ISO 9001:2015 Operations

Uncategorized 35 Minutes

8.1 Operational Planning and Control

The Requirement

The Organization should plan, implement, and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1 by determining product and services requirements; establishing criteria for the processes and for the acceptance of products and services; determining the resources needed to achieve conformity to product and service requirements; implement control of the processes in accordance with the criteria; determining, maintaining and retain documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate the conformity of products and services to requirements. The output of this planning should be suitable for the organization’s operations. The organization should control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. The organization should ensure outsourced processes are controlled in accordance with 8.4.

Checklist Questions

  1. How are processes needed to meet requirements for the provision of products and services planned, implemented, and controlled?
  2. How are requirements for products and services determined?
  3. How are the criteria for processes and acceptance for products and services determined?
  4. How are resources determined?
  5. How is process control implemented?
  6. Show the documented information that shows confidence in that the processes have been carried out as planned and can demonstrate the conformity of products and services.
  7. How the organization does determine that the output from the planning process is suitable for its operations?
  8. How does the organization control planned changes? How are the consequences of unintended changes reviewed? What action is taken to mitigate any adverse effects?
  9. How are outsourced processes controlled?

Implementation Guidelines

  1. The focus of clause 8.1 is on controls governing the making of products to meet customer requirements and all the QMS processes that, directly or indirectly, make this happen. Operation processes may include customer-related processes (sales and marketing), design and development, production, shipping, receiving, packaging, measurement, and monitoring of product and processes, etc., whether performed onsite or off-site.
  2. The output of Operation planning may be implemented in many different ways such as product /project quality plan, drawings, machine set-up, inspection criteria, process sheets, etc. These must be readily available to those performing these processes.
  3. Quality plans should include the processes needed, process sequence and control parameters, specific resources needed to make, verify and deliver the product, product acceptance criteria and quality objectives, product, and process monitoring, and measurement control plans to control and correct any product or process nonconformities, reference to support processes, documents needed such as work instructions or engineering specifications, etc. and details of records to be kept.
  4. You must also identify what specific documents are needed for effective planning, operation, and control of production processes. These documents may include contracts, specifications, orders, product quality plans, work instructions, a documented procedure, etc., combined with unwritten practices, procedures, and methods.
  5. Quality objectives may include defect rates, scrap rates, etc. Requirements or criteria for the product may include physical properties, dimensional, functional, etc, and their related measurements, tolerances, and acceptance levels. In many instances, depending on the nature of the product, the customer may specify objectives and requirements, and criteria for the product realization processes as well.
  6. Steps to Operation planning may include a)    Create a quality plan for a product or service to describe how the QMS will be modified and applied to all operations. Such a plan could include or reference procedures and records to be maintained and analyzed. b)    Consider using the product design and development process approach for designing processes. This is a requirement in the automotive industry. It has become a best practice demonstrated in many organizations even though ISO 9001 does not explicitly require adherence to the design and development requirements for internal process designs. This enhances both the effectiveness and the efficiency of processes. c)    Identify key performance measures for both products and processes and align them with your quality and business objectives.

8.2 Determination of Requirements for Products  and Services

The Requirement

8.2.1 Customer Communication

The organization must establish the processes for communicating with customers to provide information relating to products and services; inquiries, contracts, or order handling, including changes;  obtaining customer feedback relating to product and services including customer complaints; handling or controlling customer property, and establishing specific requirements for contingency actions, when relevant.

8.2.2 Determination of Requirements related to Products and Services

The organization must ensure while determining the requirements for the products and services to be offered to customers that the product and service requirements (including those considered necessary by the organization), and applicable legal requirements, are defined. The organization must also ensure that it has the ability to meet the defined requirements and substantiate the claims for the products and services it offers.

8.2.3 Review of Requirements for Product and services

8.2.3.1 The organization must ensure that it has the ability to meet the requirements for products and services to be offered to customers. The organization shall conduct a review before committing to supply products and services to a customer. The review should include the requirements specified by the customer, including the requirements for delivery and post-delivery activities; requirements not stated by the customer, but necessary for the specified or intended use, when known, requirements specified by the organization, statutory and regulatory requirements applicable to the products and services, contract or order requirements differing from those previously expressed. The organization must ensure that contract or order requirements differing from those previously defined are resolved.  When the customer does not provide a documented statement of their requirements, the organization must confirm them before accepting them.  In some situations, such as internet sales, when a formal review is impractical for each order, the review can cover relevant product information, such as catalogs.

8.2.3.2 The organization should retain documented information on the results of the review and on any new requirements for the products and services.

8.2.4 Changes to requirements for products and services

The organization should ensure that relevant documented information is amended, and those relevant persons are made aware of the changed requirements. when the requirements for products and services are changed.

Checklist Questions

  1. What are the processes for communicating with customers? How does the organization communicate information relating to Products, Services, Enquiries, Contracts, Order handling, Customer views, perceptions and complaints, Handling or treatment of customer property, Specific requirements for contingency actions?
  2. What is the process to determine the requirements for products and services to be offered to potential customers? How this process is established, implemented, and maintained?
  3. How does the organization define product and service requirements including statutory and regulatory requirements?
  4. How do you ensure that you have the ability to meet the defined requirements and substantiate any claims for your products and services?
  5. How the organization does review customer requirements for delivery and post-delivery?
  6. How the organization does review requirements necessary for customers’ specified or intended use, where known?
  7. How the organization does review additional statutory and regulatory requirements applicable to products and services?
  8. How the organization does review any other contract or order requirements?
  9. Show that the review is conducted prior to your commitment to supply products and services to your customers. How do you resolve contract or order requirements which differ from those previously defined?
  10. How does the organization confirm customer requirements where the customer does not provide a documented statement?
  11. What documented information is retained which describes the results of the review including any new or changed requirements?
  12. Show the documented information containing changes to products and services. How do you ensure that relevant personnel is made aware of those changes?

Implementation Guidelines

  1. This Customer’s communication must include information related to the products or services, handling inquiries, contracts or orders, customer feedback, handling and controlling customer property, and, if needed, establishing specific requirements for contingency actions. Ensure that the customer has a clear written quotation and specification relating to the product/ services they want. Communication with customers needs to ensure is that customer requirements and other requirements for the product or service are clearly understood.
  2. To avoid customer complaints or dissatisfaction, even for “requirements” that are not clearly stated (e.g., regulatory requirements or marketplace norms), the organization should consider a comprehensive understanding of customer requirements, perhaps even performing Risk assessment on the processes.
  3. Clause 8.2.2 requires the organization to determine the requirements related to its products and services. This includes a) Establishing a process for determining the requirements for the products offered to potential customers. b) Determining requirements of the customer, For the organization, and from applicable statutes and regulations. c)Determining that the organization has the ability to meet the requirements and substantiate claims related to its products and services
  4. It is recommended that you maintain documented information to describe the process for the determination of all aspects of product and service requirements. The documented information should include both product requirements specified by the customer and product requirements not specified by the customer but necessary for intended or specified use. Also, unique regulatory and statutory requirements should be considered as well as commercial terms and conditions.
  5. The organization must review the requirements of products and services, which include:         a) Customer-specific requirements for the product or service, including any requirements for delivery or post-delivery actions. b) Requirements are known to be needed by the organization even though not specified by the customer. c) Applicable statutory and regulatory requirements applying to the product or serviced) Requirements of the final contract or order differing from those previously provided by or discussed with the customer
  6. Changes are required to be controlled and documented information updated to ensure that changes are properly included in documented information. When changes to product requirements, orders, contracts, or quotations occur, the organization is required to ensure that relevant documented information is amended and communicated, as appropriate, within the organization.

 8.3 Design and Development of Products and Services

The Requirement

8.3.1 General

The organization should establish, implement, and maintain a design and development process. such that they are adequate for subsequent production or service provision.

8.3.2 Design and Development Planning

While planning for design and development, the organization must consider the following  in determining the stages and controls for design and development:

  1. nature, duration, and complexity of the design and development activities;
  2. the required process stages, including applicable design and development reviews;
  3. the required design and development verification and validation activities; 
  4. the responsibilities and authorities involved in the design and development process;
  5. the internal and external resource needs for the design and development of products and services;
  6. the need to control interfaces between persons involved in the design and development process;
  7. the need for involvement of customers and users in the design and development process;
  8. the requirements for the subsequent provision of products and services; 
  9. the level of control expected for the design and development process by customers and other relevant interested parties;
  10. the documented information needed to demonstrate that design and development requirements have been met

8.3.3 Design and Development Inputs

The organization must determine the requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements; applicable legal requirements; information derived from previous similar design and development activities;  standards or codes of practice the organization has committed to implement;  potential consequences of failure due to the nature of products and services;  Ensure inputs are adequate for design and development purpose, complete, and unambiguous. Resolve conflicts among Design and Development inputs.

8.3.4 Design and Development Controls

The organization should apply controls to the design and development process to ensure that results to be achieved by the design and development activities are clearly defined; Design and development reviews are conducted as planned; Verification activities are conducted to ensure that the design and development outputs have met the design and development input requirements; Validation activities are conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known). The organization must take any necessary actions on the problems determined during the reviews, or verification and validation activities. The organization must maintain any documented information of these activities. Design and development reviews, verification, and validation have distinct purposes. They can be conducted separately or in any combination. as is suitable for the products and services of the organization.

8.3.5 Design and Development Outputs

The organization must ensure that design and development outputs meet the input requirements for design and development. They should be adequate for the subsequent processes for the provision of products and services. They must include or have a reference of monitoring and measuring requirements, and acceptance criteria, as applicable. They must ensure products to be produced, or services to be provided, are fit for the intended purpose and their safe and proper use. The organization must retain the documented information resulting from the design and development process.

8.3.6 Design and Development Changes

The organization should identify, review and control changes made (during the design and development of products and services, or subsequently) to design inputs and design outputs to the extent that there is no adverse impact on conformity to requirements. The organization must retain documented information on design and development changes, the result of the review, the authorization of changes, and action is taken to prevent adverse impact.

Checklist Questions

  1. Where detailed requirements of the products and services are not already established or defined by the customer or other parties, how does the organization establish, implement and maintain a design and development process?.
  2. When determining the stages and control for design and development, show how does the organization consider: a) The nature, duration, and complexity of the activities;b) Requirements that specify particular process stages including applicable reviews;c) Required verification and validation; d) Responsibilities and authorities;e) How interfaces are controlled between individuals and parties; f) The need for involvement of customer and user groups.
  3. Show the documented information that confirms design and development requirements have been met.
  4. Can you show me how does the organization determines the requirements essential for the type of products and services being designed and developed, including Functional & performance requirements as applicable?
  5. Can you show me how does the organization determine the Statutory & regulatory requirements;
  6. Can you show me how does the organization determines the Standards or codes of practice where there is a commitment to implement?
  7. Can you show me how does the organization determine the Internal and external resources needed for
  8. Can you show me how does the organization determines the design and development of products and services?
  9. Can you show me how does the organization determines the Potential consequences of failure?
  10. Can you show me how does the organization determines the level of control expected of the design and development process by customers and other relevant parties?
  11. How the organization does determine that inputs are adequate, complete, and unambiguous for design and development? How do you resolve conflicts among inputs?
  12. How do controls that are applied to the design and development process ensure: a) Results achieved by design and development activities are clearly defined? b) Design and development reviews are conducted as planned? c) Outputs meet the input requirements by verification/ Validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use when known?
  13. How do you ensure that design and development outputs meet the input requirements for design and development?
  14. How do you ensure that design and development outputs are adequate for the subsequent processes for the provision of products and services?
  15. How do you ensure that design and development outputs include or reference monitoring and measuring requirements, and acceptance criteria, as applicable?
  16. How do you ensure that design and development outputs ensure products to be produced, or services to be provided, are fit for the intended purpose and their safe and proper use?
  17. Show me the documented information which results from the design and development process.
  18. How do you review, control and identify changes made to the design inputs and outputs during the design and development of products and services ensuring no impact on conformity to requirements?
  19.  Show me the documented information for design and development changes.

Implementation Guidelines

  1. The scope of your design and development activity must consider all aspects of the product and product realization processes to ensure its conformity to requirements. This includes product identification, handling, packaging, storage, and protection during internal processing and delivery to the customer. This clause is equally applicable for designing and developing manufacturing processes. It is required to include the following: a) Planning to determine design stages considering activities such as verification and validation, control of design interfaces, design review, resources needed for design and development, customer involvement, and the documented information needed to confirm that input requirement are met. b) Determination of the design and development inputs required, including such things as functional requirements, regulatory and statutory requirements, applicable standards or codes, information from earlier projects, and potential consequences of failure. Conflicting requirements are required to be resolved. c) Design and development controls, including clear delineation of the results to be achieved, planning and conducting design and development reviews and verification activities to ensure design outputs meet input requirements, and validation to ensure the products and services meet the requirement for the application intended.d) Design and development outputs are required to meet input requirements, to be adequate for subsequent processes in the provision of the product or service, and to ensure the products and services are fit for their intended purpose. e)Design and development changes are required to be identified, reviewed, and controlled. This includes changes to design inputs or outputs. Controls are required to ensure that changes do not have an impact on the products and service conformity. f)The organization is required to retain documented information resulting from the design and development process, including design and development changes.
  2. D& D Requirements need to be established review, verification, and validation into the D & D project. The organization needs to determine how communications will be structured e.g., weekly meetings, periodic reports, or other methods.
  3. One must take a multi-disciplinary approach that includes as needed, other functions (besides design) such as quality, engineering, purchasing, sales, tooling, production, etc. Your plan must clearly identify these other functions and their specific role and responsibilities regarding the project. Consider including customer and supplier personnel at appropriate stages to do work and review results or progress
  4. D& D plan must specify the D & D stages, activities and tasks, responsibilities, timeline and resources, specific tests, validations, and reviews, and outcomes. There are many tools available for planning ranging from a simple checklist to complex software. The degree and details of planning may vary according to size and length of contract or project, complexity, risk, product life, customer and regulatory requirements, past experience with a similar product, etc.
  5. D & D plans must be dynamic and updated as requirements and circumstances change. The organization must track progress against the D & D plan at regular intervals or project milestones and update the plan as the activity progresses. It must include methods to communicate information, responsibilities, results, discussions, reviews, and resources.
  6. You must also identify what specific documents are needed for effective planning, operation, and control of production activities These documents may include contracts, technical drawings, and specifications, a documented plan for design and development, work instructions, a documented procedure, etc., combined with unwritten practices, procedures and methods.
  7. The design and development project plan serves as both a document and a record as it is updated for completion for various activities.
  8. There must be a process that should be part of the D & D plan to identify, document, review, deploy and use design input information such as documents coming from various sources such as customer contracts, drawings, and specifications, organization’s database of previous design and development projects, competitor analysis, industry standards, feedback from suppliers, field data.
  9. The organization must identify and include any special and safety characteristics in the process control documents such as quality plans, product drawings, operator instructions, and other documents used to make or verify the product.
  10. You must review all input requirements, review design and development progress, verify product design and validate developed products at various stages of your design and development process. The nature, frequency, and scope of these controls must be defined in your design and development plan or other documents. You must carry out these controls according to your plan and keep appropriate records.
  11. Do design reviews at one or more milestones of the design and development project, depending on customer requirements, the size, complexity, and risks involved. The purpose of these reviews is to evaluate results to requirements, check project progress and costs to plan and take actions on any problems encountered.
  12. There must be a multi-disciplinary approach for doing these reviews and keep appropriate records of issues discussed, actions to be taken, responsibilities, and the timeline for completion. All design and development reviews must be included in your design and development plan.
  13. Product design Verification includes design reviews, comparing the new design to a similar proven design if available, performing alternate calculations, performing tests and simulations, reviewing the design documents before release, etc.
  14. Manufacturing process design verification includes design review, process capability studies, testing various process parameters, performing tests and trials, reviewing the manufacturing process design documents before release, etc.
  15. Verification is checking product or process to input requirements, whereas validation is checking product or process is suitable for its intended use does it perform/function in the way intended by your customer or your organization. Product and manufacturing process validation includes – design reviews, comparison between customer requirements and internal development plans, design and development validation against customer requirements and design and development input requirements, corrective action, and lessons learned from documented process failures and product nonconformities.
  16. Any problem you have encountered during the verification and validation of identified during review must be resolved.
  17. Design and development output may be product or documentation or both. Product may be a prototype or finished product and documentation could be a computerized or hard copy drawing or specification. Check design and development output against the input requirements, before you use it any further.
  18. Many documents are created from the design and development output stage such as drawings, quality plans, work instructions, etc. Where any sophisticated design and development tools such as AutoCAD are used requiring specific competency or training, ensure you provide and keep appropriate records of competency and training of personnel performing design and development activities and use of these tools.
  19. Provide appropriate design and development output information to a) Purchasing material or service specifications. b) Production output such as product specifications, special characteristics, drawings, diagnostics, etc. c) Service output such as product specifications; performance reliability, and maintenance criteria.
  20. D & D Changes may come from the internal, customer, or regulatory sources. Get all requests for product or manufacturing process design changes in writing from your customer. The impact of the change must be evaluated on materials used, design process, manufacturing process, characteristics and use of the developed product, regulatory compliance, cost, etc.
  21. Make sure your process for design and development changes follows appropriate steps ie define the plan, have inputs and outputs, verify and validate to the extent necessary to meet customer requirements, and control product, quality, and business risks.
  22. Documented information on design and development changes, the result of the review, the authorization of changes, and action is taken to prevent adverse impact must be maintained.

8.4 Control of Externally Provided Products and Services

The Requirement

8.4.1 General

The organization must ensure that externally provided processes, products, and services conform to specified requirements. The organization must apply the specified requirements for control of externally provided products and services when products and services are provided by external providers for incorporation into the organization’s own products and services; products and services are provided directly to the customer by external providers on behalf of the organization;  a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function. The organization must determine and apply criteria for evaluation, selection, monitoring of performance, and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements. The organization must retain appropriate documented information of the above-mentioned activities and any necessary action arising out of the evaluation.

8.4.2 Type and Extent of Control

The organization should ensure that externally provided processes, products, and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers. The organization should ensure that externally provided processes remain within the control of its quality management system. It should define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output.  In determining the type and extent of controls to be applied to the external provision of processes, products, and services, the organization must consider the potential impact of the externally provided processes, products, and services on the organization’s ability to consistently meet customer and applicable legal requirements and effectiveness of the controls applied by the external provider. The organization must establish and implement verification or other activities necessary to ensure the externally provided processes, products, and services meet the requirements. 

8.4.3 Information on External Providers

The organization must ensure the adequacy of specified requirements prior to their communication to external providers. The organization should communicate to external providers applicable requirements for the following:

  1. products and services to be provided or the processes to be performed on behalf of the organization;
  2. approval or release of products and services, methods, processes, or equipment;
  3. competence of personnel, including necessary qualification;
  4. their interactions with the organization’s quality management system;
  5. control and monitoring of the external provider’s performance to be applied by the organization;
  6. verification activities that the organization, or its customer, intends to perform at the external provider’s premises.

Checklist Questions

  1. How does the organization ensure externally provided processes, products and services conform to specified requirements?
  2. Show how the organization applies specified requirements for the control of externally provided products and services when: a) Products and services are provided by external providers for incorporation into products and services;b) Products and services directly to customers by external providers on your behalf;c) A process or part-process is provided by an external provider as a result of a decision to outsource a process or function.
  3. Show how does the organization establish and applies criteria for evaluation, selection, monitoring of performance, and re-evaluation of external providers. How do you assess their ability to provide processes or products and services in accordance with specified requirements?
  4. What documented information is available as results of evaluations, monitoring of performance, and reevaluations of external providers?
  5. How does the organization determine the controls applied to the external provision of processes, products, and services and take them into consideration? a) The potential impact of the externally provided processes, products, and services on the ability to consistently meet customer and applicable statutory and regulatory requirements? b) The perceived effectiveness of the controls applied by the external provider?
  6. What verification or other activities does the organization have to ensure externally provided processes, products and services do not adversely affect its ability to consistently deliver conforming products and services to customers?
  7. When processes or functions have been outsourced to external providers, how do you define the controls intended to be applied to the external provider and to the resulting process output?
  8. Show how the organization communicates to external providers, applicable requirements for a) Products and services to be provided or the processes to be performed on behalf of the organization;b) Approval or release of products and services, methods, processes, or equipment;c) Competence of personnel, including necessary qualification; d) Their interactions with the organization’s quality management system;e) The control and monitoring of the external provider’s performance to be applied by the organization;f) Verification activities that the organization, or its customer, intends to perform at the external provider’s premises.
  9. Before you communicate with external providers, how do you ensure the adequacy of specified requirements?

Implementation Guidelines

  1. Externally provided processes, products, and services include purchasing from a supplier, an arrangement with an associate company, and outsourcing processes to an external provider. The organization can apply risk-based thinking to determine the type and extent of controls appropriate to particular external providers and externally provided processes, products, and services;
  2. You must have specifications/criteria for the purchased product. These specifications may come from your organization, customer, regulatory bodies, supplier, or industry. The purchased product may include materials, production equipment, tooling, measuring and test equipment, facilities, transport vehicles, returnable packaging, intellectual property (drawings, specifications, or proprietary information), product returned for servicing under warranty, product sent for outsourced work, etc.
  3. Many times the customer may require the use of pre-approved purchased products and suppliers. The onus is still on you to ensure that the purchased product from customer-designated sources meets all requirements.
  4. You must control both, the product you buy, as well as the supplier you buy from. Your controls must primarily be based on the prevention of nonconformities in both product and supplier performance.
  5. Based on how important the purchased product is to design, manufacture, assemble and maintain your end product, categorize your purchased products and services accordingly. Then determine what controls you need to ensure consistent purchased product quality and consistent supplier performance. You can then apply different controls for different purchased products. These controls must be included or referenced in your quality or inspection plans.
  6. There are several ways to evaluate your suppliers. Besides product quality, your criteria for supplier selection and evaluation may include the potential supplier’s financial capability, technical and manufacturing capability, and capacity, reliability, reputation, flexibility to handle changes, support, service, cost, etc.
  7. You must maintain a list of all qualified suppliers. In addition to the initial evaluation and approval of suppliers, you are required to carry out ongoing monitoring and measurement of their performance.
  8. You must identify your purchasing processes whether on-site or off-site.
  9. Use supplier monitoring indicators to evaluate the consistency, capability, and reliability of their performance for quality, On-time delivery, support, etc. On-time delivery is very important and disruptions (due to waiting for materials) at your customers or even your own facility must be avoided.
  10. For each process, you must document the controls for purchased products and suppliers. You must also show the linkage and interaction of purchasing processes with other processes such as design, manufacturing, tooling maintenance, calibration.
  11. You must keep records of all supplier evaluations (whether initial or periodic), including any corrective actions placed on them for any nonconformities. You must identify and document all processes addressing this clause as part of your QMS. For these processes, you must also identify what specific documents, controls, and resources are needed. You could use a documented procedure or other combination of specific practices, procedures, documents, and methods.
  12. Consider using supplier quality plans, inspection plans, etc., to verify that the purchased product meets specified purchase (product and QMS) requirements. Your inspection process must define and document the acceptance criteria and sampling plan for product conformity and what measurement tools needed and records needed to show effective control of purchased product quality and supplier performance.
  13. Where any of your controlled suppliers have gone through a significant organizational change you must verify the continuity and effectiveness of their QMS.
  14. Your purchase documents such as purchase order, contract, blanket order, your organization’s supplier quality manual, etc. must specify your requirements for the purchased product, the supplier’s QMS, and any other initial or on-going controls you deem necessary for ensuring consistent supplier performance.
  15. You must define how you ensure the adequacy of these documents before you communicate them to your supplier. A review of the adequacy of purchasing documents may include their completeness, accuracy, correctness, quantity, timing, cost, approval, etc.,
  16. You must show evidence of carrying out (issue purchase documents) and review these documents.
  17. An outsourced process is any value-adding or conversion activity related to your product or service, that is performed by an external organization such as a subcontractor, sister facility, etc.
  18. You must be able to demonstrate sufficient controls over outsourced processes to ensure that such processes are performed according to the relevant requirements of ISO 9001:20015
  19. Outsourced processes may be controlled in any number of ways, e.g., providing the vendor with product specifications, supplier quality manual that they must meet, asking for inspection and test results or certificates of compliance, validation of outsourced process, conducting product and QMS audits of the vendor; etc.

CLAUSE 8.5 Production and Service Provision

8.5.1 Control of Production and Service

The Requirement

The organization should implement production and service provision under controlled conditions. Include these controlled conditions, as applicable:

  1. availability of documented information that defines characteristics of products and services.
  2. availability of documented information that defines activities to be performed and results to be achieved.
  3. availability and use of suitable monitoring and measuring resources
  4. implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met.
  5. use and control of suitable infrastructure and process environment for operation of the process.
  6. appointment of a competent person and, where applicable, required qualification of persons;
  7. validation, and periodic revalidation, of ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement.
  8. implementation of products and services release, delivery, and post-delivery activities.

Checklist Questions

  1. How the organization does implement the production and service provision under controlled conditions?
  2. Can you show the availability of any documented information that defines the characteristics of the product, services or activities to be performed and the results to be achieved?
  3. Can you show controlled conditions for monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met?
  4. Can you show controlled conditions for the use and control of suitable infrastructure and process environment?
  5. Can you show controlled conditions for the availability and use of suitable monitoring and measuring resources?
  6. Can you show controlled conditions for the competence and, where applicable, required qualification of persons?
  7. Can you show controlled conditions for the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement?
  8. Can you show controlled conditions for the implementation of products and services release, delivery and post-delivery activities?

Implementation Guidelines

  1. To improve your QMS, it will be very useful to draw a flow chart to link the flow and interaction of the activities and sub-processes.
  2. Use your product, project, or contract quality plan to control your operational activities. Quality plans address what has to be made, how much has to be made, when it has to be made, by whom, in what sequence, how it has to be made, what equipment to use, what measurement and monitoring tools to use, what to inspect, when to inspect, how much to inspect, what to do if problems arise, etc. Your quality plan must cover all operation process steps from receipt of materials, production, packaging, storage, delivery, and even post-delivery activities such as installation or training.
  3. Schedule your operations taking into consideration customer delivery requirements, production capacity and capability, material availability and usage, personnel availability and usage; storage; etc. Carefully define and document the interaction of your operation scheduling process with your logistics processes such as inventory management, customer communication, traffic and shipping control, packaging and labeling, sales, and billing.
  4. Your quality plans are dynamic and must be updated for the changes in product specifications or process parameters; resources used; monitoring or measurement requirements, etc. Your quality plans should reference any work instructions specified for the process steps.
  5. Work instructions may exist in many forms such as narrative, graphical, audio, video, physical display, etc.If any work instructions are needed at specific points in your process, then they must be readily available and relevant i.e. current or right version.
  6. You must also identify what specific documents are needed for effective planning, operation, and control of production activities. These documents may include – a product quality plan; work instructions; documented procedure; etc., combined with unwritten practices, procedures, and methods.
  7. Validation is usually required where the product cannot be verified without damaging or destroying the product, e.g. some types of welding, heat treatment, painting, electroplating, rust-proofing, etc. Validation involves conducting capability studies using a combination of resources technology, equipment, materials, environment, competent personnel, and production and testing methods that consistently result in a quality product or service. Validation requires customer or regulatory approval of the process.
  8. You must keep appropriate records of process validation showing both the achievement of planned results as well as the ongoing maintenance of such capability. It is up to each organization to determine what combination of resources and methods will provide the required consistent process capability and quality of product or service. Include as appropriate, these validation controls in your quality plans.
  9. If you change any part of the proven process capability for e.g. materials, equipment or personnel, etc., you must revalidate i.e re-prove the changed process.

8.5.2 Identification and Traceability

The Requirement

The organization should use suitable means to identify “process outputs” where necessary to ensure conformity of products and services. The organization should identify the status of “process outputs” with respect to monitoring and measurement requirements throughout production and service provision. The organization should control the unique identification of “process outputs” where traceability is a requirement. It should retain any documented information necessary to maintain traceability. “Process outputs” are results of any activities which are ready for delivery to the customer or to an internal customer (e.g., the receiver of inputs to the next process). “Process outputs” can include products, services, intermediate parts, components, etc.

Checklist Questions

  1. What suitable means is used by the organization to identify output when it is necessary to ensure the conformity of products and services?
  2. How is the status of outputs with respect to monitoring and measuring requirements throughout the production and service provision being identified by the organization?
  3. How does the organization control the unique identification of the outputs when traceability is a requirement?
  4. Shot the documented information necessary to enable traceability, when traceability is a requirement?

Implementation Guidelines

  1. Product status: It means knowing the quality status (good or bad) of materials and products through each of the above stages. Product status can be controlled using physical and electronic methods.
  2. Product identification: It means knowing the identity of your or customer-supplied product from incoming receipt of materials, raw material storage, use in production, work in progress, finished product storage, and delivery of the product to the customer. Product identification can be controlled using physical and electronic methods.
  3. Unique Product Identification: This usually involves keeping detailed records of product manufacturer such as material, equipment, personnel, processes, production, inspection and test details, etc., for individual products or production batches. These records help to troubleshoot product and process problems, resolve customer complaints, and enable continual improvement of product and process. Depending on the product, the OEM may specify the degree of unique identification and traceability required.
  4. Specific Documented information may be included in your Operation processes through your product quality plans, work instructions, and other specific documentation. Examples of product identification and test status include physical tags, barcode labels linked to computer records; MRP systems tracking specific production runs/lots, automated production transfer processes, etc.
  5. Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc

8.5.3 Property Belonging to Customers or External Providers

The Requirement

The organization should exercise care with property belonging to customers or external providers while under the organization’s control or being used by the organization. The organization should identify, verify, protect, and safeguard the customer’s or external provider’s property provided for use or incorporation into products and services. It should report to the customer or external provider when their property is incorrectly used, lost, damaged, or otherwise found to be unsuitable for use. Customer property can include material, components, tools and equipment, customer premises, intellectual property, and personal data.

Checklist Questions

  1. What care does the organization provide for customers or external provider’s property while under its control?
  2. How does the organization identify, verify, protect and safeguard the customer property which is provided for use or incorporation into products or services?
  3. What means does the organization use to report to the customer or external provider if their property is incorrectly used, lost, damaged, or found to be unsuitable for use?

Implementation Guidelines

  1. Customer or External provider property may include material, production equipment, tooling, measuring and test equipment, facilities, transport vehicles, returnable packaging, intellectual property such as drawings, specifications or proprietary information, product returned for servicing under warranty, product sent for outsourced work, etc.
  2. All customer property is exposed to the risk of being damaged, lost, misused, misplaced, stolen, become unsuitable or obsolete for use. Notify the customer/ External provider in writing if their property is lost, damaged, or otherwise found to be unsuitable such as perishable past its shelf life for use
  3. Control to minimize the risks to customer/External provider property include inventory management, preservation, and storage, identification, status and traceability indicators, maintenance, notification, traffic flow, authorized use, restricted access, etc.

8.5.4 Preservation

The Requirement

The organization should ensure the preservation of “process outputs” during production and service provision, to the extent necessary to maintain conformity to requirements. Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.

Checklist Questions

  1. How the organization does ensure the preservation of process outputs during production and service provision to maintain conformity to product requirements?

Implementation Guidelines

  1. Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.
  2. All raw materials, work in progress, finished product, supplies, customer provided materials or product, product sent for outsourced work, etc., are subject to the risk of being damaged, lost, misused, misplaced, stolen, become unsuitable, perishable, or obsolete i.e. past shelf life for use.
  3. These could be controlled using identification, status and traceability indicators, inventory cycle counts and condition evaluation, stock rotation methods such as FIFO, just in time, tracking shelf life, special, controls for restricted access, handling and storage of hazardous materials, climate and environment, maintenance procedures, barcodes, training, use of special equipment for handling, condition reports, etc.
  4. Documented information may be included in your product realization processes through your product quality plans, work instructions, and other specific documentation.

8.5.5 Post-Delivery Activities

The Requirement

The organization should meet requirements, as applicable, for post-delivery activities associated with products and services. In determining the extent of post-delivery activities that are required the organization should consider risks associated with products and services; Customer feedback; legal requirements; nature, use, and intended lifetime of products and services; Post-delivery activities can include actions under warranty provisions, contractual obligations (such as maintenance services) and supplementary services (such as recycling or final disposal)

Checklist Questions

  1. How does the organization meet requirements for post-delivery activities associated with products and services?
  2. When determining the extent of post-delivery activities required with products and services, How does the organization determine the risk, customer feedback, and Nature, use, and intended lifetime?

Implementation Guidelines

  1. Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
  2. Post Delivery activities mean based on customer agreement or other agreement, the organization may be responsible for providing support for their product or services after delivery. This could include technical support, routine maintenance or total recall, recycling, reusable packaging, returnable containers, etc.
  3. The extent of post-delivery activity will depend on statutory and regulatory requirements, the potential undesired consequences associated with its products and services, the nature, use, and intended lifetime of its products and services, customer requirements, and customer feedback.

8.5.6 Control of Changes

The Requirement

The organization should review and control changes for production or service provision to the extent necessary to ensure continuing conformity with requirements. The organization should retain documented information describing the results of a review of changes, personnel authorizing the change, and any necessary actions arising from the review.

Checklist Questions

  1. How does the organization review and control unplanned changes to ensure continuing conformity with specified requirements?
  2. What documented information does the organization has which describes the results of reviews of changes, the personnel authorizing change, and any necessary actions?

Implementation Guidelines

  1. Changes, in general, create instability, and a robust change management process is critical to ensure changes are fully reviewed, approved, communicated, understood, and validated when they are implemented. Records describing the results of the review of changes, personnel authorizing the change, and any necessary actions arising from the review have to be maintained.
  2. The organization is required to review and control changes for all of the previously discussed “production and service provision” topics including 8.5.1 Control of production and service provision (all of the controls established in the first place), 8.5.2 Identification and traceability, 8.5.3 Property belonging to customers or external providers, 8.5.4 Preservation and 8.5.5 Post-delivery activities.

8.6 Release of Products and Services

The Requirement

The organization should implement planned arrangements at appropriate stages to verify product and service requirements have been met. Retain evidence of conformity with acceptance criteria. The release of products and services to the customer should not proceed until the planned arrangements for verification of conformity have been satisfactorily completed unless otherwise approved by a relevant authority and, as applicable, by the customer.  The organization should retain documented information for traceability to the person(s) authorizing the release of products and services for delivery to the customer. The organization should also retain documented information for evidence of conformity with the acceptance criteria. 

Checklist Questions

  1. Show how planned arrangements have been implemented at appropriate stages to verify product and service requirements have been met. Show what evidence the organization retains.
  2. Show how the release of products and services is held until planned arrangements for verification of conformity have been satisfactorily completed unless approved by a relevant authority, or the customer if applicable.
  3. Show documented information that shows traceability to the person authorizing the release of products and services.

Implementation Guidelines

  1. Before you release your product to your customer, You must plan what characteristic(s) to measure, type of measurements, what measurement device to use, how often to measure, sample size, acceptance criteria, and records needed for each product or product type. Use your quality plan to document these controls. Where practical, consider completing all missed planned inspections and measurements before product delivery.
  2. If you plan on releasing during any stage of production or shipping finished product, where all planned inspections and measurements to that stage have not been completed, ensure that you obtain prior written approval/waiver from a relevant internal authority or the customer.
  3. You must identify and document all product realization processes e.g. receiving, production, shipping, etc. For such processes, you must also identify what specific documents are needed for effective planning, operation, and control.
  4. You could use a product quality plan, any documented information, or other combination of specific practices, procedures, and methods.

8.7 Control of Nonconforming Process Outputs, Products, and Service

The Requirement

8.7.1 

The organization should ensure process outputs, products, and services that do not conform to requirements are identified and controlled to prevent unintended use or delivery. The organization should take appropriate action based on the nature of nonconformity and its impact on the conformity of products and services. This is applicable also to nonconforming products and services detected after delivery of products during or after the provision of service. The organization should deal with nonconforming outputs in one or more of these ways:

  • correction;
  • segregation, containment, return, or suspension of the provision of products and services;
  • informing  the customer;
  • obtaining authorization for acceptance under concession. 

The organization should verify conformity to requirements when nonconforming process outputs, products, and services are corrected.

8.7.2

The organization should retain documented information that describes the nonconformity, action taken,  concessions obtained, identifies the person or authority that made the decision regarding dealing with nonconformity.

Checklist Questions

  1. How the organization does identify and controls process outputs, products, and services that do not conform to requirements and prevent their unintended use or delivery?
  2. What appropriate corrective actions are taken based on the nature of the nonconformity and its impact on the conformity of products and services? How the organization does apply this to nonconformity detected after delivery?
  3. How the organization deals with nonconforming process outputs, products and services in terms of:

a) Correction;b) Segregation, containment, return, or suspension of the provision of products and services? c)  Informing the customer? d) Obtaining an authorization for use as-is? e) Release, continuation, or re-provision of the products and service? f) Acceptance under concession?

  1. How the organization does verify conformance where process outputs, products, and services are corrected following nonconformance?
  2. What documented information is kept following actions taken to address nonconformities, including any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformance?

Implementation Guidelines

  1. This is applicable to processes, products, and services that do not conform to customer requirements, applicable regulatory requirements, or your own organization requirements. Nonconformities may relate to suppliers and outsourced work, organizational activities, or products shipped to customers.
  2. The organization must have controls and responsibilities to identify, contain i.e. prevent further processing or use, keep records of the nature and other details of the nonconformity, notify appropriate personnel and customer, where appropriate, evaluate what disposition action needs to be taken, carry out timely disposition, determine policies for release for further processing or shipment to the customer, obtain customer concessions, rework and re-verification, establish performance indicators to measure the effectiveness of the control of nonconformance process, etc.
  3. Product or material found with no identification or its quality status is not known, should be treated as a nonconforming product and controlled as mentioned above.
  4. If you find that a nonconforming product has been shipped, without a customer concession, you must take appropriate action to reduce the immediate and consequential effect of the nonconformity.
  5. Depending upon the seriousness and scope of the nonconformity, you might consider taking action to eliminate the nonconformity as well as a corrective action to eliminate the root causes of the nonconformity.
  6. It might be appropriate in specific circumstances to notify the customer and resolve the situation to your customer’s satisfaction.
  7. You need to be aware of any reporting requirements imposed by regulatory bodies and comply with them.
  8. All product realization processes must show the interaction with your process for a nonconforming product.
  9. A concession authorization allows you to ship nonconforming products, under controlled conditions.
  10. A deviation authorization allows you to manufacture a product different from the original specification, under controlled conditions.
  11. In both these situations, make sure that you obtain these authorizations in writing prior to shipping or manufacturing a nonconforming product.

Documented Information if applicable

  1. Process Quality plan
  2. Production plan and status
  3. Contract Review Checklist
  4. Risk Assessment – Business Enquiry
  5. verbal order Register
  6. Input Adequacy Report
  7. Design Data Input Sheet
  8. Design and Development plan
  9. Design change record
  10. Design Review Record
  11. Design verification record.
  12. Design validation record
  13. Design output record
  14. Approved Supplier List
  15. Supplier Corrective Action Request (SCAR) Log
  16. Supplier performance report
  17. Supplier & Subcontractor Assessment Form
  18. Purchase order
  19. Receipt Inspection Report
  20. Daily Production & Inspection Record
  21. Breakdown Maintenance Report
  22. Preventive Maintenance Chart
  23. Tags
  24. List Of Customer Drawing
  25. List Of Customer Supplied Items
  26. Stock Register
  27. Sample Maintenance agreement
  28. Pre Dispatch Inspection Report
  29. Nonconforming Part Disposition
  30. Nonconforming Service Report
  31. Out of tolerance impact study

For more on Clause 8 Operation click here

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

One thought on “ISO 9001:2015 Operations

  1. Good day Sir. Nice article. I work in a refinery. I want to know whether Design & development clause is applicable for our refinery as we make standard products like Petrol, Diesel etc which are as per the specifications. Please clarify. We do process design, and whether this will be construed as Design and development. Thanks and regards
    raman

    Reply

Leave a Reply