Operation includes planning & control, determine market
needs, interaction w/customers, planning process, control of external provisions of goods/services, production of goods, provision of services, release of goods/services, non-conforming goods/services
8.1 operational planning and control
Planning of product realization Operational Planning and control The organization shall plan, implement and control those processes that it has previously identified in clause 4.4 to meet product or service requirements. This means that inputs, output, resources and control should be determined. The new control-focused requirements center on ensuring that processes are implemented as planned, including actions to address risks and opportunities. This needs to be evidenced by means of documented information.
8.2 Determination of requirements for products
and services 8.2.1 Customer communication Requires an organization to ensure that it has processes in place to allow it to communicate with its customers on matters relating to its products and services.
ISO 9001:2008 7.2.3 Customer communication Plus new
requirement to communicate in respect of handling customer property Customer feedback customer views and perceptions
8.2.2 Determination of requirements related to
the products and services ISO 9001:2008 Clause 7.2.1 ISO 9001:2015 Clause 8.2.2 The Standard requires the organization to stablish implement and maintain process to determine product and service requirements. These requirements can come from the customer, may be mandated by laws or regulations, and include generally accepted standards within industry or market. The organization must then ensure that it has the ability to meet the defined requirements.
8.2.3 Review of requirements related to the
products and services ISO 9001:2008 Clause 7.2.2 ISO 9001:2015 Clause 8.2.3 The organization is required to review requirements relating to its products and services. This review needs to consider: That requirements not only came by the customer but also may come from interested parties The requirements not stated by the customer but that are known to be necessary for the product or service to be suitable for the customers intended use.
Any changes from the original contract or discussions is
understood, The organization has the ability to meet the requirements Records are kept of this review.
8.3 Design and Development of products and
services 8.3.1 General Where the detailed requirements of the products and services are not established, by the organization, customer or interested parties, the organization shall stablish, implement and maintain a design and development process.
8.3.2 Design and Development planning
ISO 9001:2008 Clause 7.3.1 ISO 9001:2015 Clause 8.3.2 To effectively plan the design and development process, the organization must: Clearly define the stages involved in the design and development process. Identify the design and development verification and validation that is required for each stage. Describe clear responsibility and authority for the people doing this work.
See that design information flows effectively among the
various groups having a role in designing, selling, managing, manufacturing, and servicing the products. Keep design and development plans up to date.
8.3.3 Design and Development inputs
Determine the product requirements, including: what it does and how well it must perform, legal and regulatory requirements, internal and external resources needs, Potential consequences of design and development failure, The customers and other interested parties expected level of control of the design and development process The organization must ensure that design and development inputs are adequate, complete and unambiguous. If there are any conflicts between design inputs, then these must be resolved.
8.3.4 Design and Development controls
The organization is required to apply controls to its design and development process in order to ensure that: The results from undertaking the design and development process are clearly defined; Design and development reviews take place in accordance with planned arrangements; The design and development outputs meet the design and development inputs (verification); The resulting products and services are fit for their intended use or specified application where this is known to the organization (validation).
8.3.5 Design and Development output
The output of design and development must include sufficient information to verify that design output meets design input requirements.
8.3.6 Design and Development changes
ISO 9001:2008 Clause 7.3.7 ISO 9001:2015 Clause 8.3.6 Identify, document, review, and approve all design changes before carrying them out. Evaluate the impact of the changes on the present design of the product or the service. Keep records of the review.
8.4 Control of externally provided products and
services 8.4.1 General The organization must ensure that externally provided processes, products or services meet the organizations specified requirements. The organization must employ controls to enable it to verify that externally provided processes, products or services meet these requirements. These controls must be put into effect when the organization is seeking to obtain: products and services from the external providers for incorporation into the organizations own products and services; products and services to be provided directly to the customer by the external provider on the organizations behalf; Outsourced processes or parts of processes from an external provider. The organization must establish criteria for how they evaluate and choose external providers. These criteria must be based on the external providers ability to provide products and services that meet product and service quality requirements. Finally, records must be kept showing how externally provided products and services were evaluated.
8.4.2 Type and extent of control of external
provision The extent of the controls depend on the importance of the externally provided processes, products and services.
8.4.3 Information for external providers
The organization is required to communicate to external providers of
processes, products and services. This information must include applicable requirements for the following: how products, services and processes are approved for external provision, required competencies for contracted personnel, Requirements for the external providers quality management system.
8.5 Production and service provision
8.5.1 Control of production and service provision Organizations are required to control the way in which they provide their products and services. These controlled conditions may include: Documented information regarding product and service specifications, written instructions for carrying out the work, suitable equipment, adequate tools for monitoring and measuring process and product characteristics, activities for monitoring and measuring process and product characteristics, criteria for product release, delivery and post-delivery servicing activities.
8.5.2
Identification and traceability
To ensure conformity product and service, the organization
must establish procedures to identify process output pertain throughout production and service provision. Individual process outputs must have unique identification, and retain any documented information necessary to maintain traceability.
8.5.3 Property belonging to customers or
external providers
Special care must be taken when a customer provides their
property for use or incorporation into the product or service. Identify, verify, and protect customer property provided and maintain records of lost, damaged or unsuitable customer property. This requirement is essentially unchanged from ISO 9001:2008 sub-clause 7.5.4. However, it has now been extended to cover not just customer property, but also property belonging to the external providers that has been provided to the organization for use or incorporation into the products and services.
8.5.4 Preservation
The organization is required to take appropriate measures
during production and service provision to safeguard process outputs, in order to maintain their conformity to requirements. Preservation include identification, handling, storage, packaging, protection, and delivery of products or service provision throughout all processes.
8.5.5 Post-delivery activities
The organization shall determine the nature and extent of any
post-delivery activities it needs to undertake. When making this decision, the organization must consider the risks associated with the particular product or service, the nature of the product or service, how the product or service will be used and what the product or services intended lifetime is.
8.5.6 Control of changes
The organization is required to control any unplanned changes that are considered essential in order to ensure that products or services continue to meet their specified requirements. The organization must retain documented information describing the results of the review of the changes, the person(s) authorizing the changes and any necessary actions.
8.6 Release of products and services
The organization must verify that products and services
requirements have been met. Evidence that the product or service meets the acceptance criteria needs to be retained. The release of product and delivery of service to the customer shall not proceed until the planned tests and checks have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer. Documented information that allows the individual authorizing any early releases to be identified must be retained.
8.7 Control of nonconforming process outputs,
products and services The organization is required to identify any process outputs, products or services that do not conform to their intended requirements. Controls need to be established and implemented to ensure that these nonconforming process outputs, products or services are not delivered to the customer or used unintentionally. Where nonconforming process outputs, products or services are identified, the organization is required to take action to correct the fault. This corrective action must be proportionate, reflecting both the nature of the nonconformity and its ability to impact the organizations intended product or service. This requirement also applies to nonconforming products or services that are identified after delivery to the customer.