recycling, reusable packaging,
returnable containers, etc . The extent of post delivery activity will depend on:
Statutory and regulatory requirements: If statutory or regulatory requirements dictate post-delivery

activities or warranties, they must be addressed
the potential undesired consequences associated with its products and services: The organization
must consider potential consequences, and how they intend to respond, the scope of their reaction
plan, etc
the nature, use and intended lifetime of its products and services: This is very commonly stated in
the organization’s return policy or statement of liability. Some organizations clearly state that there
are no warranties (or post-delivery activities) offered, expressed or implied. If this is the case (and in
the absence of any other requirements in this list), this section can be addressed simply by
acknowledging that there are no post-delivery activities.
customer requirements: If the customer requires post-delivery, support, warranty, protection

through delivery and receipt, etc, the post-delivery activities should be clearly described.
Customer feedback: Customer feedback should be considered when determining the scope of post-
delivery activities. This also implies that the scope of those post delivery activities may change over
time in response to customer feedback.
8.5.6 Control of Changes

The organization should review and control changes for production or service provision to extent
necessary to ensure continuing conformity with requirements. The organization should retain
documented information describing results of review of changes, personnel authorizing change,
and any necessary actions arising from review.
The organization is required to review and control changes for all of the previously discussed
“production and service provision” topics including 8.5.1 Control of production and service provision
(all of the controls established in the first place), 8.5.2 Identification and traceability, 8.5.3 Property
belonging to customers or external providers, 8.5.4 Preservation and 8.5.5 Post-delivery
activities. So, just as the QMS must have defined each of these items, any changes to them must be
controlled. Changes which are not clearly communicated create confusion. Changes which have not
been adequately reviewed and vetted may be implemented and result in an undesired
outcome. Changes, in general, create instability and a robust change management process is critical
to ensure changes are fully reviewed, approved, communicated, understood and validated when
they are implemented. Records describing results of review of changes, personnel authorizing
change, and any necessary actions arising from review has to be maintained.
8.6 Release of Products and Services
The organization should implement planned arrangements at appropriate stages to verify product
and service requirements have been met. Retain evidence of conformity with acceptance criteria.
The release products and services to the customer should not proceed until the planned
arrangements for verification of conformity have been satisfactorily completed unless otherwise
approved by a relevant authority and, as applicable, by customer. The organization should
retain documented information for traceability to the person(s) authorizing release of products and
services for delivery to the customer. The organization should also retain documented information
for evidence of conformity with the acceptance criteria.
You must identify, monitor and measure product/service characteristics to verify conformity to
requirements. Product characteristics may be dimensional, functional, performance, reliability,
durability, maintainability, life, cost, etc. Requirements may come from your customer, your own
organization, regulatory and industry sources. You must plan what characteristic(s) to measure, type
of measurements, what measurement device to use, how often to measure, sample size, acceptance
criteria, and records needed for each product or product type. Use your quality plan to document
these controls.
Your product, project or contract quality plan must define the stages at which various monitoring
and measurement will be carried out at incoming receipt of materials from suppliers or outsourced
work, storage, internal production processes, finished product, packaging, at time of shipping, and
post installation. Monitoring and measurement may be done by your personnel, subcontracted or
outsourced labor or by the customer. You must ensure that all personnel performing monitoring and
measurement are trained and competent.
If you plan on releasing during any stage of production or shipping finished product, where all
planned inspections and measurements to that stage have not been completed, ensure that you
obtain prior written approval/waiver from a relevant internal authority or the customer. Where
practical, consider completing all missed planned inspections and measurements before product
delivery. You must identify and document all product realization processes that may address this
clause, as part of your QMS, e.g. receiving, production, shipping, etc. For such processes, you must
also identify what specific documents are needed for effective planning, operation and control.
You could use a product quality plan, any documented information or other combination of specific
practices, procedures and methods. Look at the risks related to your product, processes and
resources in determining the extent of documented controls you need to have. Performance
indicators to measure product conformity may include reduction in defect rates, PPM’s (defective
parts per million), scrap rates, waste, rework, improvement in on time delivery, product returns
from customer, etc. Performance indicators to measure the effectiveness of product realization
processes in achieving product conformity include productivity, reduction of cycle time, errors,
omissions and failures, etc.
8.7 Control of Nonconforming Process Outputs, Products, and Service
8.7.1
The organization should ensure process outputs, products, and services that do not conform to
requirements are identified and controlled to prevent unintended use or delivery. The organization
should take appropriate action based on nature of nonconformity and its impact on conformity of
products and services. This is applicable also to nonconforming products and services detected after
delivery of products during or after provision of service.The organization should deal with
nonconforming outputs in one or more of these ways:
correction;
segregation, containment, return, or suspension of provision of products and services;
informing the customer;
obtaining authorization for acceptance under concession.
The organization should verify conformity to requirements when nonconforming process outputs,
products, and services are corrected.
8.7.2
The organization should retain documented information that describes the nonconformity, action
taken, concessions obtained, identifies the person or authority that made decision regarding dealing
with nonconformity.
ISO 9001:2015-Clause 8.7 applies to processes, products and services that does not conform to
customer requirements, applicable regulatory requirements or your own organization requirements.
Nonconformities may relate to suppliers and outsourced work, your own organizational activities or
product shipped to customers. Your organization must have controls and responsibilities
to identify, contain i.e. prevent further processing or use, keep records of the nature and other
details of the nonconformity, notify appropriate personnel and customer, where appropriate,
evaluate what disposition action needs to be taken, carry out timely disposition, determine policies
for release for further processing or shipment to the customer, obtain customer concessions, rework
and re-verification, establish performance indicators to measure the effectiveness of the control of
nonconformance process, etc.
Product or material found with no identification or its quality status is not known, should be treated
as nonconforming product and controlled as mentioned above. If you find that nonconforming
product has been shipped, without a customer concession, you must take appropriate action to
reduce the immediate and consequential effect of the nonconformity. Depending upon the
seriousness and scope of the nonconformity, you might consider taking action to eliminate the
nonconformity as well as corrective action to eliminate the root causes of the nonconformity.It
might be appropriate in specific circumstances to notify the customer and resolve the situation to
your customer’s satisfaction. A similar rationale may be applied where product has been shipped
that does not meet regulatory requirements. Depending upon the seriousness and scope of the
nonconformity, you might consider taking action to eliminate the nonconformity as well as
corrective action to eliminate the root causes of the nonconformity. You need to be aware of any
reporting requirements imposed by regulatory bodies and comply with them.
A concession authorization allows you to ship nonconforming product, under controlled conditions.
A deviation authorization allows you to manufacture product different from the original
specification, under controlled conditions. In both these situations, make sure that you obtain these
authorizations in writing prior to shipping or manufacturing nonconforming product. All product
realization processes must show the interaction with your process for nonconforming product.
Performance indicators to measure the effectiveness of control of nonconforming product may
include reduction in cycle time to evaluate and dispose of nonconforming product, reduced errors in
preventing unintended use or delivery, improved alternate use of nonconforming product and cost
recovery, etc.
Your Donation can make a difference
We have chosen to make our Resources freely and openly available on the web with the hope that it
touches the life of thousands of readers who visits us daily. We hope our blog has helped in
enhancing the knowledge of our readers and added value to organization and their implementers.
We would request you to make donation large and small, so as to provide us the resources needed
to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of
updating and enriching our site content. Your contribution will ensure that we can keep our blog up-
to-date and add more of the rich resources — such as video — that make a difference for so many
worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an
important part of our overall sustainability plan. Your donation is also important in demonstrating to
us how much you value the site and motivates us to devote more of our time towards developing
this blog.
Top of Form
_donations Donation For APB preteshbisw as@ en_US 0 USD
PP-DonationsBF:b Rednao_SP 0 http://isoconsulta w w w .isoconsult

Bottom of Form
Previous-ISO 9001:2015 DOCUMENTED INFORMATION
Next- ISO 9001:2015 CLAUSE 9 PERFORMANCE EVALUATION
Your Feedback
Top of Form
21140 4.9.1 en_US w pcf7-f21140-p1 14909
Your Name (required)
Your Email (required)
How would you rate this page?
Excellent Very Good Good ok Poor /Needs improvement
Your Website
Comments/Improvements/suggestions
Send
Bottom of Form
Back to Home Page

If you need assistance or have any doubt and need to ask any question contact me at:
preteshbiswas@gmail.com or call at +919923345531. You can also contribute to this discussion and
I shall be happy to publish them. Your comment and suggestion is also welcome.
Share this:
Facebook118
LinkedIn195
Twitter
Google
More
Pinterest6
Tumblr
Reddit
Pocket
Like this:
Like Loading...
Top of Form
_donations Donation For APB preteshbisw as@ en_US 0 USD
PP-DonationsBF:b Rednao_SP 0 http://isoconsulta w w w .isoconsult
Bottom of Form
Recent Posts
IATF 16949:2016 Determining the Scope of the Quality Management System November 1, 2017
IATF 16949:2016 Conformance of products and processes October 26, 2017

IATF 16949:2016 Product safety September 11, 2017
IATF 16949:2016 GAP ANALYSIS TOOLS August 29, 2017
IATF 16949:2016 Automotive Quality Management System August 3, 2017
ISO 27001:2013
ISO 27001:2013 ISMS
ISMS: Leadership
ISMS Teleworking
Six Sigma
What is Six Sigma?
Common used Distribution in Quality
Kaoru Ishikawa’s Basic Seven QC Tools
The seven new management and planning tools
Project charter
Using Benchmarking to achieve Process Improvement
Team Management in improvement Projects

Statistical Process Control using control chart
Lean Enterprise
5S or Visual Management
Error Proofing
The Kanban System
The Kaizen Event
One Piece Flow
Process Capability
Regression Analysis
Hypothesis Testing
Multivariate Tools
Nonparametric Tests
ISO 14001:2004
ISO 14001:2004 EMS
ISO 14001-Clause 4.1

ISO 14001-Clause 4.3.1
ISO 14001-Clause 4.5.1, 4.5.2
Pretesh Biswas
Subscribe to Blog via Email
Top of Form
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Join 1,215 other subscribers
Email Address
subscribe http://isoconsulta w idget blog_subscription Subscribe
Bottom of Form
Top of Form
Search Search
Bottom of Form
What is Six Sigma?

Common used Distribution in Quality
Kaoru Ishikawa’s Basic Seven QC Tools
The seven new management and planning tools
Project charter
Using Benchmarking to achieve Process Improvement
Team Management in improvement Projects
Statistical Process Control using control chart
Lean Enterprise
5S or Visual Management
Error Proofing
The Kanban System
The Kaizen Event
One Piece Flow
Process Capability
Regression Analysis
Hypothesis Testing
Multivariate Tools
Nonparametric Tests
Powered by WordPress / Academica WordPress Theme by WPZOOM
%d bloggers like this:
<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT585QW" height="0" width="0"

style="display:none;visibility:hidden"></iframe> <div style="display:none;"> <img
src="//pixel.quantserve.com/pixel/p-H9nbRXFtKSMyE.gif" border="0" height="1" width="1"
alt="Quantcast"/> </div>
Top of Form
Bottom of Form
Thanks for sharing!
Copy and paste link in email or IM.
Powered by E-MAILiT

Clause 8 Reqmnts

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Clause 8 Reqmnts

Загружено:

Авторское право:

Доступные форматы

Welcome to APB Consultant

ISO 9001:2015 QMS

ISO 9001:2015 Internal auditor training Presentation

Seven principles of Quality management as per ISO 9001:2015

Risk based Thinking

QUALITY RISK MANAGEMENT

ISO 9001:2015 Addressing Change

ISO 9001:2015 Strategic direction

Clause 4: Context of the Organization

Clause 7.1.6: Organizational Knowledge

Clause 7.5 Documented Information

ISO 9001:2015 CLAUSE 8 OPERATION

ISO 9001:2015 CLAUSE 9 PERFORMANCE EVALUATION

ISO 9001:2015 INTERNAL AUDIT

ISO 9001:2015 CLAUSE 10 IMPROVEMENT

ISO 9001:2015 Gap Analysis tools

ISO 14001:2015 EMS

ISO 14001:2015 GAP ANALYSIS TOOLS

ISO 14001:2015 life cycle perspective

ISO 14001:2015 Compliance obligations and evaluation of Compliance

ISO 14001:2015 Clause 3 Terms and definition

ISO 14001:2015 Clause 4 Context of the organization

ISO 14001:2015 Clause 6 Planning

ISO 14001:2015 Clause 7 Support

ISO 14001:2015 Clause 7.4 Communication

ISO 14001:2015 Clause 7.5 Documented information

ISO 14001:2015 clause 8 Operation

ISO 14001:2015 Clause 9 Performance evaluation

ISO 14001:2015 Clause 10 Improvement

Implementing ISO 9001

ISO 9001 Requirements

Clause 8.4 & 8.5

Documentation Requirements of ISO 9001:2008

The Eight principles of Quality Management

Terms relating to Quality

Terms relating to management

Terms relating to process and products

Terms relating to Characteristics

Terms relating to Organization

Terms relating to Conformity

Terms relating to Documentation

Terms related to Examination

Terms related to Audit

Terms related to quality management for measurement processes

Preparatory Environmental Review

ISO 14001 Terms and Definitions

Preparatory Environmental Review

Clause 4.5.1, 4.5.2

Business Process Management

Management and Planning Tools

Voice of the customer

VOC Data collecting tools

Quality Function Deployment

Team Managements Skills

Team Management Tools

Process Analysis Tools

Measurement Systems in Quality

Measurement System Analysis

Statistical Process Control

Analysis of Variance – ANOVA

Design for Six Sigma

Total Productive Maintenance

The Kanban System

The Kaizen Event