ISO 9001:2015 CLAUSE 8.3.6 Design and Development changes

ISO 9001:2015 18 Minutes

ISO 9001:2015 Requirements

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.
The organization shall retain documented information on:
a) design and development changes;
b) the results of reviews;
c) the authorization of the changes;
d) the actions taken to prevent adverse impacts.

1) Design and Development Changes

This clause requires that if changes are required to be made to either design input or design output, then the organisation shall follow a procedure so that these changes are controlled. Your organization should begin identifying, reviewing and controlling of design changes including the implementation of a process to notify the customer when changes affect the customer requirement e.g. customer communication, notifications of change, requests for deviation, and contract amendments. The Engineering Manager in conjunction with the Design Manager is responsible for evaluating the risks and the impact of design changes against the criteria. The Engineering Manager logs all change requests in the Design Change Request Log, performs an evaluation and either approves or denies the request. Major changes are also evaluated by any affected stakeholders. All change requests serve as design and development inputs for design and development changes. Design documentation is updated to accurately reflect the revised design. It is as important to control design changes throughout the design and development process and it should be clear how these changes are handled and what effects they have on the product. Ensure control over design and development changes, design changes must be Identified, Recorded, Reviewed, Verified, Validated, Approved. Configuration control can be managed via alteration requests, notice of change, amendments, deviations, waivers, concessions, part revision changes, part number changes, change categories, service bulletins, modification bulletins, airworthiness directives, engineering communication notice, product change boards.Design and development changes (after the original verification and validation) have to be ‘verified and validated as appropriate’ (as well as reviewed) and to ‘include evaluation of the effect of changes on constituent parts and products already delivered’.If the organization chooses not to perform re-verification and re-validation on every design change, then the auditor should expect to see some very well-defined criteria as to when the activity needs to occur. Retain documented information that includes design change history, evaluation of change results, authorization of change and actions taken in relation to subsequent activities that are impacted by the change.

2) Identifying design and development changes

To effectively identify design and development changes within an organization, it is essential to establish a systematic process that ensures all modifications are properly recognized, assessed, and managed. Here’s a step-by-step guide on how an organization can identify design and development changes:

  1. Establish a Change Control Process: Create a documented change control process within your Quality Management System (QMS) that outlines the procedures and responsibilities for identifying, evaluating, and implementing design and development changes. This process should include criteria for when a change should be initiated.
  2. Documentation and Records: Maintain comprehensive documentation of design and development outputs, including specifications, drawings, plans, and related documents. Ensure that these documents are organized, up-to-date, and easily accessible.
  3. Change Request Mechanism: Implement a formal change request mechanism that allows employees to submit requests for changes. This may involve using change request forms or digital systems to capture relevant information, such as the nature of the change, reasons for the change, and potential impacts.
  4. Cross-Functional Teams: Form cross-functional teams or committees comprising representatives from various departments, including design, engineering, quality assurance, production, and others. These teams should review and assess proposed changes collaboratively.
  5. Review Existing Documentation: Regularly review existing design and development documentation and outputs to identify potential areas where changes may be necessary. This can be part of routine management and quality meetings.
  6. Risk Assessment: Conduct a risk assessment for each proposed change to determine its potential impact on product or service quality, safety, compliance, and other critical factors. Evaluate the likelihood and severity of adverse effects.
  7. Customer Input: Involve customers and stakeholders in the change identification process, particularly if the change could affect their requirements or expectations. Solicit feedback and input from them when relevant.
  8. Supplier Collaboration: Collaborate with suppliers and vendors, especially if the change impacts the procurement of materials, components, or services. Ensure that suppliers are informed and aligned with the proposed changes.
  9. Regular Reviews: Conduct periodic reviews and assessments of design and development outputs and associated documentation to proactively identify potential areas requiring changes. These reviews can be scheduled as part of regular management and quality meetings.
  10. Continuous Improvement Culture: Foster a culture of continuous improvement within the organization where employees are encouraged to identify and propose changes that can enhance product or service quality, efficiency, or customer satisfaction.
  11. Customer Complaints and Feedback: Monitor and analyze customer complaints and feedback to identify any recurring issues or patterns that may necessitate changes to products or services.
  12. Regulatory and Standards Updates: Stay informed about changes in industry standards, regulations, and legal requirements that may impact the design and development of products or services.
  13. Training and Awareness: Ensure that employees are trained and aware of the change identification process and their roles within it. Provide necessary training on change management principles and tools.
  14. Documentation and Records: Maintain clear records of all identified changes, including details of the change, its approval status, and any actions taken.
  15. Audit and Review: Periodically audit and review the effectiveness of the change identification process to identify areas for improvement.

By following these steps and incorporating a robust change identification process into your QMS, organizations can systematically detect and manage design and development changes. This approach helps minimize potential adverse impacts on conformity to requirements and ensures that changes are managed in a controlled and organized manner.

3) Review design and development changes

Reviewing design and development changes is a critical part of ensuring that modifications to products, services, or processes are properly evaluated, approved, and implemented within an organization’s Quality Management System (QMS). Here’s a step-by-step guide on how an organization can review design and development changes effectively:

  1. Establish a Change Review Process: Document a formal change review process within your QMS. This process should outline the steps, responsibilities, and criteria for reviewing design and development changes.
  2. Change Request Submission: Ensure that any proposed design and development changes are submitted through the established change request mechanism. This may involve using standardized forms or digital tools to capture essential information about the change.
  3. Review Committee: Form a designated change review committee or cross-functional team with members from relevant departments, such as design, engineering, quality assurance, production, and others. This team will be responsible for reviewing and assessing the proposed changes.
  4. Documentation Evaluation: Review all relevant documentation associated with the change request. This includes design specifications, drawings, plans, and any other documents that may be affected by the change.
  5. Risk Assessment: Conduct a thorough risk assessment to evaluate the potential impact of the proposed change. Assess the likelihood and severity of any adverse effects on product or service quality, safety, compliance, and other critical factors.
  6. Compliance Check: Ensure that the proposed change complies with applicable regulatory requirements, industry standards, and internal policies. Verify that the change will not result in non-compliance or legal issues.
  7. Testing and Validation Plans: If necessary, develop or review testing and validation plans to verify that the proposed change will not negatively impact product or service performance. Ensure that appropriate tests and criteria are defined.
  8. Customer Input: Seek input from customers and stakeholders, especially if the change may affect their requirements or expectations. Consider their feedback during the review process.
  9. Supplier Collaboration: Collaborate with suppliers and vendors if the change impacts the procurement of materials, components, or services. Ensure that suppliers are informed and agreeable to the proposed changes.
  10. Cost-Benefit Analysis: Conduct a cost-benefit analysis to determine the financial implications of the proposed change, including the cost of implementation and potential savings or benefits.
  11. Decision-Making and Approval: The change review committee should make a decision regarding the proposed change. Approve or reject the change based on the findings of the review. Clearly document the decision, including reasons for approval or rejection.
  12. Communication and Feedback: Communicate the decision to relevant stakeholders, including employees, customers, and suppliers. Encourage feedback and questions regarding the change.
  13. Implementation Plan: If the change is approved, develop a detailed implementation plan that outlines how the change will be executed, including timelines, responsibilities, and any necessary training.
  14. Documentation Updates: Ensure that all relevant documentation is updated to reflect the approved change accurately. This includes design specifications, drawings, plans, and any associated records.
  15. Audit and Review: Periodically audit and review the effectiveness of the change review process to identify areas for improvement and ensure that changes are managed consistently.
  16. Continuous Improvement: Use insights gained from change reviews to drive continuous improvement in the design and development process. Identify opportunities to refine change management procedures and prevent similar issues in the future.

By following these steps and incorporating a systematic approach to reviewing design and development changes, organizations can effectively evaluate the potential impact of modifications, make informed decisions, and ensure that changes are implemented in a controlled and organized manner. This approach helps minimize risks and disruptions while promoting product and service quality and compliance with requirements.

4) Control Design and development changes

Controlling design and development changes within an organization’s Quality Management System (QMS) is essential to ensure that modifications are managed effectively, evaluated thoroughly, and implemented with precision. Here’s a step-by-step guide on how an organization can control design and development changes:

  1. Change Control Process: Establish and document a well-defined change control process within your QMS. This process should outline the procedures, roles, responsibilities, and criteria for controlling design and development changes.
  2. Change Request Submission: Ensure that any proposed design and development changes are submitted through the established change request mechanism. This may involve using standardized forms or digital tools to capture essential information about the change.
  3. Designated Change Control Team: Appoint a dedicated change control team or cross-functional committee with members from relevant departments, including design, engineering, quality assurance, production, and others. This team will be responsible for controlling and implementing the approved changes.
  4. Documentation Review: Review all relevant documentation associated with the change request, including design specifications, drawings, plans, and other documents. Verify that the change aligns with the documentation and requirements.
  5. Risk Assessment: Conduct a comprehensive risk assessment to evaluate the potential impact of the proposed change. Assess the likelihood and severity of any adverse effects on product or service quality, safety, compliance, and other critical factors.
  6. Compliance Check: Ensure that the proposed change complies with applicable regulatory requirements, industry standards, and internal policies. Verify that the change will not result in non-compliance or legal issues.
  7. Testing and Validation Plans: Develop or review testing and validation plans to ensure that the proposed change will not negatively impact product or service performance. Ensure that appropriate tests and criteria are defined.
  8. Supplier Collaboration: Collaborate with suppliers and vendors if the change impacts the procurement of materials, components, or services. Ensure that suppliers are informed and agreeable to the proposed changes.
  9. Decision-Making and Approval: The change control team should make a decision regarding the proposed change. Approve or reject the change based on the findings of the review. Clearly document the decision, including reasons for approval or rejection.
  10. Communication and Implementation: If the change is approved, communicate the decision to relevant stakeholders, including employees, customers, and suppliers. Develop a detailed implementation plan that outlines how the change will be executed, including timelines, responsibilities, and any necessary training.
  11. Documentation Updates: Ensure that all relevant documentation is updated to reflect the approved change accurately. This includes design specifications, drawings, plans, and any associated records.
  12. Monitoring and Verification: Continuously monitor and verify the implementation of the approved change to ensure that it aligns with the plan and that there are no unexpected issues.
  13. Audit and Review: Periodically audit and review the effectiveness of the change control process to identify areas for improvement and ensure that changes are managed consistently.
  14. Feedback and Feedback Loop: Establish a feedback mechanism that allows stakeholders to provide input and feedback on the change’s effectiveness and impact. Use this feedback to inform future improvements and decisions.
  15. Continuous Improvement: Use insights gained from controlled design and development changes to drive continuous improvement in the organization’s change management procedures. Identify opportunities to enhance the control process and reduce the likelihood of errors or issues.

By following these steps and incorporating a systematic approach to controlling design and development changes, organizations can effectively manage modifications, ensure compliance with requirements, and minimize risks. This approach promotes the successful implementation of changes while maintaining product and service quality and reliability.

5) The organization shall retain documented information on design and development changes.

Retaining documented information on design and development changes is essential for maintaining transparency, traceability, and compliance within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

  1. Create and maintain records for each design and development change. These records should include all relevant information about the change, such as the nature of the change, the reason for the change, the individuals involved, the decision-making process, and any actions taken.
  2. Ensure that your QMS includes documented procedures for managing design and development changes. These procedures should outline how change records are created, documented, reviewed, approved, and retained.
  3. Maintain clear and organized records of all design and development changes. Ensure that the records are easily accessible and identifiable.
  4. Determine an appropriate retention period for design and development change records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the complexity of changes and their potential long-term impact.
  5. : Implement access controls to ensure that only authorized personnel can view, edit, or delete design and development change records. Protect sensitive information to maintain data integrity.
  6. If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for change records. This helps prevent data loss and unauthorized access.
  7. Classify design and development change records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
  8. Maintain an audit trail for change records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the change records themselves.
  9. Establish a system for retrieving design and development change records quickly when needed, especially during audits, assessments, or when reviewing the history of changes made to products, services, or processes.
  10. At the end of the retention period, follow a documented archiving and disposal process for change records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
  11. : Periodically review and assess the effectiveness of your document retention practices, including the management of design and development change records. Identify areas for improvement and make necessary updates to your procedures.
  12. Ensure that employees are aware of the importance of retaining and managing design and development change records. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on design and development changes in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their change management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts.

6) The organization shall retain documented information on the results of reviews of Design and Development changes

Retaining documented information on the results of reviews of design and development changes is essential for maintaining transparency, traceability, and compliance within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

  1. Create and maintain records for each review of design and development changes. These records should include all relevant information about the review process, such as the date of the review, the individuals involved, the outcomes of the review, and any actions or decisions made.
  2. Ensure that your QMS includes documented procedures for managing records related to the review of design and development changes. These procedures should outline how review records are created, documented, reviewed, approved, and retained.
  3. Maintain clear and organized records of all reviews of design and development changes. Ensure that the records are easily accessible and identifiable.
  4. Determine an appropriate retention period for review records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the complexity of changes and their potential long-term impact.
  5. Implement access controls to ensure that only authorized personnel can view, edit, or delete review records. Protect sensitive information to maintain data integrity.
  6. If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for review records. This helps prevent data loss and unauthorized access.
  7. Classify review records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
  8. Maintain an audit trail for review records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the review records themselves.
  9. Establish a system for retrieving review records quickly when needed, especially during audits, assessments, or when reviewing the history of reviews of design and development changes.
  10. At the end of the retention period, follow a documented archiving and disposal process for review records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
  11. Periodically review and assess the effectiveness of your document retention practices, including the management of review records. Identify areas for improvement and make necessary updates to your procedures.
  12. Ensure that employees are aware of the importance of retaining and managing review records for design and development changes. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on the results of reviews of design and development changes in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their change management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts.

7) The organization shall retain documented information on the authorization of the Design and development changes

Retaining documented information on the authorization of design and development changes is a crucial aspect of ensuring that modifications to products, services, or processes are properly managed, approved, and implemented within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

  1. Create and maintain records for each authorization of design and development changes. These records should include all relevant information about the authorization process, such as the date of authorization, the individuals or authorities granting authorization, and any associated documentation.
  2. Ensure that your QMS includes documented procedures for managing records related to the authorization of design and development changes. These procedures should outline how authorization records are created, documented, reviewed, approved, and retained.
  3. Maintain clear and organized records of all authorizations of design and development changes. Ensure that the records are easily accessible and identifiable.
  4. Determine an appropriate retention period for authorization records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the complexity of changes and their potential long-term impact.
  5. Implement access controls to ensure that only authorized personnel can view, edit, or delete authorization records. Protect sensitive information to maintain data integrity.
  6. If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for authorization records. This helps prevent data loss and unauthorized access.
  7. Classify authorization records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
  8. Maintain an audit trail for authorization records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the authorization records themselves.
  9. Establish a system for retrieving authorization records quickly when needed, especially during audits, assessments, or when reviewing the history of authorizations of design and development changes.
  10. At the end of the retention period, follow a documented archiving and disposal process for authorization records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
  11. Periodically review and assess the effectiveness of your document retention practices, including the management of authorization records. Identify areas for improvement and make necessary updates to your procedures.
  12. Ensure that employees are aware of the importance of retaining and managing authorization records for design and development changes. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on the authorization of design and development changes in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their change management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts.

8) The organization shall retain documented information on the actions taken to prevent adverse impacts

T o prevent adverse impacts in design and development changes, organizations should conduct a thorough risk assessment, involve cross-functional teams in the review process, ensure regulatory compliance, perform testing and validation, update documentation, collaborate with suppliers and solicit customer/stakeholder input, conduct cost-benefit analyses, establish clear approval and authorization processes, provide adequate training and communication, continuously monitor and evaluate the change’s implementation, maintain detailed records, and establish a feedback loop for ongoing improvement. Additionally, post-change reviews should be conducted to assess overall success and address any unforeseen adverse impacts promptly. These actions collectively help organizations proactively manage and mitigate risks associated with design and development changes, ensuring the continued quality, safety, and compliance of products, services, or processes.Retaining documented information on the actions taken to prevent adverse impacts is an essential aspect of managing risk and ensuring compliance within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

  1. Create and maintain records for each action taken to prevent adverse impacts. These records should include all relevant information about the actions, such as the nature of the actions, the reasons for taking them, the individuals or teams responsible, and any associated documentation.
  2. Ensure that your QMS includes documented procedures for managing records related to the actions taken to prevent adverse impacts. These procedures should outline how action records are created, documented, reviewed, approved, and retained.
  3. Maintain clear and organized records of all actions taken to prevent adverse impacts. Ensure that the records are easily accessible and identifiable.
  4. Determine an appropriate retention period for action records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the nature of the actions and their potential long-term impact.
  5. Implement access controls to ensure that only authorized personnel can view, edit, or delete action records. Protect sensitive information to maintain data integrity.
  6. If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for action records. This helps prevent data loss and unauthorized access.
  7. Classify action records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
  8. Maintain an audit trail for action records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the action records themselves.
  9. Establish a system for retrieving action records quickly when needed, especially during audits, assessments, or when reviewing the history of actions taken to prevent adverse impacts.
  10. At the end of the retention period, follow a documented archiving and disposal process for action records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
  11. Periodically review and assess the effectiveness of your document retention practices, including the management of action records. Identify areas for improvement and make necessary updates to your procedures.
  12. Ensure that employees are aware of the importance of retaining and managing action records related to preventing adverse impacts. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on the actions taken to prevent adverse impacts in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their risk management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts. This approach helps organizations proactively address potential issues and mitigate adverse impacts.

Here are the documents and records required in ISO 9001:2015 Clause 8.3.6:

  1. Documented Information for Design and Development Changes: The organization should maintain documented information that describes the nature of the change, the reasons for the change, the parties involved in making the change, and the expected results of the change.
  2. Design and Development Change Proposal: This document should outline the proposed change, including its scope, objectives, potential impacts, and any associated risks. It may also include a cost-benefit analysis or feasibility study.
  3. Design and Development Change Review and Approval Records: These records demonstrate that the proposed change was reviewed and approved by the relevant personnel or authorities within the organization. This ensures that changes are made with proper authorization.
  4. Updated Design and Development Documentation: Any affected design and development documents, such as drawings, specifications, plans, and procedures, should be updated to reflect the approved changes. These updated documents should be properly controlled and maintained.
  5. Risk Assessment and Mitigation Records: If the design and development change introduces new risks or modifies existing ones, the organization should document the risk assessment process and the actions taken to mitigate or manage these risks.
  6. Verification and Validation Records: If the change requires verification or validation activities, records of these activities should be maintained to demonstrate that the change meets the specified requirements and objectives.
  7. Test and Inspection Records: Records of any testing or inspection activities related to the design and development change should be kept. These records should include the test methods, results, and any deviations or non-conformities identified and their resolution.
  8. Communication Records: Documentation of any communication related to the design and development change, both within the organization and with external parties (e.g., suppliers or customers), should be maintained.
  9. Training Records: If the change necessitates additional training or retraining of personnel, records of training activities and their effectiveness should be kept.
  10. Change Implementation Records: Records related to the actual implementation of the design and development change, including schedules, milestones, and progress reports, should be maintained.
  11. Verification of Effectiveness Records: After the change has been implemented, records should demonstrate that the change has been effective in achieving its intended objectives and that any identified issues or non-conformities have been addressed.
  12. Audit and Review Records: Records of internal audits and management reviews related to the design and development changes should be maintained as evidence of ongoing monitoring and improvement.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply