ISO 9001:2015 Clause 8.2.4 Changes to requirements for products and services

ISO 9001:2015 7 Minutes

ISO 9001:2015 Requirements

The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.

1) When the requirements for products and services are changed, the organization must ensure that relevant documented information is amended

You should seek and record evidence that your organization has ensured that all relevant documented information; relating to changed product or service requirements, is amended and those relevant design personnel are made aware of the changed requirements. If customer requirements have changed, all related documents must be amended and the relevant personnel must be informed.Define your organization’s arrangements for amending documented information and communication of changed requirements e.g. updated contract review records, amended orders/contracts, memos, change notices, quality plans, meeting minutes, together with communication to relevant interested parties (persons within or outside the organization that may be impacted by the change).

when the requirements for products and services are changed, it is essential for an organization to ensure that relevant documented information is amended to reflect those changes. Here are some key steps and considerations:

  1. Identify the Changes: The first step is to identify and understand the changes in requirements. This could come from various sources, including customer requests, regulatory updates, internal improvements, or other factors.
  2. Review Documentation: Once the changes are identified, review all relevant documented information. This includes quality manuals, procedures, work instructions, specifications, and any other documents that describe how processes are carried out or products/services are produced.
  3. Update Documents: Revise the documented information to reflect the new requirements accurately. This may involve adding, modifying, or deleting sections, steps, or processes as necessary. Ensure that the changes are well-documented and clearly communicated to relevant personnel.
  4. Document Control: Implement a document control system to manage these changes effectively. This system should include version control, change tracking, and approvals as needed to maintain the integrity of the documented information.
  5. Training and Communication: Ensure that all employees who are affected by the changes are made aware of them. Provide training and guidance on the updated procedures or requirements to ensure consistent implementation.
  6. Verification and Validation: After updating the documented information, verify and validate that the changes have been correctly implemented and that they meet the intended objectives. This may involve testing, audits, or other forms of verification.
  7. Monitoring and Continuous Improvement: Continuously monitor the effectiveness of the updated processes and documented information. Collect feedback from employees and customers to identify any issues or areas for improvement.
  8. Regulatory Compliance: If the changes are related to regulatory requirements, ensure that the organization remains in compliance with the updated regulations. This may involve conducting compliance assessments and working with regulatory bodies as needed.
  9. Risk Assessment: Consider the potential risks associated with the changes and incorporate risk management strategies into the updated documentation as appropriate.
  10. Documentation Retention: Maintain proper records of all changes made to documented information. This includes records of who made the changes, when they were made, and why they were made. These records can be important for audit and compliance purposes.

By following these steps, organizations can effectively manage changes in requirements and ensure that their documented information remains accurate and up-to-date. This helps in maintaining product and service quality, regulatory compliance, and overall operational efficiency.

2) When the requirements for products and services are changed, the organization must ensure that relevant persons are made aware of the changed requirements

When the requirements for products and services are changed, it is crucial for the organization to ensure that relevant individuals and stakeholders are made aware of these changes. Effective communication is essential to ensure that everyone is on the same page and can adapt to the new requirements. Here are some key considerations for ensuring awareness of changed requirements:

  1. Identify Relevant Persons: Determine who within the organization and among external stakeholders needs to be aware of the changed requirements. This may include employees, suppliers, customers, regulatory bodies, and other relevant parties.
  2. Clear and Timely Communication: Communicate the changes clearly and in a timely manner. Use various communication channels such as emails, meetings, official memos, and documentation updates to convey the information.
  3. Training and Education: Provide training and education to individuals who will be directly impacted by the changed requirements. This can include workshops, seminars, or online training sessions to ensure that everyone understands the implications and how to implement the changes effectively.
  4. Documentation Updates: Update relevant documented information, such as quality manuals, procedures, work instructions, and specifications, to reflect the new requirements. Ensure that these documents are accessible to the appropriate personnel.
  5. Feedback Mechanisms: Establish channels for feedback and questions regarding the changed requirements. Encourage employees and stakeholders to ask questions or seek clarification if they have concerns or uncertainties.
  6. Verification and Validation: Confirm that individuals have understood the changed requirements and are implementing them correctly. This may involve spot-checks, audits, or other forms of verification to ensure compliance.
  7. Internal and External Communication: In cases where changes impact external stakeholders, such as customers or suppliers, proactively engage in communication with them. Share information on how the changes may affect their interactions with the organization.
  8. Compliance Tracking: Keep track of compliance with the new requirements and document any corrective actions taken in response to non-compliance.
  9. Documentation of Awareness: Maintain records that demonstrate how and when awareness of the changed requirements was communicated to relevant persons. This documentation can be valuable for audit and compliance purposes.
  10. Continuous Monitoring: Continuously monitor the effectiveness of the communication efforts and make adjustments as needed. Solicit feedback from stakeholders to ensure that their needs and concerns are addressed.

Effective communication and awareness management are essential not only for compliance but also for maintaining smooth operations, customer satisfaction, and the overall success of the organization. Ensuring that relevant persons are well-informed and prepared for changes helps minimize disruptions and enhances the organization’s ability to adapt to evolving requirements.

Example of Change Management Procedure

Objective: This procedure outlines the steps for identifying, reviewing, approving, and implementing changes to requirements for products and services, ensuring that such changes are managed effectively to maintain product and service quality.

Scope: This procedure applies to all changes that impact the requirements for products and services provided by the organization.

Responsibilities:

  • Change Initiator: The person or department proposing a change.
  • Change Reviewer(s): Individuals responsible for reviewing and assessing the proposed change.
  • Change Approver(s): Individuals with the authority to approve or reject proposed changes.
  • Document Controller: The person responsible for updating and maintaining relevant documents.
  • Training Coordinator: If applicable, the person responsible for coordinating training related to the changes.
  • Quality Manager: The person overseeing the change management process and ensuring compliance.

Procedure:

  1. Change Identification:
    • Any employee or department identifying the need for a change should complete a Change Request Form (Appendix A) providing details of the proposed change.
  2. Change Review:
    • The Change Reviewer(s) assess the Change Request Form to determine the impact, feasibility, and risks associated with the proposed change.
    • The Change Reviewer(s) may consult with relevant stakeholders, such as quality, production, or customer service teams, as needed.
    • The Change Reviewer(s) document their findings and recommendations.
  3. Change Approval:
    • The Change Approver(s) review the findings and recommendations from the Change Reviewers.
    • If approved, the Change Approver(s) authorize the change by signing the Change Request Form.
    • If rejected, the Change Approver(s) document the reasons for rejection.
  4. Documentation Update:
    • The Document Controller updates all relevant documents (e.g., product specifications, work instructions, quality manuals) to reflect the approved changes.
    • Document the changes made, including version numbers and effective dates.
  5. Communication:
    • The approved changes are communicated to all relevant personnel through established communication channels.
    • The Training Coordinator, if applicable, arranges training sessions to ensure that affected employees are aware of and understand the changes.
  6. Verification and Validation:
    • If required, conduct verification and validation activities to ensure that the changes have been implemented correctly and do not negatively impact product or service quality.
  7. Performance Monitoring:
    • Regularly monitor the effectiveness of the changes to ensure they achieve the desired outcomes.
  8. Corrective Actions:
    • If problems or non-conformities arise due to the changes, document the corrective actions taken and their effectiveness.
  9. Record Keeping:
    • Maintain records of all change-related documentation, reviews, approvals, communications, training, verification and validation activities, and corrective actions as per the organization’s document retention policy.

Appendix A: Change Request Form

  • Include fields for change description, reason for the change, proposed effective date, impact assessment, and the names and signatures of the Change Initiator, Change Reviewer(s), and Change Approver(s).

Documented Information Required

There is no mandatory requirement of Documented Information for this clause. To comply with this clause, organizations typically need to establish and maintain documented information (documents and records) related to the control of changes. Here’s what you need:

  1. Documented Process: Create a documented process or procedure that outlines how changes to requirements for products and services are identified, reviewed, and controlled. This document should describe the steps to be followed when changes are proposed or required.
  2. Change Request Form: Implement a change request form or system that captures all relevant details of the proposed change. This form should include information such as the reason for the change, the impact on product/service quality, the individuals responsible for the change, and any required approvals.
  3. Change Review and Approval Records: Maintain records of change review and approval activities. These records should show who reviewed the proposed changes, what criteria were used for approval, and when the change was approved or rejected.
  4. Revised Documents: When changes are approved, ensure that all relevant documents (e.g., product specifications, work instructions, quality manuals) are updated to reflect the new requirements. Document the changes made and the date of implementation.
  5. Communications: Keep records of communications related to the changes. This may include emails, meeting minutes, or other forms of documentation that show how the changes were communicated to relevant personnel.
  6. Training Records: If changes require training or retraining of employees, maintain records of training sessions conducted, who attended, and what was covered during the training.
  7. Verification and Validation Records: If the changes necessitate verification and validation activities (e.g., testing, inspections), maintain records of these activities, including the results and any actions taken based on the findings.
  8. Change Impact Assessment: Document the assessment of the impact of the changes on product or service quality, as well as any potential risks associated with the changes.
  9. Retention of Records: Ensure that all records related to changes to requirements for products and services are retained and easily accessible for a specified period as determined by your organization’s document retention policy and regulatory requirements.
  10. Performance Monitoring: Implement a system for monitoring the effectiveness of the changes over time. This could involve periodic reviews to ensure that the desired outcomes are being achieved.
  11. Corrective Actions: Document any corrective actions taken if problems or non-conformities arise due to the changes. This should include records of the actions taken, their effectiveness, and any follow-up activities.

These documented records and information help demonstrate compliance with ISO 9001:2015 Clause 8.2.4 and ensure that changes to requirements for products and services are managed systematically and effectively within the organization. Remember to adapt these requirements to your specific organizational needs and processes.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply