ISO 9001:2015 – Clause 8 – Operation
By Jim Moran, BRC Quality Consultant
In a nutshell, this section covers how we meet customer (and interested parties’) needs and expectations. You may recall from an earlier Tip that we’re back to the ISO 2008 draft language for what we now call ‘customer requirements’. Let’s see if ‘needs and expectations’ makes it to the finish line!
In the PDCA fashion, this section starts with a requirement to ‘…meet requirements and to implement the actions determined in 6.1 (Actions to address risks and opportunities)…’ where we have to make sure we can actually do the work. The 6.1 sub-clause also refers back to clauses 4.1 (Context) and 4.2 (Needs and expectations of interested parties) – do we know what they want and can we do it?
This first section (8.1) also reminds us to ‘…control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects…‘ highlighting the emphasis on Risk Management and Change Control. Welcome additions, in my view. This will save us a lot of money, not having to ‘do it over’. Poor quality has costs attached!
As we would expect, the requirements here (8.2) mimic the current requirements for ‘Customer related processes’, clauses 7.2.1, 2 and 3 from 9001:2008. No surprises here.
Operational planning processes look a lot like our 7.5 sub-clauses, but have a new requirement to ‘…implement a process to determine…actions to identify and address risks related to achieving conformity of goods and services to requirements…‘ and ‘…how the performance data will be established and communicated…‘. So we see a bit of an upgrade here in the ‘communication’ piece, but many of us are doing this already.
Purchasing is covered off here, too, and uses this new phrase, “Control of external provision of goods and services”. This may or may not change our current practice, depending on how we view purchasing now. Of course we’ll assess increased risks from outsourcing and include this in our assessment of potential suppliers. Documentation requirements around this now include two new ideas – ‘…the control and monitoring of the external provider’s performance to be applied by the organization (us)…‘ and ‘…the requirements for handling of external provider’s property provided to the organization…‘. This will make ‘supplier evaluation clearer for everyone. The second new requirement extends ‘customer property’ to suppliers. Great idea, in my view.
‘Development of goods and services’ looks and feels a lot like the current 7.3 Design and development with a couple of enhancements. First we see ‘… plan and implement processes for the development of goods and services consistent with the process approach…‘ to further emphasize this Standard’s focus on the Process Approach. There’s a bit more emphasis on internal communication in this sub-clause where we have to ‘… take account of…the need for involvement of customer groups and user groups in the development process and their 794 interface with management of the development process…‘. It may not be ‘new’ for everyone, but some smaller organizations may not have this formalized yet.
Risk management shows up here, too and it identifies 3 areas of risk and opportunities to address: 1. ‘…the nature of the goods and services to be developed and potential consequences of failure (sounds like FMEA to me!) …’ 2.’ …the level of control expected of the development process by customers and other relevant interested parties…‘ and 3 ‘…the potential impact on the organization’s ability to consistently meet customer requirements and enhance customer satisfaction…‘. It kind of rolls a few earlier design and customer requirements into the risk management mode.
A new phrase shows up here, but the intent of ‘Development transfer’ is to make sure we don’t start producing until we’ve done everything we deemed necessary for Design and we’ve managed all the changes that took place along the way. Makes sense to me and should further assure quality, if implemented.
The remaining clauses are a carbon copy of 7.5, Product realization, and include a new concept ‘…prevention of nonconformity due to human error, such as unintentional mistakes and intentional rule violations…‘. I’m not sure I like the phrase, “rule violations” but it may be a way to improve some training programs. We see Identification and traceability in here, customer property, Preservation and Post delivery activities. No surprises here.
There are, however, requirements around ‘change control’ that are currently in Design and development but have been extended to changes in general. We have to ‘…undertake change in a planned and systematic manner, taking account of the review of the potential consequences of changes (see 6.3) and taking action as necessary, to ensure the integrity of goods and services are maintained…‘. This, too, should help reduce errors and push us closer to a real understanding of ‘The Process Approach’.
This section is wrapped up with ‘Release of goods and services’ (including documented authorization) and ‘Non-conforming goods and services’. Whatever we’re doing now will likely take care of these requirements.
So there you have it – the heart of the matter. The enhancements should all work in our favour and help us keep our customers happy. Improvement is the key to success, and these requirements have the guidance to get us on that path!