ISO 9001 Basics Lesson #1 – End-to-end Workflow Clause 8: Operation

The video below offers an explanation of Clause 8. Watch the video and use your pdf workbook to follow along with different action steps to help you document how your organization meets each requirement.

Below is a short summary of each of the subclauses that are discussed at length in the video.

Clause 8.1 is a general clause that talks about ‘Planning’ and ‘Control.’

There are requirements in this clause that will help you get organized.

Clause 8.2.1 explains the requirements for customer communication – you probably have a website, or phone or e-mail.

It also talks about customer property and a new twist – ‘contingency plans’ because of the increased focus on ‘risk and opportunities’ in this Standard.

Communication with customers has to include:

  1. information about products and services;
  2. handling customer orders and any changes;
  3. getting customer feedback about their experience with you,
  4. taking care of customer property;
  5. establishing specific requirements for contingency plans in cases where you need them.

In Clause 8.2.2, you’re finding out what your customer wants – all the details of the order including ‘statutory and regulatory’ requirements and any requirements that your organization thinks are necessary for the customer to get what they want.

Clause 8.2.3 asks you to review your organization’s capacity to see if you can handle the order, as opposed to saying, “Yay!, We got the order…Now let’s figure out how to deliver it!”.

This includes both delivery and post-delivery (also see 8.5.5) activities like training, installation, servicing or warranty work if it’s a product.

Clause 8.3 is the Design and Development of Products and Services

If your customer has an idea but no drawings, you will have to design it for them. This would apply to services, too. A consulting company might ‘design’ a project. It’s not common, but it could happen.

Clause 8.3.1 asks you to have a ‘design process’ in place rather than ‘just start drawing’. This is more efficient and reduces errors.

Clause 8.3.2 is Design and Development Planning.

Think of Deming’s ‘Plan-Do-Check-Act’ model. Start with a plan.

Clause 8.3.3 is Design Inputs

This follows that ‘Process Approach’ idea: Input > Process > Output

There are 5 (a…e) requirements here plus a requirement to ‘retain documented information’ about the inputs. This means ‘record the inputs’. You decide how – there’s no ‘best practice’ for design input records.

Clause 8.3.4 is Control of the Design and Development Process

The 6 (a…f) Requirements here include four records:

  1. reviews,
  2. verification activities,
  3. validation activities and
  4. corrective actions needed from the verification and validation activities

Clause 8.3.5 is the Design and Development Outputs

These are drawings, usually, and they have to meet the input requirements and they have to be ‘usable’.

This might include an inspection and test plan (ITP) for the production folks and any safety concerns for the workers or the customer.

Clause 8.3.6 is Changes

They must be managed, and risks considered.

Clause 8.4 Control of Externally Provided Process, Products and Services is usually known as ‘Purchasing’

Clause 8.4.1 General refers to any processes, products and services you purchase or acquire to fulfill your customers’ requirements. Includes selection criteria for suppliers – how do we choose them?

There’s another section later (8.5.3) that talks about things provided by your customer and external providers.

Clause 8.4.2 is Control of Externally Provided Processes, Products and Services.

There are ways to make sure that what you get is what you wanted, other than just inspecting it when it arrives or the service is delivered – see a)…d). This can also be another division of your own company.

Clause 8.4.3 covers information for external providers (‘Suppliers’)

Normally done in a ‘request for quote’ or purchase order to your suppliers. See (a…f) for details of what needs to be in there. Review suppliers and report on their performance. This includes ‘outsourcing’ products, processes or services.

Clause 8.5.1 is Control of Production and Service Delivery

This section starts with a list of things to do to make sure production of your goods or services goes well.

The Standard calls this ‘controlled conditions’ When producing a product or delivering a service:

  1. Product details or results to be achieved if it’s a service
  2. In process monitoring and testing equipment
  3. Performing the tests
  4. Having the right infrastructure and work environment
  5. Having competent people with the appropriate certification
  6. ‘Special Process’ control where testing cannot reveal issues – activities like welding, painting, powder coating, chrome plating, soldering, buffing, etc. where the problem only shows up after the product is in use
  7. Actions to prevent ‘human error’
  8. Control of releasing the product, delivering the product and any relevant ‘postdelivery’ activities like training, installation, servicing or repairs or warranty

Clause 8.5.2 covers identification and traceability.

Make sure nothing gets mixed up! Clients may have some specific requirements for part identification or data file identification.

Examples: serial numbers, heat treat numbers, data file identification and naming conventions Pharmaceuticals – lot numbers, expiration dates.

Clause 8.5.3 covers property belonging to customers or external providers

Keep track of all customer property, including intellectual property. Let them know if there are any issues with the property that they sent.

Take care of it and if it’s not suitable, let them know – document it, too.

Clause 8.5.4 covers preservation, protected parts, subassemblies during production, packaging and shipping. Same for data and intellectual property.

Keep parts, sub-assemblies and products in a way that they conform until they’re ready to pack and ship.

8.5.5 Post-delivery activities are discussed more in a later section.

Clauses 8.2.4 and 8.3.6 discuss change control.

If the order changes (8.2.4) this might cause a change in design (8.3.6).

A design change could affect purchasing (8.4).

A new part could change the production line (8.5.1) and the way it’s handled and packaged (8.5.4).

It might change the way inspections are done, too (8.5.1 c). That’s why changes need to be ‘managed.

Clause 8.6 is Release of Products and Services

You need to ensure that the order conforms to requirements before it goes, or arrangements have been made to ‘ship anyway’.

There’s also a requirement here to be able to identify who said the order was OK to ship or the service delivered was OK.

Clause 8.7 is Control of Non-conforming Products or Services

Remember the Input -> Process -> Output model?

Any time something goes wrong, it needs to be managed.

The idea, of course, is to make sure the customer never gets an off-spec product or service.

Documentation and corrective actions are required when needed.

Non-conformance: non-fulfillment of a requirement (ISO 9000:2015, 3.6.9)

Could be a customer requirement, a health and safety requirement, an environmental requirement – any requirement that you’ve committed to meeting.

Clause 8.5.5 is Post-delivery activities

Anything that you provide after delivery is normally written into the contract and decided ahead of time.

In any case, these activities must meet legal and regulatory requirements, risks need to be addressed, life cycle (if it’s a product) is important, customer requirements (of course!) and customer feedback is essential on how the whole order went together.

Click here for further discussion on Clause 8.