Product realization Operation

Operation includes planning & control, determine market

needs, interaction w/customers, planning process, control of
external provisions of goods/services, production of goods,
provision of services, release of goods/services, non-conforming
goods/services

8.1 operational planning and control

Planning of product realization Operational Planning and control
The organization shall plan, implement and control those
processes that it has previously identified in clause 4.4 to meet
product or service requirements.
This means that inputs, output, resources and control should be
determined.
The new control-focused requirements center on ensuring that
processes are implemented as planned, including actions to
address risks and opportunities. This needs to be evidenced by
means of documented information.

8.2 Determination of requirements for products

and services
8.2.1 Customer communication
Requires an organization to ensure that it has processes in place
to allow it to communicate with its customers on matters relating
to its products and services.

ISO 9001:2008 7.2.3 Customer communication Plus new

requirement to communicate in respect of handling customer
property
Customer feedback customer views and perceptions

8.2.2 Determination of requirements related to

the products and services
ISO 9001:2008 Clause 7.2.1 ISO 9001:2015 Clause
8.2.2
The Standard requires the organization to stablish implement and
maintain process to determine product and service requirements.
These requirements can come from the customer, may be mandated
by laws or regulations, and include generally accepted standards
within industry or market.
The organization must then ensure that it has the ability to meet the
defined requirements.

8.2.3 Review of requirements related to the

products and services
ISO 9001:2008 Clause 7.2.2 ISO 9001:2015 Clause
8.2.3
The organization is required to review requirements relating to its
products and services. This review needs to consider:
That requirements not only came by the customer but also may
come from interested parties
The requirements not stated by the customer but that are known
to be necessary for the product or service to be suitable for the
customers intended use.

 Any changes from the original contract or discussions is

understood,
The organization has the ability to meet the requirements
Records are kept of this review.

8.3 Design and Development of products and

services
8.3.1 General
Where the detailed requirements of the products and services are
not established, by the organization, customer or interested
parties, the organization shall stablish, implement and maintain a
design and development process.

8.3.2 Design and Development planning

ISO 9001:2008 Clause 7.3.1 ISO 9001:2015 Clause
8.3.2
To effectively plan the design and development process, the
organization must:
Clearly define the stages involved in the design and
development process.
Identify the design and development verification and
validation that is required for each stage.
Describe clear responsibility and authority for the people
doing this work.

 See that design information flows effectively among the

various groups having a role in designing, selling, managing,
manufacturing, and servicing the products.
Keep design and development plans up to date.

8.3.3 Design and Development inputs

Determine the product requirements, including:
what it does and how well it must perform,
legal and regulatory requirements,
internal and external resources needs,
Potential consequences of design and development failure,
The customers and other interested parties expected level
of control of the design and development process
The organization must ensure that design and development inputs are adequate,
complete and unambiguous. If there are any conflicts between design inputs, then
these must be resolved.

8.3.4 Design and Development controls

The organization is required to apply controls to its design and
development process in order to ensure that:
The results from undertaking the design and development
process are clearly defined;
Design and development reviews take place in accordance
with planned arrangements;
The design and development outputs meet the design and
development inputs (verification);
The resulting products and services are fit for their intended
use or specified application where this is known to the organization
(validation).

8.3.5 Design and Development output

The output of design and development must include sufficient
information to verify that design output meets design input
requirements.

8.3.6 Design and Development changes

ISO 9001:2008 Clause 7.3.7 ISO 9001:2015 Clause
8.3.6
Identify, document, review, and approve all design changes
before carrying them out.
Evaluate the impact of the changes on the present design of
the product or the service.
Keep records of the review.

8.4 Control of externally provided products and

services
8.4.1 General
The organization must ensure that externally provided processes,
products or services meet the organizations specified
requirements.
The organization must employ controls to enable it to verify that
externally provided processes, products or services meet these
requirements.
These controls must be put into effect when the organization is
seeking to obtain:
products and services from the external providers for
incorporation into the organizations own products and
services;
products and services to be provided directly to the
customer by the external provider on the organizations
behalf;
Outsourced processes or parts of processes from an external
provider.
The organization must establish criteria for how they evaluate and
choose external providers. These criteria must be based on the
external providers ability to provide products and services that
meet product and service quality requirements.
Finally, records must be kept showing how externally provided
products and services were evaluated.

8.4.2 Type and extent of control of external

provision
The extent of the controls depend on the importance of the
externally provided processes, products and services.

8.4.3 Information for external providers

The organization is required to communicate to external providers of

processes, products and services.
This information must include applicable requirements for the
following:
how products, services and processes are approved for
external provision,
required competencies for contracted personnel,
Requirements for the external providers quality management
system.

8.5 Production and service provision

8.5.1 Control of production and service
provision
Organizations are required to control the way in which they provide
their products and services. These controlled conditions may
include:
Documented information regarding product and service
specifications,
written instructions for carrying out the work,
suitable equipment,
adequate tools for monitoring and measuring process and
product characteristics,
activities for monitoring and measuring process and product
characteristics,
criteria for product release,
delivery and post-delivery servicing activities.

8.5.2

Identification and traceability

 To ensure conformity product and service, the organization

must establish procedures to identify process output pertain
throughout production and service provision.
Individual process outputs must have unique identification, and
retain any documented information necessary to maintain
traceability.

8.5.3 Property belonging to customers or

external providers

Special care must be taken when a customer provides their

property for use or incorporation into the product or service.
Identify, verify, and protect customer property provided and
maintain records of lost, damaged or unsuitable customer
property.
This requirement is essentially unchanged from ISO 9001:2008
sub-clause 7.5.4. However, it has now been extended to cover not
just customer property, but also property belonging to the
external providers that has been provided to the organization for
use or incorporation into the products and services.

8.5.4 Preservation

The organization is required to take appropriate measures

during production and service provision to safeguard process
outputs, in order to maintain their conformity to requirements.
Preservation include identification, handling, storage,
packaging, protection, and delivery of products or service
provision throughout all processes.

8.5.5 Post-delivery activities

The organization shall determine the nature and extent of any

post-delivery activities it needs to undertake.
When making this decision, the organization must consider the
risks associated with the particular product or service, the
nature of the product or service, how the product or service will
be used and what the product or services intended lifetime is.

8.5.6 Control of changes

The organization is required to control any unplanned changes
that are considered essential in order to ensure that products
or services continue to meet their specified requirements.
The organization must retain documented information
describing the results of the review of the changes, the
person(s) authorizing the changes and any necessary actions.

8.6 Release of products and services

The organization must verify that products and services

requirements have been met.
Evidence that the product or service meets the acceptance
criteria needs to be retained.
The release of product and delivery of service to the customer
shall not proceed until the planned tests and checks have been
satisfactorily completed, unless otherwise approved by a
relevant authority and, where applicable, by the customer.
Documented information that allows the individual authorizing
any early releases to be identified must be retained.

8.7 Control of nonconforming process outputs,

products and services
The organization is required to identify any process outputs,
products or services that do not conform to their intended
requirements.
Controls need to be established and implemented to ensure that
these nonconforming process outputs, products or services are
not delivered to the customer or used unintentionally.
Where nonconforming process outputs, products or services are
identified, the organization is required to take action to correct
the fault.
This corrective action must be proportionate, reflecting both the
nature of the nonconformity and its ability to impact the
organizations intended product or service. This requirement also
applies to nonconforming products or services that are identified
after delivery to the customer.