[fibosearch]
[fibosearch]

ISO 9001 Clause 8 Shining a Light on Key Processes

ISO 9001 Clause 8

The scope of this blog is to go into great detail about ISO 9001 clause 8. Now given that ISO 9001 clause 8 talks about the key processes of your organization, this blog will cover the sales, purchasing, operations and design processes of your organization.

In this blog, an overview will be given about each one of these key processes, so take it as an introduction to this vast subject.

ISO 9001 Clause 8 is called Operations and it contains a lot, and I mean a lot of sub-clauses. Here’s a breakdown of all these clauses.

  • ISO 9001 Clause 8.1 | Operational Planning and Control
  • ISO 9001 Clause 8.2 | Requirements for Products and Services
  • ISO 9001 Clause 8.3 | Design and Development of Products and Services
  • ISO 9001 Clause 8.4 |Control of Externally Provided Processes, Products and Services
  • ISO 9001 Clause 8.5 | Production and Service Provision
  • ISO 9001 Clause 8.6 | Release of Products and Services
  • ISO 9001 Clause 8.7 | Control of Non-Conforming Outputs

ISO 9001 Clause 8.1 | Operational Planning and Control

The opening clause, ISO 9001 clause 8.1 states that the organization shall plan, implement and control processes. We’ve already seen this in clause 4 .4. the organization is required to meet the requirements for the provision of products and services and to implement the actions determined in clause 6. May I remind you that in clause 6 we talked about the risks and opportunities, the quality objectives and the planning of changes.

So for these processes the standard is asking us to determine the requirements for the products and services, establishing the criteria for processes and acceptance of products and services, determining the resources that are needed, implementing control of processes, determining and maintaining and reading documented information as necessary.

The standard goes on to say that the output of this planning shall be suitable for the organization’s operations. The organization shall control planned changes and review the consequences of unintended changes taking action to mitigate any adverse effects as necessary. This has already been mentioned in clause 6 .3. The organization shall ensure that outsourcing processes are controlled. This is covered further in ISO 9001 clause 8 .4.

This clause is regarded as generic and as such, provides little to no information. So effectively there is nothing that we need to do to meet the requirements of clause 8 .1 because it’s effectively a summary of what has been mentioned in different clauses within the standard.

ISO 9001 Clause 8.2 | Requirements for Products and Services

ISO 9001 clause 8 .2 talks about the requirements for products and services. When talking about requirements for products and services we are talking about customer requirements for products and services. So here what you have to keep in mind is that you need to use this information when you are mapping out the processes for the sales activities within your organization.

So the standard in ISO 9001 clause 8 .2 indirectly talks about communication with the customers, okay? And it really starts to get interesting when we see that providing information relating to products and services, how are we communicating information relating to our products and services?

Do we have a price list? Do we have a website? Do we have information? Or do customers contact us and we provide them with the information? Handling inquiries, contracts or orders, including changes. How do we affect the sale? These are all questions that an organization must have answers to. This clause tackles such issues.

And how do we handle changes? If the person adding items to a cart needs to buy three products, not two. And if the person in the software company needs to change, for example, the requirements of the software, how will that process happen?

Clause 8.2 talks about determining the requirements for products and services. So when determining the requirements for products and services to be referred to customers, the organization shall ensure that the requirements for the product and services are defined including any applicable statutory and regulatory requirements and those needs that are considered necessary by the organization.

So, What this means is that if for example as a company we are creating aluminium for windows, there are certain regulations that we have to follow when it comes to creating the material. For example, we need to communicate with the client to check if they want a single or double-glazed glazed or maybe even triple-glazed window. And what color and thickness?

Here the standard is giving us hints of what type of questions to ask having said that I’m sure that you are capable of Asking the right questions when it comes to understanding what the customer needs to know before you actually give them a quote. Here the standard is mentioning the review of the requirements for products and services So before we accept an order from a client we have to make sure that we are able to meet the requirements of the clients.

Again, in some cases this is very simple, in the case of the supermarket, if the carton of milk is on the shelf then it’s available. If we are a software company and we are engaged in the development of complex systems then we have to make sure that whatever language or technology for example the client is asking us for we are able to do we have the required competence.

If the client is asking for a tight deadline then we have to make sure that we have the right resources and availability of employees before accepting. So it is this consideration that we have to do before accepting a job.

And changes to requirements for products and services is a very critical element and the standard says that the organization shall ensure that relevant documented information is amended and that relevant persons are made aware of the changes requirements when the requirements for products and services are changed.

So let’s say that we are developing a lift, for example, a passenger lift within a building, and all of a sudden for example the property at the topmost level of the block of apartments wants the lift to open within that apartment and so they want to make a change in the sense that they want the lift to open with a key or with a passcode.

Invariably, first, we need to communicate with the client with an updated quote and we have to have documented information, we have to have this copy of an updated quote and then moving on we have to make sure that somehow the people who are working on site, the technicians who are installing the lift, get this updated information that now there has to be a key or a passcode to access the topmost floor.

ISO 9001 Clause 8.3 | Design and Development of Products and Services

Okay, so this standard is kind of spoon feeding us on what type of communication we should consider when we are mapping out the sales process. The design and development processes are very detailed and it is beyond the scope of this specific video for me to read each and every line within this element.

However, what I can tell you is that when it comes to design, okay, if your organization takes vague customer requirements and converts them into more detailed customer requirements, for example, if the client tells you that they want a software that does this, this and that, and then it’s your job to create a fully defined specification document, then you are doing design.

Okay, and if you are doing design first of all you have to consider planning Okay, we have to plan the design and development activities Which I can tell you right away that there is not much that we need to do when it comes to planning But we have to consider the design and development inputs So I have to consider the functional and performance requirements of what we want to achieve We can consider information that we have from previous similar projects and legal requirements the standards or guidelines that are relevant to our specific product that we are creating and the potential Consequences of failure of the product.

Okay, so these inputs are required for us to make sure that we are considering all elements in the design input that will feed the ultimate final product that we are creating for our customers. When it comes to controls, it is ideal to have some type of controls that will help us make sure that we are creating a product that meets the needs of our clients.

Finally, the design outputs. Design outputs relate to what is the output, the final product that we are developing to our clients. Does it meet the requirements stated by our clients? Is there an adequate for the subsequent processes for the provision of products and services?

Okay. Is there any monitoring and measuring equipment that is required? So here we are considering how can we make sure that the outputs that we have created meets the requirements of the input. And just like we talked about the sales process, it’s important to note that if there are any changes, these changes are adequately documented and that the inputs and outputs and controls of the design process have been adequately checked and the authorizations that are needed have been done.

ISO 9001 Clause 8.4 |Control of Externally Provided Processes, Products and Services

Clause 8 .4 talks about the control of suppliers. May I remind you that externally provided products and processes products and services simply relates to suppliers. And first we have a general introduction where the organization shall ensure that externally provided processes products and services conform to requirements.

Okay and we shall determine the controls to be applied to such suppliers. And depending on the nature of the industry that you are in you might want to do audits to your suppliers. You might want to do an evaluation to suppliers.

You might want to ask your suppliers to fill in a questionnaire before you approve them as one of your approved suppliers. So this changes from one organization to the next. And the standard goes on to say that the organization shall determine and apply criteria for the evaluation, selection, monitoring of performance and re -evaluation of external providers based on the ability to provide processes, products and services in accordance with requirements.

And that we shall maintain documented information of these records. So if we’re giving an evaluation to one of our suppliers we have to make sure that we keep a record of that evaluation. If we’re doing an audit to one of our suppliers we need to have a copy of the audit evidence that we are using.

Type of and extent of control relates to the quality checks that we are doing to our suppliers. Okay are we checking the quality? Okay how are we checking the quality of our suppliers? If the standard goes on to mention that the organization shall ensure that externally provided processes, products and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers.

This means that we have to check the quality of our suppliers. Of course, this greatly depends on the type of products and services or processes that you are purchasing from your suppliers. If you are importing a product and you’re going to resell it as it is, then incoming goods inspection is extremely important to make sure that the product that we have meets the requirements of what we’d like to sell to our clients.

If we are buying for example raw material, plastic granules and we are going to inject it through plastic injection molding machines, then for example we have to have the certificate of the plastic granules and we will also want to weigh the products to make sure that we receive the right quantities from our suppliers.

So this greatly depends on the nature of activities that you do as a company. If for example you are a marketing agency and you are subcontracting the videography services to a freelancer then you might want to check the quality of the video editing before it is sent to the customers and you might also want to send one of your account executives with this subcontracted freelance videographer when they are meeting the client to make sure that this freelancer is behaving in the appropriate way.

Naturally after you build a relationship with such a videographer for example you might choose to not send your account executive anymore because you now have acquired the trust in this freelancer. So the overall goal of this particular clause within this standard is that we implement some type of quality measures relating to our suppliers to make sure that they are providing our organization with processes, products and services that meet the needs of our organization which ultimately are designed to meet the needs of our clients and other interested stakeholders.

Another element relates to the information for external providers so when we are purchasing products and services from our suppliers we have an accurate way and just like when in the sales process we have gone into detail to explain what type of requirements does the client have from us we also have to make sure that we are equally clear of what we need from our suppliers and that is what the specific clause is talking about where if we need any particular competence including qualifications of people working, how the supplier would interact with the organization so all of this communication all of this information can be communicated accordingly.

START YOUR JOURNEY TODAY

Whether you’re after ISO Certification, internal audits, or results-oriented consultancy, Luke has the plan for you. Reach out to him and start your journey today.
Book Now
ISO Consultant in Malta

SEE HOW LUKE CAN HELP YOU START YOUR JOURNEY TODAY

Luke has a plan for you whether you want ISO certification, internal audits, or results-oriented consulting. Contact him immediately to begin your adventure.

Book Now

ISO 9001 Clause 8.5 | Production and Service Provision

And Clause 8 .5 talks about the operation of your organization. Okay, so any activity that you do as an organization will be included in Clause 8 .5, which once again, therefore, it’s a chunky clause.

And Clause 8 .5 .1 talks about the controlled, quality control decisions or actions that you are taking as an organization to make sure that your product meets the requirements. Identification and traceability talks about the fact that we must be able to adequately track information pertaining to a particular client.

Now, as I have explained in another video within this series, and if I may remind you that if you have not done so, please subscribe and like this video if you find this content useful because it really helps the algorithm.

to make sure that you get the information when we upload more videos. So as I mentioned in another video, for certain industries, traceability is extremely critical. For example, for the food industry, for the medical devices industry, for the pharmaceutical industry, we have to make sure that we have to have forward and backward traceability.

For other organizations, this requirement is a bit more loose. Property belonging to customers and external providers, basically what the standard is saying here is that if we are safeguarding, if we are keeping equipment or products on information, on behalf of our suppliers and our clients, we have to make sure that that information or products are adequately protected.

And preservation relates to the fact that once the product is in our hand, and as you can see, there are different stages, so preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation and protection.

We have to make sure that we are preserving the quality of the product to make sure that we do not damage the product ourselves. And post delivery activities relates to any activities that you have to do as an organization after you deliver the product.

So either in statutory and regulatory requirements that you have to comply with after you deliver your product, what are the potential undesired consequences associated with your products and services?

The nature, use and intended lifetime of your products and services. Are you, for example, offering the collection of the product to make sure that you are safeguarding the environment? Is there a legal requirement asking you to do that?

When it comes to customer requirements, we have already spoken about this earlier in clause 8 .2 and when it comes to customer feedback, we will talk about this in clause 9. As I have mentioned in other videos within this series, the standard unfortunately likes to repeat itself and that is why I’m doing these videos to show you that sometimes the standard does repeat itself and I’m giving you clear instructions on where such repetitions are taking place.

Control of changes, may I remind you that control of changes is still within clause 8 .5 which is operational control, which is the operation of your business and therefore if when we are operating, when we are running our processes, we notice any changes that have to happen, these have to happen in a planned way.

We already talked about changes in clause 6 .3 of the standard and here the standard goes over and above and tells us that the organization shall review and control changes for production or service provision to the extent necessary to ensure continuing conformity with requirements.

I think that is… pretty self -explanatory and the organization shall retain documented information describing the results of the review of changes, the persons authorizing the change and any other necessary actions arising from the review.

Okay, so as you can see, this is the third time that changes being mentioned within this particular clause. Okay, so it’s very important that changes are treated in an organized fashion because even from my experience, I noticed that for example companies involved in MND works or in construction, it’s very easy for them to give a quote before the work start.

However, once the work is ongoing, the client starts asking for changes and instead of having their conditioner there, I’d like to have it there, please. And these types of changes, which unless are adequately communicated with the client and an updated documented information such as a quote is available, it might lead to sour results further down the line.

Okay, so in most cases, for example, I would ask my clients to create a variation request in such a case where for example, the position of the conditioner will change to make sure that we have a structured way in which changes are being handled.

ISO 9001 Clause 8.6 | Release of Products and Services

And release of products and services, this is more important for other industries than for some industries because here the standard says that the organization shall implement planned arrangement at appropriate stages to verify that the product and service requirements have been met.

So as an engineer, I have to make sure that we do not leave the quality controls to the latest stage. Okay, so ideally we implement planned where the quality of the product is going to be changed. So if there is a defect, if there is a mistake in the product, it’s identified as early as possible within the value chain so that we avoid investing resources into a product that we already know that is defective.

And that is what we’re doing over here. Naturally, to beat the requirement of this particular standard, such quality control checks can be, for example, implemented within the sales, purchasing operations or design processes themselves.

So we don’t need to have a process of how we are releasing the product or we don’t need to have a process of the quality control actions that we are taking on our product as long as they are integrated within the key processes that we have as an organization.

ISO 9001 Clause 8.7 | Control of Non-Conforming Outputs

And clause 8 .7, which is the last clause within this particular clause eight, talks about control of non -conforming outputs. No matter how much we try. We will still make mistakes and we’ll still create defective products.

Having said that, first of all, and this is what the standard is asking us here, is that it states that the organization shall ensure that outputs that do not conform to the requirements are identified and controlled to prevent their unintended use or delivery.

So if we make a mistake, we have to make sure that we segregate, that we remove the product from other good items basically and the standard goes on to explain that the organization shall take appropriate action based on the nature of the non -conformity and its effects on the non -conformity of the products and services.

Okay, so we have to consider the type of defect that we have. It states that the organization shall deal with non -conforming outputs in one or more of the products that we have. We have to segregate, remove it, okay, so we can consider it later.

Informing the customer that we’ve made a mistake, maybe they accept it. Obtaining authorization for acceptance under concession. Conformity to the requirements shall be verified when non -conforming outputs are corrected.

Finally, the standard says that the organization shall retain documented information that describes the non -conformity, describes the actions taken, describes any concessions obtained, identifies the authority deciding the action in respect of the non -conformity.

And here I would suggest that you use the corrective action system that we have in clause 10 to meet the requirements of this particular clause 8 .7 .2. That is all I had for you when it comes to clause 8 of the standard.

I know that it might have been a bit of an intensive video. Having said that, I encourage you to look further into the next section. onto my website and social media profiles to have more information about this standard and about these clauses.

And if you have not done so yet, please subscribe as it will help you to be informed whenever we have new videos. And I would also appreciate it if you can hit the like button because that greatly helps the algorithms of all social media platforms.

WANT  TO LEARN MORE ABOUT THE ISO 9001 Clause 8?

As an ISO management system consultant, Luke Desira will help your company reach new heights! Read more about ISO and other content related to business process transformation here.

If you are on the hunt for information on how to get certified, have a look at this guide on how to get ISO certified with Luke Desira, and find out about the 10 pitfalls that you may encounter during the implementation process of ISO Certification.

Don’t forget to follow us on our Facebook and LinkedIn profiles, and subscribe to our Youtube Channel for more great content.

Book a Free 15 minute discovery call

Select a date and time to schedule a free 15 minute discovery call with Luke Desira.

Message Luke through an email

hello@lukedesira.com

Give Luke a call

+356 7920 6686

Related Articles

Clause 10 of ISO 9001
ISO 9001

Close Examination | Clause 10 of ISO 9001

Clause 10 of ISO 9001 is the final clause of the standard. Clause 10 of ISO 9001 talks about improvement and the purpose of this blog is to give more information about this particular clause by going through what the standard says in this clause. Here, you can either listen to the video where Luke

Read More »
ISO 9001 Clause 9 - Management Review
ISO 9001

ISO 9001 Clause 9 – Performance Evaluation

Hey there, are you interested in ISO 9001? Well, you’re in the right place. This blog covers ISO 9001 Clause 9, to be exact. This blog is in fact part of a mini-series where the ISO 9001 standard is put under the spotlight and examined really closely. If you haven’t looked at the other blogs

Read More »
ISO 9001 Clause 6.
ISO 9001

Taking a Closer Look at ISO 9001 Clause 6

By now, you may have realised that ISO is a business management process that is not so complex, right? If tackled well, It is easier than many expect. In this blog, we will be talking about ISO 9001 Clause 6. However, if you are interested in other clauses within this standard I invite you to

Read More »
Learn more about ISO 9001

download the free 7-point iso 9001 readiness checklist

Wondering how close to attaining ISO certification your business is? Download our free resources to carry out a quick 7-step self-assessment to identify your ISO readiness.

Facebook Youtube Linkedin

Pages

Services

Contact

  • Copyright © 2023 LUKE DESIRA
Scroll to Top