ISO 9001:2015 Operations

 preteshbiswas  Uncategorized  July 28, 2018 35 Minutes

8.1 Operational Planning and Control

The Requirement
The Organization should plan, implement, and control the
processes, as outlined in 4.4, needed to meet requirements for
the provision of products and services and to implement the
actions determined in 6.1 by determining product and services
requirements; establishing criteria for the processes and for the
acceptance of products and services; determining the resources
needed to achieve conformity to product and service
requirements; implement control of the processes in
accordance with the criteria; determining, maintaining and
retain documented information to the extent necessary to have
confidence that the processes have been carried out as planned
and to demonstrate the conformity of products and services to
requirements. The output of this planning should be suitable
for the organization’s operations. The organization should
control planned changes and review the consequences of
unintended changes, taking action to mitigate any adverse
effects, as necessary. The organization should ensure
outsourced processes are controlled in accordance with 8.4.

Checklist Questions
1. How are processes needed to meet requirements for the provision of
products and services planned, implemented and controlled?
2. How are requirements for products and services determined?
3. How are the criteria for processes and acceptance for products and
services determined?
4. How are resources determined?
5. How is process control implemented?
6. Show the documented information that shows confidence in that the
processes have been carried out as planned and can demonstrate the
conformity of products and services.
7. How the organization does determine that the output from the planning
process is suitable for its operations?
8. How does the organization control planned changes? How are the
consequences of unintended changes reviewed? What action is taken to
mitigate any adverse effects?
9. How are outsourced processes controlled?

Implementation Guidelines
1. The focus of clause 8.1 is on controls governing the making of product
to meet customer requirements and all the QMS processes that, directly
or indirectly, make this happen. Operation processes may include
customer-related processes (sales and marketing), design and
development, production, shipping, receiving, packaging, measurement
and monitoring of product and processes, etc., whether performed
onsite or off-site.
2. The output of Operation planning may be implemented in many
different ways such as product /project quality plan, drawings, machine
set-up, inspection criteria, process sheets etc. These must be readily
available to those performing these processes.
3. Quality plans should include the processes needed, process sequence
and control parameters, specific resources needed to make, verify and
deliver the product, product acceptance criteria and quality objectives,
product and process monitoring and measurement controls, plans to
control and correct any product or process nonconformities, reference
to support processes, documents needed such as work instructions or
engineering specifications, etc. and details of records to be kept.
4. You must also identify what specific documents are needed for effective
planning, operation and control of production processes. These
documents may include contracts, specifications, orders, product
quality plans, work instructions, a documented procedure etc.,
combined with unwritten practices, procedures and methods.
5. Quality objectives may include defect rates, scrap rates, etc.
Requirements or criteria for the product may include physical
properties, dimensional, functional, etc, and their related
 measurements, tolerances and acceptance levels. In many instances,
depending on the nature of the product, the customer may specify
objectives and requirements and criteria for the product realization
processes as well.
6. Steps to Operation planning may include a)    Create a quality plan for a
product or service to describe how the QMS will be modified and
applied to all operations. Such a plan could include or reference
procedures and records to be maintained and analyzed.b)    Consider
using the product design and development process approach for
designing processes. This is a requirement in the automotive industry.
It has become a best practice demonstrated in many organizations even
though ISO 9001 does not explicitly require adherence to the design
and development requirements for internal process designs. This
enhances both the effectiveness and the efficiency of processes.c)   
Identify key performance measures for both products and processes
and align them with your quality and business objectives.

8.2 Determination of Requirements for

Products  and Services
The Requirement
8.2.1 Customer Communication

The organization must establish the processes for

communicating with customers to provide information relating
to products and services; inquiries, contracts, or order
handling, including changes;  obtaining customer feedback
relating to product and services including customer
complaints; handling or controlling customer property, and
establishing specific requirements for contingency actions,
when relevant.

8.2.2 Determination of Requirements related to Products and Services

The organization must ensure while determining the

requirements for the products and services to be offered to
customers that the product and service requirements
(including those considered necessary by the organization),
and applicable legal requirements, are defined. The
organization must also ensure that it has the ability to meet the
defined requirements and substantiate the claims for the
products and services it offers.

8.2.3 Review of Requirements for Product and services

8.2.3.1 The organization must ensure that it has the ability to

meet the requirements for products and services to be offered to
customers. The organization shall conduct a review before
committing to supply products and services to a customer. The
review should include the requirements specified by the
customer, including the requirements for delivery and post-
delivery activities; requirements not stated by the customer,
but necessary for the specified or intended use, when known,
requirements specified by the organization, statutory and
regulatory requirements applicable to the products and
services, contract or order requirements differing from those
previously expressed. The organization must ensure that
contract or order requirements differing from those previously
defined are resolved.  When the customer does not provide a
documented statement of their requirements, the organization
must confirm them before accepting them.  In some situations,
such as internet sales, when a formal review is impractical for
each order, the review can cover relevant product information,
such as catalogues.

8.2.3.2 The organization should retain documented

information on the results of the review and on any new
requirements for the products and services.

8.2.4 Changes to requirements for products and services

The organization should ensure that relevant documented

information is amended, and those relevant persons are made
aware of the changed requirements. when the requirements for
products and services are changed.

Checklist Questions
1. What are the processes for communicating with customers? How does
the organization communicate information relating to Products,
 Services, Enquiries, Contracts, Order handling, Customer views,
perceptions and complaints, Handling or treatment of customer
property, Specific requirements for contingency actions?
2. What is the process to determine the requirements for products and
services to be offered to potential customers? How this process is
established, implemented and maintained?
3. How does the organization define product and service requirements
including statutory and regulatory requirements?
4. How do you ensure that you have the ability to meet the defined
requirements and substantiate any claims for your products and
services?
5. How the organization does review customer requirements for delivery
and post-delivery?
6. How the organization does review requirements necessary for
customers’ specified or intended use, where known?
7. How the organization does review additional statutory and regulatory
requirements applicable to products and services?
8. How the organization does review any other contract or order
requirements?
9. Show that the review is conducted prior to your commitment to supply
products and services to your customers. How do you resolve contract
or order requirements which differ from those previously defined?
10. How does the organization confirm customer requirements where the
customer does not provide a documented statement?
11. What documented information is retained which describes results of
the review including any new or changed requirements?
12. Show the documented information containing changes to products
and services. How do you ensure that relevant personnel are made
aware of those changes?

Implementation Guidelines
1. This Customer’s communication must include information related to
the products or services, handling inquiries, contracts or orders,
customer feedback, handling and controlling customer property and, if
needed, establishing specific requirements for contingency actions.
Ensure that the customer has a clear written quotation and
 specification relating to the product/ services they want.
Communication with customers needs to ensure is that customer
requirement and other requirements for the product or service are
clearly understood.
2. To avoid customer complaints or dissatisfaction, even for
“requirements” that are not clearly stated (e.g., regulatory requirements
or marketplace norms), the organization should consider a
comprehensive understanding of customer requirements, perhaps even
performing Risk assessment on the processes.
3. Clause 8.2.2 requires the organization to determine the requirements
related to its products and services. This includes: a) Establishing a
process for determining the requirements for the products offered to
potential customers. b) Determining requirements of the customer, For
the organization and from applicable statutes and
regulations.c)Determining that the organization has the ability to meet
the requirements and substantiate claims related to its products and
services
4. It is recommended that you maintain documented information to
describe the process for determination of all aspects of product and
service requirements. The documented information should include both
product requirements specified by the customer and product
requirements not specified by the customer but necessary for intended
or specified use. Also, unique regulatory and statutory requirements
should be considered as well as commercial terms and conditions.
5. The organization must review the requirements of products and
services, which includes:         a) Customer-specific requirements for the
product or service, including any requirements for delivery or post-
delivery actions.b) Requirements are known to be needed by the
organization even though not specified by the customer. c) Applicable
statutory and regulatory requirements applying to the product or
serviced) Requirements of the final contract or order differing from
those previously provided by or discussed with the customer
6. Changes are required to be controlled and documented information
updated to ensure that changes are properly included in documented
information. When changes to product requirements, orders, contracts,
or quotations occur, the organization is required to ensure that relevant
documented information is amended and communicated, as
appropriate, within the organization.
 8.3 Design and Development of Products
and Services
The Requirement
8.3.1 General

The organization should establish, implement, and maintain a

design and development process. such that they are adequate
for subsequent production or service provision.

8.3.2 Design and Development Planning

While planning for design and development, the organization

must consider the following  in determining the stages and
controls for design and development:
1. nature, duration and complexity of the design and
development activities;
2. the required process stages, including applicable design and
development reviews;
3. the required design and development verification and
validation activities; 
4. the responsibilities and authorities involved in the design
and development process;
5. the internal and external resource needs for the design and
development of products and services;
6. the need to control interfaces between persons involved in
the design and development process;
7. the need for involvement of customers and users in the
design and development process;
8. the requirements for the subsequent provision of products
and services; 
9. the level of control expected for the design and development
process by customers and other relevant interested parties;
10. the documented information needed to demonstrate that
design and development requirements have been met
8.3.3 Design and Development Inputs

The organization must determine the requirements essential

for the specific type of products and services being designed
and developed, including, as applicable, functional and
performance requirements; applicable legal requirements;
information derived from previous similar design and
development activities;  standards or codes of practice the
organization has committed to implement;  potential
consequences of failure due to the nature of products and
services;  Ensure inputs are adequate for design and
development purpose, complete, and unambiguous. Resolve
conflicts among Design and Development inputs.

8.3.4 Design and Development Controls

The organization should apply controls to the design and

development process to ensure that results to be achieved by
the design and development activities are clearly defined;
Design and development reviews are conducted as planned;
Verification activities are conducted to ensure that the design
and development outputs have met the design and development
input requirements; Validation activities are conducted to
ensure that the resulting products and services are capable of
meeting the requirements for the specified application or
intended use (when known). The organization must take any
necessary actions on the problems determined during the
reviews, or verification and validation activities. The
organization must maintain any documented information of
these activities. Design and development reviews, verification
and validation have distinct purposes. They can be conducted
separately or in any combination. as is suitable for the
products and services of the organization.

8.3.5 Design and Development Outputs

The organization must ensure that design and development

outputs meet the input requirements for design and
development. They should be adequate for the subsequent
processes for the provision of products and services. They must
include or have a reference of monitoring and measuring
requirements, and acceptance criteria, as applicable. They
must ensure products to be produced, or services to be
provided, are fit for the intended purpose and their safe and
proper use. The organization must retain the documented
information resulting from the design and development
process.

8.3.6 Design and Development Changes

The organization should identify, review and control changes

made (during the design and development of products and
services, or subsequently) to design inputs and design outputs
to the extent that there is no adverse impact on conformity to
requirements. The organization must retain documented
information on design and development changes, the result of
the review, the authorization of changes and action taken to
prevent adverse impact.

Checklist Questions
1. Where detailed requirements of the products and services are not
already established or defined by the customer or other parties, how
does the organization establish, implement and maintain a design and
development process?).
2. When determining the stages and control for design and development,
show how does the organization consider: a) The nature, duration and
complexity of the activities;b) Requirements that specify particular
process stages including applicable reviews;c) Required verification and
validation; d) Responsibilities and authorities;e) How interfaces are
controlled between individuals and parties; f) The need for involvement
of customer and user groups.
3. Show the documented information that confirms design and
development requirements have been met.
4. Can you show me how does the organization determine the
requirements essential for the type of products and services being
designed and developed, including Functional & performance
requirements as applicable?
5. Can you show me how does the organization determine the Statutory &
regulatory requirements;
6. Can you show me how does the organization determine the Standards
or codes of practice where there is a commitment to implement?
7. Can you show me how does the organization determine the Internal and
external resources needed for
8. Can you show me how does the organization determine the design and
development of products and services?
9. Can you show me how does the organization determine the Potential
consequences of failure?
10. Can you show me how does the organization determine the level of
control expected of the design and development process by customers
and other relevant parties?
11. How the organization does determine that inputs are adequate,
complete and unambiguous for design and development? How do you
resolve conflicts among inputs?
12. How do controls that are applied to the design and development
process ensure: a) Results achieved by design and development
activities are clearly defined? b) Design and development reviews are
conducted as planned? c) Outputs meet the input requirements by
verification/ Validation is conducted to ensure that the resulting
products and services are capable of meeting the requirements for the
specified application or intended use when known?
13. How do you ensure that design and development outputs meet the
input requirements for design and development?
14. How do you ensure that design and development outputs are
adequate for the subsequent processes for the provision of products and
services?
15.How do you ensure that design and development outputs include or
reference monitoring and measuring requirements, and acceptance
criteria, as applicable?
16. How do you ensure that design and development outputs ensure
products to be produced, or services to be provided, are fit for the
intended purpose and their safe and proper use?
17.Show me the documented information which results from the design
and development process.
18. How do you review, control and identify changes made to the design
inputs and outputs during design and development of products and
services ensuring no impact on conformity to requirements?
19.  Show me the documented information for design and development
changes.

Implementation Guidelines
1. The scope of your design and development activity must consider all
aspects of the product and product realization processes to ensure its
conformity to requirements. This includes product identification,
handling, packaging, storage and protection during internal processing
and delivery to the customer. This clause is equally applicable for
designing and developing manufacturing processes. It is required to
include the following: a) Planning to determine design stages
considering activities such as verification and validation, control of
design interfaces, design review, resources needed for design and
development, customer involvement, and the documented information
needed to confirm that input requirement are met.b) Determination of
the design and development inputs required, including such things as
functional requirements, regulatory and statutory requirements,
applicable standards or codes, information from earlier projects, and
potential consequences of failure. Conflicting requirements are required
to be resolved.c) Design and development controls, including clear
delineation of the results to be achieved, planning and conducting
design and development reviews and verification activities to ensure
design outputs meet input requirements, and validation to ensure the
products and services meet the requirement for the application
intended.d) Design and development outputs are required to meet
input requirements, to be adequate for subsequent processes in the
provision of the product or service, and to ensure the products and
services are fit for their intended purpose.e)Design and development
changes are required to be identified, reviewed, and controlled. This
includes changes to design inputs or outputs. Controls are required to
ensure that changes do not have an impact on the products and service
conformity.f)The organization is required to retain documented
information resulting from the design and development process,
including design and development changes.
2. D& D Requirements need to be established review, verification, and
validation into the D & D project. The organization needs to
determine how communications will be structured e.g., weekly
meetings, periodic reports, or other methods.
3. One must take a multi-disciplinary approach that includes as needed,
other functions (besides design) such as quality, engineering,
purchasing, sales, tooling, production, etc. Your plan must clearly
identify these other functions and their specific role and responsibilities
regarding the project. Consider including customer and supplier
personnel at appropriate stages to do work and review results or
progress
4. D& D plan must specify the D & D stages, activities and tasks,
responsibilities, timeline and resources, specific tests, validations, and
reviews, and outcomes. There are many tools available for planning
ranging from a simple checklist to complex software. The degree and
details of planning may vary according to size and length of contract or
project, complexity, risk, product life, customer and regulatory
requirements, past experience with a similar product, etc.
5. D & D plan must be dynamic and updated as requirements and
circumstances change. The organization must track progress against the
D & D plan at regular intervals or project milestones and update the
plan as the activity progresses. It must include methods to
communicate information, responsibilities, results, discussions, reviews
and resources.
6. You must also identify what specific documents are needed for effective
planning, operation and control of production activities These
documents may include contracts, technical drawings and
specifications, a documented plan for design and development, work
instructions, a documented procedure etc., combined with unwritten
practices, procedures and methods.
7. The design and development project plan serves as both a document
and a record as it is updated for completion for various activities.
8. There must be a process that should be part of D & D plan to identify,
document, review, deploy and use design input information such as
documents coming from various sources such as customer contracts,
drawings and specifications, organization’s database of previous design
and development projects, competitor analysis, industry standards,
feedback from suppliers, field data.
9. The organization must identify and include any special and safety
characteristics in the process control documents such as quality plans,
product drawings, operator instructions and other documents used to
make or verify the product.
10. You must review all input requirements, review design and
development progress, verify product design and validate developed
product at various stages of your design and development process. The
nature, frequency and scope of these controls must be defined in your
design and development plan or other documents. You must carry out
these controls according to your plan and keep appropriate records.
11. Do design reviews at one or more milestones of the design and
development project, depending on customer requirements, the size,
complexity and risks involved. The purpose of these reviews is to
evaluate results to requirements, check project progress and costs to
plan and take actions on any problems encountered.
12. There must be a multi-disciplinary approach for doing these reviews
and keep appropriate records of issues discussed, actions to be taken,
responsibilities and timeline for completion. All design and
development reviews must be included in your design and development
plan.
13. Product design Verification includes design reviews, comparing the
new design to a similar proven design if available, performing alternate
calculations, performing tests and simulations, reviewing the design
documents before release, etc.
14. Manufacturing process design verification include design review,
process capability studies, testing various process parameters,
performing tests and trials, reviewing the manufacturing process design
documents before release, etc.
15.Verification is checking product or process to input requirements,
whereas validation is checking product or process is suitable for its
intended use does it perform/function in the way intended by your
customer or your organization. Product and manufacturing process
validation includes – design reviews, comparison between customer
requirements and internal development plans, design and development
validation against customer requirements and design and development
input requirements, corrective action and lessons learned from
documented process failures and product nonconformities.
16. Any problem you have encountered during the verification and
validation or identified during review must be resolved.
17.Design and development output may be product or documentation or
both. Product may be a prototype or finished product and
documentation could be a computerized or hard copy drawing or
 specification. Check design and development output against the input
requirements, before you use it any further.
18. Many documents are created from the design and development
output stage such as drawings, quality plans, work instructions, etc.
Where any sophisticated design and development tools such as
AutoCAD are used requiring specific competency or training, ensure
you provide and keep appropriate records of competency and training
of personnel performing design and development activities and use of
these tools.
19. Provide appropriate design and development output information to:
a) Purchasing material or service specifications. b) Production output
such as product specifications, special characteristics, drawings,
diagnostics, etc.c) Service output such as product specifications;
performance reliability and maintenance criteria.
20. D & D Changes may come from an internal, customer or regulatory
sources. Get all requests for product or manufacturing process design
changes in writing from your customer. Impact of the change must be
evaluated on materials used, design process, manufacturing process,
characteristics and use of the developed product, regulatory
compliance, cost etc.
21. Make sure your process for design and development changes follow
appropriate steps ie define the plan, have inputs and outputs, verify and
validate to the extent necessary to meet customer requirements and
control product, quality and business risks.
22. Documented information on design and development changes, the
result of the review, the authorization of changes and action taken to
prevent adverse impact must be maintained.

8.4 Control of Externally Provided

Products and Services
The Requirement
8.4.1 General

The organization must ensure that externally provided

processes, products, and services conform to specified
requirements. The organization must apply the specified
requirements for control of externally provided products and
services when products and services are provided by external
providers for incorporation into organization’s own products
and services; products and services are provided directly to the
customer by external providers on behalf of the
organization;  a process or part of a process is provided by an
external provider as a result of a decision by the organization
to outsource a process or function. The organization must
determine and apply criteria for evaluation, selection,
monitoring of performance, and re-evaluation of external
providers based on their ability to provide processes or
products and services in accordance with specified
requirements. The organization must retain appropriate
documented information of the above-mentioned activities and
any necessary action arising out of the evaluation.

8.4.2 Type and Extent of Control

The organization should ensure that externally provided

processes, products and services do not adversely affect the
organization’s ability to consistently deliver conforming
products and services to its customers. The organization should
ensure that externally provided processes remain within the
control of its quality management system. It should define both
the controls that it intends to apply to an external provider and
those it intends to apply to the resulting output.  In
determining type and extent of controls to be applied to the
external provision of processes, products and services, the
organization must consider the potential impact of the
externally provided processes, products, and services on the
organization’s ability to consistently meet customer and
applicable legal requirements and effectiveness of the controls
applied by the external provider. The organization must
establish and implement verification or other activities
necessary to ensure the externally provided processes,
products, and services meet the requirements. 

8.4.3 Information on External Providers

The organization must ensure the adequacy of specified

requirements prior to their communication to external
providers. The organization should communicate to external
providers applicable requirements for the following:
1. products and services to be provided or the processes to be
performed on behalf of the organization;
2. approval or release of products and services, methods,
processes or equipment;
3. competence of personnel, including necessary qualification;
4. their interactions with the organization’s quality
management system;
5. control and monitoring of the external provider’s
performance to be applied by the organization;
6. verification activities that the organization, or its customer,
intends to perform at the external provider’s premises.

Checklist Questions
1. How does the organization ensure externally provided processes,
products and services conform to specified requirements?
2. Show how the organization applies specified requirements for the
control of externally provided products and services when: a) Products
and services are provided by external providers for incorporation into
products and services;b) Products and services directly to customers by
external providers on your behalf;c) A process or part-process is
provided by an external provider as a result of a decision to outsource a
process or function.
3. Show how does the organization establishes and apply criteria for
evaluation, selection, monitoring of performance and re-evaluation of
external providers. How do you assess their ability to provide processes
or products and services in accordance with specified requirements?
4. What documented information is available as results of evaluations,
monitoring of performance and reevaluations of external providers?
5. How does the organization determine the controls applied to the
external provision of processes, products and services and take into
consideration? a) The potential impact of the externally provided
processes, products and services on the ability to consistently meet
customer and applicable statutory and regulatory requirements? b) The
perceived effectiveness of the controls applied by the external provider?
6. What verification or other activities does the organization have to
ensure externally provided processes, products and services do not
adversely affect its ability to consistently deliver conforming products
and services to customers?
7. When processes or functions have been outsourced to external
providers, how do you define the controls intended to be applied to the
external provider and to the resulting process output?
8. Show how the organization communicates to external providers,
applicable requirements for: a) Products and services to be provided or
the processes to be performed on behalf of the organization;b) Approval
or release of products and services, methods, processes or equipment;c)
Competence of personnel, including necessary qualification; d) Their
interactions with the organization’s quality management system;e) The
control and monitoring of the external provider’s performance to be
applied by the organization;f) Verification activities that the
organization, or its customer, intends to perform at the external
provider’s premises.
9. Before you communicate with external providers, how do you ensure
the adequacy of specified requirements?

Implementation Guidelines
1. Externally provided processes, products and services include
purchasing from a supplier, an arrangement with an associate company
and outsourcing processes to an external provider. The organization
can apply risk-based thinking to determine the type and extent of
controls appropriate to particular external providers and externally
provided processes, products and services;
2. You must have specifications/criteria for the purchased product. These
specifications may come from your organization, customer, regulatory
bodies, supplier or industry. The purchased product may include
materials, production equipment, tooling, measuring and test
equipment, facilities, transport vehicles, returnable packaging,
intellectual property (drawings, specifications or proprietary
information), product returned for servicing under warranty, product
sent for outsourced work etc.
3. Many times the customer may require the use of pre-approved
purchased products and suppliers. The onus is still on you to ensure
 that purchased product from customer-designated sources meets all
requirements.
4. You must control both, the product you buy, as well as the supplier you
buy from. Your controls must primarily be based on prevention of
nonconformities in both product and supplier performance.
5. Based on how important the purchased product is to design,
manufacture, assemble and maintain your end product, categorize your
purchased products and services accordingly. Then determine what
controls you need to ensure consistent purchased product quality and
consistent supplier performance. You can then apply different controls
for different purchased products. These controls must be included or
referenced in your quality or inspection plans.
6. There are several ways to evaluate your suppliers. Besides product
quality, your criteria for supplier selection and evaluation may include
the potential supplier’s financial capability, technical and
manufacturing capability and capacity, reliability, reputation, flexibility
to handle changes, support, service, cost etc.
7. You must maintain a list of all qualified suppliers. In addition to the
initial evaluation and approval of suppliers, you are required to carry
out ongoing monitoring and measurement of their performance.
8. You must identify your purchasing processes whether on-site or off-site.
9. Use supplier monitoring indicators to evaluate the consistency,
capability and reliability of their performance for quality, On-time
delivery, support, etc. On-time delivery is very important and
disruptions (due to waiting for materials) at your customers or even
your own facility must be avoided.
10. For each process, you must document the controls for purchased
product and suppliers. You must also show the linkage and interaction
of purchasing processes with other processes such as design,
manufacturing, tooling maintenance, calibration.
11. You must keep records of all supplier evaluations (whether initial or
periodic), including any corrective actions placed on them for any
nonconformities. You must identify and document all processes
addressing this clause as part of your QMS. For these processes, you
must also identify what specific documents, controls and resources are
needed. You could use a documented procedure or other combination
of specific practices, procedures, documents and methods.
12. Consider using supplier quality plans, inspection plans, etc., to verify
that purchased product meets specified purchase (product and QMS)
requirements. Your inspection process must define and document the
acceptance criteria and sampling plan for product conformity and what
measurement tools needed and records needed to show effective
control of purchased product quality and supplier performance.
13. Where any of your controlled suppliers have gone through a
significant organizational change you must verify the continuity and
effectiveness of their QMS.
14. Your purchase documents such as purchase order, contract, blanket
order, your organization’s supplier quality manual, etc. must specify
your requirements for the purchased product, the suppliers QMS and
any other initial or on-going controls you deem necessary for ensuring
consistent supplier performance.
15.You must define how you ensure the adequacy of these documents
before you communicate them to your supplier. A review of the
adequacy of purchasing documents may include their completeness,
accuracy, correctness, quantity, timing, cost, approval, etc.,
16. You must show evidence of carrying out (issue purchase documents)
and review of these documents.
17.An outsourced process is any value-adding or conversion activity
related to your product or service, that is performed by an external
organization such as a subcontractor, sister facility, etc.
18. You must be able to demonstrate sufficient controls over outsourced
processes to ensure that such processes are performed according to the
relevant requirements of ISO 9001:20015
19. Outsourced processes may be controlled in any number of ways, e.g.,
providing the vendor with product specifications, supplier quality
manual that they must meet, asking for inspection and test results or
certificates of compliance, validation of outsourced process, conducting
product and QMS audits of the vendor; etc.

CLAUSE 8.5 Production and Service

Provision
8.5.1 Control of Production and Service
The Requirement
The organization should implement production and service
provision under controlled conditions. Include these controlled
conditions, as applicable:
1. availability of documented information that defines
characteristics of products and services.
2. availability of documented information that defines
activities to be performed and results to be achieved.
3. availability and use of suitable monitoring and measuring
resources
4. implementation of monitoring and measurement activities
at appropriate stages to verify that criteria for control of
processes and process outputs, and acceptance criteria for
products and services, have been met.
5. use and control of suitable infrastructure and process
environment for operation of the process.
6. appointment of a competent person and, where applicable,
required qualification of persons;
7. validation, and periodic revalidation, of ability to achieve
planned results of any process for production and service
provision where the resulting output cannot be verified by
subsequent monitoring or measurement.
8. implementation of products and services release, delivery,
and post-delivery activities.

Checklist Questions
1. How the organization does implement the production and service
provision under controlled conditions?
2. Can you show the availability of any documented information that
defines the characteristics of the product, services or activities to be
performed and the results to be achieved?
3. Can you show controlled condition for monitoring and measurement
activities at appropriate stages to verify that criteria for control of
processes and process outputs, and acceptance criteria for products and
services, have been met?
4. Can you show controlled condition for the use, and control of suitable
infrastructure and process environment?
5. Can you show controlled condition for the availability and use of
suitable monitoring and measuring resources?
6. Can you show controlled condition for the competence and, where
applicable, required qualification of persons?
7. Can you show controlled condition for the validation, and periodic
revalidation, of the ability to achieve planned results of any process for
production and service provision where the resulting output cannot be
verified by subsequent monitoring or measurement?
8. Can you show controlled condition for the implementation of products
and services release, delivery and post-delivery activities?

Implementation Guidelines
1. To improve your QMS, it will be very useful to draw a flow chart to link
the flow and interaction of the activities and sub-processes.
2. Use your product, project or contract quality plan to control your
operational activities. Quality plans address what has to be made, how
much has to be made, when it has to be made, by whom, in what
sequence, how it has to be made, what equipment to use, what
measurement and monitoring tools to use, what to inspect, when to
inspect, how much to inspect, what to do if problems arise, etc. Your
quality plan must cover all operation process steps from receipt of
materials, production, packaging, storage, delivery and even post-
delivery activities such as installation or training.
3. Schedule your operations taking into consideration customer delivery
requirements, production capacity and capability, material availability
and usage, personnel availability and usage; storage; etc. Carefully
define and document the interaction of your operation scheduling
process with your logistics processes such as inventory management,
customer communication, traffic and shipping control, packaging and
labelling, sales and billing.
4. Your quality plans are dynamic and must be updated for the changes in
product specifications or process parameters; resources used;
monitoring or measurement requirements, etc. Your quality plans
should reference any work instructions specified for the process steps.
5. Work instructions may exist in many forms such as narrative, graphical,
audio, video, physical display etc.If any work instructions are needed at
specific points in your process, then they must be readily available and
relevant i.e. current or right version.
6. You must also identify what specific documents are needed for effective
planning, operation and control of production activities. These
documents may include – a product quality plan; work instructions;
documented procedure; etc., combined with unwritten practices,
procedures and methods.
7. Validation is usually required where the product cannot be verified
without damaging or destroying the product, e.g. some types of
welding, heat treatment, painting, electroplating, rust-proofing, etc.
Validation involves conducting capability studies using a combination
of resources technology, equipment, materials, environment, competent
personnel, and production and testing methods that consistently result
in a quality product or service. Validation requires customer or
regulatory approval of the process.
8. You must keep appropriate records of process validation showing both
the achievement of planned results as well as the ongoing maintenance
of such capability. It is up to each organization to determine what
combination of resources and methods will provide the required
consistent process capability and quality of product or service. Include
as appropriate, these validation controls in your quality plans.
9. If you change any part of the proven process capability for e.g.
materials, equipment or personnel, etc., you must revalidate i.e re-
prove the changed process.

8.5.2 Identification and Traceability

The Requirement
The organization should use suitable means to identify
“process outputs” where necessary to ensure conformity of
products and services. The organization should identify the
status of “process outputs” with respect to monitoring and
measurement requirements throughout production and service
provision. The organization should control the unique
identification of “process outputs” where traceability is a
requirement. It should retain any documented information
necessary to maintain traceability. “Process outputs” are
results of any activities which are ready for delivery to the
customer or to an internal customer (e.g., the receiver of inputs
to next process). “Process outputs” can include products,
services, intermediate parts, components, etc.

Checklist Questions
1. What suitable means is used by the organization to identify output
when it is necessary to ensure the conformity of products and services?
2. How is the status of outputs with respect to monitoring and measuring
requirements throughout the production and service provision being
identified by the organization?
3. How does the organization control the unique identification of the
outputs when traceability is a requirement?
4. Shot the documented information necessary to enable traceability,
when traceability is a requirement?

Implementation Guidelines
1. Product status: It means knowing the quality status (good or bad) of
materials and product through each of the above stages. Product status
can be controlled using physical and electronic methods.
2. Product identification: It means knowing the identity of yours or
customer supplied product from incoming receipt of materials, raw
material storage, use in production, work in progress, finished product
storage, and delivery of the product to the customer. Product
identification can be controlled using physical and electronic methods.
3. Unique Product Identification: This usually involves keeping
detailed records of product manufacturer such as material, equipment,
personnel, processes, production, inspection and test details, etc., for
individual products or production batches. These records help to
troubleshoot product and process problems, resolve customer
complaints, and enables continual improvement of product and
process. Depending on the product, the OEM may specify the degree of
unique identification and traceability required.
4. Specific Documented information may be included in your Operation
processes through your product quality plans, work instructions and
other specific documentation. Examples of product identification and
 test status include physical tags, barcode labels linked to computer
records; MRP systems tracking specific production runs/lots,
automated production transfer processes, etc.
5. Process outputs are the results of any activities which are ready for
delivery to the organization’s customer or to an internal customer (e.g.
receiver of the inputs to the next process); they can include products,
services, intermediate parts, components, etc

8.5.3 Property Belonging to Customers or External

Providers
The Requirement
The organization should exercise care with property belonging
to customers or external providers while under the
organization’s control or being used by the organization. The
organization should identify, verify, protect, and safeguard the
customer’s or external provider’s property provided for use or
incorporation into products and services. It should report to
the customer or external provider when their property is
incorrectly used, lost, damaged, or otherwise found to be
unsuitable for use. Customer property can include material,
components, tools and equipment, customer premises,
intellectual property, and personal data.

Checklist Questions
1. What care does the organization provide for customer or external
provider’s property while under its control?
2. How does the organization identify, verify, protect and safeguard the
customer property which is provided for use or incorporation into
products or services?
3. What means does the organization use to report to the customer or
external provider if their property is incorrectly used, lost, damaged or
found to be unsuitable for use?

Implementation Guidelines
1. Customer or External provider property may include material,
production equipment, tooling, measuring and test equipment,
facilities, transport vehicles, returnable packaging, intellectual property
such as drawings, specifications or proprietary information, product
returned for servicing under warranty, product sent for outsourced
work, etc.
2. All customer property is exposed to the risk of being damaged, lost,
misused, misplaced, stolen, become unsuitable or obsolete for use.
Notify the customer/ External provider in writing if their property is
lost, damaged or otherwise found to be unsuitable such as perishable
past its shelf life for use
3. Control to minimize the risks to customer/External provider property
include inventory management, preservation and storage,
identification, status and traceability indicators, maintenance,
notification, traffic flow, authorized use, restricted access, etc.

8.5.4 Preservation
The Requirement
The organization should ensure the preservation of “process
outputs” during production and service provision, to the extent
necessary to maintain conformity to
requirements. Preservation can include identification,
handling, packaging, storage, transmission or transportation,
and protection.

Checklist Questions
1. How the organization does ensure the preservation of process outputs
during production and service provision to maintain conformity to
product requirements?

Implementation Guidelines
1. Preservation can include identification, handling, packaging, storage,
transmission or transportation, and protection.
2. All raw materials, work in progress, finished product, supplies,
customer provided materials or product, product sent for outsourced
work, etc., are subject to the risk of being damaged, lost, misused,
 misplaced, stolen, become unsuitable, perishable or obsolete i.e. past
shelf life for use.
3. These could be controlled using identification, status and traceability
indicators, inventory cycle counts and condition evaluation, stock
rotation methods such as FIFO, just in time, tracking shelf life, special,
controls for restricted access, handling and storage of hazardous
materials, climate and environment, maintenance procedures,
barcodes, training, use of special equipment for handling, condition
reports, etc.
4. Documented information may be included in your product realization
processes through your product quality plans, work instructions and
other specific documentation.

8.5.5 Post-Delivery Activities

The Requirement
The organization should meet requirements, as applicable, for
post-delivery activities associated with products and services.
In determining the extent of post-delivery activities that are
required the organization should consider risks associated
with products and services; Customer feedback; legal
requirements; nature, use, and intended lifetime of products
and services; Post-delivery activities can include actions under
warranty provisions, contractual obligations (such as
maintenance services) and supplementary services (such as
recycling or final disposal)

Checklist Questions
1. How does the organization meet requirements for post-delivery
activities associated with products and services?
2. When determining the extent of post-delivery activities required with
products and services, How does the organization determine the risk,
customer feedback and Nature, use and intended lifetime?

Implementation Guidelines
1. Post-delivery activities can include actions under warranty provisions,
contractual obligations such as maintenance services, and
supplementary services such as recycling or final disposal.
2. Post Delivery activities mean based on customer agreement or other
agreement, the organization may be responsible for providing support
for their product or services after delivery. This could include technical
support, routine maintenance or total recall, recycling, reusable
packaging, returnable containers, etc.
3. The extent of post-delivery activity will depend on statutory and
regulatory requirements, the potential undesired consequences
associated with its products and services, the nature, use and intended
lifetime of its products and services, customer requirements and
customer feedback.

8.5.6 Control of Changes

The Requirement
The organization should review and control changes for
production or service provision to the extent necessary to
ensure continuing conformity with requirements. The
organization should retain documented information describing
the results of a review of changes, personnel authorizing the
change, and any necessary actions arising from the review.

Checklist Questions
1. How does the organization review and control unplanned changes to
ensure continuing conformity with specified requirements?
2. What documented information does the organization has which
describes the results of reviews of changes, the personnel authorizing
change and any necessary actions?

Implementation Guidelines
1. Changes, in general, create instability and a robust change management
process is critical to ensure changes are fully reviewed, approved,
communicated, understood and validated when they are implemented.
Records describing results of the review of changes, personnel
 authorizing the change, and any necessary actions arising from the
review have to be maintained.
2. The organization is required to review and control changes for all of the
previously discussed “production and service provision” topics
including 8.5.1 Control of production and service provision (all of the
controls established in the first place), 8.5.2 Identification and
traceability, 8.5.3 Property belonging to customers or external
providers, 8.5.4 Preservation and 8.5.5 Post-delivery activities.

8.6 Release of Products and Services

The Requirement
The organization should implement planned arrangements at
appropriate stages to verify product and service requirements
have been met. Retain evidence of conformity with acceptance
criteria. The release products and services to the customer
should not proceed until the planned arrangements for
verification of conformity have been satisfactorily completed
unless otherwise approved by a relevant authority and, as
applicable, by customer.  The organization should retain
documented information for traceability to the person(s)
authorizing the release of products and services for delivery to
the customer. The organization should also retain documented
information for evidence of conformity with the acceptance
criteria. 

Checklist Questions
1. Show how planned arrangements have been implemented at
appropriate stages to verify product and service requirements have
been met. Show what evidence the organization retains.
2. Show how the release of products and services is held until planned
arrangements for verification of conformity have been satisfactorily
completed unless approved by a relevant authority, or the customer if
applicable.
3. Show documented information which shows traceability to the person
authorizing the release of products and services.
Implementation Guidelines
1. Before you release your product to your customer, You must plan what
characteristic(s) to measure, type of measurements, what measurement
device to use, how often to measure, sample size, acceptance criteria,
and records needed for each product or product type. Use your quality
plan to document these controls. Where practical, consider completing
all missed planned inspections and measurements before product
delivery.
2. If you plan on releasing during any stage of production or shipping
finished product, where all planned inspections and measurements to
that stage have not been completed, ensure that you obtain prior
written approval/waiver from a relevant internal authority or the
customer.
3. You must identify and document all product realization processes e.g.
receiving, production, shipping, etc. For such processes, you must also
identify what specific documents are needed for effective planning,
operation and control.
4. You could use a product quality plan, any documented information or
other combination of specific practices, procedures and methods.

8.7 Control of Nonconforming Process

Outputs, Products, and Service
The Requirement
8.7.1 

The organization should ensure process outputs, products, and

services that do not conform to requirements are identified and
controlled to prevent unintended use or delivery. The
organization should take appropriate action based on the
nature of nonconformity and its impact on the conformity of
products and services. This is applicable also to nonconforming
products and services detected after delivery of products
during or after the provision of service. The organization
should deal with nonconforming outputs in one or more of
these ways:
 correction;
 segregation, containment, return, or suspension of the
provision of products and services;
 informing  the customer;
 obtaining authorization for acceptance under concession. 

The organization should verify conformity to requirements

when nonconforming process outputs, products, and services
are corrected.

8.7.2

The organization should retain documented information that

describes the nonconformity, action taken,  concessions
obtained, identifies the person or authority that made the
decision regarding dealing with nonconformity.

Checklist Questions
1. How the organization does identify and controls process outputs,
products and services that do not conform to requirements and prevent
their unintended use or delivery?
2. What appropriate corrective actions are taken based on the nature of
the nonconformity and its impact on the conformity of products and
services? How the organization does apply this to nonconformity
detected after delivery?
3. How the organization deals with nonconforming process outputs,
products and services in terms of:

a) Correction;b) Segregation, containment, return or suspension of the

provision of products and services? c)  Informing the customer? d)
Obtaining an authorization for use as-is? e) Release, continuation or re-
provision of the products and service? f) Acceptance under concession?
1. How the organization does verify conformance where process outputs,
products and services are corrected following nonconformance?
2. What documented information is kept following actions taken to
address nonconformities, including any concessions obtained and on
the person or authority that made the decision regarding dealing with
the nonconformance?
Implementation Guidelines
1. This is applicable to processes, products and services that do not
conform to customer requirements, applicable regulatory requirements
or your own organization requirements. Nonconformities may relate to
suppliers and outsourced work, organizational activities or product
shipped to customers.
2. The organization must have controls and responsibilities to identify,
contain i.e. prevent further processing or use, keep records of the
nature and other details of the nonconformity, notify appropriate
personnel and customer, where appropriate, evaluate what disposition
action needs to be taken, carry out timely disposition, determine
policies for release for further processing or shipment to the customer,
obtain customer concessions, rework and re-verification, establish
performance indicators to measure the effectiveness of the control of
nonconformance process, etc.
3. Product or material found with no identification or its quality status is
not known, should be treated as a nonconforming product and
controlled as mentioned above.
4. If you find that nonconforming product has been shipped, without a
customer concession, you must take appropriate action to reduce the
immediate and consequential effect of the nonconformity.
5. Depending upon the seriousness and scope of the nonconformity, you
might consider taking action to eliminate the nonconformity as well as
a corrective action to eliminate the root causes of the nonconformity.
6. It might be appropriate in specific circumstances to notify the customer
and resolve the situation to your customer’s satisfaction.
7. You need to be aware of any reporting requirements imposed by
regulatory bodies and comply with them.
8. All product realization processes must show the interaction with your
process for nonconforming product.
9. A concession authorization allows you to ship nonconforming product,
under controlled conditions.
10. A deviation authorization allows you to manufacture product different
from the original specification, under controlled conditions.
11. In both these situations, make sure that you obtain these authorizations
in writing prior to shipping or manufacturing a nonconforming
product.

Documented Information if applicable

1. Process Quality plan
2. Production plan and status
3. Contract Review Checklist
4. Risk Assessment – Business Enquiry
5. verbal order Register
6. Input Adequacy Report
7. Design Data Input Sheet
8. Design and Development plan
9. Design change record
10. Design Review Record
11. Design verification record.
12. Design validation record
13. Design output record
14. Approved Supplier List
15.Supplier Corrective Action Request (SCAR) Log
16. Supplier performance report
17.Supplier & Subcontractor Assessment Form
18. Purchase order
19. Receipt Inspection Report
20. Daily Production & Inspection Record
21. Breakdown Maintenance Report
22. Preventive Maintenance Chart
23. Tags
24. List Of Customer Drawing
25. List Of Customer Supplied Items
26. Stock Register
27. Sample Maintenance agreement
28. Pre Dispatch Inspection Report
29. Nonconforming Part Disposition
30. Nonconforming Service Report
31. Out of tolerance impact study