ISO 14001:2015 Clause 9.1.2 Evaluation of compliance

ISO 14001:2015 Requirements

Once the Compliance obligation has been determined, the organization should establish, implement and maintain the processes needed to evaluate fulfillment of its compliance obligations. The organization should determine the frequency from evaluation of compliance, action taken from evaluation of compliance, and maintain knowledge and understanding of its compliance status. The organization should retain documented information as evidence of the compliance evaluation results.

As per Annex A (Guidance on the use of ISO 14001:2015 standard) of ISO 14001:2015 standard it further explains:

The frequency and timing of compliance evaluations can vary‘ depending on the importance of the requirement, variations in operating conditions, changes in compliance obligations, and the organization’s past performance. An organization can use a variety of methods to maintain its knowledge and understanding of its compliance status, however, all compliance obligations need to be evaluated periodically. If compliance evaluation results indicate a failure to fulfill a legal requirement, the organization needs to determine and implement the actions necessary to achieve compliance. This might require communication with a regulatory agency and an agreement on a course of action to fulfil its legal requirements. Where such an agreement is in place, it becomes a compliance obligation. A non-compliance is not necessarily elevated; to a nonconformity if, for example, it is identified and corrected by the environmental management system processes. Compliance-related nonconformities need to be corrected, even if those nonconformities have not resulted in actual non-compliance with legal requirements.

Explanation:

1) Once the Compliance obligation has been determined, the organization should establish, implement and maintain the processes needed to evaluate fulfillment of its compliance obligations.

Once you have determined your Compliance Obligation, now you must evaluate your Compliance. Here you must plan and implement a process to evaluate if you meet the legal requirements that are applicable to you as determined above. This process needs to include:

Frequency of compliance evaluation: How often you are going to check to see if you meet the requirements of particular legislation will vary from law to law, but your process needs to determine how often you will check each level of compliance. For example, you may need to continually check the concentration of chemicals you are emitting into the sewage system, but you may only need to periodically check on how well you are diverting recycling from your landfill waste.
Evaluate compliance and take action: This is the step that everyone thinks about when it comes to the requirements of legal compliance, and this requirement has not changed. As an organization, you need to make an assessment against the applicable laws to see if you meet the requirements and take any actions necessary to become compliant if you are not.
Maintain the status of your compliance: In other words, always know if you actually comply with your legal requirements. If a law changes, you need to know about it and know if the change affects your compliance with the law. If you make a change in your facility, you may need to evaluate whether you still obey all the laws, both during and after the change, even if you are not yet set to evaluate this according to your regular schedule.

Again, all of this evaluation needs to be kept as documented information for the use of you, your management system auditors, and any legal compliance auditors who may need to see it. One of the important aspect of Compliance evaluation is to keep up to date on legislation changes, ensures compliance with legislation, and manages your compliance, you are not only doing a good job at meeting the current requirements but will also be able to meet the updated requirements for environmental compliance obligations of the organization. As with any legal obligations for your company, the important thing is to know what is required of you in the legislation and to ensure that you are taking the actions necessary to meet the requirements. Not being caught off guard can protect you from unwanted and unnecessary fines – one of the benefits of having a good Environmental Management System. This is a crucial step in ensuring that the organization remains in compliance with relevant laws, regulations, standards, and other requirements. Here are some key steps and considerations in this process:

Establish Clear Compliance Criteria: The organization should define clear and measurable criteria for evaluating compliance with each obligation. These criteria should be based on the specific requirements and expectations outlined in relevant laws and regulations.
Assign Responsibility: Clearly designate individuals or teams responsible for monitoring and evaluating compliance with each obligation. This may involve appointing compliance officers or compliance teams.
Develop Monitoring Processes: Create processes for ongoing monitoring and assessment of compliance. This may involve regular audits, inspections, reviews, or assessments to check if the organization is meeting its obligations.
Document Compliance Activities: Keep records of compliance activities, including the results of evaluations, any non-compliance issues identified, and corrective actions taken.
Risk Assessment: Conduct a risk assessment to prioritize compliance obligations based on their potential impact on the organization and regulatory consequences.
Implement Corrective Actions: When non-compliance issues are identified, implement corrective actions promptly to address and rectify the issues. This may involve revising processes, training employees, or making necessary changes to meet the compliance obligations.
Continuous Improvement: Continuously review and improve the compliance evaluation processes. Ensure that they remain effective and efficient in identifying and addressing non-compliance.
Reporting: Establish a reporting mechanism for communicating compliance status to relevant stakeholders, both internally and externally when required.
Training and Awareness: Ensure that employees and relevant stakeholders are aware of their roles and responsibilities in meeting compliance obligations and provide necessary training.
Legal and Regulatory Updates: Stay informed about changes in relevant laws, regulations, and standards, and update the compliance evaluation processes accordingly.
Documentation and Records: Maintain comprehensive documentation of compliance activities and records of compliance evaluations. This documentation is often crucial for demonstrating compliance to regulatory authorities.
Third-Party Relationships: If applicable, include processes for evaluating compliance among third-party suppliers, contractors, or partners, as their actions can also impact the organization’s compliance.
Conduct Regular Reviews: Periodically review and assess the effectiveness of the compliance evaluation processes to ensure they remain aligned with the organization’s goals and objectives.

By establishing and maintaining these processes, organizations can demonstrate their commitment to compliance and reduce the risk of legal or regulatory violations. Additionally, it helps foster a culture of compliance within the organization, which is essential for long-term success.

2) The organization should determine the frequency from evaluation of compliance, action taken from evaluation of compliance, and maintain knowledge and understanding of its compliance status.

Determining the frequency of compliance evaluations, taking appropriate actions based on those evaluations, and maintaining knowledge and understanding of compliance status are critical components of an effective compliance management system. Here’s a breakdown of each of these aspects:

Frequency of Compliance Evaluation:
- The organization should establish a clear schedule for evaluating compliance with its obligations. The frequency of these evaluations may vary depending on the nature of the obligations, the industry, and regulatory requirements.
- Some compliance evaluations may need to occur regularly, such as daily, weekly, monthly, or annually, while others may be triggered by specific events or changes in regulations.
- High-risk compliance obligations may require more frequent and rigorous evaluations, while lower-risk areas may be evaluated less frequently.
Actions Taken from Evaluation of Compliance:
- When compliance evaluations are conducted, it’s essential to define a process for taking appropriate actions based on the results.
- If non-compliance issues are identified, a corrective action plan should be developed and implemented promptly. This plan may include measures to address the root causes of non-compliance and prevent recurrence.
- Corrective actions can range from process improvements and employee training to policy revisions and more stringent controls.
- For instances of non-compliance that have legal or regulatory implications, legal counsel should be involved in determining the appropriate response.
Maintaining Knowledge and Understanding of Compliance Status:
- The organization should continuously track and maintain a clear understanding of its compliance status for all relevant obligations.
- This involves keeping records of compliance evaluations, documenting corrective actions taken, and maintaining a compliance register or database to track obligations and their status.
- Regular reporting to senior management and relevant stakeholders can help ensure transparency and accountability in maintaining compliance status.
- It’s important to stay updated on changes in laws, regulations, and industry standards that may impact compliance status and adjust strategies accordingly.
- Compliance awareness should be ingrained in the organization’s culture, with employees at all levels understanding the importance of compliance and their role in maintaining it.

By determining the appropriate frequency of compliance evaluations, taking effective actions based on those evaluations, and consistently maintaining knowledge of compliance status, organizations can proactively manage risks, demonstrate their commitment to compliance, and avoid potential legal and regulatory issues. These activities are essential for the long-term sustainability and success of the organization.

3) The organization should retain documented information as evidence of the compliance evaluation results.

To provide evidence of compliance evaluation results, an organization should maintain the following documents and records:

Compliance Evaluation Plan: This document outlines the organization’s strategy for evaluating compliance with legal and other requirements. It should include details on the frequency and methods of evaluation, responsible individuals or teams, and the criteria used to assess compliance.
Legal and Regulatory Registers: Maintain a register or list of all applicable environmental laws, regulations, permits, and other requirements that the organization must adhere to. This register should be kept up-to-date and include references to the specific legal provisions.
Compliance Evaluation Reports: After each compliance evaluation, prepare comprehensive reports that document the findings. These reports should detail the results of the evaluation, including any instances of non-compliance, as well as any corrective actions taken or planned.
Documentation of Corrective Actions: If non-compliance is identified during an evaluation, records of the corrective actions taken should be maintained. These records should show the steps taken to address non-compliance, responsible parties, and timelines for resolution.
Evidence of Monitoring and Measurement: Any data or evidence collected during the compliance evaluation process should be retained. This may include monitoring data, inspection records, audit reports, and other evidence used to assess compliance.
Records of Communication: If there is communication with external stakeholders, such as regulatory agencies or third-party auditors, records of these communications should be kept. This can include correspondence, meeting minutes, and any agreements or commitments made.
Records of Training and Awareness: Maintain records of training and awareness programs related to compliance. This can include records of employee training sessions, attendance logs, and any materials distributed during training.
Records of Changes: If any changes are made to processes, procedures, or policies in response to compliance evaluations, document these changes. This documentation should include the reasons for the changes and their impact on compliance.
Review and Improvement Records: Records of management reviews related to compliance evaluation results should be maintained. These records should demonstrate how the organization has used compliance information to drive improvement in its environmental performance.
Retention and Archiving: Ensure that all compliance evaluation records are retained for the required duration, as defined by applicable laws and regulations or the organization’s internal policies. This typically includes both active records and archived records.
Document Control: Implement a document control system to manage and safeguard compliance-related documents and records, ensuring they remain accurate, complete, and accessible as needed.

It’s important to note that ISO 14001:2015 does not specify a specific retention period for these records. The retention period may vary depending on the nature of the records and legal requirements in your jurisdiction. Organizations should establish their own document retention policies in compliance with applicable laws and regulations.

Example of Compliance Evaluation Plan

Organization Name: [Your Organization’s Name]

Document Number: [CEP-001]

Revision Number: [Version 1.0]

Date of Issue: [Date]

Review Date: [Date]

1. Purpose: The purpose of this Compliance Evaluation Plan (CEP) is to establish a framework for systematically evaluating and ensuring compliance with environmental laws, regulations, permits, and other relevant requirements as part of our Environmental Management System (EMS).

2. Scope: This plan covers compliance evaluations related to environmental aspects identified in our EMS, including but not limited to air emissions, water discharges, waste management, and energy consumption.

3. Responsibilities:

Environmental Manager: Responsible for overall coordination of compliance evaluations.
Environmental Compliance Team: Comprising members from relevant departments, responsible for conducting compliance evaluations.
Legal and Regulatory Affairs: Responsible for keeping legal and regulatory registers up-to-date.

4. Frequency of Compliance Evaluations: Compliance evaluations will be conducted on an annual basis, with additional evaluations triggered by significant regulatory changes, incidents, or as deemed necessary.

5. Methodology: The compliance evaluation process will include the following steps:

a. Identify Applicable Requirements: Maintain a legal and regulatory register, regularly updated, listing all relevant environmental laws, regulations, permits, and other obligations.

b. Conduct Compliance Assessments: Evaluate the organization’s activities, processes, and facilities to assess compliance with identified requirements.

c. Document Findings: Prepare comprehensive compliance evaluation reports documenting findings, including any non-compliance issues and areas of improvement.

d. Corrective Actions: Develop and implement corrective actions for identified non-compliance issues. Document corrective action plans and follow-up to ensure resolution.

e. Management Review: Present compliance evaluation results to senior management during management reviews, ensuring that compliance information is used to drive continuous improvement.

6. Records: All records related to compliance evaluations, including legal registers, evaluation reports, corrective action plans, and management review records, will be retained in accordance with the organization’s document retention policy.

7. Communication: Effective communication of compliance evaluation results will be maintained with relevant internal stakeholders, external regulatory agencies, and interested parties as required.

8. Training and Awareness: Ensure that employees are aware of their roles and responsibilities in compliance evaluation. Conduct training sessions as needed and maintain records of training activities.

9. Document Control: This plan and all related documents will be controlled and managed in accordance with the organization’s document control procedures.

10. Review and Update: This Compliance Evaluation Plan will be reviewed annually or as necessary to ensure its continued effectiveness and relevance.

11. Approval: This Compliance Evaluation Plan is approved by:

[Your Name]

[Date]

Environmental Manager

Example of Legal and Regulatory Register – Environmental Management System

Organization Name: [Your Organization’s Name]

Document Number: [LR-EMS-001]

Revision Number: [Version 1.0]

Date of Issue: [Date]

Review Date: [Date]

1. Purpose: The purpose of this Legal and Regulatory Register is to identify and maintain a comprehensive list of all environmental laws, regulations, permits, and other requirements applicable to our organization’s operations and activities as part of our Environmental Management System (EMS).

2. Scope: This register covers all environmental requirements that pertain to our organization, including but not limited to air quality, water quality, hazardous materials, waste management, and energy conservation.

3. Responsibility: The Legal and Regulatory Affairs department is responsible for maintaining and updating this register.

4. Register Contents:

Regulatory Authority	Legal Reference	Description of Requirement	Applicability	Review Frequency
Environmental Agency A	Environmental Act, 20XX	Emission limits for [Specific Pollutant]	[Relevant Facility]	Annually
Water Quality Board	Water Discharge Permit XX	Discharge limits for effluent into [Specific Water Body]	[Facility A, B, C]	Bi-annually
Occupational Safety and Health Administration (OSHA)	Hazardous Chemicals Standard	Handling and storage of hazardous chemicals	[All Facilities]	Quarterly
Department of Energy Efficiency	Energy Conservation Act, 20XX	Mandatory energy consumption reporting	[Facility D]	Annually
Waste Management Authority	Hazardous Waste Regulations	Proper disposal and labeling of hazardous waste	[Facility B, E]	Bi-annually
[Local Authority]	[Local Environmental Ordinance]	Noise level limits during [Specific Operation]	[Facility F]	As needed

5. Applicability:

“Regulatory Authority” identifies the government agency or authority responsible for the regulation.
“Legal Reference” specifies the specific legal document, law, regulation, or permit.
“Description of Requirement” briefly describes the compliance obligation.
“Applicability” indicates which facilities or operations are subject to the requirement.
“Review Frequency” defines how often the requirement is reviewed for changes or updates.

6. Review and Update: This Legal and Regulatory Register will be reviewed and updated as needed to ensure its accuracy and relevance. Any changes to regulations or permits will be promptly reflected in this register.

7. Approval: This Legal and Regulatory Register is approved by:

[Your Name]

[Date]

Legal and Regulatory Affairs Manager

ISO 14001:2015 Clause 7.3 Awareness

ISO 14001:2015 Requirements

The organization shall ensure that persons doing work under the organization’s control are aware of:
a) the environmental policy;
b) the significant environmental aspects and related actual or potential environmental impacts associated with their work;
c) their contribution to the effectiveness of the environmental management system, including the benefits of enhanced environmental performance;
d) the implications of not conforming with the environmental management system requirements, including not fulfilling the organization’s compliance obligations.

As per Annex A (Guidance on the use of ISO 14001:2015 standard) of ISO 14001:2015 standard it further explains:

Awareness of the environmental policy should not be taken to mean that the commitments need to be memorized or that persons doing work under the organization’s control have a copy of the documented environmental policy. Rather, these persons should be aware of its existence, its purpose and their role in achieving the commitments, including how their work can affect the organization’s ability to fulfil its compliance obligations.

The organization shall ensure that persons doing work under the organization’s control are aware of the environmental policy;

Ensuring that persons doing work under the organization’s control are aware of the environmental policy is a crucial element of effective Environmental Management System (EMS) implementation. Here are steps an organization can take to ensure awareness of the environmental policy:

Clearly Communicate the Environmental Policy: Begin by developing a clear and concise environmental policy that outlines the organization’s commitment to environmental protection and sustainability. The policy should be aligned with the organization’s objectives and easy to understand.
Document the Environmental Policy: Document the environmental policy in written form, and ensure it is readily accessible to all employees and relevant parties. It can be included in the organization’s EMS documentation.
Incorporate the Policy in Orientation and Training: During the orientation process for new employees and in regular training programs, include a dedicated section that introduces the organization’s environmental policy. Explain its importance and relevance to their roles.
Environmental Policy Awareness Training: Conduct specific training sessions or workshops focused on the environmental policy for employees who have direct responsibilities for environmental aspects and impacts. This training can provide more in-depth understanding.
Distribution of the Policy: Share the environmental policy with all employees and relevant external parties, such as contractors, suppliers, and visitors. Ensure that copies of the policy are distributed both digitally and in print.
Display in Common Areas: Display the environmental policy prominently in common areas, such as break rooms, bulletin boards, and employee entrances, to ensure visibility.
Regular Communication: Use various communication channels, such as newsletters, emails, intranet, or team meetings, to regularly reinforce the importance of the environmental policy and remind employees of their roles in achieving it.
Leadership Commitment: Ensure that top management demonstrates a strong commitment to the environmental policy and sets an example for all employees. Their leadership reinforces the importance of the policy.
Environmental Objectives and Targets Alignment: Connect the environmental policy with specific environmental objectives and targets. Highlight how achieving these objectives contributes to fulfilling the policy’s commitments.
Employee Engagement: Encourage employee involvement in environmental initiatives and decision-making processes related to the EMS. Employees who feel engaged are more likely to be aware of and committed to the environmental policy.
Feedback Mechanisms: Establish mechanisms for employees to provide feedback or ask questions related to the environmental policy. This can include suggestion boxes or designated contacts for inquiries.
Regular Review and Reinforcement: Conduct periodic reviews and assessments to ensure that awareness of the environmental policy is maintained over time. Adjust communication and training efforts as needed.
Documentation and Record-Keeping: Maintain records of training sessions, communication efforts, and any actions taken to reinforce awareness of the environmental policy.
Contractual Agreements: Include clauses related to adherence to the organization’s environmental policy in contracts with suppliers, contractors, and other external parties working under the organization’s control.

By implementing these measures, an organization can promote awareness and understanding of its environmental policy among all relevant stakeholders. This ensures that everyone working under the organization’s control is aligned with its environmental commitments and contributes to achieving the environmental objectives and targets set in the EMS.

The organization shall ensure that persons doing work under the organization’s control are aware of the significant environmental aspects and related actual or potential environmental impacts associated with their work;

Ensuring that persons doing work under the organization’s control are aware of the significant environmental aspects and related actual or potential environmental impacts associated with their work is a fundamental aspect of effective environmental management. Here’s how an organization can ensure awareness of these environmental aspects and impacts:

Environmental Aspect and Impact Identification: Begin by identifying and assessing the significant environmental aspects and impacts associated with the organization’s operations, products, and services. This is a fundamental step in understanding the environmental context.
Documentation: Document the identified significant environmental aspects and impacts in a clear and concise manner. Ensure that this documentation is part of the organization’s EMS.
Environmental Aspects Register: Develop an environmental aspects register or similar document that lists the significant aspects and their associated impacts. Make this register easily accessible to employees and other relevant parties.
Employee Training and Awareness: Provide training and awareness programs for employees and contractors, emphasizing the importance of identifying and understanding the significant environmental aspects and impacts associated with their work.
Incorporate into Job Descriptions: Include references to environmental aspects and impacts in job descriptions and role profiles, so employees understand how their roles relate to environmental performance.
Customized Training: Customize training programs to address specific environmental aspects and impacts relevant to each job role or department. Use real-world examples to illustrate potential impacts.
Regular Communication: Maintain open and regular communication channels to discuss environmental aspects and impacts with employees. Share information on changes, updates, and lessons learned.
Visual Aids and Signage: Use visual aids, posters, signage, and labels in work areas where significant environmental aspects and impacts are present to remind employees of their importance.
Environmental Induction: Include environmental aspects and impacts as part of the induction process for new employees and contractors. Highlight their responsibilities in managing these aspects.
Review and Update: Regularly review and update the list of significant environmental aspects and impacts as conditions change or new information becomes available.
Employee Engagement: Encourage employees to participate in environmental improvement initiatives and provide opportunities for them to contribute to the identification and mitigation of environmental impacts.
Feedback Mechanisms: Establish mechanisms for employees to report and communicate potential environmental concerns or incidents related to their work. Encourage employees to raise environmental awareness through feedback.
Incident Reporting and Investigation: Ensure that procedures for reporting and investigating environmental incidents are well-defined and communicated. Employees should be aware of the process to report incidents and near misses.
Performance Appraisals: Include assessments of employees’ awareness and understanding of environmental aspects and impacts in performance appraisals.
Legal and Regulatory Compliance: Ensure that employees are aware of their responsibilities to comply with environmental laws, regulations, and permits related to their work.
Supervision and Leadership: Promote leadership involvement in reinforcing awareness of environmental aspects and impacts. Supervisors should lead by example and prioritize environmental responsibility.
Contractual Agreements: Include clauses in contracts with suppliers, contractors, and other external parties working under the organization’s control that require them to be aware of and consider significant environmental aspects and impacts.
Audit and Verification: Conduct audits or assessments to verify that employees and contractors are aware of and are addressing significant environmental aspects and impacts in their work.

By implementing these measures, organizations can enhance the awareness and understanding of significant environmental aspects and impacts among all relevant stakeholders, fostering a culture of environmental responsibility and contributing to effective environmental management and sustainability.

The organization shall ensure that persons doing work under the organization’s control are aware of their contribution to the effectiveness of the environmental management system, including the benefits of enhanced environmental performance;

To ensure that persons doing work under the organization’s control are aware of their contribution to the effectiveness of the Environmental Management System (EMS) and the benefits of enhanced environmental performance, organizations can take several proactive steps:

Incorporate EMS Awareness into Training Programs: Include EMS awareness as a core component of employee training and orientation programs. Ensure that all employees, including contractors and new hires, receive training on the EMS and their role in it.
EMS Documentation Access: Provide easy access to EMS documentation, including the environmental policy, objectives, procedures, and any relevant performance data. Ensure that employees can readily access these documents.
Customized Training for Roles: Tailor training programs to address the specific roles and responsibilities of individuals. Explain how their actions and decisions impact environmental performance and overall effectiveness.
Regular Communication: Maintain open and transparent communication channels to regularly share information about the EMS’s performance and improvements achieved. Use various platforms such as newsletters, emails, team meetings, or bulletin boards.
Leadership Involvement: Encourage leaders and managers to actively engage in discussions about the EMS and its benefits. Leaders should demonstrate their commitment to environmental performance through their actions.
Environmental Objectives and Targets: Clearly communicate the environmental objectives and targets that the organization has set. Explain how achieving these goals contributes to enhanced environmental performance and benefits the organization.
Recognition and Rewards: Implement a recognition and rewards program that acknowledges employees and teams for their contributions to environmental improvements. Publicly recognize achievements related to the EMS.
Feedback and Suggestions: Encourage employees to provide feedback and suggestions for improving the EMS. Create mechanisms for them to contribute ideas for enhancing environmental performance.
Training on Benefits: Offer training sessions specifically focused on the benefits of enhanced environmental performance. Explain how it positively impacts the organization, its reputation, and stakeholders.
Case Studies and Success Stories: Share case studies and success stories within the organization to highlight how specific actions and initiatives have led to improved environmental performance and associated benefits.
Performance Metrics and Dashboards: Develop visual dashboards or performance metrics that clearly illustrate the positive impacts of the EMS, such as reductions in resource consumption, emissions, waste, or cost savings.
Regular Review Meetings: Hold periodic EMS review meetings that involve employees and contractors. Discuss progress, challenges, and the collective contributions to environmental performance.
Employee Engagement Initiatives: Promote employee engagement in environmental initiatives and projects, allowing them to directly participate in activities that enhance the EMS’s effectiveness.
Continuous Improvement Culture: Foster a culture of continuous improvement where employees are encouraged to seek ways to improve environmental performance and suggest changes to EMS processes.
Training on Environmental Benefits to Stakeholders: Educate employees on how enhanced environmental performance benefits not only the organization but also its customers, suppliers, local communities, and the broader environment.
Transparency in Reporting: Provide transparent reports on environmental performance, showing progress toward objectives and targets. Share this information with employees and stakeholders.
Performance Recognition and Awards: Consider participating in industry-specific environmental awards or certifications and promote the recognition received for outstanding environmental performance.
Employee Involvement in EMS Planning: Involve employees in the planning and development of EMS initiatives, strategies, and goals to foster a sense of ownership and commitment.

By implementing these strategies, organizations can raise awareness among individuals working under their control about their vital roles in the EMS and the direct and indirect benefits of enhanced environmental performance. This awareness can lead to increased engagement, better adherence to EMS procedures, and continuous efforts to improve environmental sustainability.

The organization shall ensure that persons doing work under the organization’s control are aware of the implications of not conforming with the environmental management system requirements, including not fulfilling the organization’s compliance obligations.

To ensure that persons doing work under the organization’s control are aware of the implications of not conforming with the Environmental Management System (EMS) requirements, including not fulfilling the organization’s compliance obligations, organizations can take the following steps:

Incorporate EMS Non-Conformance Awareness into Training: Include training on EMS non-conformance, compliance obligations, and the associated implications in employee orientation and ongoing training programs.
Clear Communication of EMS Requirements: Clearly communicate EMS requirements, procedures, and compliance obligations to all employees, contractors, and relevant stakeholders. Use accessible and easy-to-understand language.
Emphasize Legal and Regulatory Requirements: Ensure that all personnel are aware of the legal and regulatory requirements applicable to their work and the organization. Provide training on the consequences of non-compliance.
Consequence of Non-Conformance: Clearly explain the consequences of non-conformance with EMS requirements, including potential environmental incidents, regulatory fines, legal actions, damage to reputation, and financial losses.
Examples and Case Studies: Share real-world examples or case studies that illustrate the implications of non-conformance. Describe how similar incidents have resulted in negative consequences for organizations.
Audits and Inspections: Conduct regular EMS audits and inspections to identify non-conformities and areas of non-compliance. Use these findings as teaching points to illustrate the importance of adherence.
Corrective and Preventive Actions: Ensure that employees understand the process of identifying, reporting, and addressing non-conformities. Emphasize the importance of taking corrective and preventive actions promptly.
Legal and Regulatory Consequences: Educate employees about the potential legal and regulatory consequences of non-compliance, including fines, penalties, and legal actions taken against individuals and the organization.
Environmental Impact Awareness: Raise awareness about the environmental impact of non-conformance, emphasizing the potential harm to ecosystems, wildlife, and communities.
Financial Implications: Explain how non-conformance can lead to financial losses, including cleanup costs, fines, legal fees, and increased insurance premiums.
Reputation Damage: Discuss how incidents related to non-conformance can harm the organization’s reputation, affecting customer trust, investor confidence, and stakeholder relationships.
Employee Accountability: Make it clear that all employees are accountable for their actions and responsibilities under the EMS, and that non-conformance may have consequences for job security and advancement.
Performance Appraisals: Include assessments of compliance with EMS requirements in performance appraisals, and discuss the implications of non-conformance during these reviews.
Reporting Channels: Establish clear reporting channels for employees and contractors to report non-conformances, potential violations, or ethical concerns, ensuring that they feel safe and supported when doing so.
Continuous Improvement Culture: Foster a culture of continuous improvement, encouraging employees to actively participate in identifying and addressing non-conformities and compliance issues.
Documentation and Records: Maintain records of EMS non-conformities, corrective actions taken, and their outcomes. Use these records for training and continuous improvement.
Legal Compliance Training: Provide specific training on legal compliance related to environmental regulations and permit requirements for employees in roles with significant compliance responsibilities.
Consequence Simulation: Conduct training exercises or simulations that simulate the consequences of environmental incidents resulting from non-conformance. This can help employees understand the seriousness of the matter.
Regular Updates: Keep employees informed about changes in regulations, standards, or EMS procedures to ensure ongoing awareness of compliance obligations.

By implementing these measures, organizations can create a culture of compliance and accountability, making sure that everyone working under their control is fully aware of the implications of non-conformance with EMS requirements and compliance obligations. This awareness can help mitigate risks and contribute to improved environmental performance and regulatory compliance.

Documented Information required

There is no mandatory requirement for Documented Information. Here are the key documents and records typically associated with Clause 7.3 of ISO 14001:2015:

Environmental Policy Document: A documented environmental policy that clearly states the organization’s commitment to environmental protection and sustainability. This document should be easily accessible to all employees and relevant parties.
EMS Manual: An EMS manual or equivalent document that outlines the structure, scope, and key elements of the EMS, including the roles and responsibilities of personnel.
Environmental Aspects and Impacts Register: Documentation of the significant environmental aspects and impacts associated with the organization’s activities, products, and services. This register should be maintained and updated as needed.
Environmental Objectives and Targets: A document that specifies the organization’s environmental objectives and targets. This should include information about what is being pursued, deadlines, and responsible individuals or departments.
Job Descriptions and Roles: Job descriptions or role profiles that clearly define the responsibilities of individuals and departments in relation to the EMS. This includes roles related to environmental management and compliance.
Training Plans: Training plans that outline the specific training needs of employees and contractors related to the EMS and their roles within it. These plans should be periodically reviewed and updated.
Training Records: Documentation of completed training sessions, including details such as the date of training, the content covered, the names of participants, and any certifications or qualifications earned.
Orientation Materials: Materials used during employee orientation and onboarding that introduce new hires to the EMS, the environmental policy, and their roles in supporting environmental objectives.
Communication Records: Records of communication efforts used to raise awareness and understanding of the EMS, such as emails, newsletters, intranet announcements, and presentations.
Performance Appraisal Records: Records of performance appraisals that include assessments of employees’ understanding of the EMS and their roles in achieving environmental objectives.
Feedback and Suggestions Documentation: Records of employee feedback, suggestions, or inquiries related to the EMS, its policies, or environmental performance. This includes records of actions taken in response to feedback.
Audit and Assessment Records: Records of EMS audits and assessments, including findings related to employee awareness and compliance with EMS requirements.
Management Review Records: Documentation of discussions and decisions related to EMS awareness and performance during management review meetings.
Legal Compliance Records: Records demonstrating that employees are aware of and trained in legal and regulatory requirements relevant to their work within the EMS.
Records of Awareness Programs: Documentation of awareness programs and initiatives implemented to educate employees and contractors about the EMS and its importance.
Records of Environmental Performance: Records of environmental performance metrics and data that illustrate progress toward environmental objectives and targets. This helps employees understand the outcomes of their efforts.
Incident and Non-Conformance Reports: Records of environmental incidents, non-conformances, or violations, along with related corrective and preventive actions taken.

These documents and records are essential for demonstrating compliance with ISO 14001:2015 requirements related to awareness and for maintaining an effective EMS that encourages the active involvement and understanding of all persons working under the organization’s control.

Example of Procedure for Awareness of Environmental Management System (EMS)

Objective: This procedure aims to ensure that all persons working under the organization’s control are aware of the Environmental Management System (EMS), its requirements, and their individual roles and responsibilities within the EMS.

Responsibility: The responsibility for implementing and maintaining this procedure rests with the [Name or Department] responsible for environmental management.

Procedure:

1. Environmental Policy Awareness:

a. Environmental Policy Distribution: Ensure that the organization’s environmental policy is documented and widely distributed to all employees, contractors, and relevant stakeholders.

b. Communication of Policy: Communicate the environmental policy to all employees during orientation and regularly through internal communication channels, such as emails, intranet, or bulletin boards.

2. Employee Orientation:

a. EMS Introduction: Include an introduction to the EMS as part of the employee orientation program. Explain the organization’s commitment to environmental protection and sustainability.

b. Policy Review: During orientation, review the organization’s environmental policy with new employees and explain its significance.

3. Role-Specific Awareness:

a. Job Role Descriptions: Maintain up-to-date job role descriptions or profiles that clearly outline the roles and responsibilities of employees within the EMS.

b. Training Plans: Develop training plans that are customized for each job role, emphasizing EMS-related responsibilities.

4. EMS Training:

a. EMS Training Sessions: Conduct EMS training sessions for employees to provide in-depth knowledge about the EMS, including its objectives, aspects, and compliance obligations.

b. Regular Training Updates: Periodically review and update training materials to ensure that they remain relevant and aligned with the organization’s EMS.

5. Communication Channels:

a. Regular EMS Updates: Use various communication channels (e.g., emails, newsletters, meetings) to provide regular updates on EMS-related matters, performance achievements, and goals.

b. Feedback Mechanisms: Establish mechanisms for employees to provide feedback, ask questions, or seek clarification on EMS-related topics.

6. Environmental Aspects and Impacts:

a. Documentation: Maintain a register or documentation of significant environmental aspects and impacts associated with the organization’s activities, products, and services.

b. Awareness of Aspects: Communicate information about these aspects and impacts to relevant personnel, so they understand their connection to environmental performance.

7. Legal Compliance:

a. Legal Awareness: Educate employees about the legal and regulatory requirements applicable to their work and the organization’s obligations to comply with these requirements.

8. Performance Appraisals:

a. EMS Assessment: Include assessments of employees’ understanding and adherence to EMS requirements in performance appraisals.

9. Documentation:

a. Record-Keeping: Maintain records of EMS awareness efforts, including training sessions, communication, and employee feedback.

10. Continuous Improvement:

a. Feedback Analysis: Regularly analyze feedback and suggestions from employees to identify areas for improvement in EMS awareness efforts.

b. Periodic Review: Periodically review and update this procedure to ensure its effectiveness and alignment with the organization’s EMS goals.

ISO 9001:2015 Clause 8.5.6 Control of changes

ISO 9001:2015 Requirements

The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements. The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

1) The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.

reviewing and controlling changes to ensure continuing conformity with requirements is a critical aspect of quality management and compliance with standards like ISO 9001:2015. Here’s a comprehensive approach for organizations to follow:

Change Identification:Establish a clear and formal process for identifying proposed changes. Anyone within the organization should be able to initiate a change request. Ensure that change requests include detailed information about the change, its purpose, and its potential impact.
Change Request Submission:Create a system for submitting change requests. Standardize the format and content of change requests to ensure that they contain essential information, such as the rationale for the change and expected outcomes.
Change Review Team:Form a cross-functional change review team comprising relevant stakeholders, including representatives from affected departments, subject matter experts, and quality assurance personnel.
Impact Assessment:Conduct a comprehensive impact assessment to evaluate how the proposed change will affect conformity with requirements. Assess its impact on quality, compliance, safety, customer satisfaction, and any legal or regulatory obligations.
Risk Analysis:Perform a risk analysis to identify potential risks associated with the change. Assess the likelihood and severity of these risks and develop mitigation plans where necessary.
Change Approval Process:Establish a structured change approval process with clear criteria for approving or rejecting changes. Define roles and responsibilities, decision-making authority, and specific timelines for evaluation.
Documentation and Records:Document all aspects of the change process, including assessments, risk analyses, approval decisions, and actions taken. Maintain a record of these activities for future reference and audits.
Testing and Validation:If applicable, conduct testing or validation of the change to ensure that it does not negatively impact conformity with requirements. This may involve pilot testing, validation trials, or quality control checks.
Communication:Communicate the approved changes and their implications to all relevant stakeholders, including employees, customers, suppliers, and regulatory bodies (if necessary). Ensure that everyone is informed of the change.
Training and Education: Provide training and education to employees who will be affected by the change. Ensure they understand the new requirements and processes.
Implementation Planning: Develop a detailed implementation plan, including timelines, resource allocation, and contingency plans, to ensure a smooth transition to the new state.
Monitoring and Measurement: Establish Key Performance Indicators (KPIs) to monitor the effectiveness of the change and its impact on conformity with requirements. Regularly measure and report on these KPIs.
Feedback Mechanism: Implement a feedback mechanism that allows employees, customers, and other stakeholders to report any issues or concerns related to the change.
Periodic Review: Schedule periodic reviews of the change to ensure that it continues to meet conformity requirements and to identify opportunities for improvement.
Continuous Improvement: Use the feedback and monitoring data to drive continuous improvement efforts. If issues or non-conformities are identified, take corrective actions promptly.
Documentation and Record Keeping: -Maintain records of all change-related activities, including approvals, testing results, training records, and performance measurements.
Management Review: Include the results of change control activities in management review meetings to ensure top-level awareness and commitment to maintaining conformity with requirements.

By following this comprehensive approach, organizations can effectively review and control changes to ensure continuing conformity with requirements. This systematic and structured approach helps mitigate risks, maintain quality, and enhance customer satisfaction while promoting compliance with relevant standards and regulations.

2) The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

maintaining records of the results of change reviews, authorizations, and any necessary actions is a crucial aspect of change control and compliance with quality management standards such as ISO 9001:2015. These records provide documented evidence of the change management process and ensure transparency, accountability, and traceability. Here’s how an organization can maintain such records effectively:

Record of Change Request:Create a standardized form or digital template for recording change requests. This record should include details like the date of the request, the person initiating the change, the description of the change, its purpose, and its potential impact.
Change Review Records:Maintain records of the change review process. These records should capture the results of the impact assessment, risk analysis, and any discussions or decisions made by the change review team. Include details about how the change may affect conformity with requirements.
Authorization Records:Document the authorization of the change, including the name of the person(s) authorizing the change, their roles or positions, and the date of authorization. This provides clear accountability for the decision to proceed with the change.
Change Implementation Records:Track the implementation of approved changes, documenting the steps taken to put the change into practice. This can include details about testing, training, and communication efforts related to the change.
Action Records:Maintain records of any actions taken as a result of the change review. This should include corrective actions, preventive actions, or any adjustments made to ensure continuing conformity with requirements.
Communication Records:Keep records of all communications related to the change, including notifications to stakeholders, employees, customers, and suppliers. This ensures that everyone is informed about the change and its implications.
Monitoring and Measurement Records:Document the results of monitoring and measurement activities related to the change. This includes any Key Performance Indicators (KPIs) or metrics used to assess the effectiveness of the change.
Feedback and Improvement Records:Maintain records of feedback received from stakeholders, including employees and customers, regarding the change. Document any suggestions or concerns raised and actions taken to address them.
Periodic Review Records:Keep records of periodic reviews of the change to assess its ongoing conformity with requirements and identify opportunities for improvement.
Record Retention: Establish a record retention policy that defines how long records related to change management should be retained. Ensure that records are stored securely and are easily accessible for audits and reviews.
Auditing and Documentation Validation:Regularly audit the documentation related to change control to ensure that it is complete, accurate, and up-to-date. Make necessary revisions and updates as needed.
Management Review: Present records of change control activities in management review meetings to demonstrate compliance with standards and to gather insights for continuous improvement.

Maintaining these records not only helps ensure compliance but also facilitates transparency, accountability, and the ability to learn from past changes. It provides valuable documentation for audits, regulatory inspections, and management assessments.

Documented Information Required

In ISO 9001:2015, Clause 8.5.6 “Control of Changes” focuses on ensuring that changes to the organization’s processes, products, services, or the Quality Management System (QMS) itself are controlled and managed effectively. Here’s a list of documents and records required for compliance with Clause 8.5.6:

Documents:

Change Management Procedure: This is a documented procedure that outlines the organization’s process for managing changes. It should include the steps for initiating, reviewing, approving, implementing, and communicating changes.
Change Request Form: A standardized form or digital template that individuals or departments use to submit change requests. It should capture essential information about the change, including its nature, purpose, potential impact, and rationale.
Change Authorization Records: Documentation of the authorization process, including the names or positions of individuals responsible for approving changes, the date of authorization, and their signatures or electronic approvals.
Change Review Records: Records of the review process for each change, including the results of impact assessments, risk analyses, and any discussions or decisions made by the change review team.
Risk Analysis Documentation: Documentation related to risk assessments conducted for proposed changes. This should include information on identified risks, their potential impact, and mitigation plans.
Change Implementation Records: Records of actions taken during the implementation of approved changes. This may include testing, training, and communication efforts related to the change.
Action Records: Documentation of any corrective or preventive actions taken as a result of change reviews, including the rationale, actions, responsibilities, and deadlines for completion.
Communication Records: Records of all communications related to the change, including notifications to stakeholders, employees, customers, and suppliers. This should include the method and date of communication.
Monitoring and Measurement Records: Records of monitoring and measurement activities related to the change, including any Key Performance Indicators (KPIs) or metrics used to assess the effectiveness of the change.
Feedback and Improvement Records: Records of feedback received from stakeholders, including employees and customers, regarding the change. Document any suggestions, concerns, or improvements made in response.
Periodic Review Records: Records of periodic reviews of the change to assess its ongoing conformity with requirements and identify opportunities for further improvement.

Records:

Record Retention Policy: A documented record retention policy that defines how long records related to change management should be retained and the criteria for disposal.
Training and Competence Records: Documentation of training and competence records for employees involved in change management activities, demonstrating their qualifications and training related to the change control process.
Documented Process Flowcharts: Flowcharts or process maps that visually depict the steps involved in the change control process, from initiation to implementation.
Documented Process Responsibilities: A document outlining the responsibilities of individuals or departments involved in the change control process, including their roles and authorities.
Management Review Records: Records of how change control activities are presented and discussed in management review meetings, demonstrating top-level awareness and commitment.

These documents and records are critical for effectively controlling changes within an organization while ensuring compliance with ISO 9001:2015 Clause 8.5.6. They provide a structured and documented approach to managing changes, maintaining quality, and promoting continual improvement.

Example of Change Management Procedure

1. Purpose:

This procedure outlines the process for managing changes within [Organization Name]. It aims to ensure that all changes are systematically reviewed, authorized, implemented, and communicated while considering their potential impact on the Quality Management System (QMS), processes, products, and services.

2. Scope:

This procedure applies to all changes initiated within the organization, including changes to processes, products, services, and the QMS itself.

3. Definitions:

Define any specific terms or acronyms used in the procedure.

4. Procedure Steps:

4.1. Change Initiation:

Any employee or department may initiate a change by completing the “Change Request Form” (Appendix A).
The change request should include details about the nature of the change, its purpose, potential benefits, and any risks or impacts.

4.2. Change Review:

The Change Review Team, composed of relevant stakeholders, including representatives from affected departments and quality assurance, will review the change request.
The team will assess the impact of the change on the QMS, processes, products, services, compliance, and other relevant factors.
A risk analysis will be conducted to identify and evaluate potential risks associated with the change.

4.3. Authorization:

The Change Review Team will decide whether to approve or reject the change based on the impact assessment and risk analysis.
If approved, the team will designate an authorized person(s) to approve the change.

4.4. Change Implementation:

The authorized person(s) will oversee the implementation of the approved change.
Implementation may involve testing, training, and communication efforts to ensure a smooth transition.

4.5. Communication:

Communication plans will be developed to notify stakeholders, including employees, customers, suppliers, and regulatory bodies (if applicable), about the approved change.
Effective communication will ensure that everyone is informed of the change and its implications.

4.6. Monitoring and Measurement:

Key Performance Indicators (KPIs) or metrics related to the change will be established to monitor its effectiveness and impact.
Regular measurement and reporting of these KPIs will occur.

4.7. Feedback and Improvement:

Feedback from stakeholders, including employees and customers, will be solicited and evaluated regarding the change.
Any suggestions, concerns, or improvements will be documented and addressed.

4.8. Record Keeping:

All records related to change management, including change requests, impact assessments, authorization records, communication records, and feedback, will be maintained as per the Record Retention Policy (Appendix B).

5. Appendices:

Include any relevant appendices, such as the Change Request Form (Appendix A) and the Record Retention Policy (Appendix B).

6. Revision and Review:

This procedure will be reviewed, updated, and revised as necessary to reflect changes in the organization’s processes, products, services, or regulatory requirements.

Example of Change Request Form

Requester Information:

Name: [Requester’s Name]
Department: [Requester’s Department]
Date: [Date of Request]
Contact Information: [Requester’s Email/Phone]

Change Details:

Change Title/Description: [Brief title or description of the change]
Nature of Change: [Select one: Process Change, Product Change, Service Change, QMS Change, Other (Specify)]
Purpose of Change: [Explain why this change is necessary]
Expected Benefits: [Describe the expected benefits of this change]

Impact Assessment:

Affected Area(s): [Specify departments, processes, products, or services impacted by the change]
Potential Risks: [Identify potential risks associated with the change]

Change Request Review:

Change Review Team: [List members of the change review team]
Review Date: [Date of review]
Decision: [Select one: Approved, Rejected, Further Review Required]
Authorized Approver: [Name of the person authorized to approve the change]
Approval Date: [Date of approval]

Change Implementation:

Implementation Plan: [Provide a brief plan outlining how the change will be implemented, including timelines and responsibilities]

Communication Plan:

Stakeholders to Notify: [List stakeholders, including employees, customers, suppliers, and regulatory bodies, if applicable]
Communication Method: [Specify how the change will be communicated]
Communication Date: [Date of communication]

Monitoring and Measurement:

Key Performance Indicators (KPIs): [List any KPIs or metrics related to the change]
Measurement Plan: [Explain how and when KPIs will be measured and reported]

Feedback and Improvement:

Feedback Mechanism: [Describe how feedback from stakeholders will be collected and addressed]
Suggestions/Concerns: [Document any suggestions, concerns, or improvements related to the change]

Attachments:

[Attach any supporting documents or files related to the change request]

Approval:

Requester’s Signature: ___________________________ Date: _______________
Authorized Approver’s Signature: __________________ Date: _______________

Note: For office use only

Change Request Number: [Assigned by the organization]
Status: [Open, Approved, Rejected, Implemented, Closed]
Record Keeping: [Date and location of record keeping]

Example of Record Retention Policy

1. Purpose:

The purpose of this policy is to establish guidelines for the retention and disposal of records within [Organization Name]. It aims to ensure that records are retained for the appropriate duration to meet legal, regulatory, operational, and historical requirements while minimizing storage costs and risks.

2. Scope:

This policy applies to all records, regardless of format or medium, created or received by [Organization Name] in the course of its business activities. It covers records related to administration, finance, human resources, quality management, customer service, and any other functional areas.

3. Policy Statement:

3.1. Record Categories:

Records are categorized into the following types:
- Vital Records: Records critical to the continued operation of the organization.
- Legal and Regulatory Records: Records required to meet legal and regulatory obligations.
- Operational Records: Records necessary for ongoing business operations.
- Historical Records: Records of historical value or significance.

3.2. Retention Periods:

Records will be retained based on their category and in compliance with applicable legal and regulatory requirements. Specific retention periods are outlined in the Record Retention Schedule (Appendix A).

3.3. Record Custodianship:

Each record will have a designated custodian responsible for its maintenance and disposal in accordance with this policy.

3.4. Secure Storage:

Records will be stored securely to prevent unauthorized access, damage, or loss.

3.5. Disposal:

Records will be disposed of at the end of their retention periods in a manner that ensures confidentiality and compliance with data protection laws.

3.6. Record Destruction Authorization:

Destruction of records will require written authorization from the designated custodian and compliance with legal and regulatory requirements.

4. Record Retention Schedule:

The Record Retention Schedule (Appendix A) provides specific retention periods for various types of records maintained by [Organization Name]. It is updated as needed to reflect changes in legal or regulatory requirements.

5. Compliance:

All employees, contractors, and third parties are required to comply with this policy and related procedures.

6. Training:

[Organization Name] will provide training and guidance to employees on the proper retention and disposal of records.

7. Monitoring and Review:

The [Position/Department] is responsible for monitoring compliance with this policy and conducting periodic reviews to ensure its effectiveness.

8. Record Keeping:

Records related to this policy, including the Record Retention Schedule, record disposal authorizations, and records of destruction, will be maintained as required by legal and regulatory obligations.

9. Document History:

This policy will be reviewed and updated as necessary to ensure its relevance and effectiveness. Document revision history will be maintained.

This example change management procedure provides a structured framework for managing changes within an organization. Remember to customize it to align with your organization’s specific needs and requirements, and ensure that it complies with ISO 9001:2015 or any other applicable standards or regulations.

ISO 9001:2015 Clause 8.5.5 Post-delivery activities

ISO 9001:2015 Requirements

The organization shall meet requirements for post-delivery activities associated with the products and services.
In determining the extent of post-delivery activities that are required, the organization shall consider:
a) statutory and regulatory requirements;
b) the potential undesired consequences associated with its products and services;
c) the nature, use and intended lifetime of its products and services;
d) customer requirements;
e) customer feedback.
NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

The organization shall meet requirements for post-delivery activities associated with the products and services.

Post-delivery activities may differ for each company, and it is required that the organization determine the nature and extent of any post-delivery activities applicable to their type of work. Post-delivery activities mean providing support for their product or services post the delivery which may or may not be required by the customer, as per your contractual agreements. Your organization must meet requirements for post-delivery activities associated with the products and services.Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal. Post-delivery activities are crucial to ensuring customer satisfaction and the continued success of an organization. Here’s a guideline on how an organization should meet requirements for post-delivery activities associated with products and services:

Clearly define what constitutes post-delivery activities within your organization. This can include maintenance, support, warranties, customer inquiries, and feedback processes.
Create a documented post-delivery policy that outlines the organization’s commitment to meeting customer requirements and ensuring satisfaction after the product or service has been delivered.
Designate specific contact points or customer support teams responsible for handling post-delivery activities.Ensure that customers know how to reach these contact points for assistance.
If applicable, clearly communicate warranty and guarantee policies to customers, including the duration and terms of coverage. Provide instructions for customers on how to claim warranty or guarantee services.
Implement a system for collecting customer feedback, such as surveys, customer reviews, or direct contact channels. Regularly analyze and act on customer feedback to improve products and services.
Establish processes for addressing customer inquiries and concerns promptly. Train customer support personnel to handle inquiries effectively and professionally.
Keep customers informed about updates, improvements, or new versions of products and services.Clearly communicate the benefits of updates and how customers can access them.
If your organization provides maintenance or servicing, create schedules and protocols for these activities. Ensure that maintenance and servicing teams are adequately trained and equipped.
Develop a procedure for handling customer complaints efficiently.Investigate complaints thoroughly and provide resolutions within agreed-upon timelines.
Maintain records of all post-delivery activities, including customer interactions, complaints, resolutions, and feedback. – Use these records for continuous improvement.
Regularly review post-delivery processes and activities to identify areas for improvement. Implement corrective actions based on feedback, complaints, and analysis of post-delivery activities.
Ensure that all post-delivery activities comply with relevant laws, regulations, and industry standards.
Provide training to employees involved in post-delivery activities to ensure they are competent in handling customer interactions and providing support.
Maintain open lines of communication with customers, keeping them informed about any changes or updates related to the product or service.
Monitor key performance indicators (KPIs) related to post-delivery activities, such as response times, customer satisfaction scores, and resolution rates. – Use these metrics to evaluate the effectiveness of your post-delivery processes.
Ensure that all post-delivery activities are documented and that records are properly organized and accessible for review and audit purposes.
Conduct periodic management reviews to assess the effectiveness of post-delivery activities and make strategic decisions for improvement.
Clearly define roles and responsibilities for post-delivery activities to ensure accountability within the organization.
Conduct internal audits to validate compliance with post-delivery requirements and policies.
Offer resources, guides, or training to help customers make the most of your products or services.

By implementing these measures, an organization can effectively meet requirements for post-delivery activities, enhance customer satisfaction, and maintain a positive reputation in the market.

2) In determining the extent of post-delivery activities that are required, the organization shall consider statutory and regulatory requirements;

In some cases, post-delivery activities are statutory or regulatory requirements. Such requirements should be addressed. For example, there is a mandated 13 weeks for the defects and liability period in New South Wales, Australia, which may be longer depending on what is included in the contract for the project. These requirements, including statutory and contractual, will need to be considered in the organization’s processes. Compliance with applicable laws and regulations is essential for ensuring that the organization meets its legal obligations and maintains the trust of its customers and stakeholders. Here’s how an organization can incorporate statutory and regulatory requirements into post-delivery activities:

Begin by identifying all relevant statutory and regulatory requirements that pertain to your industry and the specific products or services you offer. These may include local, national, and international regulations.
Conduct a comprehensive assessment to understand how these regulations apply to post-delivery activities. Consider factors such as data privacy, product safety, environmental impact, and consumer protection.
Create a comprehensive document that outlines how the organization will comply with each relevant regulation in the context of post-delivery activities. This document may be part of the organization’s compliance management system.
Ensure that employees involved in post-delivery activities are aware of the specific regulations that apply to their roles and responsibilities. Provide training and guidance on compliance.
Integrate compliance with statutory and regulatory requirements into existing post-delivery processes and procedures. This ensures that compliance is an integral part of day-to-day operations.
Establish monitoring and auditing mechanisms to regularly assess and verify compliance with statutory and regulatory requirements. Conduct internal audits and reviews to identify areas that need improvement.
Maintain records related to compliance efforts and activities. This includes records of audits, corrective actions, and any interactions with regulatory authorities.
Seek legal counsel or consultation to interpret and navigate complex regulations. Legal experts can provide guidance on how to meet legal obligations effectively.
Stay informed about changes in relevant regulations. Regulations can change over time, so it’s essential to adapt post-delivery activities accordingly.
Develop incident response plans that include steps for addressing and reporting any compliance violations or breaches promptly and in accordance with regulatory requirements.
If certain regulations require customer disclosures or notifications (e.g., data breaches), establish clear communication protocols and templates to ensure compliance.
Pursue external certifications or audits, if applicable and relevant to your industry. These can provide evidence of compliance with specific regulations.
Periodically review and update your documentation and processes with the assistance of legal experts to ensure ongoing compliance.
Be prepared to adapt post-delivery activities swiftly in response to significant changes in regulations, ensuring ongoing compliance.

By considering statutory and regulatory requirements in post-delivery activities, organizations can mitigate legal risks, maintain a positive reputation, and build trust with customers and stakeholders. It’s an essential element of responsible business conduct in today’s regulatory environment.

3) In determining the extent of post-delivery activities that are required, the organization shall consider the potential undesired consequences associated with its products and services

The organization must consider all risks or potential consequences related to its product or service and create a response plan on how they will address the situation. For builders, this would be the defect liability period that commences once the project is handed over. There should be timely responses to issues raised and comprehensive reporting during the defects liability period as it is generally the last major interaction with the customer and can have a significant impact on customer satisfaction. The reporting can assist the sales/estimating teams and construction teams for future projects to identify lessons learnt.In a software company, this can be fixing bugs and other issues post-release. A post-delivery maintenance window may be defined in the contract with the customer in many cases. Considering the potential undesired consequences associated with products and services is a crucial part of determining and managing post-delivery activities. It demonstrates an organization’s commitment to delivering safe, reliable, and high-quality products and services to customers. Here’s how an organization can incorporate this consideration into its post-delivery activities:

Conduct a comprehensive risk assessment for each product or service offered. Identify potential undesired consequences, such as safety hazards, performance issues, or environmental impacts.
Ensure that the organization complies with relevant laws and regulations related to product safety, environmental impact, and consumer protection. Align post-delivery activities with regulatory requirements.
Implement rigorous product testing and quality control measures to minimize the likelihood of defects or performance issues. Regularly review and update testing protocols.
Establish mechanisms for customers to provide feedback on their experiences with products or services. Monitor customer reviews, complaints, and inquiries to identify potential issues.
Develop a clear incident reporting and response process to address and rectify any adverse events or issues related to products or services promptly.
Implement a culture of continuous improvement where identified undesired consequences lead to corrective actions and process enhancements.
Maintain comprehensive records of product or service testing, customer complaints, incident reports, and corrective actions taken. These records can be invaluable for analysis and improvement.
Develop product recall plans and procedures to swiftly and effectively address and communicate recalls or safety concerns to customers if necessary.
Clearly define warranty and guarantee policies to address potential undesired consequences. Ensure customers are aware of their rights and the process for seeking remedies.
Implement sustainability measures to reduce the environmental impact of products or services. This may include recycling programs, eco-friendly packaging, or energy-efficient designs.
Provide comprehensive and clear product labeling and user guides to help customers use products safely and effectively.
Evaluate and manage potential undesired consequences within the supply chain, including the sourcing of raw materials and components.
Educate customers on how to use products or services correctly and safely. Provide guidelines and safety tips where necessary.
Ensure that the organization operates within ethical boundaries and complies with legal requirements, particularly in industries with heightened safety or ethical concerns.
Establish clear and transparent communication channels with customers, regulators, and stakeholders. Promptly inform them of any potential undesired consequences and the steps taken to address them.
Develop risk mitigation plans that outline preventive measures and strategies for addressing potential consequences proactively.

By considering potential undesired consequences associated with products and services and taking proactive measures to address them in post-delivery activities, organizations can enhance customer trust, minimize risks, and improve overall product and service quality. It’s a proactive approach to delivering value and satisfaction to customers while mitigating potential issues.

4) In determining the extent of post-delivery activities that are required, the organization shall consider the nature, use and intended lifetime of its products and services

Considering the nature, use, and intended lifetime of products and services is essential when determining post-delivery activities. This consideration helps organizations tailor their post-delivery efforts to align with the specific characteristics of their offerings and the expectations of their customers. This is very commonly stated in the organization’s return policy. This is generally based upon the intended lifetime of the product and warranties return if something goes wrong with the product before that time.Here’s how an organization can incorporate these considerations into its post-delivery activities:

Conduct a thorough analysis of the nature and characteristics of each product or service. Understand its purpose, features, and how it is intended to be used.
Identify and analyze customer needs and expectations related to the product or service. This includes understanding how customers intend to use it and their long-term requirements.
Determine the expected lifetime of the product or service. Consider whether it is a one-time purchase, a subscription-based service, or a product with a longer lifespan.
Based on the product or service’s nature and expected lifetime, establish maintenance and servicing requirements. Some products may require frequent maintenance, while others may need less frequent attention.
Develop warranty and support policies that align with the expected lifetime of the product or service. Ensure that customers are aware of the coverage and duration.
Create comprehensive user guides and documentation that address the specific nature and intended use of the product or service. Make these resources readily available to customers.
Offer training programs or educational materials to help customers make the most of the product or service, especially if it has complex features or uses.
Plan for replacement or upgrade options for products or services that have a limited lifetime. Notify customers about these options well in advance.
Factor in environmental concerns, including product recycling, disposal, or the reduction of environmental impact, depending on the nature of the product or service.
Encourage customers to provide feedback on how the product or service meets their needs. Use this feedback to iterate and improve offerings.
Assess potential risks and issues associated with the product or service over its intended lifetime. Develop strategies to mitigate these risks.
Plan for the end of the product or service’s lifecycle, including proper disposal or recycling procedures.
Continuously monitor the performance and condition of products or services, especially those with long lifespans, to identify any emerging issues.
Maintain open lines of communication with customers throughout the product or service’s lifetime, providing updates, notifications, and support as needed.
Ensure that all post-delivery activities align with relevant legal and regulatory requirements, including those specific to the nature and use of the product or service.

By carefully considering the nature, use, and intended lifetime of products and services, organizations can provide tailored post-delivery support, enhance customer satisfaction, and maximize the value customers receive throughout the product or service lifecycle. This approach also promotes long-term customer relationships and brand loyalty.

5) In determining the extent of post-delivery activities that are required, the organization shall consider the customer requirements and customer feedback.

Considering customer requirements and customer feedback is essential when determining post-delivery activities. This customer-centric approach helps organizations address customer needs, enhance satisfaction, and continually improve their products and services. Some client contracts may have post-delivery, support, maintenance or warranty requirements. Such post-delivery activities should be clearly described and implemented. Any customer feedback on post-delivery activities should be considered. If required by the customer, any requests for changes should be accounted for if found feasible by the company.Here’s how an organization can incorporate customer requirements and feedback into its post-delivery activities:

1. Customer Requirements:

Understanding Customer Needs: – Conduct market research and surveys to understand customer expectations, preferences, and requirements related to your products or services.
Customization Options: – Offer customization or personalization options to meet specific customer requirements when applicable.
Clear Product/Service Information: – Ensure that product or service descriptions, features, and benefits are clearly communicated to customers to meet their expectations.
Customer Communication Channels: – Provide multiple communication channels (e.g., email, phone, chat) for customers to express their requirements or ask questions.
Feedback Collection: – Actively seek input from customers during the pre-delivery phase to understand their needs and preferences.

2. Customer Feedback:

Feedback Collection Mechanisms: – Establish mechanisms for customers to provide feedback on their experiences with your products or services, both during and after delivery. This can include surveys, reviews, and direct communication.
Feedback Analysis: – Regularly analyze customer feedback to identify common issues, concerns, or areas for improvement.
Continuous Improvement: – Use customer feedback as a valuable source of information to drive continuous improvement efforts in post-delivery activities.
Response to Feedback: – Acknowledge and respond to customer feedback promptly, whether it’s positive or negative. Show customers that their opinions matter.
Feedback Integration: – Integrate customer feedback into product or service development and enhancement processes to align with customer expectations.

3. Tailored Support:

Personalized Customer Support: – Provide personalized support and assistance based on customer feedback and specific requirements.
Problem Resolution: – Address and resolve customer issues, complaints, or concerns in a timely and effective manner.

4. Communication:

Proactive Communication: – Proactively communicate with customers to provide updates, news, and information related to products or services.
Notification of Enhancements: – Inform customers about product or service enhancements or updates that address their feedback or requirements.

5. Iterative Development: – Use customer feedback to guide iterative development and improvement of products or services over time.

6. Tailored Training: – Offer training programs or educational resources based on customer feedback and specific customer requirements.

7. Customer Satisfaction Surveys: – Implement regular customer satisfaction surveys to gauge how well post-delivery activities align with customer requirements and expectations.

8. Responsive Customer Service: – Ensure that customer support teams are responsive and accessible to address customer needs and feedback promptly.

9. Feedback Documentation: – Maintain records of customer feedback, responses, and actions taken to address feedback for accountability and analysis.

By integrating customer requirements and feedback into post-delivery activities, organizations can build stronger customer relationships, enhance product or service quality, and demonstrate a commitment to meeting and exceeding customer expectations. This customer-centric approach is vital for long-term success and customer loyalty.

6) Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

Post-delivery activities encompass a wide range of actions and services that an organization provides after delivering its products or services to customers. These activities often include:

Warranty Provisions:
- Managing and fulfilling warranty agreements by addressing defects, malfunctions, or issues with the product or service during the specified warranty period.
- Providing repairs, replacements, or refunds as per warranty terms and conditions.
Contractual Obligations:
- Fulfilling contractual commitments, which may include ongoing maintenance, support, or service agreements.
- Adhering to service level agreements (SLAs) and performance expectations outlined in contracts.
Maintenance Services:
- Offering regular maintenance services to ensure the continued optimal performance and reliability of products or services.
- Conducting preventive maintenance to proactively address potential issues.
Technical Support:
- Providing technical assistance and troubleshooting to customers who encounter problems or have questions about using the product or service.
- Offering a helpdesk or customer support hotline for inquiries and issue resolution.
Training and Education:
- Offering training programs, workshops, or online resources to educate customers on how to use products or services effectively and safely.
- Training customers on advanced features or capabilities.
Software Updates and Patching:
- Releasing software updates, patches, and bug fixes to enhance product performance, security, and functionality.
- Ensuring customers can easily access and install these updates.
Recycling and Disposal Services:
- Providing options and guidance for customers to responsibly dispose of or recycle products at the end of their life cycle.
- Implementing take-back programs or assisting with eco-friendly disposal.
Product Upgrades and Enhancements:
- Informing customers about new features, versions, or upgrades available for products or services.
- Offering incentives or discounts for customers to upgrade.
Sustainability Initiatives:
- Implementing sustainability practices, such as reducing environmental impact, using eco-friendly materials, or minimizing energy consumption in post-delivery activities.
- Educating customers about the eco-friendly aspects of products or services.
Customer Feedback Collection:
- Actively seeking and encouraging customer feedback on product or service performance, usability, and areas for improvement.
- Using feedback to drive product or service enhancements.
Complaint Resolution:
- Establishing procedures to address and resolve customer complaints efficiently and to the satisfaction of the customer.
- Implementing corrective actions to prevent recurring issues.
Performance Monitoring and Reporting:
- Monitoring the performance and usage patterns of products or services and reporting on key performance indicators (KPIs).
- Using data to optimize post-delivery activities and improve customer experience.
Customer Loyalty Programs:
- Implementing customer loyalty programs, rewards, or incentives to encourage repeat business and strengthen customer relationships.
Legal and Regulatory Compliance:
- Ensuring that all post-delivery activities comply with relevant laws, regulations, and industry standards.
- Managing compliance documentation and reporting.

These post-delivery activities are essential for maintaining customer satisfaction, ensuring the longevity and reliability of products or services, and building strong and lasting relationships with customers. Organizations that excel in these areas often enjoy higher customer retention and enhanced brand reputation.

Documented Information Required

In ISO 9001:2015, Clause 8.5.5 focuses on the control of changes, and it does not specifically mention post-delivery activities. However, it is essential to maintain records and documents related to post-delivery activities to ensure that customer requirements are met, and products or services continue to perform as expected after delivery. Here are the typical documents and records that organizations may need to maintain in the context of post-delivery activities:

Post-Delivery Service Agreements: Contracts, agreements, or service-level agreements (SLAs) outlining the organization’s commitments for post-delivery services, such as warranties, maintenance, or technical support.
Customer Feedback Records: Records of customer feedback, including complaints, comments, and suggestions related to post-delivery activities. This information can help identify areas for improvement.
Maintenance and Service Reports: Documentation of maintenance or service activities conducted on products or services, including details of the work performed, dates, and any corrective actions taken.
Warranty Records: Records of warranty claims, including customer requests for warranty support, investigations, resolutions, and any repairs or replacements made.
Product or Service Performance Data: Records of performance data, such as reliability, durability, and safety assessments, to evaluate and ensure the continued satisfaction of customers.
Training and Education Records: Documentation of training programs or materials provided to customers to educate them on product or service usage, safety, and maintenance.
Product Upgrade or Enhancement Records: Documentation of product or service upgrades, enhancements, or modifications made to address customer feedback or changing needs.
Recycling and Disposal Records: Records related to recycling, disposal, or take-back programs, including guidelines for customers on responsible disposal or recycling options.
Technical Support Records: Records of technical support provided to customers, including inquiries, troubleshooting, and resolutions.
Records of Communication: Documentation of communications with customers regarding post-delivery activities, such as notifications of updates, recalls, or product improvements.
Customer Satisfaction Surveys: Records of customer satisfaction surveys, results, and analysis to assess the effectiveness of post-delivery activities and identify areas for improvement.
Corrective and Preventive Action Records: Documentation of corrective and preventive actions taken in response to customer feedback, complaints, or issues related to post-delivery activities.
Regulatory Compliance Records: Documentation of compliance with applicable laws, regulations, and industry standards in the context of post-delivery activities.
Product Lifecycle Records: Documentation related to the expected lifecycle of products or services, including plans for end-of-life management, recycling, or disposal.
Audit Reports: Records of internal audits or assessments related to post-delivery activities to ensure compliance and effectiveness.
Management Review Records: Documentation of management reviews focusing on post-delivery activities, performance, and continuous improvement.

It’s important to note that the specific documents and records required can vary depending on the organization’s industry, the nature of its products or services, and the applicable regulatory requirements. Organizations should establish a robust document control system to manage and retain these records as evidence of conformity and continuous improvement in post-delivery activities.

Example of Procedure : Post-Delivery Activities Procedure

1. Purpose:

The purpose of this procedure is to define the process for managing post-delivery activities associated with our products and services to meet customer requirements, address potential issues, and continually improve customer satisfaction.

2. Scope:

This procedure applies to all post-delivery activities conducted by [Organization Name] and covers products and services delivered to customers.

3. Responsibility:

The [Department or Team] is responsible for implementing and maintaining this procedure.
[Key Personnel] are responsible for specific tasks within the procedure, as outlined below.

4. Procedure Steps:

4.1. Customer Feedback and Complaint Handling:

[Key Personnel] shall monitor and collect customer feedback, including complaints, comments, and suggestions.
[Key Personnel] shall document all customer feedback in the [Feedback Tracking System].

4.2. Feedback Analysis:

[Key Personnel] shall analyze customer feedback regularly to identify recurring issues or trends.
[Key Personnel] shall categorize feedback into areas such as product defects, service quality, or usability.

4.3. Corrective and Preventive Actions:

In response to customer feedback, [Key Personnel] shall initiate corrective and preventive actions as needed.
[Key Personnel] shall maintain records of these actions in the [Action Tracking System].

4.4. Product/Service Maintenance and Support:

The [Support Team] shall provide technical support to customers via [Support Channels], including phone, email, and chat.
[Key Personnel] shall track and document support requests and resolutions.

4.5. Warranty Claims Management:

[Key Personnel] shall receive and review warranty claims submitted by customers.
[Key Personnel] shall coordinate repairs, replacements, or refunds as per warranty terms.

4.6. Maintenance Scheduling:

[Key Personnel] shall schedule regular maintenance activities for products or services with maintenance requirements.
[Maintenance Team] shall perform scheduled maintenance and maintain records of service activities.

4.7. Communication with Customers:

[Key Personnel] shall maintain open lines of communication with customers, providing updates, notifications of product enhancements, and responses to inquiries.

4.8. Training and Education:

[Training Team] shall develop and offer training programs, materials, and resources to educate customers on product or service usage and maintenance.

4.9. Product Upgrades and Enhancements:

[Product Development Team] shall identify opportunities for product or service upgrades based on customer feedback.
[Key Personnel] shall communicate upgrade options to customers.

4.10. Recycling and Disposal Services:

[Key Personnel] shall provide guidance to customers on responsible recycling or disposal options for products.
[Recycling Team] shall coordinate recycling or disposal programs.

5. Records and Documentation:

All records related to post-delivery activities, including customer feedback, corrective actions, maintenance reports, warranty claims, and training records, shall be maintained and documented in the [Record Keeping System].

6. Performance Monitoring:

[Key Personnel] shall regularly monitor key performance indicators (KPIs) related to post-delivery activities, such as response times, customer satisfaction scores, and resolution rates.
[Key Personnel] shall use KPI data for performance evaluation and continuous improvement.

7. Management Review:

The management team shall conduct periodic reviews to assess the effectiveness of post-delivery activities, identify areas for improvement, and allocate resources as needed.

8. Revision and Review:

This procedure shall be reviewed, updated, and revised as necessary to reflect changes in post-delivery activities, customer requirements, or regulatory requirements.

9. Training:

Employees involved in post-delivery activities shall receive training on this procedure and related processes.

10. Compliance: – All post-delivery activities shall comply with relevant laws, regulations, and industry standards.

11. Communication: – This procedure shall be communicated to all relevant personnel within the organization to ensure its effective implementation.

ISO 9001:2015 Clause 8.5.3 Property belonging to customers or external providers

ISO 9001:2015 Requirements

The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control or being used by the organization. The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services. When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred.
NOTE A customer’s or external provider’s property can include material, components, tools and equipment, premises, intellectual property and personal data.

1) The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control or being used by the organization.

This requires that an organization should control any property belonging to customers or external providers while under the organization’s control or be used by the organization. This clause could be applied to protecting the subcontractor’s tools, materials and plant onsite against theft or damage. For a company dealing with refurbishments of rooms, this could be the processes to protect existing items / the structure, such as covering furniture and flooring with protective plastic/drop sheets. This exact requirement would also extend to protecting client data, such as project documents and data in systems In a services company that does not have physical customer or external provider property, this could be limited to managing customers’ information, including personal information. Customer property always carries the risk of being lost, damaged, stolen or misused, or their conditions may deteriorate over time. An organization should implement mechanisms to identify all such cases and notify the customer/external provider when this happens. This can be done effectively by maintaining an inventory management system, identifying customer property, traceability and maintenance or control over the use of the property through access controls, etc. The controls can be decided by the organization, as required. The requirement to exercise care with property belonging to customers or external providers is a crucial aspect of quality management and business ethics. Organizations must ensure that they treat external property with respect, safeguard it from damage or loss, and use it only for its intended purpose. Here’s how an organization can fulfill this requirement:

Clearly define the responsibilities of personnel who have access to or are responsible for customer or external provider property. Assign ownership and accountability.
Maintain an inventory or record of all customer or external provider property under the organization’s control. This includes items such as customer-supplied materials, tools, equipment, or intellectual property.
Label or mark customer or external provider property to clearly identify its ownership and intended use. Ensure that the identification is consistent with agreements and requirements.
Store and handle customer or external provider property in a safe and secure manner to prevent damage, theft, or loss.Use appropriate storage conditions, such as controlled environments or secure storage areas, when necessary.
Regularly inspect and maintain customer or external provider property to ensure it remains in good condition and is fit for its intended purpose.
Obtain written authorization from the customer or external provider for any use or disposition of their property outside of the agreed-upon terms.
Implement controls to prevent unauthorized personnel from using or accessing customer or external provider property. Ensure that employees are aware of the limitations and restrictions regarding the use of external property.
Return customer property promptly and in the condition in which it was received when no longer needed. Follow agreed-upon return procedures. Obtain customer or external provider authorization for any disposal or disposition of their property.
Maintain records of all customer or external provider property, including details of receipt, storage, use, maintenance, and return or disposition.Ensure records accurately reflect the condition and usage of the property.
Train employees who handle customer or external provider property on the organization’s policies, procedures, and their responsibilities regarding such property.
Maintain open and effective communication with customers or external providers regarding the handling and status of their property, including any concerns or issues that arise.
Develop procedures for handling any non-conformance related to customer or external provider property, including the reporting and resolution of issues.
Ensure that the organization’s practices regarding customer or external provider property comply with all legal and contractual requirements, including intellectual property rights.
Conduct periodic internal audits and verifications to assess the effectiveness of the organization’s processes for handling external property.
Use data and feedback to drive continuous improvement efforts in property handling processes, aiming to enhance customer satisfaction and ensure compliance.

By implementing these measures, an organization can exercise care and diligence in handling property belonging to customers or external providers, thereby maintaining trust, complying with contractual agreements, and upholding ethical and quality standards.

2) The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services.

Identifying, verifying, protecting, and safeguarding customers’ or external providers’ property provided for use or incorporation into products and services is a critical aspect of maintaining quality and compliance with contractual obligations. Check that your organization communicates with its customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformity occur with customer property. Good sources of information often include Goods returned by the customer; Warranty claims; Revised invoices; Credit notes; Articles in the media; Consumer websites; Direct observation of, or communication with, the customer. Here’s a comprehensive approach for customers to follow:

Identification: Clearly define your property, including unique identifiers, specifications, and any labeling or marking requirements. Ensure that your property is marked or labeled in accordance with your specifications.
Verification: Establish clear verification criteria for your property, including quality standards, quantities, and any specific requirements. Ensure that the organization verifies your property against the agreed-upon criteria upon receipt and communicates the results to you.
Protection and Packaging:Package your property securely to prevent damage during transit and handling. Label or mark the packaging with handling instructions, fragility warnings, and any specific storage requirements.
Transportation: Select reliable carriers and logistics partners with a track record of safe and secure transportation. Inspect the condition of your property upon delivery and immediately report any visible damage or discrepancies.
Storage Instructions: Provide clear storage instructions to the organization if your property has specific requirements, such as temperature, humidity, or light conditions. Ensure that the organization follows these instructions.
Authorization for Use: Clearly specify under what conditions the organization is authorized to use or incorporate your property into products or services. Document this authorization. Ensure that any use is compliant with your specified requirements.
Monitoring and Updates: Monitor how the organization handles and uses your property throughout the project or service. Request regular updates on the status of your property and promptly address any changes or concerns.
Communication: Maintain open lines of communication with the organization regarding the handling, status, and condition of your property. Address any inquiries, requests for information, or concerns raised by the organization.
Traceability and Records: Request that the organization maintains traceability records for your property, including records of receipt, storage, usage, and any inspections or tests performed.
Non-Conformance Handling: Establish a process for addressing non-conformances, damage, or discrepancies related to your property. Outline how claims for loss or damage will be handled.
Insurance: Consider insuring your property during transportation and while it is under the organization’s control. Verify whether the organization’s insurance policies cover your property.
Legal and Contractual Compliance: Ensure that the organization’s practices regarding your property comply with all legal and contractual requirements, including intellectual property rights.
Feedback and Improvement: Provide feedback to the organization on the handling and protection of your property, including any suggestions for improvement or concerns.

By following these steps, customers can effectively identify, verify, protect, and safeguard their property provided for use or incorporation into products and services. This proactive approach helps ensure that property is handled according to your specifications, minimizes risks, and promotes a positive working relationship with the organization. If there are any products, materials, or tools on your organization’s premises that are owned by a customer, all employees must exercise care with this property. This means they must ensure that the product is not lost or damaged.

3) When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider

If customer property is lost or damaged, this needs to be recorded and the customer needs to be notified. When the property of a customer or external provider is lost, damaged, or otherwise found to be unsuitable for use, it is essential for the organization to report this promptly and transparently to the customer or external provider. This communication is crucial for maintaining trust, resolving issues, and ensuring compliance with contractual agreements. Here are the steps to follow when such a situation occurs:

As soon as the loss, damage, or unsuitability is discovered, take immediate action to prevent further damage or loss and to mitigate the impact on the project or service.
Document the details of the incident thoroughly. Include information such as the date, time, location, the nature of the issue, and any relevant circumstances or observations.
Notify the customer or external provider of the incident promptly. Use the most appropriate and expedient means of communication, which may include phone calls, emails, or formal written notifications.
Provide a detailed report to the customer or external provider that includes:
- A clear description of the incident and the property affected.
- The root cause or circumstances that led to the incident.
- The extent of the damage or loss, if applicable.
- Any immediate corrective actions taken to mitigate the impact.
- Steps planned or underway to prevent similar incidents in the future.
- Any compensation, replacement, or remediation plans if applicable, in accordance with contractual terms.
Collaborate with the customer or external provider to determine the most suitable course of action for addressing the issue. This may involve discussing replacement, compensation, or corrective actions.
Maintain open lines of communication throughout the resolution process. Keep the customer or external provider informed of progress and any changes in the situation.
Implement preventive measures to avoid similar incidents in the future. This may include process improvements, enhanced security measures, or changes in handling procedures.
Ensure that all actions taken are in compliance with contractual agreements and legal requirements. Adhere to any dispute resolution mechanisms specified in the contract.
Use the incident as an opportunity for continuous improvement. Analyze the root causes and identify lessons learned to enhance processes and prevent recurrences.
Maintain records of all communications, actions taken, and resolutions reached related to the incident. These records may be valuable for future reference and audits.
Solicit feedback from the customer or external provider regarding their satisfaction with the resolution process and the organization’s handling of the incident.
Conduct follow-up communications with the customer or external provider to ensure that the agreed-upon actions and resolutions have been effectively implemented.

Timely and transparent communication when property is lost, damaged, or unsuitable is critical for maintaining a positive business relationship, addressing issues promptly, and demonstrating the organization’s commitment to accountability and customer satisfaction.

4) When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall retain documented information on what has occurred

Retaining documented information when the property of a customer or external provider is lost, damaged, or found to be unsuitable for use is a crucial part of ensuring transparency, accountability, and compliance with quality management standards and contractual obligations. Here’s how the organization should handle the retention of documented information in such situations:

Document the Incident: As soon as the incident occurs, document all relevant details thoroughly. This should include information such as the date, time, location, the nature of the issue, and any circumstances or observations related to the incident.
Report and Notification: Document the notification and communication process with the customer or external provider. This includes records of when and how you informed them about the incident, the details provided, and any immediate actions taken.
Root Cause Analysis: Document the results of any root cause analysis or investigations conducted to determine how and why the incident occurred. This should include an analysis of contributing factors.
Corrective Actions: Document any immediate corrective actions taken to mitigate the impact of the incident and prevent its recurrence. Describe the actions and their effectiveness.
Resolution Plans: If the incident involves compensation, replacement, or remediation, document the plans and actions taken to address these aspects. Include details of any agreements reached with the customer or external provider.
Preventive Measures:Document any preventive measures implemented to prevent similar incidents in the future. This should include process improvements, enhanced security measures, or changes in handling procedures.
Compliance with Contractual and Legal Requirements:Ensure that the documented information reflects compliance with contractual agreements and legal requirements. Adhere to any specific record-keeping or reporting requirements outlined in the contract.
Continuous Improvement:Use the documented information to facilitate continuous improvement efforts. Analyze the root causes, lessons learned, and opportunities for enhancing processes and reducing the risk of similar incidents.
Record Retention:Adhere to your organization’s document retention policy and retain the documented information for the specified retention period or as required by regulatory standards.
Confidentiality and Security: Ensure that the documented information is stored securely and confidentially to prevent unauthorized access or disclosure.
Accessibility and Retrieval: Make sure that the documented information is easily retrievable for audits, investigations, and reference purposes. Maintain an organized system for document storage and retrieval.
Reporting and Communication: Document any additional reporting or communication related to the incident, including follow-up communications with the customer or external provider.
Customer Feedback: If the customer provides feedback on the incident and its resolution, document this feedback and any actions taken in response.

By retaining documented information in a structured and organized manner, the organization demonstrates its commitment to transparency, accountability, and effective incident management. This documentation also serves as a valuable resource for future reference, audits, and continuous improvement efforts.

Here are the key documents and records required for Clause 8.5.3:

Documents:

Procedure for Handling Customer or External Provider Property: This document outlines the organization’s procedures for receiving, handling, protecting, and managing property belonging to customers or external providers. It should describe the steps to be taken when property is received, used, or returned.
Property Identification and Labeling Standards: If applicable, the organization may need to maintain documents that specify the standards for identifying and labeling customer or external provider property. This includes information about unique identifiers, labeling methods, and any specific requirements.
Communication and Notification Procedures: Documents that describe the procedures for communicating with customers or external providers regarding the status of their property, including notifications of loss, damage, or other issues.

Records:

Property Receipt Records: Records of all property received from customers or external providers. These records should include details such as the property description, unique identifiers, quantity, condition upon receipt, and the date of receipt.
Inspection and Verification Records: Records of any inspections or verifications conducted on the received property. This includes records of inspections for accuracy, completeness, and compliance with specifications.
Incident and Non-Conformance Reports: Records of any incidents involving customer or external provider property, such as loss, damage, or unsuitability for use. These records should document the incident’s details, root causes, corrective actions taken, and any communication with the customer or external provider.
Communication Records: Records of all communication with customers or external providers related to their property. This includes notifications, agreements, resolutions, and feedback received.
Authorization Records: Records of written authorizations or agreements from customers or external providers specifying the conditions under which the organization is authorized to use or incorporate their property into products or services.
Storage and Handling Records: Records related to the storage and handling of customer or external provider property, including any specific storage conditions or handling instructions.
Traceability Records: Records that establish traceability of customer or external provider property throughout its use or incorporation into products or services. These records may include unique identifiers, handling logs, and usage records.
Documentation of Return or Disposition: Records of property that has been returned to customers or external providers or records documenting the agreed-upon disposition or disposal of the property.
Training Records: Records of training provided to employees involved in handling customer or external provider property, demonstrating their competence in carrying out these activities.
Audit and Review Records: Records of internal audits and management reviews related to the handling of customer or external provider property, including findings and corrective actions.

These documents and records are essential for demonstrating compliance with ISO 9001:2015 Clause 8.5.3 and for effectively managing property belonging to customers or external providers within an organization’s quality management system. They help ensure transparency, accountability, and compliance with contractual agreements.

5) A customer’s or external provider’s property can include material, components, tools and equipment, premises, intellectual property and personal data.

Customer’s or external provider’s property can encompass a wide range of items, including but not limited to:

Materials: Raw materials, intermediate products, or finished products that are provided by customers or external providers for use in manufacturing or service provision.
Components: Individual parts, assemblies, or sub-assemblies supplied by customers or external providers to be incorporated into final products or services.
Tools and Equipment: Specialized tools, machinery, equipment, or instruments provided by customers or external providers for use during production or service provision.
Premises: Facilities, buildings, or specific areas within facilities made available by customers or external providers for conducting certain operations or services.
Intellectual Property: Any intellectual property rights or assets, including patents, copyrights, trademarks, trade secrets, or proprietary software, licensed or entrusted to the organization by customers or external providers.
Personal Data: Any personal data or sensitive information provided by customers or external providers for specific purposes, such as processing orders, conducting market research, or providing services.

Each of these types of property may have specific handling, storage, and security requirements. It’s essential for organizations to have clear procedures and controls in place to manage and safeguard these various forms of customer or external provider property effectively. This ensures that such property is treated with care, confidentiality is maintained, and contractual obligations are met.

Example of Procedure for Handling Customer or External Provider Property

Objective: This procedure defines the process for receiving, handling, protecting, and managing property belonging to customers or external providers as required by ISO 9001:2015 Clause 8.5.3.

Scope: This procedure applies to all property provided by customers or external providers and entrusted to [Organization Name] for use or incorporation into products or services.

Responsibilities:

The [Quality Manager/Designated Personnel] is responsible for overseeing and ensuring compliance with this procedure.
All employees involved in handling customer or external provider property must adhere to this procedure.

Procedure:

1. Property Receipt:

Upon receipt of property from a customer or external provider, record the details of the property in the Property Receipt Record. This includes the property description, unique identifiers, quantity, condition upon receipt, and the date of receipt.

2. Verification and Inspection:

Conduct inspections or verifications of the received property, comparing it against accompanying documentation, specifications, and any unique identifiers provided. Document the results in the Inspection and Verification Records.

3. Communication with Customers or External Providers:

Notify the customer or external provider promptly upon receipt of their property. Provide acknowledgment and confirm the property’s condition.
Document all communication related to the property, including notifications, agreements, resolutions, and feedback.

4. Storage and Handling:

Store the property in designated and secure areas, ensuring that it is protected from damage, loss, or unauthorized access.
Adhere to any specific storage conditions or handling instructions provided by the customer or external provider.

5. Authorization for Use:

Ensure that written authorizations or agreements from customers or external providers specify the conditions under which the organization is authorized to use or incorporate their property into products or services.

6. Traceability and Record Keeping:

Maintain traceability records to establish the property’s status and usage throughout its lifecycle. These records may include unique identifiers, handling logs, and usage records.

7. Incident Reporting and Non-Conformance Handling:

If any loss, damage, or non-conformance related to the property occurs, promptly report the incident and follow the organization’s procedures for handling non-conformances. Document incident details, root causes, corrective actions, and any communication with the customer or external provider.

8. Return or Disposition:

When the property is no longer needed, follow the agreed-upon procedures for returning it to the customer or external provider or for disposing of it in compliance with contractual terms.

9. Training and Awareness:

Provide training to employees involved in handling customer or external provider property to ensure they understand and follow the organization’s policies and procedures.

10. Record Retention: – Adhere to the organization’s document retention policy for records related to customer or external provider property, retaining them for the specified retention period.

11. Continuous Improvement: – Analyze data and feedback related to property handling to identify opportunities for process improvement and risk reduction.

12. Legal and Contractual Compliance: – Ensure that all actions taken comply with legal and contractual requirements, including intellectual property rights and confidentiality agreements.

13. Reporting and Communication: – Maintain open and effective communication with customers or external providers regarding the handling and status of their property, including any concerns or issues that arise.

14. Confidentiality and Security: – Ensure that the documented information is stored securely and confidentially to prevent unauthorized access or disclosure.

15. Audit and Review: – Be prepared for internal audits and management reviews related to property handling processes.

16. Document Retention: – Retain this procedure and associated records as per the organization’s document control and record retention policy.

17. Review and Revision: – Periodically review and update this procedure to ensure its continued effectiveness and relevance.

18. Approval and Revision History: – Maintain records of procedure approvals and revisions.

ISO 9001:2015 Clause 8.5.4 Preservation

ISO 9001:2015 Requirements

The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.
NOTE Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.

1) The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.

During any time of their life cycle, the product is a raw material, work-in-progress item or finished products, which run the risk of being lost, damaged, stolen or misused, and becomes unsuitable to use over time, or it may be perishable. To prevent products from becoming unsuitable for use, adequate controls should be applied in terms of procedures being followed and the environment required for such products. This could include using identification, status and traceability, tracking shelf life of perishable items, management of hazardous material, Methods such as FIFO and control on the environment like temperature or humidity, etc. These controls should be included in your operation processes through your product project/quality plans, standard operating procedures, work instructions, etc. A simple example could be, builders need to ensure the preservation of materials delivered to the site. This can be done by storing material in a locked compound and protected from the weather. This would also extend to installed products, such as glass, which may have a protective coating to protect against scratches or floor protection used to protect installed flooring (e.g. carpet or floorboards). While in a software company, this could be backing up the various systems in use, including those with customer data, and testing the restoration of backups to ensure that data is available and not lost during a disaster scenario. To preserve the outputs during production and service provision, organizations need to implement a range of measures and controls to ensure that products or services maintain their quality and conformity to requirements. Here are steps and strategies to help organizations effectively preserve outputs:

Establish Clear Procedures: Develop documented procedures that specify how preservation activities will be carried out. Ensure that these procedures are accessible to relevant personnel.
Environmental Control: If applicable, maintain control over environmental conditions such as temperature, humidity, and cleanliness to prevent adverse effects on products or services.
Packaging and Labeling: Use appropriate packaging materials that protect products from physical damage, contamination, or deterioration. Label packages with relevant information such as part numbers, lot numbers, and handling instructions.
Contamination Prevention: Implement measures to prevent contamination, including the use of clean and sanitized equipment, hygiene practices, and maintaining a clean working environment.
Storage and Handling: Properly store and handle products or service components to avoid damage or deterioration. This includes using suitable racks, shelves, bins, or storage containers.
Inventory Management: Manage inventory levels effectively to avoid overproduction and ensure products or services remain current. Rotate stock to minimize the risk of using older or obsolete items.
Traceability: Maintain traceability of products or services by documenting their origins, including the sources of materials and components used.
Monitoring and Measurement: Implement monitoring and measurement activities at critical stages to verify conformity to requirements. This may involve inspections, tests, and quality checks.
Protection from Physical Damage: Protect products or services from physical damage during transportation, handling, and storage. Use appropriate handling equipment and ensure proper stacking and placement.
Records and Documentation: Maintain detailed records of preservation activities, including environmental conditions, inspections, tests, and any corrective actions taken to address non-conformities.
Training and Awareness: Train employees on the importance of preservation measures and ensure they are aware of relevant procedures and responsibilities.
Continuous Improvement: Regularly review and evaluate the effectiveness of preservation practices. Identify areas for improvement and make necessary adjustments to enhance quality and conformity.
Supplier and Subcontractor Control: If external providers are involved in the process, ensure that they adhere to the same preservation standards and requirements.
Quality Control and Inspection: Conduct regular quality control checks and inspections to identify and address any potential issues before they affect the final product or service.
Corrective Actions: Promptly address any non-conformities or issues related to preservation. Implement corrective actions to prevent recurrences.

By following these strategies and measures, organizations can effectively preserve outputs during production and service provision, maintain product or service quality, meet customer requirements, and reduce the risk of non-conformities or quality issues.

2) Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.

1) Identification– One essential aspect of preservation during production and service provision is the identification of outputs. Identifying outputs effectively is crucial for maintaining product or service quality, traceability, and conformity to requirements. Here’s how organizations can ensure the identification of outputs:

Use clear and standardized labeling or marking techniques to identify each output. This may include unique identifiers, serial numbers, lot numbers, or other relevant information.
Maintain accurate and up-to-date records that specify the identification details of each output. This documentation should be easily accessible and include key information such as product specifications, customer requirements, and associated data.
Implement quality control checks at various stages of production or service provision to verify that each output is correctly identified and conforms to established standards.
Establish traceability systems that enable tracking the production or service process from start to finish. This ensures that each output can be traced back to its source, including materials and components used.
Conduct visual inspections to confirm that identification markings are clear, legible, and properly applied to each output.
In more complex or automated processes, consider using barcode or RFID (Radio-Frequency Identification) systems to streamline the identification and tracking of outputs.
Ensure that employees involved in production or service provision are trained and aware of the importance of correct identification practices.
Manage documents related to output identification in accordance with the organization’s document control procedures to prevent errors and inconsistencies.

By effectively identifying outputs throughout the production and service provision process, organizations can maintain product or service quality, enhance traceability, reduce the risk of errors, and ensure conformity to customer requirements and relevant standards.

2) Handling- Handling of outputs during production and service provision is a critical aspect of preservation. Proper handling procedures are essential to prevent physical damage, contamination, or other factors that could compromise the quality, safety, or conformity of the products or services. Here’s how organizations can ensure the effective handling of outputs:

Ensure that personnel involved in handling outputs are adequately trained and competent in their roles. Training should cover proper handling techniques, safety measures, and awareness of potential risks.
Establish and communicate clear guidelines for the safe handling of outputs. This includes techniques for lifting, moving, and positioning products or components without causing damage or injury.
Provide employees with appropriate handling equipment and tools, such as lifting devices, pallet jacks, or protective gear, to facilitate safe and efficient handling.
Integrate quality control checks and inspections into the handling process. Ensure that outputs are examined for damage, defects, or discrepancies at various stages of handling.
If applicable, ensure that outputs are adequately packaged to protect them from physical damage, dust, moisture, or other potential hazards during handling and transportation.
Implement measures to prevent contamination during handling. This may include maintaining cleanliness in handling areas and using protective coverings for sensitive components.
Communicate handling instructions clearly through labels, markings, or documentation. Employees should be aware of any specific requirements for different types of outputs.
Teach employees how to stack and store outputs correctly to prevent damage, distortion, or collapse of materials or products. Ensure that storage areas are organized and suitable for the purpose.
Maintain environmental conditions, such as temperature and humidity, within specified ranges when handling sensitive outputs, particularly in industries where environmental factors can affect product quality.
Encourage employees to report any instances of damage, defects, or non-conformities observed during handling. Ensure that procedures are in place for addressing and documenting such incidents.
Train employees on how to respond to emergency situations, such as spills, accidents, or equipment malfunctions, that may occur during handling.
Continuously assess and improve handling procedures based on feedback, lessons learned, and incident reports. Seek ways to enhance safety and efficiency.

By implementing these measures, organizations can effectively handle outputs during production and service provision, reducing the risk of damage, ensuring conformity to requirements, and maintaining product or service quality.

3) Contamination control– Contamination control is a systematic process designed to prevent the introduction of contaminants into a product, process, or environment. The specific steps in contamination control can vary depending on the industry and context, but here are some common steps that organizations often follow:

Identify potential sources of contamination, which can include raw materials, equipment, personnel, and the environment. Assess the types of contaminants that could be introduced, such as physical particles, chemical substances, or biological agents.
Conduct a risk assessment to prioritize and evaluate potential contamination risks. Determine the severity and likelihood of contamination events and their potential impact on product quality or safety.
Define contamination control standards and requirements based on the risk assessment and industry regulations. Specify acceptable contamination levels or limits for different types of contaminants.
Implement engineering controls to minimize contamination risks, such as:
- Designing equipment with sanitary features.
- Using closed systems to prevent exposure to the environment.
- Installing air filtration systems to control airborne contaminants.
Develop and implement standard operating procedures (SOPs) that detail contamination control measures. Train employees on contamination prevention practices and proper hygiene.
Establish cleaning and sanitization protocols for equipment, workspaces, and tools. Use cleaning agents and disinfectants appropriate for the specific contaminants and surfaces.
Implement environmental monitoring programs to regularly assess contamination levels in the production or service environment. Use methods like swab testing, air sampling, and surface testing to detect and address contamination.
Verify the quality and cleanliness of incoming raw materials and ingredients. Inspect and quarantine materials that do not meet contamination control standards.
Enforce strict hygiene practices for employees, including handwashing, wearing appropriate protective clothing, and following cleanroom protocols if applicable.
Implement proper waste disposal procedures to prevent the release of contaminants into the environment. Segregate, label, and dispose of waste materials according to regulatory guidelines.
Conduct regular internal audits and inspections to ensure compliance with contamination control measures. Prepare for external audits by regulatory authorities or certification bodies.
Maintain detailed records of contamination control activities, including cleaning logs, monitoring results, and corrective actions taken.
Establish a culture of continuous improvement, where lessons learned from contamination incidents or near misses are used to update and enhance contamination control practices.
Develop contingency plans for handling contamination incidents or emergencies. Ensure employees are trained in responding to and containing contamination events.
Validate the effectiveness of contamination control measures through testing and verification processes. Ensure that contamination control procedures remain effective over time.
Maintain clear communication channels within the organization to report and address contamination concerns promptly.

These steps may need to be adapted and customized to fit the specific needs and requirements of different industries and organizations. Contamination control is an ongoing process that requires vigilance, monitoring, and continuous improvement to maintain product quality and safety.

4) Packaging– Packaging of outputs during production and service provision involves a series of steps to ensure that products or services are appropriately protected, labeled, and prepared for distribution or use. The specific steps can vary depending on the industry and the nature of the products or services, but here are some common steps in the packaging process:

Determine the type of packaging materials (e.g., boxes, bags, containers, labels, wraps) suitable for the specific product or service. Consider factors like product size, weight, fragility, and storage requirements.
Choose the appropriate packaging method, such as manual packaging, automated packaging, or a combination of both, based on production volume and efficiency considerations.
Ensure that the packaging materials meet quality standards and are free from defects or contamination. Conduct quality checks on incoming packaging materials.
Design and print labels or packaging inserts that contain essential information such as product name, description, ingredients, instructions for use, safety warnings, barcodes, and branding elements.
Prepare the packaging components, including boxes, bags, or containers. Assemble them, if necessary, and ensure they are clean and in proper condition.
Carefully place the product or service into the packaging, ensuring that it is positioned securely and that any required protective measures (e.g., cushioning, dividers) are in place.
Seal the packaging using appropriate methods, such as adhesive tape, heat sealing, or mechanical fasteners. Ensure a secure and tamper-evident closure.
Conduct quality checks on the packaged products or services to verify that they meet quality standards and that the packaging is intact and correctly labeled.
If applicable, label or mark packaging with batch or lot numbers for traceability and recall purposes.
Prepare packing documentation, including packing lists, invoices, and shipping labels, as needed for distribution or delivery.
Store packaged products or services in a controlled environment that meets specific storage requirements (e.g., temperature, humidity) to maintain product integrity.
If products or services are transported in bulk, arrange them on pallets for ease of handling, storage, and transportation. Secure the pallets with shrink wrap or strapping.
: Coordinate the shipping or distribution of packaged products or services, ensuring that they are properly loaded onto transport vehicles and that shipping labels are visible.
For temperature-sensitive products, ensure that the cold chain (temperature-controlled supply chain) is maintained throughout transportation and storage.
Maintain detailed records of the packaging process, including quality checks, batch/lot information, and shipping documentation. This documentation is important for traceability and quality control.
Implement sustainable packaging practices, such as recycling or eco-friendly materials, to minimize the environmental impact of packaging.
Collect feedback on packaging performance and make necessary improvements to enhance packaging quality and efficiency.
Ensure that packaging complies with relevant regulatory requirements, especially in industries with strict packaging regulations, such as food, pharmaceuticals, and hazardous materials.

These steps should be tailored to the specific needs and requirements of your industry and products or services. Effective packaging is crucial not only for preserving the quality and safety of outputs but also for meeting customer expectations and regulatory standards.

5) Storage– Storing outputs during production and service provision is a crucial aspect of efficient operations and ensuring product or service quality. The specific methods and systems for storing outputs may vary depending on the nature of the organization, its industry, and regulatory requirements. Here are some common approaches and best practices:

Maintain an organized inventory system to store finished products or service outputs. Use labeling and tracking systems to easily identify items.
If you produce physical goods, consider renting or owning warehouses to store finished products. Implement shelving and storage systems for efficient space utilization.
For digital outputs or service-related data, use secure digital storage solutions such as cloud storage, databases, or content management systems.
Implement quality control checkpoints during production or service provision to ensure that only acceptable outputs are stored. Reject or rework any substandard items.
Depending on the nature of your outputs (e.g., perishable goods), maintain suitable environmental conditions in your storage facilities, including temperature and humidity control.
Implement security measures to protect stored outputs from theft, damage, or unauthorized access. This may include surveillance, access controls, and alarm systems.
Maintain detailed records of stored outputs, including date of production, batch numbers, or serial numbers. This helps with traceability and recall in case of issues.
Establish inventory management practices such as FIFO or LIFO to ensure that older stock is used or sold before newer stock to prevent spoilage or obsolescence.
Regularly inspect and rotate stock to prevent items from deteriorating or becoming obsolete.
Conduct periodic audits of your storage facilities and inventory to ensure accuracy and compliance with organizational policies.
If your organization operates in a regulated industry (e.g., food, pharmaceuticals), ensure compliance with storage and record-keeping regulations.
Identify potential risks to stored outputs (e.g., natural disasters, fire) and implement risk mitigation measures such as backup storage facilities or insurance coverage.
If you rely on external suppliers for components or materials, work closely with them to ensure timely and efficient delivery of inputs to maintain your production or service provision.
Continuously monitor storage capacity and plan for expansion as needed to accommodate growing production or service volumes.
Ensure that employees responsible for handling and managing stored outputs are trained in proper storage practices and safety measures.

Remember that the specific storage methods and strategies will depend on the unique requirements of your organization and the nature of your products or services. Regularly review and update your storage processes to optimize efficiency and adapt to changing business needs.

6) Transmission or transportation– Preservation extends beyond storage and can also encompass the transmission or transportation of products. Ensuring the integrity and quality of products during transit is crucial, especially when dealing with perishable goods, fragile items, or products sensitive to environmental conditions. Here are some considerations for preserving products during transmission or transportation:

Packaging: Use appropriate packaging materials that provide protection against physical damage, moisture, temperature fluctuations, and other potential hazards during transit.
Temperature Control: For temperature-sensitive products (e.g., food, pharmaceuticals), employ refrigerated or climate-controlled transportation to maintain the desired temperature range.
Shock and Vibration Control: Implement measures to minimize shocks and vibrations during transportation, especially for delicate or fragile items. This may include cushioning materials or shock-absorbing packaging.
Security: Ensure the security of the products during transportation to prevent theft or tampering. This may involve using tamper-evident seals and secure transport methods.
Transportation Planning: Plan transportation routes and schedules to minimize transit times and reduce the risk of delays that could affect product quality or shelf life.
Quality Checks: Conduct quality checks before and after transportation to identify any damage or issues that may have occurred during transit.
Tracking and Monitoring: Use tracking and monitoring systems to keep real-time tabs on the location and condition of products during transportation. This allows for quick intervention if any problems arise.
Documentation: Maintain accurate documentation related to transportation, including bills of lading, packing lists, and any required permits or certifications.
Compliance with Regulations: Ensure compliance with regulations and standards relevant to the transportation of your specific products. This includes adherence to safety, environmental, and customs regulations.
Emergency Plans: Develop contingency plans for unexpected events such as accidents, natural disasters, or transportation delays to minimize the impact on product integrity.
Supplier Collaboration: Collaborate closely with transportation providers to communicate your specific requirements and expectations, and establish clear lines of communication in case of issues.
Training: Train personnel involved in the transportation process to handle products properly and respond to emergencies effectively.
Insurance: Consider appropriate insurance coverage to mitigate financial risks associated with potential transportation-related losses or damage.

Preservation during transportation is a critical link in the supply chain, and attention to these factors helps ensure that products reach their destination in the desired condition. The specific measures you need to take will depend on the nature of your products and the challenges associated with their transportation.

7) Protection: Protecting products from various forms of damage or deterioration is a key aspect of preservation, whether during storage, transportation, or any other stage in the product lifecycle. Here are some ways to protect products effectively:

Packaging: Choose appropriate packaging materials that provide a physical barrier to protect products from dust, moisture, contaminants, and physical damage. The packaging should be sturdy and designed to withstand the rigors of handling and transportation.
Sealing: Ensure that packaging is properly sealed to prevent air, moisture, or pests from infiltrating and causing damage to the products. Seal integrity is crucial for preserving product quality.
Anti-Tampering Measures: Implement tamper-evident packaging and security seals to deter tampering or unauthorized access to products.
Cushioning: Use cushioning materials, such as foam, bubble wrap, or air pillows, to protect fragile or delicate items from shock and vibration during handling and transit.
Climate Control: Maintain control over temperature and humidity levels when necessary to prevent damage caused by extreme environmental conditions. This is particularly important for sensitive products like electronics or perishable goods.
Racking and Shelving: Properly organize and store products on racks or shelves to prevent crushing, stacking, or contact with other items that could cause damage.
Handling Procedures: Train employees and handlers on proper product handling procedures to minimize the risk of dropping, mishandling, or other forms of physical damage.
Labeling: Clearly label products with handling instructions, especially if they are fragile, hazardous, or have specific storage requirements.
Pest Control: Implement pest control measures to prevent infestations that could damage products, especially in storage facilities.
Fire Protection: Install fire protection systems, such as sprinklers or fire extinguishers, in storage areas to safeguard products from fire damage.
Environmental Protection: Consider environmental protection measures to guard against pollution or chemical exposure that could harm products.
Corrosion Prevention: Use corrosion-resistant coatings, materials, or packaging for products that are susceptible to rust or corrosion.
Documentation: Maintain records and documentation related to the protection of products, including inspection reports and incident records.
Regular Inspections: Conduct regular inspections to identify and address potential threats to product integrity, such as leaks, pests, or damaged packaging.
Emergency Response: Develop and communicate emergency response plans to address unexpected events like natural disasters or accidents that may endanger product protection.

Protection of products is vital to maintain their quality, safety, and value. Depending on the nature of the products and the specific risks they face, you may need to tailor your protection measures accordingly. Regular monitoring, training, and continuous improvement in protection strategies are essential elements of a robust preservation program.

Documented Information Required

Though there is no mandatory requirement of Documented Information, the documents and records typically required as an evidence of implementation of these clause are as follows.

Preservation Plan or Procedure (Document):
- An organization should have a documented preservation plan or procedure that outlines how product quality will be preserved during production, handling, storage, and transportation. This document should define the necessary preservation activities and responsibilities.
Product Specifications and Requirements (Document):
- Document the specifications, standards, and requirements for the products or services to be preserved. This may include drawings, specifications, customer requirements, and any relevant industry standards.
Packaging and Handling Instructions (Document):
- Include instructions on how products should be packaged, handled, and stored to prevent damage, contamination, or deterioration. These instructions may be part of the preservation plan or in separate documents.
Storage Conditions and Requirements (Document):
- Describe the specific storage conditions, such as temperature and humidity requirements, for products that need special care. Ensure that these conditions are documented and communicated to relevant personnel.
Labeling and Identification (Document):
- Define the labeling and identification requirements for products to ensure traceability and prevent mix-ups. This may include labeling conventions, product codes, or serialization.
Records of Preservation Activities (Records):
- Maintain records of preservation activities performed during production, handling, storage, and transportation. These records demonstrate that preservation requirements have been met. Examples of records may include:
  - Inspection and testing records
  - Records of temperature and humidity monitoring (if applicable)
  - Records of packaging and labeling activities
  - Records of handling and storage conditions
Nonconformity Records (Records):
- Keep records of any nonconformities or issues related to product preservation and their resolution. This includes records of corrective actions taken to address preservation-related problems.
Training Records (Records):
- Document the training and competency records of personnel responsible for preservation activities. This ensures that employees are adequately trained to perform preservation tasks effectively.
Audit Records (Records):
- Maintain records of internal audits or inspections related to product preservation. These records document compliance with the organization’s preservation processes and procedures.
Change Control Records (Records):
- If changes are made to preservation methods, materials, or processes, document these changes and the rationale behind them. This helps ensure that changes do not compromise product preservation.

It’s important to note that the specific documents and records required may vary depending on the nature of the organization, its products or services, and the applicable regulatory or customer requirements. ISO 9001:2015 emphasizes the need for organizations to establish and maintain documented information that is relevant to the effectiveness of their quality management system, and this includes preservation-related documents and records.

Example of Procedure for Preservation during Manufacturing and Servicing

Objective: To ensure the preservation of products and components during manufacturing and servicing processes to maintain their quality and functionality.

Scope: This procedure applies to all personnel involved in manufacturing and servicing activities within the organization.

Responsibilities:

Production and Service Personnel:
- Follow this preservation procedure rigorously.
- Report any issues or deviations from the procedure to their supervisor.
Supervisors and Managers:
- Monitor and ensure compliance with this procedure.
- Investigate and address any reported issues promptly.

Procedure:

1. Handling and Storage:

a. Incoming Materials: – Inspect incoming materials for damage during transit. – Store materials in designated areas with appropriate labeling. – Maintain a first-in, first-out (FIFO) system for materials when applicable.

b. Work-in-Progress (WIP): – Ensure proper storage and segregation of WIP. – Protect WIP from environmental factors (e.g., dust, humidity) using covers or enclosures. – Label WIP clearly with identification and status information.

c. Finished Goods: – Inspect and test finished products for quality and functionality. – Store finished goods in a controlled environment, following specific storage conditions, if required. – Label finished goods with relevant information (e.g., date of manufacture, batch/serial numbers).

2. Contamination Control:

a. Work Areas: – Keep manufacturing and servicing areas clean and well-organized. – Prevent cross-contamination between different products or components. – Implement dust control measures as needed.

b. Personnel: – Employees must wear appropriate protective clothing, including gloves and masks if necessary. – Regularly train and remind personnel about good hygiene and cleanliness practices.

3. Packaging:

a. Component Packaging: – Use appropriate packaging materials (e.g., anti-static bags, bubble wrap) to protect sensitive components. – Seal packages securely to prevent damage during storage and transportation.

b. Finished Product Packaging: – Select suitable packaging materials (e.g., boxes, foam inserts) that provide adequate protection. – Ensure proper cushioning and padding to absorb shocks during handling and transportation.

4. Records and Documentation:

a. Product Information: – Maintain accurate records of product specifications, including handling and storage requirements. – Document inspection and testing results for incoming materials and finished products.

b. Non-Conformance: – Record and investigate any deviations from this preservation procedure. – Implement corrective actions to prevent recurrence.

5. Environmental Controls:

a. Temperature and Humidity: – Monitor and control environmental conditions as necessary to prevent product degradation. – Use climate-controlled storage when required.

b. Protection from Hazards: – Implement measures to protect products from hazards like fire, water damage, or chemical exposure.

6. Servicing and Maintenance:

a. Scheduled Maintenance: – Establish a regular maintenance schedule for servicing equipment and tools. – Ensure that servicing does not introduce contamination or damage to products.

b. Proper Tools and Equipment: – Use appropriate tools and equipment for servicing to avoid unintended damage to products.

7. Transportation:

a. Packaging for Transit: – Ensure products are securely packaged before shipping. – Use reliable carriers and freight services with a good track record for handling delicate items.

b. Handling Instructions: – Label packages with handling instructions and care symbols if necessary. – Train transportation personnel on the proper handling of sensitive products.

8. Inspection and Testing:

a. Incoming Inspection: – Inspect incoming materials and components for damage during transit. – Conduct inspections for compliance with specifications.

b. Outgoing Inspection: – Inspect finished products before shipping to ensure they meet quality and functionality standards.

9. Documentation Retention:

a. Record Retention: – Maintain records related to preservation activities for a specified period, as required by applicable regulations.

10. Continuous Improvement:

a. Feedback and Review: – Collect feedback from personnel involved in preservation activities. – Review and revise this procedure periodically to incorporate improvements.

11. Training and Awareness:

a. Training Programs: – Conduct training sessions for employees to ensure awareness of this preservation procedure. – Provide training to update personnel on any changes to the procedure.

12. Reporting Non-Conformance:

a. Non-Conformance Reporting: – Report any non-conformance or deviations from this procedure to the designated authority for investigation and corrective action.

13. Management Review:

a. Periodic Review: – Senior management shall review the effectiveness of this procedure periodically.

14. Legal and Regulatory Compliance:

a. Compliance: – Ensure compliance with relevant laws and regulations related to product preservation.

15. Emergency Response:

a. Emergency Procedures: – Develop and implement procedures to protect products in the event of emergencies (e.g., fire, natural disasters).

16. Records Retention:

a. Record Keeping: – Maintain records related to preservation activities for a specified period, as required by applicable regulations.

17. Documentation:

a. Document Control: – Ensure that this procedure is controlled, and the latest revision is accessible to all relevant personnel.

18. Auditing:

a. Internal Audits: – Conduct internal audits to verify compliance with this preservation procedure.

19. Review and Improvement:

a. Continuous Improvement: – Continuously monitor and review the effectiveness of this procedure and make necessary improvements.

20. Communication:

a. Communication: – Communicate any changes or updates to this procedure to all relevant personnel.

21. Training and Competence:

a. Training Programs: – Ensure personnel are trained and competent in implementing this preservation procedure.

22. Review and Approval:

a. Procedure Review: – This procedure shall be reviewed and approved by [Designated Authority] on a periodic basis.

23. Revision History:

a. Document Revision: – Maintain a revision history to track changes made to this procedure.

ISO 9001:2015 Clause 8.5.2 Identification and traceability

ISO 9001:2015 Requirements

The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services.
The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.
The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability.

1) The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services.

This clause requires that organizations implement three controls to ensure that the products are uniquely identifiable and traceable to inputs. Your organization must have a process in place for the identification and traceability of outputs, in terms of the monitoring and measurement requirements at all stages of production, to enable the demonstration of conformity to requirements, e.g. physical part marking, labeling, tags, bar codes, signage, visual indicators, part segregation, lay down areas, storage racks.There are several ways of identifying products to prevent them becoming mixed with other parts, components, or orders. The most obvious is using tags or stickers with a unique traceability identifier, such as a lot or batch number included on the product labels. The identification may be engraved in the product itself, or the product may simply be marked by a colour. Establish and implement a procedure to identify the product through the design, development, manufacture and delivery stages. The established a traceability system should track components from raw material through inspection, test, and final release operations, including rework:

Establish the identity and status of products;
Maintain the identity and status of products;
Maintain records of serial or batch numbers.

An organization should make arrangements so that the process outputs are identified where this is necessary. This can simply be done by assigning project numbers wherever required. If you are refurbishing an aged care facility, the room numbers can be used to identify or trace all items attached to the room. For a bulk earthwork’s company, this can be work lot numbers that are marked on drawings/site maps or chain-age used to track construction for a construction company. In a software company, this can be assigning names to code repositories, components, infrastructure items, etc.

The requirement to use suitable means to identify outputs in order to ensure the conformity of products and services is a crucial aspect of quality management and product/service traceability. This means that the organization must establish clear and effective methods to mark, label, and identify its products and services throughout the production or service provision process. This helps in tracking and verifying that the final outputs meet the specified requirements and conform to quality standards. Here are some key actions and considerations:

Identification and Labeling: Implement a system for labeling, tagging, or marking products and services at various stages of production or service delivery. This includes raw materials, work-in-progress, and finished products.
Unique Identifiers: Assign unique identifiers, such as serial numbers, lot numbers, or batch numbers, to each product or service. These identifiers facilitate traceability and recall when needed.
Documentation: Maintain accurate documentation that links product or service identifiers to specific requirements, specifications, and quality control criteria.
Traceability Records: Create and maintain traceability records that capture information about the production or service provision process, including personnel involved, equipment used, dates and times, and any relevant measurements or tests.
Quality Control Points: Define critical quality control points within the production or service provision process where identification and verification are essential to ensuring conformity.
Inspection and Testing: Incorporate identification into inspection and testing procedures, ensuring that inspectors can easily associate products or services with their specifications.
Non-Conformance Reporting: Establish procedures for reporting and handling non-conforming products or services. The identification system should enable quick identification and quarantine of non-conforming items.
Packaging and Shipping: Implement identification and labeling on packaging to ensure that customers can readily identify the contents, including product details, batch/lot numbers, and expiry dates (if applicable).
Customer Documentation: Provide customers with appropriate documentation and labeling that helps them identify and use the products or services correctly.
Information Accessibility: Make sure that information related to identification and conformity is easily accessible to authorized personnel, including during audits and inspections.
Training and Awareness: Train employees involved in production or service provision on the importance of proper identification and its role in ensuring conformity and quality.
Audit and Verification: Periodically audit and verify the effectiveness of the identification system to ensure it meets its intended purpose and conforms to quality management system requirements.
Change Control: Establish a change control process to manage any changes to product or service identification methods, ensuring that changes do not compromise conformity.
Legal and Regulatory Requirements: Ensure that the identification system complies with any legal or regulatory requirements specific to your industry.
Continuous Improvement: Use data collected through the identification system to drive continuous improvement efforts, identify trends, and prevent recurrence of non-conformities.

By implementing suitable means for identification and traceability, an organization can enhance its ability to consistently deliver products and services that conform to customer requirements and quality standards. This contributes to improved customer satisfaction and product/service reliability.

2) The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.

Identifying the status of outputs with respect to monitoring and measurement requirements throughout production and service provision is essential to ensure that products and services meet specified quality standards and conform to customer requirements. This identification should also help an organization identify the status of process outputs regarding any monitoring and measurement requirements at all stages of production or service provision. For example, Inspection and test plans and checklists are prepared and completed throughout the works to show traceability of work and steps completed in accordance with standards, drawings and specifications.In a software company, using tools such as JIRA for tracking work and GitHub for traceability of code changes helps in monitoring the status of process outputs. This process helps organizations maintain control over their processes and take corrective actions when necessary. Here are the key steps to achieve this:

Define Monitoring and Measurement Requirements: Clearly define monitoring and measurement requirements for each product or service, including critical parameters, tolerances, and acceptance criteria. Document these requirements in quality plans, work instructions, or product/service specifications.
Incorporate Requirements into Work Instructions:Integrate monitoring and measurement requirements into work instructions and standard operating procedures (SOPs) for each relevant production or service provision process.
Inspection and Testing:Implement inspection and testing procedures at various stages of production or service provision to assess whether outputs meet the defined requirements. Use appropriate tools, equipment, and techniques for inspections and tests.
Identification and Labeling:Label or mark outputs to indicate their status with respect to monitoring and measurement requirements.Use visual indicators or labels to signify conformity or non-conformity.
Record Keeping:Maintain records of all monitoring and measurement activities, including results, measurements, and the identification of each output.Ensure records are accurate, complete, and accessible for review and analysis.
Conformity Verification: Regularly verify whether outputs conform to monitoring and measurement requirements. Compare measurements and test results to established acceptance criteria.
Non-Conformance Handling: Establish a clear procedure for handling non-conforming outputs when they are identified. Segregate and control non-conforming items to prevent their unintended use or delivery.
Reporting and Documentation: Report the status of outputs, including conformity and non-conformity, in documented records.Ensure that records provide clear traceability to the product or service involved and the monitoring and measurement requirements.
Corrective and Preventive Actions:Initiate corrective actions when non-conformities are identified to address the root causes and prevent recurrence.Consider implementing preventive actions to proactively address potential issues.
Communication: Communicate the status of outputs and any non-conformities to relevant personnel, including quality assurance teams and process owners. Promote transparency and information sharing within the organization.
Continuous Improvement: Analyze data collected from monitoring and measurement activities to identify trends, potential process improvements, and opportunities for enhancing product or service quality.
Audits and Reviews: Conduct internal audits and reviews to assess the effectiveness of the identification and monitoring of output status. Ensure compliance with established procedures and standards.
Training and Awareness: Train employees involved in monitoring and measurement activities to understand the importance of identifying and reporting output status accurately.
Regulatory Compliance: Ensure that the identification and monitoring of output status align with any industry-specific regulations or standards applicable to your organization.

By implementing these steps, an organization can effectively identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision. This proactive approach helps ensure product and service quality, customer satisfaction, and compliance with quality management standards.

3) The organization shall control the unique identification of the outputs when traceability is a requirement

Where traceability is a requirement, you should expect to see that your organization is controlling and recording the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilised.n some cases, unique product identification is a contractual requirement from the customers or regulatory bodies. In such circumstances, the organization must maintain detailed records of the manufacturer of material, tools, equipment, inspection and test results for each product or product batches. This is particularly true in certain high-risk industries like aerospace or pharmaceutical, etc. This is due to the high safety and life-threatening risks of the products made by these companies.Organizations must establish controls to ensure the unique identification of outputs throughout the production and service provision process. Traceability is crucial for various reasons, including quality control, product recalls, and addressing customer concerns. Here’s how an organization can control the unique identification of outputs when traceability is necessary:

Define Traceability Requirements: Clearly define traceability requirements based on customer specifications, industry standards, and regulatory mandates. Specify the information that needs to be traced, such as product or service identifiers, batch/lot numbers, serial numbers, or other unique identifiers.
Unique Identifiers: Assign unique identifiers to each output or batch of outputs. These identifiers should be traceable to specific production or service provision activities.
Record Keeping: Maintain accurate and detailed records that link unique identifiers to relevant information, including production dates, materials used, personnel involved, and quality control data.
Labeling and Marking:Label or mark each output with its unique identifier. Use standardized and clear labeling methods to ensure that the information is easily accessible and legible.
Documentation and Work Instructions: Document traceability procedures in your organization’s quality management system. Include traceability requirements in work instructions, standard operating procedures (SOPs), and quality plans for each relevant process.
Verification and Validation: Implement verification and validation processes to ensure that unique identifiers are correctly assigned and recorded at each stage of production or service provision.
Inspection and Testing: Integrate traceability checks into your inspection and testing processes to confirm that outputs meet traceability requirements.
Change Control: Establish a change control process that addresses any changes to unique identifiers or traceability requirements. Ensure that changes are documented, communicated, and approved.
Non-Conformance Handling: Develop procedures for handling non-conforming outputs, including those that do not meet traceability requirements. Segregate and control non-conforming items to prevent their unintended use or delivery.
Reporting and Documentation: Maintain records that demonstrate traceability, including information on inputs, processes, and outputs. These records should provide a clear audit trail.
Auditing and Verification: Conduct internal audits and verification to assess the effectiveness of your traceability system. Ensure that traceability requirements are consistently met.
Communication: Ensure that relevant personnel are aware of traceability requirements and understand their roles in maintaining traceable records.
Training: Provide training to employees involved in processes that require traceability to ensure they understand the importance of accurate identification and recording.
Regulatory Compliance: Ensure that your traceability practices comply with any industry-specific regulations or standards that apply to your organization.
Continuous Improvement: Continuously review and improve your traceability system by analyzing data, identifying areas for enhancement, and implementing corrective and preventive actions.

Controlling the unique identification of outputs when traceability is required is critical for ensuring that products or services can be tracked and verified throughout their life-cycle. This not only supports quality management but also aids in addressing issues, conducting recalls, and meeting customer and regulatory requirements.

4) The organization must retain shall retain the documented information necessary to enable traceability.

Retaining documented information necessary to enable traceability is a critical aspect of quality management, particularly when traceability requirements exist due to regulatory compliance, customer expectations, or internal quality control standards. Here’s how an organization can effectively retain the required documented information for traceability purposes:

Define Traceability Requirements: Clearly define the traceability requirements for your products or services. Identify the specific information that needs to be documented and retained, such as unique identifiers, batch/lot numbers, serial numbers, and associated data.
Document Control Procedure: Establish a documented procedure for the control and retention of relevant records and documents. This procedure should outline the steps for record creation, maintenance, access, and disposal.
Record Types and Formats: Determine the types of records and formats required to support traceability. Common examples include production logs, inspection reports, test results, certificates of conformity, and shipping records.
Data Entry and Recording: Ensure that data entry and recording processes are standardized, accurate, and consistent across relevant production or service provision activities. Train employees on the importance of complete and accurate record-keeping.
Unique Identifiers: Assign unique identifiers, such as serial numbers or lot numbers, to each output or batch. Document these identifiers in your records.
Labeling and Marking: Implement clear and standardized labeling and marking practices to associate unique identifiers with physical outputs. Labels should include key information for traceability.
Retention Periods: Determine the appropriate retention periods for different types of records based on regulatory requirements, industry standards, and internal policies. Ensure that records are retained for at least the minimum required duration.
Storage and Accessibility: Store retained records in a secure and organized manner to prevent damage, loss, or unauthorized access. Ensure that records are easily retrievable when needed for audits, inspections, or traceability purposes.
Backup and Redundancy: Establish backup and redundancy measures for electronic records to safeguard against data loss due to technical failures or disasters.
Auditing and Monitoring: Periodically audit and monitor the record retention process to verify compliance with procedures and to address any discrepancies or issues promptly.
Record Destruction: Develop a process for the secure and documented destruction of records that have reached the end of their retention period. Ensure that records are destroyed in a manner that maintains confidentiality and prevents unauthorized access.
Documentation of Retention: Document the retention of each record, including the unique identifier associated with the record, the date of retention, and the responsible personnel.
Continuous Improvement: Continuously evaluate and improve the record retention process based on feedback, changes in regulations, or evolving industry best practices.
Regulatory Compliance: Ensure that your record retention practices align with relevant regulatory requirements specific to your industry.

Here are the key documents and records required for Clause 8.5.2:

Documents:

Procedure for Identification and Traceability: Organizations should have a documented procedure that outlines the process for identifying and tracing products and services. This procedure should define how unique identifiers are assigned, how records are maintained, and how traceability is ensured.
Work Instructions: Work instructions are essential documents that detail specific processes and steps for identifying and tracing products and services. They should provide guidance on labeling, marking, recording, and verification procedures.
Product/Service Specifications: These documents specify the requirements and criteria that products and services must meet. They often include information about unique identifiers, batch/lot numbers, serial numbers, and other traceability-related requirements.
Record Retention Policy: A policy outlining how long records related to identification and traceability will be retained, who is responsible for their retention, and how they will be stored and disposed of.

Records:

Traceability Records: These records should include information that allows products or services to be traced back to their source, including unique identifiers (e.g., serial numbers, lot numbers), production or service provision dates, materials used, and personnel involved.
Unique Identifier Records: Records that document the assignment of unique identifiers to products or services. This may include logs or databases of assigned numbers or codes.
Inspection and Test Records: Records of inspections and tests conducted to verify that products or services meet specified requirements. These records should include results and, when applicable, identification of the inspected or tested items.
Non-Conformance Records: Records of non-conformities identified during the identification and traceability processes, including actions taken to address and correct them.
Change Control Records: Records of any changes to unique identifiers, labeling, marking, or traceability processes, along with the rationale for those changes.
Retention Records: Records indicating the retention periods for various identification and traceability-related records, including when records can be destroyed.
Audit and Review Records: Records of internal audits and management reviews related to the identification and traceability process, including findings and corrective actions.
Customer Communication Records: Records of communications with customers related to identification and traceability, including requests for traceability information and responses provided.
Training Records: Records of training provided to employees involved in the identification and traceability processes, demonstrating their competence in carrying out these activities.
Supplier Records: Records related to supplier identification and traceability, particularly if suppliers play a role in providing unique identifiers or traceability information for materials or components.

Example for Procedure for Identification and Traceability

Objective: This procedure outlines the process for uniquely identifying products or services and ensuring their traceability throughout production and service provision, as required by ISO 9001:2015 Clause 8.5.2.

Scope: This procedure applies to all products and services provided by [Organization Name].

Responsibilities:

The [Quality Manager/Designated Personnel] is responsible for overseeing and ensuring compliance with this procedure.
All employees involved in product or service identification and traceability must adhere to this procedure.

Procedure:

1. Unique Identification:

Assign a unique identifier to each product or service as appropriate. Common identifiers include serial numbers, batch/lot numbers, or project codes.
Document these identifiers in the [Unique Identifier Log or Database].

2. Documentation:

Maintain clear documentation specifying the unique identifier, product or service specifications, and any relevant customer requirements.
Ensure that product or service specifications detail the specific traceability requirements.

3. Work Instructions:

Develop and maintain work instructions that provide guidance on the application of unique identifiers and the traceability process for different product or service types.
Ensure that work instructions are readily accessible to relevant personnel.

4. Labeling and Marking:

Label or mark products or services with their assigned unique identifier according to the documented specifications.
Use standardized labeling and marking methods to ensure clarity and legibility.

5. Record Keeping:

Maintain accurate records that capture the unique identifier, production or service provision dates, materials used, and personnel involved.
Ensure that records are easily retrievable and securely stored.

6. Inspection and Testing:

Implement inspection and testing procedures that include verification of unique identifiers and traceability information.
Record the results of inspections and tests, including the identification of items inspected or tested.

7. Non-Conformance Handling:

Develop procedures for handling non-conforming items, including those that do not meet identification or traceability requirements.
Segregate and control non-conforming items to prevent unintended use or delivery.

8. Change Control:

Establish a change control process for any changes to unique identifiers, labeling, marking, or traceability procedures. Document the rationale for changes.

9. Record Retention:

Adhere to the organization’s record retention policy for identification and traceability records. Retain records for at least [Specify Retention Period] or as required by regulatory standards.

10. Auditing and Verification: – Conduct periodic internal audits and verifications to assess compliance with this procedure and identify opportunities for improvement.

11. Continuous Improvement: – Analyze data collected through traceability records to identify trends, potential process improvements, and opportunities to enhance product or service quality.

12. Regulatory Compliance: – Ensure that the organization’s identification and traceability practices align with any industry-specific regulations or standards applicable to your products or services.

13. Training and Awareness: – Provide training to employees involved in identification and traceability processes to ensure they understand the importance of accurate identification and recording.

14. Reporting: – Report any critical issues, deviations, or non-conformities to management and initiate corrective actions as necessary.

15. Document Retention: – Retain this procedure and associated records as per the organization’s document control and record retention policy.

16. Review and Revision: – Periodically review and update this procedure to ensure its continued effectiveness and relevance.

17. Approval and Revision History: – Maintain records of procedure approvals and revisions.

ISO 9001:2015 Clause 8.5.1 Control of production and service provision

The organization shall implement production and service provision under controlled conditions.
Controlled conditions shall include, as applicable:

the availability of documented information that defines:
- the characteristics of the products to be produced, the services to be provided, or the activities to be performed;
- the results to be achieved;
the availability and use of suitable monitoring and measuring resources;
the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met;
the use of suitable infrastructure and environment for the operation of processes;
the appointment of competent persons, including any required qualification;
the validation, and periodic re-validation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement;
the implementation of actions to prevent human error;
the implementation of release, delivery and post-delivery activities.

1) The organization shall implement production and service provision under controlled conditions.

This clause requires an organization to design controlled conditions under which the production and service provision should take place. Businesses should develop, conduct, control and monitor production processes to ensure parts manufactured conform to specifications. This includes documented instructions that define the production activities, approval of processes and equipment and any changes to those processes and equipment, monitoring and control of process parameters, and component characteristics during production. Making use of documented procedures, work instructions, specifications, drawings, reference materials, suitable equipment and specific monitoring and measurement devices; where the absence of such could affect quality, your organization should employ process controls, which are consistent and appropriate for the operations being conducted. Your organization should ensure adequate equipment is available and adequate for the manufacture of products to meet specifications. This includes ensuring equipment is maintained periodically, documenting activities performed and by whom and when the activites are performed. To ensure that processes are consistently controlled, an organization can follow these key steps:

Define and Document Processes: Identify and define all the processes involved in production and service provision. This includes subprocesses and related activities. Document these processes, including procedures, work instructions, and process maps, detailing the steps to be followed and the desired outcomes.
Establish Clear Quality Objectives and Requirements: Clearly define quality objectives for each process, including product or service specifications, customer requirements, and any regulatory or legal requirements. Communicate these objectives and requirements to all relevant personnel.
Implement Process Controls: Develop and implement controls and checkpoints at critical points in the processes to ensure that they are carried out as planned. Specify the methods, criteria, and standards to be used for monitoring and measuring process performance and product/service quality.
Employee Training and Competence: Ensure that employees involved in production and service provision are adequately trained and possess the necessary skills and competence to perform their tasks effectively. Regularly assess and verify employee competence and provide additional training as needed.
Equipment and Resource Management: Maintain equipment and resources (tools, machinery, software, etc.) in good working order to prevent unexpected failures or deviations from controlled conditions. Implement a schedule for equipment maintenance, calibration, and verification.
Change Management: Establish a formal change control process to manage and document any changes to processes, materials, equipment, or personnel. Ensure that changes are assessed for potential impacts on controlled conditions and are implemented with proper authorization and oversight.
Monitoring and Measurement: Continuously monitor and measure key process parameters and product/service characteristics to ensure they are within acceptable limits. Document and record the results of monitoring and measurement activities.
Document Control: Establish a document control system to manage and maintain up-to-date process documentation, including procedures, work instructions, and records. Ensure that all relevant personnel have access to the latest versions of documents.
Corrective and Preventive Actions: Implement processes for addressing non-conformities and deviations from controlled conditions promptly. Take corrective actions to eliminate the root causes of issues and prevent their recurrence.
Management Review: Regularly review the effectiveness of controlled conditions during management review meetings. Use these reviews to identify opportunities for improvement and make necessary adjustments to processes.
Risk Management: Identify and assess risks associated with production and service provision and implement risk mitigation strategies. Regularly review and update risk assessments as needed.
Internal Auditing: Conduct regular internal audits to verify that controlled conditions are being followed and are effective. Use audit findings to drive improvements in the QMS.
Customer Feedback and Satisfaction: Collect and analyze customer feedback to identify areas for improvement in controlled conditions. Use customer satisfaction data to measure the effectiveness of controlled conditions.

By systematically following these steps and continually monitoring and improving the processes, an organization can ensure that its production and service provision is carried out under controlled conditions as required by ISO 9001:2015. This approach helps maintain product/service quality, customer satisfaction, and overall organizational performance.

2) The availability of documented information that defines the characteristics of the products to be produced, the services to be provided, or the activities
to be performed;

It emphasizes the importance of having documented information that defines the characteristics of the products, services, or activities to be performed. This documentation is essential for maintaining consistency, meeting customer requirements, and ensuring effective quality management. Here’s how an organization can ensure the availability of this documented information:

Product, Service, or Activity Specifications: Clearly define and document the specifications, characteristics, and requirements for each product, service, or activity that the organization provides. This documentation should include details such as design specifications, technical specifications, performance criteria, dimensions, materials, and any other relevant information.
Quality Plans and Procedures: Develop quality plans and procedures that outline the steps and processes required to meet the defined characteristics and requirements. These documents should provide clear instructions for employees on how to perform their tasks in accordance with the specified standards.
Product or Service Descriptions: Create descriptions or data sheets for each product or service, which can serve as reference documents for employees and customers. These descriptions should include information on the intended use, features, benefits, and any special considerations.
Work Instructions: Develop detailed work instructions that provide step-by-step guidance for carrying out specific tasks or processes.These instructions should cover critical processes that have a direct impact on product or service quality.
Regulatory and Legal Requirements: Ensure that the documented information also includes references to relevant regulatory and legal requirements that apply to the organization’s products, services, or activities. Stay up-to-date with changes in regulations and update the documented information accordingly.
Change Control Process: Implement a change control process to manage updates and revisions to the documented information. Ensure that changes are properly reviewed, approved, and communicated to relevant personnel.
Documented Information Storage: Store all documented information in a controlled and accessible manner, such as in a document management system or a centralized repository. Ensure that authorized personnel can easily access and retrieve the required documents when needed.
Training and Awareness: Train employees on the importance of using and referencing the documented information in their daily work. Foster awareness of the significance of adhering to defined characteristics and requirements.
Review and Validation: Periodically review and validate the documented information to ensure that it remains accurate, up-to-date, and aligned with customer expectations and organizational goals.
Auditing and Compliance: Conduct internal audits to verify that employees are following the documented information and that products, services, or activities conform to the specified characteristics. Ensure that non-conformities are addressed through corrective actions.
Customer Communication: Share relevant portions of the documented information with customers as needed to clarify product or service specifications and to manage their expectations.

By following these steps, an organization can ensure that the documented information defining the characteristics of its products, services, or activities is readily available, up-to-date, and effectively used throughout the organization, thereby promoting quality, consistency, and customer satisfaction. Documented information related to the activities that need to be undertaken to produce the product or deliver the service should be available. This documented information should specify the results that are to be achieved. These details may typically be available in your project programs or plans. These plans or programs should be made so that they should indicate how different units interact with each other. All activities that need to be performed starting from customer delivery requirements, raw material purchase, resources required, production, storage, packaging, delivery with clearly outlined plans outlining who, what, when and how a product is made or service is delivered. The plans can also define the sequence in which material or equipment is required, measurement and monitoring tools that would be used, verification that need to be carried out, stages at which verification is done, and how problems, if any arise, would be handled, etc. For a builder, an example of documented information can be Project programmes which are updated on a two-weekly basis to show progress with the project tasks. For service delivery, if you are selling software as a service, this can be preparing a roadmap for the product and managing the backlog of tasks, or setting up epics and stories within a tool like JIRA. The level of detail that would go into such documents is decided by the organization and can be just a brief description, a process flowchart, or a detailed project plan, etc. These should be readily available to the personnel responsible for carrying out these activities. The amount of documentation required should be decided based on the complexity, size and risk involved in the work being performed. However, if a job required a particular document, for example, work instructions, these should be available and relevant.

3) The organization must ensure availability of documented information that defines the results to be achieved

Ensuring the availability of documented information that defines the results to be achieved is an essential aspect of effective quality management, as required by ISO 9001:2015. This documentation helps organizations clarify their objectives, monitor progress, and demonstrate compliance with quality standards. Here’s how an organization can ensure the availability of such documented information:

Define Clear Objectives and Goals:Start by defining clear and specific objectives and goals for the organization, departments, projects, or processes. These objectives should be measurable, achievable, relevant, and time-bound (SMART).
Documented Quality Policy and Objectives: Document the organization’s quality policy, which should include a commitment to meeting customer requirements, complying with relevant standards, and continually improving. Document specific quality objectives that support the organization’s quality policy.
Performance Indicators and Metrics: Identify and document key performance indicators (KPIs) and metrics that are relevant to your objectives. Define how these KPIs will be measured, monitored, and reported.
Targets and Thresholds: Set specific targets and thresholds for each KPI to clearly define what constitutes successful achievement. These targets should align with your objectives and be realistic and achievable.
Strategic Plans and Action Plans: Document strategic plans that outline the long-term strategies and initiatives needed to achieve your objectives. Develop action plans that detail the specific steps, responsibilities, and timelines for reaching your goals.
Communication and Awareness: Ensure that the documented information related to objectives, goals, KPIs, and targets is communicated to all relevant employees. Foster awareness of the importance of achieving these results and how individual roles contribute to the organization’s success.
Monitoring and Measurement: Establish processes for monitoring and measuring performance against the defined objectives and KPIs. Regularly collect and analyze data to assess progress.
Performance Reviews: Conduct regular performance reviews and management reviews to assess the organization’s progress in achieving its objectives. Use these reviews to identify areas for improvement and make necessary adjustments.
Documented Information Storage: Store all documented information related to objectives, goals, KPIs, and performance in a controlled and accessible manner. Ensure that authorized personnel can easily access and retrieve this information when needed.
Auditing and Compliance: Conduct internal audits to verify that the organization is following its documented information related to objectives and performance. Address any non-conformities through corrective actions.
Reporting: Develop reporting mechanisms to communicate performance results to relevant stakeholders, including management, employees, and, if applicable, customers and regulators.
Continuous Improvement: Use the results of performance monitoring and reviews to drive continuous improvement efforts. Continually assess and update objectives, targets, and actions as needed.

By following these steps, an organization can ensure the availability of documented information that defines the results to be achieved, allowing for effective management of objectives, performance, and continual improvement. This aligns with the requirements of ISO 9001:2015 and contributes to the organization’s overall success and customer satisfaction.

4) The availability and use of suitable monitoring and measuring resources

Ensuring the availability and use of suitable monitoring and measuring resources during production and servicing is crucial for maintaining product and service quality, as well as for meeting the requirements of ISO 9001:2015. Properly calibrated and maintained monitoring and measuring devices help organizations achieve accurate and reliable results. Here are steps to ensure their availability and use:

Identify Monitoring and Measuring Devices: Identify all monitoring and measuring devices used within your production and service provision processes. This includes instruments, equipment, tools, software, and any other devices used for measurement and monitoring.
Calibration and Verification: Establish a calibration program to ensure that all devices are regularly calibrated and verified to maintain accuracy and reliability. Maintain records of calibration activities, including dates, results, and any adjustments made.
Selection of Suitable Devices: Ensure that the selected monitoring and measuring devices are suitable for the specific tasks and measurements required in your processes. Consider factors such as measurement range, precision, and traceability to standards.
Validation of Software Tools: If software tools are used for measurements or data analysis, validate their accuracy and suitability for the intended purpose. Keep records of software validation activities.
Proper Storage and Handling: Store monitoring and measuring devices in controlled environments to prevent damage or degradation. Handle devices with care to avoid physical damage or contamination.
Maintenance and Repairs: Establish procedures for routine maintenance and repairs of monitoring and measuring devices. Keep records of maintenance and repair activities, including any replacement parts used.
Training and Competence: Ensure that personnel responsible for using monitoring and measuring devices are trained and competent in their proper use. Provide training on device handling, maintenance, and calibration procedures.
Records and Documentation: Maintain records of device calibrations, verification, maintenance, and usage. Ensure that these records are easily accessible and well-organized.
Monitoring and Measurement Procedures: Develop documented procedures that specify how monitoring and measurements will be conducted using the devices. Ensure that these procedures are followed consistently.
Risk Assessment: Identify and assess risks associated with the use of monitoring and measuring devices, including the risk of incorrect measurements. Implement controls to mitigate these risks.
Traceability and Documentation of Measurement Results: Ensure that measurement results are documented accurately, including units of measurement, date and time, and any relevant conditions. Maintain traceability of measurements to national or international standards, where applicable.
Auditing and Review: Conduct internal audits to verify that monitoring and measuring devices are used and maintained as per established procedures. Include device-related activities in management reviews to assess their effectiveness.
Continuous Improvement: Use data from monitoring and measuring devices to drive continuous improvement efforts in your processes. Address any issues or non-conformities identified during measurement and monitoring.

By following these steps and maintaining a robust system for the availability and use of suitable monitoring and measuring devices, organizations can ensure the accuracy and reliability of their measurements, thereby contributing to product and service quality and compliance with ISO 9001:2015 requirements.

5) Implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met;

Ensuring the implementation of monitoring and measurement activities at appropriate stages is critical for verifying that criteria for the control of processes, outputs, and acceptance criteria for products and services have been met, as required by ISO 9001:2015. Here are the key steps to achieve this:

Define Criteria and Acceptance Criteria:Clearly define the criteria for controlling processes, outputs, and acceptance criteria for products and services. Ensure that these criteria are based on customer requirements, regulatory standards, and your organization’s quality objectives.
Identify Appropriate Stages: Determine at which stages of the processes or product/service lifecycle monitoring and measurement activities should be implemented. Consider critical points, key process steps, and potential points of failure or variability.
Select Monitoring and Measurement Methods: Choose appropriate monitoring and measurement methods and tools that are capable of verifying the defined criteria. Ensure that these methods are suitable for the specific processes, outputs, and products or services.
Develop Monitoring and Measurement Plans: Create documented monitoring and measurement plans that outline when, where, and how monitoring and measurement activities will be conducted. Specify responsibilities, frequency, and sampling procedures.
Training and Competence: Ensure that personnel responsible for conducting monitoring and measurement activities are trained and competent in the use of measurement tools and techniques. Provide ongoing training and skill development as needed.
Implementation of Monitoring and Measurement: Execute monitoring and measurement activities as per the documented plans and procedures. Record the results of these activities, including measurements, observations, and any deviations from criteria.
Data Analysis: Analyze the data collected during monitoring and measurement to determine whether the defined criteria and acceptance criteria have been met. Use statistical methods and data analysis techniques where applicable.
Non-Conformance Management: Establish procedures for addressing non-conformities or deviations from criteria that are identified during monitoring and measurement. Implement corrective actions to resolve issues and prevent recurrence.
Documentation and Records: Maintain documentation and records of monitoring and measurement activities, including the results, actions taken, and any changes to criteria or acceptance criteria. Ensure that records are easily accessible and retained for the required duration.
Review and Verification: Periodically review the results of monitoring and measurement activities to assess process and product/service performance. Verify that criteria are consistently met and that corrective actions are effective.
Continuous Improvement: Use the data from monitoring and measurement activities to drive continuous improvement efforts in processes and products/services. Identify opportunities for optimization and efficiency.
Communication: Communicate the results of monitoring and measurement activities to relevant stakeholders, including management, employees, and customers when applicable.
Management Review: Include monitoring and measurement data and related activities in management review meetings to evaluate the effectiveness of the quality management system.

By following these steps, an organization can ensure that monitoring and measurement activities are implemented at appropriate stages to verify that criteria for controlling processes and products/services have been met. This approach helps maintain product and service quality, meet customer requirements, and ensure compliance with ISO 9001:2015 requirements.

6) Monitoring and Measurement Activities.

Monitoring and measurement activities to ensure that criteria for the control of processes or outputs and acceptance criteria for products and services have been met can vary depending on the specific processes, products, or services involved. However, here are some common monitoring and measurement activities that organizations typically implement to verify compliance with these criteria:

Inspection and Testing: Regularly inspect and test products or components to check whether they meet predefined acceptance criteria. Use standardized testing methods and equipment to ensure consistency and accuracy.
Process Control and Monitoring: Implement process controls and monitoring to ensure that critical process parameters are within specified limits. Use statistical process control (SPC) techniques to monitor process stability and capability.
Sampling and Sampling Plans: Develop sampling plans to systematically select and evaluate a representative sample of products or components. Determine the sample size and sampling frequency based on statistical principles and acceptable risk levels.
Calibration and Measurement of Equipment: Regularly calibrate measurement equipment and devices to ensure accuracy. Use calibrated equipment to measure and verify product or process characteristics.
Documented Procedures and Work Instructions: Establish documented procedures and work instructions that detail how specific processes should be performed and controlled. Ensure that employees follow these procedures during production or service provision.
Audit and Inspection of Processes: Conduct internal audits and inspections of processes to assess compliance with documented procedures and criteria. Identify non-conformities and areas for improvement.
Supplier and External Provider Evaluation: Monitor and evaluate the performance of suppliers and external providers to ensure that they meet specified criteria and requirements. Conduct supplier audits and assessments as necessary.
Customer Feedback and Complaints: Collect and analyze customer feedback and complaints to identify instances where products or services did not meet acceptance criteria. Implement corrective actions to address customer concerns.
Key Performance Indicators (KPIs): Define and track KPIs related to process and product/service performance. Set targets and thresholds for KPIs to monitor and measure against criteria.
Data Analysis and Reporting: Analyze data collected from monitoring and measurement activities to assess process and product/service performance. Generate reports and dashboards to communicate results and trends.
Review of Non-Conformities: Investigate and review non-conformities or deviations from criteria. Implement corrective and preventive actions to address root causes and prevent recurrence.
Control Charts and Trend Analysis: Use control charts and trend analysis to identify variations in processes or product/service characteristics. Take corrective actions when trends indicate a shift away from acceptable criteria.
Product or Service Reviews: Conduct periodic product or service reviews to evaluate whether they meet predefined acceptance criteria. Involve cross-functional teams to ensure a comprehensive assessment.
Change Control and Validation: Implement change control processes to assess and validate any changes to processes, materials, or equipment to ensure they do not negatively impact acceptance criteria.
Customer Acceptance and Sign-Off: Obtain formal acceptance or sign-off from customers or authorized representatives to confirm that products or services meet their specified criteria.
Verification and Validation Activities: Perform verification and validation activities as required by product or service design and development processes to confirm that acceptance criteria are met.

These monitoring and measurement activities are essential for ensuring that the criteria for controlling processes or outputs and acceptance criteria for products and services are consistently met. Organizations should tailor these activities to their specific needs and document them as part of their quality management system in compliance with ISO 9001:2015 or other relevant quality standards.

7) The use of suitable infrastructure and environment for the operation of processes

Ensuring the use of suitable infrastructure and environment for the operation of processes is essential to maintain product and service quality, meet customer requirements, and comply with relevant standards, including ISO 9001:2015. Here are key steps an organization can take to fulfill this requirement:

Identify the specific infrastructure and environmental requirements for each process within your organization. These requirements may include facilities, equipment, utilities, and the physical environment.
Ensure that the physical facilities and workspace are designed, constructed, and maintained to support the intended processes.Address issues such as layout, space availability, cleanliness, and organization to facilitate efficient and effective operations.
Ensure a reliable and continuous supply of utilities and services necessary for process operation, such as electricity, water, HVAC (heating, ventilation, and air conditioning), and internet connectivity.Regularly maintain and monitor these utilities to prevent disruptions.
Procure, maintain, and calibrate equipment, machinery, and tools as required for each process.Develop maintenance schedules and conduct regular inspections to ensure proper functioning.
Provide a safe and healthy work environment for employees and visitors by addressing safety hazards and complying with occupational health and safety regulations.Conduct risk assessments to identify and mitigate potential workplace hazards.
Control and maintain temperature and humidity levels when necessary, especially in environments where these factors can affect product or service quality (e.g., clean-rooms, laboratories).
Implement measures to control and prevent contamination in critical areas, such as food production facilities or clean rooms. Ensure that personnel are trained in contamination control procedures.
Implement security measures to protect both physical assets and data integrity, including access control, surveillance, and data security protocols.
Consider environmental sustainability in your infrastructure and operations by implementing practices that reduce environmental impact, such as energy-efficient lighting, waste reduction, and recycling programs.
Develop and maintain emergency response plans to address situations like natural disasters, fires, and power outages.Conduct drills and training to ensure employees are familiar with emergency procedures.
Document and maintain records related to infrastructure and environmental conditions, including maintenance logs, inspection reports, and compliance records.
Periodically review and audit the suitability and effectiveness of your infrastructure and environmental conditions.Use findings to drive improvements and address any deficiencies.
Ensure that your infrastructure and environmental conditions comply with applicable laws, regulations, and industry standards relevant to your business.
Assess and monitor suppliers and contractors involved in providing and maintaining infrastructure or environmental services to ensure they meet your requirements.

By following these steps, an organization can ensure that it uses suitable infrastructure and maintains an appropriate environment for the operation of its processes. This not only helps meet quality and compliance requirements but also enhances employee safety, productivity, and overall operational efficiency.

8) The appointment of competent persons, including any required qualification

Ensuring that competent individuals with the required qualifications are involved in production or service provision is crucial for maintaining quality and meeting customer requirements. Here are steps an organization can take to ensure it has the right people in place:

Define Job Roles and Responsibilities: Clearly define the roles and responsibilities for each position involved in production or service provision. Specify the qualifications, skills, and competencies required for each role.
Recruitment and Selection: Implement a structured recruitment and selection process to identify and hire individuals who meet the specified qualifications and competencies. Conduct interviews, assessments, and reference checks to evaluate candidates.
Training and Development: Provide training and development programs to enhance the skills and competencies of employees. Tailor training programs to address specific job requirements and ongoing learning needs.
Competency Assessment: Regularly assess the competency of individuals in their respective roles to ensure they meet the required qualifications and performance standards. Use performance appraisals, skills assessments, and feedback mechanisms for evaluation.
Certifications and Licensing: Ensure that individuals who require certifications or licenses to perform their duties obtain and maintain them. Keep records of certifications and licenses to verify compliance.
Skills Verification:Implement processes to verify and document the skills and qualifications of employees and contractors before assigning them to specific tasks.Verify qualifications through credential checks, certifications, or testing where applicable.
Cross-Training and Succession Planning: Develop cross-training programs to ensure that multiple employees can perform critical tasks. Establish succession plans to address the potential departure or absence of key personnel.
Competency Records: Maintain records of employee qualifications, certifications, training, and competency assessments. Ensure that these records are readily accessible for verification.
Continual Improvement: Periodically review and assess the competency requirements for each role to ensure they remain up-to-date and aligned with changing needs. Make adjustments to training and qualification requirements as necessary.
Employee Engagement and Recognition: Foster a positive work environment to engage and retain competent employees. Recognize and reward employees for their contributions and achievements.
Performance Monitoring: Regularly monitor and assess employee performance to ensure that individuals are meeting the competency requirements and contributing to quality and customer satisfaction.
Communication and Feedback: Establish open channels of communication for employees to report concerns or provide feedback related to competency and qualifications. Use feedback to identify areas for improvement.
External Audits and Certification: If applicable, ensure that external audits and certifications (e.g., ISO certifications) include a focus on employee competence and qualification requirements.
Customer and Regulatory Requirements: Review and comply with customer and regulatory requirements related to employee qualifications and competency, especially in industries with strict standards.

By following these steps, an organization can effectively ensure that competent individuals with the required qualifications are involved in production or service provision. This approach not only helps meet quality standards but also promotes a culture of competence and continual improvement within the organization.

9) The validation, and periodic re-validation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement

Results of the processes should be validated wherever possible. If the product cannot be verified without damaging or destroying the product, this clause recommends that the process is initially validated and evaluated periodically. Some examples may be welding, painting, electroplating or a simple pizza delivery service where the quality of these activities may only be learned after use.However, most organizations would have some intermediate verification steps to validate the products. Validation of such services can involve conducting capability studies and inspection or testing methods to ensure the product or service meets the customer’s requirements.Here’s a step-by-step guide on how an organization can conduct validation and re-validation:

Define Validation and Re-validation Scope: Clearly define the scope of validation and re-validation activities. Determine which manufacturing processes, equipment, and systems require validation based on their criticality and impact on product quality.
Develop Validation and Re-validation Plans: Create comprehensive validation and re-validation plans that outline the objectives, approach, schedule, resources, responsibilities, and acceptance criteria for each activity.Ensure that these plans align with relevant industry standards, regulations, and internal quality management system requirements.
Identify Critical Parameters and Variables: Identify critical process parameters, variables, and attributes that significantly influence product quality. Determine the measurement and control points within the process.
Collect Relevant Data: Gather data and information needed to support the validation and re-validation processes. This may include process data, product specifications, design documentation, and risk assessments.
Installation Qualification (IQ): Conduct an Installation Qualification to verify that equipment and systems are correctly installed, calibrated, and configured according to specifications. Document and maintain records of the installation process.
Operational Qualification (OQ): Perform an Operational Qualification to ensure that equipment and systems operate within specified operational limits under normal conditions. Conduct tests, inspections, and performance measurements as defined in the validation plan.
Performance Qualification (PQ): Conduct a Performance Qualification to demonstrate that the manufacturing process consistently produces products that meet acceptance criteria. Use statistical methods and sampling plans to analyze process variability and capability.
Software Validation (If Applicable): Validate any software systems used in manufacturing processes, ensuring that they function correctly and meet specified requirements. Perform both functional and non-functional testing, and document the results.
Cleaning Validation (If Applicable): In industries with strict cleanliness requirements (e.g., pharmaceuticals or food processing), perform cleaning validation to verify that equipment and surfaces are effectively cleaned and do not pose contamination risks.
Re-validation and Periodic Re-assessment: – Schedule periodic re-validation activities to ensure that validated processes, equipment, and systems continue to perform as expected. – Re-assess validation status based on changes in process parameters, equipment, or other relevant factors.
Document Validation Protocols and Reports: – Document validation protocols that outline the specific tests, measurements, procedures, and acceptance criteria for each validation activity. – Prepare validation reports summarizing the activities, results, conclusions, and any actions taken as a result of the validation process.
Regulatory Compliance: – Ensure that all validation activities comply with relevant industry-specific regulations and standards. This is particularly important in regulated industries such as pharmaceuticals and medical devices.
Continuous Improvement: – Use the findings from validation and re-validation activities to identify areas for improvement in your processes, systems, or equipment. – Implement corrective and preventive actions as needed to address any identified issues.
Validation Team Training: – Ensure that personnel involved in validation and re-validation activities are adequately trained and have the necessary skills and competencies.
Document Control: – Maintain proper document control to ensure that all validation and re-validation documentation is up-to-date and easily accessible for audits and inspections.

By following these steps, an organization can effectively conduct validation and re-validation , ensuring that production processes and equipment consistently meet quality standards and regulatory requirements. These activities are crucial for maintaining product quality, customer satisfaction, and compliance with industry standards.

10) The implementation of actions to prevent human error;

Preventing human errors during manufacturing and service provision is crucial to maintain product or service quality, safety, and efficiency. Human errors can occur at various stages of these processes, but proactive measures can help reduce the likelihood of errors and their potential impact. Here are actions an organization can take to prevent human errors:

Employee Training and Education: Provide comprehensive training to employees to ensure they have the necessary knowledge and skills to perform their tasks correctly. Include specific training on quality standards, safety procedures, and best practices.
Standard Operating Procedures (SOPs): Develop and implement clear and well-documented SOPs for all critical processes and tasks. Ensure that SOPs are easily accessible and regularly updated.
Task Analysis and Risk Assessment: Conduct task analysis and risk assessments to identify potential points of failure and human error. Prioritize and address high-risk areas with additional controls.
Error-Proofing (Poka-Yoke): Implement error-proofing mechanisms and devices to prevent common human errors. These can include physical barriers, sensors, checklists, and automated error detection systems.
Process Redundancy and Verification: Incorporate redundant checks and verifications in critical processes to catch errors before they result in defects or safety hazards. Encourage a “double-check” culture in high-risk processes.
Visual Controls and Signage: Use visual cues, labels, color-coding, and signage to guide employees and reduce the likelihood of mistakes. Clearly mark safety zones and critical areas.
Clear Communication: Promote effective communication among team members to ensure that instructions and information are understood. Encourage employees to ask questions when uncertain.
Job Rotation and Cross-Training: Implement job rotation and cross-training programs to ensure that employees have a broad understanding of various tasks. This can help reduce the risk of errors caused by fatigue or monotony.
Checklists and Job Aids: Develop checklists, job aids, and standardized forms to guide employees through complex processes and tasks. Ensure that employees use these aids consistently.
Continuous Improvement Culture: Foster a culture of continuous improvement where employees are encouraged to identify and report potential areas for error reduction. Implement suggestions and feedback from employees.
Feedback and Learning from Errors: Encourage reporting of errors, near misses, and incidents. Analyze the root causes of errors and implement corrective actions to prevent their recurrence.
Automation and Technology: Where feasible, automate processes and tasks to reduce the reliance on manual labor, which can be prone to errors. Implement technology solutions that provide real-time monitoring and error detection.
Fatigue Management: Implement policies and practices to manage employee fatigue, especially in industries with long or irregular work hours. Encourage adequate breaks and rest periods.
Leadership and Supervision: Provide strong leadership and supervision to ensure that employees are following procedures and best practices. Lead by example and promote a safety and quality-conscious culture.
Audits and Inspections: Conduct regular internal audits and inspections to verify compliance with procedures and identify potential deviations or errors. Take corrective actions promptly.
Employee Involvement: Involve employees in the decision-making process regarding process improvements and changes. Employees on the front lines often have valuable insights into error prevention.
Regulatory Compliance: Ensure that all processes and practices comply with relevant regulatory standards and requirements, which often include guidelines for error prevention.

Preventing human errors requires a multifaceted approach that combines training, process design, technology, and a culture of continuous improvement. By implementing these actions, an organization can reduce the risk of human errors, enhance quality, and improve overall operational effectiveness.

11) the implementation of release, delivery and post-delivery activities.

Products and service release, delivery and post-delivery activities should be defined and implemented as planned. Depending on the product or service you deliver, this could be an email sent to the customer, or this can involve multiple steps of packaging, transportation, shipping, etc. During the implementation of release, delivery, and post-delivery activities, organizations must establish controls to ensure that products or services are delivered to customers in accordance with their requirements and expectations. These controls help maintain product or service quality, customer satisfaction, and compliance with quality management standards like ISO 9001:2015. Here are some key control measures that organizations should take during these activities:

Release Activities:

Verification and Validation: Conduct thorough verification and validation activities to ensure that the product or service meets the specified requirements and standards before release.
Documented Release Criteria: Define and document clear criteria for releasing products or services. These criteria should include quality checks, inspections, and approvals.
Approval Process: Implement an approval process where authorized personnel review and approve the release of products or services. Ensure that only those meeting the defined criteria are released.
Change Control: Ensure that any changes to products or services, including last-minute alterations, are documented, evaluated, and approved before release.
Traceability: Maintain traceability records that link products or services to their respective requirements, design specifications, and any applicable regulatory or customer standards.
Packaging and Labeling: Properly package and label products or services, including relevant documentation and instructions for use or installation.

Delivery Activities:

Shipping and Transport: Implement controls to ensure that products are properly packaged, labeled, and transported to prevent damage, contamination, or loss during delivery.
Delivery Confirmation: Use tracking systems or delivery confirmations to ensure that products or services reach the intended destination.
Documentation: Provide accurate and complete documentation, including invoices, packing lists, and certificates of conformity, with the delivered products or services.
Customer Communication: Maintain open and effective communication with customers regarding delivery schedules, delays, and any other relevant information.
Compliance with Regulatory Requirements: Ensure that products or services comply with all applicable regulatory requirements and standards during delivery.

Post-Delivery Activities:

Customer Feedback: Establish mechanisms for collecting and documenting customer feedback regarding product or service performance, satisfaction, and any issues encountered.
Complaint Handling: Implement a structured process for receiving, documenting, investigating, and resolving customer complaints or non-conformities related to delivered products or services.
Warranty and Support: Provide warranty information and post-delivery support to address any defects, malfunctions, or customer inquiries promptly.
Product and Service Updates: Monitor and implement updates or improvements to products or services based on customer feedback and performance data.
Record Keeping: Maintain records of post-delivery activities, including customer interactions, complaints, and any corrective or preventive actions taken.
Continuous Improvement: Use data from post-delivery activities to drive continuous improvement efforts in processes, products, and services.
Training and Awareness: Ensure that employees involved in post-delivery activities are trained and aware of the importance of maintaining customer satisfaction and addressing issues effectively.
Regulatory Compliance: Continuously monitor and ensure compliance with regulatory requirements and standards related to post-delivery activities.

By implementing these control measures, organizations can effectively manage the release, delivery, and post-delivery stages of their products or services. These measures help ensure customer satisfaction, maintain product or service quality, and align with ISO 9001:2015 and other relevant quality management standards.

Example of Procedure for Control of Production and Service Provision

Objective: This procedure outlines the steps and controls necessary to ensure that all production and service provision activities are carried out in accordance with specified requirements and standards, including customer requirements and applicable regulations.

Scope: This procedure applies to all production and service provision processes within the organization.

Responsibilities:

The [Quality Manager/Process Owner] is responsible for overseeing the implementation of this procedure.
[Production/Service] Supervisors are responsible for ensuring compliance with this procedure within their respective areas.
All employees involved in production and service provision activities must adhere to this procedure.

Procedure:

1. Planning and Review:

Before production or service provision begins, review and verify the requirements specified in customer orders, contracts, and relevant documentation.
Ensure that necessary resources, including materials, equipment, and personnel, are available and ready for use.

2. Work Instructions:

Develop and maintain documented work instructions for each specific production or service provision process.
Work instructions should detail step-by-step procedures, including safety precautions, quality checks, and any specific requirements.

3. Verification of Equipment and Tools:

Prior to use, verify that all equipment, machinery, tools, and measuring devices are calibrated, maintained, and in good working condition.
Perform equipment checks according to the [Calibration and Maintenance Procedure].

4. Personnel Training and Competence:

Ensure that personnel involved in production and service provision are adequately trained, qualified, and competent for their assigned tasks.
Maintain training records and conduct periodic competency assessments.

5. Material and Component Control:

Ensure that all materials, components, and parts used in production or service provision are properly identified, inspected, and verified for compliance with specifications.
Implement controls to prevent mix-ups, contamination, or damage to materials.

6. Process Execution:

Follow the documented work instructions and procedures for each production or service provision process.
Monitor and record process parameters, measurements, and any deviations from the specified requirements.

7. Inspection and Testing:

Conduct in-process inspections and testing as required by the work instructions and quality plans.
Document inspection results and address any non-conformities.

8. Traceability and Record Keeping:

Maintain records that demonstrate traceability of products or services to their specific requirements, including batch/lot numbers, dates, and personnel involved.
Retain records in accordance with the [Document Control and Record Retention Procedure].

9. Non-Conformance Handling:

If non-conformities are identified during production or service provision, follow the [Non-Conformance Management Procedure] to address and resolve issues.

10. Final Inspection and Verification: – Conduct a final inspection or verification step to ensure that products or services meet all specified requirements and acceptance criteria.

11. Packaging and Delivery: – Properly package products or prepare services for delivery to customers, ensuring that they are protected from damage and contamination. – Use appropriate labeling and documentation.

12. Customer Communication: – Maintain open communication with customers regarding any changes, delays, or issues related to production or service provision.

13. Continuous Improvement: – Use data from production and service provision activities to drive continuous improvement efforts, identify areas for optimization, and prevent recurrence of non-conformities.

14. Review and Approval: – All completed production and service provision activities should be reviewed and approved by the [Quality Manager/Process Owner] or designated personnel.

15. Document Control: – Maintain controlled copies of all relevant documents, including work instructions, quality plans, and records, in accordance with the [Document Control Procedure].

16. Compliance with Regulatory Requirements: – Ensure that all production and service provision activities comply with relevant industry standards, regulations, and customer-specific requirements.

17. Auditing and Monitoring: – Conduct periodic internal audits and performance monitoring to assess compliance with this procedure and identify opportunities for improvement.

18. Reporting: – Report any critical issues, deviations, or non-conformities to management and initiate corrective actions as necessary.

19. Document Retention: – Retain production and service provision records as per the organization’s [Document Control and Record Retention Procedure].

20. Training and Awareness: – Ensure that all employees involved in production and service provision are aware of this procedure and receive appropriate training.

21. Review and Revision: – Periodically review and update this procedure to ensure its continued effectiveness and relevance.

22. Approval and Revision History: – Maintain records of procedure approvals and revisions.

ISO 9001:2015 CLAUSE 8.3.6 Design and Development changes

ISO 9001:2015 Requirements

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.
The organization shall retain documented information on:
a) design and development changes;
b) the results of reviews;
c) the authorization of the changes;
d) the actions taken to prevent adverse impacts.

1) Design and Development Changes

This clause requires that if changes are required to be made to either design input or design output, then the organisation shall follow a procedure so that these changes are controlled. Your organization should begin identifying, reviewing and controlling of design changes including the implementation of a process to notify the customer when changes affect the customer requirement e.g. customer communication, notifications of change, requests for deviation, and contract amendments. The Engineering Manager in conjunction with the Design Manager is responsible for evaluating the risks and the impact of design changes against the criteria. The Engineering Manager logs all change requests in the Design Change Request Log, performs an evaluation and either approves or denies the request. Major changes are also evaluated by any affected stakeholders. All change requests serve as design and development inputs for design and development changes. Design documentation is updated to accurately reflect the revised design. It is as important to control design changes throughout the design and development process and it should be clear how these changes are handled and what effects they have on the product. Ensure control over design and development changes, design changes must be Identified, Recorded, Reviewed, Verified, Validated, Approved. Configuration control can be managed via alteration requests, notice of change, amendments, deviations, waivers, concessions, part revision changes, part number changes, change categories, service bulletins, modification bulletins, airworthiness directives, engineering communication notice, product change boards.Design and development changes (after the original verification and validation) have to be ‘verified and validated as appropriate’ (as well as reviewed) and to ‘include evaluation of the effect of changes on constituent parts and products already delivered’.If the organization chooses not to perform re-verification and re-validation on every design change, then the auditor should expect to see some very well-defined criteria as to when the activity needs to occur. Retain documented information that includes design change history, evaluation of change results, authorization of change and actions taken in relation to subsequent activities that are impacted by the change.

2) Identifying design and development changes

To effectively identify design and development changes within an organization, it is essential to establish a systematic process that ensures all modifications are properly recognized, assessed, and managed. Here’s a step-by-step guide on how an organization can identify design and development changes:

Establish a Change Control Process: Create a documented change control process within your Quality Management System (QMS) that outlines the procedures and responsibilities for identifying, evaluating, and implementing design and development changes. This process should include criteria for when a change should be initiated.
Documentation and Records: Maintain comprehensive documentation of design and development outputs, including specifications, drawings, plans, and related documents. Ensure that these documents are organized, up-to-date, and easily accessible.
Change Request Mechanism: Implement a formal change request mechanism that allows employees to submit requests for changes. This may involve using change request forms or digital systems to capture relevant information, such as the nature of the change, reasons for the change, and potential impacts.
Cross-Functional Teams: Form cross-functional teams or committees comprising representatives from various departments, including design, engineering, quality assurance, production, and others. These teams should review and assess proposed changes collaboratively.
Review Existing Documentation: Regularly review existing design and development documentation and outputs to identify potential areas where changes may be necessary. This can be part of routine management and quality meetings.
Risk Assessment: Conduct a risk assessment for each proposed change to determine its potential impact on product or service quality, safety, compliance, and other critical factors. Evaluate the likelihood and severity of adverse effects.
Customer Input: Involve customers and stakeholders in the change identification process, particularly if the change could affect their requirements or expectations. Solicit feedback and input from them when relevant.
Supplier Collaboration: Collaborate with suppliers and vendors, especially if the change impacts the procurement of materials, components, or services. Ensure that suppliers are informed and aligned with the proposed changes.
Regular Reviews: Conduct periodic reviews and assessments of design and development outputs and associated documentation to proactively identify potential areas requiring changes. These reviews can be scheduled as part of regular management and quality meetings.
Continuous Improvement Culture: Foster a culture of continuous improvement within the organization where employees are encouraged to identify and propose changes that can enhance product or service quality, efficiency, or customer satisfaction.
Customer Complaints and Feedback: Monitor and analyze customer complaints and feedback to identify any recurring issues or patterns that may necessitate changes to products or services.
Regulatory and Standards Updates: Stay informed about changes in industry standards, regulations, and legal requirements that may impact the design and development of products or services.
Training and Awareness: Ensure that employees are trained and aware of the change identification process and their roles within it. Provide necessary training on change management principles and tools.
Documentation and Records: Maintain clear records of all identified changes, including details of the change, its approval status, and any actions taken.
Audit and Review: Periodically audit and review the effectiveness of the change identification process to identify areas for improvement.

By following these steps and incorporating a robust change identification process into your QMS, organizations can systematically detect and manage design and development changes. This approach helps minimize potential adverse impacts on conformity to requirements and ensures that changes are managed in a controlled and organized manner.

3) Review design and development changes

Reviewing design and development changes is a critical part of ensuring that modifications to products, services, or processes are properly evaluated, approved, and implemented within an organization’s Quality Management System (QMS). Here’s a step-by-step guide on how an organization can review design and development changes effectively:

Establish a Change Review Process: Document a formal change review process within your QMS. This process should outline the steps, responsibilities, and criteria for reviewing design and development changes.
Change Request Submission: Ensure that any proposed design and development changes are submitted through the established change request mechanism. This may involve using standardized forms or digital tools to capture essential information about the change.
Review Committee: Form a designated change review committee or cross-functional team with members from relevant departments, such as design, engineering, quality assurance, production, and others. This team will be responsible for reviewing and assessing the proposed changes.
Documentation Evaluation: Review all relevant documentation associated with the change request. This includes design specifications, drawings, plans, and any other documents that may be affected by the change.
Risk Assessment: Conduct a thorough risk assessment to evaluate the potential impact of the proposed change. Assess the likelihood and severity of any adverse effects on product or service quality, safety, compliance, and other critical factors.
Compliance Check: Ensure that the proposed change complies with applicable regulatory requirements, industry standards, and internal policies. Verify that the change will not result in non-compliance or legal issues.
Testing and Validation Plans: If necessary, develop or review testing and validation plans to verify that the proposed change will not negatively impact product or service performance. Ensure that appropriate tests and criteria are defined.
Customer Input: Seek input from customers and stakeholders, especially if the change may affect their requirements or expectations. Consider their feedback during the review process.
Supplier Collaboration: Collaborate with suppliers and vendors if the change impacts the procurement of materials, components, or services. Ensure that suppliers are informed and agreeable to the proposed changes.
Cost-Benefit Analysis: Conduct a cost-benefit analysis to determine the financial implications of the proposed change, including the cost of implementation and potential savings or benefits.
Decision-Making and Approval: The change review committee should make a decision regarding the proposed change. Approve or reject the change based on the findings of the review. Clearly document the decision, including reasons for approval or rejection.
Communication and Feedback: Communicate the decision to relevant stakeholders, including employees, customers, and suppliers. Encourage feedback and questions regarding the change.
Implementation Plan: If the change is approved, develop a detailed implementation plan that outlines how the change will be executed, including timelines, responsibilities, and any necessary training.
Documentation Updates: Ensure that all relevant documentation is updated to reflect the approved change accurately. This includes design specifications, drawings, plans, and any associated records.
Audit and Review: Periodically audit and review the effectiveness of the change review process to identify areas for improvement and ensure that changes are managed consistently.
Continuous Improvement: Use insights gained from change reviews to drive continuous improvement in the design and development process. Identify opportunities to refine change management procedures and prevent similar issues in the future.

By following these steps and incorporating a systematic approach to reviewing design and development changes, organizations can effectively evaluate the potential impact of modifications, make informed decisions, and ensure that changes are implemented in a controlled and organized manner. This approach helps minimize risks and disruptions while promoting product and service quality and compliance with requirements.

4) Control Design and development changes

Controlling design and development changes within an organization’s Quality Management System (QMS) is essential to ensure that modifications are managed effectively, evaluated thoroughly, and implemented with precision. Here’s a step-by-step guide on how an organization can control design and development changes:

Change Control Process: Establish and document a well-defined change control process within your QMS. This process should outline the procedures, roles, responsibilities, and criteria for controlling design and development changes.
Change Request Submission: Ensure that any proposed design and development changes are submitted through the established change request mechanism. This may involve using standardized forms or digital tools to capture essential information about the change.
Designated Change Control Team: Appoint a dedicated change control team or cross-functional committee with members from relevant departments, including design, engineering, quality assurance, production, and others. This team will be responsible for controlling and implementing the approved changes.
Documentation Review: Review all relevant documentation associated with the change request, including design specifications, drawings, plans, and other documents. Verify that the change aligns with the documentation and requirements.
Risk Assessment: Conduct a comprehensive risk assessment to evaluate the potential impact of the proposed change. Assess the likelihood and severity of any adverse effects on product or service quality, safety, compliance, and other critical factors.
Compliance Check: Ensure that the proposed change complies with applicable regulatory requirements, industry standards, and internal policies. Verify that the change will not result in non-compliance or legal issues.
Testing and Validation Plans: Develop or review testing and validation plans to ensure that the proposed change will not negatively impact product or service performance. Ensure that appropriate tests and criteria are defined.
Supplier Collaboration: Collaborate with suppliers and vendors if the change impacts the procurement of materials, components, or services. Ensure that suppliers are informed and agreeable to the proposed changes.
Decision-Making and Approval: The change control team should make a decision regarding the proposed change. Approve or reject the change based on the findings of the review. Clearly document the decision, including reasons for approval or rejection.
Communication and Implementation: If the change is approved, communicate the decision to relevant stakeholders, including employees, customers, and suppliers. Develop a detailed implementation plan that outlines how the change will be executed, including timelines, responsibilities, and any necessary training.
Documentation Updates: Ensure that all relevant documentation is updated to reflect the approved change accurately. This includes design specifications, drawings, plans, and any associated records.
Monitoring and Verification: Continuously monitor and verify the implementation of the approved change to ensure that it aligns with the plan and that there are no unexpected issues.
Audit and Review: Periodically audit and review the effectiveness of the change control process to identify areas for improvement and ensure that changes are managed consistently.
Feedback and Feedback Loop: Establish a feedback mechanism that allows stakeholders to provide input and feedback on the change’s effectiveness and impact. Use this feedback to inform future improvements and decisions.
Continuous Improvement: Use insights gained from controlled design and development changes to drive continuous improvement in the organization’s change management procedures. Identify opportunities to enhance the control process and reduce the likelihood of errors or issues.

By following these steps and incorporating a systematic approach to controlling design and development changes, organizations can effectively manage modifications, ensure compliance with requirements, and minimize risks. This approach promotes the successful implementation of changes while maintaining product and service quality and reliability.

5) The organization shall retain documented information on design and development changes.

Retaining documented information on design and development changes is essential for maintaining transparency, traceability, and compliance within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

Create and maintain records for each design and development change. These records should include all relevant information about the change, such as the nature of the change, the reason for the change, the individuals involved, the decision-making process, and any actions taken.
Ensure that your QMS includes documented procedures for managing design and development changes. These procedures should outline how change records are created, documented, reviewed, approved, and retained.
Maintain clear and organized records of all design and development changes. Ensure that the records are easily accessible and identifiable.
Determine an appropriate retention period for design and development change records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the complexity of changes and their potential long-term impact.
: Implement access controls to ensure that only authorized personnel can view, edit, or delete design and development change records. Protect sensitive information to maintain data integrity.
If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for change records. This helps prevent data loss and unauthorized access.
Classify design and development change records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
Maintain an audit trail for change records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the change records themselves.
Establish a system for retrieving design and development change records quickly when needed, especially during audits, assessments, or when reviewing the history of changes made to products, services, or processes.
At the end of the retention period, follow a documented archiving and disposal process for change records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
: Periodically review and assess the effectiveness of your document retention practices, including the management of design and development change records. Identify areas for improvement and make necessary updates to your procedures.
Ensure that employees are aware of the importance of retaining and managing design and development change records. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on design and development changes in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their change management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts.

6) The organization shall retain documented information on the results of reviews of Design and Development changes

Retaining documented information on the results of reviews of design and development changes is essential for maintaining transparency, traceability, and compliance within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

Create and maintain records for each review of design and development changes. These records should include all relevant information about the review process, such as the date of the review, the individuals involved, the outcomes of the review, and any actions or decisions made.
Ensure that your QMS includes documented procedures for managing records related to the review of design and development changes. These procedures should outline how review records are created, documented, reviewed, approved, and retained.
Maintain clear and organized records of all reviews of design and development changes. Ensure that the records are easily accessible and identifiable.
Determine an appropriate retention period for review records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the complexity of changes and their potential long-term impact.
Implement access controls to ensure that only authorized personnel can view, edit, or delete review records. Protect sensitive information to maintain data integrity.
If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for review records. This helps prevent data loss and unauthorized access.
Classify review records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
Maintain an audit trail for review records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the review records themselves.
Establish a system for retrieving review records quickly when needed, especially during audits, assessments, or when reviewing the history of reviews of design and development changes.
At the end of the retention period, follow a documented archiving and disposal process for review records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
Periodically review and assess the effectiveness of your document retention practices, including the management of review records. Identify areas for improvement and make necessary updates to your procedures.
Ensure that employees are aware of the importance of retaining and managing review records for design and development changes. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on the results of reviews of design and development changes in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their change management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts.

7) The organization shall retain documented information on the authorization of the Design and development changes

Retaining documented information on the authorization of design and development changes is a crucial aspect of ensuring that modifications to products, services, or processes are properly managed, approved, and implemented within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

Create and maintain records for each authorization of design and development changes. These records should include all relevant information about the authorization process, such as the date of authorization, the individuals or authorities granting authorization, and any associated documentation.
Ensure that your QMS includes documented procedures for managing records related to the authorization of design and development changes. These procedures should outline how authorization records are created, documented, reviewed, approved, and retained.
Maintain clear and organized records of all authorizations of design and development changes. Ensure that the records are easily accessible and identifiable.
Determine an appropriate retention period for authorization records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the complexity of changes and their potential long-term impact.
Implement access controls to ensure that only authorized personnel can view, edit, or delete authorization records. Protect sensitive information to maintain data integrity.
If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for authorization records. This helps prevent data loss and unauthorized access.
Classify authorization records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
Maintain an audit trail for authorization records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the authorization records themselves.
Establish a system for retrieving authorization records quickly when needed, especially during audits, assessments, or when reviewing the history of authorizations of design and development changes.
At the end of the retention period, follow a documented archiving and disposal process for authorization records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
Periodically review and assess the effectiveness of your document retention practices, including the management of authorization records. Identify areas for improvement and make necessary updates to your procedures.
Ensure that employees are aware of the importance of retaining and managing authorization records for design and development changes. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on the authorization of design and development changes in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their change management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts.

8) The organization shall retain documented information on the actions taken to prevent adverse impacts

T o prevent adverse impacts in design and development changes, organizations should conduct a thorough risk assessment, involve cross-functional teams in the review process, ensure regulatory compliance, perform testing and validation, update documentation, collaborate with suppliers and solicit customer/stakeholder input, conduct cost-benefit analyses, establish clear approval and authorization processes, provide adequate training and communication, continuously monitor and evaluate the change’s implementation, maintain detailed records, and establish a feedback loop for ongoing improvement. Additionally, post-change reviews should be conducted to assess overall success and address any unforeseen adverse impacts promptly. These actions collectively help organizations proactively manage and mitigate risks associated with design and development changes, ensuring the continued quality, safety, and compliance of products, services, or processes.Retaining documented information on the actions taken to prevent adverse impacts is an essential aspect of managing risk and ensuring compliance within an organization’s Quality Management System (QMS). Here’s how an organization can ensure compliance with this requirement:

Create and maintain records for each action taken to prevent adverse impacts. These records should include all relevant information about the actions, such as the nature of the actions, the reasons for taking them, the individuals or teams responsible, and any associated documentation.
Ensure that your QMS includes documented procedures for managing records related to the actions taken to prevent adverse impacts. These procedures should outline how action records are created, documented, reviewed, approved, and retained.
Maintain clear and organized records of all actions taken to prevent adverse impacts. Ensure that the records are easily accessible and identifiable.
Determine an appropriate retention period for action records. The retention period should be based on regulatory requirements, industry standards, and organizational needs. Consider factors like the nature of the actions and their potential long-term impact.
Implement access controls to ensure that only authorized personnel can view, edit, or delete action records. Protect sensitive information to maintain data integrity.
If using digital document management systems, ensure that these systems provide secure storage, version control, and backups for action records. This helps prevent data loss and unauthorized access.
Classify action records appropriately based on their importance, impact, or other relevant criteria. This can help prioritize the retention and management of critical records.
Maintain an audit trail for action records, documenting any modifications, updates, or access history. This helps ensure the integrity of the records and provides a history of changes to the action records themselves.
Establish a system for retrieving action records quickly when needed, especially during audits, assessments, or when reviewing the history of actions taken to prevent adverse impacts.
At the end of the retention period, follow a documented archiving and disposal process for action records. Ensure that records are securely archived or disposed of in compliance with legal and regulatory requirements.
Periodically review and assess the effectiveness of your document retention practices, including the management of action records. Identify areas for improvement and make necessary updates to your procedures.
Ensure that employees are aware of the importance of retaining and managing action records related to preventing adverse impacts. Train them on the organization’s document control procedures, including record retention requirements.

By retaining documented information on the actions taken to prevent adverse impacts in a systematic and controlled manner, organizations can demonstrate compliance with regulatory requirements, maintain transparency in their risk management processes, and have a valuable historical record for future reference, audits, and continuous improvement efforts. This approach helps organizations proactively address potential issues and mitigate adverse impacts.

Here are the documents and records required in ISO 9001:2015 Clause 8.3.6:

Documented Information for Design and Development Changes: The organization should maintain documented information that describes the nature of the change, the reasons for the change, the parties involved in making the change, and the expected results of the change.
Design and Development Change Proposal: This document should outline the proposed change, including its scope, objectives, potential impacts, and any associated risks. It may also include a cost-benefit analysis or feasibility study.
Design and Development Change Review and Approval Records: These records demonstrate that the proposed change was reviewed and approved by the relevant personnel or authorities within the organization. This ensures that changes are made with proper authorization.
Updated Design and Development Documentation: Any affected design and development documents, such as drawings, specifications, plans, and procedures, should be updated to reflect the approved changes. These updated documents should be properly controlled and maintained.
Risk Assessment and Mitigation Records: If the design and development change introduces new risks or modifies existing ones, the organization should document the risk assessment process and the actions taken to mitigate or manage these risks.
Verification and Validation Records: If the change requires verification or validation activities, records of these activities should be maintained to demonstrate that the change meets the specified requirements and objectives.
Test and Inspection Records: Records of any testing or inspection activities related to the design and development change should be kept. These records should include the test methods, results, and any deviations or non-conformities identified and their resolution.
Communication Records: Documentation of any communication related to the design and development change, both within the organization and with external parties (e.g., suppliers or customers), should be maintained.
Training Records: If the change necessitates additional training or retraining of personnel, records of training activities and their effectiveness should be kept.
Change Implementation Records: Records related to the actual implementation of the design and development change, including schedules, milestones, and progress reports, should be maintained.
Verification of Effectiveness Records: After the change has been implemented, records should demonstrate that the change has been effective in achieving its intended objectives and that any identified issues or non-conformities have been addressed.
Audit and Review Records: Records of internal audits and management reviews related to the design and development changes should be maintained as evidence of ongoing monitoring and improvement.

ISO 9001:2015 Clause 8.3.4 Design and development controls

The organization shall apply controls to the design and development process to ensure that:
a) the results to be achieved are defined;
b) reviews are conducted to evaluate the ability of the results of design and development to meet requirements;
c) verification activities are conducted to ensure that the design and development outputs meet the input requirements;
d) validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use;
e) any necessary actions are taken on problems determined during the reviews, or verification and validation activities;
f) documented information of these activities is retained.
NOTE Design and development reviews, verification and validation have distinct purposes. They can be conducted separately or in any combination, as is suitable for the products and services of the organization.

1) Design and Development Controls

Once all design inputs are finalised, the next step is to ensure adequate controls are applied so that the outputs of the design and development process are clearly defined and are as per customer’s requirement. Controls can be applied in the form of reviews, verification and validation of design and development activities. While review, verification and validation are done to meet distinct purposes, they can be conducted separately or in any combination as it is suitable for the product and services of the organisation.

Defined outcomes including such as specifications, design intent, functional and performance requirements, customer/end user expectations;
Design review process with functional representation from the customer, engineering, production, quality, project management etc.), design review gates (e.g. preliminary design review, detail design review, critical design review), commercial/technical considerations, authorized progression to next stage;
Verification activities such as modelling, simulations, alternative calculations, comparison with other proven designs, experiments, tests, and specialist technical reviews;
Validation activities such as functional testing, performance testing, trials, prototypes, demonstrations, and simulations;
Management of actions arising from design reviews, verification or validation activities e.g. action registers, ownership, timescales, escalation, changes to risk profile.

Design controls, which may include; design validation, design verification, assurance gate reviews, design review, design checking, safety risk management, design risk management, Design Failure Mode Effects Analysis, value engineering and CAD management are an interrelated set of practices and procedures that are focused on managing the design of a product or service and are intended to reduce uncertainty until a detailed and solidified and approved design is reached. As a system of checks and balances, design control activities make a systematic assessment of the design an integral part of product development. As a result, deficiencies in design input requirements, and discrepancies between the proposed designs and requirements, are made evident and corrected. The essential quality aspects and the regulatory requirements, such as safety, performance, and dependability of a product (whether hardware, software, services, or processed materials) are established during the design and development phase. The controls referred to in the sections below can be incorporated into your design and management process. Although various design controls are described, they are included for illustrative purposes only as there may be alternative ways that are better suited to a particular manufacturer or design activity. The use of these techniques must be proportional to the nature of the risks of the product or service.

CAD management: Drawings should be prepared using computer aided design (CAD) software and should be undertaken in accordance with best practice methods. The production of digital models and drawings must be managed using document control and approval software which has the facility for the use of secure electronic signatures. The process records the individuals who sign off each stage of the work flow and allow the design to proceed to the next stage of the process. The system controls who is allowed to authorise each stage, for example preparers, checkers and approvers will be restricted to people who, under the designer’s competence management system, are competent to carry out that stage of the process. As required, a work flow will be agreed with the Design Team and used to manage and record all stages of the CAD production process. CAD deliverables are monitored to ensure all stages of the process are recorded and auditable.
Value engineering:The primary aim for engineering design is to produce safe, economic and compliant designs that produce the Lowest Total Cost (LTC). Although engineering design costs are monitored and incentivised to be held to a minimum, value engineering will be focused on maximising the opportunities to reduce the LTC. Value Engineering (VE) will be conducted throughout the life cycle of the design project but it is recognised that early VE initiatives usually yield the greatest cost benefits.
Design Failure Mode Effects Analysis (DFMEA): Design Failure Mode Effects Analysis (DFMEA) is an analysis technique which facilitates the identification of potential problems in the design by examining the effects of lower level failures, while providing an objective evaluation of design requirements and design alternatives. Starting early in the design process, the Engineering Manager is usually responsible for completing the design failure mode effects analysis DFMEA before the time preliminary drawings are done, and before any tooling requirements are specified, in order to:
- Analyze hardware, functions, and products before they are released to production;
- Identify potential failure modes of products (system, subsystem, and component levels) caused by design deficiencies;
- Provide an initial design for manufacturing and assembly requirements;
- Increase the probability that potential failure modes and their effects have been considered in the design and development process;
- Provide additional information to help plan thorough and efficient test programs;
- Develop a list of potential failure modes ranked according to their effect on the customer;
- Establish a priority system for design improvements;
- Provide an open issue format for recommending and tracking risk reducing actions;
- Provide future reference to aid in analyzing field concerns;
- Report risk analysis and DFMEA results at Design Reviews.
Design risk management:Design risk management begins with the development of the design input requirements. As the design evolves, new risks may become evident. To systematically identify and, when necessary, reduce these risks, the risk management process is integrated into the design process. In this way, unacceptable risks can be identified and managed earlier in the design process when changes are easier to make and less costly. The Design Manager should be responsible for implementing regular design risk reviews and for capturing its output in order to ensure that all functional requirements are included and evaluated. The Design Manager should ensure that the design risk analysis reflects the latest configuration of the design solution and that design risk analysis is continually managed and updated with each design modification. All identified risks should be summarized for risk mitigation, communication and knowledge sharing.Elements of a risk assessment include but are not limited to the following;
- Quality performance (past and current);
- Required approvals;
- Assumptions;
- Requirements;
- Geographical/political/ethical;
- Financial;
- Customer satisfaction;
- Human resources;
- Improvement activities;
- Delivery;
- Manufacturing capability and capacity;
- Supplier make/buy decisions and supplier control;
- Design capability and capacity;
- Special processes;
- Design complexity;
- Manufacturing complexity.
Safety risk management:The legal obligation to produce designs that are safe to manufacture, operate and maintain is embedded into the design processes. The design process should contain appropriate checks and reviews to ensure that the Design Team discharge their responsibilities and produce deliverables that comply with the relevant design standards. Safety in design is provided through Controlling the level of individual technical competence, Defining the processes that establish the framework for the elimination of hazards and mitigation of risks within the design and at interfaces and Ensuring that the design satisfies the project requirements. The Design Team is required to eliminate hazards where possible and to reduce construction, operation and maintenance risks in the final design. It is recognised that the risk profile changes as the design proceeds but the overriding obligation is to reduce the risks to an acceptable minimum. The Design Team are required to:
- Carry out Designer’s Risk Assessment;
- Reduce safety risks to be a tolerable ALARP for all parties;
- Reduce the commercial impact of risk to acceptable levels whilst remaining within the Law; and
- Know what the risks are at any point in time.
Tools and techniques:The appropriate tools and techniques used by competent personnel and are applied to meet the needs of the unique product or process being designed.The Engineering Manager is responsible for providing a design, which is producible, verifiable, and controllable under the specified production, installation, and operational conditions. Project management tools and methodologies are used to manage the development process in order to deliver timely, profitable solutions.All software that is used in calculations and other design and development activities should be validated, verified and approved. Software developed in-house is validated and approved prior to release. Software documentation includes validation specifications approved by the Engineering Manager and validation records attesting to acceptable performance. Standard and/or commercial CAD and calculation modelling software can be accepted without validation. Software that has been successfully used in design and development prior and has proven to demonstrate successful performance for at least one year may be used without validation testing.All spreadsheets should be validated by manual calculation or alternative analysis methods and records of the process are provided as part of the design submission. The name of the spreadsheet, unique identification, localisation, and the person responsible for the spreadsheet are documented. The records should also include verification, regular verification and other issues such as updates or any problem encountered. Verification is completed after installation and recorded. When setting up a new Excel spreadsheet for calculations, the following good practices reduce the risk of accidental modifications of the template and erroneous data input:
- All calculating cells shall be locked (Format Cells > Protection > Locked) in order to protect cells containing calculations against unintended modification, except those used for data input;
- Data validation rules (Data tab > Data Validation) can be applied to data input cells to prevent the introduction of aberrant values;
- Input messages and Error alert messages should be used to inform the end user of the expected data type and acceptable range;
- Cells used for presenting the results of the calculations (output) can be identified by a specific colour. When the results are tested against acceptance criteria it is recommended using conditional formatting (Home tab > Conditional Formatting) to highlight out-of-specifications results;
- The name of the operator responsible for data entry, and the date and time of data entry should be recorded in dedicated input cells or the spreadsheet is printed, signed and dated after calculation;
- Password protection is recommended for all cells containing calculations (Review tab > Protect Sheet), with only the default options checked;
- The same password should be used for all sheets and can be documented in the validation file;
- After protecting each sheet, the workbook structure should also be password protected (Review tab > Protect Workbook). The same password can be used as the one for sheet protection.
Design checking: All design and development output documentation must be reviewed and checked by competent and skilled personnel, and approved by the Engineering Manager prior to release. To provide technical assurance, all designs follow the ‘Prepare’, ‘Check’, and ‘Approve’ process, evidenced by the signatures of competent individuals. The Design Manager should arrange for a design category check to be carried out that is proportionate to the level of risk. The design category checks include a review of the design concepts and assessments in order to critically consider whether the base parameters are valid. The Checkers are required to undertake a review of the CDS to confirm that the approach is reasonable. The Checker should also consider the safety and practicability, and the proper functioning of the proposed design. For Category II (2) and III (3) Checks an independent set of design calculations must be prepared. The check also includes an independent technical assessment to determine and confirm design parameters.The levels of checking are as follows:
- Category I (1) – Designs may be checked in the same group as that which prepared the design but by a person other than the designer;
- Category II (2) – Designs may be checked in the Designer’s office by a separate group, which has not been involved in the original design, or by an approved outside organization;
- Category III (3) – Designs will be checked by an independent engineering organization. A Category III check is applicable for complex or unusual designs.
Design reviews:Design reviews should be carried out after the initial concept stage and again after the detailed design stage and finally, before the design is released. The design review function is carried out at various stages of the design process in order to check that the design solution is in accordance with the original design inputs and objectives and includes identification of concerns, issues and potential problems with the design.Design review meetings should be held at pre-defined points during the development process, with reviews held on an as-needed basis, depending upon the complexity of the design. Participants of design review meetings are competent to evaluate the design stage and discipline under review to permit them to examine the design and its implications.
Single-consultant Design Review (SDR):The Single-consultant Design Review (SDR) is a presentation of the design to relevant stakeholders. These reviews are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. The purpose of the review is to present evidence at each of these stages to confirm that the design is compliant with the standards and requirements defined in the Conceptual Design Statement. The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover or to issue their comments the Design Manager for inclusion. The minutes of SDR meetings are recorded. Meeting minutes include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate.
Inter-consultant Design Review (IDR):The Inter-consultant Design Review (IDR) is a presentation of the design of a work package or packages to interfacing Design Teams. These are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. Its primary purpose is to seek evidence that all interfaces have been agreed and that the design integrates to deliver the requirements. At each IDR an Inter-consultant Design Review Certificate is produced to evidence that all interfacing Design Teams are satisfied with the design under consideration. It should be signed by accepted representatives of the interfacing Design Teams and contain a list of any actions required to close out any exceptions raised but not deemed a bar to acceptance. The reviewers are responsible for issuing any comments in writing using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover. The minutes of IDR meetings are recorded and include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review Meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate. Other instances of design reviews may be required when the Engineering Manager has identified significant design change that requires a review to re-validate the design.
Design verification:Design verification is confirmation by examination and provision of objective evidence that the specified input requirements have been fulfilled. Any approach which establishes conformance with a design input requirement is an acceptable means of verifying the design with respect to that requirement. Complex designs require more and different types of verification activities. The nature of verification activities varies according to the type of design output. Design verification is carried out to check that the outputs from each design phase meet the stated requirements for the phase. Requirements traceability verification is undertaken to ensure that the design fulfils the design concept, while expressing the necessary functional and technical requirements. This process verified throughout the Assurance Gate Reviews. In most cases, verification activities are completed prior to each design review, and the verification results are submitted to the reviewers along with the other design deliverables to be reviewed. The results of the design verification, including identification of the design, method(s), the date, and the individual(s) performing the verification, shall be documented and retained.
Design validation:Design validation is similar to verification, except this time you should check the designed product under conditions of actual use. If you are designing dune buggies, you might take your creation for a spin on the beach. If you are making beverages, you might conduct a consumer taste test. Verification is a documentary review; while validation is a real-world test. Perform design and development validation by ensuring the product meets the specified requirements. Maintain records of validation activities and approvals. Design validation follows successful verification, and ensures, by examination and provision of objective evidence, that each requirement for a particular use is fulfilled. The performance characteristics that are to be assessed are identified, and validation methods and acceptance criteria are established.At the commencement of the design project, the requirements received from the previous design phase form the initial baseline. During design reviews, the requirements are considered to ensure that the right requirements and any assumptions have been captured, to identify missing requirements and ensure that the design intent will meet those requirements.The results of the design validation, including identification of the design, method(s), the date, and the individual(s) performing the validation, shoul be documented and retained. The organization shall have records that the product designed will meet defined user needs prior to delivery of the product to the customer, as appropriate.Methods of validation could include simulation techniques, proto-type build and evaluation, comparison to similar proven designs, beta testing, field evaluations, etc. Irrespective of the methods used, the validation activity should be planned, executed with records maintained as defined in the planning activity.Retain documented information to demonstrate that the any test plans and test procedures have been observed, and that their criteria have been met, and that the design meets the specified requirements for all identified operational conditions e.g. reports, calculations, test results, data, and reviews.
Assurance reviews: The Design Manager should ensure that design reviews are carried out in accordance with the Design Management Plan when the design has progressed by 20%, 60% and 100%. A cross functional, multidisciplinary team (including at least one individual who does not have direct responsibility for the design stage under review) undertake a documented, comprehensive, systematic examination of the design to evaluate its adequacy, to determines the capability of the design to meet the requirements, and to identify problems, whilst ensuring that:

The input for the Design Reviews is captured from all stakeholders;
All open actions from previous Design Reviews are tracked through to closure;
All areas of concern are highlighted for further discussion and risk mitigation;
All design reviews are documented and shared with stakeholders in a timely manner.

The following elements are considered during design reviews:

Customer needs and expectations versus technical specifications;
Ability to perform under expected conditions of use and environment;
Safety and potential liability during unintended use and misuse;
Safety and environmental considerations;
Compliance with applicable regulatory requirements, national, and international standards;
Comparison with similar designs for analysis of previous quality problems and possible recurrence;
Reliability, serviceability, and maintainability;
Product acceptance/rejection criteria, aesthetic specifications and acceptance criteria;
Ease of assembly, installation, and safety factors;
Packaging, handling, storage, shelf life, and disposability;
Failure modes and effects analysis;
Ability to diagnose and correct problems;
Identification, warnings, labelling, traceability, and user instructions;
Manufacturability, including special processes;
Capability to inspect and test;
Materials and components specifications;
Review and use of standard parts.

The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes. Conclusions drawn during design reviews are considered and implemented as appropriate. Not all identified concerns result in corrective actions, the Engineering Manager should decide whether the issue is relevant, or the issue is erroneous or immaterial.In most cases, however, resolution involves a design change, a change in requirements, or a combination of the two. Records of design review meetings are retained and identify those present at the meeting and the decisions reached.

14. Assurance gate reviews: The Assurance Gate Reviews 1 to 3 are the primary control mechanism that provides progressive assurance when evidence is reviewed at defined stages to confirm that the designs produced meet the design project’s objectives, requirements, obligations and that the risks associated with the engineering are identified and fully understood.

Gate 1 – (Initial concept (20% complete) The details will be outline only but will define the character, limit and form of manufacture, fabrication or construction.
Gate 2 – (Functional design (60% complete) At this stage the design has progressed to an intermediate position (progress check at 60% complete) This Gate is a check point at about the mid-point between Gate 1 and the final design. At the outset of a design project, the target deliverables at Gate 2 are clearly defined so that it provides an interim way point to confirm progress.
Gate 3 – (Detailed design ready for manufacture, fabrication or construction (100% complete) At this stage the design is complete and ready to be issued for manufacture, fabrication, or construction. Design details are finalised and fully integrated with other interfaces.

The purpose of the Assurance Gate Review process is to provide progressive assurance during the design stage that the objectives of the design intent can be achieved and that the design can progress successfully to the next stage. The next stage of the design process can only proceed when the Assurance Gate Review is successfully passed. If the evidence submitted at the Assurance Gate Review demonstrates that the design meets the objectives, it will be approved. If the Gate Review Panel decides that the submitted deliverables fall short of the requirements, the design will not pass through the Assurance Gate Review and is therefore prevented from proceeding to the next stage. The Gate Review Panel also known as the ‘Approval Authority’ has the responsibility to make the appropriate decision at each Assurance Gate Review. The Gate Review Panel is a multi-discipline committee formed of members from various departments and stakeholders throughout the organization. The Gate Review Panel members should be selected based on perceived risks, applicable regulatory or legal requirements, technical complexity, financial repercussions and criticality of the product. Department representation should include: Quality, Manufacturing, Engineering, Sales, Planning, Purchasing, Business Development, Contract, Legal, or others as deemed necessary. Formal, documented design and development Assurance Gate Reviews should be held at appropriate stages of the design and development cycle and include representatives from all concerned functions and stakeholders. Each Assurance Gate Review focuses on assessing whether the design deliverables meet all the objectives and appropriate criteria. The minimum approval criteria used for determining whether the design meets the intent are set out below. In addition to these minimum requirements, the Engineering Manager may specify further criteria at the outset of each design stage. The Gate Review Panel is responsible for managing the Gates Review process thereby ensuring that:

The design progress and the design status has successfully reached a stage of development appropriate to the Gate being assessed;
Cost and programme issues have been agreed and align with budget constraints;
The assurance evidence presented to the panel is sufficient to support the Gate requirements;
The risks are either designed out, have appropriate mitigation or have been clearly identified and agreed that they can proceed to the next stage;
All the necessary deliverables and other legal have been identified, complied with and that the design is compliant with any including undertakings and assurances;
At the conclusion of the Gate Review Panel and the Gates Chair Person a shall confer, taking full account of the views of the other Panel Members, and decide whether or not the design submission and presentation meets the Assurance Gate Review objectives and consequently can be given a pass or is prevented from passing the Gate.
If the Gates Chair Person decides that missing deliverables or evidence do not impact on the ability of the project to proceed, then a conditional pass may be given, subject to the remaining deliverables being completed within a specified time.
The conditions and timescales are conveyed to the Design Manager at the Review;
Where conditions are raised that are potentially of a significant risk, consideration shall be given to inclusion of the conditions;
The Gate Review Panel’s findings and decisions are recorded, together with any supporting data.

The Design Review Meeting Minutes should capture the results of the Gate Review Panel’s review. It serves as a record of the review and summarises the findings. The key aspects of the report are recording the evidence presented to satisfy the approval criteria and using this to support the decision regarding pass or resubmission. It is the Design Manager’s responsibility to assemble and present to the Gate Review Panel sufficient evidence, see table of deliverables below, when the design has progressed to 20%, 60% and 100%, to enable the Gate Review Panel to discharge their duties. Key design deliverables that are associated with the Assurance Gate Review are provided to the Gate Review Panel at least 5 working days prior to the scheduled review date

2) The organization shall apply controls to the design and development process

Organizations can apply various controls to the design and development process within a Quality Management System (QMS) to ensure that products, services, or processes meet quality standards and customer requirements. These controls are crucial for maintaining consistency, minimizing errors, and achieving the desired outcomes. Here are some key controls that organizations can implement in the design and development process within their QMS:

Design and Development Planning: Establish a comprehensive plan that outlines the objectives, scope, schedule, and resources required for the design and development process. This plan should consider risk management and quality objectives.
Requirements Management: Effectively capture, document, and manage requirements from customers, stakeholders, and relevant regulations or standards. Ensure that changes to requirements are controlled and well-documented.
Risk Management: Identify, assess, and mitigate risks associated with the design and development process. Develop risk mitigation plans to address potential issues and uncertainties.
Change Control: Implement a formal change control process to evaluate, approve, and document changes to project scope, requirements, or design elements. This helps prevent scope creep and ensures changes are properly managed.
Design and Development Reviews: Conduct regular reviews throughout the design and development process to assess progress, verify compliance with requirements, and identify and address issues or deviations.
Design Verification: Ensure that the design meets specified criteria and is in accordance with established standards or regulations through verification activities, such as testing, simulations, or inspections.
Design Validation: Validate the final design to ensure it meets the actual user needs and intended application. This may involve user testing or field trials.
Configuration Management: Implement configuration control to manage and track changes to design documents, specifications, and related information. Ensure that the correct version of design documentation is used.
Document Control: Maintain robust document control processes to manage design and development documents, including version control, approval processes, and access restrictions.
Testing and Quality Assurance: Develop and execute comprehensive testing plans to identify and correct defects, ensuring that the final product or service meets quality standards.
Prototyping and Modeling: Use prototypes and models to validate design concepts and assess feasibility before committing to full-scale development.
Supplier and Vendor Controls: If external suppliers or vendors are involved in the design and development process, establish controls to monitor their performance, quality, and compliance with contractual requirements.
Performance Metrics and Monitoring: Define key performance indicators (KPIs) and implement monitoring systems to track progress, measure performance, and identify areas for improvement.
Training and Competence Development: Ensure that team members involved in the design and development process have the necessary skills, training, and competence to perform their roles effectively.
Design History File (DHF) or Technical File: Maintain a comprehensive record of all design and development activities, including design inputs, outputs, verification, validation, and change control.
Regulatory Compliance: Ensure that the design and development process complies with relevant regulatory requirements and standards specific to the industry or product.
Customer Feedback and Involvement: Seek customer feedback throughout the design and development process and involve customers or end-users in user acceptance testing and validation.
Post-Market Surveillance: Establish procedures for post-market surveillance and monitoring of products or services after they have been released to identify and address any issues or opportunities for improvement.

These controls should be tailored to the organization’s specific needs, industry, and the complexity of the design and development process. Implementing these controls within a QMS helps ensure that the organization consistently delivers high-quality products, services, or processes that meet customer expectations and regulatory requirements.

3) The results to be achieved are defined;

Ensuring that the results to be achieved are well-defined is a fundamental aspect of controlling the design and development process within a Quality Management System (QMS). This control is critical for clarity, alignment with objectives, and the ultimate success of the project. Here’s how an organization can apply controls to achieve this:

Clearly Define Objectives and Requirements: Begin by establishing clear, measurable objectives for the design and development project. These objectives should be aligned with the organization’s strategic goals and customer requirements. It’s essential to involve relevant stakeholders in defining these objectives to ensure their buy-in and alignment.
Document Requirements: Thoroughly document all requirements, including customer requirements, regulatory requirements, and internal requirements. Use techniques such as a Requirements Traceability Matrix to ensure that each requirement is linked to specific project objectives.
Scope Definition: Clearly define the scope of the project, outlining what is included and what is not included. This prevents scope creep and helps manage expectations throughout the project.
Project Charter: Create a project charter that outlines the purpose, goals, objectives, stakeholders, and constraints of the project. This document should be shared and agreed upon by all relevant parties.
Risk Assessment: Conduct a risk assessment to identify potential risks and uncertainties that could impact the achievement of project objectives. Develop risk mitigation plans to address these risks.
Design and Development Plan: Develop a comprehensive design and development plan that includes project milestones, timelines, resource allocation, and responsibilities. This plan should clearly outline how the project will achieve its defined results.
Design Inputs and Outputs: Document design inputs and outputs. Inputs are the information and requirements that go into the design process, while outputs are the results of the design process. Ensure that there is traceability between inputs, design activities, and outputs.
Validation and Verification: Implement verification and validation processes to confirm that the design and development results meet the defined objectives and requirements. Verification ensures that the design conforms to specifications, while validation ensures that the design meets the user’s needs and intended use.
Document Control: Establish document control processes to ensure that all documentation related to the design and development process, including design specifications, plans, and changes, are well-documented and properly managed.
Change Control: Implement a change control process to manage changes to project objectives, requirements, or scope. Changes should be assessed for their impact on the defined results and approved or rejected based on this assessment.
Communication and Reporting: Establish clear communication channels and reporting mechanisms to keep all stakeholders informed of project progress, issues, and changes. Regularly review and update project status against the defined results.
Review Meetings: Hold regular design and development review meetings to assess progress, identify deviations from the defined results, and take corrective actions as needed.
Customer and Stakeholder Involvement: Involve customers and relevant stakeholders in the design and development process to ensure their requirements are understood and incorporated into the final results.

By applying these controls, an organization can ensure that the results to be achieved are well-defined, monitored throughout the design and development process, and aligned with the organization’s goals and customer expectations. This helps minimize ambiguity, reduces the risk of project failure, and promotes successful project outcomes.

4) Reviews are conducted to evaluate the ability of the results of design and development to meet requirements

Conducting reviews of the design and development process is a critical step in ensuring that the results align with the requirements and objectives. These reviews help evaluate the ability of the design and development outcomes to meet the specified requirements and ensure that the final product, service, or process is of high quality and meets customer expectations. Here’s how an organization can conduct these reviews effectively:

Establish Review Milestones: Define specific review milestones throughout the design and development process. These milestones should align with key stages of the project, such as initial concept design, detailed design, prototype development, and finalization.
Assemble Review Teams: Form cross-functional teams with members who have relevant expertise to conduct the reviews. This may include individuals from design, engineering, quality assurance, and other relevant departments.
Review Criteria: Clearly define review criteria and objectives for each review milestone. These criteria should be based on project requirements, quality standards, and customer expectations.
Documented Information: Ensure that all relevant documentation, including design specifications, plans, test results, and change records, is readily available for review.
Review Meetings: Conduct formal review meetings or sessions where the review teams assess the design and development work against the established criteria. These meetings should be well-documented and include participation from key stakeholders.
Identify Deviations: If deviations from requirements or objectives are identified during the review, ensure that they are documented and classified based on their severity and potential impact. Minor deviations may require corrective actions, while major issues may necessitate a reevaluation of the design or development approach.
Corrective Actions: Implement corrective actions to address identified deviations or issues promptly. Document these actions, assign responsibilities, and establish timelines for resolution.
Traceability: Ensure that there is traceability between the identified issues, corrective actions, and the design and development documentation. This traceability helps verify that corrective actions were effective and that the design aligns with requirements.
Verification and Validation: In addition to design conformity, verify and validate that the design and development results meet user needs and intended use. This may involve user acceptance testing and validation activities.
Management Review: Periodically, conduct management reviews to evaluate the overall progress of the design and development process. These reviews should include an assessment of the effectiveness of the review process itself.
Continuous Improvement: Use the insights gained from reviews to drive continuous improvement. Identify recurring issues, root causes, and trends, and take proactive measures to prevent similar issues in future projects.
Communication: Communicate the results of the reviews, including any identified issues and corrective actions, to all relevant stakeholders, both within and outside the project team.
Documentation: Maintain comprehensive documentation of all review activities, findings, decisions, and corrective actions. This documentation serves as a historical record and can be valuable for future reference and auditing.

By conducting regular reviews of the design and development process and evaluating the ability of the results to meet requirements, an organization can ensure that its projects stay on track, adhere to quality standards, and ultimately deliver products, services, or processes that meet customer needs and expectations. These reviews also provide opportunities for continuous improvement and risk mitigation throughout the project life-cycle.

5) Verification activities are conducted to ensure that the design and development outputs meet the input requirements;

Verification is a crucial step in the design and development process within a Quality Management System (QMS). It involves checking and confirming that the design and development outputs meet the input requirements and specified criteria. Verification is typically focused on ensuring that the design conforms to the established requirements and standards. Here’s how an organization can conduct verification effectively:

Define Verification Criteria: Start by clearly defining the verification criteria based on the design and development inputs. These criteria should specify what needs to be checked, measured, or tested to confirm that the design outputs meet the requirements.
Document Verification Activities: Document the specific verification activities that will be performed. These activities may include inspections, reviews, tests, simulations, or any other method that can be used to confirm compliance with requirements.
Traceability: Establish traceability between the design and development inputs and the verification activities. This traceability ensures that each requirement or input is addressed during the verification process.
Verification Plan: Develop a verification plan that outlines the scope, objectives, methods, responsibilities, and schedule for verification activities. This plan should be part of the overall design and development plan.
Execute Verification Activities: Conduct the verification activities according to the established plan. This may involve reviewing design documentation, conducting physical inspections, performing laboratory tests, or running simulations, depending on the nature of the project.
Documentation: Maintain comprehensive records of all verification activities, including the results obtained, any non-conformities identified, and the corrective actions taken.
Review and Analysis: Review the verification results to ensure that they meet the defined criteria and that the design outputs align with the input requirements. Analyze any discrepancies or non-conformities to determine their root causes.
Corrective Actions: If non-conformities or discrepancies are identified during verification, take corrective actions to address them. Document these actions, assign responsibilities, and establish timelines for resolution.
Verification of Changes: Whenever changes are made to the design and development, verify that these changes do not negatively impact the design’s ability to meet the input requirements. This includes reviewing and verifying revised design documents.
Verification Reports: Prepare verification reports summarizing the activities, results, and any follow-up actions taken. These reports serve as documented evidence of compliance with the input requirements.
Communication: Communicate the results of verification to relevant stakeholders, including the project team, management, and quality assurance personnel.
Traceability and Compliance: Ensure that there is traceability between the verified design outputs and the design and development inputs, demonstrating compliance with requirements.
Continuous Improvement: Use insights gained from verification activities to identify opportunities for process improvement, risk mitigation, and enhancing the quality of future design and development projects.

Verification is a systematic and methodical process that helps ensure that the design and development outputs are consistent with the input requirements. It plays a critical role in preventing errors and defects early in the development process, ultimately leading to higher-quality products, services, or processes. Verification also provides documented evidence of compliance, which is important for auditing and regulatory purposes within a QMS.

6) Validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use;

Validation activities are essential to ensure that the resulting products and services meet the specific requirements for their intended application or use. Validation goes beyond verifying that the design conforms to specifications (which is the role of verification) and focuses on confirming that the product or service is fit for its intended purpose. Here’s how an organization can conduct validation activities effectively:

Clearly Define Intended Use: Start by precisely defining the intended use or application of the product or service. This should include a detailed understanding of how it will be used by customers or end-users.
Document Validation Criteria: Document the criteria and performance indicators that will be used to determine whether the product or service meets its intended use. These criteria should be based on user needs, customer requirements, and any relevant standards or regulations.
Validation Planning: Develop a validation plan that outlines the scope, objectives, methods, responsibilities, and schedule for validation activities. This plan should be integrated into the overall project plan and design and development process.
Validation Testing: Conduct validation testing or assessments that simulate or replicate real-world conditions and scenarios. This testing should closely mimic the actual conditions in which the product or service will be used.
User Involvement: Involve end-users or representatives of the target audience in the validation process. Their feedback and insights are invaluable for confirming that the product or service meets their needs and expectations.
Data Collection and Analysis: Collect data during validation testing and analyze it against the predefined validation criteria. Ensure that the product or service consistently performs within acceptable limits.
Documentation: Maintain comprehensive records of all validation activities, including test protocols, test results, observations, and any deviations from the criteria.
Review and Analysis: Review the validation results to determine whether the product or service meets the requirements for the specified application or intended use. Analyze any discrepancies or issues to identify root causes.
Corrective Actions: If any non-conformities or issues are identified during validation, take corrective actions to address them. Document these actions, assign responsibilities, and establish timelines for resolution.
Validation Reports: Prepare validation reports summarizing the activities, results, and any follow-up actions taken. These reports serve as documented evidence of the product or service’s fitness for its intended use.
Communication: Communicate the results of validation to relevant stakeholders, including the project team, management, and quality assurance personnel. Ensure that all parties understand the implications of the validation findings.
Regulatory Compliance: Ensure that the validation activities align with any regulatory requirements or industry standards that apply to the product or service.
Continuous Improvement: Use insights gained from validation activities to identify opportunities for enhancing product or service quality, refining design elements, and improving the overall development process.

Validation is a critical step in ensuring that products and services are not only designed correctly but also perform effectively and safely in real-world situations. It provides assurance that the organization’s offerings meet the needs and expectations of customers and end-users and are suitable for their intended applications. Additionally, validation is essential for regulatory compliance in many industries, such as healthcare and aerospace.

7) Any necessary actions are taken on problems determined during the reviews, or verification and validation activities

Taking necessary actions on problems or issues identified during reviews, verification, and validation activities is a vital aspect of quality management within an organization. These actions are essential to address and rectify any identified discrepancies, non-conformities, or areas of improvement. Here’s how an organization can effectively respond to problems determined during these activities:

Problem Identification and Documentation: Ensure that problems, discrepancies, or non-conformities are clearly identified and documented during reviews, verification, and validation activities. This documentation should include details about the issue, its location, and its potential impact.
Immediate Mitigation: If the problem presents an immediate risk or safety concern, take immediate actions to mitigate the risk and protect stakeholders or users. This may involve halting certain activities or initiating temporary measures.
Root Cause Analysis: Conduct a thorough root cause analysis to determine the underlying reasons for the identified problems. Identify whether the issues are isolated or indicative of systemic problems in processes or procedures.
Corrective Actions:Develop and implement corrective actions to address the root causes of the identified problems. Corrective actions should aim to prevent the recurrence of the issue and ensure that similar problems do not occur in the future.
Responsibility Assignment:Assign responsibilities for implementing corrective actions to specific individuals or teams within the organization. Ensure clear ownership and accountability for resolving the problem.
Timelines and Deadlines:Establish timelines and deadlines for completing corrective actions. Setting specific timeframes ensures that actions are taken promptly and effectively.
Validation of Corrective Actions: Verify that the corrective actions are effective in resolving the identified problems. This may involve retesting, re-validation, or review of the changes made to address the issues.
Preventive Actions: Consider implementing preventive actions to avoid similar problems in the future. These actions are proactive measures designed to identify and eliminate potential issues before they occur.
Communication: Communicate the problem, the corrective actions taken, and their results to all relevant stakeholders. Transparency in communication is crucial for maintaining trust and ensuring that everyone is aware of the actions being taken.
Documentation: Maintain detailed documentation of the entire problem-solving process, including the identification of issues, root cause analysis, corrective actions, and validation of effectiveness. This documentation is valuable for auditing and compliance purposes.
Continuous Improvement: Use the lessons learned from addressing problems to drive continuous improvement in processes, procedures, and the overall quality management system. Encourage a culture of learning and adaptation.
Management Review: Periodically review the organization’s responses to problems during management review meetings to ensure that corrective and preventive actions are effective and aligned with strategic goals.
Training and Skill Development: If problems are related to employee skills or knowledge gaps, provide training and skill development opportunities to prevent similar issues in the future.

Taking necessary actions on identified problems is not only a requirement for maintaining a robust quality management system but also a crucial element in ensuring product or service quality, customer satisfaction, and the organization’s overall success. It demonstrates the organization’s commitment to continuous improvement and its ability to respond effectively to challenges.

8) documented information of these activities is retained.

These documents and records are essential for managing the design and development process effectively. Here are some of the key documents and records associated with Clause 8.3.4:

Documents:

Design and Development Plan: This document outlines the overall strategy, objectives, scope, and schedule for the design and development process. It provides a roadmap for the entire project.
Design Inputs: These documents specify the requirements, constraints, and criteria that the design must adhere to. They include customer requirements, regulatory requirements, and internal specifications.
Design Outputs: These documents detail the results of the design process, including drawings, specifications, prototypes, and any other relevant design documentation.
Design Reviews: Records of formal design review meetings, including meeting minutes, action items, and decisions made during the review process.
Design Verification Records: Documentation of activities and results related to design verification, such as test reports, test data, and inspection records.
Design Validation Records: Documentation of activities and results related to design validation, which may include user acceptance test reports, validation protocols, and test data.
Design Changes: Records of any changes made to the design and development, including change requests, change orders, and associated documentation.
Design History File (DHF): A comprehensive file that contains all the documentation and records related to the design and development process. It serves as a complete record of the design history.

Records:

Records of Design and Development Activities: These records demonstrate that the design and development process was carried out in accordance with the plan and that all relevant activities were completed.
Records of Design and Development Reviews: Documentation of the outcomes of design and development reviews, including findings, decisions, and action items.
Records of Design and Development Verification: Evidence that design verification activities were conducted and that the results met the defined criteria.
Records of Design and Development Validation: Evidence that design validation activities were conducted, including user acceptance testing and validation results.
Records of Design Changes: Documentation of any changes to the design, including reasons for the changes, approvals, and the impact on the project.
Records of Training and Competence: Records demonstrating that personnel involved in the design and development process are appropriately trained and competent to perform their roles.
Records of Configuration Management: Documentation of changes made to design documents and the management of different versions and revisions.
Records of Customer and Stakeholder Communication: Records of communication with customers, stakeholders, and relevant external parties regarding design and development activities.
Records of Corrective and Preventive Actions: Documentation of any corrective and preventive actions taken in response to problems, non-conformities, or issues identified during the design and development process.

These documents and records serve as evidence of compliance with ISO 9001:2015 Clause 8.3.4 and demonstrate that the organization has effectively controlled its design and development processes to meet customer requirements and deliver high-quality products, services, or processes. Proper documentation and record-keeping are also essential for audits and assessments of the quality management system.

9) Design and development reviews, verification and validation have distinct purposes.

design and development reviews, verification, and validation are distinct activities within the design and development process, each serving specific purposes in ensuring the quality and suitability of the final product, service, or process. Here’s an overview of their distinct purposes:

Design and Development Reviews:
- Purpose: Design and development reviews are conducted to evaluate the progress, completeness, and compliance of the design and development process with established plans, requirements, and objectives.
- Focus: These reviews assess the overall progress and direction of the project, ensuring that it is on track and aligned with customer requirements and organizational goals.
- Key Elements: Design and development reviews typically involve the examination of design documentation, project milestones, and compliance with design standards and guidelines.
- Outcome: The outcome of these reviews is a clear understanding of the project’s status and any potential issues or deviations that need to be addressed. Decisions may be made to adjust the project’s course, allocate additional resources, or make changes based on the findings.
Verification:
- Purpose: Verification activities aim to confirm that the design outputs (e.g., specifications, plans, prototypes) meet the specified design inputs and requirements. Verification ensures that the product or service is being built correctly.
- Focus: Verification focuses on examining the design and development artifacts to ensure they are consistent with the established requirements and standards. It verifies that the design has been executed accurately.
- Key Elements: Verification may involve inspections, reviews, tests, and checks to ensure that the design documentation and intermediate outputs conform to the predefined criteria.
- Outcome: The outcome of verification is evidence that the design outputs align with the design inputs. It provides assurance that the design is on track and meets the specified criteria, reducing the risk of errors or deviations.
Validation:
- Purpose: Validation activities are performed to ensure that the final product, service, or process meets the actual needs of users and is fit for its intended use or application.
- Focus: Validation goes beyond verifying the correctness of the design; it assesses whether the product or service fulfills its intended purpose in real-world conditions. It confirms that the design outputs are effective in practice.
- Key Elements: Validation typically involves testing in realistic scenarios or with actual users to assess performance, usability, functionality, and overall satisfaction.
- Outcome: The outcome of validation is confirmation that the product or service is suitable for its intended use. It helps ensure that the design has successfully translated into a solution that meets user needs and expectations.

Here are examples of design and development reviews, verification, and validation activities in various industries and contexts:

Design and Development Reviews:

Software Development:
- Example: Code Review
- Description: A team of developers conducts a code review to assess the quality, correctness, and adherence to coding standards of a software module or program.
Automotive Engineering:
- Example: Design Review for a New Vehicle Model
- Description: Engineers and stakeholders review the design of a new vehicle model to ensure that it meets safety standards, performance criteria, and market demands.
Product Design:
- Example: Industrial Design Review
- Description: A design team reviews the aesthetics, ergonomics, and user-friendliness of a product to ensure it aligns with the intended market and user preferences.

Verification:

Manufacturing:
- Example: Inspection of Machined Parts
- Description: Quality inspectors use measuring instruments and visual inspections to verify that machined parts meet specified dimensions and tolerances.
Construction:
- Example: Structural Integrity Verification
- Description: Structural engineers conduct tests and inspections to verify that a building’s construction meets design specifications and safety standards.
Pharmaceuticals:
- Example: Laboratory Testing
- Description: Pharmaceutical companies perform laboratory tests to verify that drug formulations meet potency, purity, and stability requirements.

Validation:

Medical Device Manufacturing:
- Example: Usability Testing for a New Medical Device
- Description: Real healthcare professionals or simulated users perform usability testing on a medical device to validate that it can be used effectively and safely in clinical settings.
Software Development:
- Example: User Acceptance Testing (UAT)
- Description: End-users or client representatives conduct UAT to validate that a software application meets their specific needs and performs as expected in their operational environment.
Aerospace Engineering:
- Example: Flight Testing for an Aircraft
- Description: Aircraft manufacturers conduct flight tests to validate the performance, safety, and reliability of a new aircraft design under real flight conditions.
Food Industry:
- Example: Taste Testing for a New Food Product
- Description: Sensory experts or consumers participate in taste tests to validate that a new food product meets taste, texture, and flavor expectations.
Automotive Manufacturing:
- Example: Crash Testing
- Description: Automotive manufacturers perform crash tests to validate the safety and structural integrity of vehicles in collision scenarios, ensuring they meet regulatory standards.

These examples illustrate how design and development reviews, verification, and validation activities are applied across various industries to ensure that products, services, or processes meet requirements, safety standards, and user needs. The specific methods and criteria used may vary depending on the industry and the nature of the project. In summary, design and development reviews, verification, and validation are distinct but complementary activities within the design and development process. Reviews provide a high-level assessment of project progress and alignment with requirements. Verification confirms that the design outputs align with design inputs and meet specified criteria. Validation ensures that the final product or service is effective, usable, and suitable for its intended purpose. Together, these activities help organizations achieve their design and development goals while delivering high-quality and customer-centric solutions.

10) Design and development reviews, verification and validation can be conducted separately or in any combination, as is suitable for the products and services of the organization.

ISO 9001:2015 acknowledges that design and development reviews, verification, and validation can be conducted separately or in any combination that is suitable for the products and services of the organization. The standard recognizes that the specific approach to design and development controls may vary depending on the nature of the project, the complexity of the product or service, and the organization’s processes and needs.This flexibility allows organizations to tailor their design and development processes to best suit their unique circumstances. Here’s how organizations can choose to apply these activities:

Separately: Some organizations may choose to conduct design and development reviews, verification, and validation as distinct, sequential steps in the project lifecycle. For example, they might conduct design reviews first to ensure that the design aligns with requirements, followed by verification to confirm accuracy, and finally validation to ensure the product meets user needs.
In Combination: Others may choose to integrate these activities or conduct them concurrently. For instance, they might conduct design reviews while simultaneously performing verification and validation activities. This can streamline the development process and help identify issues earlier in the project.
Tailored Approach: Organizations can tailor their approach based on the specific requirements and risks associated with the product or service. For high-risk or complex projects, a more comprehensive and integrated approach might be appropriate, while simpler projects may benefit from a more streamlined process.
Iterative Process: In iterative development methodologies like Agile or Scrum, design and development reviews, verification, and validation activities are conducted continuously throughout the development cycle. This iterative approach allows for frequent feedback and adjustments, which is particularly beneficial for software development.

The key is to ensure that, regardless of the approach chosen, the organization maintains clear documentation, traceability, and records of these activities to demonstrate compliance with ISO 9001:2015 requirements. Additionally, the organization should have a risk-based approach that aligns with its quality objectives and customer expectations.Ultimately, the organization’s choice of how to conduct design and development controls should be driven by its specific context, the nature of the products or services, and the need to meet quality standards and customer requirements effectively.

ISO 14001:2015 Requirements

Explanation:

1) Once the Compliance obligation has been determined, the organization should establish, implement and maintain the processes needed to evaluate fulfillment of its compliance obligations.

2) The organization should determine the frequency from evaluation of compliance, action taken from evaluation of compliance, and maintain knowledge and understanding of its compliance status.

3) The organization should retain documented information as evidence of the compliance evaluation results.

ISO 14001:2015 Requirements

The organization shall ensure that persons doing work under the organization’s control are aware of the environmental policy;

The organization shall ensure that persons doing work under the organization’s control are aware of the significant environmental aspects and related actual or potential environmental impacts associated with their work;

The organization shall ensure that persons doing work under the organization’s control are aware of their contribution to the effectiveness of the environmental management system, including the benefits of enhanced environmental performance;

The organization shall ensure that persons doing work under the organization’s control are aware of the implications of not conforming with the environmental management system requirements, including not fulfilling the organization’s compliance obligations.

Documented Information required

ISO 9001:2015 Requirements

1) The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.

Documented Information Required

ISO 9001:2015 Requirements

The organization shall meet requirements for post-delivery activities associated with the products and services.

2) In determining the extent of post-delivery activities that are required, the organization shall consider statutory and regulatory requirements;

3) In determining the extent of post-delivery activities that are required, the organization shall consider the potential undesired consequences associated with its products and services

4) In determining the extent of post-delivery activities that are required, the organization shall consider the nature, use and intended lifetime of its products and services

5) In determining the extent of post-delivery activities that are required, the organization shall consider the customer requirements and customer feedback.

6) Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

Documented Information Required

ISO 9001:2015 Requirements

1) The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control or being used by the organization.

2) The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services.

3) When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider

5) A customer’s or external provider’s property can include material, components, tools and equipment, premises, intellectual property and personal data.

ISO 9001:2015 Requirements

1) The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.

2) Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.

Documented Information Required

ISO 9001:2015 Requirements

1) The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services.

2) The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.

3) The organization shall control the unique identification of the outputs when traceability is a requirement

4) The organization must retain shall retain the documented information necessary to enable traceability.

1) The organization shall implement production and service provision under controlled conditions.

2) The availability of documented information that defines the characteristics of the products to be produced, the services to be provided, or the activitiesto be performed;

3) The organization must ensure availability of documented information that defines the results to be achieved

4) The availability and use of suitable monitoring and measuring resources

5) Implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met;

6) Monitoring and Measurement Activities.

7) The use of suitable infrastructure and environment for the operation of processes

8) The appointment of competent persons, including any required qualification

9) The validation, and periodic re-validation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement

10) The implementation of actions to prevent human error;

11) the implementation of release, delivery and post-delivery activities.

ISO 9001:2015 Requirements

1) Design and Development Changes

2) Identifying design and development changes

3) Review design and development changes

4) Control Design and development changes

5) The organization shall retain documented information on design and development changes.

6) The organization shall retain documented information on the results of reviews of Design and Development changes

7) The organization shall retain documented information on the authorization of the Design and development changes

8) The organization shall retain documented information on the actions taken to prevent adverse impacts

1) Design and Development Controls

2) The organization shall apply controls to the design and development process

3) The results to be achieved are defined;

4) Reviews are conducted to evaluate the ability of the results of design and development to meet requirements

6) Validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use;

7) Any necessary actions are taken on problems determined during the reviews, or verification and validation activities

8) documented information of these activities is retained.

9) Design and development reviews, verification and validation have distinct purposes.

10) Design and development reviews, verification and validation can be conducted separately or in any combination, as is suitable for the products and services of the organization.

Notice for AdBlock users

2) The availability of documented information that defines the characteristics of the products to be produced, the services to be provided, or the activities
to be performed;